- OP-TEE - lists.trustedfirmware.org

Linaro OP-TEE Contribution, LOC, monthly meeting August 22

by Jens Wiklander

Hi, Time flies, on Tuesday, August 22 it's for another LOC monthly meeting. For time and connection details see the calendar at https://www.trustedfirmware.org/meetings/ I'm happy to report that the Xen patches needed to run OP-TEE with FF-A have just been merged [1] and will be included in the next Xen release. With this, we may need to focus more on for how long we may hog the CPU with non-secure interrupts masked. [1] https://patchew.org/Xen/20230731121536.934239-1-jens.wiklander@linaro.org/#… Any other topics? Thanks, Jens

2 years, 4 months

1
0
0 0

Run OP-TEE on Morello kernel issue

by Menna Mahmoud

Hi All, I have an issue with running OP-TEE on the Morello kernel, I posted it here: https://github.com/OP-TEE/optee_os/issues/6244 Can anyone help me? Thanks in advance, Menna

2 years, 4 months

1
0
0 0

tpm2 device fail on u-boot

by Ruth Glushkin

Hi, I have u-boot based on u-boot 2021.04 I have configuration with fTPM of Microsoft enabled. I have a EVB board with Nuvoton chip. OPTee-OS is based on latest 3.22 upstream version with Nuvoton npcm platform configuration. If I take OPTee-OS without reading HUK from our PCR0 field from non-secured memory, the command works fine. If I add reading HUK, the command fails. Here is the error log: - U-Boot>tpm2 device optee optee: OP-TEE: revision 3.22 (a012b992) I/TC: Reserved shared memory is enabled I/TC: Dynamic shared memory is enabled I/TC: Normal World virtualization support is disabled I/TC: Asynchronous notifications are disabled E/TC:0 0 std_entry_with_parg:235 Bad arg address 0x7fce2000 Couldn't set TPM 0 (rc = 1) - All other commands of tpm2 that are not connected to fTPM works OK. After loading Linux, xtest works OK. Could you please help me? Thank you in advance, Margarita Glushkin

2 years, 4 months

2
2
0 0

[PATCH v7 0/5] introduce tee-based EFI Runtime Variable Service

by Masahisa Kojima

This series introduces the tee based EFI Runtime Variable Service. The eMMC device is typically owned by the non-secure world(linux in this case). There is an existing solution utilizing eMMC RPMB partition for EFI Variables, it is implemented by interacting with OP-TEE, StandaloneMM(as EFI Variable Service Pseudo TA), eMMC driver and tee-supplicant. The last piece is the tee-based variable access driver to interact with OP-TEE and StandaloneMM. Changelog: v6 -> v7 Patch #1-#4 are not updated. Patch #5 is added into this series, original patch is here: https://lore.kernel.org/all/20230609094532.562934-1-ilias.apalodimas@linaro… There are two issues in the v6 series and v7 series addresses those. 1) efivar ops is not restored when the tee-supplicant daemon terminates. -> As the following patch says, user must remove the device before terminating tee-supplicant daemon. https://lore.kernel.org/all/20230728134832.326467-1-sumit.garg@linaro.org/ 2) cause panic when someone remounts the efivarfs as RW even if SetVariable is not supported -> The fifth patch addresses this issue. "[PATCH v7 5/5] efivarfs: force RO when remounting if SetVariable is not supported" Changelog: v5 -> v6 - new patch #4 is added in this series, #1-#3 patches are unchanged. automatically update super block flag when the efivarops support SetVariable runtime service, so that user does not need to manually remount the efivarfs as RW. v4 -> v5 - rebase to efi-next based on v6.4-rc1 - set generic_ops.query_variable_info, it works as expected as follows. $ df -h /sys/firmware/efi/efivars/ Filesystem Size Used Avail Use% Mounted on efivarfs 16K 1.3K 15K 8% /sys/firmware/efi/efivars v3 -> v4: - replace the reference from EDK2 to PI Specification - remove EDK2 source code reference comments - prepare nonblocking variant of set_variable, it just returns EFI_UNSUPPORTED - remove redundant buffer size check - argument name change in mm_communicate - function interface changes in setup_mm_hdr to remove (void **) cast v2 -> v3: - add CONFIG_EFI dependency to TEE_STMM_EFI - add missing return code check for tee_client_invoke_func() - directly call efivars_register/unregister from tee_stmm_efi.c rfc v1 -> v2: - split patch into three patches, one for drivers/tee, one for include/linux/efi.h, and one for the driver/firmware/efi/stmm - context/session management into probe() and remove() same as other tee client driver - StMM variable driver is moved from driver/tee/optee to driver/firmware/efi - use "tee" prefix instead of "optee" in driver/firmware/efi/stmm/tee_stmm_efi.c, this file does not contain op-tee specific code, abstracted by tee layer and StMM variable driver will work on other tee implementation. - PTA_STMM_CMD_COMMUNICATE -> PTA_STMM_CMD_COMMUNICATE - implement query_variable_store() but currently not used - no use of TEEC_SUCCESS, it is defined in driver/tee/optee/optee_private.h. Other tee client drivers use 0 instead of using TEEC_SUCCESS - remove TEEC_ERROR_EXCESS_DATA status, it is referred just to output error message Ilias Apalodimas (1): efivarfs: force RO when remounting if SetVariable is not supported Masahisa Kojima (4): efi: expose efivar generic ops register function efi: Add EFI_ACCESS_DENIED status code efi: Add tee-based EFI variable driver efivarfs: automatically update super block flag drivers/firmware/efi/Kconfig | 15 + drivers/firmware/efi/Makefile | 1 + drivers/firmware/efi/efi.c | 18 + drivers/firmware/efi/stmm/mm_communication.h | 236 +++++++ drivers/firmware/efi/stmm/tee_stmm_efi.c | 638 +++++++++++++++++++ drivers/firmware/efi/vars.c | 8 + fs/efivarfs/super.c | 45 ++ include/linux/efi.h | 12 + 8 files changed, 973 insertions(+) create mode 100644 drivers/firmware/efi/stmm/mm_communication.h create mode 100644 drivers/firmware/efi/stmm/tee_stmm_efi.c base-commit: 2e28a798c3092ea42b968fa16ac835969d124898 -- 2.30.2

2 years, 5 months

5
12
0 0

[PATCH v6 0/4] introduce tee-based EFI Runtime Variable Service

by Masahisa Kojima

This series introduces the tee based EFI Runtime Variable Service. The eMMC device is typically owned by the non-secure world(linux in this case). There is an existing solution utilizing eMMC RPMB partition for EFI Variables, it is implemented by interacting with OP-TEE, StandaloneMM(as EFI Variable Service Pseudo TA), eMMC driver and tee-supplicant. The last piece is the tee-based variable access driver to interact with OP-TEE and StandaloneMM. Changelog: v5 -> v6 - new patch #4 is added in this series, #1-#3 patches are unchanged. automatically update super block flag when the efivarops support SetVariable runtime service, so that user does not need to manually remount the efivarfs as RW. v4 -> v5 - rebase to efi-next based on v6.4-rc1 - set generic_ops.query_variable_info, it works as expected as follows. $ df -h /sys/firmware/efi/efivars/ Filesystem Size Used Avail Use% Mounted on efivarfs 16K 1.3K 15K 8% /sys/firmware/efi/efivars v3 -> v4: - replace the reference from EDK2 to PI Specification - remove EDK2 source code reference comments - prepare nonblocking variant of set_variable, it just returns EFI_UNSUPPORTED - remove redundant buffer size check - argument name change in mm_communicate - function interface changes in setup_mm_hdr to remove (void **) cast v2 -> v3: - add CONFIG_EFI dependency to TEE_STMM_EFI - add missing return code check for tee_client_invoke_func() - directly call efivars_register/unregister from tee_stmm_efi.c rfc v1 -> v2: - split patch into three patches, one for drivers/tee, one for include/linux/efi.h, and one for the driver/firmware/efi/stmm - context/session management into probe() and remove() same as other tee client driver - StMM variable driver is moved from driver/tee/optee to driver/firmware/efi - use "tee" prefix instead of "optee" in driver/firmware/efi/stmm/tee_stmm_efi.c, this file does not contain op-tee specific code, abstracted by tee layer and StMM variable driver will work on other tee implementation. - PTA_STMM_CMD_COMMUNICATE -> PTA_STMM_CMD_COMMUNICATE - implement query_variable_store() but currently not used - no use of TEEC_SUCCESS, it is defined in driver/tee/optee/optee_private.h. Other tee client drivers use 0 instead of using TEEC_SUCCESS - remove TEEC_ERROR_EXCESS_DATA status, it is referred just to output error message Masahisa Kojima (4): efi: expose efivar generic ops register function efi: Add EFI_ACCESS_DENIED status code efi: Add tee-based EFI variable driver efivarfs: automatically update super block flag drivers/firmware/efi/Kconfig | 15 + drivers/firmware/efi/Makefile | 1 + drivers/firmware/efi/efi.c | 18 + drivers/firmware/efi/stmm/mm_communication.h | 236 +++++++ drivers/firmware/efi/stmm/tee_stmm_efi.c | 638 +++++++++++++++++++ drivers/firmware/efi/vars.c | 8 + fs/efivarfs/super.c | 33 + include/linux/efi.h | 12 + 8 files changed, 961 insertions(+) create mode 100644 drivers/firmware/efi/stmm/mm_communication.h create mode 100644 drivers/firmware/efi/stmm/tee_stmm_efi.c base-commit: d0a1865cf7e2211d9227592ef4141f4632e33908 -- 2.30.2

2 years, 5 months

3
16
0 0

OP-TEE 3.22.0 has been released

by Joakim Bech

Hi, I'm pleased to announce that OP-TEE version 3.22.0 is now available. The list of changes can be found in the changelog [1]. The branch for stable can be found here [2]. Tested platforms in this release can be found here [3]. Many thanks to everyone who has contributed in any form to this release. Let me also highlight that because many people are on vacation over the summer, we cancelled the Linaro OP-TEE call for the month of July. Having said that, we have coverage for maintenance tasks and security issues. However, due to the reduced workforce, getting attention for reviewing and merging may take a little longer in the coming weeks. [1] https://github.com/OP-TEE/optee_os/blob/master/CHANGELOG.md [2] https://github.com/OP-TEE/manifest/tree/3.22.0 [3] https://github.com/OP-TEE/optee_os/commit/001ace6655dd6bb9cbe31aa31b4ba6974… -- Regards, Joakim

2 years, 6 months

2
1
0 0

core: fix fragmented memory retrieve

by 梅建强(禹夜)

Hi, Jens, The PR has been updated as requested. https://github.com/OP-TEE/optee_os/pull/5966 <https://github.com/OP-TEE/optee_os/pull/5966 > Regards, Yuye. ------------------------------------------------------------------ 发件人：Jens Wiklander <jens.wiklander(a)linaro.org> 发送时间：2023年7月3日(星期一) 15:20 收件人：梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com> 抄　送：op-tee <op-tee(a)lists.trustedfirmware.org> 主　题：Re: core: fix fragmented memory retrieve Hi Yuye, On Mon, Jul 3, 2023 at 8:30 AM 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com> wrote: > > > > > Hi, Jens, > > The previous fix was based on ffa_mem_transaction with ffa version 1.0, > now optee and Hafnium have updated ffa_mem_transaction to ffa 1.1. > But optee-driver in linaro-swg/linux seems to be using ffa version 1.0, > which causes incorrect data reading when the driver is doing mem_share to Hafnium. > I need to debug my previous code. > When will optee-driver synchronize this version change? Updating the SPMC version in the SPMC manifest should fix the issue of mismatching versions. By the way, I've started to update my QEMU S-EL2 setup to use upstream only. I'll propose updates for the manifest and build gits to be merged after the upcoming OP-TEE release. Cheers, Jens > > Regards, > Yuye. > > ------------------------------------------------------------------ > 发件人：Jens Wiklander <jens.wiklander(a)linaro.org> > 发送时间：2023年6月28日(星期三) 17:54 > 收件人：梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com> > 抄送：op-tee <op-tee(a)lists.trustedfirmware.org> > 主题：Re: core: fix fragmented memory retrieve > > Hi Yuye, > > On Wed, Jun 28, 2023 at 11:50 AM 梅建强(禹夜) > <meijianqiang.mjq(a)alibaba-inc.com> wrote: > > > > > > > > > > Hi, Jens, > > > > Sorry for forgetting to revise the PR in time, because my github email changed so I haven't received any comments. > > Could you help me reopen the PR since I don't have the right? I will re-fix the problem as requested. > > Thanks. > > https://github.com/OP-TEE/optee_os/pull/5966 <https://github.com/OP-TEE/optee_os/pull/5966 > > > I've reopened it. > > Cheers, > Jens

2 years, 6 months

1
0
0 0

core: fix fragmented memory retrieve

by 梅建强(禹夜)

Hi, Jens, The previous fix was based on ffa_mem_transaction with ffa version 1.0, now optee and Hafnium have updated ffa_mem_transaction to ffa 1.1. But optee-driver in linaro-swg/linux seems to be using ffa version 1.0, which causes incorrect data reading when the driver is doing mem_share to Hafnium. I need to debug my previous code. When will optee-driver synchronize this version change? Regards, Yuye. ------------------------------------------------------------------ 发件人：Jens Wiklander <jens.wiklander(a)linaro.org> 发送时间：2023年6月28日(星期三) 17:54 收件人：梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com> 抄　送：op-tee <op-tee(a)lists.trustedfirmware.org> 主　题：Re: core: fix fragmented memory retrieve Hi Yuye, On Wed, Jun 28, 2023 at 11:50 AM 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com> wrote: > > > > > Hi, Jens, > > Sorry for forgetting to revise the PR in time, because my github email changed so I haven't received any comments. > Could you help me reopen the PR since I don't have the right? I will re-fix the problem as requested. > Thanks. > https://github.com/OP-TEE/optee_os/pull/5966 <https://github.com/OP-TEE/optee_os/pull/5966 > I've reopened it. Cheers, Jens

2 years, 6 months

2
1
0 0

core: fix fragmented memory retrieve

by 梅建强(禹夜)

Hi, Jens Since the optee driver has not been updated to ffa 1.1, I will first update the code with ffa 1.0. Regards, Yuye. ------------------------------------------------------------------ 发件人：梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com> 发送时间：2023年7月3日(星期一) 14:30 收件人：Jens Wiklander <jens.wiklander(a)linaro.org> 抄　送：op-tee <op-tee(a)lists.trustedfirmware.org> 主　题：core: fix fragmented memory retrieve Hi, Jens, The previous fix was based on ffa_mem_transaction with ffa version 1.0, now optee and Hafnium have updated ffa_mem_transaction to ffa 1.1. But optee-driver in linaro-swg/linux seems to be using ffa version 1.0, which causes incorrect data reading when the driver is doing mem_share to Hafnium. I need to debug my previous code. When will optee-driver synchronize this version change? Regards, Yuye. ------------------------------------------------------------------ 发件人：Jens Wiklander <jens.wiklander(a)linaro.org> 发送时间：2023年6月28日(星期三) 17:54 收件人：梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com> 抄　送：op-tee <op-tee(a)lists.trustedfirmware.org> 主　题：Re: core: fix fragmented memory retrieve Hi Yuye, On Wed, Jun 28, 2023 at 11:50 AM 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com> wrote: > > > > > Hi, Jens, > > Sorry for forgetting to revise the PR in time, because my github email changed so I haven't received any comments. > Could you help me reopen the PR since I don't have the right? I will re-fix the problem as requested. > Thanks. > https://github.com/OP-TEE/optee_os/pull/5966 <https://github.com/OP-TEE/optee_os/pull/5966 > I've reopened it. Cheers, Jens

2 years, 6 months

1
0
0 0

Preparing for OP-TEE 3.22.0

by Joakim Bech

[BCC all OP-TEE maintainers] Hi OP-TEE maintainers & contributors, OP-TEE v3.22.0 is scheduled to be released at 2023-07-07 (*). So, now is a good time to start testing the master branch on the various platforms and report/fix any bugs. The GitHub pull request for collecting Tested-by tags or any other comments is https://github.com/OP-TEE/optee_os/pull/6125. As usual, we will create a release candidate tag one week before the release date for final testing. In addition to that you can find some additional information related to releases here: https://optee.readthedocs.io/en/latest/general/releases.html Regards, Joakim Bech (*) We moved this from July 14th to July 7th due to vacation and holiday schedules.

2 years, 6 months

1
1
0 0

2026

2025

2024

2023

2022

2021

2020

OP-TEE