- OP-TEE - lists.trustedfirmware.org

[RFC PATCH 0/2] introduce op-tee based EFI Runtime Variable Service

by Masahisa Kojima

This RFC series introduces the op-tee based EFI Runtime Variable Service. The eMMC device is typically owned by the non-secure world(linux in this case). There is an existing solution utilizing eMMC RPMB partition for EFI Variables, it is implemented by interacting with OP-TEE, StandaloneMM(as EFI Variable Service Pseudo TA), eMMC driver and tee-supplicant. The last piece is the tee-based variable access driver to interact with OP-TEE and StandaloneMM. Masahisa Kojima (2): efi: expose efivar generic ops register function tee: Add op-tee helper functions for variable access drivers/firmware/efi/efi.c | 12 + drivers/tee/optee/Kconfig | 10 + drivers/tee/optee/Makefile | 1 + drivers/tee/optee/mm_communication.h | 249 +++++++++++ drivers/tee/optee/optee_private.h | 5 +- drivers/tee/optee/optee_stmm_efi.c | 598 +++++++++++++++++++++++++++ drivers/tee/tee_core.c | 23 ++ include/linux/efi.h | 4 + include/linux/tee_drv.h | 23 ++ 9 files changed, 924 insertions(+), 1 deletion(-) create mode 100644 drivers/tee/optee/mm_communication.h create mode 100644 drivers/tee/optee/optee_stmm_efi.c -- 2.30.2

2 years, 8 months

5
15
0 0

[PATCH v4 1/2] tee: system invocation

by Etienne Carriere

Adds TEE system invocation context provisioning for a Linux driver to provision execution contexts for invocation of system service hosted in TEE. OP-TEE SMC ABI implements such invocation context provisioning. This feature is needed when a TEE invocation cannot afford to wait for a free TEE thread when all TEE threads context are used and suspended as these may be suspended waiting for a system service, as an SCMI clock or voltage regulator, to be enabled. An example is when OP-TEE invokes a Linux OS remote service (RPC) to access an eMMC RPMB partition and the eMMC device is supplied by an OP-TEE SCMI regulator. Signed-off-by: Etienne Carriere <etienne.carriere(a)linaro.org> --- Changes since v3: - Fixed new SMC funcIDs to reserved/unreserve OP-TEE thread contexts: minor renaming + define as fastcall funcIDs. - Moved system_ctx_count from generic struct tee_context to optee's private struct optee_context_data. This changes optee smc_abi.c to release reserved thread contexts when the optee device is released. - Fixed inline description comments. No change since v2 Change since v1 - Addressed comment on Linux client to claim reservation on TEE context. This brings 2 new operations from client to TEE to request and release system thread contexts: 2 new tee_drv.h API functions, 2 new ops functions in struct tee_driver_ops. The OP-TEE implement shall implement 2 new fastcall SMC funcIDs. - Fixed typos in commit message. --- drivers/tee/optee/optee_private.h | 9 ++++- drivers/tee/optee/optee_smc.h | 60 +++++++++++++++++++++++++++-- drivers/tee/optee/smc_abi.c | 64 ++++++++++++++++++++++++++++++- drivers/tee/tee_core.c | 18 +++++++++ include/linux/tee_drv.h | 18 +++++++++ 5 files changed, 163 insertions(+), 6 deletions(-) diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h index 04ae58892608..b409ed2acfa6 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -182,10 +182,17 @@ struct optee_session { u32 session_id; }; +/* + * struct optee_context_data - TEE context private data + * @mutex Serializes access to this struct + * @sess_list List of TEE sessions opened for this context + * @system_ctx_count Number of system invocation contexts provisioned in TEE + * for this context + */ struct optee_context_data { - /* Serializes access to this struct */ struct mutex mutex; struct list_head sess_list; + size_t system_ctx_count; }; struct optee_rpc_param { diff --git a/drivers/tee/optee/optee_smc.h b/drivers/tee/optee/optee_smc.h index 73b5e7760d10..7d08ccaf47d4 100644 --- a/drivers/tee/optee/optee_smc.h +++ b/drivers/tee/optee/optee_smc.h @@ -108,7 +108,8 @@ struct optee_smc_call_get_os_revision_result { * Call with struct optee_msg_arg as argument * * When called with OPTEE_SMC_CALL_WITH_RPC_ARG or - * OPTEE_SMC_CALL_WITH_REGD_ARG in a0 there is one RPC struct optee_msg_arg + * OPTEE_SMC_CALL_WITH_REGD_ARG or OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG + * in a0 there is one RPC struct optee_msg_arg * following after the first struct optee_msg_arg. The RPC struct * optee_msg_arg has reserved space for the number of RPC parameters as * returned by OPTEE_SMC_EXCHANGE_CAPABILITIES. @@ -130,8 +131,8 @@ struct optee_smc_call_get_os_revision_result { * a4-6 Not used * a7 Hypervisor Client ID register * - * Call register usage, OPTEE_SMC_CALL_WITH_REGD_ARG: - * a0 SMC Function ID, OPTEE_SMC_CALL_WITH_REGD_ARG + * Call register usage, OPTEE_SMC_CALL_WITH_REGD_ARG and OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG: + * a0 SMC Function ID, OPTEE_SMC_CALL_WITH_REGD_ARG or OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG * a1 Upper 32 bits of a 64-bit shared memory cookie * a2 Lower 32 bits of a 64-bit shared memory cookie * a3 Offset of the struct optee_msg_arg in the shared memory with the @@ -175,6 +176,8 @@ struct optee_smc_call_get_os_revision_result { OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_WITH_RPC_ARG) #define OPTEE_SMC_CALL_WITH_REGD_ARG \ OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_WITH_REGD_ARG) +#define OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG \ + OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG) /* * Get Shared Memory Config @@ -254,6 +257,8 @@ struct optee_smc_get_shm_config_result { #define OPTEE_SMC_SEC_CAP_ASYNC_NOTIF BIT(5) /* Secure world supports pre-allocating RPC arg struct */ #define OPTEE_SMC_SEC_CAP_RPC_ARG BIT(6) +/* Secure world provisions thread for system service invocation */ +#define OPTEE_SMC_SEC_CAP_SYSTEM_THREAD BIT(7) #define OPTEE_SMC_FUNCID_EXCHANGE_CAPABILITIES 9 #define OPTEE_SMC_EXCHANGE_CAPABILITIES \ @@ -426,6 +431,55 @@ struct optee_smc_disable_shm_cache_result { /* See OPTEE_SMC_CALL_WITH_REGD_ARG above */ #define OPTEE_SMC_FUNCID_CALL_WITH_REGD_ARG 19 +/* See OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG above */ +#define OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG 20 + +/* + * Request reservation of a system invocation thread context in OP-TEE + * + * Call register usage: + * a0 SMC Function ID: OPTEE_SMC_RESERVE_SYS_THREAD + * a1-6 Not used + * a7 Hypervisor Client ID register + * + * Normal return register usage: + * a0 Return value, OPTEE_SMC_RETURN_* + * a1-3 Not used + * a4-7 Preserved + * + * Possible return values: + * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this + * function. + * OPTEE_SMC_RETURN_OK Call successfully completed. + * OPTEE_SMC_RETURN_ETHREAD_LIMIT Number of Trusted OS threads exceeded + * for the request. + */ +#define OPTEE_SMC_FUNCID_RESERVE_SYS_THREAD 21 +#define OPTEE_SMC_RESERVE_SYS_THREAD \ + OPTEE_SMC_FAST_CALL_VAL(OPTEE_SMC_FUNCID_RESERVE_SYS_THREAD) + +/* + * Unregister reservation of a system invocation thread context in OP-TEE + * + * Call register usage: + * a0 SMC Function ID: OPTEE_SMC_UNRESERVE_SYS_THREAD + * a1-6 Not used + * a7 Hypervisor Client ID register + * + * Normal return register usage: + * a0 Return value, OPTEE_SMC_RETURN_* + * a1-3 Not used + * a4-7 Preserved + * + * Possible return values: + * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this + * function. + * OPTEE_SMC_RETURN_OK Call successfully completed. + */ +#define OPTEE_SMC_FUNCID_UNRESERVE_SYS_THREAD 22 +#define OPTEE_SMC_UNRESERVE_SYS_THREAD \ + OPTEE_SMC_FAST_CALL_VAL(OPTEE_SMC_FUNCID_UNRESERVE_SYS_THREAD) + /* * Resume from RPC (for example after processing a foreign interrupt) * diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index a1c1fa1a9c28..8668ab5f1c8b 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -867,6 +867,7 @@ static void optee_handle_rpc(struct tee_context *ctx, static int optee_smc_do_call_with_arg(struct tee_context *ctx, struct tee_shm *shm, u_int offs) { + struct optee_context_data *ctxdata = ctx->data; struct optee *optee = tee_get_drvdata(ctx->teedev); struct optee_call_waiter w; struct optee_rpc_param param = { }; @@ -889,7 +890,10 @@ static int optee_smc_do_call_with_arg(struct tee_context *ctx, } if (rpc_arg && tee_shm_is_dynamic(shm)) { - param.a0 = OPTEE_SMC_CALL_WITH_REGD_ARG; + if (ctxdata->system_ctx_count) + param.a0 = OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG; + else + param.a0 = OPTEE_SMC_CALL_WITH_REGD_ARG; reg_pair_from_64(&param.a1, &param.a2, (u_long)shm); param.a3 = offs; } else { @@ -1077,6 +1081,50 @@ static void optee_get_version(struct tee_device *teedev, *vers = v; } +static int optee_request_sys_ctx(struct tee_context *ctx) +{ + struct optee_context_data *ctxdata = ctx->data; + struct optee *optee = tee_get_drvdata(ctx->teedev); + struct arm_smccc_res res; + + if (!(optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_SYSTEM_THREAD)) + return -EINVAL; + + optee->smc.invoke_fn(OPTEE_SMC_RESERVE_SYS_THREAD, + 0, 0, 0, 0, 0, 0, 0, &res); + + if (res.a0 != OPTEE_SMC_RETURN_OK) + return -EINVAL; + + mutex_lock(&ctxdata->mutex); + ctxdata->system_ctx_count++; + mutex_unlock(&ctxdata->mutex); + + return 0; +} + +static void optee_release_sys_ctx(struct tee_context *ctx) +{ + struct optee_context_data *ctxdata = ctx->data; + struct optee *optee = tee_get_drvdata(ctx->teedev); + struct arm_smccc_res res; + + if (!ctxdata->system_ctx_count) + return; + + optee->smc.invoke_fn(OPTEE_SMC_UNRESERVE_SYS_THREAD, + 0, 0, 0, 0, 0, 0, 0, &res); + + if (res.a0 != OPTEE_SMC_RETURN_OK) { + WARN_ONCE(1, "OP-TEE: Couldn't release reserved context\n"); + return; + } + + mutex_lock(&ctxdata->mutex); + ctxdata->system_ctx_count--; + mutex_unlock(&ctxdata->mutex); +} + static int optee_smc_open(struct tee_context *ctx) { struct optee *optee = tee_get_drvdata(ctx->teedev); @@ -1085,16 +1133,28 @@ static int optee_smc_open(struct tee_context *ctx) return optee_open(ctx, sec_caps & OPTEE_SMC_SEC_CAP_MEMREF_NULL); } +static void optee_smc_release(struct tee_context *ctx) +{ + struct optee_context_data *ctxdata = ctx->data; + + while (ctxdata->system_ctx_count) + optee_release_sys_ctx(ctx); + + optee_release(ctx); +} + static const struct tee_driver_ops optee_clnt_ops = { .get_version = optee_get_version, .open = optee_smc_open, - .release = optee_release, + .release = optee_smc_release, .open_session = optee_open_session, .close_session = optee_close_session, .invoke_func = optee_invoke_func, .cancel_req = optee_cancel_req, .shm_register = optee_shm_register, .shm_unregister = optee_shm_unregister, + .system_ctx_request = optee_request_sys_ctx, + .system_ctx_release = optee_release_sys_ctx, }; static const struct tee_desc optee_clnt_desc = { diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 98da206cd761..d6593c57f32d 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -5,6 +5,7 @@ #define pr_fmt(fmt) "%s: " fmt, __func__ +#include <linux/bug.h> #include <linux/cdev.h> #include <linux/cred.h> #include <linux/fs.h> @@ -1145,6 +1146,23 @@ void tee_client_close_context(struct tee_context *ctx) } EXPORT_SYMBOL_GPL(tee_client_close_context); +int tee_client_request_system_context(struct tee_context *ctx) +{ + if (!ctx->teedev->desc->ops->system_ctx_request || + !ctx->teedev->desc->ops->system_ctx_release) + return -EINVAL; + + return ctx->teedev->desc->ops->system_ctx_request(ctx); +} +EXPORT_SYMBOL_GPL(tee_client_request_system_context); + +void tee_client_release_system_context(struct tee_context *ctx) +{ + if (ctx->teedev->desc->ops->system_ctx_release) + ctx->teedev->desc->ops->system_ctx_release(ctx); +} +EXPORT_SYMBOL_GPL(tee_client_release_system_context); + void tee_client_get_version(struct tee_context *ctx, struct tee_ioctl_version_data *vers) { diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 17eb1c5205d3..99d016eb7353 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -90,6 +90,8 @@ struct tee_param { * @supp_send: called for supplicant to send a response * @shm_register: register shared memory buffer in TEE * @shm_unregister: unregister shared memory buffer in TEE + * @system_ctx_request: Request provisioning of a new system context in TEE + * @system_ctx_release: Release a provisioned system context in TEE */ struct tee_driver_ops { void (*get_version)(struct tee_device *teedev, @@ -112,6 +114,8 @@ struct tee_driver_ops { struct page **pages, size_t num_pages, unsigned long start); int (*shm_unregister)(struct tee_context *ctx, struct tee_shm *shm); + int (*system_ctx_request)(struct tee_context *ctx); + void (*system_ctx_release)(struct tee_context *ctx); }; /** @@ -397,6 +401,20 @@ tee_client_open_context(struct tee_context *start, */ void tee_client_close_context(struct tee_context *ctx); +/** + * tee_client_request_system_context() - Request reservation of a system context + * @ctx: TEE context reference + * + * @return 0 on success else an error code + */ +int tee_client_request_system_context(struct tee_context *ctx); + +/** + * tee_client_release_system_context() - Release a reserved system context + * @ctx: TEE context reference + */ +void tee_client_release_system_context(struct tee_context *ctx); + /** * tee_client_get_version() - Query version of TEE * @ctx: TEE context to TEE to query -- 2.25.1

2 years, 8 months

1
1
0 0

[PATCH 0/6] Export platform features from ccp driver

by Mario Limonciello

The i2c-designware-amdpsp driver communicates with a platform features mailbox provided by the PSP. The address used for communication is discovered via a non-architecturally guaranteed mechanism. To better scale, export a feature for communication with platform features directly from the ccp driver. Mario Limonciello (6): crypto: ccp: Drop TEE support for IRQ handler crypto: ccp: Add a header for multiple drivers to use `__psp_pa` crypto: ccp: Move some PSP mailbox bit definitions into common header crypto: ccp: Add support for an interface for platform features crypto: ccp: Enable platform access interface on client PSP parts i2c: designware: Use PCI PSP driver for communication arch/x86/kvm/svm/sev.c | 1 + drivers/crypto/ccp/Makefile | 3 +- drivers/crypto/ccp/platform-access.c | 166 ++++++++++++++++++++ drivers/crypto/ccp/platform-access.h | 34 ++++ drivers/crypto/ccp/psp-dev.c | 32 ++-- drivers/crypto/ccp/psp-dev.h | 11 +- drivers/crypto/ccp/sev-dev.c | 16 +- drivers/crypto/ccp/sev-dev.h | 2 +- drivers/crypto/ccp/sp-dev.h | 7 + drivers/crypto/ccp/sp-pci.c | 7 + drivers/crypto/ccp/tee-dev.c | 17 +- drivers/i2c/busses/Kconfig | 2 +- drivers/i2c/busses/i2c-designware-amdpsp.c | 149 +----------------- drivers/i2c/busses/i2c-designware-core.h | 1 - drivers/i2c/busses/i2c-designware-platdrv.c | 1 - drivers/tee/amdtee/call.c | 2 +- drivers/tee/amdtee/shm_pool.c | 2 +- include/linux/psp-platform-access.h | 50 ++++++ include/linux/psp-sev.h | 8 - include/linux/psp.h | 26 +++ 20 files changed, 340 insertions(+), 197 deletions(-) create mode 100644 drivers/crypto/ccp/platform-access.c create mode 100644 drivers/crypto/ccp/platform-access.h create mode 100644 include/linux/psp-platform-access.h create mode 100644 include/linux/psp.h base-commit: c7410b425de40e9b163eef781e1bdacf1bf2962e -- 2.34.1

2 years, 8 months

4
4
0 0

[PATCH v2 1/2] tee: system invocation

by Etienne Carriere

Adds TEE system invocation context provisioning for a Linux driver to provision execution contexts for invocation of system service hosted in TEE. OP-TEE SMC ABI implements such invocation context provisioning. This feature is needed when a TEE invocation cannot afford to wait for a free TEE thread when all TEE threads context are used and suspended as these may be suspended waiting for a system service, as an SCMI clock or voltage regulator, to be enabled. An example is when OP-TEE invokes a Linux OS remote service (RPC) to access an eMMC RPMB partition and the eMMC device is supplied by an OP-TEE SCMI regulator. Signed-off-by: Etienne Carriere <etienne.carriere(a)linaro.org> --- Change since v1 - Addressed comment on Linux client to claim reservation on TEE context. This brings 2 new operations from client to TEE to request and release system thread contexts: 2 new tee_drv.h API functions, 2 new ops functions in struct tee_driver_ops. The OP-TEE implement shall implement 2 new fastcall SMC funcIDs. - Fixed typos in commit message. --- drivers/tee/optee/optee_smc.h | 60 +++++++++++++++++++++++++++++++++-- drivers/tee/optee/smc_abi.c | 34 +++++++++++++++++++- drivers/tee/tee_core.c | 30 ++++++++++++++++++ include/linux/tee_drv.h | 21 ++++++++++++ 4 files changed, 141 insertions(+), 4 deletions(-) diff --git a/drivers/tee/optee/optee_smc.h b/drivers/tee/optee/optee_smc.h index 73b5e7760d10..75b19e1bd185 100644 --- a/drivers/tee/optee/optee_smc.h +++ b/drivers/tee/optee/optee_smc.h @@ -108,7 +108,8 @@ struct optee_smc_call_get_os_revision_result { * Call with struct optee_msg_arg as argument * * When called with OPTEE_SMC_CALL_WITH_RPC_ARG or - * OPTEE_SMC_CALL_WITH_REGD_ARG in a0 there is one RPC struct optee_msg_arg + * OPTEE_SMC_CALL_WITH_REGD_ARG or OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG + * in a0 there is one RPC struct optee_msg_arg * following after the first struct optee_msg_arg. The RPC struct * optee_msg_arg has reserved space for the number of RPC parameters as * returned by OPTEE_SMC_EXCHANGE_CAPABILITIES. @@ -130,8 +131,8 @@ struct optee_smc_call_get_os_revision_result { * a4-6 Not used * a7 Hypervisor Client ID register * - * Call register usage, OPTEE_SMC_CALL_WITH_REGD_ARG: - * a0 SMC Function ID, OPTEE_SMC_CALL_WITH_REGD_ARG + * Call register usage, OPTEE_SMC_CALL_WITH_REGD_ARG and OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG: + * a0 SMC Function ID, OPTEE_SMC_CALL_WITH_REGD_ARG or OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG * a1 Upper 32 bits of a 64-bit shared memory cookie * a2 Lower 32 bits of a 64-bit shared memory cookie * a3 Offset of the struct optee_msg_arg in the shared memory with the @@ -175,6 +176,8 @@ struct optee_smc_call_get_os_revision_result { OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_WITH_RPC_ARG) #define OPTEE_SMC_CALL_WITH_REGD_ARG \ OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_WITH_REGD_ARG) +#define OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG \ + OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG) /* * Get Shared Memory Config @@ -254,6 +257,8 @@ struct optee_smc_get_shm_config_result { #define OPTEE_SMC_SEC_CAP_ASYNC_NOTIF BIT(5) /* Secure world supports pre-allocating RPC arg struct */ #define OPTEE_SMC_SEC_CAP_RPC_ARG BIT(6) +/* Secure world provisions thread for system service invocation */ +#define OPTEE_SMC_SEC_CAP_SYSTEM_THREAD BIT(7) #define OPTEE_SMC_FUNCID_EXCHANGE_CAPABILITIES 9 #define OPTEE_SMC_EXCHANGE_CAPABILITIES \ @@ -426,6 +431,55 @@ struct optee_smc_disable_shm_cache_result { /* See OPTEE_SMC_CALL_WITH_REGD_ARG above */ #define OPTEE_SMC_FUNCID_CALL_WITH_REGD_ARG 19 +/* See OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG above */ +#define OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG 20 + +/* + * Request reservation of a system invocation thread context in OP-TEE + * + * Call register usage: + * a0 SMC Function ID: OPTEE_SMC_CALL_RESERVE_SYS_THREAD + * a1-6 Not used + * a7 Hypervisor Client ID register + * + * Normal return register usage: + * a0 Return value, OPTEE_SMC_RETURN_* + * a1-3 Not used + * a4-7 Preserved + * + * Possible return values: + * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this + * function. + * OPTEE_SMC_RETURN_OK Call successfully completed. + * OPTEE_SMC_RETURN_ETHREAD_LIMIT Number of Trusted OS threads exceeded + * for the request. + */ +#define OPTEE_SMC_FUNCID_CALL_RESERVE_SYS_THREAD 21 +#define OPTEE_SMC_CALL_RESERVE_SYS_THREAD \ + OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_RESERVE_SYS_THREAD) + +/* + * Unregister reservation of a system invocation thread context in OP-TEE + * + * Call register usage: + * a0 SMC Function ID: OPTEE_SMC_CALL_UNRESERVE_SYS_THREAD + * a1-6 Not used + * a7 Hypervisor Client ID register + * + * Normal return register usage: + * a0 Return value, OPTEE_SMC_RETURN_* + * a1-3 Not used + * a4-7 Preserved + * + * Possible return values: + * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this + * function. + * OPTEE_SMC_RETURN_OK Call successfully completed. + */ +#define OPTEE_SMC_FUNCID_CALL_UNRESERVE_SYS_THREAD 22 +#define OPTEE_SMC_CALL_UNRESERVE_SYS_THREAD \ + OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_UNRESERVE_SYS_THREAD) + /* * Resume from RPC (for example after processing a foreign interrupt) * diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index a1c1fa1a9c28..013b5ae31c0e 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -889,7 +889,10 @@ static int optee_smc_do_call_with_arg(struct tee_context *ctx, } if (rpc_arg && tee_shm_is_dynamic(shm)) { - param.a0 = OPTEE_SMC_CALL_WITH_REGD_ARG; + if (ctx->system_ctx_count) + param.a0 = OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG; + else + param.a0 = OPTEE_SMC_CALL_WITH_REGD_ARG; reg_pair_from_64(&param.a1, &param.a2, (u_long)shm); param.a3 = offs; } else { @@ -1085,6 +1088,33 @@ static int optee_smc_open(struct tee_context *ctx) return optee_open(ctx, sec_caps & OPTEE_SMC_SEC_CAP_MEMREF_NULL); } +static int optee_request_sys_ctx(struct tee_context *ctx) +{ + struct optee *optee = tee_get_drvdata(ctx->teedev); + struct arm_smccc_res res; + + if (!(optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_SYSTEM_THREAD)) + return -EINVAL; + + optee->smc.invoke_fn(OPTEE_SMC_CALL_RESERVE_SYS_THREAD, + 0, 0, 0, 0, 0, 0, 0, &res); + + if (res.a0 != OPTEE_SMC_RETURN_OK) + return -EINVAL; + + return 0; +} + +static void optee_release_sys_ctx(struct tee_context *ctx) +{ + struct optee *optee = tee_get_drvdata(ctx->teedev); + struct arm_smccc_res res; + + if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_SYSTEM_THREAD) + optee->smc.invoke_fn(OPTEE_SMC_CALL_UNRESERVE_SYS_THREAD, + 0, 0, 0, 0, 0, 0, 0, &res); +} + static const struct tee_driver_ops optee_clnt_ops = { .get_version = optee_get_version, .open = optee_smc_open, @@ -1095,6 +1125,8 @@ static const struct tee_driver_ops optee_clnt_ops = { .cancel_req = optee_cancel_req, .shm_register = optee_shm_register, .shm_unregister = optee_shm_unregister, + .system_ctx_request = optee_request_sys_ctx, + .system_ctx_release = optee_release_sys_ctx, }; static const struct tee_desc optee_clnt_desc = { diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 98da206cd761..a7dfdea5d85b 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -5,6 +5,7 @@ #define pr_fmt(fmt) "%s: " fmt, __func__ +#include <linux/bug.h> #include <linux/cdev.h> #include <linux/cred.h> #include <linux/fs.h> @@ -1141,10 +1142,39 @@ EXPORT_SYMBOL_GPL(tee_client_open_context); void tee_client_close_context(struct tee_context *ctx) { + while (ctx->system_ctx_count) + tee_client_release_system_context(ctx); + teedev_close_context(ctx); } EXPORT_SYMBOL_GPL(tee_client_close_context); +int tee_client_request_system_context(struct tee_context *ctx) +{ + int ret; + + if (!ctx->teedev->desc->ops->system_ctx_request || + !ctx->teedev->desc->ops->system_ctx_release) + return -EINVAL; + + ret = ctx->teedev->desc->ops->system_ctx_request(ctx); + if (!ret) + ctx->system_ctx_count++; + + return ret; +} +EXPORT_SYMBOL_GPL(tee_client_request_system_context); + +void tee_client_release_system_context(struct tee_context *ctx) +{ + if (ctx->system_ctx_count && + ctx->teedev->desc->ops->system_ctx_release) { + ctx->teedev->desc->ops->system_ctx_release(ctx); + ctx->system_ctx_count--; + } +} +EXPORT_SYMBOL_GPL(tee_client_release_system_context); + void tee_client_get_version(struct tee_context *ctx, struct tee_ioctl_version_data *vers) { diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 17eb1c5205d3..45577256bb71 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -47,6 +47,8 @@ struct tee_shm_pool; * non-blocking in nature. * @cap_memref_null: flag indicating if the TEE Client support shared * memory buffer with a NULL pointer. + * @system_ctx_count: Number of system invocation contexts provisioned for + * this TEE client or 0. */ struct tee_context { struct tee_device *teedev; @@ -55,6 +57,7 @@ struct tee_context { bool releasing; bool supp_nowait; bool cap_memref_null; + unsigned int system_ctx_count; }; struct tee_param_memref { @@ -90,6 +93,8 @@ struct tee_param { * @supp_send: called for supplicant to send a response * @shm_register: register shared memory buffer in TEE * @shm_unregister: unregister shared memory buffer in TEE + * @system_ctx_request: Request provisioning of a new system context in TEE + * @system_ctx_release: Release a provisioned system context in TEE */ struct tee_driver_ops { void (*get_version)(struct tee_device *teedev, @@ -112,6 +117,8 @@ struct tee_driver_ops { struct page **pages, size_t num_pages, unsigned long start); int (*shm_unregister)(struct tee_context *ctx, struct tee_shm *shm); + int (*system_ctx_request)(struct tee_context *ctx); + void (*system_ctx_release)(struct tee_context *ctx); }; /** @@ -397,6 +404,20 @@ tee_client_open_context(struct tee_context *start, */ void tee_client_close_context(struct tee_context *ctx); +/** + * tee_client_request_system_context() - Close a TEE context + * @ctx: TEE context to close + * + * @return 0 on success else an error code + */ +int tee_client_request_system_context(struct tee_context *ctx); + +/** + * tee_client_release_system_context() - Release a reserved system exec context + * @ctx: TEE context reference + */ +void tee_client_release_system_context(struct tee_context *ctx); + /** * tee_client_get_version() - Query version of TEE * @ctx: TEE context to TEE to query -- 2.25.1

2 years, 8 months

3
4
0 0

[PATCH v2 0/4] Remove get_kernel_pages()

by Ira Weiny

Sumit, I did not see a follow up on this series per your last email.[1] I'd like to move forward with getting rid of kmap_to_page(). So Hopefully this can land and you can build on this rather than the other way around? All, Al Viro found[2] that kmap_to_page() is broken. But not only is it broken, it presents confusion over how highmem should be used because kmap() and friends should not be used for 'long term' mappings. get_kernel_pages() is a caller of kmap_to_page(). It only has one caller [shm_get_kernel_pages()] which does not need the functionality. Alter shm_get_kernel_pages() to no longer call get_kernel_pages() and remove get_kernel_pages(). Along the way it was noted that shm_get_kernel_pages() does not have any need to support vmalloc'ed addresses either. Remove that functionality to clean up the logic. This series also fixes is_kmap_addr() and uses it to ensure no kmap addresses slip in later. [1] https://lore.kernel.org/all/CAFA6WYMqEVDVW-ifoh-V9ni1zntYdes8adQKf2XXAUpqda… [2] https://lore.kernel.org/lkml/YzSSl1ItVlARDvG3@ZenIV To: Sumit Garg <sumit.garg(a)linaro.org> To: Andrew Morton <akpm(a)linux-foundation.org> Cc: "Al Viro" <viro(a)zeniv.linux.org.uk> Cc: "Christoph Hellwig" <hch(a)lst.de> Cc: linux-kernel(a)vger.kernel.org Cc: op-tee(a)lists.trustedfirmware.org Cc: linux-mm(a)kvack.org Cc: Jens Wiklander <jens.wiklander(a)linaro.org> Cc: "Fabio M. De Francesco" <fmdefrancesco(a)gmail.com> Signed-off-by: Ira Weiny <ira.weiny(a)intel.com> --- Changes in v2: - Al Viro: Avoid allocating the kiov. - Sumit: Update cover letter to clarify the motivation behind removing get_kernel_pages() - Link to v1: https://lore.kernel.org/r/20221002002326.946620-1-ira.weiny@intel.com --- Ira Weiny (4): highmem: Enhance is_kmap_addr() to check kmap_local_page() mappings tee: Remove vmalloc page support tee: Remove call to get_kernel_pages() mm: Remove get_kernel_pages() drivers/tee/tee_shm.c | 37 ++++++++++--------------------------- include/linux/highmem-internal.h | 5 ++++- include/linux/mm.h | 2 -- mm/swap.c | 30 ------------------------------ 4 files changed, 14 insertions(+), 60 deletions(-) --- base-commit: 0136d86b78522bbd5755f8194c97a987f0586ba5 change-id: 20230203-get_kernel_pages-199342cfba79 Best regards, -- Ira Weiny <ira.weiny(a)intel.com>

2 years, 8 months

6
26
0 0

[PATCH v2 0/1] tee: Add tee_shm_register_fd

by Olivier Masse

Add a new ioctl called TEE_IOC_SHM_REGISTER_FD to register a shared memory from a dmabuf file descriptor. This new ioctl will allow the Linux Kernel to register a buffer to be used by the Secure Data Path OPTEE OS feature. Please find more information here: https://static.linaro.org/connect/san19/presentations/san19-107.pdf Patch tested on Hikey 6220. Etienne Carriere (1): tee: new ioctl to a register tee_shm from a dmabuf file descriptor drivers/tee/tee_core.c | 38 +++++++++++++++ drivers/tee/tee_shm.c | 99 +++++++++++++++++++++++++++++++++++++++- include/linux/tee_drv.h | 11 +++++ include/uapi/linux/tee.h | 29 ++++++++++++ 4 files changed, 175 insertions(+), 2 deletions(-) -- 2.25.0

2 years, 8 months

9
24
0 0

Dynamic Shared Memory

by 梅建强(禹夜)

Hi, expert Regarding the use of optee dynamic shared memory, we have encountered some problems that cannot be solved recently. Debug log is as follows: REE OS kenrel->TEE SPMC (FFA_MEM_SHARE) WARNING: SPM(5): 0x84000073 0x50 0x50 0x0 0x0 0x0 0x0 0x0 VERBOSE: hafnium ffa_handler func:0x84000073 VERBOSE: hafnium allow for one memory region to be shared to the TEE. VERBOSE: ffa_memory_send VERBOSE: share_states->memory_region->sender:0x0 VERBOSE: share_states->memory_region->attributes:0x2f VERBOSE: share_states->share_func:0x84000073 VERBOSE: share_states->fragment_count:0x1 VERBOSE: share_states->sending_complete:0x1 VERBOSE: hanfium fragment_count:1 VERBOSE: hanfium fragment_constituent_counts[i]:1 VERBOSE: hanfium max pa_range bits:0x30 VERBOSE: hanfium pa_begin:0x8a8474000, pa_end:0x8a8475000 VERBOSE: hanfium fragment_count:1 VERBOSE: hanfium fragment_constituent_counts[i]:1 VERBOSE: hanfium max pa_range bits:0x30 VERBOSE: hanfium pa_begin:0x8a8474000, pa_end:0x8a8475000 VERBOSE: Marked sending complete. Current share states: SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 0 retrieved, sender's original mode: 0x7 SHARE 0x2 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 WARNING: SPM(5): 0x84000061 0x0 0x1 0x0 0x0 0x0 0x0 0x0 ...... REE OS kenrel->TEE SP (OPTEE_FFA_YEILDING_CALL_WITH_ARG(cookie)) WARNING: SPM(5): 0x8400006f 0x8001 0x0 0x80000000 0x0 0x0 0x0 0x0 VERBOSE: hafnium ffa_handler func:0x8400006f D/TC:005 0 mobj_ffa_get_by_cookie:382 cookie 0 resurrecting E/TC:005 0 mobj_ffa_get_by_cookie:385 Populating mobj from rx buffer, cookie 0x1 TEE SPMC->TEE SPMC (FFA_MEM_RETRIEVE_REQ(cookie)) VERBOSE: hafnium ffa_handler func:0x84000074 Current share states: SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 0 retrieved, sender's original mode: 0x7 SHARE 0x2 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x3 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 0 retrieved, sender's original mode: 0x7 VERBOSE: hanfium fragment_count:1 VERBOSE: hanfium fragment_constituent_counts[i]:1 VERBOSE: hanfium max pa_range bits:0x30 VERBOSE: hanfium pa_begin:0x8a8474000, pa_end:0x8a8475000 VERBOSE: hanfium fragment_count:1 VERBOSE: hanfium fragment_constituent_counts[i]:1 VERBOSE: hanfium max pa_range bits:0x30 VERBOSE: hanfium pa_begin:0x8a8474000, pa_end:0x8a8475000 Current share states: SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x2 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x3 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 0 retrieved, sender's original mode: 0x7 VERBOSE: hafnium ffa_handler func:0x84000065 ...... ERROR LOG I/TA: read_raw_object enter I/TA: obj_id_sz:0x8 I/TA: obj_id in tee va:0x40086348 I/TA: obj_id in ree va:0x400229f0 I/TA: TEE_MemMove:323 TEE_MemMove enter WARNING: Stage-2 page fault: pc=0x4007a3ce, vmid=0x8001, vcpu=5, vaddr=0x400229f0, ipaddr=0x8a84749f0, mode=0x81 0x63 NOTICE: Injecting Data Abort exception into VM 0x8001. D/TC:005 0 abort_handler:550 [abort] abort in User mode (TA will panic) E/TC:??? 0 E/TC:??? 0 User mode data-abort at address 0x400229f0 (translation fault) E/TC:??? 0 esr 0x94020007 ttbr0 0x20000f03180a0 ttbr1 0x00000000 cidr 0x0 E/TC:??? 0 cpu #5 <https://github.com/OP-TEE/optee_os/pull/5 > cpsr 0x00000130 E/TC:??? 0 x0 0000000040086348 x1 0000000040086349 E/TC:??? 0 x2 00000000400229f0 x3 0000000040086348 E/TC:??? 0 x4 000000004007e088 x5 0000000000000000 E/TC:??? 0 x6 0000000000000000 x7 000000004001fe60 E/TC:??? 0 x8 0000000000000000 x9 0000000000000000 E/TC:??? 0 x10 0000000000000000 x11 0000000000000000 E/TC:??? 0 x12 0000000000000000 x13 000000004001fe60 E/TC:??? 0 x14 00000000400695ad x15 0000000000000000 E/TC:??? 0 x16 00000000f0240370 x17 0000000000000000 E/TC:??? 0 x18 0000000000000000 x19 0000000000000000 E/TC:??? 0 x20 0000000000000000 x21 0000000000000000 E/TC:??? 0 x22 0000000000000000 x23 0000000000000000 E/TC:??? 0 x24 0000000000000000 x25 0000000000000000 E/TC:??? 0 x26 0000000000000000 x27 0000000000000000 E/TC:??? 0 x28 0000000000000000 x29 0000000000000000 E/TC:??? 0 x30 0000000000000000 elr 000000004007a3ce E/TC:??? 0 sp_el0 000000004001ff80 E/LD: Status of TA f4e750bb-1437-4fbf-8785-8d3580c34994 E/LD: arch: arm E/LD: region 0: va 0x40006000 pa 0xf0404000 size 0x002000 flags rw-s (ldelf) E/LD: region 1: va 0x40008000 pa 0xf0406000 size 0x011000 flags r-xs (ldelf) E/LD: region 2: va 0x40019000 pa 0xf0417000 size 0x001000 flags rw-s (ldelf) E/LD: region 3: va 0x4001a000 pa 0xf0418000 size 0x004000 flags rw-s (ldelf) E/LD: region 4: va 0x4001e000 pa 0xf041c000 size 0x001000 flags r--s E/LD: region 5: va 0x4001f000 pa 0xf0440000 size 0x001000 flags rw-s (stack) E/LD: region 6: va 0x40020000 pa 0x8a1262340 size 0x002000 flags rw-- (param) E/LD: region 7: va 0x40022000 pa 0x8a84749f0 size 0x001000 flags rw-- (param) E/LD: region 8: va 0x40067000 pa 0x00001000 size 0x017000 flags r-xs [0] E/LD: region 9: va 0x4007e000 pa 0x00018000 size 0x00c000 flags rw-s [0] E/LD: [0] f4e750bb-1437-4fbf-8785-8d3580c34994 @ 0x40067000 ERROR CODE "optee_examples/secure_storage/ta/secure_storage_ta.c" static TEE_Result read_raw_object(uint32_t param_types, TEE_Param params[4]) { const uint32_t exp_param_types = TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_MEMREF_OUTPUT, TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_NONE); char *obj_id; size_t obj_id_sz; IMSG("read_raw_object enter\n"); \/* * Safely get the invocation parameters *\/ if (param_types != exp_param_types) return TEE_ERROR_BAD_PARAMETERS; obj_id_sz = params[0].memref.size; obj_id = TEE_Malloc(obj_id_sz, 0); IMSG("obj_id_sz:%#x\n",obj_id_sz); IMSG("obj_id in tee va:%p\n",obj_id); IMSG("obj_id in ree va:%p\n",params[0].memref.buffer); if (!obj_id) return TEE_ERROR_OUT_OF_MEMORY; TEE_MemMove(obj_id, params[0].memref.buffer, obj_id_sz); //<-- ERROR OCCURED TEE_Free(obj_id); return TEE_SUCCESS; } It seems that OP-TEE tries to use an IPA which isn't mapped by Hafnium. Can anyone figure out what the problem is and give some debugging directions? Thanks! regards, yuye

2 years, 8 months

3
2
0 0

State of logging to REE

by Jeffrey Kardatzke

What's the current state of being able to log to the REE using components that already exist in OP-TEE today? I've seen various issues relating to it in GitHub: https://github.com/OP-TEE/optee_os/issues/4230 and https://github.com/OP-TEE/optee_os/pull/810, but both ended up being closed before I can see anything relating to logging to integrated. Did something like this end up getting implemented yet? Cheers, -- Jeffrey Kardatzke jkardatzke(a)google.com Google, Inc.

2 years, 8 months

2
2
0 0

OPTEE TA Crash

by 梅建强(禹夜)

Hi, Does anyone have a good solution to this problem？ https://github.com/OP-TEE/optee_os/issues/5803 <https://github.com/OP-TEE/optee_os/issues/5803 > regards, yuye

2 years, 8 months

1
1
0 0

OP-TEE S-EL1 SPMC broken

by Balint Dobszay

Hi All, A recent patch in optee_os [1] changed the boot ABI, which causes the "S-EL1 SPMC + Secure Partitions" config fail to boot. We are currently investigating the issue. Regards, Balint [1]: https://github.com/OP-TEE/optee_os/commit/f1f431c7a92671b4fa397976d381cc5ad…

2 years, 9 months

1
0
0 0

2025

2024

2023

2022

2021

2020

OP-TEE