[BCC all OP-TEE maintainers]
Hi OP-TEE maintainers & contributors,
OP-TEE v3.15.0 is scheduled to be released on 2021-10-15. So, now is
a good time to start testing the master branch on the various platforms
and report/fix any bugs.
The GitHub pull request for collecting Tested-by tags or any other
comments is https://github.com/OP-TEE/optee_os/pull/4880
As usual, we will create a release candidate tag one week before the
release date for final testing.
In addition to that you can find some additional information related to
releases here: https://optee.readthedocs.io/en/latest/general/releases.html
Regards,
Ruchika
Hi,
First of all, as I don't see a lot of questions being asked here, so
please feel free to direct me elsewhere with my question(s) if this is
not the proper place to do so.
In our application, we are using a custom Optee PTA to control our
display securely. Our user space application utilizes LVGL with a
custom LVGL Optee PTA driver, which allocates TEEC_SharedMemory using
TEEC_AllocateSharedMemory() for the frame buffer, which transferred as
TEEC_MEMREF_WHOLE to our custom PTA by our custom LVGL Optee-PTA
driver whenever LVGL flushes its frame buffer.
Our user space application also starts and stops several LXC containers.
We noticed that after starting any LXC container, our display freezes.
In this scenario, our custom LVGL Optee PTA driver is still pushing
newly updated frame buffer contents to our custom Optee PTA, but the
buffer received by our custom Optee PTA contains old data.
We have traced down the cause to a fork() call in lxc_start();
Replacing lxc_start() with fork() has the same effect, hence we think
the problem is caused by fork(). After fork, updates from neither the
parent nor the child appear in the buffer at our custom Optee PTA end.
We wonder if this is by design, as shared memory in combination with
fork() might be a security hazard, exposing memory shared with the
secure world to any forked process. Are we right? We really would like
to understand this.
If, instead of using TEEC_AllocateSharedMemory() and
TEEC_MEMREF_WHOLE, we use calloc() and TEEC_MEMREF_WHOLE instead, the
problem does not occur. Probably because the memory is mapped at each
use. Is this the suggested work-around?
Thank you in advance.
With kind regards,
Robert Deliën.
--
DISCLAIMER
De informatie, verzonden in of met dit e-mailbericht, is
vertrouwelijk en uitsluitend voor de geadresseerde(n) bestemd. Het gebruik
van de informatie in dit bericht, de openbaarmaking, vermenigvuldiging,
verspreiding en|of verstrekking daarvan aan derden is niet toegestaan.
Gebruik van deze informatie door anderen dan geadresseerde(n) is strikt
verboden. Aan deze informatie kunnen geen rechten worden ontleend. U wordt
verzocht bij onjuiste adressering de afzender direct te informeren door het
bericht te retourneren en het bericht uit uw computersysteem te verwijderen.
Hello arm-soc maintainers,
Please pull this small OP-TEE driver fix for the shared memory pool
handler. The fix doesn't change the generated code, but it's still relevant
since the problem obviously triggers warnings with some tools.
Thanks,
Jens
The following changes since commit 7d2a07b769330c34b4deabeed939325c77a7ec2f:
Linux 5.14 (2021-08-29 15:04:50 -0700)
are available in the Git repository at:
git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-fix-for-v5.15
for you to fetch changes up to 88a3856c0a8c03188db7913f4d49379432fe1f93:
tee/optee/shm_pool: fix application of sizeof to pointer (2021-09-14 07:54:56 +0200)
----------------------------------------------------------------
Fix OP-TEE shm_pool lint warning
----------------------------------------------------------------
jing yangyang (1):
tee/optee/shm_pool: fix application of sizeof to pointer
drivers/tee/optee/shm_pool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Hi all,
This adds supports for the OP-TEE driver to communicate with secure world
using FF-A [1] as transport.
There is one change to the TEE subsystem with "tee: add sec_world_id to
struct tee_shm" to add support for holding globally unique handle assigned
by the FF-A. This is a field that I believe could useful for the AMDTEE
driver too.
For communication the OP-TEE message protocol is still used, but with a new
type of memory reference, struct optee_msg_param_fmem, to carry the
information needed by FF-A. The OP-TEE driver is refactored internally with
to sets of callbacks, one for the old SMC based communication and another
set with FF-A as transport. The functions relating to the SMC based ABI
are moved to smc_abi.c while the FF-A based ABI is added in a ffa_abi.c.
There is also a difference in how the drivers are instantiated. With the
SMC based transport we have a platform driver, module_platform_driver(),
today which we're keeping as is for this configuration. In a FF-A system we
have a FF-A driver, module_ffa_driver(), instead.
The OP-TEE driver can be compiled for both targets at the same time and
it's up to runtime configuration (device tree or ACPI) to decide how it's
initialized. Note that it's only the old SMC based driver instance that
need device tree or ACPI to initialize. The FF-A based driver relies on the
FF-A bus instead.
This can be tested QEMU
The repo for SPMC at S-EL1 retrieved by
repo init -u https://github.com/jenswi-linaro/manifest.git -m
qemu_v8.xml -b ffav4_spmc
repo sync
# Then checkout the branch optee_ffa_v5 from
# git://git.linaro.org/people/jens.wiklander/linux-tee.git
# in the linux directory
To build do:
cd build
make toolchains
make all
To boot:
make run-only
Test with xtest, perhaps only with the command "xtest 1004" in case you're
not interested in too many tests.
Thanks,
Jens
[1] https://developer.arm.com/documentation/den0077/latest
v4->v5:
- Rebased on v5.14, tricky conflicts primarily between "optee: isolate smc
abi" and mostly 376e4199e327 "tee: Correct inappropriate usage of
TEE_SHM_DMA_BUF flag" but also with the other kexec fixes that went into
v5.14-rc5.
- Addressing comments from Sumit and applying
Reviewed-by: Sumit Garg <sumit.garg(a)linaro.org> on "optee: isolate smc abi"
- Addressing comments from Sumit and applying
Acked-by: Sumit Garg <sumit.garg(a)linaro.org> on "optee: add FF-A support"
v3->v4:
- Made a bit more RPC code common between the SMC and FF-A ABIs as
requested by Sumit.
- Replaced module_platform_driver() with module_init()/module_exit() as
described in the commit "optee: isolate smc abi".
- Applied Sumit's R-B for the commits "tee: add sec_world_id to struct
tee_shm", "optee: simplify optee_release()", and "optee: refactor driver
with internal callbacks"
v2->v3:
- Rebased on 5.14-rc2 which now have the FF-A patches merged
- Fixed a couple bugs in optee_shm_register() and optee_shm_unregister()
which where introduced in "optee: refactor driver with internal callbacks"
in previous the version.
- Separated SMC ABI specifics into smc_abi.c to keep it separated from
the FF-A ABI functions as requested by Sumit.
- Added the FF-A specifics in ffa_abi.c
- Provided an implementation for optee_ffa_remove()
v1->v2:
- Rebased to the FF-A v7 patch
- Fixed a couple of reports from kernel test robot <lkp(a)intel.com>
Jens Wiklander (5):
tee: add sec_world_id to struct tee_shm
optee: simplify optee_release()
optee: refactor driver with internal callbacks
optee: isolate smc abi
optee: add FF-A support
drivers/tee/optee/Makefile | 7 +-
drivers/tee/optee/call.c | 445 ++--------
drivers/tee/optee/core.c | 719 ++-------------
drivers/tee/optee/ffa_abi.c | 907 +++++++++++++++++++
drivers/tee/optee/optee_ffa.h | 153 ++++
drivers/tee/optee/optee_msg.h | 27 +-
drivers/tee/optee/optee_private.h | 163 +++-
drivers/tee/optee/rpc.c | 237 +----
drivers/tee/optee/shm_pool.c | 101 ---
drivers/tee/optee/shm_pool.h | 14 -
drivers/tee/optee/smc_abi.c | 1360 +++++++++++++++++++++++++++++
include/linux/tee_drv.h | 7 +-
12 files changed, 2732 insertions(+), 1408 deletions(-)
create mode 100644 drivers/tee/optee/ffa_abi.c
create mode 100644 drivers/tee/optee/optee_ffa.h
delete mode 100644 drivers/tee/optee/shm_pool.c
delete mode 100644 drivers/tee/optee/shm_pool.h
create mode 100644 drivers/tee/optee/smc_abi.c
--
2.31.1
Hi,
I met an issue when testing OP-TEE with the latest released kernel
(v5.14). The kernel won't boot when virtualization is enabled. More
precisely, the boot hangs as the optee driver is probed. The last line
on the console is:
[xxx] optee: probing for conduit method.
The issue can easily be reproduced in the QEMU OP-TEE environment as
documented in [1]:
$ repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml
$ repo sync -j10
$ cd linux
$ git fetch github --unshallow
$ git checkout v5.14
$ cd ../build
$ make -j2 toolchains
$ make -j10 XEN_BOOT=y run
[Note, if you switch between XEN_BOOT=y and the default build, you need
to "make arm-tf-clean"]
git bisect points at commit b5c10dd04b74 ("optee: Clear stale cache
entries during initialization") and reverting this commit on top of
v5.14 does resolve the issue.
Any idea what's wrong?
[1]
https://optee.readthedocs.io/en/latest/building/devices/qemu.html#qemu-v8
Thanks,
--
Jerome
Commit ef30482b4ad6 ("plat-vexpress: FF-A: update secondary core init")
updated secondary core init for the vexpress platform. In the process,
it used FFA_SECONDARY_EP_REGISTER with FID 0xC4000084 based on the ALP0
ABI of the spec and the TF-A upstream implementation at the time with a
note that the function ID needs to updated to the one finalied in the
spec and the TF-A implementation.
Assuming it is all finalised now, let us update the same with correct/
updated FID 0xC4000087.
Cc: Jens Wiklander <jens.wiklander(a)linaro.org>
Cc: Olivier Deprez <olivier.deprez(a)arm.com>
Cc: Balint Dobszay <balint.dobszay(a)arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla(a)arm.com>
---
core/arch/arm/include/ffa.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/arch/arm/include/ffa.h b/core/arch/arm/include/ffa.h
index 20a009cacabd..b0d68173bf80 100644
--- a/core/arch/arm/include/ffa.h
+++ b/core/arch/arm/include/ffa.h
@@ -69,7 +69,7 @@
#define FFA_MEM_RECLAIM U(0x84000077)
#define FFA_MEM_FRAG_RX U(0x8400007A)
#define FFA_MEM_FRAG_TX U(0x8400007B)
-#define FFA_SECONDARY_EP_REGISTER_64 U(0xC4000084)
+#define FFA_SECONDARY_EP_REGISTER_64 U(0xC4000087)
/* Special value for traffic targeted to the Hypervisor or SPM */
#define FFA_TARGET_INFO_MBZ U(0x0)
--
2.25.1
Hi,
Linaro OP-TEE Contributions (LOC) monthly meeting is planned to take place
on Thursday Sep 23(a)17.00 (UTC+2).
Following topics are on the agenda:
- OP-TEE Linaro Contribution - Current status and Roadmap - Ruchika
- FF-A based mediator in XEN - Jens
If you have any other topics you'd like to discuss, please let us know.
Meeting details:
---------------
Date/time: Thursday Sep 23(a)17.00 (UTC+2)
https://everytimezone.com/s/35c9885e
Connection details: https://www.trustedfirmware.org/meetings/
Meeting notes: http://bit.ly/loc-notes
Regards,
Ruchika on behalf of the Linaro OP-TEE team
