- OP-TEE - lists.trustedfirmware.org

[PATCH v2] tee: optee: Add SMC for loading OP-TEE image

by Jeffrey Kardatzke

Adds an SMC call that will pass an OP-TEE binary image to EL3 and instruct it to load it as the BL32 payload. This works in conjunction with a feature added to Trusted Firmware for ARM that supports this. Signed-off-by: Jeffrey Kardatzke <jkardatzke(a)chromium.org> Signed-off-by: Jeffrey Kardatzke <jkardatzke(a)google.com> --- Changes in v2: - Fixed compile issue when feature is disabled - Addressed minor comments - Added state tracking for driver reload drivers/tee/optee/Kconfig | 10 +++++ drivers/tee/optee/optee_smc.h | 22 ++++++++++ drivers/tee/optee/smc_abi.c | 82 +++++++++++++++++++++++++++++++++++ 3 files changed, 114 insertions(+) diff --git a/drivers/tee/optee/Kconfig b/drivers/tee/optee/Kconfig index f121c224e682..f0f12b146add 100644 --- a/drivers/tee/optee/Kconfig +++ b/drivers/tee/optee/Kconfig @@ -7,3 +7,13 @@ config OPTEE help This implements the OP-TEE Trusted Execution Environment (TEE) driver. + +config OPTEE_LOAD_IMAGE + bool "Load OP-TEE image as firmware" + default n + depends on OPTEE + help + This loads the BL32 image for OP-TEE as firmware when the driver is probed. + This returns -EPROBE_DEFER until the firmware is loadable from the + filesystem which is determined by checking the system_state until it is in + SYSTEM_RUNNING. diff --git a/drivers/tee/optee/optee_smc.h b/drivers/tee/optee/optee_smc.h index 73b5e7760d10..a24c524b44fa 100644 --- a/drivers/tee/optee/optee_smc.h +++ b/drivers/tee/optee/optee_smc.h @@ -104,6 +104,28 @@ struct optee_smc_call_get_os_revision_result { unsigned long reserved1; }; +/* + * Load Trusted OS from optee/tee.bin in the Linux firmware. + * + * WARNING: Use this cautiously as it could lead to insecure loading of the + * Trusted OS. + * This SMC instructs EL3 to load a binary and execute it as the Trusted OS. + * + * Call register usage: + * a0 SMC Function ID, OPTEE_SMC_CALL_LOAD_IMAGE + * a1 Upper 32bit of a 64bit size for the payload + * a2 Lower 32bit of a 64bit size for the payload + * a3 Upper 32bit of the physical address for the payload + * a4 Lower 32bit of the physical address for the payload + * + * The payload is in the OP-TEE image format. + * + * Returns result in a0, 0 on success and an error code otherwise. + */ +#define OPTEE_SMC_FUNCID_LOAD_IMAGE 2 +#define OPTEE_SMC_CALL_LOAD_IMAGE \ + OPTEE_SMC_FAST_CALL_VAL(OPTEE_SMC_FUNCID_LOAD_IMAGE) + /* * Call with struct optee_msg_arg as argument * diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index a1c1fa1a9c28..79ddfb0f9aca 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -8,9 +8,11 @@ #include <linux/arm-smccc.h> #include <linux/errno.h> +#include <linux/firmware.h> #include <linux/interrupt.h> #include <linux/io.h> #include <linux/irqdomain.h> +#include <linux/kernel.h> #include <linux/mm.h> #include <linux/module.h> #include <linux/of.h> @@ -1354,6 +1356,82 @@ static void optee_shutdown(struct platform_device *pdev) optee_disable_shm_cache(optee); } +#ifdef CONFIG_OPTEE_LOAD_IMAGE + +#define OPTEE_FW_IMAGE "optee/tee.bin" + +static int optee_load_fw(struct platform_device *pdev, + optee_invoke_fn *invoke_fn) +{ + const struct firmware *fw = NULL; + struct arm_smccc_res res; + phys_addr_t data_pa; + u8 *data_buf = NULL; + u64 data_size; + u32 data_pa_high, data_pa_low; + u32 data_size_high, data_size_low; + static int rc; + static bool already_loaded; + + if (already_loaded) + return rc; + + rc = request_firmware(&fw, OPTEE_FW_IMAGE, &pdev->dev); + if (rc) { + /* + * The firmware in the rootfs will not be accessible until we + * are in the SYSTEM_RUNNING state, so return EPROBE_DEFER until + * that point. + */ + if (system_state < SYSTEM_RUNNING) + return -EPROBE_DEFER; + goto fw_err; + } + + data_size = fw->size; + /* + * This uses the GFP_DMA flag to ensure we are allocated memory in the + * 32-bit space since TF-A cannot map memory beyond the 32-bit boundary. + */ + data_buf = kmalloc(fw->size, GFP_KERNEL | GFP_DMA); + if (!data_buf) { + rc = -ENOMEM; + goto fw_err; + } + memcpy(data_buf, fw->data, fw->size); + data_pa = virt_to_phys(data_buf); + reg_pair_from_64(&data_pa_high, &data_pa_low, data_pa); + reg_pair_from_64(&data_size_high, &data_size_low, data_size); + goto fw_load; + +fw_err: + pr_warn("image loading failed\n"); + data_pa_high = data_pa_low = data_size_high = data_size_low = 0; + +fw_load: + /* + * Always invoke the SMC, even if loading the image fails, to indicate + * to EL3 that we have passed the point where it should allow invoking + * this SMC. + */ + invoke_fn(OPTEE_SMC_CALL_LOAD_IMAGE, data_size_high, data_size_low, + data_pa_high, data_pa_low, 0, 0, 0, &res); + if (!rc) + rc = res.a0; + if (fw) + release_firmware(fw); + kfree(data_buf); + already_loaded = true; + + return rc; +} +#else +static inline int optee_load_fw(struct platform_device *__unused1, + optee_invoke_fn *__unused2) { + return 0; +} +#endif + static int optee_probe(struct platform_device *pdev) { optee_invoke_fn *invoke_fn; @@ -1372,6 +1450,10 @@ static int optee_probe(struct platform_device *pdev) if (IS_ERR(invoke_fn)) return PTR_ERR(invoke_fn); + rc = optee_load_fw(pdev, invoke_fn); + if (rc) + return rc; + if (!optee_msg_api_uid_is_optee_api(invoke_fn)) { pr_warn("api uid mismatch\n"); return -EINVAL; -- 2.39.2.637.g21b0678d19-goog

3 years

1
0
0 0

[PATCH] tee: optee: Add SMC for loading OP-TEE image

by Jeffrey Kardatzke

This is the kernel patch corresponding to the change landed in TF-A here: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18635 This appears to be the right place to post this, let me know if not please. From 81d97a06a48d01eb53661b41905768271f07b870 Mon Sep 17 00:00:00 2001 From: Jeffrey Kardatzke <jkardatzke(a)google.com> Date: Fri, 3 Feb 2023 11:33:17 -0800 Subject: [PATCH] tee: optee: Add SMC for loading OP-TEE image Adds an SMC call that will pass an OP-TEE binary image to EL3 and instruct it to load it as the BL32 payload. This works in conjunction with a feature added to Trusted Firmware for ARM that supports this. Signed-off-by: Jeffrey Kardatzke <jkardatzke(a)google.com> --- drivers/tee/optee/Kconfig | 9 +++++ drivers/tee/optee/optee_msg.h | 14 +++++++ drivers/tee/optee/optee_smc.h | 22 +++++++++++ drivers/tee/optee/smc_abi.c | 70 +++++++++++++++++++++++++++++++++++ 4 files changed, 115 insertions(+) diff --git a/drivers/tee/optee/Kconfig b/drivers/tee/optee/Kconfig index f121c224e682..b96b5db52b37 100644 --- a/drivers/tee/optee/Kconfig +++ b/drivers/tee/optee/Kconfig @@ -7,3 +7,12 @@ config OPTEE help This implements the OP-TEE Trusted Execution Environment (TEE) driver. + +config OPTEE_LOAD_IMAGE + bool "Load Op-Tee image as firmware" + default n + depends on OPTEE + help + This loads the BL32 image for OP-TEE as firmware when the driver is probed. + This returns -EPROBE_DEFER until the firmware is loadable from the + filesystem. diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h index 70e9cc2ee96b..84c1b15032a9 100644 --- a/drivers/tee/optee/optee_msg.h +++ b/drivers/tee/optee/optee_msg.h @@ -284,6 +284,20 @@ struct optee_msg_arg { */ #define OPTEE_MSG_FUNCID_GET_OS_REVISION 0x0001 +/* + * Load Trusted OS from optee/tee.bin in the Linux firmware. + * + * WARNING: Use this cautiously as it could lead to insecure loading of the + * Trusted OS. + * This SMC instructs EL3 to load a binary and excute it as the Trusted OS. + * The first two params are the high and low 32 bits of the size of the payload + * and the third and fourth params are the high and low 32 bits of the physical + * address of the payload. The payload is in the OP-TEE image format. + * + * Returns 0 on success and an error code otherwise. + */ +#define OPTEE_MSG_FUNCID_LOAD_IMAGE 0x0002 + /* * Do a secure call with struct optee_msg_arg as argument * The OPTEE_MSG_CMD_* below defines what goes in struct optee_msg_arg::cmd diff --git a/drivers/tee/optee/optee_smc.h b/drivers/tee/optee/optee_smc.h index 73b5e7760d10..908b1005e9db 100644 --- a/drivers/tee/optee/optee_smc.h +++ b/drivers/tee/optee/optee_smc.h @@ -104,6 +104,28 @@ struct optee_smc_call_get_os_revision_result { unsigned long reserved1; }; +/* + * Load Trusted OS from optee/tee.bin in the Linux firmware. + * + * WARNING: Use this cautiously as it could lead to insecure loading of the + * Trusted OS. + * This SMC instructs EL3 to load a binary and excute it as the Trusted OS. + * + * Call register usage: + * a0 SMC Function ID, OPTEE_SMC_CALL_LOAD_IMAGE + * a1 Upper 32bit of a 64bit size for the payload + * a2 Lower 32bit of a 64bit size for the payload + * a3 Upper 32bit of the physical address for the payload + * a4 Lower 32bit of the physical address for the payload + * + * The payload is in the OP-TEE image format. + * + * Returns result in a0, 0 on success and an error code otherwise. + */ +#define OPTEE_SMC_FUNCID_LOAD_IMAGE OPTEE_MSG_FUNCID_LOAD_IMAGE +#define OPTEE_SMC_CALL_LOAD_IMAGE \ + OPTEE_SMC_FAST_CALL_VAL(OPTEE_SMC_FUNCID_LOAD_IMAGE) + /* * Call with struct optee_msg_arg as argument * diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index a1c1fa1a9c28..b1e6c4a807db 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -8,6 +8,7 @@ #include <linux/arm-smccc.h> #include <linux/errno.h> +#include <linux/firmware.h> #include <linux/interrupt.h> #include <linux/io.h> #include <linux/irqdomain.h> @@ -1354,6 +1355,69 @@ static void optee_shutdown(struct platform_device *pdev) optee_disable_shm_cache(optee); } +#ifdef CONFIG_OPTEE_LOAD_IMAGE + +#define OPTEE_FW_IMAGE "optee/tee.bin" + +static int optee_load_fw(struct platform_device *pdev, + optee_invoke_fn *invoke_fn) +{ + const struct firmware *fw = NULL; + struct arm_smccc_res res; + phys_addr_t data_pa; + u8 *data_buf = NULL; + u64 data_size; + u32 data_pa_high, data_pa_low; + u32 data_size_high, data_size_low; + int rc; + + rc = request_firmware(&fw, OPTEE_FW_IMAGE, &pdev->dev); + if (rc) + return -EPROBE_DEFER; + + data_size = fw->size; + /* + * This uses the GFP_DMA flag to ensure we are allocated memory in the + * 32-bit space since TF-A cannot map memory beyond the 32-bit boundary. + */ + data_buf = kmalloc(fw->size, GFP_KERNEL | GFP_DMA); + if (!data_buf) { + rc = -ENOMEM; + goto fw_err; + } + memcpy(data_buf, fw->data, fw->size); + data_pa = virt_to_phys(data_buf); + reg_pair_from_64(&data_pa_high, &data_pa_low, data_pa); + reg_pair_from_64(&data_size_high, &data_size_low, data_size); + goto fw_load; + +fw_err: + pr_warn("image loading failed\n"); + data_pa_high = data_pa_low = data_size_high = data_size_low = 0; + +fw_load: + /* + * Always invoke the SMC, even if loading the image fails, to indicate + * to EL3 that we have passed the point where it should allow invoking + * this SMC. + */ + invoke_fn(OPTEE_SMC_CALL_LOAD_IMAGE, data_size_high, data_size_low, + data_pa_high, data_pa_low, 0, 0, 0, &res); + if (!rc) + rc = res.a0; + if (fw) + release_firmware(fw); + kfree(data_buf); + + return rc; +} +#else +static inline int optee_load_fw(struct platform_device *__unused, + optee_invoke_fn *__unused) { + return 0; +} +#endif + static int optee_probe(struct platform_device *pdev) { optee_invoke_fn *invoke_fn; @@ -1372,6 +1436,12 @@ static int optee_probe(struct platform_device *pdev) if (IS_ERR(invoke_fn)) return PTR_ERR(invoke_fn); + rc = optee_load_fw(pdev, invoke_fn); + if (rc) { + pr_warn("image loading failed\n"); + return rc; + } + if (!optee_msg_api_uid_is_optee_api(invoke_fn)) { pr_warn("api uid mismatch\n"); return -EINVAL; -- 2.39.1.519.gcb327c4b5f-goog

3 years

2
4
0 0

[PATCH v3 1/2] tee: system invocation

by Etienne Carriere

Adds TEE system invocation context provisioning for a Linux driver to provision execution contexts for invocation of system service hosted in TEE. OP-TEE SMC ABI implements such invocation context provisioning. This feature is needed when a TEE invocation cannot afford to wait for a free TEE thread when all TEE threads context are used and suspended as these may be suspended waiting for a system service, as an SCMI clock or voltage regulator, to be enabled. An example is when OP-TEE invokes a Linux OS remote service (RPC) to access an eMMC RPMB partition and the eMMC device is supplied by an OP-TEE SCMI regulator. Signed-off-by: Etienne Carriere <etienne.carriere(a)linaro.org> --- No change since v2 Change since v1 - Addressed comment on Linux client to claim reservation on TEE context. This brings 2 new operations from client to TEE to request and release system thread contexts: 2 new tee_drv.h API functions, 2 new ops functions in struct tee_driver_ops. The OP-TEE implement shall implement 2 new fastcall SMC funcIDs. - Fixed typos in commit message. --- drivers/tee/optee/optee_smc.h | 60 +++++++++++++++++++++++++++++++++-- drivers/tee/optee/smc_abi.c | 34 +++++++++++++++++++- drivers/tee/tee_core.c | 30 ++++++++++++++++++ include/linux/tee_drv.h | 21 ++++++++++++ 4 files changed, 141 insertions(+), 4 deletions(-) diff --git a/drivers/tee/optee/optee_smc.h b/drivers/tee/optee/optee_smc.h index 73b5e7760d10..75b19e1bd185 100644 --- a/drivers/tee/optee/optee_smc.h +++ b/drivers/tee/optee/optee_smc.h @@ -108,7 +108,8 @@ struct optee_smc_call_get_os_revision_result { * Call with struct optee_msg_arg as argument * * When called with OPTEE_SMC_CALL_WITH_RPC_ARG or - * OPTEE_SMC_CALL_WITH_REGD_ARG in a0 there is one RPC struct optee_msg_arg + * OPTEE_SMC_CALL_WITH_REGD_ARG or OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG + * in a0 there is one RPC struct optee_msg_arg * following after the first struct optee_msg_arg. The RPC struct * optee_msg_arg has reserved space for the number of RPC parameters as * returned by OPTEE_SMC_EXCHANGE_CAPABILITIES. @@ -130,8 +131,8 @@ struct optee_smc_call_get_os_revision_result { * a4-6 Not used * a7 Hypervisor Client ID register * - * Call register usage, OPTEE_SMC_CALL_WITH_REGD_ARG: - * a0 SMC Function ID, OPTEE_SMC_CALL_WITH_REGD_ARG + * Call register usage, OPTEE_SMC_CALL_WITH_REGD_ARG and OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG: + * a0 SMC Function ID, OPTEE_SMC_CALL_WITH_REGD_ARG or OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG * a1 Upper 32 bits of a 64-bit shared memory cookie * a2 Lower 32 bits of a 64-bit shared memory cookie * a3 Offset of the struct optee_msg_arg in the shared memory with the @@ -175,6 +176,8 @@ struct optee_smc_call_get_os_revision_result { OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_WITH_RPC_ARG) #define OPTEE_SMC_CALL_WITH_REGD_ARG \ OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_WITH_REGD_ARG) +#define OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG \ + OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG) /* * Get Shared Memory Config @@ -254,6 +257,8 @@ struct optee_smc_get_shm_config_result { #define OPTEE_SMC_SEC_CAP_ASYNC_NOTIF BIT(5) /* Secure world supports pre-allocating RPC arg struct */ #define OPTEE_SMC_SEC_CAP_RPC_ARG BIT(6) +/* Secure world provisions thread for system service invocation */ +#define OPTEE_SMC_SEC_CAP_SYSTEM_THREAD BIT(7) #define OPTEE_SMC_FUNCID_EXCHANGE_CAPABILITIES 9 #define OPTEE_SMC_EXCHANGE_CAPABILITIES \ @@ -426,6 +431,55 @@ struct optee_smc_disable_shm_cache_result { /* See OPTEE_SMC_CALL_WITH_REGD_ARG above */ #define OPTEE_SMC_FUNCID_CALL_WITH_REGD_ARG 19 +/* See OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG above */ +#define OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG 20 + +/* + * Request reservation of a system invocation thread context in OP-TEE + * + * Call register usage: + * a0 SMC Function ID: OPTEE_SMC_CALL_RESERVE_SYS_THREAD + * a1-6 Not used + * a7 Hypervisor Client ID register + * + * Normal return register usage: + * a0 Return value, OPTEE_SMC_RETURN_* + * a1-3 Not used + * a4-7 Preserved + * + * Possible return values: + * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this + * function. + * OPTEE_SMC_RETURN_OK Call successfully completed. + * OPTEE_SMC_RETURN_ETHREAD_LIMIT Number of Trusted OS threads exceeded + * for the request. + */ +#define OPTEE_SMC_FUNCID_CALL_RESERVE_SYS_THREAD 21 +#define OPTEE_SMC_CALL_RESERVE_SYS_THREAD \ + OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_RESERVE_SYS_THREAD) + +/* + * Unregister reservation of a system invocation thread context in OP-TEE + * + * Call register usage: + * a0 SMC Function ID: OPTEE_SMC_CALL_UNRESERVE_SYS_THREAD + * a1-6 Not used + * a7 Hypervisor Client ID register + * + * Normal return register usage: + * a0 Return value, OPTEE_SMC_RETURN_* + * a1-3 Not used + * a4-7 Preserved + * + * Possible return values: + * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this + * function. + * OPTEE_SMC_RETURN_OK Call successfully completed. + */ +#define OPTEE_SMC_FUNCID_CALL_UNRESERVE_SYS_THREAD 22 +#define OPTEE_SMC_CALL_UNRESERVE_SYS_THREAD \ + OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_UNRESERVE_SYS_THREAD) + /* * Resume from RPC (for example after processing a foreign interrupt) * diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index a1c1fa1a9c28..013b5ae31c0e 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -889,7 +889,10 @@ static int optee_smc_do_call_with_arg(struct tee_context *ctx, } if (rpc_arg && tee_shm_is_dynamic(shm)) { - param.a0 = OPTEE_SMC_CALL_WITH_REGD_ARG; + if (ctx->system_ctx_count) + param.a0 = OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG; + else + param.a0 = OPTEE_SMC_CALL_WITH_REGD_ARG; reg_pair_from_64(&param.a1, &param.a2, (u_long)shm); param.a3 = offs; } else { @@ -1085,6 +1088,33 @@ static int optee_smc_open(struct tee_context *ctx) return optee_open(ctx, sec_caps & OPTEE_SMC_SEC_CAP_MEMREF_NULL); } +static int optee_request_sys_ctx(struct tee_context *ctx) +{ + struct optee *optee = tee_get_drvdata(ctx->teedev); + struct arm_smccc_res res; + + if (!(optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_SYSTEM_THREAD)) + return -EINVAL; + + optee->smc.invoke_fn(OPTEE_SMC_CALL_RESERVE_SYS_THREAD, + 0, 0, 0, 0, 0, 0, 0, &res); + + if (res.a0 != OPTEE_SMC_RETURN_OK) + return -EINVAL; + + return 0; +} + +static void optee_release_sys_ctx(struct tee_context *ctx) +{ + struct optee *optee = tee_get_drvdata(ctx->teedev); + struct arm_smccc_res res; + + if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_SYSTEM_THREAD) + optee->smc.invoke_fn(OPTEE_SMC_CALL_UNRESERVE_SYS_THREAD, + 0, 0, 0, 0, 0, 0, 0, &res); +} + static const struct tee_driver_ops optee_clnt_ops = { .get_version = optee_get_version, .open = optee_smc_open, @@ -1095,6 +1125,8 @@ static const struct tee_driver_ops optee_clnt_ops = { .cancel_req = optee_cancel_req, .shm_register = optee_shm_register, .shm_unregister = optee_shm_unregister, + .system_ctx_request = optee_request_sys_ctx, + .system_ctx_release = optee_release_sys_ctx, }; static const struct tee_desc optee_clnt_desc = { diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 98da206cd761..a7dfdea5d85b 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -5,6 +5,7 @@ #define pr_fmt(fmt) "%s: " fmt, __func__ +#include <linux/bug.h> #include <linux/cdev.h> #include <linux/cred.h> #include <linux/fs.h> @@ -1141,10 +1142,39 @@ EXPORT_SYMBOL_GPL(tee_client_open_context); void tee_client_close_context(struct tee_context *ctx) { + while (ctx->system_ctx_count) + tee_client_release_system_context(ctx); + teedev_close_context(ctx); } EXPORT_SYMBOL_GPL(tee_client_close_context); +int tee_client_request_system_context(struct tee_context *ctx) +{ + int ret; + + if (!ctx->teedev->desc->ops->system_ctx_request || + !ctx->teedev->desc->ops->system_ctx_release) + return -EINVAL; + + ret = ctx->teedev->desc->ops->system_ctx_request(ctx); + if (!ret) + ctx->system_ctx_count++; + + return ret; +} +EXPORT_SYMBOL_GPL(tee_client_request_system_context); + +void tee_client_release_system_context(struct tee_context *ctx) +{ + if (ctx->system_ctx_count && + ctx->teedev->desc->ops->system_ctx_release) { + ctx->teedev->desc->ops->system_ctx_release(ctx); + ctx->system_ctx_count--; + } +} +EXPORT_SYMBOL_GPL(tee_client_release_system_context); + void tee_client_get_version(struct tee_context *ctx, struct tee_ioctl_version_data *vers) { diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 17eb1c5205d3..45577256bb71 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -47,6 +47,8 @@ struct tee_shm_pool; * non-blocking in nature. * @cap_memref_null: flag indicating if the TEE Client support shared * memory buffer with a NULL pointer. + * @system_ctx_count: Number of system invocation contexts provisioned for + * this TEE client or 0. */ struct tee_context { struct tee_device *teedev; @@ -55,6 +57,7 @@ struct tee_context { bool releasing; bool supp_nowait; bool cap_memref_null; + unsigned int system_ctx_count; }; struct tee_param_memref { @@ -90,6 +93,8 @@ struct tee_param { * @supp_send: called for supplicant to send a response * @shm_register: register shared memory buffer in TEE * @shm_unregister: unregister shared memory buffer in TEE + * @system_ctx_request: Request provisioning of a new system context in TEE + * @system_ctx_release: Release a provisioned system context in TEE */ struct tee_driver_ops { void (*get_version)(struct tee_device *teedev, @@ -112,6 +117,8 @@ struct tee_driver_ops { struct page **pages, size_t num_pages, unsigned long start); int (*shm_unregister)(struct tee_context *ctx, struct tee_shm *shm); + int (*system_ctx_request)(struct tee_context *ctx); + void (*system_ctx_release)(struct tee_context *ctx); }; /** @@ -397,6 +404,20 @@ tee_client_open_context(struct tee_context *start, */ void tee_client_close_context(struct tee_context *ctx); +/** + * tee_client_request_system_context() - Close a TEE context + * @ctx: TEE context to close + * + * @return 0 on success else an error code + */ +int tee_client_request_system_context(struct tee_context *ctx); + +/** + * tee_client_release_system_context() - Release a reserved system exec context + * @ctx: TEE context reference + */ +void tee_client_release_system_context(struct tee_context *ctx); + /** * tee_client_get_version() - Query version of TEE * @ctx: TEE context to TEE to query -- 2.25.1

3 years

2
2
0 0

[GIT PULL] Remove get_kernel_pages() for v6.3

by Jens Wiklander

Hi Linus, Please pull these patches which clean up shm_get_kernel_pages() in the TEE subsystem and ultimately remove get_kernel_pages(). The patches have only been in linux-next for close to a week but you told me it was OK to send them anyway. I'm normally sending my pull requests to arm-soc, but with the short time in linux-next and everything I decided to send it directly to you this time. Thanks, Jens The following changes since commit ceaa837f96adb69c0df0397937cd74991d5d821a: Linux 6.2-rc8 (2023-02-12 14:10:17 -0800) are available in the Git repository at: https://git.linaro.org/people/jens.wiklander/linux-tee.git tags/remove-get_kernel_pages-for-6.3 for you to fetch changes up to 816477edfba6e7ab9411acec5f07cfa00e0882f7: mm: Remove get_kernel_pages() (2023-02-13 14:16:41 +0100) ---------------------------------------------------------------- Remove get_kernel_pages() Vmalloc page support is removed from shm_get_kernel_pages() and the get_kernel_pages() call is replaced by calls to get_page(). With no remaining callers of get_kernel_pages() the function is removed. ---------------------------------------------------------------- Ira Weiny (4): highmem: Enhance is_kmap_addr() to check kmap_local_page() mappings tee: Remove vmalloc page support tee: Remove call to get_kernel_pages() mm: Remove get_kernel_pages() drivers/tee/tee_shm.c | 37 ++++++++++--------------------------- include/linux/highmem-internal.h | 5 ++++- include/linux/mm.h | 2 -- mm/swap.c | 30 ------------------------------ 4 files changed, 14 insertions(+), 60 deletions(-)

3 years

2
1
0 0

[PATCH v2 0/4] introduce tee-based EFI Runtime Variable Service

by Masahisa Kojima

This series introduces the tee based EFI Runtime Variable Service. This version moves StMM related code from drivers/tee/optee to drivers/firmware/efi/stmm, since StMM code does not contain OP-TEE specific code and can be used with other TEE implementation. The eMMC device is typically owned by the non-secure world(linux in this case). There is an existing solution utilizing eMMC RPMB partition for EFI Variables, it is implemented by interacting with OP-TEE, StandaloneMM(as EFI Variable Service Pseudo TA), eMMC driver and tee-supplicant. The last piece is the tee-based variable access driver to interact with OP-TEE and StandaloneMM. Changelog: rfc v1 -> v2: - split patch into three patches, one for drivers/tee, one for include/linux/efi.h, and one for the driver/firmware/efi/stmm - context/session management into probe() and remove() same as other tee client driver - StMM variable driver is moved from driver/tee/optee to driver/firmware/efi - use "tee" prefix instead of "optee" in driver/firmware/efi/stmm/tee_stmm_efi.c, this file does not contain op-tee specific code, abstracted by tee layer and StMM variable driver will work on other tee implementation. - PTA_STMM_CMD_COMMUNICATE -> PTA_STMM_CMD_COMMUNICATE - implement query_variable_store() but currently not used - no use of TEEC_SUCCESS, it is defined in driver/tee/optee/optee_private.h. Other tee client drivers use 0 instead of using TEEC_SUCCESS - remove TEEC_ERROR_EXCESS_DATA status, it is refered just to output error message Masahisa Kojima (4): efi: expose efivar generic ops register function efi: Add EFI_ACCESS_DENIED status code tee: expose tee efivar register function efi: Add tee-based EFI variable driver drivers/firmware/efi/Kconfig | 15 + drivers/firmware/efi/Makefile | 1 + drivers/firmware/efi/efi.c | 12 + drivers/firmware/efi/stmm/mm_communication.h | 249 ++++++++ drivers/firmware/efi/stmm/tee_stmm_efi.c | 620 +++++++++++++++++++ drivers/tee/tee_core.c | 23 + include/linux/efi.h | 4 + include/linux/tee_drv.h | 23 + 8 files changed, 947 insertions(+) create mode 100644 drivers/firmware/efi/stmm/mm_communication.h create mode 100644 drivers/firmware/efi/stmm/tee_stmm_efi.c -- 2.30.2

3 years

3
9
0 0

[RFC PATCH 0/2] introduce op-tee based EFI Runtime Variable Service

by Masahisa Kojima

This RFC series introduces the op-tee based EFI Runtime Variable Service. The eMMC device is typically owned by the non-secure world(linux in this case). There is an existing solution utilizing eMMC RPMB partition for EFI Variables, it is implemented by interacting with OP-TEE, StandaloneMM(as EFI Variable Service Pseudo TA), eMMC driver and tee-supplicant. The last piece is the tee-based variable access driver to interact with OP-TEE and StandaloneMM. Masahisa Kojima (2): efi: expose efivar generic ops register function tee: Add op-tee helper functions for variable access drivers/firmware/efi/efi.c | 12 + drivers/tee/optee/Kconfig | 10 + drivers/tee/optee/Makefile | 1 + drivers/tee/optee/mm_communication.h | 249 +++++++++++ drivers/tee/optee/optee_private.h | 5 +- drivers/tee/optee/optee_stmm_efi.c | 598 +++++++++++++++++++++++++++ drivers/tee/tee_core.c | 23 ++ include/linux/efi.h | 4 + include/linux/tee_drv.h | 23 ++ 9 files changed, 924 insertions(+), 1 deletion(-) create mode 100644 drivers/tee/optee/mm_communication.h create mode 100644 drivers/tee/optee/optee_stmm_efi.c -- 2.30.2

3 years

5
15
0 0

[PATCH v4 1/2] tee: system invocation

by Etienne Carriere

Adds TEE system invocation context provisioning for a Linux driver to provision execution contexts for invocation of system service hosted in TEE. OP-TEE SMC ABI implements such invocation context provisioning. This feature is needed when a TEE invocation cannot afford to wait for a free TEE thread when all TEE threads context are used and suspended as these may be suspended waiting for a system service, as an SCMI clock or voltage regulator, to be enabled. An example is when OP-TEE invokes a Linux OS remote service (RPC) to access an eMMC RPMB partition and the eMMC device is supplied by an OP-TEE SCMI regulator. Signed-off-by: Etienne Carriere <etienne.carriere(a)linaro.org> --- Changes since v3: - Fixed new SMC funcIDs to reserved/unreserve OP-TEE thread contexts: minor renaming + define as fastcall funcIDs. - Moved system_ctx_count from generic struct tee_context to optee's private struct optee_context_data. This changes optee smc_abi.c to release reserved thread contexts when the optee device is released. - Fixed inline description comments. No change since v2 Change since v1 - Addressed comment on Linux client to claim reservation on TEE context. This brings 2 new operations from client to TEE to request and release system thread contexts: 2 new tee_drv.h API functions, 2 new ops functions in struct tee_driver_ops. The OP-TEE implement shall implement 2 new fastcall SMC funcIDs. - Fixed typos in commit message. --- drivers/tee/optee/optee_private.h | 9 ++++- drivers/tee/optee/optee_smc.h | 60 +++++++++++++++++++++++++++-- drivers/tee/optee/smc_abi.c | 64 ++++++++++++++++++++++++++++++- drivers/tee/tee_core.c | 18 +++++++++ include/linux/tee_drv.h | 18 +++++++++ 5 files changed, 163 insertions(+), 6 deletions(-) diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h index 04ae58892608..b409ed2acfa6 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -182,10 +182,17 @@ struct optee_session { u32 session_id; }; +/* + * struct optee_context_data - TEE context private data + * @mutex Serializes access to this struct + * @sess_list List of TEE sessions opened for this context + * @system_ctx_count Number of system invocation contexts provisioned in TEE + * for this context + */ struct optee_context_data { - /* Serializes access to this struct */ struct mutex mutex; struct list_head sess_list; + size_t system_ctx_count; }; struct optee_rpc_param { diff --git a/drivers/tee/optee/optee_smc.h b/drivers/tee/optee/optee_smc.h index 73b5e7760d10..7d08ccaf47d4 100644 --- a/drivers/tee/optee/optee_smc.h +++ b/drivers/tee/optee/optee_smc.h @@ -108,7 +108,8 @@ struct optee_smc_call_get_os_revision_result { * Call with struct optee_msg_arg as argument * * When called with OPTEE_SMC_CALL_WITH_RPC_ARG or - * OPTEE_SMC_CALL_WITH_REGD_ARG in a0 there is one RPC struct optee_msg_arg + * OPTEE_SMC_CALL_WITH_REGD_ARG or OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG + * in a0 there is one RPC struct optee_msg_arg * following after the first struct optee_msg_arg. The RPC struct * optee_msg_arg has reserved space for the number of RPC parameters as * returned by OPTEE_SMC_EXCHANGE_CAPABILITIES. @@ -130,8 +131,8 @@ struct optee_smc_call_get_os_revision_result { * a4-6 Not used * a7 Hypervisor Client ID register * - * Call register usage, OPTEE_SMC_CALL_WITH_REGD_ARG: - * a0 SMC Function ID, OPTEE_SMC_CALL_WITH_REGD_ARG + * Call register usage, OPTEE_SMC_CALL_WITH_REGD_ARG and OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG: + * a0 SMC Function ID, OPTEE_SMC_CALL_WITH_REGD_ARG or OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG * a1 Upper 32 bits of a 64-bit shared memory cookie * a2 Lower 32 bits of a 64-bit shared memory cookie * a3 Offset of the struct optee_msg_arg in the shared memory with the @@ -175,6 +176,8 @@ struct optee_smc_call_get_os_revision_result { OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_WITH_RPC_ARG) #define OPTEE_SMC_CALL_WITH_REGD_ARG \ OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_WITH_REGD_ARG) +#define OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG \ + OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG) /* * Get Shared Memory Config @@ -254,6 +257,8 @@ struct optee_smc_get_shm_config_result { #define OPTEE_SMC_SEC_CAP_ASYNC_NOTIF BIT(5) /* Secure world supports pre-allocating RPC arg struct */ #define OPTEE_SMC_SEC_CAP_RPC_ARG BIT(6) +/* Secure world provisions thread for system service invocation */ +#define OPTEE_SMC_SEC_CAP_SYSTEM_THREAD BIT(7) #define OPTEE_SMC_FUNCID_EXCHANGE_CAPABILITIES 9 #define OPTEE_SMC_EXCHANGE_CAPABILITIES \ @@ -426,6 +431,55 @@ struct optee_smc_disable_shm_cache_result { /* See OPTEE_SMC_CALL_WITH_REGD_ARG above */ #define OPTEE_SMC_FUNCID_CALL_WITH_REGD_ARG 19 +/* See OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG above */ +#define OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG 20 + +/* + * Request reservation of a system invocation thread context in OP-TEE + * + * Call register usage: + * a0 SMC Function ID: OPTEE_SMC_RESERVE_SYS_THREAD + * a1-6 Not used + * a7 Hypervisor Client ID register + * + * Normal return register usage: + * a0 Return value, OPTEE_SMC_RETURN_* + * a1-3 Not used + * a4-7 Preserved + * + * Possible return values: + * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this + * function. + * OPTEE_SMC_RETURN_OK Call successfully completed. + * OPTEE_SMC_RETURN_ETHREAD_LIMIT Number of Trusted OS threads exceeded + * for the request. + */ +#define OPTEE_SMC_FUNCID_RESERVE_SYS_THREAD 21 +#define OPTEE_SMC_RESERVE_SYS_THREAD \ + OPTEE_SMC_FAST_CALL_VAL(OPTEE_SMC_FUNCID_RESERVE_SYS_THREAD) + +/* + * Unregister reservation of a system invocation thread context in OP-TEE + * + * Call register usage: + * a0 SMC Function ID: OPTEE_SMC_UNRESERVE_SYS_THREAD + * a1-6 Not used + * a7 Hypervisor Client ID register + * + * Normal return register usage: + * a0 Return value, OPTEE_SMC_RETURN_* + * a1-3 Not used + * a4-7 Preserved + * + * Possible return values: + * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this + * function. + * OPTEE_SMC_RETURN_OK Call successfully completed. + */ +#define OPTEE_SMC_FUNCID_UNRESERVE_SYS_THREAD 22 +#define OPTEE_SMC_UNRESERVE_SYS_THREAD \ + OPTEE_SMC_FAST_CALL_VAL(OPTEE_SMC_FUNCID_UNRESERVE_SYS_THREAD) + /* * Resume from RPC (for example after processing a foreign interrupt) * diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index a1c1fa1a9c28..8668ab5f1c8b 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -867,6 +867,7 @@ static void optee_handle_rpc(struct tee_context *ctx, static int optee_smc_do_call_with_arg(struct tee_context *ctx, struct tee_shm *shm, u_int offs) { + struct optee_context_data *ctxdata = ctx->data; struct optee *optee = tee_get_drvdata(ctx->teedev); struct optee_call_waiter w; struct optee_rpc_param param = { }; @@ -889,7 +890,10 @@ static int optee_smc_do_call_with_arg(struct tee_context *ctx, } if (rpc_arg && tee_shm_is_dynamic(shm)) { - param.a0 = OPTEE_SMC_CALL_WITH_REGD_ARG; + if (ctxdata->system_ctx_count) + param.a0 = OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG; + else + param.a0 = OPTEE_SMC_CALL_WITH_REGD_ARG; reg_pair_from_64(&param.a1, &param.a2, (u_long)shm); param.a3 = offs; } else { @@ -1077,6 +1081,50 @@ static void optee_get_version(struct tee_device *teedev, *vers = v; } +static int optee_request_sys_ctx(struct tee_context *ctx) +{ + struct optee_context_data *ctxdata = ctx->data; + struct optee *optee = tee_get_drvdata(ctx->teedev); + struct arm_smccc_res res; + + if (!(optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_SYSTEM_THREAD)) + return -EINVAL; + + optee->smc.invoke_fn(OPTEE_SMC_RESERVE_SYS_THREAD, + 0, 0, 0, 0, 0, 0, 0, &res); + + if (res.a0 != OPTEE_SMC_RETURN_OK) + return -EINVAL; + + mutex_lock(&ctxdata->mutex); + ctxdata->system_ctx_count++; + mutex_unlock(&ctxdata->mutex); + + return 0; +} + +static void optee_release_sys_ctx(struct tee_context *ctx) +{ + struct optee_context_data *ctxdata = ctx->data; + struct optee *optee = tee_get_drvdata(ctx->teedev); + struct arm_smccc_res res; + + if (!ctxdata->system_ctx_count) + return; + + optee->smc.invoke_fn(OPTEE_SMC_UNRESERVE_SYS_THREAD, + 0, 0, 0, 0, 0, 0, 0, &res); + + if (res.a0 != OPTEE_SMC_RETURN_OK) { + WARN_ONCE(1, "OP-TEE: Couldn't release reserved context\n"); + return; + } + + mutex_lock(&ctxdata->mutex); + ctxdata->system_ctx_count--; + mutex_unlock(&ctxdata->mutex); +} + static int optee_smc_open(struct tee_context *ctx) { struct optee *optee = tee_get_drvdata(ctx->teedev); @@ -1085,16 +1133,28 @@ static int optee_smc_open(struct tee_context *ctx) return optee_open(ctx, sec_caps & OPTEE_SMC_SEC_CAP_MEMREF_NULL); } +static void optee_smc_release(struct tee_context *ctx) +{ + struct optee_context_data *ctxdata = ctx->data; + + while (ctxdata->system_ctx_count) + optee_release_sys_ctx(ctx); + + optee_release(ctx); +} + static const struct tee_driver_ops optee_clnt_ops = { .get_version = optee_get_version, .open = optee_smc_open, - .release = optee_release, + .release = optee_smc_release, .open_session = optee_open_session, .close_session = optee_close_session, .invoke_func = optee_invoke_func, .cancel_req = optee_cancel_req, .shm_register = optee_shm_register, .shm_unregister = optee_shm_unregister, + .system_ctx_request = optee_request_sys_ctx, + .system_ctx_release = optee_release_sys_ctx, }; static const struct tee_desc optee_clnt_desc = { diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 98da206cd761..d6593c57f32d 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -5,6 +5,7 @@ #define pr_fmt(fmt) "%s: " fmt, __func__ +#include <linux/bug.h> #include <linux/cdev.h> #include <linux/cred.h> #include <linux/fs.h> @@ -1145,6 +1146,23 @@ void tee_client_close_context(struct tee_context *ctx) } EXPORT_SYMBOL_GPL(tee_client_close_context); +int tee_client_request_system_context(struct tee_context *ctx) +{ + if (!ctx->teedev->desc->ops->system_ctx_request || + !ctx->teedev->desc->ops->system_ctx_release) + return -EINVAL; + + return ctx->teedev->desc->ops->system_ctx_request(ctx); +} +EXPORT_SYMBOL_GPL(tee_client_request_system_context); + +void tee_client_release_system_context(struct tee_context *ctx) +{ + if (ctx->teedev->desc->ops->system_ctx_release) + ctx->teedev->desc->ops->system_ctx_release(ctx); +} +EXPORT_SYMBOL_GPL(tee_client_release_system_context); + void tee_client_get_version(struct tee_context *ctx, struct tee_ioctl_version_data *vers) { diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 17eb1c5205d3..99d016eb7353 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -90,6 +90,8 @@ struct tee_param { * @supp_send: called for supplicant to send a response * @shm_register: register shared memory buffer in TEE * @shm_unregister: unregister shared memory buffer in TEE + * @system_ctx_request: Request provisioning of a new system context in TEE + * @system_ctx_release: Release a provisioned system context in TEE */ struct tee_driver_ops { void (*get_version)(struct tee_device *teedev, @@ -112,6 +114,8 @@ struct tee_driver_ops { struct page **pages, size_t num_pages, unsigned long start); int (*shm_unregister)(struct tee_context *ctx, struct tee_shm *shm); + int (*system_ctx_request)(struct tee_context *ctx); + void (*system_ctx_release)(struct tee_context *ctx); }; /** @@ -397,6 +401,20 @@ tee_client_open_context(struct tee_context *start, */ void tee_client_close_context(struct tee_context *ctx); +/** + * tee_client_request_system_context() - Request reservation of a system context + * @ctx: TEE context reference + * + * @return 0 on success else an error code + */ +int tee_client_request_system_context(struct tee_context *ctx); + +/** + * tee_client_release_system_context() - Release a reserved system context + * @ctx: TEE context reference + */ +void tee_client_release_system_context(struct tee_context *ctx); + /** * tee_client_get_version() - Query version of TEE * @ctx: TEE context to TEE to query -- 2.25.1

3 years

1
1
0 0

[PATCH 0/6] Export platform features from ccp driver

by Mario Limonciello

The i2c-designware-amdpsp driver communicates with a platform features mailbox provided by the PSP. The address used for communication is discovered via a non-architecturally guaranteed mechanism. To better scale, export a feature for communication with platform features directly from the ccp driver. Mario Limonciello (6): crypto: ccp: Drop TEE support for IRQ handler crypto: ccp: Add a header for multiple drivers to use `__psp_pa` crypto: ccp: Move some PSP mailbox bit definitions into common header crypto: ccp: Add support for an interface for platform features crypto: ccp: Enable platform access interface on client PSP parts i2c: designware: Use PCI PSP driver for communication arch/x86/kvm/svm/sev.c | 1 + drivers/crypto/ccp/Makefile | 3 +- drivers/crypto/ccp/platform-access.c | 166 ++++++++++++++++++++ drivers/crypto/ccp/platform-access.h | 34 ++++ drivers/crypto/ccp/psp-dev.c | 32 ++-- drivers/crypto/ccp/psp-dev.h | 11 +- drivers/crypto/ccp/sev-dev.c | 16 +- drivers/crypto/ccp/sev-dev.h | 2 +- drivers/crypto/ccp/sp-dev.h | 7 + drivers/crypto/ccp/sp-pci.c | 7 + drivers/crypto/ccp/tee-dev.c | 17 +- drivers/i2c/busses/Kconfig | 2 +- drivers/i2c/busses/i2c-designware-amdpsp.c | 149 +----------------- drivers/i2c/busses/i2c-designware-core.h | 1 - drivers/i2c/busses/i2c-designware-platdrv.c | 1 - drivers/tee/amdtee/call.c | 2 +- drivers/tee/amdtee/shm_pool.c | 2 +- include/linux/psp-platform-access.h | 50 ++++++ include/linux/psp-sev.h | 8 - include/linux/psp.h | 26 +++ 20 files changed, 340 insertions(+), 197 deletions(-) create mode 100644 drivers/crypto/ccp/platform-access.c create mode 100644 drivers/crypto/ccp/platform-access.h create mode 100644 include/linux/psp-platform-access.h create mode 100644 include/linux/psp.h base-commit: c7410b425de40e9b163eef781e1bdacf1bf2962e -- 2.34.1

3 years

4
4
0 0

[PATCH v2 1/2] tee: system invocation

by Etienne Carriere

Adds TEE system invocation context provisioning for a Linux driver to provision execution contexts for invocation of system service hosted in TEE. OP-TEE SMC ABI implements such invocation context provisioning. This feature is needed when a TEE invocation cannot afford to wait for a free TEE thread when all TEE threads context are used and suspended as these may be suspended waiting for a system service, as an SCMI clock or voltage regulator, to be enabled. An example is when OP-TEE invokes a Linux OS remote service (RPC) to access an eMMC RPMB partition and the eMMC device is supplied by an OP-TEE SCMI regulator. Signed-off-by: Etienne Carriere <etienne.carriere(a)linaro.org> --- Change since v1 - Addressed comment on Linux client to claim reservation on TEE context. This brings 2 new operations from client to TEE to request and release system thread contexts: 2 new tee_drv.h API functions, 2 new ops functions in struct tee_driver_ops. The OP-TEE implement shall implement 2 new fastcall SMC funcIDs. - Fixed typos in commit message. --- drivers/tee/optee/optee_smc.h | 60 +++++++++++++++++++++++++++++++++-- drivers/tee/optee/smc_abi.c | 34 +++++++++++++++++++- drivers/tee/tee_core.c | 30 ++++++++++++++++++ include/linux/tee_drv.h | 21 ++++++++++++ 4 files changed, 141 insertions(+), 4 deletions(-) diff --git a/drivers/tee/optee/optee_smc.h b/drivers/tee/optee/optee_smc.h index 73b5e7760d10..75b19e1bd185 100644 --- a/drivers/tee/optee/optee_smc.h +++ b/drivers/tee/optee/optee_smc.h @@ -108,7 +108,8 @@ struct optee_smc_call_get_os_revision_result { * Call with struct optee_msg_arg as argument * * When called with OPTEE_SMC_CALL_WITH_RPC_ARG or - * OPTEE_SMC_CALL_WITH_REGD_ARG in a0 there is one RPC struct optee_msg_arg + * OPTEE_SMC_CALL_WITH_REGD_ARG or OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG + * in a0 there is one RPC struct optee_msg_arg * following after the first struct optee_msg_arg. The RPC struct * optee_msg_arg has reserved space for the number of RPC parameters as * returned by OPTEE_SMC_EXCHANGE_CAPABILITIES. @@ -130,8 +131,8 @@ struct optee_smc_call_get_os_revision_result { * a4-6 Not used * a7 Hypervisor Client ID register * - * Call register usage, OPTEE_SMC_CALL_WITH_REGD_ARG: - * a0 SMC Function ID, OPTEE_SMC_CALL_WITH_REGD_ARG + * Call register usage, OPTEE_SMC_CALL_WITH_REGD_ARG and OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG: + * a0 SMC Function ID, OPTEE_SMC_CALL_WITH_REGD_ARG or OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG * a1 Upper 32 bits of a 64-bit shared memory cookie * a2 Lower 32 bits of a 64-bit shared memory cookie * a3 Offset of the struct optee_msg_arg in the shared memory with the @@ -175,6 +176,8 @@ struct optee_smc_call_get_os_revision_result { OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_WITH_RPC_ARG) #define OPTEE_SMC_CALL_WITH_REGD_ARG \ OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_WITH_REGD_ARG) +#define OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG \ + OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG) /* * Get Shared Memory Config @@ -254,6 +257,8 @@ struct optee_smc_get_shm_config_result { #define OPTEE_SMC_SEC_CAP_ASYNC_NOTIF BIT(5) /* Secure world supports pre-allocating RPC arg struct */ #define OPTEE_SMC_SEC_CAP_RPC_ARG BIT(6) +/* Secure world provisions thread for system service invocation */ +#define OPTEE_SMC_SEC_CAP_SYSTEM_THREAD BIT(7) #define OPTEE_SMC_FUNCID_EXCHANGE_CAPABILITIES 9 #define OPTEE_SMC_EXCHANGE_CAPABILITIES \ @@ -426,6 +431,55 @@ struct optee_smc_disable_shm_cache_result { /* See OPTEE_SMC_CALL_WITH_REGD_ARG above */ #define OPTEE_SMC_FUNCID_CALL_WITH_REGD_ARG 19 +/* See OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG above */ +#define OPTEE_SMC_FUNCID_CALL_SYSTEM_WITH_REGD_ARG 20 + +/* + * Request reservation of a system invocation thread context in OP-TEE + * + * Call register usage: + * a0 SMC Function ID: OPTEE_SMC_CALL_RESERVE_SYS_THREAD + * a1-6 Not used + * a7 Hypervisor Client ID register + * + * Normal return register usage: + * a0 Return value, OPTEE_SMC_RETURN_* + * a1-3 Not used + * a4-7 Preserved + * + * Possible return values: + * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this + * function. + * OPTEE_SMC_RETURN_OK Call successfully completed. + * OPTEE_SMC_RETURN_ETHREAD_LIMIT Number of Trusted OS threads exceeded + * for the request. + */ +#define OPTEE_SMC_FUNCID_CALL_RESERVE_SYS_THREAD 21 +#define OPTEE_SMC_CALL_RESERVE_SYS_THREAD \ + OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_RESERVE_SYS_THREAD) + +/* + * Unregister reservation of a system invocation thread context in OP-TEE + * + * Call register usage: + * a0 SMC Function ID: OPTEE_SMC_CALL_UNRESERVE_SYS_THREAD + * a1-6 Not used + * a7 Hypervisor Client ID register + * + * Normal return register usage: + * a0 Return value, OPTEE_SMC_RETURN_* + * a1-3 Not used + * a4-7 Preserved + * + * Possible return values: + * OPTEE_SMC_RETURN_UNKNOWN_FUNCTION Trusted OS does not recognize this + * function. + * OPTEE_SMC_RETURN_OK Call successfully completed. + */ +#define OPTEE_SMC_FUNCID_CALL_UNRESERVE_SYS_THREAD 22 +#define OPTEE_SMC_CALL_UNRESERVE_SYS_THREAD \ + OPTEE_SMC_STD_CALL_VAL(OPTEE_SMC_FUNCID_CALL_UNRESERVE_SYS_THREAD) + /* * Resume from RPC (for example after processing a foreign interrupt) * diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index a1c1fa1a9c28..013b5ae31c0e 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -889,7 +889,10 @@ static int optee_smc_do_call_with_arg(struct tee_context *ctx, } if (rpc_arg && tee_shm_is_dynamic(shm)) { - param.a0 = OPTEE_SMC_CALL_WITH_REGD_ARG; + if (ctx->system_ctx_count) + param.a0 = OPTEE_SMC_CALL_SYSTEM_WITH_REGD_ARG; + else + param.a0 = OPTEE_SMC_CALL_WITH_REGD_ARG; reg_pair_from_64(&param.a1, &param.a2, (u_long)shm); param.a3 = offs; } else { @@ -1085,6 +1088,33 @@ static int optee_smc_open(struct tee_context *ctx) return optee_open(ctx, sec_caps & OPTEE_SMC_SEC_CAP_MEMREF_NULL); } +static int optee_request_sys_ctx(struct tee_context *ctx) +{ + struct optee *optee = tee_get_drvdata(ctx->teedev); + struct arm_smccc_res res; + + if (!(optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_SYSTEM_THREAD)) + return -EINVAL; + + optee->smc.invoke_fn(OPTEE_SMC_CALL_RESERVE_SYS_THREAD, + 0, 0, 0, 0, 0, 0, 0, &res); + + if (res.a0 != OPTEE_SMC_RETURN_OK) + return -EINVAL; + + return 0; +} + +static void optee_release_sys_ctx(struct tee_context *ctx) +{ + struct optee *optee = tee_get_drvdata(ctx->teedev); + struct arm_smccc_res res; + + if (optee->smc.sec_caps & OPTEE_SMC_SEC_CAP_SYSTEM_THREAD) + optee->smc.invoke_fn(OPTEE_SMC_CALL_UNRESERVE_SYS_THREAD, + 0, 0, 0, 0, 0, 0, 0, &res); +} + static const struct tee_driver_ops optee_clnt_ops = { .get_version = optee_get_version, .open = optee_smc_open, @@ -1095,6 +1125,8 @@ static const struct tee_driver_ops optee_clnt_ops = { .cancel_req = optee_cancel_req, .shm_register = optee_shm_register, .shm_unregister = optee_shm_unregister, + .system_ctx_request = optee_request_sys_ctx, + .system_ctx_release = optee_release_sys_ctx, }; static const struct tee_desc optee_clnt_desc = { diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 98da206cd761..a7dfdea5d85b 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -5,6 +5,7 @@ #define pr_fmt(fmt) "%s: " fmt, __func__ +#include <linux/bug.h> #include <linux/cdev.h> #include <linux/cred.h> #include <linux/fs.h> @@ -1141,10 +1142,39 @@ EXPORT_SYMBOL_GPL(tee_client_open_context); void tee_client_close_context(struct tee_context *ctx) { + while (ctx->system_ctx_count) + tee_client_release_system_context(ctx); + teedev_close_context(ctx); } EXPORT_SYMBOL_GPL(tee_client_close_context); +int tee_client_request_system_context(struct tee_context *ctx) +{ + int ret; + + if (!ctx->teedev->desc->ops->system_ctx_request || + !ctx->teedev->desc->ops->system_ctx_release) + return -EINVAL; + + ret = ctx->teedev->desc->ops->system_ctx_request(ctx); + if (!ret) + ctx->system_ctx_count++; + + return ret; +} +EXPORT_SYMBOL_GPL(tee_client_request_system_context); + +void tee_client_release_system_context(struct tee_context *ctx) +{ + if (ctx->system_ctx_count && + ctx->teedev->desc->ops->system_ctx_release) { + ctx->teedev->desc->ops->system_ctx_release(ctx); + ctx->system_ctx_count--; + } +} +EXPORT_SYMBOL_GPL(tee_client_release_system_context); + void tee_client_get_version(struct tee_context *ctx, struct tee_ioctl_version_data *vers) { diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 17eb1c5205d3..45577256bb71 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -47,6 +47,8 @@ struct tee_shm_pool; * non-blocking in nature. * @cap_memref_null: flag indicating if the TEE Client support shared * memory buffer with a NULL pointer. + * @system_ctx_count: Number of system invocation contexts provisioned for + * this TEE client or 0. */ struct tee_context { struct tee_device *teedev; @@ -55,6 +57,7 @@ struct tee_context { bool releasing; bool supp_nowait; bool cap_memref_null; + unsigned int system_ctx_count; }; struct tee_param_memref { @@ -90,6 +93,8 @@ struct tee_param { * @supp_send: called for supplicant to send a response * @shm_register: register shared memory buffer in TEE * @shm_unregister: unregister shared memory buffer in TEE + * @system_ctx_request: Request provisioning of a new system context in TEE + * @system_ctx_release: Release a provisioned system context in TEE */ struct tee_driver_ops { void (*get_version)(struct tee_device *teedev, @@ -112,6 +117,8 @@ struct tee_driver_ops { struct page **pages, size_t num_pages, unsigned long start); int (*shm_unregister)(struct tee_context *ctx, struct tee_shm *shm); + int (*system_ctx_request)(struct tee_context *ctx); + void (*system_ctx_release)(struct tee_context *ctx); }; /** @@ -397,6 +404,20 @@ tee_client_open_context(struct tee_context *start, */ void tee_client_close_context(struct tee_context *ctx); +/** + * tee_client_request_system_context() - Close a TEE context + * @ctx: TEE context to close + * + * @return 0 on success else an error code + */ +int tee_client_request_system_context(struct tee_context *ctx); + +/** + * tee_client_release_system_context() - Release a reserved system exec context + * @ctx: TEE context reference + */ +void tee_client_release_system_context(struct tee_context *ctx); + /** * tee_client_get_version() - Query version of TEE * @ctx: TEE context to TEE to query -- 2.25.1

3 years

3
4
0 0

[PATCH v2 0/4] Remove get_kernel_pages()

by Ira Weiny

Sumit, I did not see a follow up on this series per your last email.[1] I'd like to move forward with getting rid of kmap_to_page(). So Hopefully this can land and you can build on this rather than the other way around? All, Al Viro found[2] that kmap_to_page() is broken. But not only is it broken, it presents confusion over how highmem should be used because kmap() and friends should not be used for 'long term' mappings. get_kernel_pages() is a caller of kmap_to_page(). It only has one caller [shm_get_kernel_pages()] which does not need the functionality. Alter shm_get_kernel_pages() to no longer call get_kernel_pages() and remove get_kernel_pages(). Along the way it was noted that shm_get_kernel_pages() does not have any need to support vmalloc'ed addresses either. Remove that functionality to clean up the logic. This series also fixes is_kmap_addr() and uses it to ensure no kmap addresses slip in later. [1] https://lore.kernel.org/all/CAFA6WYMqEVDVW-ifoh-V9ni1zntYdes8adQKf2XXAUpqda… [2] https://lore.kernel.org/lkml/YzSSl1ItVlARDvG3@ZenIV To: Sumit Garg <sumit.garg(a)linaro.org> To: Andrew Morton <akpm(a)linux-foundation.org> Cc: "Al Viro" <viro(a)zeniv.linux.org.uk> Cc: "Christoph Hellwig" <hch(a)lst.de> Cc: linux-kernel(a)vger.kernel.org Cc: op-tee(a)lists.trustedfirmware.org Cc: linux-mm(a)kvack.org Cc: Jens Wiklander <jens.wiklander(a)linaro.org> Cc: "Fabio M. De Francesco" <fmdefrancesco(a)gmail.com> Signed-off-by: Ira Weiny <ira.weiny(a)intel.com> --- Changes in v2: - Al Viro: Avoid allocating the kiov. - Sumit: Update cover letter to clarify the motivation behind removing get_kernel_pages() - Link to v1: https://lore.kernel.org/r/20221002002326.946620-1-ira.weiny@intel.com --- Ira Weiny (4): highmem: Enhance is_kmap_addr() to check kmap_local_page() mappings tee: Remove vmalloc page support tee: Remove call to get_kernel_pages() mm: Remove get_kernel_pages() drivers/tee/tee_shm.c | 37 ++++++++++--------------------------- include/linux/highmem-internal.h | 5 ++++- include/linux/mm.h | 2 -- mm/swap.c | 30 ------------------------------ 4 files changed, 14 insertions(+), 60 deletions(-) --- base-commit: 0136d86b78522bbd5755f8194c97a987f0586ba5 change-id: 20230203-get_kernel_pages-199342cfba79 Best regards, -- Ira Weiny <ira.weiny(a)intel.com>

3 years

6
26
0 0

2026

2025

2024

2023

2022

2021

2020

OP-TEE