- OP-TEE - lists.trustedfirmware.org

[PATCH v7 0/6] Asynchronous notifications from secure world

by Jens Wiklander

Hi all, This adds support for asynchronous notifications from OP-TEE in secure world to the OP-TEE driver. This allows a design with a top half and bottom half type of driver where the top half runs in secure interrupt context and a notifications tells normal world to schedule a yielding call to do the bottom half processing. An edge-triggered interrupt is used to notify the driver that there are asynchronous notifications pending. Only the SMC based ABI of the OP-TEE driver gains asynchronous notifications. Future support for asynchronous notifications in the FF-A based ABI will rely on APIs which are expected to be provided by the FF-A driver in a not too distant future. Most of the patches here are well reviewed, but the last patch "optee: add asynchronous notifications" could do with some more attention. This patchset is also available at https://git.linaro.org/people/jens.wiklander/linux-tee.git/log/?h=async_not… v6->v7: * Rebased on 4615e5a34b95 ("optee: add FF-A support") in https://git.kernel.org/pub/scm/linux/kernel/git/soc/soc.git with 34f3c67b8178 ("optee: smc_abi.c: add missing #include <linux/mm.h>") cherry-picked on top. This allows to resolve the conflicts with pull request "[GIT PULL] OP-TEE FF-A for V5.16" * Factored out the interrupt handling added in "optee: add asynchronous notifications" to only go into smb_abi.c. A different approach is expected with FF-A once it has asynchronous notifications. * Addressed review comments from Sumit Garg: - Replaced 0 and 1 with the macros GIC_SPI and IRQ_TYPE_EDGE_RISING in the example in the bindings. - Replaced the magic number to optee_notif_init() with OPTEE_DEFAULT_MAX_NOTIF_VALUE in the commit "optee: separate notification functions" - Switched back to tagged error path in optee_probe() - Fixed a few nits in "optee: add asynchronous notifications" - Applied Sumit's Reviewed-by on all commits but the last, "optee: add asynchronous notifications" v5->v6: * Rebased on v5.15-rc2 * Replaced "tee: add tee_dev_open_helper() primitive" with "tee: export teedev_open() and teedev_close_context()" since it turned out that the normal teedev functions could be used instead as noted by Sumit. * Changed "optee: add asynchronous notifications" to use the exported teedev_open() and teedev_close_context() functions instead. v4->v5: * Rebased on v5.14-rc7 * Updated documentation to clarify that one interrupt may represent multiple notifications as requested. * Applied Marc's and Rob's tags v3->v4: * Clarfied the expected type of interrypt is edge-triggered, both in the normal documentation and in the DT bindings as requested. v2->v3: * Rebased on v5.14-rc2 which made the patch "dt-bindings: arm: Convert optee binding to json-schema" from the V2 patch set obsolete. * Applied Ard's Acked-by on "optee: add asynchronous notifications" v1->v2: * Added documentation * Converted optee bindings to json-schema and added interrupt property * Configure notification interrupt from DT instead of getting it from secure world, suggested by Ard Biesheuvel <ardb(a)kernel.org>. Thanks, Jens Jens Wiklander (6): docs: staging/tee.rst: add a section on OP-TEE notifications dt-bindings: arm: optee: add interrupt property tee: fix put order in teedev_close_context() tee: export teedev_open() and teedev_close_context() optee: separate notification functions optee: add asynchronous notifications .../arm/firmware/linaro,optee-tz.yaml | 7 + Documentation/staging/tee.rst | 30 +++ drivers/tee/optee/Makefile | 1 + drivers/tee/optee/core.c | 2 +- drivers/tee/optee/ffa_abi.c | 6 +- drivers/tee/optee/notif.c | 125 +++++++++ drivers/tee/optee/optee_msg.h | 9 + drivers/tee/optee/optee_private.h | 28 ++- drivers/tee/optee/optee_rpc_cmd.h | 31 +-- drivers/tee/optee/optee_smc.h | 75 +++++- drivers/tee/optee/rpc.c | 71 +----- drivers/tee/optee/smc_abi.c | 238 +++++++++++++++--- drivers/tee/tee_core.c | 10 +- include/linux/tee_drv.h | 14 ++ 14 files changed, 522 insertions(+), 125 deletions(-) create mode 100644 drivers/tee/optee/notif.c -- 2.31.1

3 years, 12 months

3
10
0 0

[PATCH][next] optee: Fix spelling mistake "reclain" -> "reclaim"

by Colin Ian King

There are spelling mistakes in pr_err error messages. Fix them. Signed-off-by: Colin Ian King <colin.i.king(a)gmail.com> --- drivers/tee/optee/ffa_abi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c index 6defd1ec982a..45424824e0f9 100644 --- a/drivers/tee/optee/ffa_abi.c +++ b/drivers/tee/optee/ffa_abi.c @@ -333,7 +333,7 @@ static int optee_ffa_shm_unregister(struct tee_context *ctx, rc = ffa_ops->memory_reclaim(global_handle, 0); if (rc) - pr_err("mem_reclain: 0x%llx %d", global_handle, rc); + pr_err("mem_reclaim: 0x%llx %d", global_handle, rc); return rc; } @@ -355,7 +355,7 @@ static int optee_ffa_shm_unregister_supp(struct tee_context *ctx, optee_shm_rem_ffa_handle(optee, global_handle); rc = ffa_ops->memory_reclaim(global_handle, 0); if (rc) - pr_err("mem_reclain: 0x%llx %d", global_handle, rc); + pr_err("mem_reclaim: 0x%llx %d", global_handle, rc); shm->sec_world_id = 0; -- 2.32.0

4 years

3
2
0 0

[GIT PULL] OP-TEE FF-A fix for V5.16

by Jens Wiklander

Hello arm-soc maintainers, Please pull this small OP-TEE driver fix which takes care of a couple of spell errors in a few log messages. These log messages was added in the recently pulled 4615e5a34b95 ("optee: add FF-A support"). Thanks, Jens The following changes since commit 4615e5a34b95e0d81467f6d2176f19a5d184cb5d: optee: add FF-A support (2021-10-18 11:44:23 +0200) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-ffa-fix-for-v5.16 for you to fetch changes up to 1b73a9e4986a4e9065bacf1e5ab2dfda17b54161: optee: Fix spelling mistake "reclain" -> "reclaim" (2021-10-28 11:41:39 +0200) ---------------------------------------------------------------- Fix spell errors in OP-TEE FF-A driver log messages ---------------------------------------------------------------- Colin Ian King (1): optee: Fix spelling mistake "reclain" -> "reclaim" drivers/tee/optee/ffa_abi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

4 years

1
0
0 0

Linaro OP-TEE Contributions (LOC) monthly meeting October 2021

by Ruchika Gupta

Hi, OP-TEE Contributions (LOC) monthly meeting is planned for Thursday Oct 28 @17.00 (UTC+2). Following topics are on the agenda: - Generic Clock Framework and Peripheral security- Clément Léger - Discussion on device driver initialization/probing - Etienne Carriere If you have any other topics you'd like to discuss, please let us know and we can schedule them. Meeting details: --------------- Date/time: October 28(a)17.00 (UTC+2) https://everytimezone.com/s/3f83a9ab Connection details: https://www.trustedfirmware.org/meetings/ Meeting notes: http://bit.ly/loc-notes Regards, Ruchika on behalf of the Linaro OP-TEE team

4 years

1
0
0 0

[PATCH] optee: smc_abi.c: add missing #include <linux/mm.h>

by Jens Wiklander

Adds missing #include <linux/mm.h> drivers/tee/optee/smc_abi.c to fix compile errors like: drivers/tee/optee/smc_abi.c:405:15: error: implicit declaration of function 'page_to_section' [-Werror,-Wimplicit-function-declaration] optee_page = page_to_phys(*pages) + ^ arch/arm/include/asm/memory.h:148:43: note: expanded from macro 'page_to_phys' ^ include/asm-generic/memory_model.h:52:21: note: expanded from macro 'page_to_pfn' ^ include/asm-generic/memory_model.h:35:14: note: expanded from macro '__page_to_pfn' int __sec = page_to_section(__pg); \ ^ drivers/tee/optee/smc_abi.c:405:15: note: did you mean '__nr_to_section'? arch/arm/include/asm/memory.h:148:43: note: expanded from macro 'page_to_phys' ^ include/asm-generic/memory_model.h:52:21: note: expanded from macro 'page_to_pfn' ^ include/asm-generic/memory_model.h:35:14: note: expanded from macro '__page_to_pfn' int __sec = page_to_section(__pg); \ ^ include/linux/mmzone.h:1365:35: note: '__nr_to_section' declared here static inline struct mem_section *__nr_to_section(unsigned long nr) Fixes: c51a564a5b48 ("optee: isolate smc abi") Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> --- I wasn't able to reproduce the error above. It obviously involves CONFIG_SPARSEMEM=y, but something more seems to be needed to trigger the error. Nonetheless, including <linux/mm.h> should fix the error. Thanks, Jens drivers/tee/optee/smc_abi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c index 9a787fb4f5e5..6196d7c3888f 100644 --- a/drivers/tee/optee/smc_abi.c +++ b/drivers/tee/optee/smc_abi.c @@ -10,6 +10,7 @@ #include <linux/errno.h> #include <linux/io.h> #include <linux/sched.h> +#include <linux/mm.h> #include <linux/module.h> #include <linux/of.h> #include <linux/of_platform.h> -- 2.31.1

4 years

1
0
0 0

[GIT PULL] OP-TEE FF-A for V5.16

by Jens Wiklander

Hello arm-soc maintainers, Please pull these patches which adds support for FF-A [1] in the OP-TEE driver. There's a bit of shuffling in the code where everyhting related to the old SMC based ABI is moved to drivers/tee/optee/smc_abi.c, but there should not be any changed in behavior for with the old ABI. Note that this is based on top of the recent fix 7f565d0ead26 ("tee: optee: Fix missing devices unregister during optee_remove") which has already been requested to be pulled. Thanks, Jens The following changes since commit 7f565d0ead264329749c0da488de9c8dfa2f18ce: tee: optee: Fix missing devices unregister during optee_remove (2021-10-12 13:24:39 +0200) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-ffa-for-v5.16 for you to fetch changes up to 4615e5a34b95e0d81467f6d2176f19a5d184cb5d: optee: add FF-A support (2021-10-18 11:44:23 +0200) ---------------------------------------------------------------- Add FF-A support in OP-TEE driver Adds supports for the OP-TEE driver to communicate with secure world using FF-A [1] as transport. [1] https://developer.arm.com/documentation/den0077/latest ---------------------------------------------------------------- Jens Wiklander (5): tee: add sec_world_id to struct tee_shm optee: simplify optee_release() optee: refactor driver with internal callbacks optee: isolate smc abi optee: add FF-A support drivers/tee/optee/Makefile | 5 +- drivers/tee/optee/call.c | 445 ++---------- drivers/tee/optee/core.c | 719 ++------------------ drivers/tee/optee/ffa_abi.c | 911 +++++++++++++++++++++++++ drivers/tee/optee/optee_ffa.h | 153 +++++ drivers/tee/optee/optee_msg.h | 27 +- drivers/tee/optee/optee_private.h | 157 ++++- drivers/tee/optee/rpc.c | 237 +------ drivers/tee/optee/shm_pool.c | 101 --- drivers/tee/optee/shm_pool.h | 14 - drivers/tee/optee/smc_abi.c | 1361 +++++++++++++++++++++++++++++++++++++ include/linux/tee_drv.h | 7 +- 12 files changed, 2728 insertions(+), 1409 deletions(-) create mode 100644 drivers/tee/optee/ffa_abi.c create mode 100644 drivers/tee/optee/optee_ffa.h delete mode 100644 drivers/tee/optee/shm_pool.c delete mode 100644 drivers/tee/optee/shm_pool.h create mode 100644 drivers/tee/optee/smc_abi.c

4 years

3
2
0 0

OP-TEE 3.15.0 has been released

by Ruchika Gupta

Hi, I'm pleased to announce that the v3.15.0 release for OP-TEE is now available. As usual, the list of changes can be found in the changelog [1]. Thanks to everyone who participated with contributions and helping out with testing the release candidate [2]. [1] https://github.com/OP-TEE/optee_os/blob/master/CHANGELOG.md [2] https://github.com/OP-TEE/optee_os/pull/4880/commits/19b6e252a2ccbe0124ca33… Regards, Ruchika

4 years

1
0
0 0

[PATCH v6 0/5] Add FF-A support in OP-TEE driver

by Jens Wiklander

Hi all, This adds supports for the OP-TEE driver to communicate with secure world using FF-A [1] as transport. There is one change to the TEE subsystem with "tee: add sec_world_id to struct tee_shm" to add support for holding globally unique handle assigned by the FF-A. This is a field that I believe could useful for the AMDTEE driver too. For communication the OP-TEE message protocol is still used, but with a new type of memory reference, struct optee_msg_param_fmem, to carry the information needed by FF-A. The OP-TEE driver is refactored internally with to sets of callbacks, one for the old SMC based communication and another set with FF-A as transport. The functions relating to the SMC based ABI are moved to smc_abi.c while the FF-A based ABI is added in a ffa_abi.c. There is also a difference in how the drivers are instantiated. With the SMC based transport we have a platform driver, module_platform_driver(), today which we're keeping as is for this configuration. In a FF-A system we have a FF-A driver, module_ffa_driver(), instead. The OP-TEE driver can be compiled for both targets at the same time and it's up to runtime configuration (device tree or ACPI) to decide how it's initialized. Note that it's only the old SMC based driver instance that need device tree or ACPI to initialize. The FF-A based driver relies on the FF-A bus instead. These patches are also available at https://git.linaro.org/people/jens.wiklander/linux-tee.git/log/?h=optee_ffa… Note that there's three patches there not included in this patchset "tee/optee/shm_pool: fix application of sizeof to pointer", "firmware: arm_ffa: Fix __ffa_devices_unregister" and "firmware: arm_ffa: Add missing remove callback to ffa_bus_type" already have or are about to be sent to arm-soc with separate pull requests. This can be tested QEMU The repo for SPMC at S-EL1 retrieved by repo init -u https://github.com/jenswi-linaro/manifest.git -m qemu_v8.xml -b ffav4_spmc repo sync # Then checkout the branch optee_ffa_v6 from # git://git.linaro.org/people/jens.wiklander/linux-tee.git # in the linux directory To build do: cd build make toolchains make all To boot: make run-only Test with xtest, perhaps only with the command "xtest 1004" in case you're not interested in too many tests. Thanks, Jens [1] https://developer.arm.com/documentation/den0077/latest v5->v6: - Rebased on v5.15-rc2 - Addressing comments from Sudeep Holla to work with ARM_FFA_TRANSPORT=m - Fixing a couple of warnings in "optee: isolate smc abi" reported by kernel test robot <lkp(a)intel.com> - Adding the fix from "tee/optee/shm_pool: fix application of sizeof to pointer" into "optee: isolate smc abi" since the function code has been moved to another file. v4->v5: - Rebased on v5.14, tricky conflicts primarily between "optee: isolate smc abi" and mostly 376e4199e327 "tee: Correct inappropriate usage of TEE_SHM_DMA_BUF flag" but also with the other kexec fixes that went into v5.14-rc5. - Addressing comments from Sumit and applying Reviewed-by: Sumit Garg <sumit.garg(a)linaro.org> on "optee: isolate smc abi" - Addressing comments from Sumit and applying Acked-by: Sumit Garg <sumit.garg(a)linaro.org> on "optee: add FF-A support" v3->v4: - Made a bit more RPC code common between the SMC and FF-A ABIs as requested by Sumit. - Replaced module_platform_driver() with module_init()/module_exit() as described in the commit "optee: isolate smc abi". - Applied Sumit's R-B for the commits "tee: add sec_world_id to struct tee_shm", "optee: simplify optee_release()", and "optee: refactor driver with internal callbacks" v2->v3: - Rebased on 5.14-rc2 which now have the FF-A patches merged - Fixed a couple bugs in optee_shm_register() and optee_shm_unregister() which where introduced in "optee: refactor driver with internal callbacks" in previous the version. - Separated SMC ABI specifics into smc_abi.c to keep it separated from the FF-A ABI functions as requested by Sumit. - Added the FF-A specifics in ffa_abi.c - Provided an implementation for optee_ffa_remove() v1->v2: - Rebased to the FF-A v7 patch - Fixed a couple of reports from kernel test robot <lkp(a)intel.com> Jens Wiklander (5): tee: add sec_world_id to struct tee_shm optee: simplify optee_release() optee: refactor driver with internal callbacks optee: isolate smc abi optee: add FF-A support drivers/tee/optee/Makefile | 5 +- drivers/tee/optee/call.c | 445 ++-------- drivers/tee/optee/core.c | 719 ++------------- drivers/tee/optee/ffa_abi.c | 911 +++++++++++++++++++ drivers/tee/optee/optee_ffa.h | 153 ++++ drivers/tee/optee/optee_msg.h | 27 +- drivers/tee/optee/optee_private.h | 155 +++- drivers/tee/optee/rpc.c | 237 +---- drivers/tee/optee/shm_pool.c | 101 --- drivers/tee/optee/shm_pool.h | 14 - drivers/tee/optee/smc_abi.c | 1360 +++++++++++++++++++++++++++++ include/linux/tee_drv.h | 7 +- 12 files changed, 2726 insertions(+), 1408 deletions(-) create mode 100644 drivers/tee/optee/ffa_abi.c create mode 100644 drivers/tee/optee/optee_ffa.h delete mode 100644 drivers/tee/optee/shm_pool.c delete mode 100644 drivers/tee/optee/shm_pool.h create mode 100644 drivers/tee/optee/smc_abi.c -- 2.31.1

4 years

4
13
0 0

[PATCH v6 0/6] Asynchronous notifications from secure world

by Jens Wiklander

Hi all, This adds support for asynchronous notifications from OP-TEE in secure world to the OP-TEE driver. This allows a design with a top half and bottom half type of driver where the top half runs in secure interrupt context and a notifications tells normal world to schedule a yielding call to do the bottom half processing. An edge-triggered interrupt is used to notify the driver that there are asynchronous notifications pending. The documentation and DT bindings patches are now well reviewed, but the patches with code would do with some more attention. v5->v6: * Rebased on v5.15-rc2 * Replaced "tee: add tee_dev_open_helper() primitive" with "tee: export teedev_open() and teedev_close_context()" since it turned out that the normal teedev functions could be used instead as noted by Sumit. * Changed "optee: add asynchronous notifications" to use the exported teedev_open() and teedev_close_context() functions instead. v4->v5: * Rebased on v5.14-rc7 * Updated documentation to clarify that one interrupt may represent multiple notifications as requested. * Applied Marc's and Rob's tags v3->v4: * Clarfied the expected type of interrypt is edge-triggered, both in the normal documentation and in the DT bindings as requested. v2->v3: * Rebased on v5.14-rc2 which made the patch "dt-bindings: arm: Convert optee binding to json-schema" from the V2 patch set obsolete. * Applied Ard's Acked-by on "optee: add asynchronous notifications" v1->v2: * Added documentation * Converted optee bindings to json-schema and added interrupt property * Configure notification interrupt from DT instead of getting it from secure world, suggested by Ard Biesheuvel <ardb(a)kernel.org>. Thanks, Jens Jens Wiklander (6): docs: staging/tee.rst: add a section on OP-TEE notifications dt-bindings: arm: optee: add interrupt property tee: fix put order in teedev_close_context() tee: export teedev_open() and teedev_close_context() optee: separate notification functions optee: add asynchronous notifications .../arm/firmware/linaro,optee-tz.yaml | 7 + Documentation/staging/tee.rst | 30 +++ drivers/tee/optee/Makefile | 1 + drivers/tee/optee/call.c | 27 +++ drivers/tee/optee/core.c | 87 +++++-- drivers/tee/optee/notif.c | 226 ++++++++++++++++++ drivers/tee/optee/optee_msg.h | 9 + drivers/tee/optee/optee_private.h | 23 +- drivers/tee/optee/optee_rpc_cmd.h | 31 +-- drivers/tee/optee/optee_smc.h | 75 +++++- drivers/tee/optee/rpc.c | 73 +----- drivers/tee/tee_core.c | 10 +- include/linux/tee_drv.h | 14 ++ 13 files changed, 496 insertions(+), 117 deletions(-) create mode 100644 drivers/tee/optee/notif.c -- 2.31.1

4 years

2
14
0 0

[GIT PULL] another OP-TEE fix for v5.15

by Jens Wiklander

Hello arm-soc maintainers, Please pull this OP-TEE driver fix to unregister OP-TEE client devices from the TEE bus when the OP-TEE driver is unloaded. Note that this is based on the previous already merged OP-TEE driver fix. Thanks, Jens The following changes since commit 88a3856c0a8c03188db7913f4d49379432fe1f93: tee/optee/shm_pool: fix application of sizeof to pointer (2021-09-14 07:54:56 +0200) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-fix2-for-v5.15 for you to fetch changes up to 7f565d0ead264329749c0da488de9c8dfa2f18ce: tee: optee: Fix missing devices unregister during optee_remove (2021-10-12 13:24:39 +0200) ---------------------------------------------------------------- Fix missing devices unregister during optee_remove Unregisters OP-TEE client devices (UUIDs of some known Trusted Applications) from the TEE bus when the OP-TEE driver is unloaded. ---------------------------------------------------------------- Sumit Garg (1): tee: optee: Fix missing devices unregister during optee_remove drivers/tee/optee/core.c | 3 +++ drivers/tee/optee/device.c | 22 ++++++++++++++++++++++ drivers/tee/optee/optee_private.h | 1 + 3 files changed, 26 insertions(+)

4 years

1
0
0 0

2025

2024

2023

2022

2021

2020

OP-TEE