- OP-TEE - lists.trustedfirmware.org

by Rijo Thomas

AMD-TEE driver keeps track of shared memory buffers and their corresponding buffer id's in a global linked list. These buffers are used to share data between x86 and AMD Secure Processor. This patchset fixes issues related to maintaining mapped buffers in a shared linked list. Rijo Thomas (2): tee: amdtee: fix memory leak due to reset of global shm list tee: amdtee: synchronize access to shm list drivers/tee/amdtee/amdtee_private.h | 8 ++++---- drivers/tee/amdtee/core.c | 26 +++++++++++++++++++------- 2 files changed, 23 insertions(+), 11 deletions(-) -- 2.17.1

4 years

2
3
0 0

Mbed TLS Virtual Workshop Tomorrow

by Shebu Varghese Kuriakose

Hi All, Gentle reminder about the Mbed TLS workshop tomorrow (Tuesday, November 3rd) from 2 to 6pm GMT. See agenda and zoom link here - https://www.trustedfirmware.org/meetings/mbed-tls-workshop/ Thanks, Shebu -----Original Appointment----- From: Trusted Firmware Public Meetings <linaro.org_havjv2figrh5egaiurb229pd8c(a)group.calendar.google.com> Sent: Friday, October 23, 2020 12:32 AM To: Trusted Firmware Public Meetings; Shebu Varghese Kuriakose; mbed-tls(a)lists.trustedfirmware.org; Don Harbin; psa-crypto(a)lists.trustedfirmware.org; Dave Rodgman Subject: Mbed TLS Virtual Workshop When: Tuesday, November 3, 2020 2:00 PM-6:00 PM (UTC+00:00) Dublin, Edinburgh, Lisbon, London. Where: Zoom: https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT… You have been invited to the following event. Mbed TLS Virtual Workshop When Tue Nov 3, 2020 7am – 11am Mountain Standard Time - Phoenix Where Zoom: https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT… (map<https://www.google.com/maps/search/Zoom:+https:%2F%2Flinaro-org.zoom.us%2Fj…>) Calendar shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com> Who • Don Harbin - creator • shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com> • mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org> • psa-crypto(a)lists.trustedfirmware.org<mailto:psa-crypto@lists.trustedfirmware.org> • dave.rodgman(a)arm.com<mailto:dave.rodgman@arm.com> more details »<https://www.google.com/calendar/event?action=VIEW&eid=NHVvY2FxY2o4Njk3MWZkd…> Hi, Trustedfirmware.org community project would like to invite you to the Mbed TLS Virtual Workshop. The purpose of the workshop is to bring together the Mbed TLS community including maintainers, contributors and users to discuss * The future direction of the project and * Ways to improve community collaboration Here is the agenda for the workshop. Topic Time (in GMT) Welcome 2.00 - 2.10pm Constant-time code 2.10 – 2.30pm Processes - how does work get scheduled? 2.30 – 2.50pm PSA Crypto APIs 2.50 – 3.20pm PSA Crypto for Silicon Labs Wireless MCUs - Why, What, Where and When 3.20 – 3.50pm Break Roadmap, TLS1.3 Update 4.10 – 4.30pm Mbed TLS 3.0 Plans, Scope 4.30 – 5.00pm How do I contribute my first review and be an effective Mbed TLS reviewer 5.00 – 5.30pm Regards, Don Harbin Trusted Firmware Community Manager ==============Zoom details below:==================== Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: Mbed TLS Virtual Workshop Time: Nov 3, 2020 02:00 PM Greenwich Mean Time Join Zoom Meeting https://linaro-org.zoom.us/j/95315200315?pwd=ZDJGc1BZMHZLV29DTmpGUllmMjB1UT…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9531520…> Meeting ID: 953 1520 0315 Passcode: 143755 One tap mobile +16699009128,,95315200315# US (San Jose) +12532158782,,95315200315# US (Tacoma) Dial by your location +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 646 558 8656 US (New York) +1 301 715 8592 US (Germantown) +1 312 626 6799 US (Chicago) 888 788 0099 US Toll-free 877 853 5247 US Toll-free Meeting ID: 953 1520 0315 Find your local number: https://linaro-org.zoom.us/u/apL3hgti4<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fu%2FapL3hgt…> Going (shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com>)? Yes<https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…> - Maybe<https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…> - No<https://www.google.com/calendar/event?action=RESPOND&eid=NHVvY2FxY2o4Njk3MW…> more options »<https://www.google.com/calendar/event?action=VIEW&eid=NHVvY2FxY2o4Njk3MWZkd…> Invitation from Google Calendar<https://www.google.com/calendar/> You are receiving this courtesy email at the account shebu.varghesekuriakose(a)arm.com<mailto:shebu.varghesekuriakose@arm.com> because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More<https://support.google.com/calendar/answer/37135#forwarding>.

4 years

1
0
0 0

[GIT PULL] OP-TEE use UUID API for v5.10

by Jens Wiklander

Hello arm-soc maintainers, Please pull this small patch which allows to hide uuit_t internals from the OP-TEE driver. I know it's a bit late for v5.10, if it's too late please queue it for v5.11 instead. Thanks, Jens The following changes since commit 9123e3a74ec7b934a4a099e98af6a61c2f80bbf5: Linux 5.9-rc1 (2020-08-16 13:04:57 -0700) are available in the Git repository at: git://git.linaro.org:/people/jens.wiklander/linux-tee.git tags/optee-use-uuid-api-for-v5.10 for you to fetch changes up to 57222a1be27e06ecb81cc2f945e897814d5f461c: tee: optee: Use UUID API for exporting the UUID (2020-10-13 08:03:18 +0200) ---------------------------------------------------------------- Use UUID API to export the UUID Uses export_uuid() to export and uuid_t to an u8 array instead of depending on the internals of uuid_t. ---------------------------------------------------------------- Andy Shevchenko (1): tee: optee: Use UUID API for exporting the UUID drivers/tee/optee/device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

4 years

2
1
0 0

[PATCH] tee: optee: Set a flag to avoid memory leaks

by Wang, Xiaolei

When an rpc message to release memory is not received, a memory leak will occur, which should be released unreferenced object 0xffff00006871b580 (size 128): comm "swapper/0", pid 1, jiffies 4294892673 (age 428.192s) hex dump (first 32 bytes): 80 b3 71 68 00 00 ff ff 00 e0 71 a8 00 00 00 00 ..qh......q..... 00 e0 71 68 00 00 ff ff 00 10 00 00 00 00 00 00 ..qh............ backtrace: [<00000000f0425299>] slab_post_alloc_hook+0x6c/0x338 [<000000004705f905>] kmem_cache_alloc+0x1d4/0x328 [<00000000773c66a0>] tee_shm_alloc+0x84/0x268 [<00000000ca052f98>] optee_handle_rpc+0x144/0x5a0 [<0000000015a8eebe>] optee_do_call_with_arg+0x14c/0x168 [<00000000d51ef0fd>] optee_open_session+0x12c/0x200 [<000000007146f51d>] tee_client_open_session+0x24/0x38 [<00000000ea2b35e7>] optee_enumerate_devices+0xa0/0x2c0 [<0000000068088775>] optee_probe+0x560/0x690 [<00000000ad1d997a>] platform_drv_probe+0x54/0xa8 [<00000000e11592d4>] really_probe+0x118/0x3e0 [<00000000dacd3142>] driver_probe_device+0x5c/0xc0 [<0000000077c13842>] device_driver_attach+0x74/0x80 [<00000000106ccc62>] __driver_attach+0x8c/0xd8 [<00000000e120c345>] bus_for_each_dev+0x7c/0xd8 [<00000000b79335f5>] driver_attach+0x24/0x30 Signed-off-by: Xiaolei Wang <xiaolei.wang(a)windriver.com<mailto:xiaolei.wang@windriver.com>> --- drivers/tee/optee/call.c | 7 ++++++- drivers/tee/optee/optee_private.h | 2 +- drivers/tee/optee/rpc.c | 4 +++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/tee/optee/call.c b/drivers/tee/optee/call.c index 20b6fd7383c5..522c133b9d95 100644 --- a/drivers/tee/optee/call.c +++ b/drivers/tee/optee/call.c @@ -129,6 +129,7 @@ u32 optee_do_call_with_arg(struct tee_context *ctx, phys_addr_t parg) struct optee_rpc_param param = { }; struct optee_call_ctx call_ctx = { }; u32 ret; + unsigned int flags = 0; param.a0 = OPTEE_SMC_CALL_WITH_ARG; reg_pair_from_64(&param.a1, &param.a2, parg); @@ -153,9 +154,13 @@ u32 optee_do_call_with_arg(struct tee_context *ctx, phys_addr_t parg) param.a1 = res.a1; param.a2 = res.a2; param.a3 = res.a3; - optee_handle_rpc(ctx, &param, &call_ctx); + optee_handle_rpc(ctx, &param, &call_ctx, &flags); } else { ret = res.a0; + if (flags != 0x0) { + param.a0 = 2; + optee_handle_rpc(ctx, &param, &call_ctx, &flags); + } break; } } diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h index 8b71839a357e..1c1d62e21141 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -127,7 +127,7 @@ struct optee_call_ctx { }; void optee_handle_rpc(struct tee_context *ctx, struct optee_rpc_param *param, - struct optee_call_ctx *call_ctx); + struct optee_call_ctx *call_ctx, unsigned int *flags); void optee_rpc_finalize_call(struct optee_call_ctx *call_ctx); void optee_wait_queue_init(struct optee_wait_queue *wq); diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c index b4ade54d1f28..4e76c87b61f4 100644 --- a/drivers/tee/optee/rpc.c +++ b/drivers/tee/optee/rpc.c @@ -396,7 +396,7 @@ static void handle_rpc_func_cmd(struct tee_context *ctx, struct optee *optee, * Result of RPC is written back into @param. */ void optee_handle_rpc(struct tee_context *ctx, struct optee_rpc_param *param, - struct optee_call_ctx *call_ctx) + struct optee_call_ctx *call_ctx, unsigned int *flags) { struct tee_device *teedev = ctx->teedev; struct optee *optee = tee_get_drvdata(teedev); @@ -410,6 +410,7 @@ void optee_handle_rpc(struct tee_context *ctx, struct optee_rpc_param *param, reg_pair_from_64(&param->a1, &param->a2, pa); reg_pair_from_64(&param->a4, &param->a5, (unsigned long)shm); + *flags = 0x1; } else { param->a1 = 0; param->a2 = 0; @@ -420,6 +421,7 @@ void optee_handle_rpc(struct tee_context *ctx, struct optee_rpc_param *param, case OPTEE_SMC_RPC_FUNC_FREE: shm = reg_pair_to_ptr(param->a1, param->a2); tee_shm_free(shm); + *flags = 0x0; break; case OPTEE_SMC_RPC_FUNC_FOREIGN_INTR: /* -- 2.25.1

4 years

2
1
0 0

[PATCH v7 0/4] Introduce TEE based Trusted Keys support

by Sumit Garg

Add support for TEE based trusted keys where TEE provides the functionality to seal and unseal trusted keys using hardware unique key. Also, this is an alternative in case platform doesn't possess a TPM device. This patch-set has been tested with OP-TEE based early TA which is already merged in upstream [1]. [1] https://github.com/OP-TEE/optee_os/commit/f86ab8e7e0de869dfa25ca05a37ee070d… Changes in v7: 1. Added a trusted.source module parameter in order to enforce user's choice in case a particular platform posses both TPM and TEE. 2. Refine commit description for patch #1. Changes in v6: 1. Revert back to dynamic detection of trust source. 2. Drop author mention from trusted_core.c and trusted_tpm1.c files. 3. Rebased to latest tpmdd/master. Changes in v5: 1. Drop dynamic detection of trust source and use compile time flags instead. 2. Rename trusted_common.c -> trusted_core.c. 3. Rename callback: cleanup() -> exit(). 4. Drop "tk" acronym. 5. Other misc. comments. 6. Added review tags for patch #3 and #4. Changes in v4: 1. Pushed independent TEE features separately: - Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062 2. Updated trusted-encrypted doc with TEE as a new trust source. 3. Rebased onto latest tpmdd/master. Changes in v3: 1. Update patch #2 to support registration of multiple kernel pages. 2. Incoporate dependency patch #4 in this patch-set: https://patchwork.kernel.org/patch/11091435/ Changes in v2: 1. Add reviewed-by tags for patch #1 and #2. 2. Incorporate comments from Jens for patch #3. 3. Switch to use generic trusted keys framework. Sumit Garg (4): KEYS: trusted: Add generic trusted keys framework KEYS: trusted: Introduce TEE based Trusted Keys doc: trusted-encrypted: updates with TEE as a new trust source MAINTAINERS: Add entry for TEE based Trusted Keys Documentation/security/keys/trusted-encrypted.rst | 203 ++++++++++--- MAINTAINERS | 8 + include/keys/trusted-type.h | 47 +++ include/keys/trusted_tee.h | 55 ++++ include/keys/trusted_tpm.h | 17 +- security/keys/trusted-keys/Makefile | 2 + security/keys/trusted-keys/trusted_core.c | 334 +++++++++++++++++++++ security/keys/trusted-keys/trusted_tee.c | 278 ++++++++++++++++++ security/keys/trusted-keys/trusted_tpm1.c | 336 ++++------------------ 9 files changed, 953 insertions(+), 327 deletions(-) create mode 100644 include/keys/trusted_tee.h create mode 100644 security/keys/trusted-keys/trusted_core.c create mode 100644 security/keys/trusted-keys/trusted_tee.c -- 2.7.4

4 years, 1 month

4
18
0 0

OP-TEE 3.11.0 has been released

by Jerome Forissier

[BCC all OP-TEE maintainers] Hi, FYI, I have just finalized the OP-TEE 3.11.0 release (changelog [1]). Once again, many thanks to all of you who contributed to this release by submitting or reviewing code, or taking part in release testing [2]. [1] https://github.com/OP-TEE/optee_os/blob/3.11.0/CHANGELOG.md [2] https://github.com/OP-TEE/optee_os/commit/c4def2a8262a Regards, -- Jerome

4 years, 1 month

1
0
0 0

[GIT PULL] TEE fix for v5.10

by Jens Wiklander

Hello arm-soc maintainers, Please pull this small fix which reenables the kernel login method in the kernel internal TEE client API. This fixes a problem introduced in v5.8. Thanks, Jens The following changes since commit 9123e3a74ec7b934a4a099e98af6a61c2f80bbf5: Linux 5.9-rc1 (2020-08-16 13:04:57 -0700) are available in the Git repository at: git://git.linaro.org:/people/jens.wiklander/linux-tee.git tags/tee-fix-for-v5.10 for you to fetch changes up to 722939528a37aa0cb22d441e2045c0cf53e78fb0: tee: client UUID: Skip REE kernel login method as well (2020-10-13 08:42:11 +0200) ---------------------------------------------------------------- Reenable kernel login method for kernel TEE client API The kernel TEE login method was accidentally disabled previously when enabling a few other login methods, so fix that here. ---------------------------------------------------------------- Sumit Garg (1): tee: client UUID: Skip REE kernel login method as well drivers/tee/tee_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

4 years, 1 month

1
0
0 0

Re: [PATCH v1] firmware: tee_bnxt: Use UUID API for exporting the UUID

by Andy Shevchenko

On Thu, Jun 18, 2020 at 01:56:48PM +0300, Andy Shevchenko wrote: > On Wed, Apr 22, 2020 at 04:00:21PM +0300, Andy Shevchenko wrote: > > There is export_uuid() function which exports uuid_t to the u8 array. > > Use it instead of open coding variant. > > > > This allows to hide the uuid_t internals. > > Any comment on this? Guys, who is going to pick this up? > > Signed-off-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> > > --- > > drivers/firmware/broadcom/tee_bnxt_fw.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/firmware/broadcom/tee_bnxt_fw.c b/drivers/firmware/broadcom/tee_bnxt_fw.c > > index ed10da5313e86..4cf0c2576037d 100644 > > --- a/drivers/firmware/broadcom/tee_bnxt_fw.c > > +++ b/drivers/firmware/broadcom/tee_bnxt_fw.c > > @@ -197,7 +197,7 @@ static int tee_bnxt_fw_probe(struct device *dev) > > return -ENODEV; > > > > /* Open session with Bnxt load Trusted App */ > > - memcpy(sess_arg.uuid, bnxt_device->id.uuid.b, TEE_IOCTL_UUID_LEN); > > + export_uuid(sess_arg.uuid, &bnxt_device->id.uuid); > > sess_arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC; > > sess_arg.num_params = 0; > > -- With Best Regards, Andy Shevchenko

4 years, 1 month

1
0
0 0

Mbed TLS Virtual Workshop on Nov. 3rd

by Shebu Varghese Kuriakose

Hi All, Trustedfirmware.org community project would like to invite you to the Mbed TLS Virtual Workshop on November 3rd (Tuesday) from 2pm to 6pm GMT. The purpose of the workshop is to bring together the Mbed TLS community including maintainers, contributors and users to discuss * The future direction of the project and * Ways to improve community collaboration The workshop will be hosted in Zoom open to all. The invitation with the zoom link will be send in the Mbed TLS, PSA Crypto* mailing lists in the coming days. Here are some of the proposed agenda topics. Please reply if there is anything else you would like us or you to present during the workshop that will be interesting to the community * Constant-time code * How to be an effective Mbed TLS reviewer * Processes - how does work get scheduled? * Roadmap, Mbed TLS3.0 * PSA Crypto APIs * How Do I contribute my first review. Thanks, Shebu (TrustedFirmware.org Co-Chair, Mbed TLS Technology Manager) * https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls https://lists.trustedfirmware.org/mailman/listinfo/psa-crypto

4 years, 1 month

1
0
0 0

Preparing for OP-TEE 3.11.0

by Jerome Forissier

[BCC all OP-TEE maintainers] Hi OP-TEE maintainers & contributors, OP-TEE 3.11.0 is scheduled to be released on Friday, October 16th. So, now is a good time to start testing the master branch on the various platforms and report/fix any bugs. The GitHub pull request for collecting Tested-by tags or any other comment is https://github.com/OP-TEE/optee_os/pull/4101. As usual, I will create a release candidate tag one week before the release date for final testing. Thanks! Regards, -- Jerome

4 years, 1 month

2
1
0 0

2024

2023

2022

2021

2020

OP-TEE