Re: [PATCH v6 12/12] Documentation: tee: Add Qualcomm TEE driver

On Sun, Jul 13, 2025 at 05:49:24PM -0700, Amirreza Zarrabi wrote:

Add documentation for the Qualcomm TEE driver.

Signed-off-by: Amirreza Zarrabi amirreza.zarrabi@oss.qualcomm.com

Documentation/tee/index.rst | 1 + Documentation/tee/qtee.rst | 96 +++++++++++++++++++++++++++++++++++++++++++++ MAINTAINERS | 1 + 3 files changed, 98 insertions(+)

Acked-by: Sumit Garg sumit.garg@oss.qualcomm.com

-Sumit

diff --git a/Documentation/tee/index.rst b/Documentation/tee/index.rst index 4be6e69d7837..62afb7ee9b52 100644 --- a/Documentation/tee/index.rst +++ b/Documentation/tee/index.rst @@ -11,6 +11,7 @@ TEE Subsystem op-tee amd-tee ts-tee

• qtee

.. only:: subproject and html diff --git a/Documentation/tee/qtee.rst b/Documentation/tee/qtee.rst new file mode 100644 index 000000000000..2fa2c1bf6384 --- /dev/null +++ b/Documentation/tee/qtee.rst @@ -0,0 +1,96 @@ +.. SPDX-License-Identifier: GPL-2.0

+============================================= +QTEE (Qualcomm Trusted Execution Environment) +=============================================

+The QTEE driver handles communication with Qualcomm TEE [1].

+The lowest level of communication with QTEE builds on the ARM SMC Calling +Convention (SMCCC) [2], which is the foundation for QTEE's Secure Channel +Manager (SCM) [3] used internally by the driver.

+In a QTEE-based system, services are represented as objects with a series of +operations that can be called to produce results, including other objects.

+When an object is hosted within QTEE, executing its operations is referred +to as "direct invocation". QTEE can also invoke objects hosted in the non-secure +world using a method known as "callback request".

+The SCM provides two functions to support direct invocation and callback requests:

+- QCOM_SCM_SMCINVOKE_INVOKE: Used for direct invocation. It can return either

• a result or initiate a callback request.

+- QCOM_SCM_SMCINVOKE_CB_RSP: Used to submit a response to a callback request

• triggered by a previous direct invocation.

+The QTEE Transport Message [4] is stacked on top of the SCM driver functions.

+A message consists of two buffers shared with QTEE: inbound and outbound +buffers. The inbound buffer is used for direct invocation, and the outbound +buffer is used to make callback requests. This picture shows the contents of +a QTEE transport message::

•                                  +---------------------+
  

•                                  |                     v
  

• +-----------------+-------+-------+------+--------------------------+
• | qcomtee_msg_ |object | buffer | |
• | object_invoke | id | offset, size | | (inbound buffer)
• +-----------------+-------+--------------+--------------------------+
• <---- header -----><---- arguments ------><- in/out buffer payload ->

•                                  +-----------+
  

•                                  |           v
  

• +-----------------+-------+-------+------+----------------------+
• | qcomtee_msg_ |object | buffer | |
• | callback | id | offset, size | | (outbound buffer)
• +-----------------+-------+--------------+----------------------+

+Each buffer is started with a header and array of arguments.

+QTEE Transport Message supports four types of arguments:

+- Input Object (IO) is an object parameter to the current invocation

• or callback request.

+- Output Object (OO) is an object parameter from the current invocation

• or callback request.

+- Input Buffer (IB) is (offset, size) pair to the inbound or outbound region

• to store parameter to the current invocation or callback request.

+- Output Buffer (OB) is (offset, size) pair to the inbound or outbound region

• to store parameter from the current invocation or callback request.

+Picture of the relationship between the different components in the QTEE +architecture::

•     User space               Kernel                     Secure world
  

•     ~~~~~~~~~~               ~~~~~~                     ~~~~~~~~~~~~
  

• +--------+ +----------+ +--------------+
• | Client | |callback | | Trusted |
• +--------+ |server | | Application |

•  /\        +----------+                                +--------------+
  

•  ||  +----------+ /\                                          /\
  

•  ||  |callback  | ||                                          ||
  

•  ||  |server    | ||                                          \/
  

•  ||  +----------+ ||                                   +--------------+
  

•  ||       /\      ||                                   | TEE Internal |
  

•  ||       ||      ||                                   | API          |
  

•  \/       \/      \/   +--------+--------+             +--------------+
  

• +---------------------+ | TEE | QTEE | | QTEE |
• | libqcomtee [5] | | subsys | driver | | Trusted OS |
• +-------+-------------+--+----+-------+----+-------------+--------------+
• | Generic TEE API | | QTEE MSG |
• | IOCTL (TEE_IOC_*) | | SMCCC (QCOM_SCM_SMCINVOKE_*) |
• +-----------------------------+ +---------------------------------+

+References +==========

+[1] https://docs.qualcomm.com/bundle/publicresource/topics/80-70015-11/qualcomm-...

+[2] http://infocenter.arm.com/help/topic/com.arm.doc.den0028a/index.html

+[3] drivers/firmware/qcom/qcom_scm.c

+[4] drivers/tee/qcomtee/qcomtee_msg.h

+[5] https://github.com/quic/quic-teec diff --git a/MAINTAINERS b/MAINTAINERS index 9fc58f48fa14..391fc6e6defc 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -20706,6 +20706,7 @@ QUALCOMM TEE (QCOMTEE) DRIVER M: Amirreza Zarrabi amirreza.zarrabi@oss.qualcomm.com L: linux-arm-msm@vger.kernel.org S: Maintained +F: Documentation/tee/qtee.rst F: drivers/tee/qcomtee/ QUALCOMM TRUST ZONE MEMORY ALLOCATOR

-- 2.34.1