Tee-dev June 2018

tee-dev@lists.linaro.org

8 participants
6 discussions

[PATCH] optee: allow to work without static shared memory

by Volodymyr Babchuk

From: Volodymyr Babchuk <vlad.babchuk(a)gmail.com> On virtualized systems it is possible that OP-TEE will provide only dynamic shared memory support. So it is fine to boot without static SHM enabled if dymanic one is supported. Signed-off-by: Volodymyr Babchuk <vlad.babchuk(a)gmail.com> --- drivers/tee/optee/core.c | 83 ++++++++++++++++++++++++++++-------------------- 1 file changed, 49 insertions(+), 34 deletions(-) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index 4a2c420..d80da29 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -420,9 +420,35 @@ static bool optee_msg_exchange_capabilities(optee_invoke_fn *invoke_fn, return true; } +static struct tee_shm_pool *optee_config_dyn_shm(void) +{ + struct tee_shm_pool_mgr *priv_mgr; + struct tee_shm_pool_mgr *dmabuf_mgr; + void *rc; + + rc = optee_shm_pool_alloc_pages(); + if (IS_ERR(rc)) + return rc; + priv_mgr = rc; + + rc = optee_shm_pool_alloc_pages(); + if (IS_ERR(rc)) { + tee_shm_pool_mgr_destroy(priv_mgr); + return rc; + } + dmabuf_mgr = rc; + + rc = tee_shm_pool_alloc(priv_mgr, dmabuf_mgr); + if (IS_ERR(rc)) { + tee_shm_pool_mgr_destroy(priv_mgr); + tee_shm_pool_mgr_destroy(dmabuf_mgr); + } + + return rc; +} + static struct tee_shm_pool * -optee_config_shm_memremap(optee_invoke_fn *invoke_fn, void **memremaped_shm, - u32 sec_caps) +optee_config_shm_memremap(optee_invoke_fn *invoke_fn, void **memremaped_shm) { union { struct arm_smccc_res smccc; @@ -437,10 +463,11 @@ optee_config_shm_memremap(optee_invoke_fn *invoke_fn, void **memremaped_shm, struct tee_shm_pool_mgr *priv_mgr; struct tee_shm_pool_mgr *dmabuf_mgr; void *rc; + const int sz = OPTEE_SHM_NUM_PRIV_PAGES * PAGE_SIZE; invoke_fn(OPTEE_SMC_GET_SHM_CONFIG, 0, 0, 0, 0, 0, 0, 0, &res.smccc); if (res.result.status != OPTEE_SMC_RETURN_OK) { - pr_info("shm service not available\n"); + pr_err("static shm service not available\n"); return ERR_PTR(-ENOENT); } @@ -466,28 +493,15 @@ optee_config_shm_memremap(optee_invoke_fn *invoke_fn, void **memremaped_shm, } vaddr = (unsigned long)va; - /* - * If OP-TEE can work with unregistered SHM, we will use own pool - * for private shm - */ - if (sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) { - rc = optee_shm_pool_alloc_pages(); - if (IS_ERR(rc)) - goto err_memunmap; - priv_mgr = rc; - } else { - const size_t sz = OPTEE_SHM_NUM_PRIV_PAGES * PAGE_SIZE; - - rc = tee_shm_pool_mgr_alloc_res_mem(vaddr, paddr, sz, - 3 /* 8 bytes aligned */); - if (IS_ERR(rc)) - goto err_memunmap; - priv_mgr = rc; - - vaddr += sz; - paddr += sz; - size -= sz; - } + rc = tee_shm_pool_mgr_alloc_res_mem(vaddr, paddr, sz, + 3 /* 8 bytes aligned */); + if (IS_ERR(rc)) + goto err_memunmap; + priv_mgr = rc; + + vaddr += sz; + paddr += sz; + size -= sz; rc = tee_shm_pool_mgr_alloc_res_mem(vaddr, paddr, size, PAGE_SHIFT); if (IS_ERR(rc)) @@ -553,7 +567,7 @@ static optee_invoke_fn *get_invoke_func(struct device_node *np) static struct optee *optee_probe(struct device_node *np) { optee_invoke_fn *invoke_fn; - struct tee_shm_pool *pool; + struct tee_shm_pool *pool = ERR_PTR(-EINVAL); struct optee *optee = NULL; void *memremaped_shm = NULL; struct tee_device *teedev; @@ -582,13 +596,17 @@ static struct optee *optee_probe(struct device_node *np) } /* - * We have no other option for shared memory, if secure world - * doesn't have any reserved memory we can use we can't continue. + * Try to use dynamic shared memory if possible */ - if (!(sec_caps & OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM)) - return ERR_PTR(-EINVAL); + if (sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) + pool = optee_config_dyn_shm(); + + /* + * If dynamic shared memory is not available or failed - try static one + */ + if (IS_ERR(pool) && (sec_caps & OPTEE_SMC_SEC_CAP_HAVE_RESERVED_SHM)) + pool = optee_config_shm_memremap(invoke_fn, &memremaped_shm); - pool = optee_config_shm_memremap(invoke_fn, &memremaped_shm, sec_caps); if (IS_ERR(pool)) return (void *)pool; @@ -632,9 +650,6 @@ static struct optee *optee_probe(struct device_node *np) optee_enable_shm_cache(optee); - if (optee->sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) - pr_info("dynamic shared memory is enabled\n"); - pr_info("initialized driver\n"); return optee; err: -- 2.7.4

5 years

About the initialization vector (IV) of AES-GCM used in pager

by shijun zhao

Hi, everyone, I find that pager uses AES-GCM to protect data sections. I see that the initialization vectors (IVs) used in AES-GCM for every page is initialized to be zero. However, according to the NIST 800 specification [1]: IV should not repeat, otherwise AES-GCM may be vulnerable to the forgery attacks [2]. So I suggest concatenating the physical address of each page (DRAM address) and the IV, then the concatenated IVs will be different for each page. I also see that pager is removed from many devices, such as i.mx and Hikey. Doesn't OP-TEE support pager any more? Best Regards, Shijun Zhao 1. Dworkin M. NIST special publication 800-38B[J]. NIST special publication, 2005, 800(38B): 38B. 2. A. Joux, Authentication Failures in NIST version of GCM, Natl. Inst. Stand. Technol. [Web page], http://www.csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/800-38_Se….

6 years, 4 months

OP-TEE 3.2.0-rc1 [Re: OP-TEE 3.2.0-rc1 next week]

by Jerome Forissier

Hi, I have tagged 3.2.0-rc1 yesterday, please help test it. I will collect Tested-bys on https://github.com/OP-TEE/optee_os/pull/2404. Of course, feel free to use the GitHub issues/pull request pages in case something is wrong. Thanks, -- Jerome On 14 June 2018 at 10:30, Jerome Forissier <jerome.forissier(a)linaro.org> wrote: > Hello OP-TEE contributors and maintainers, > > It is time to prepare for release 3.2.0. I will create the -rc1 tag next > Wednesday (June 20), and hopefully the final release will follow one week > later. > > So, if there are things you would like included in 3.2.0, please push them > now. Please update your pending pull requests, help review patches, run > some tests on master, etc. After -rc1 and until the release, we will take > only bug fixes into master, as usual. > > I will let you know when the -rc1 tag is ready for testing. > > Thanks for your continued help and support! > -- > Jerome >

6 years, 5 months

Bug 3906 - meta-linaro/meta-optee/recipe-security/optee/optee-client.bb build failure due to openembedded-core changes (edit)

by Simon Hughes

Hi Can only help with resolving the following issue with building optee? This is a bug I filed recently in the linaro bug database: Simon Hughes<mailto:simon.hughes@arm.com> 2018-06-13 16:36:50 UTC Changes committed to openembedded-core master within the last 24hrs have broken the mbed Linux build which uses meta-linaro: =================================================================== 02:48:15 ERROR: Logfile of failure stored in: /work/machine-imx7s-warp-mbl/mbl-manifest/build-mbl/tmp-mbl-glibc/work/cortexa7hf-neon-oe-linux-gnueabi/optee-client/2.6.0+gitAUTOINC+73b4e490a8-r0/temp/log.do_compile.12265 02:48:15 Log data follows: 02:48:15 | DEBUG: Executing shell function do_compile 02:48:15 | NOTE: make -j 24 02:48:15 | Building libteec.so 02:48:15 | CC src/tee_client_api.c 02:48:15 | CC src/teec_trace.c 02:48:15 | src/teec_trace.c: In function '_dprintf': 02:48:15 | src/teec_trace.c:110:24: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 246 [-Werror=format-truncation=] 02:48:15 | "%s [%d] %s:%s:%d: %s", 02:48:15 | ^~ 02:48:15 | src/teec_trace.c:112:11: 02:48:15 | line, raw); 02:48:15 | ~~~ 02:48:15 | src/teec_trace.c:109:3: note: 'snprintf' output 11 or more bytes (assuming 266) into a destination of size 256 02:48:15 | snprintf(prefixed, MAX_PRINT_SIZE, 02:48:15 | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 02:48:15 | "%s [%d] %s:%s:%d: %s", 02:48:15 | ~~~~~~~~~~~~~~~~~~~~~~~ 02:48:15 | trace_level_strings[level], thread_id, prefix, func, 02:48:15 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 02:48:15 | line, raw); 02:48:15 | ~~~~~~~~~~ 02:48:15 | cc1: all warnings being treated as errors 02:48:15 | Makefile:52: recipe for target '/work/machine-imx7s-warp-mbl/mbl-manifest/build-mbl/tmp-mbl-glibc/work/cortexa7hf-neon-oe-linux-gnueabi/optee-client/2.6.0+gitAUTOINC+73b4e490a8-r0/git/libteec/../out/libteec/teec_trace.o' failed 02:48:15 | make[1]: *** [/work/machine-imx7s-warp-mbl/mbl-manifest/build-mbl/tmp-mbl-glibc/work/cortexa7hf-neon-oe-linux-gnueabi/optee-client/2.6.0+gitAUTOINC+73b4e490a8-r0/git/libteec/../out/libteec/teec_trace.o] Error 1 02:48:15 | make[1]: *** Waiting for unfinished jobs.... 02:48:15 | Makefile:31: recipe for target 'build-libteec' failed 02:48:15 | make: *** [build-libteec] Error 2 02:48:15 | ERROR: oe_runmake failed 02:48:15 | WARNING: exit code 1 from a shell command. 02:48:15 | ERROR: Function failed: do_compile (log file is located at /work/machine-imx7s-warp-mbl/mbl-manifest/build-mbl/tmp-mbl-glibc/work/cortexa7hf-neon-oe-linux-gnueabi/optee-client/2.6.0+gitAUTOINC+73b4e490a8-r0/temp/log.do_compile.12265) 02:48:15 NOTE: recipe optee-client-2.6.0+gitAUTOINC+73b4e490a8-r0: task do_compile: Failed 02:48:15 NOTE: recipe alsa-state-0.2.0-r5: task do_install: Succeeded 02:48:15 ERROR: Task (/work/machine-imx7s-warp-mbl/mbl-manifest/build-mbl/conf/../../layers/meta-linaro/meta-optee/recipes-security/optee/optee-client.bb:do_compile) failed with exit code '1' 02:48:15 NOTE: recipe modutils-initscripts-1.0-r7: task do_install: Started =================================================================== between openembedded-core master commit bad: 8ab5b439ea82ac775494a0ce7a6f3615b61c94be openembedded-core master commit good:23f15c63777020f5d43b070a1eb2bcf246c19ff8 Here is the diff between mbl-manifest pinned-manifest.xml's between <bad build nad >good build simhug01@mbed-linux-test:/mnt/data/default_20180613_122141/mbl-manifest$ cat ../manifest_xml_changes.txt 20,21c20,21 < <project name="openembedded/meta-openembedded" path="layers/meta-openembedded" remote="github" revision="d9e257abbe16b9d30171493fa8f1d7e2d24cefe5" upstream="master"/> < <project name="openembedded/openembedded-core" path="layers/openembedded-core" remote="github" revision="8ab5b439ea82ac775494a0ce7a6f3615b61c94be" upstream="master"/> --- > <project name="openembedded/meta-openembedded" path="layers/meta-openembedded" remote="github" revision="bb57bac845f3cd1634862fa9868bc8e294ba74a9" upstream="master"/> > <project name="openembedded/openembedded-core" path="layers/openembedded-core" remote="github" revision="23f15c63777020f5d43b070a1eb2bcf246c19ff8" upstream="master"/> Other triage information: triage: ◾This build succeeded: http://xxxxx/job/mbl-master/559/ ◾This build failed: http://xxxxx//job/mbl-master/560/<http://xxxxx/job/mbl-master/560/> ◾The only projects that added changes between these to versions are openembedded-core and meta-openembedded (not meta-linaro containing meta-optee which holds the breaking optee-client.bb recipe). ◾Pinning oe-core in default.xml manifest to build 559 pin builds successfully (leaving meta-oe at head of master). ◾Pinning meta-oe in default manifest to build 559 pin doesn't build successfully (leaving oe-core at head of master). ◾Numerous oe-core changes have been added wrt gcc compiler recipes. Likely that a compiler option has been added to treat certain warnings as errors causing the latest break. ◾Should notify linaro project of the break and see if they fix it, or whether oe-core changes accommodate (less likely). Approach Linaro staff member Ryan Harkin as a Linaro interface to bug logger. Thanks Simon IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

6 years, 5 months

Question About Trusted Application (.ta)

by Yin Liu

Hello, I'm learning the Trusted application that can be run in the TEE. I was wondering whether there are some ways to check the .ta file's instructions, just like using objdump or readelf on ELF. I'm also interested how does the .ta be protected? What's the difference between the .ta and normal executable? Would it be possible to give me some information about that? Thanks in advance! Brs, YL

6 years, 5 months

OP-TEE 3.2.0-rc1 next week

by Jerome Forissier

Hello OP-TEE contributors and maintainers, It is time to prepare for release 3.2.0. I will create the -rc1 tag next Wednesday (June 20), and hopefully the final release will follow one week later. So, if there are things you would like included in 3.2.0, please push them now. Please update your pending pull requests, help review patches, run some tests on master, etc. After -rc1 and until the release, we will take only bug fixes into master, as usual. I will let you know when the -rc1 tag is ready for testing. Thanks for your continued help and support! -- Jerome

6 years, 5 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Tee-dev June 2018