Tee-dev May 2020

tee-dev@lists.linaro.org

22 participants
23 discussions

[PATCH v1] tee: optee: Use UUID API for exporting the UUID

by Andy Shevchenko

There is export_uuid() function which exports uuid_t to the u8 array. Use it instead of open coding variant. This allows to hide the uuid_t internals. Signed-off-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> --- drivers/tee/optee/device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c index e3a148521ec1d..2ecc6993f48bb 100644 --- a/drivers/tee/optee/device.c +++ b/drivers/tee/optee/device.c @@ -107,7 +107,7 @@ int optee_enumerate_devices(void) return -ENODEV; /* Open session with device enumeration pseudo TA */ - memcpy(sess_arg.uuid, pta_uuid.b, TEE_IOCTL_UUID_LEN); + export_uuid(sess_arg.uuid, &pta_uuid); sess_arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC; sess_arg.num_params = 0; -- 2.26.1

4 years, 1 month

[GIT PULL] tee subsystem pin_user_pages for v5.8

by Jens Wiklander

Hello arm-soc maintainers, Please pull this small patch converting the tee subsystem to use pin_user_pages() instead of get_user_pages(). Thanks, Jens The following changes since commit ae83d0b416db002fe95601e7f97f64b59514d936: Linux 5.7-rc2 (2020-04-19 14:35:30 -0700) are available in the Git repository at: git://git.linaro.org:/people/jens.wiklander/linux-tee.git tags/tee-pin-user-pages-for-5.8 for you to fetch changes up to 37f6b4d5f47b600ec4ab6682c005a44a1bfca530: tee: convert get_user_pages() --> pin_user_pages() (2020-05-26 10:42:41 +0200) ---------------------------------------------------------------- Converts tee subsystem to use pin_user_pages() instead of get_user_pages() ---------------------------------------------------------------- John Hubbard (1): tee: convert get_user_pages() --> pin_user_pages() drivers/tee/tee_shm.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-)

4 years, 3 months

[PATCH] optee: immediately free buffers that are released by OP-TEE

by Volodymyr Babchuk

Normal World can share buffer with OP-TEE for two reasons: 1. Some client application wants to exchange data with TA 2. OP-TEE asks for shared buffer for internal needs The second case was handle more strictly than necessary: 1. In RPC request OP-TEE asks for buffer 2. NW allocates buffer and provides it via RPC response 3. Xen pins pages and translates data 4. Xen provides buffer to OP-TEE 5. OP-TEE uses it 6. OP-TEE sends request to free the buffer 7. NW frees the buffer and sends the RPC response 8. Xen unpins pages and forgets about the buffer The problem is that Xen should forget about buffer in between stages 6 and 7. I.e. the right flow should be like this: 6. OP-TEE sends request to free the buffer 7. Xen unpins pages and forgets about the buffer 8. NW frees the buffer and sends the RPC response This is because OP-TEE internally frees the buffer before sending the "free SHM buffer" request. So we have no reason to hold reference for this buffer anymore. Moreover, in multiprocessor systems NW have time to reuse buffer cookie for another buffer. Xen complained about this and denied the new buffer registration. I have seen this issue while running tests on iMX SoC. So, this patch basically corrects that behavior by freeing the buffer earlier, when handling RPC return from OP-TEE. Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk(a)epam.com> --- xen/arch/arm/tee/optee.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/tee/optee.c b/xen/arch/arm/tee/optee.c index 6a035355db..af19fc31f8 100644 --- a/xen/arch/arm/tee/optee.c +++ b/xen/arch/arm/tee/optee.c @@ -1099,6 +1099,26 @@ static int handle_rpc_return(struct optee_domain *ctx, if ( shm_rpc->xen_arg->cmd == OPTEE_RPC_CMD_SHM_ALLOC ) call->rpc_buffer_type = shm_rpc->xen_arg->params[0].u.value.a; + /* + * OP-TEE signals that it frees the buffer that it requested + * before. This is the right for us to do the same. + */ + if ( shm_rpc->xen_arg->cmd == OPTEE_RPC_CMD_SHM_FREE ) + { + uint64_t cookie = shm_rpc->xen_arg->params[0].u.value.b; + + free_optee_shm_buf(ctx, cookie); + + /* + * This should never happen. We have a bug either in the + * OP-TEE or in the mediator. + */ + if ( call->rpc_data_cookie && call->rpc_data_cookie != cookie ) + gprintk(XENLOG_ERR, + "Saved RPC cookie does not corresponds to OP-TEE's (%"PRIx64" != %"PRIx64")\n", + call->rpc_data_cookie, cookie); + call->rpc_data_cookie = 0; + } unmap_domain_page(shm_rpc->xen_arg); } @@ -1464,10 +1484,6 @@ static void handle_rpc_cmd(struct optee_domain *ctx, struct cpu_user_regs *regs, } break; case OPTEE_RPC_CMD_SHM_FREE: - free_optee_shm_buf(ctx, shm_rpc->xen_arg->params[0].u.value.b); - if ( call->rpc_data_cookie == - shm_rpc->xen_arg->params[0].u.value.b ) - call->rpc_data_cookie = 0; break; default: break; -- 2.25.0

4 years, 5 months

[PATCH v2] drivers: optee: allow op-tee to access devices on the i2c bus

by Jorge Ramirez-Ortiz

Some secure elements like NXP's SE050 sit on I2C buses. For OP-TEE to control this type of cryptographic devices it needs coordinated access to the bus, so collisions and RUNTIME_PM dont get in the way. This trampoline driver allow OP-TEE to access them. Signed-off-by: Jorge Ramirez-Ortiz <jorge(a)foundries.io> --- drivers/tee/optee/optee_msg.h | 18 +++++++++++ drivers/tee/optee/rpc.c | 57 +++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h index 795bc19ae17a..b6cc964fdeea 100644 --- a/drivers/tee/optee/optee_msg.h +++ b/drivers/tee/optee/optee_msg.h @@ -419,4 +419,22 @@ struct optee_msg_arg { */ #define OPTEE_MSG_RPC_CMD_SHM_FREE 7 +/* + * Access a device on an i2c bus + * + * [in] param[0].u.value.a mode: RD(0), WR(1) + * [in] param[0].u.value.b i2c adapter + * [in] param[0].u.value.c i2c chip + * + * [io] param[1].u.tmem.buf_ptr physical address + * [io] param[1].u.tmem.size transfer size in bytes + * [io] param[1].u.tmem.shm_ref shared memory reference + * + * [out] param[0].u.value.a bytes transferred + * + */ +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER 8 +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER_RD 0 +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER_WR 1 + #endif /* _OPTEE_MSG_H */ diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c index b4ade54d1f28..21d452805c6f 100644 --- a/drivers/tee/optee/rpc.c +++ b/drivers/tee/optee/rpc.c @@ -9,6 +9,7 @@ #include <linux/device.h> #include <linux/slab.h> #include <linux/tee_drv.h> +#include <linux/i2c.h> #include "optee_private.h" #include "optee_smc.h" @@ -48,6 +49,59 @@ static void handle_rpc_func_cmd_get_time(struct optee_msg_arg *arg) bad: arg->ret = TEEC_ERROR_BAD_PARAMETERS; } +static void handle_rpc_func_cmd_i2c_transfer(struct tee_context *ctx, + struct optee_msg_arg *arg) +{ + struct i2c_client client; + struct tee_shm *shm; + int i, ret; + char *buf; + uint32_t attr[] = { + OPTEE_MSG_ATTR_TYPE_VALUE_INPUT, + OPTEE_MSG_ATTR_TYPE_TMEM_INOUT, + OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT, + }; + + if (arg->num_params != ARRAY_SIZE(attr)) + goto bad; + + for (i = 0; i < ARRAY_SIZE(attr); i++) + if ((arg->params[i].attr & OPTEE_MSG_ATTR_TYPE_MASK) != attr[i]) + goto bad; + + shm = (struct tee_shm *)(unsigned long)arg->params[1].u.tmem.shm_ref; + buf = (char *)shm->kaddr; + + client.addr = arg->params[0].u.value.c; + client.adapter = i2c_get_adapter(arg->params[0].u.value.b); + if (!client.adapter) + goto bad; + + snprintf(client.name, I2C_NAME_SIZE, "i2c%d", client.adapter->nr); + + switch (arg->params[0].u.value.a) { + case OPTEE_MSG_RPC_CMD_I2C_TRANSFER_RD: + ret = i2c_master_recv(&client, buf, arg->params[1].u.tmem.size); + break; + case OPTEE_MSG_RPC_CMD_I2C_TRANSFER_WR: + ret = i2c_master_send(&client, buf, arg->params[1].u.tmem.size); + break; + default: + i2c_put_adapter(client.adapter); + goto bad; + } + + if (ret >= 0) { + arg->params[2].u.value.a = ret; + arg->ret = TEEC_SUCCESS; + } else + arg->ret = TEEC_ERROR_COMMUNICATION; + + i2c_put_adapter(client.adapter); + return; +bad: + arg->ret = TEEC_ERROR_BAD_PARAMETERS; +} static struct wq_entry *wq_entry_get(struct optee_wait_queue *wq, u32 key) { @@ -382,6 +436,9 @@ static void handle_rpc_func_cmd(struct tee_context *ctx, struct optee *optee, case OPTEE_MSG_RPC_CMD_SHM_FREE: handle_rpc_func_cmd_shm_free(ctx, arg); break; + case OPTEE_MSG_RPC_CMD_I2C_TRANSFER: + handle_rpc_func_cmd_i2c_transfer(ctx, arg); + break; default: handle_rpc_supp_cmd(ctx, arg); } -- 2.17.1

4 years, 5 months

[PATCH v4 0/4] Introduce TEE based Trusted Keys support

by Sumit Garg

Add support for TEE based trusted keys where TEE provides the functionality to seal and unseal trusted keys using hardware unique key. Also, this is an alternative in case platform doesn't possess a TPM device. This patch-set has been tested with OP-TEE based early TA which can be found here [1]. [1] https://github.com/OP-TEE/optee_os/pull/3838 Changes in v4: 1. Pushed independent TEE features separately: - Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062 2. Updated trusted-encrypted doc with TEE as a new trust source. 3. Rebased onto latest tpmdd/master. Changes in v3: 1. Update patch #2 to support registration of multiple kernel pages. 2. Incoporate dependency patch #4 in this patch-set: https://patchwork.kernel.org/patch/11091435/ Changes in v2: 1. Add reviewed-by tags for patch #1 and #2. 2. Incorporate comments from Jens for patch #3. 3. Switch to use generic trusted keys framework. Sumit Garg (4): KEYS: trusted: Add generic trusted keys framework KEYS: trusted: Introduce TEE based Trusted Keys doc: trusted-encrypted: updates with TEE as a new trust source MAINTAINERS: Add entry for TEE based Trusted Keys Documentation/security/keys/trusted-encrypted.rst | 203 ++++++++++--- MAINTAINERS | 8 + include/keys/trusted-type.h | 48 ++++ include/keys/trusted_tee.h | 66 +++++ include/keys/trusted_tpm.h | 15 - security/keys/Kconfig | 3 + security/keys/trusted-keys/Makefile | 2 + security/keys/trusted-keys/trusted_common.c | 336 ++++++++++++++++++++++ security/keys/trusted-keys/trusted_tee.c | 282 ++++++++++++++++++ security/keys/trusted-keys/trusted_tpm1.c | 335 ++++----------------- 10 files changed, 974 insertions(+), 324 deletions(-) create mode 100644 include/keys/trusted_tee.h create mode 100644 security/keys/trusted-keys/trusted_common.c create mode 100644 security/keys/trusted-keys/trusted_tee.c -- 2.7.4

4 years, 5 months

[PATCHv5 0/3] optee: register drivers on optee bus

by Maxim Uvarov

v5: - removed pr_err and fix typos in description (Jarkko Sakkinen) - added missed kfree in optee_open() v4: - sysfs entry is optee-ta-uuid (Jerome Forissier, Sumit Garg) - added Documentation/ABI/testing/sysfs-bus-optee-devices (Greg Kroah-Hartman) v3: - support tee-suppicant restart (Jens Wiklander) - description and comments (Jarkko Sakkinen) - do not name optee drivers by index in sysfs (Sumit Garg) v2: - write TEE with capital letters. - declare __optee_enumerate_device() as static. Maxim Uvarov (3): optee: do drivers initialization before and after tee-supplicant run optee: use uuid for sysfs driver entry tpm_ftpm_tee: register driver on TEE bus .../ABI/testing/sysfs-bus-optee-devices | 8 +++ MAINTAINERS | 2 + drivers/char/tpm/tpm_ftpm_tee.c | 70 ++++++++++++++++--- drivers/tee/optee/core.c | 24 ++++++- drivers/tee/optee/device.c | 23 +++--- drivers/tee/optee/optee_private.h | 10 ++- 6 files changed, 114 insertions(+), 23 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-bus-optee-devices -- 2.17.1

4 years, 5 months

[PATCH] drivers: optee: allow op-tee to access devices on the i2c bus

by Jorge Ramirez-Ortiz

Some secure elements like NXP's SE050 sit on I2C buses. For OP-TEE to control this type of cryptographic devices it needs coordinated access to the bus, so collisions and RUNTIME_PM dont get in the way. This trampoline driver allow OP-TEE to access them. Signed-off-by: Jorge Ramirez-Ortiz <jorge(a)foundries.io> --- drivers/tee/optee/optee_msg.h | 18 +++++++++++ drivers/tee/optee/rpc.c | 56 +++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h index 795bc19ae17a..b6cc964fdeea 100644 --- a/drivers/tee/optee/optee_msg.h +++ b/drivers/tee/optee/optee_msg.h @@ -419,4 +419,22 @@ struct optee_msg_arg { */ #define OPTEE_MSG_RPC_CMD_SHM_FREE 7 +/* + * Access a device on an i2c bus + * + * [in] param[0].u.value.a mode: RD(0), WR(1) + * [in] param[0].u.value.b i2c adapter + * [in] param[0].u.value.c i2c chip + * + * [io] param[1].u.tmem.buf_ptr physical address + * [io] param[1].u.tmem.size transfer size in bytes + * [io] param[1].u.tmem.shm_ref shared memory reference + * + * [out] param[0].u.value.a bytes transferred + * + */ +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER 8 +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER_RD 0 +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER_WR 1 + #endif /* _OPTEE_MSG_H */ diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c index b4ade54d1f28..6c8457ac2524 100644 --- a/drivers/tee/optee/rpc.c +++ b/drivers/tee/optee/rpc.c @@ -9,6 +9,7 @@ #include <linux/device.h> #include <linux/slab.h> #include <linux/tee_drv.h> +#include <linux/i2c.h> #include "optee_private.h" #include "optee_smc.h" @@ -48,6 +49,58 @@ static void handle_rpc_func_cmd_get_time(struct optee_msg_arg *arg) bad: arg->ret = TEEC_ERROR_BAD_PARAMETERS; } +static void handle_rpc_func_cmd_i2c_transfer(struct tee_context *ctx, + struct optee_msg_arg *arg) +{ + struct i2c_client client; + struct tee_shm *shm; + int i, ret; + char *buf; + uint32_t attr[] = { + OPTEE_MSG_ATTR_TYPE_VALUE_INPUT, + OPTEE_MSG_ATTR_TYPE_TMEM_INOUT, + OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT, + }; + + if (arg->num_params != ARRAY_SIZE(attr)) + goto bad; + + for (i = 0; i < ARRAY_SIZE(attr); i++) + if ((arg->params[i].attr & OPTEE_MSG_ATTR_TYPE_MASK) != attr[i]) + goto bad; + + shm = (struct tee_shm *)(unsigned long)arg->params[1].u.tmem.shm_ref; + buf = (char *)shm->kaddr; + + client.addr = arg->params[0].u.value.c; + client.adapter = i2c_get_adapter(arg->params[0].u.value.b); + if (!client.adapter) + goto bad; + + snprintf(client.name, I2C_NAME_SIZE, "i2c%d", client.adapter->nr); + + switch (arg->params[0].u.value.a) { + case OPTEE_MSG_RPC_CMD_I2C_TRANSFER_RD: + ret = i2c_master_recv(&client, buf, arg->params[1].u.tmem.size); + break; + case OPTEE_MSG_RPC_CMD_I2C_TRANSFER_WR: + ret = i2c_master_send(&client, buf, arg->params[1].u.tmem.size); + break; + default: + goto bad; + } + + if (ret >= 0) { + arg->params[2].u.value.a = ret; + arg->ret = TEEC_SUCCESS; + } else + arg->ret = TEEC_ERROR_COMMUNICATION; + + i2c_put_adapter(client.adapter); + return; +bad: + arg->ret = TEEC_ERROR_BAD_PARAMETERS; +} static struct wq_entry *wq_entry_get(struct optee_wait_queue *wq, u32 key) { @@ -382,6 +435,9 @@ static void handle_rpc_func_cmd(struct tee_context *ctx, struct optee *optee, case OPTEE_MSG_RPC_CMD_SHM_FREE: handle_rpc_func_cmd_shm_free(ctx, arg); break; + case OPTEE_MSG_RPC_CMD_I2C_TRANSFER: + handle_rpc_func_cmd_i2c_transfer(ctx, arg); + break; default: handle_rpc_supp_cmd(ctx, arg); } -- 2.17.1

4 years, 5 months

[PATCHv2 0/2] optee: register drivers on optee bus

by Maxim Uvarov

v2: - write TEE with capital letters. - declare __optee_enumerate_device() as static. Hello, This patchset fixes issues with probing() tee, optee and optee driver if they were compiled into kernel, built as modules or any mixed combination. These changes require optee-os changes which already were merged. Main corresponding commits are: https://github.com/OP-TEE/optee_os/commit/9389d8030ef198c9d7b8ab7ea8e877e0a… https://github.com/OP-TEE/optee_os/commit/bc5921cdab538c8ae48422f5ffd600f1c… optee_enumerate_devices() which discovers Trusted Applications on tee bus is split up on 2 changes. Do probe of drivers which do not require userspace support of tee-supplicant and stage two to run drivers with support of tee-supplicant only after tee supplicant run. Best regards, Maxim. Maxim Uvarov (2): optee: do drivers initialization before and after tee-supplicant run tpm_ftpm_tee: register driver on TEE bus drivers/char/tpm/tpm_ftpm_tee.c | 69 ++++++++++++++++++++++++++----- drivers/tee/optee/core.c | 25 +++++++++-- drivers/tee/optee/device.c | 17 +++++--- drivers/tee/optee/optee_private.h | 8 +++- 4 files changed, 99 insertions(+), 20 deletions(-) -- 2.17.1

4 years, 5 months

[PATCHv3 0/3] optee: register drivers on optee bus

by Maxim Uvarov

v3: - support tee-suppicant restart (Jens Wiklander) - description and comments ( Jarkko Sakkinen) - do not name optee drivers by index in sysfs (Sumit Garg) v2: - write TEE with capital letters. - declare __optee_enumerate_device() as static. Hello, This patchset fixes issues with probing() tee, optee and optee driver if they were compiled into kernel, built as modules or any mixed combination. These changes require optee-os changes which already were merged. Main corresponding commits are: https://github.com/OP-TEE/optee_os/commit/9389d8030ef198c9d7b8ab7ea8e877e0a… https://github.com/OP-TEE/optee_os/commit/bc5921cdab538c8ae48422f5ffd600f1c… optee_enumerate_devices() which discovers Trusted Applications on tee bus is split up on 2 changes. Do probe of drivers which do not require userspace support of tee-supplicant and stage two to run drivers with support of tee-supplicant only after tee supplicant run. Best regards, Maxim. Maxim Uvarov (3): optee: do drivers initialization before and after tee-supplicant run optee: use uuid for sysfs driver entry tpm_ftpm_tee: register driver on TEE bus drivers/char/tpm/tpm_ftpm_tee.c | 70 ++++++++++++++++++++++++++----- drivers/tee/optee/core.c | 28 +++++++++++-- drivers/tee/optee/device.c | 23 ++++++---- drivers/tee/optee/optee_private.h | 10 ++++- 4 files changed, 108 insertions(+), 23 deletions(-) -- 2.17.1

4 years, 6 months

[PATCH] tee: fix crypto select

by Arnd Bergmann

When selecting a crypto cipher, we also need to select the subsystem itself: WARNING: unmet direct dependencies detected for CRYPTO_SHA1 Depends on [m]: CRYPTO [=m] Selected by [y]: - TEE [=y] && (HAVE_ARM_SMCCC [=n] || COMPILE_TEST [=y] || CPU_SUP_AMD [=y]) Selected by [m]: - CRYPTO_DEV_QAT [=m] && CRYPTO [=m] && CRYPTO_HW [=y] - CRYPTO_DEV_MEDIATEK [=m] && CRYPTO [=m] && CRYPTO_HW [=y] && (ARM && ARCH_MEDIATEK || COMPILE_TEST [=y]) - CRYPTO_DEV_SAFEXCEL [=m] && CRYPTO [=m] && CRYPTO_HW [=y] && (OF [=y] || PCI [=y] || COMPILE_TEST [=y]) && HAS_IOMEM [=y] - CRYPTO_DEV_CCREE [=m] && CRYPTO [=m] && CRYPTO_HW [=y] && OF [=y] && HAS_DMA [=y] - CRYPTO_DEV_SP_CCP [=y] && CRYPTO [=m] && CRYPTO_HW [=y] && CRYPTO_DEV_CCP [=y] && CRYPTO_DEV_CCP_DD [=m] && DMADEVICES [=y] Fixes: e33bcbab16d1 ("tee: add support for session's client UUID generation") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- The regression was introduced in the soc tree, I'd pick this patch up directly into that unless someone sees a problem --- drivers/tee/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig index 806eb87d4da0..e99d840c2511 100644 --- a/drivers/tee/Kconfig +++ b/drivers/tee/Kconfig @@ -3,6 +3,7 @@ config TEE tristate "Trusted Execution Environment support" depends on HAVE_ARM_SMCCC || COMPILE_TEST || CPU_SUP_AMD + select CRYPTO select CRYPTO_SHA1 select DMA_SHARED_BUFFER select GENERIC_ALLOCATOR -- 2.26.2

4 years, 6 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Tee-dev May 2020