Tee-dev June 2020

tee-dev@lists.linaro.org

23 participants
17 discussions

[GIT PULL] update tee mailing list for v5.8

by Jens Wiklander

Hello arm-soc maintainers, Please pull this patch updatating the TEE mailing list to op-tee(a)lists.trustedfirmware.org. Thanks, Jens The following changes since commit b3a9e3b9622ae10064826dccb4f7a52bd88c7407: Linux 5.8-rc1 (2020-06-14 12:45:04 -0700) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/tee-ml-for-v5.8 for you to fetch changes up to cf5057e169f460e825bdf580eb285bb601156f82: MAINTAINERS: change tee mailing list (2020-06-16 09:37:45 +0200) ---------------------------------------------------------------- Change the TEE mailing list in MAINTAINERS ---------------------------------------------------------------- Jens Wiklander (1): MAINTAINERS: change tee mailing list MAINTAINERS | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)

4 years, 5 months

[PATCH] MAINTAINERS: change tee mailing list

by Jens Wiklander

The old TEE mailing list tee-dev(a)lists.linaro.org is about to be retired. From now on please use op-tee(a)lists.trustedfirmware.org instead. Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> --- MAINTAINERS | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 68f21d46614c..772448e36203 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -12691,13 +12691,13 @@ F: arch/mips/boot/dts/ralink/omega2p.dts OP-TEE DRIVER M: Jens Wiklander <jens.wiklander(a)linaro.org> -L: tee-dev(a)lists.linaro.org +L: op-tee(a)lists.trustedfirmware.org S: Maintained F: drivers/tee/optee/ OP-TEE RANDOM NUMBER GENERATOR (RNG) DRIVER M: Sumit Garg <sumit.garg(a)linaro.org> -L: tee-dev(a)lists.linaro.org +L: op-tee(a)lists.trustedfirmware.org S: Maintained F: drivers/char/hw_random/optee-rng.c @@ -16759,7 +16759,7 @@ F: include/media/i2c/tw9910.h TEE SUBSYSTEM M: Jens Wiklander <jens.wiklander(a)linaro.org> -L: tee-dev(a)lists.linaro.org +L: op-tee(a)lists.trustedfirmware.org S: Maintained F: Documentation/tee.txt F: drivers/tee/ -- 2.25.1

4 years, 5 months

[PATCH v2] drivers: optee: allow op-tee to access devices on the i2c bus

by Jorge Ramirez-Ortiz

Some secure elements like NXP's SE050 sit on I2C buses. For OP-TEE to control this type of cryptographic devices it needs coordinated access to the bus, so collisions and RUNTIME_PM dont get in the way. This trampoline driver allow OP-TEE to access them. Signed-off-by: Jorge Ramirez-Ortiz <jorge(a)foundries.io> --- drivers/tee/optee/optee_msg.h | 18 +++++++++++ drivers/tee/optee/rpc.c | 57 +++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h index 795bc19ae17a..b6cc964fdeea 100644 --- a/drivers/tee/optee/optee_msg.h +++ b/drivers/tee/optee/optee_msg.h @@ -419,4 +419,22 @@ struct optee_msg_arg { */ #define OPTEE_MSG_RPC_CMD_SHM_FREE 7 +/* + * Access a device on an i2c bus + * + * [in] param[0].u.value.a mode: RD(0), WR(1) + * [in] param[0].u.value.b i2c adapter + * [in] param[0].u.value.c i2c chip + * + * [io] param[1].u.tmem.buf_ptr physical address + * [io] param[1].u.tmem.size transfer size in bytes + * [io] param[1].u.tmem.shm_ref shared memory reference + * + * [out] param[0].u.value.a bytes transferred + * + */ +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER 8 +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER_RD 0 +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER_WR 1 + #endif /* _OPTEE_MSG_H */ diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c index b4ade54d1f28..21d452805c6f 100644 --- a/drivers/tee/optee/rpc.c +++ b/drivers/tee/optee/rpc.c @@ -9,6 +9,7 @@ #include <linux/device.h> #include <linux/slab.h> #include <linux/tee_drv.h> +#include <linux/i2c.h> #include "optee_private.h" #include "optee_smc.h" @@ -48,6 +49,59 @@ static void handle_rpc_func_cmd_get_time(struct optee_msg_arg *arg) bad: arg->ret = TEEC_ERROR_BAD_PARAMETERS; } +static void handle_rpc_func_cmd_i2c_transfer(struct tee_context *ctx, + struct optee_msg_arg *arg) +{ + struct i2c_client client; + struct tee_shm *shm; + int i, ret; + char *buf; + uint32_t attr[] = { + OPTEE_MSG_ATTR_TYPE_VALUE_INPUT, + OPTEE_MSG_ATTR_TYPE_TMEM_INOUT, + OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT, + }; + + if (arg->num_params != ARRAY_SIZE(attr)) + goto bad; + + for (i = 0; i < ARRAY_SIZE(attr); i++) + if ((arg->params[i].attr & OPTEE_MSG_ATTR_TYPE_MASK) != attr[i]) + goto bad; + + shm = (struct tee_shm *)(unsigned long)arg->params[1].u.tmem.shm_ref; + buf = (char *)shm->kaddr; + + client.addr = arg->params[0].u.value.c; + client.adapter = i2c_get_adapter(arg->params[0].u.value.b); + if (!client.adapter) + goto bad; + + snprintf(client.name, I2C_NAME_SIZE, "i2c%d", client.adapter->nr); + + switch (arg->params[0].u.value.a) { + case OPTEE_MSG_RPC_CMD_I2C_TRANSFER_RD: + ret = i2c_master_recv(&client, buf, arg->params[1].u.tmem.size); + break; + case OPTEE_MSG_RPC_CMD_I2C_TRANSFER_WR: + ret = i2c_master_send(&client, buf, arg->params[1].u.tmem.size); + break; + default: + i2c_put_adapter(client.adapter); + goto bad; + } + + if (ret >= 0) { + arg->params[2].u.value.a = ret; + arg->ret = TEEC_SUCCESS; + } else + arg->ret = TEEC_ERROR_COMMUNICATION; + + i2c_put_adapter(client.adapter); + return; +bad: + arg->ret = TEEC_ERROR_BAD_PARAMETERS; +} static struct wq_entry *wq_entry_get(struct optee_wait_queue *wq, u32 key) { @@ -382,6 +436,9 @@ static void handle_rpc_func_cmd(struct tee_context *ctx, struct optee *optee, case OPTEE_MSG_RPC_CMD_SHM_FREE: handle_rpc_func_cmd_shm_free(ctx, arg); break; + case OPTEE_MSG_RPC_CMD_I2C_TRANSFER: + handle_rpc_func_cmd_i2c_transfer(ctx, arg); + break; default: handle_rpc_supp_cmd(ctx, arg); } -- 2.17.1

4 years, 5 months

[PATCHv7 0/3] optee: register drivers on optee bus

by Maxim Uvarov

v7: - check return value of dev_set_name() (Jarkko Sakkinen) v6: - description, comments, patches reorder and destroy workqueue (Sumit Garg) v5: - removed pr_err and fix typos in description (Jarkko Sakkinen) - added missed kfree in optee_open() v4: - sysfs entry is optee-ta-uuid (Jerome Forissier, Sumit Garg) - added Documentation/ABI/testing/sysfs-bus-optee-devices (Greg Kroah-Hartman) v3: - support tee-suppicant restart (Jens Wiklander) - description and comments (Jarkko Sakkinen) - do not name optee drivers by index in sysfs (Sumit Garg) v2: - write TEE with capital letters. - declare __optee_enumerate_device() as static. Maxim Uvarov (3): optee: use uuid for sysfs driver entry optee: enable support for multi-stage bus enumeration tpm_ftpm_tee: register driver on TEE bus .../ABI/testing/sysfs-bus-optee-devices | 8 +++ MAINTAINERS | 1 + drivers/char/tpm/tpm_ftpm_tee.c | 70 ++++++++++++++++--- drivers/tee/optee/core.c | 27 ++++++- drivers/tee/optee/device.c | 38 +++++----- drivers/tee/optee/optee_private.h | 10 ++- 6 files changed, 119 insertions(+), 35 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-bus-optee-devices -- 2.17.1

4 years, 5 months

[PATCH] Documentation: tee: Document TEE kernel interface

by Sumit Garg

Update documentation with TEE bus infrastructure which provides an interface for kernel client drivers to communicate with corresponding Trusted Application. Signed-off-by: Sumit Garg <sumit.garg(a)linaro.org> --- Documentation/tee.txt | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/Documentation/tee.txt b/Documentation/tee.txt index c8fad81..428d3b5 100644 --- a/Documentation/tee.txt +++ b/Documentation/tee.txt @@ -53,6 +53,28 @@ clients, forward them to the TEE and send back the results. In the case of supplicants the communication goes in the other direction, the TEE sends requests to the supplicant which then sends back the result. +The TEE kernel interface +======================== + +Kernel provides a TEE bus infrastructure where a Trusted Application is +represented as a device identified via Universally Unique Identifier (UUID) and +client drivers register a table of supported device UUIDs. + +TEE bus infrastructure registers following APIs: +- match(): iterates over the client driver UUID table to find a corresponding + match for device UUID. If a match is found, then this particular device is + probed via corresponding probe API registered by the client driver. This + process happens whenever a device or a client driver is registered with TEE + bus. +- uevent(): notifies user-space (udev) whenever a new device is registered on + TEE bus for auto-loading of modularized client drivers. + +TEE bus device enumeration is specific to underlying TEE implementation, so it +is left open for TEE drivers to provide corresponding implementation. + +Then TEE client driver can talk to a matched Trusted Application using APIs +listed in include/linux/tee_drv.h. + OP-TEE driver ============= @@ -112,6 +134,14 @@ kernel are handled by the kernel driver. Other RPC messages will be forwarded to tee-supplicant without further involvement of the driver, except switching shared memory buffer representation. +OP-TEE device enumeration +------------------------- + +OP-TEE provides a pseudo Trusted Application: drivers/tee/optee/device.c in +order to support device enumeration. In other words, OP-TEE driver invokes this +application to retrieve a list of Trusted Applications which can be registered +as devices on the TEE bus. + AMD-TEE driver ============== -- 2.7.4

4 years, 5 months

[PATCH v4 0/4] Introduce TEE based Trusted Keys support

by Sumit Garg

Add support for TEE based trusted keys where TEE provides the functionality to seal and unseal trusted keys using hardware unique key. Also, this is an alternative in case platform doesn't possess a TPM device. This patch-set has been tested with OP-TEE based early TA which can be found here [1]. [1] https://github.com/OP-TEE/optee_os/pull/3838 Changes in v4: 1. Pushed independent TEE features separately: - Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062 2. Updated trusted-encrypted doc with TEE as a new trust source. 3. Rebased onto latest tpmdd/master. Changes in v3: 1. Update patch #2 to support registration of multiple kernel pages. 2. Incoporate dependency patch #4 in this patch-set: https://patchwork.kernel.org/patch/11091435/ Changes in v2: 1. Add reviewed-by tags for patch #1 and #2. 2. Incorporate comments from Jens for patch #3. 3. Switch to use generic trusted keys framework. Sumit Garg (4): KEYS: trusted: Add generic trusted keys framework KEYS: trusted: Introduce TEE based Trusted Keys doc: trusted-encrypted: updates with TEE as a new trust source MAINTAINERS: Add entry for TEE based Trusted Keys Documentation/security/keys/trusted-encrypted.rst | 203 ++++++++++--- MAINTAINERS | 8 + include/keys/trusted-type.h | 48 ++++ include/keys/trusted_tee.h | 66 +++++ include/keys/trusted_tpm.h | 15 - security/keys/Kconfig | 3 + security/keys/trusted-keys/Makefile | 2 + security/keys/trusted-keys/trusted_common.c | 336 ++++++++++++++++++++++ security/keys/trusted-keys/trusted_tee.c | 282 ++++++++++++++++++ security/keys/trusted-keys/trusted_tpm1.c | 335 ++++----------------- 10 files changed, 974 insertions(+), 324 deletions(-) create mode 100644 include/keys/trusted_tee.h create mode 100644 security/keys/trusted-keys/trusted_common.c create mode 100644 security/keys/trusted-keys/trusted_tee.c -- 2.7.4

4 years, 5 months

[PATCHv5 0/3] optee: register drivers on optee bus

by Maxim Uvarov

v5: - removed pr_err and fix typos in description (Jarkko Sakkinen) - added missed kfree in optee_open() v4: - sysfs entry is optee-ta-uuid (Jerome Forissier, Sumit Garg) - added Documentation/ABI/testing/sysfs-bus-optee-devices (Greg Kroah-Hartman) v3: - support tee-suppicant restart (Jens Wiklander) - description and comments (Jarkko Sakkinen) - do not name optee drivers by index in sysfs (Sumit Garg) v2: - write TEE with capital letters. - declare __optee_enumerate_device() as static. Maxim Uvarov (3): optee: do drivers initialization before and after tee-supplicant run optee: use uuid for sysfs driver entry tpm_ftpm_tee: register driver on TEE bus .../ABI/testing/sysfs-bus-optee-devices | 8 +++ MAINTAINERS | 2 + drivers/char/tpm/tpm_ftpm_tee.c | 70 ++++++++++++++++--- drivers/tee/optee/core.c | 24 ++++++- drivers/tee/optee/device.c | 23 +++--- drivers/tee/optee/optee_private.h | 10 ++- 6 files changed, 114 insertions(+), 23 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-bus-optee-devices -- 2.17.1

4 years, 5 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Tee-dev June 2020