Hi Jens,
On 03/12/2015 08:14 AM, Jens Wiklander wrote:
Hi,
In this patch I've tried to summarize the recent discussion. I've defined the needed ioctls and a brief description of how the other relevant syscalls are used.
Good idea to make this a patch.
Regards, Jens
Signed-off-by: Jens Wiklander jens.wiklander@linaro.org
Documentation/ioctl/ioctl-number.txt | 1 + include/linux/sechw/tee.h | 154 +++++++++++++++++++++++++++++++++++
'sechw' looks a bit weird to me; 'sec' or 'sec_hw' maybe?
2 files changed, 155 insertions(+) create mode 100644 include/linux/sechw/tee.h
diff --git a/Documentation/ioctl/ioctl-number.txt b/Documentation/ioctl/ioctl-number.txt index 8136e1f..a04c139 100644 --- a/Documentation/ioctl/ioctl-number.txt +++ b/Documentation/ioctl/ioctl-number.txt @@ -301,6 +301,7 @@ Code Seq#(hex) Include File Comments 0xA3 80-8F Port ACL in development: mailto:tlewis@mindspring.com 0xA3 90-9F linux/dtlk.h +0xA4 00-1F linux/sechw/tee.h Generic TEE driver 0xAB 00-1F linux/nbd.h 0xAC 00-1F linux/raw.h 0xAD 00 Netfilter device in development: diff --git a/include/linux/sechw/tee.h b/include/linux/sechw/tee.h new file mode 100644 index 0000000..0c44d5d --- /dev/null +++ b/include/linux/sechw/tee.h @@ -0,0 +1,154 @@ +/*
- Copyright (c) 2015, Linaro Limited
- This software is licensed under the terms of the GNU General Public
- License version 2, as published by the Free Software Foundation, and
- may be copied, distributed, and modified under those terms.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- */
+#ifndef __TEE_H +#define __TEE_H
+#include <linux/ioctl.h> +#include <linux/types.h>
+/*
- This file describes the API provided by the generic TEE driver to user
- space
- */
+#define TEE_GENDRV_MAJOR_VERSION 1 +#define TEE_GENDRV_MINOR_VERSION 0
+/**
- struct tee_version - TEE versions
- @gendrv_major_version: Generic TEE driver major version
- @gendrv_minor_version: Generic TEE driver minor version
- @specdrv_major_version: Specific TEE driver major version
- @specdrv_minor_version: Specific TEE driver minor version
- @tee_api_major_version: Specific TEE API major version
- @tee_api_minor_version: Specific TEE API minor version
- @tee_os_major_version: Secure OS major version
- @tee_os_minor_version: Secure OS minor version
- @tee_api_uuid: Specific TEE API uuid
- @tee_os_uuid: Secure OS uuid
- Identifies the generic TEE driver, the specific TEE driver, which API
- is used to communicate with the Secure OS and the Secure OS itself.
- Unused fields are zeroed.
- */
+struct tee_version {
- uint32_t gendrv_major_version;
- uint32_t gendrv_minor_version;
- uint32_t specdrv_major_version;
- uint32_t specdrv_minor_version;
- uint32_t tee_api_major_version;
- uint32_t tee_api_minor_version;
- uint32_t tee_os_major_version;
- uint32_t tee_os_minor_version;
- uint8_t tee_api_uuid[16];
- uint8_t tee_os_uuid[16];
+};
+/**
- struct tee_cmd_data - Opaque command argument
- @buf_ptr: A __user pointer to a command buffer
- @buf_len: Length of the buffer above
- Opaque command data which is passed on to the specific driver. The command
- buffer doesn't have to reside in shared memory.
- */
+struct tee_cmd_data {
- uint64_t buf_ptr;
- uint64_t buf_len;
+};
+/**
- struct tee_shm_alloc_data - Shared memory allocate argument
- @size: Size of shared memory to allocate
- @flags: Flags to/from allocation, currently zero
- @fd: File descriptor of the shared memory
"dma_buf file descriptor" maybe?
- */
+struct tee_shm_alloc_data {
- uint64_t size;
- uint32_t flags;
- int32_t fd;
+};
+/**
- struct tee_mem_share_data - share user space memory with Secure OS
- @ptr: A __user pointer to memory to share
- @size: Size of the memory to share
- @flags: Flags to/from sharing, currently set to zero by caller
- @pad: Padding, set to zero by caller
- */
+struct tee_mem_share_data {
- uint64_t ptr;
- uint64_t size;
- uint32_t flags;
- uint32_t pad;
+};
Here we may want to also support registration of a foreign dma_buf. I.e., user app obtains a file descriptor associated with a dma_buf (from another driver typically), then it registers the buffer for use on the trusted side. So, I would make it:
struct tee_mem_buf { uint64_t ptr; uint64_t size; };
struct tee_mem_dma_buf { uint32_t fd; uint32_t pad; };
struct tee_mem_share_data { union { struct tee_mem_buf buf; struct tee_mem_dma_buf dma_buf; }; uint32_t flags; uint32_t pad; };
flags would indicate whether .buf or .dmabuf is to be used.