Hi Rijo,
On Wed, Oct 23, 2019 at 11:30:56AM +0000, Thomas, Rijo-john wrote:
This patch series introduces Trusted Execution Environment (TEE) driver for AMD APU enabled systems. The TEE is a secure area of a processor which ensures that sensitive data is stored, processed and protected in an isolated and trusted environment. The AMD Secure Processor is a dedicated processor which provides TEE to enable HW platform security. It offers protection against software attacks generated in Rich Operating System (Rich OS) such as Linux running on x86. The AMD-TEE Trusted OS running on AMD Secure Processor allows loading and execution of security sensitive applications called Trusted Applications (TAs). An example of a TA would be a DRM (Digital Rights Management) TA written to enforce content protection.
Linux already provides a tee subsystem, which is described in [1]. The tee subsystem provides a generic TEE ioctl interface which can be used by user space to talk to a TEE driver. AMD-TEE driver registers with tee subsystem and implements tee function callbacks in an AMD platform specific manner.
The following TEE commands are recognized by AMD-TEE Trusted OS:
- TEE_CMD_ID_LOAD_TA : Load Trusted Application (TA) binary into TEE environment
- TEE_CMD_ID_UNLOAD_TA : Unload TA binary from TEE environment
- TEE_CMD_ID_OPEN_SESSION : Open session with loaded TA
- TEE_CMD_ID_CLOSE_SESSION : Close session with loaded TA
- TEE_CMD_ID_INVOKE_CMD : Invoke a command with loaded TA
- TEE_CMD_ID_MAP_SHARED_MEM : Map shared memory
- TEE_CMD_ID_UNMAP_SHARED_MEM : Unmap shared memory
Each command has its own payload format. The AMD-TEE driver creates a command buffer payload for submission to AMD-TEE Trusted OS.
This patch series has a dependency on another patch set titled - Add TEE interface support to AMD Secure Processor driver.
Please add a section in Documentation/tee.txt describing the AMD-TEE driver.
Cheers, Jens
Rijo Thomas (2): tee: allow compilation of tee subsystem for AMD CPUs tee: add AMD-TEE driver
drivers/tee/Kconfig | 4 +- drivers/tee/Makefile | 1 + drivers/tee/amdtee/Kconfig | 8 + drivers/tee/amdtee/Makefile | 5 + drivers/tee/amdtee/amdtee_if.h | 183 +++++++++++++ drivers/tee/amdtee/amdtee_private.h | 159 +++++++++++ drivers/tee/amdtee/call.c | 370 ++++++++++++++++++++++++++ drivers/tee/amdtee/core.c | 510 ++++++++++++++++++++++++++++++++++++ drivers/tee/amdtee/shm_pool.c | 130 +++++++++ include/uapi/linux/tee.h | 1 + 10 files changed, 1369 insertions(+), 2 deletions(-) create mode 100644 drivers/tee/amdtee/Kconfig create mode 100644 drivers/tee/amdtee/Makefile create mode 100644 drivers/tee/amdtee/amdtee_if.h create mode 100644 drivers/tee/amdtee/amdtee_private.h create mode 100644 drivers/tee/amdtee/call.c create mode 100644 drivers/tee/amdtee/core.c create mode 100644 drivers/tee/amdtee/shm_pool.c
-- 1.9.1