Commit Graph

13 Commits

Author SHA1 Message Date
Jorge Ramirez-Ortiz c05210ab97 drivers: optee: allow op-tee to access devices on the i2c bus
Some secure elements like NXP's SE050 sit on I2C buses. For OP-TEE to
control this type of cryptographic devices it needs coordinated access
to the bus, so collisions and RUNTIME_PM dont get in the way.

This trampoline driver allow OP-TEE to access them.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2020-08-21 11:41:45 +02:00
Maxim Uvarov 5f178bb71e optee: enable support for multi-stage bus enumeration
Some drivers (like ftpm) can operate only after tee-supplicant
runs because of tee-supplicant provides things like storage
services (rpmb, shm).  This patch splits probe of non tee-supplicant
dependable drivers to the early stage, and after tee-supplicant run
probe other drivers.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Suggested-by: Sumit Garg <sumit.garg@linaro.org>
Suggested-by: Arnd Bergmann <arnd@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2020-07-10 09:41:53 +02:00
Thomas Gleixner 9c92ab6191 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282
Based on 1 normalized pattern(s):

  this software is licensed under the terms of the gnu general public
  license version 2 as published by the free software foundation and
  may be copied distributed and modified under those terms this
  program is distributed in the hope that it will be useful but
  without any warranty without even the implied warranty of
  merchantability or fitness for a particular purpose see the gnu
  general public license for more details

extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-only

has been chosen to replace the boilerplate/reference in 285 file(s).

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Alexios Zavras <alexios.zavras@intel.com>
Reviewed-by: Allison Randal <allison@lohutok.net>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190529141900.642774971@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-05 17:36:37 +02:00
Sumit Garg c3fa24af92 tee: optee: add TEE bus device enumeration support
OP-TEE provides a pseudo TA to enumerate TAs which can act as devices/
services for TEE bus. So implement device enumeration using invoke
function: PTA_CMD_GET_DEVICES provided by pseudo TA to fetch array of
device UUIDs. Also register these enumerated devices with TEE bus as
"optee-clntX" device.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
[jw: fix optee_enumerate_devices() with no devices found]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2019-02-01 15:12:46 +01:00
Olof Johansson ffdc98c4f2 This pull request updates the previous tee-drv-dynamic-shm-for-v4.16 pull
request with five new patches fixing review comments and errors.
 
 Apart from three small fixes there's two larger patches that in the end
 checks that memory to be registered really is normal cached memory.
 -----BEGIN PGP SIGNATURE-----
 
 iQI3BAABCgAhBQJaVzZeGhxqZW5zLndpa2xhbmRlckBsaW5hcm8ub3JnAAoJELWw
 uEGXj+zTbVMQAOK22g34O1EouTBpFvw/Ch4aZ7AFr+NoXxyphhIeg/4RpWwCpiCY
 +xDBv4aHk6Opv0uhWGJJHMzRgE6eNYjLVVd8tGpDtRdqQWJP0MYVH2sHu5bnfJZS
 LfDUk+t2ULxgzVvIBvyccslTSAGqc5K0mnzW3DXrwkKtRmpfl27tg/OFph08lHni
 dhAOeW4m6PGWcWlQklDlpykTt8KUHMaIx5eNx+IBCYDcfQkev3Te49EwDK05ObjU
 MC6M1rZJmzb28UumkUC1B8nyS/PqxB8xrkyqYqehic6eBH9WIAn+paaLgSjocvqc
 gXwScaTNyniUPBMR73sNyARzpYgI0CvcqJ9R0uIGlSmwj9LQqrc0vtiJAR0YDeir
 FzweH8uhkU2qhZjH3WSoLGS4CSm2scIhEE3jbHpRjDdqvajoQBbOxPKusQnIjs/p
 iDZwYKuvH2f7TQtdwigT36k7KP0688LRSUrp7CeY7sIlzj0M3CLEzU/5OORBgqIl
 5KyOt6R8aVbQtABDBnzqIn1BYqA05KWzZFqwlDPckCNfBjgHd45rz4HGvwqCf9JI
 dKZ3VZDtBOeQIpBRj02mbEn0mUhDyztd7we+WkzTz0AxmEAw8r8yn1035WhZILGw
 ntXMk4PX9uVwQxReE0n1Gyv5UxCP1u+RMGE7G3hQoDBGNdhGxHw9bDqV
 =0+NS
 -----END PGP SIGNATURE-----

Merge tag 'tee-drv-dynamic-shm+fixes-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee into next/drivers

This pull request updates the previous tee-drv-dynamic-shm-for-v4.16 pull
request with five new patches fixing review comments and errors.

Apart from three small fixes there's two larger patches that in the end
checks that memory to be registered really is normal cached memory.

* tag 'tee-drv-dynamic-shm+fixes-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee:
  tee: shm: Potential NULL dereference calling tee_shm_register()
  tee: shm: don't put_page on null shm->pages
  tee: shm: make function __tee_shm_alloc static
  tee: optee: check type of registered shared memory
  tee: add start argument to shm_register callback

Signed-off-by: Olof Johansson <olof@lixom.net>
2018-01-11 18:05:06 -08:00
Jens Wiklander 95ffe4ca43 tee: add start argument to shm_register callback
Adds a start argument to the shm_register callback to allow the callback
to check memory type of the passed pages.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-12-28 10:08:00 +01:00
Arnd Bergmann bad19e0d04 This pull request enables dynamic shared memory support in the TEE
subsystem as a whole and in OP-TEE in particular.
 
 Global Platform TEE specification [1] allows client applications
 to register part of own memory as a shared buffer between
 application and TEE. This allows fast zero-copy communication between
 TEE and REE. But current implementation of TEE in Linux does not support
 this feature.
 
 Also, current implementation of OP-TEE transport uses fixed size
 pre-shared buffer for all communications with OP-TEE OS. This is okay
 in the most use cases. But this prevents use of OP-TEE in virtualized
 environments, because:
  a) We can't share the same buffer between different virtual machines
  b) Physically contiguous memory as seen by VM can be non-contiguous
     in reality (and as seen by OP-TEE OS) due to second stage of
     MMU translation.
  c) Size of this pre-shared buffer is limited.
 
 So, first part of this pull request adds generic register/unregister
 interface to tee subsystem. The second part adds necessary features into
 OP-TEE driver, so it can use not only static pre-shared buffer, but
 whole RAM to communicate with OP-TEE OS.
 
 This change is backwards compatible allowing older secure world or
 user space to work with newer kernels and vice versa.
 
 [1] https://www.globalplatform.org/specificationsdevice.asp
 -----BEGIN PGP SIGNATURE-----
 
 iQI3BAABCgAhBQJaM8X7GhxqZW5zLndpa2xhbmRlckBsaW5hcm8ub3JnAAoJELWw
 uEGXj+zThYsQAMPsMwvV977gLCnFxSZuIh1qnK5sXabpe4ITVOaUaxyCIoKAcROX
 exFdo1l+4UrOaEA9o06IROnHczCEz7IvGcPVYCB13tHwyfPsuicrdM0b/hm2Mehx
 MGYDsm3ZjnUTcZxGMNHYvCunNi84Rt1yOC8Mdx4kPhCI8ZCDqb9pV/Bb5wNLnkXS
 lXP/+EAkF0ECj88JUhgunkvL96QyK/PROCNUMWansB1RwglvyWy7IS/r03BW9Cpi
 4Mtiywmj/KZO9To4LvWhPiX5xvdxe+VxXUD6BW9hVVOxmXGSTEwr9YYr0f7qWH5q
 HeTLzkOsRQ+uHkaSLZOJ1HkIsP0sYQ7tR6OaipAEMJIN87ktGr45uuxaMnJCV1Z/
 tiKkGKJq9VISa7LA0Fv3nLhfYo8/jHiV/dV77FTreHhWimtVl3aiIkon+P/VSA7W
 Qstkq/v+djZXSmJ+dAcaRdukufWLUB4xhl27isnmaVjToFUHJH36wM9smtgXFygv
 DL8+5UBgsWPOlpJkIsTD/dwiQK+CeG4/SASgfe5DV7GVh+Z+71E2V40UQ9JoUROa
 Y33tPFWg07gG3cHAZYugKG2ucf4Yy3GXh5xZnjIq0Ye1U3/TnbK543V1y2N45vx0
 xBWJFFh2blKD04QPynBFqKPKNc5d//OgeK3m4PBTYk2GoGIvnc5YxPTq
 =3iwl
 -----END PGP SIGNATURE-----

Merge tag 'tee-drv-dynamic-shm-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee into next/drivers

Pull "tee dynamic shm for v4.16" from Jens Wiklander:

This pull request enables dynamic shared memory support in the TEE
subsystem as a whole and in OP-TEE in particular.

Global Platform TEE specification [1] allows client applications
to register part of own memory as a shared buffer between
application and TEE. This allows fast zero-copy communication between
TEE and REE. But current implementation of TEE in Linux does not support
this feature.

Also, current implementation of OP-TEE transport uses fixed size
pre-shared buffer for all communications with OP-TEE OS. This is okay
in the most use cases. But this prevents use of OP-TEE in virtualized
environments, because:
 a) We can't share the same buffer between different virtual machines
 b) Physically contiguous memory as seen by VM can be non-contiguous
    in reality (and as seen by OP-TEE OS) due to second stage of
    MMU translation.
 c) Size of this pre-shared buffer is limited.

So, first part of this pull request adds generic register/unregister
interface to tee subsystem. The second part adds necessary features into
OP-TEE driver, so it can use not only static pre-shared buffer, but
whole RAM to communicate with OP-TEE OS.

This change is backwards compatible allowing older secure world or
user space to work with newer kernels and vice versa.

[1] https://www.globalplatform.org/specificationsdevice.asp

* tag 'tee-drv-dynamic-shm-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee:
  tee: shm: inline tee_shm_get_id()
  tee: use reference counting for tee_context
  tee: optee: enable dynamic SHM support
  tee: optee: add optee-specific shared pool implementation
  tee: optee: store OP-TEE capabilities in private data
  tee: optee: add registered buffers handling into RPC calls
  tee: optee: add registered shared parameters handling
  tee: optee: add shared buffer registration functions
  tee: optee: add page list manipulation functions
  tee: optee: Update protocol definitions
  tee: shm: add page accessor functions
  tee: shm: add accessors for buffer size and page offset
  tee: add register user memory
  tee: flexible shared memory pool creation
2017-12-21 17:23:52 +01:00
Volodymyr Babchuk d885cc5e07 tee: optee: store OP-TEE capabilities in private data
Those capabilities will be used in subsequent patches.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-12-15 13:36:16 +01:00
Volodymyr Babchuk 53a107c812 tee: optee: add registered buffers handling into RPC calls
With latest changes to OP-TEE we can use any buffers as a shared memory.
Thus, it is possible for supplicant to provide part of own memory
when OP-TEE asks to allocate a shared buffer.

This patch adds support for such feature into RPC handling code.
Now when OP-TEE asks supplicant to allocate shared buffer, supplicant
can use TEE_IOC_SHM_REGISTER to provide such buffer. RPC handler is
aware of this, so it will pass list of allocated pages to OP-TEE.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
[jw: fix parenthesis alignment in free_pages_list()]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-12-15 13:35:37 +01:00
Volodymyr Babchuk 06ca79179c tee: optee: add shared buffer registration functions
This change adds ops for shm_(un)register functions in tee interface.
Client application can use these functions to (un)register an own shared
buffer in OP-TEE address space. This allows zero copy data sharing between
Normal and Secure Worlds.

Please note that while those functions were added to optee code,
it does not report to userspace that those functions are available.
OP-TEE code does not set TEE_GEN_CAP_REG_MEM flag. This flag will be
enabled only after all other features of dynamic shared memory will be
implemented in subsequent patches. Of course user can ignore presence of
TEE_GEN_CAP_REG_MEM flag and try do call those functions. This is okay,
driver will register shared buffer in OP-TEE, but any attempts to use
this shared buffer will fail.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-12-15 13:32:32 +01:00
Volodymyr Babchuk 3bb48ba5cd tee: optee: add page list manipulation functions
These functions will be used to pass information about shared
buffers to OP-TEE. ABI between Linux and OP-TEE is defined
in optee_msg.h and optee_smc.h.

optee_msg.h defines OPTEE_MSG_ATTR_NONCONTIG attribute
for shared memory references and describes how such references
should be passed. Note that it uses 64-bit page addresses even
on 32 bit systems. This is done to support LPAE and to unify
interface.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
[jw: replacing uint64_t with u64 in optee_fill_pages_list()]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-12-15 13:32:31 +01:00
Jens Wiklander 1647a5ac17 optee: support asynchronous supplicant requests
Adds support for asynchronous supplicant requests, meaning that the
supplicant can process several requests in parallel or block in a
request for some time.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260 pager=y/n)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-11-29 10:37:13 +01:00
Jens Wiklander 4fb0a5eb36 tee: add OP-TEE driver
Adds a OP-TEE driver which also can be compiled as a loadable module.

* Targets ARM and ARM64
* Supports using reserved memory from OP-TEE as shared memory
* Probes OP-TEE version using SMCs
* Accepts requests on privileged and unprivileged device
* Uses OPTEE message protocol version 2 to communicate with secure world

Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (RCAR H3)
Tested-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Javier González <javier@javigon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2017-03-10 14:51:52 +01:00