On Wed, Sep 10, 2025 at 08:41:21PM -0700, Amirreza Zarrabi wrote:
Introduce qcomtee_object, which represents an object in both QTEE and the kernel. QTEE clients can invoke an instance of qcomtee_object to access QTEE services. If this invocation produces a new object in QTEE, an instance of qcomtee_object will be returned.
Similarly, QTEE can request services from by issuing a callback request, which invokes an instance of qcomtee_object.
Implement initial support for exporting qcomtee_object to userspace and QTEE, enabling the invocation of objects hosted in QTEE and userspace through the TEE subsystem.
Tested-by: Neil Armstrong neil.armstrong@linaro.org Tested-by: Harshal Dev quic_hdev@quicinc.com Acked-by: Sumit Garg sumit.garg@oss.qualcomm.com Signed-off-by: Amirreza Zarrabi amirreza.zarrabi@oss.qualcomm.com
MAINTAINERS | 6 + drivers/tee/Kconfig | 1 + drivers/tee/Makefile | 1 + drivers/tee/qcomtee/Kconfig | 12 + drivers/tee/qcomtee/Makefile | 7 + drivers/tee/qcomtee/async.c | 182 +++++++ drivers/tee/qcomtee/call.c | 813 +++++++++++++++++++++++++++++++ drivers/tee/qcomtee/core.c | 906 +++++++++++++++++++++++++++++++++++ drivers/tee/qcomtee/qcomtee.h | 143 ++++++ drivers/tee/qcomtee/qcomtee_msg.h | 304 ++++++++++++ drivers/tee/qcomtee/qcomtee_object.h | 316 ++++++++++++ drivers/tee/qcomtee/shm.c | 153 ++++++ drivers/tee/qcomtee/user_obj.c | 692 ++++++++++++++++++++++++++ include/uapi/linux/tee.h | 1 + 14 files changed, 3537 insertions(+)
+static int +qcomtee_object_invoke_ctx_invoke(struct qcomtee_object_invoke_ctx *oic,
int *result, u64 *res_type)+{
- phys_addr_t out_msg_paddr;
- phys_addr_t in_msg_paddr;
- int ret;
- u64 res;
- tee_shm_get_pa(oic->out_shm, 0, &out_msg_paddr);
- tee_shm_get_pa(oic->in_shm, 0, &in_msg_paddr);
- if (!(oic->flags & QCOMTEE_OIC_FLAG_BUSY))
ret = qcom_scm_qtee_invoke_smc(in_msg_paddr, oic->in_msg.size,out_msg_paddr, oic->out_msg.size,&res, res_type);- else
ret = qcom_scm_qtee_callback_response(out_msg_paddr,oic->out_msg.size,&res, res_type);- if (ret)
pr_err("QTEE returned with %d.\n", ret);- else
*result = (int)res;
After enablign QCOMTEE driver, I observe the following error during the bootup on RB3 Gen2:
[ 4.720777] qcomtee: QTEE returned with -22. [ 4.725251] qcomtee: QTEE version 0.0.0
- return ret;
+}
Hi,
On 4/28/2026 7:21 PM, Dmitry Baryshkov wrote:
On Wed, Sep 10, 2025 at 08:41:21PM -0700, Amirreza Zarrabi wrote:
Introduce qcomtee_object, which represents an object in both QTEE and the kernel. QTEE clients can invoke an instance of qcomtee_object to access QTEE services. If this invocation produces a new object in QTEE, an instance of qcomtee_object will be returned.
Similarly, QTEE can request services from by issuing a callback request, which invokes an instance of qcomtee_object.
Implement initial support for exporting qcomtee_object to userspace and QTEE, enabling the invocation of objects hosted in QTEE and userspace through the TEE subsystem.
Tested-by: Neil Armstrong neil.armstrong@linaro.org Tested-by: Harshal Dev quic_hdev@quicinc.com Acked-by: Sumit Garg sumit.garg@oss.qualcomm.com Signed-off-by: Amirreza Zarrabi amirreza.zarrabi@oss.qualcomm.com
MAINTAINERS | 6 + drivers/tee/Kconfig | 1 + drivers/tee/Makefile | 1 + drivers/tee/qcomtee/Kconfig | 12 + drivers/tee/qcomtee/Makefile | 7 + drivers/tee/qcomtee/async.c | 182 +++++++ drivers/tee/qcomtee/call.c | 813 +++++++++++++++++++++++++++++++ drivers/tee/qcomtee/core.c | 906 +++++++++++++++++++++++++++++++++++ drivers/tee/qcomtee/qcomtee.h | 143 ++++++ drivers/tee/qcomtee/qcomtee_msg.h | 304 ++++++++++++ drivers/tee/qcomtee/qcomtee_object.h | 316 ++++++++++++ drivers/tee/qcomtee/shm.c | 153 ++++++ drivers/tee/qcomtee/user_obj.c | 692 ++++++++++++++++++++++++++ include/uapi/linux/tee.h | 1 + 14 files changed, 3537 insertions(+)
+static int +qcomtee_object_invoke_ctx_invoke(struct qcomtee_object_invoke_ctx *oic,
int *result, u64 *res_type)+{
- phys_addr_t out_msg_paddr;
- phys_addr_t in_msg_paddr;
- int ret;
- u64 res;
- tee_shm_get_pa(oic->out_shm, 0, &out_msg_paddr);
- tee_shm_get_pa(oic->in_shm, 0, &in_msg_paddr);
- if (!(oic->flags & QCOMTEE_OIC_FLAG_BUSY))
ret = qcom_scm_qtee_invoke_smc(in_msg_paddr, oic->in_msg.size,out_msg_paddr, oic->out_msg.size,&res, res_type);- else
ret = qcom_scm_qtee_callback_response(out_msg_paddr,oic->out_msg.size,&res, res_type);- if (ret)
pr_err("QTEE returned with %d.\n", ret);- else
*result = (int)res;After enablign QCOMTEE driver, I observe the following error during the bootup on RB3 Gen2:
[ 4.720777] qcomtee: QTEE returned with -22. [ 4.725251] qcomtee: QTEE version 0.0.0
We are using the RB3 Gen2, and it successfully reports 5.2.0 as the version number. However, seeing 0.0.0 is not necessarily a problem. What TZ build are you using?
It's possible that the service responsible for returning the version number is not available on your device, even though the object invocation itself is supported.
Are you able to make any object-invoke calls from userspace? A simple test - such as running the TA diagnostics tool - can help verify this: https://github.com/quic/quic-teec
Regards, Amir
- return ret;
+}
linaro-mm-sig@lists.linaro.org
-
Amirreza Zarrabi -
Dmitry Baryshkov