Tee-dev

tee-dev@lists.linaro.org

291 discussions

[PATCH] hw/arm/virt: add DT property /secure-chosen/sdtout-path being secure UART

by Jerome Forissier

Bindings for /secure-chosen and /secure-chosen/stdout-path have been proposed 1.5 years ago [1] and implemented in OP-TEE at the same time [2]. This patch creates the property when the machine is secure. [1] https://patchwork.kernel.org/patch/9602401/ [2] https://github.com/OP-TEE/optee_os/commit/4dc31c52544a Signed-off-by: Jerome Forissier <jerome.forissier(a)linaro.org> --- hw/arm/virt.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 0b57f87abc..a0faa40d64 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -712,6 +712,10 @@ static void create_uart(const VirtMachineState *vms, qemu_irq *pic, int uart, /* Mark as not usable by the normal world */ qemu_fdt_setprop_string(vms->fdt, nodename, "status", "disabled"); qemu_fdt_setprop_string(vms->fdt, nodename, "secure-status", "okay"); + + qemu_fdt_add_subnode(vms->fdt, "/secure-chosen"); + qemu_fdt_setprop_string(vms->fdt, "/secure-chosen", "stdout-path", + nodename); } g_free(nodename); -- 2.15.1

6 years

[PATCH v2] Documentation: dt: Add binding for /secure-chosen/stdout-path

by Jerome Forissier

Some platforms may use a single device tree to describe two address spaces, as described in d9f43babb998 ("Documentation: dt: Add bindings for Secure-only devices"). For these platforms it makes sense to define a secure counterpart of /chosen, namely: /secure-chosen. This new node is meant to be used by the secure firmware to pass data to the secure OS. Only the stdout-path property is supported for now. Signed-off-by: Jerome Forissier <jerome.forissier(a)linaro.org> --- Notes: Sending this again, slightly modified. Previous submission was in March 2017 [1]. Since then, OP-TEE has implemented this binding for platforms that use DT [2] (fallback to /chosen/stdout-path to be implemented in [3]). A patch for QEMU has been proposed [4], to which the maintainer responded "Are the DT bindings upstream yet?" ;-) [1] https://patchwork.kernel.org/patch/9602401/ [2] https://github.com/OP-TEE/optee_os/commit/4dc31c52544a [3] https://github.com/OP-TEE/optee_os/pull/2569 [4] https://patchwork.ozlabs.org/patch/979345/ Changes since v1: - Use "should" instead of "may" ("...the Secure OS should use the value of /chosen/stdout-path..."). Documentation/devicetree/bindings/arm/secure.txt | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/Documentation/devicetree/bindings/arm/secure.txt b/Documentation/devicetree/bindings/arm/secure.txt index e31303fb233a..f27bbff2c780 100644 --- a/Documentation/devicetree/bindings/arm/secure.txt +++ b/Documentation/devicetree/bindings/arm/secure.txt @@ -32,7 +32,8 @@ describe the view of Secure world using the standard bindings. These secure- bindings only need to be used where both the Secure and Normal world views need to be described in a single device tree. -Valid Secure world properties: +Valid Secure world properties +----------------------------- - secure-status : specifies whether the device is present and usable in the secure world. The combination of this with "status" allows @@ -51,3 +52,19 @@ Valid Secure world properties: status = "disabled"; secure-status = "okay"; /* S-only */ status = "disabled"; /* disabled in both */ status = "disabled"; secure-status = "disabled"; /* disabled in both */ + +The secure-chosen node +---------------------- + +Similar to the /chosen node which serves as a place for passing data +between firmware and the operating system, the /secure-chosen node may +be used to pass data to the Secure OS. Only the properties defined +below may appear in the /secure-chosen node. + +- stdout-path : specifies the device to be used by the Secure OS for + its console output. The syntax is the same as for /chosen/stdout-path. + If the /secure-chosen node exists but the stdout-path property is not + present, the Secure OS should not perform any console output. If + /secure-chosen does not exist, the Secure OS should use the value of + /chosen/stdout-path instead (that is, use the same device as the + Normal world OS). -- 2.15.1

6 years, 1 month

[edk2][PATCH v3 1/1] Add ArmPkg/Optee library APIs

by Sumit Garg

Changes in v3: Removed GlobalPlatform TEE return codes (IndustryStandard/GlobalPlatform.h) that were rejected by EDK2 maintainers. Rather used custom ones for this OP-TEE driver. Changes in v2: 1. Separate patch for MdePkg/Include/IndustryStandard/GlobalPlatform.h. 2. Correct comments style for struct members. 3. Update commit message. Sumit Garg (1): ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE ArmPkg/Include/Library/OpteeLib.h | 90 +++++++++ ArmPkg/Library/OpteeLib/Optee.c | 357 +++++++++++++++++++++++++++++++++++ ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++++ 4 files changed, 492 insertions(+) create mode 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h -- 2.7.4

6 years, 1 month

support for migrate info

by Jorge Ramirez-Ortiz

I am upstreaming TF-A support for the Renesas R-car gen3 platforms [1]. In order to prevent the boot cpu from being switched off (hotpluged) I am having to work around the fact that OPTEE_OS does not support MIGRATE_INFO_TYPE or MIGRATE_INFO_UP_CPU. Its SPD at TF-A level [2] returns that the TrustedOS if fully MP aware and has not special requirements for migration. The work around I implemented (patch below and [3]) will query the platform whenever the opteed SPD indicates that it has no migration restrictions (which currently is always) Is there any work ongoing on OPTEE_OS to support MIGRATE_INFO and update the TF-A SPD or am I missing some fundamental point? thanks Jorge [1] https://github.com/ARM-software/arm-trusted-firmware/pull/1582 [2] https://github.com/ARM-software/arm-trusted-firmware/blob/master/services/s… [3] https://github.com/ARM-software/arm-trusted-firmware/pull/1582/commits/9a7f… psci: implement platform hook to migrate_info --- include/lib/psci/psci.h | 2 ++ lib/psci/psci_main.c | 35 ++++++++++++++++++++++++++++++++--- 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/include/lib/psci/psci.h b/include/lib/psci/psci.h index b27e481..e705a81 100644 --- a/include/lib/psci/psci.h +++ b/include/lib/psci/psci.h @@ -322,12 +322,14 @@ typedef struct plat_psci_ops { int (*write_mem_protect)(int val); int (*system_reset2)(int is_vendor, int reset_type, u_register_t cookie); + int (*migrate_info)(u_register_t *mpidr); } plat_psci_ops_t; /******************************************************************************* * Function & Data prototypes ******************************************************************************/ unsigned int psci_version(void); +int psci_migrate_info(u_register_t *mpidr); int psci_cpu_on(u_register_t target_cpu, uintptr_t entrypoint, u_register_t context_id); diff --git a/lib/psci/psci_main.c b/lib/psci/psci_main.c index fd822bc..ce5419a 100644 --- a/lib/psci/psci_main.c +++ b/lib/psci/psci_main.c @@ -44,6 +44,23 @@ int psci_cpu_on(u_register_t target_cpu, return psci_cpu_on_start(target_cpu, &ep); } +int psci_platform_migrate_info(u_register_t *mpidr) +{ + int rc; + + if (psci_plat_pm_ops->migrate_info == NULL) { + /* no migrate restrictions */ + return PSCI_TOS_NOT_PRESENT_MP; + } + + rc = psci_plat_pm_ops->migrate_info(mpidr); + + assert((rc == PSCI_TOS_UP_MIG_CAP) || (rc == PSCI_TOS_NOT_UP_MIG_CAP) || + (rc == PSCI_TOS_NOT_PRESENT_MP) || (rc == PSCI_E_NOT_SUPPORTED)); + + return rc; +} + unsigned int psci_version(void) { return PSCI_MAJOR_VER | PSCI_MINOR_VER; @@ -276,8 +293,14 @@ int psci_migrate(u_register_t target_cpu) int psci_migrate_info_type(void) { u_register_t resident_cpu_mpidr; + int rc; + + rc = psci_spd_migrate_info(&resident_cpu_mpidr); + if ((rc != PSCI_TOS_NOT_UP_MIG_CAP) && (rc != PSCI_TOS_UP_MIG_CAP)) + return psci_platform_migrate_info(NULL); + + return rc; - return psci_spd_migrate_info(&resident_cpu_mpidr); } u_register_t psci_migrate_info_up_cpu(void) @@ -290,8 +313,14 @@ u_register_t psci_migrate_info_up_cpu(void) * psci_spd_migrate_info() returns. */ rc = psci_spd_migrate_info(&resident_cpu_mpidr); - if ((rc != PSCI_TOS_NOT_UP_MIG_CAP) && (rc != PSCI_TOS_UP_MIG_CAP)) - return (u_register_t)(register_t) PSCI_E_INVALID_PARAMS; + if ((rc != PSCI_TOS_NOT_UP_MIG_CAP) && (rc != PSCI_TOS_UP_MIG_CAP)) { + rc = psci_platform_migrate_info(&resident_cpu_mpidr); + if ((rc != PSCI_TOS_NOT_UP_MIG_CAP) && + (rc != PSCI_TOS_UP_MIG_CAP)) + /* neither the SDP nor the platform have any migration + restrictions: any core can be hotpluged */ + return (u_register_t)(register_t) PSCI_E_INVALID_PARAMS; + } return resident_cpu_mpidr; } -- 2.7.4

6 years, 1 month

[edk2][PATCH v2 0/2] Add ArmPkg/Optee library APIs

by Sumit Garg

Changes in v2: 1. Separate patch for MdePkg/Include/IndustryStandard/GlobalPlatform.h. 2. Correct comments style for struct members. 3. Update commit message. Sumit Garg (2): MdePkg/IndustryStandard: Add Global Plaform header file ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE ArmPkg/Include/Library/OpteeLib.h | 87 ++++++ ArmPkg/Library/OpteeLib/Optee.c | 358 +++++++++++++++++++++++ ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ MdePkg/Include/IndustryStandard/GlobalPlatform.h | 27 ++ 5 files changed, 517 insertions(+) create mode 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h create mode 100644 MdePkg/Include/IndustryStandard/GlobalPlatform.h -- 2.7.4

6 years, 1 month

OP-TEE 3.3.0

by Jerome Forissier

Hello OP-TEE contributors and maintainers, I have tagged 3.3.0-rc1 today. As usual, any help to run tests on as many platforms as possible is appreciated. The pull request to collect the Tested-by's and report any issues is #2552 [1]. Thanks for your continued help and support! [1] https://github.com/OP-TEE/optee_os/pull/2552 Note: this e-mail is sent to the contacts in optee_os/MAINTAINERS.md. -- Jerome

6 years, 1 month

[PATCH v2 00/13] TEE mediator (and OP-TEE) support in XEN

by Volodymyr Babchuk

From: Volodymyr Babchuk <vlad.babchuk(a)gmail.com> Hello all, This is v2 of patch series for OP-TEE mediator support in XEN. Changes from v1: - Added domctl interface, so now xl decides what domain should work with TEE - Removed XSM support due to change described above - Patch with OP-TEE mediator was splited to 7 separate patches - Removed patch with call_smccc() function. Now this series depend on Julien Grall's series "xen/arm: SMCCC fixup and improvement" [3] ===== v1: This is follow for patch series [1]. There was lots of discussions for that series and I tried to address all of them in this new patchset. Currently, I had a working solution for OP-TEE virtualization and it is being upstreamed right now ([2]). So, I think it is a good time to introduce support in XEN as well. This series include generic TEE mediator framework and full-scale OP-TEE mediator which is working with mentioned chages in OP-TEE. So, multiple domains can work simultaneously with OP-TEE. I added XSM support, so now it is possible to control which domains can work with TEEs. Also I changed way how TEE discovery is done. Now it is very generic and should support any platform. [1] https://lists.xenproject.org/archives/html/xen-devel/2017-10/msg01451.html [2] https://github.com/OP-TEE/optee_os/pull/2370 [3] https://lists.xenproject.org/archives/html/xen-devel/2018-08/msg02138.html Volodymyr Babchuk (13): arm: add generic TEE mediator framework domctl: add tee_op domctl arm: tee: add OP-TEE header files optee: add OP-TEE mediator skeleton optee: add fast calls handling optee: add domain contexts optee: add std call handling optee: add support for RPC SHM buffers optee: add support for arbitrary shared memory optee: add support for RPC commands libxc: add xc_dom_tee_enable(...) function xl: add "tee" option for xl.cfg lixl: arm: create optee firmware node in DT if tee=1 MAINTAINERS | 6 + docs/man/xl.cfg.pod.5.in | 10 + tools/libxc/include/xenctrl.h | 7 + tools/libxc/xc_domain.c | 13 + tools/libxl/libxl_arm.c | 59 +- tools/libxl/libxl_create.c | 1 + tools/libxl/libxl_types.idl | 1 + tools/xl/xl_parse.c | 1 + xen/arch/arm/Kconfig | 9 + xen/arch/arm/Makefile | 1 + xen/arch/arm/domain.c | 4 + xen/arch/arm/domain_build.c | 4 + xen/arch/arm/domctl.c | 10 + xen/arch/arm/setup.c | 1 + xen/arch/arm/shutdown.c | 1 + xen/arch/arm/tee/Kconfig | 4 + xen/arch/arm/tee/Makefile | 2 + xen/arch/arm/tee/optee.c | 1042 +++++++++++++++++++++++++++++++++++ xen/arch/arm/tee/tee.c | 69 +++ xen/arch/arm/vsmc.c | 5 + xen/arch/arm/xen.lds.S | 7 + xen/include/asm-arm/tee/optee_msg.h | 444 +++++++++++++++ xen/include/asm-arm/tee/optee_smc.h | 507 +++++++++++++++++ xen/include/asm-arm/tee/tee.h | 91 +++ xen/include/public/domctl.h | 8 + 25 files changed, 2294 insertions(+), 13 deletions(-) create mode 100644 xen/arch/arm/tee/Kconfig create mode 100644 xen/arch/arm/tee/Makefile create mode 100644 xen/arch/arm/tee/optee.c create mode 100644 xen/arch/arm/tee/tee.c create mode 100644 xen/include/asm-arm/tee/optee_msg.h create mode 100644 xen/include/asm-arm/tee/optee_smc.h create mode 100644 xen/include/asm-arm/tee/tee.h -- 2.7.4

6 years, 1 month

[PATCH] tee: optee: log message if dynamic shm is enabled

by Victor Chong

Suggested-by: Jerome Forissier <jerome.forissier(a)linaro.org> Signed-off-by: Victor Chong <victor.chong(a)linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier(a)linaro.org> --- drivers/tee/optee/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index e1aafe842d66..cca5c091e55a 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -631,6 +631,9 @@ static struct optee *optee_probe(struct device_node *np) optee_enable_shm_cache(optee); + if (optee->sec_caps & OPTEE_SMC_SEC_CAP_DYNAMIC_SHM) + pr_info("dynamic shared memory is enabled\n"); + pr_info("initialized driver\n"); return optee; err: -- 2.17.1

6 years, 2 months

[PATCH] core: arm: imx: Support psci feature query

by Jun Nie

Add psci features list for query. The list is based on current implemented psci functions. Signed-off-by: Jun Nie <jun.nie(a)linaro.org> --- core/arch/arm/plat-imx/pm/psci.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/core/arch/arm/plat-imx/pm/psci.c b/core/arch/arm/plat-imx/pm/psci.c index 1ff6e65..89f4839 100644 --- a/core/arch/arm/plat-imx/pm/psci.c +++ b/core/arch/arm/plat-imx/pm/psci.c @@ -28,16 +28,27 @@ int psci_features(uint32_t psci_fid) { switch (psci_fid) { + case PSCI_PSCI_FEATURES: + case PSCI_VERSION: + case PSCI_CPU_SUSPEND: + case PSCI_CPU_OFF: #ifdef CFG_BOOT_SECONDARY_REQUEST case PSCI_CPU_ON: - return 0; #endif - + case PSCI_AFFINITY_INFO: + case PSCI_SYSTEM_OFF: + case PSCI_SYSTEM_RESET: + return PSCI_RET_SUCCESS; default: return PSCI_RET_NOT_SUPPORTED; } } +uint32_t psci_version(void) +{ + return PSCI_VERSION_1_0; +} + #ifdef CFG_BOOT_SECONDARY_REQUEST int psci_cpu_on(uint32_t core_idx, uint32_t entry, uint32_t context_id) -- 2.7.4

6 years, 2 months

tee dispatcher - arm trusted firmware

by Jorge Ramirez-Ortiz

Hi, The current implementation of tspd_cpu_migrate_info hardcodes the type information for all platforms via #define TSP_MIGRATE_INFO. Would it make sense to introduce a weak bl31_plat_cpu_migrate_info call to either be populated by the platform or defaulted to TSP_MIGRATE_INFO. I am asking because rcar_gen3 platform has this requirement (not sure about all the other platforms). diff --git a/services/spd/tspd/tspd_pm.c b/services/spd/tspd/tspd_pm.c index 9414c15..c24b5a8 100644 --- a/services/spd/tspd/tspd_pm.c +++ b/services/spd/tspd/tspd_pm.c @@ -178,7 +178,7 @@ static void tspd_cpu_suspend_finish_handler(u_register_t max_off_pwrlvl) ******************************************************************************/ static int32_t tspd_cpu_migrate_info(u_register_t *resident_cpu) { - return TSP_MIGRATE_INFO; + return bl31_plat_cpu_migrate_info(resident_cpu); } thanks Jorge

6 years, 2 months

← Newer
1
...
16
17
18
19
20
21
22
...
30
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Tee-dev