From patchwork Wed May 12 15:05:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etienne Carriere X-Patchwork-Id: 435549 Delivered-To: patch@linaro.org Received: by 2002:a02:c901:0:0:0:0:0 with SMTP id t1csp4913571jao; Wed, 12 May 2021 08:06:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzTaXx0UwV1c9iJXUy8jdPRi0HeYWRBtMGHRKwf0kqULyzKQzCl0bO4FQfsKF+AIJTDuSZs X-Received: by 2002:a05:600c:4f44:: with SMTP id m4mr39157408wmq.50.1620832004085; Wed, 12 May 2021 08:06:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620832004; cv=none; d=google.com; s=arc-20160816; b=UigteP9n6vv/Dr6VDqhF5S75aZCiK0kmoWct6NLoiab7hKJd8/bBv7g4snSEnQS9mW bRTKH0JpW8nxsuICQJ5zM7OGqPWr2hwU0t/VxA4UhXgsYaqTRyz54Ktm8XUFR01D07HT bF2dAF7/FlZ4hhQRbLv/H9PyDrZFtLwGTq5FEBmfqAgJbJrTZfOqRnWRGy9Gi9kfWjzV SPOg/yKhUkyuMFS1vbvUbAowaD7TMeXe5pfrCFhm+ZNVhcEBxY1FPnWVgE4KkzGAa718 F61WjUWDvliv3SiqRc6rwTAmJfz7Peuv/v28d/h1bELe5iPN55zMlPm9h3b9dviWCHQX tQeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=3BpLQFr5VKOfy2GRgO8Ub9InrXFYYVl2eTtElC47aRI=; b=VcPZRL27/T11kXiwrqsTL0cI2Yd45iAkEFak3ujVIRJymXUfg4bYW5g0Q8nIA0K+eA LNLtcarKkgMT/CEus/tMmf7bRO9SuoJt3BtTn1cpNFuAkWexEVwRB0DR3cweXKIbdQbz NdCGqs/8lrpv7jBObsXfP/FT3rekB8vwQaqZkkT1j+n+/1DWDV/ROrR+pZqX0nBsASLF kdmBLHgSku87GE7gYwzaGIIIDv/pA5iUCB1BnrULHPpyVdWxMdCTrbkBVZxByvL4CSng aY7xBn/hppixVAgc/5R5Ot2/8GgwxoQhP+FGHavKhPJjGJ0bZtHkWjO7/HbEqMuSvDTs dgRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=sYDwnlw3; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id r15si19268777edy.297.2021.05.12.08.06.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 May 2021 08:06:44 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=sYDwnlw3; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5D9A082D4C; Wed, 12 May 2021 17:06:32 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="sYDwnlw3"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 2FC3782CC0; Wed, 12 May 2021 17:06:27 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 9825282CA8 for ; Wed, 12 May 2021 17:06:23 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=etienne.carriere@linaro.org Received: by mail-wm1-x32e.google.com with SMTP id p14-20020a05600c358eb029015c01f207d7so3212429wmq.5 for ; Wed, 12 May 2021 08:06:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3BpLQFr5VKOfy2GRgO8Ub9InrXFYYVl2eTtElC47aRI=; b=sYDwnlw3Zb+/v1amFR/38HQhuI/luxr5ftooyZoPSN2VxEdW3iIYzLpd22qomqMplO kEtQfS+YmoIc74yhAgF8gvkESeuuoprypGicCFUxkoikLyEl1YkYsqbQsFmlL9DtXOWF 1UFe1PSeKPIXV1rRWqQxzcLLy0kKJMcVqeptaNrzkvxOg2KZ316otPsKsUBXxZP7eRJJ pmz6P1/8C2hzxvOd/EnOWO38LtMdX4qUU7skP/PbTburbjbfwwZNQDf8dgwIm4TlF57H NmqbjmACgTmB9VNDLV2oC6PeNjQM/gKxJi/w3zfhRl6oyq+7JLW6nJqESIP93k/rV2e1 QILA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3BpLQFr5VKOfy2GRgO8Ub9InrXFYYVl2eTtElC47aRI=; b=p2WKL5fmZ0ZMsBSCHB7UC3LIioVyX4GC3dB0w4xSW4QGRRVsNLlh8VvaQODB54pja7 sGXZuEdh9EUBbnBVDL+4jBxxtG7VLvhXhzwdDOw9z5MHkRGk8zngpp16YNRKtKb1ymfL gFvBYq0jT54zFaPFtSwNHByHTLulZsCtGdFhSmFY2AqXCw1GDwF9eKFdNuYESKqv8mOT q2YIG0pV9w12nZZ/fiDJZGCIyWCUoKg/o4hBr5CJsAlJduqTD9T7tuyK1QifbUC+EdPW hq5aEATvV1j8rcvWVdRJ4Zndcs+nPRImF0DaBT5t9ebIO9AmlMMk4YRhu96e8biyd3DU 0t0Q== X-Gm-Message-State: AOAM530N59tB19GxbAq+Yhco2/ASON3w/GactLaRFBRIBJOacO83YYhn v2y53v89s3oFWgiRNvglG1txbRQvLGik0HFZFQI= X-Received: by 2002:a7b:c742:: with SMTP id w2mr2085451wmk.76.1620831983034; Wed, 12 May 2021 08:06:23 -0700 (PDT) Received: from lmecxl0524.lme.st.com (2a01cb058b850800452ff0effb46d5f4.ipv6.abo.wanadoo.fr. [2a01:cb05:8b85:800:452f:f0ef:fb46:d5f4]) by smtp.gmail.com with ESMTPSA id c22sm9974wmb.10.2021.05.12.08.06.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 May 2021 08:06:22 -0700 (PDT) From: Etienne Carriere To: u-boot@lists.denx.de Cc: Jens Wiklander , Simon Glass , Etienne Carriere Subject: [PATCH 2/2] tee: optee: support session login as REE kernel Date: Wed, 12 May 2021 17:05:37 +0200 Message-Id: <20210512150537.14758-2-etienne.carriere@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210512150537.14758-1-etienne.carriere@linaro.org> References: <20210512150537.14758-1-etienne.carriere@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean OP-TEE supports an API extension to allow client to open a TEE session as REE kernel which OP-TEE uses to differentiate client application services from system services that only the REE OS kernel can access. This change allows U-Boot to invoke OP-TEE which such kernel identity and therefore access kernel client specific services. Signed-off-by: Etienne Carriere --- drivers/tee/optee/core.c | 24 +++++++++++++++++++++++- drivers/tee/optee/optee_msg.h | 2 ++ 2 files changed, 25 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index 73dbb22ba0..526bf125a0 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -349,6 +349,28 @@ static int optee_close_session(struct udevice *dev, u32 session) return 0; } +static uint32_t optee_login_id(enum tee_session_login login) +{ + /* Treat invalid IDs as public login */ + switch (login) { + case TEE_SESSION_LOGIN_USER: + return OPTEE_MSG_LOGIN_USER; + case TEE_SESSION_LOGIN_GROUP: + return OPTEE_MSG_LOGIN_GROUP; + case TEE_SESSION_LOGIN_APPLICATION: + return OPTEE_MSG_LOGIN_APPLICATION; + case TEE_SESSION_LOGIN_APPLICATION_USER: + return OPTEE_MSG_LOGIN_APPLICATION; + case TEE_SESSION_LOGIN_APPLICATION_GROUP: + return OPTEE_MSG_LOGIN_APPLICATION; + case TEE_SESSION_LOGIN_REE_KERNEL: + return OPTEE_MSG_LOGIN_REE_KERNEL; + case TEE_SESSION_LOGIN_PUBLIC: + default: + return OPTEE_MSG_LOGIN_PUBLIC; + } +} + static int optee_open_session(struct udevice *dev, struct tee_open_session_arg *arg, uint num_params, struct tee_param *params) @@ -372,7 +394,7 @@ static int optee_open_session(struct udevice *dev, OPTEE_MSG_ATTR_META; memcpy(&msg_arg->params[0].u.value, arg->uuid, sizeof(arg->uuid)); memcpy(&msg_arg->params[1].u.value, arg->uuid, sizeof(arg->clnt_uuid)); - msg_arg->params[1].u.value.c = arg->clnt_login; + msg_arg->params[1].u.value.c = optee_login_id(arg->clnt_login); rc = to_msg_param(msg_arg->params + 2, num_params, params); if (rc) diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h index 8d40ce60c2..17e8d28e52 100644 --- a/drivers/tee/optee/optee_msg.h +++ b/drivers/tee/optee/optee_msg.h @@ -95,6 +95,8 @@ #define OPTEE_MSG_LOGIN_APPLICATION 0x00000004 #define OPTEE_MSG_LOGIN_APPLICATION_USER 0x00000005 #define OPTEE_MSG_LOGIN_APPLICATION_GROUP 0x00000006 +/* OP-TEE extension: log as REE kernel */ +#define OPTEE_MSG_LOGIN_REE_KERNEL 0x80000000 /* * Page size used in non-contiguous buffer entries