Message ID | 20180813155347.13844-1-jens.wiklander@linaro.org |
---|---|
Headers | show |
Series | AVB using OP-TEE | expand |
Hi Jens, On 13 August 2018 at 09:53, Jens Wiklander <jens.wiklander@linaro.org> wrote: > Hi, > > This adds support for storing AVB rollback indexes in the RPMB partition. > The RPMB partition (content and key) is managed by OP-TEE > (https://www.op-tee.org/) which is a secure OS leveraging ARM TrustZone. > > The Linux kernel can already support OP-TEE with reading and updating > rollback indexes in the RPMB partition, the catch is that this is needed > before the kernel has booted. > > The design here is the same as what is in the Linux kernel, with the > exception that the user space daemon tee-supplicant is integrated in the > OP-TEE driver here (drivers/tee/optee/supplicant.c) instead. A new uclass > (UCLASS_TEE) is introduced to provide an abstraction for interfacing with a > Trusted Execution Environment (TEE). There's also the OP-TEE driver using > UCLASS_TEE for registration. > > A Trusted Application (TA) interface is added to be used by the AVB verify > functions which are updated accordingly. The TA is managed by OP-TEE and is > executed in a secure TrustZone protected environment. > > The header files drivers/tee/optee/optee_{msg,msg_supplicant,smc}.h and > include/tee/optee_ta_avb.h are copied from > https://github.com/OP-TEE/optee_os/tree/master more or less unmodified. > They may need to be updated from time to time in order to support new > features. > > In MMC there's a new function, mmc_rpmb_route_frames(), which as the name > suggests is used to route RPMB frames to/from the MMC. This saves OP-TEE > from implementing an MMC driver which would need to share resources with > its counterpart here in U-boot. > > This was tested on a Hikey (Kirin 620) board. > > I've added myself as maintainer of the TEE stuff. > > Thanks, > Jens > > Jens Wiklander (10): > dm: fdt: scan for devices under /firmware too > cmd: avb read_rb: print rb_idx in hexadecimal > mmc: rpmb: add mmc_rpmb_route_frames() > Add UCLASS_TEE for Trusted Execution Environment > dt/bindings: add bindings for optee > tee: add OP-TEE driver > arm: dt: hikey: Add optee node > optee: support routing of rpmb data frames to mmc > tee: optee: support AVB trusted application > avb_verify: support using OP-TEE TA AVB > > MAINTAINERS | 7 + > arch/arm/dts/hi6220-hikey.dts | 7 + > cmd/avb.c | 2 +- > common/avb_verify.c | 132 +++- > .../firmware/linaro,optee-tz.txt | 31 + > drivers/Kconfig | 2 + > drivers/Makefile | 1 + > drivers/core/root.c | 15 +- > drivers/mmc/rpmb.c | 160 +++++ > drivers/tee/Kconfig | 18 + > drivers/tee/Makefile | 4 + > drivers/tee/optee/Kconfig | 23 + > drivers/tee/optee/Makefile | 5 + > drivers/tee/optee/core.c | 622 ++++++++++++++++++ > drivers/tee/optee/optee_msg.h | 423 ++++++++++++ > drivers/tee/optee/optee_msg_supplicant.h | 234 +++++++ > drivers/tee/optee/optee_private.h | 41 ++ > drivers/tee/optee/optee_smc.h | 444 +++++++++++++ > drivers/tee/optee/rpmb.c | 184 ++++++ > drivers/tee/optee/supplicant.c | 92 +++ > drivers/tee/tee-uclass.c | 180 +++++ > include/avb_verify.h | 4 + > include/dm/uclass-id.h | 1 + > include/mmc.h | 2 + > include/tee.h | 141 ++++ > include/tee/optee_ta_avb.h | 48 ++ > 26 files changed, 2816 insertions(+), 7 deletions(-) > create mode 100644 doc/device-tree-bindings/firmware/linaro,optee-tz.txt > create mode 100644 drivers/tee/Kconfig > create mode 100644 drivers/tee/Makefile > create mode 100644 drivers/tee/optee/Kconfig > create mode 100644 drivers/tee/optee/Makefile > create mode 100644 drivers/tee/optee/core.c > create mode 100644 drivers/tee/optee/optee_msg.h > create mode 100644 drivers/tee/optee/optee_msg_supplicant.h > create mode 100644 drivers/tee/optee/optee_private.h > create mode 100644 drivers/tee/optee/optee_smc.h > create mode 100644 drivers/tee/optee/rpmb.c > create mode 100644 drivers/tee/optee/supplicant.c > create mode 100644 drivers/tee/tee-uclass.c > create mode 100644 include/tee.h > create mode 100644 include/tee/optee_ta_avb.h > > -- > 2.17.1 > I missed the Android Verified Boot stuff going in. I did see the v1 patch but not the v2. Was there discussion of coding style for lib/libavb? Also, how is this stuff tested in U-Boot? I don't see any tests. For the uclass, please add a sandbox driver and test even if there are no other tests. Regards, Simon
Hi Simon, On Thu, Aug 23, 2018 at 12:45 PM, Simon Glass <sjg@chromium.org> wrote: > Hi Jens, > > On 13 August 2018 at 09:53, Jens Wiklander <jens.wiklander@linaro.org> wrote: >> Hi, >> >> This adds support for storing AVB rollback indexes in the RPMB partition. >> The RPMB partition (content and key) is managed by OP-TEE >> (https://www.op-tee.org/) which is a secure OS leveraging ARM TrustZone. >> >> The Linux kernel can already support OP-TEE with reading and updating >> rollback indexes in the RPMB partition, the catch is that this is needed >> before the kernel has booted. >> >> The design here is the same as what is in the Linux kernel, with the >> exception that the user space daemon tee-supplicant is integrated in the >> OP-TEE driver here (drivers/tee/optee/supplicant.c) instead. A new uclass >> (UCLASS_TEE) is introduced to provide an abstraction for interfacing with a >> Trusted Execution Environment (TEE). There's also the OP-TEE driver using >> UCLASS_TEE for registration. >> >> A Trusted Application (TA) interface is added to be used by the AVB verify >> functions which are updated accordingly. The TA is managed by OP-TEE and is >> executed in a secure TrustZone protected environment. >> >> The header files drivers/tee/optee/optee_{msg,msg_supplicant,smc}.h and >> include/tee/optee_ta_avb.h are copied from >> https://github.com/OP-TEE/optee_os/tree/master more or less unmodified. >> They may need to be updated from time to time in order to support new >> features. >> >> In MMC there's a new function, mmc_rpmb_route_frames(), which as the name >> suggests is used to route RPMB frames to/from the MMC. This saves OP-TEE >> from implementing an MMC driver which would need to share resources with >> its counterpart here in U-boot. >> >> This was tested on a Hikey (Kirin 620) board. >> >> I've added myself as maintainer of the TEE stuff. >> >> Thanks, >> Jens >> >> Jens Wiklander (10): >> dm: fdt: scan for devices under /firmware too >> cmd: avb read_rb: print rb_idx in hexadecimal >> mmc: rpmb: add mmc_rpmb_route_frames() >> Add UCLASS_TEE for Trusted Execution Environment >> dt/bindings: add bindings for optee >> tee: add OP-TEE driver >> arm: dt: hikey: Add optee node >> optee: support routing of rpmb data frames to mmc >> tee: optee: support AVB trusted application >> avb_verify: support using OP-TEE TA AVB >> >> MAINTAINERS | 7 + >> arch/arm/dts/hi6220-hikey.dts | 7 + >> cmd/avb.c | 2 +- >> common/avb_verify.c | 132 +++- >> .../firmware/linaro,optee-tz.txt | 31 + >> drivers/Kconfig | 2 + >> drivers/Makefile | 1 + >> drivers/core/root.c | 15 +- >> drivers/mmc/rpmb.c | 160 +++++ >> drivers/tee/Kconfig | 18 + >> drivers/tee/Makefile | 4 + >> drivers/tee/optee/Kconfig | 23 + >> drivers/tee/optee/Makefile | 5 + >> drivers/tee/optee/core.c | 622 ++++++++++++++++++ >> drivers/tee/optee/optee_msg.h | 423 ++++++++++++ >> drivers/tee/optee/optee_msg_supplicant.h | 234 +++++++ >> drivers/tee/optee/optee_private.h | 41 ++ >> drivers/tee/optee/optee_smc.h | 444 +++++++++++++ >> drivers/tee/optee/rpmb.c | 184 ++++++ >> drivers/tee/optee/supplicant.c | 92 +++ >> drivers/tee/tee-uclass.c | 180 +++++ >> include/avb_verify.h | 4 + >> include/dm/uclass-id.h | 1 + >> include/mmc.h | 2 + >> include/tee.h | 141 ++++ >> include/tee/optee_ta_avb.h | 48 ++ >> 26 files changed, 2816 insertions(+), 7 deletions(-) >> create mode 100644 doc/device-tree-bindings/firmware/linaro,optee-tz.txt >> create mode 100644 drivers/tee/Kconfig >> create mode 100644 drivers/tee/Makefile >> create mode 100644 drivers/tee/optee/Kconfig >> create mode 100644 drivers/tee/optee/Makefile >> create mode 100644 drivers/tee/optee/core.c >> create mode 100644 drivers/tee/optee/optee_msg.h >> create mode 100644 drivers/tee/optee/optee_msg_supplicant.h >> create mode 100644 drivers/tee/optee/optee_private.h >> create mode 100644 drivers/tee/optee/optee_smc.h >> create mode 100644 drivers/tee/optee/rpmb.c >> create mode 100644 drivers/tee/optee/supplicant.c >> create mode 100644 drivers/tee/tee-uclass.c >> create mode 100644 include/tee.h >> create mode 100644 include/tee/optee_ta_avb.h >> >> -- >> 2.17.1 >> > > I missed the Android Verified Boot stuff going in. I did see the v1 > patch but not the v2. > > Was there discussion of coding style for lib/libavb? I don't know. It was Igor who posted that. > > Also, how is this stuff tested in U-Boot? I don't see any tests. This depends on OP-TEE running in secure world. The tests are a bit destructive since we're writing in RPMB and also need to have a specific key programmed. Before posting the V2 patch set I did some final manual testing: => avb init 1 => avb read_rb 0 I/TC: Dynamic shared memory is enabled Rollback index: 0 => avb read_rb 1 Rollback index: 0 => avb read_rb 3 Rollback index: 0 => avb read_rb 4 Rollback index: 0 => avb read_rb 5 Rollback index: 34 => avb write_rb 5 3 Failed to write rollback index => avb write_rb 5 35 => avb write_rb 5 3 Failed to write rollback index => avb read_rb 5 Rollback index: 35 > > For the uclass, please add a sandbox driver and test even if there are > no other tests. I've added that in the V2 patch set. Thanks, Jens
Hi Jens, > Also, how is this stuff tested in U-Boot? I don't see any tests. I might be wrong, but I guess Simon means U-boot pytests in this context. When initial AVB2.0 patches were introduced, I've also added some avb tests for testing functionality rollback indexes/device unlock state (there were added some simple stubs, so I guess they need to be extended, to test such cases as updating rb index to the lesser value etc.) Please check test/py/tests/test_avb.py for additional details. BR, Igor On 23 August 2018 at 14:23, Jens Wiklander <jens.wiklander@linaro.org> wrote: > Hi Simon, > > On Thu, Aug 23, 2018 at 12:45 PM, Simon Glass <sjg@chromium.org> wrote: >> Hi Jens, >> >> On 13 August 2018 at 09:53, Jens Wiklander <jens.wiklander@linaro.org> wrote: >>> Hi, >>> >>> This adds support for storing AVB rollback indexes in the RPMB partition. >>> The RPMB partition (content and key) is managed by OP-TEE >>> (https://www.op-tee.org/) which is a secure OS leveraging ARM TrustZone. >>> >>> The Linux kernel can already support OP-TEE with reading and updating >>> rollback indexes in the RPMB partition, the catch is that this is needed >>> before the kernel has booted. >>> >>> The design here is the same as what is in the Linux kernel, with the >>> exception that the user space daemon tee-supplicant is integrated in the >>> OP-TEE driver here (drivers/tee/optee/supplicant.c) instead. A new uclass >>> (UCLASS_TEE) is introduced to provide an abstraction for interfacing with a >>> Trusted Execution Environment (TEE). There's also the OP-TEE driver using >>> UCLASS_TEE for registration. >>> >>> A Trusted Application (TA) interface is added to be used by the AVB verify >>> functions which are updated accordingly. The TA is managed by OP-TEE and is >>> executed in a secure TrustZone protected environment. >>> >>> The header files drivers/tee/optee/optee_{msg,msg_supplicant,smc}.h and >>> include/tee/optee_ta_avb.h are copied from >>> https://github.com/OP-TEE/optee_os/tree/master more or less unmodified. >>> They may need to be updated from time to time in order to support new >>> features. >>> >>> In MMC there's a new function, mmc_rpmb_route_frames(), which as the name >>> suggests is used to route RPMB frames to/from the MMC. This saves OP-TEE >>> from implementing an MMC driver which would need to share resources with >>> its counterpart here in U-boot. >>> >>> This was tested on a Hikey (Kirin 620) board. >>> >>> I've added myself as maintainer of the TEE stuff. >>> >>> Thanks, >>> Jens >>> >>> Jens Wiklander (10): >>> dm: fdt: scan for devices under /firmware too >>> cmd: avb read_rb: print rb_idx in hexadecimal >>> mmc: rpmb: add mmc_rpmb_route_frames() >>> Add UCLASS_TEE for Trusted Execution Environment >>> dt/bindings: add bindings for optee >>> tee: add OP-TEE driver >>> arm: dt: hikey: Add optee node >>> optee: support routing of rpmb data frames to mmc >>> tee: optee: support AVB trusted application >>> avb_verify: support using OP-TEE TA AVB >>> >>> MAINTAINERS | 7 + >>> arch/arm/dts/hi6220-hikey.dts | 7 + >>> cmd/avb.c | 2 +- >>> common/avb_verify.c | 132 +++- >>> .../firmware/linaro,optee-tz.txt | 31 + >>> drivers/Kconfig | 2 + >>> drivers/Makefile | 1 + >>> drivers/core/root.c | 15 +- >>> drivers/mmc/rpmb.c | 160 +++++ >>> drivers/tee/Kconfig | 18 + >>> drivers/tee/Makefile | 4 + >>> drivers/tee/optee/Kconfig | 23 + >>> drivers/tee/optee/Makefile | 5 + >>> drivers/tee/optee/core.c | 622 ++++++++++++++++++ >>> drivers/tee/optee/optee_msg.h | 423 ++++++++++++ >>> drivers/tee/optee/optee_msg_supplicant.h | 234 +++++++ >>> drivers/tee/optee/optee_private.h | 41 ++ >>> drivers/tee/optee/optee_smc.h | 444 +++++++++++++ >>> drivers/tee/optee/rpmb.c | 184 ++++++ >>> drivers/tee/optee/supplicant.c | 92 +++ >>> drivers/tee/tee-uclass.c | 180 +++++ >>> include/avb_verify.h | 4 + >>> include/dm/uclass-id.h | 1 + >>> include/mmc.h | 2 + >>> include/tee.h | 141 ++++ >>> include/tee/optee_ta_avb.h | 48 ++ >>> 26 files changed, 2816 insertions(+), 7 deletions(-) >>> create mode 100644 doc/device-tree-bindings/firmware/linaro,optee-tz.txt >>> create mode 100644 drivers/tee/Kconfig >>> create mode 100644 drivers/tee/Makefile >>> create mode 100644 drivers/tee/optee/Kconfig >>> create mode 100644 drivers/tee/optee/Makefile >>> create mode 100644 drivers/tee/optee/core.c >>> create mode 100644 drivers/tee/optee/optee_msg.h >>> create mode 100644 drivers/tee/optee/optee_msg_supplicant.h >>> create mode 100644 drivers/tee/optee/optee_private.h >>> create mode 100644 drivers/tee/optee/optee_smc.h >>> create mode 100644 drivers/tee/optee/rpmb.c >>> create mode 100644 drivers/tee/optee/supplicant.c >>> create mode 100644 drivers/tee/tee-uclass.c >>> create mode 100644 include/tee.h >>> create mode 100644 include/tee/optee_ta_avb.h >>> >>> -- >>> 2.17.1 >>> >> >> I missed the Android Verified Boot stuff going in. I did see the v1 >> patch but not the v2. >> >> Was there discussion of coding style for lib/libavb? > > I don't know. It was Igor who posted that. > >> >> Also, how is this stuff tested in U-Boot? I don't see any tests. > > This depends on OP-TEE running in secure world. > The tests are a bit destructive since we're writing in RPMB and also > need to have a specific key programmed. > > Before posting the V2 patch set I did some final manual testing: > > => avb init 1 > => avb read_rb 0 > I/TC: Dynamic shared memory is enabled > Rollback index: 0 > => avb read_rb 1 > Rollback index: 0 > => avb read_rb 3 > Rollback index: 0 > => avb read_rb 4 > Rollback index: 0 > => avb read_rb 5 > Rollback index: 34 > => avb write_rb 5 3 > Failed to write rollback index > => avb write_rb 5 35 > => avb write_rb 5 3 > Failed to write rollback index > => avb read_rb 5 > Rollback index: 35 > > >> >> For the uclass, please add a sandbox driver and test even if there are >> no other tests. > > I've added that in the V2 patch set. > > Thanks, > Jens
Hi Jens, On 23 August 2018 at 05:23, Jens Wiklander <jens.wiklander@linaro.org> wrote: > Hi Simon, > > On Thu, Aug 23, 2018 at 12:45 PM, Simon Glass <sjg@chromium.org> wrote: >> Hi Jens, >> >> On 13 August 2018 at 09:53, Jens Wiklander <jens.wiklander@linaro.org> wrote: >>> Hi, >>> >>> This adds support for storing AVB rollback indexes in the RPMB partition. >>> The RPMB partition (content and key) is managed by OP-TEE >>> (https://www.op-tee.org/) which is a secure OS leveraging ARM TrustZone. >>> >>> The Linux kernel can already support OP-TEE with reading and updating >>> rollback indexes in the RPMB partition, the catch is that this is needed >>> before the kernel has booted. >>> >>> The design here is the same as what is in the Linux kernel, with the >>> exception that the user space daemon tee-supplicant is integrated in the >>> OP-TEE driver here (drivers/tee/optee/supplicant.c) instead. A new uclass >>> (UCLASS_TEE) is introduced to provide an abstraction for interfacing with a >>> Trusted Execution Environment (TEE). There's also the OP-TEE driver using >>> UCLASS_TEE for registration. >>> >>> A Trusted Application (TA) interface is added to be used by the AVB verify >>> functions which are updated accordingly. The TA is managed by OP-TEE and is >>> executed in a secure TrustZone protected environment. >>> >>> The header files drivers/tee/optee/optee_{msg,msg_supplicant,smc}.h and >>> include/tee/optee_ta_avb.h are copied from >>> https://github.com/OP-TEE/optee_os/tree/master more or less unmodified. >>> They may need to be updated from time to time in order to support new >>> features. >>> >>> In MMC there's a new function, mmc_rpmb_route_frames(), which as the name >>> suggests is used to route RPMB frames to/from the MMC. This saves OP-TEE >>> from implementing an MMC driver which would need to share resources with >>> its counterpart here in U-boot. >>> >>> This was tested on a Hikey (Kirin 620) board. >>> >>> I've added myself as maintainer of the TEE stuff. >>> >>> Thanks, >>> Jens >>> >>> Jens Wiklander (10): >>> dm: fdt: scan for devices under /firmware too >>> cmd: avb read_rb: print rb_idx in hexadecimal >>> mmc: rpmb: add mmc_rpmb_route_frames() >>> Add UCLASS_TEE for Trusted Execution Environment >>> dt/bindings: add bindings for optee >>> tee: add OP-TEE driver >>> arm: dt: hikey: Add optee node >>> optee: support routing of rpmb data frames to mmc >>> tee: optee: support AVB trusted application >>> avb_verify: support using OP-TEE TA AVB >>> >>> MAINTAINERS | 7 + >>> arch/arm/dts/hi6220-hikey.dts | 7 + >>> cmd/avb.c | 2 +- >>> common/avb_verify.c | 132 +++- >>> .../firmware/linaro,optee-tz.txt | 31 + >>> drivers/Kconfig | 2 + >>> drivers/Makefile | 1 + >>> drivers/core/root.c | 15 +- >>> drivers/mmc/rpmb.c | 160 +++++ >>> drivers/tee/Kconfig | 18 + >>> drivers/tee/Makefile | 4 + >>> drivers/tee/optee/Kconfig | 23 + >>> drivers/tee/optee/Makefile | 5 + >>> drivers/tee/optee/core.c | 622 ++++++++++++++++++ >>> drivers/tee/optee/optee_msg.h | 423 ++++++++++++ >>> drivers/tee/optee/optee_msg_supplicant.h | 234 +++++++ >>> drivers/tee/optee/optee_private.h | 41 ++ >>> drivers/tee/optee/optee_smc.h | 444 +++++++++++++ >>> drivers/tee/optee/rpmb.c | 184 ++++++ >>> drivers/tee/optee/supplicant.c | 92 +++ >>> drivers/tee/tee-uclass.c | 180 +++++ >>> include/avb_verify.h | 4 + >>> include/dm/uclass-id.h | 1 + >>> include/mmc.h | 2 + >>> include/tee.h | 141 ++++ >>> include/tee/optee_ta_avb.h | 48 ++ >>> 26 files changed, 2816 insertions(+), 7 deletions(-) >>> create mode 100644 doc/device-tree-bindings/firmware/linaro,optee-tz.txt >>> create mode 100644 drivers/tee/Kconfig >>> create mode 100644 drivers/tee/Makefile >>> create mode 100644 drivers/tee/optee/Kconfig >>> create mode 100644 drivers/tee/optee/Makefile >>> create mode 100644 drivers/tee/optee/core.c >>> create mode 100644 drivers/tee/optee/optee_msg.h >>> create mode 100644 drivers/tee/optee/optee_msg_supplicant.h >>> create mode 100644 drivers/tee/optee/optee_private.h >>> create mode 100644 drivers/tee/optee/optee_smc.h >>> create mode 100644 drivers/tee/optee/rpmb.c >>> create mode 100644 drivers/tee/optee/supplicant.c >>> create mode 100644 drivers/tee/tee-uclass.c >>> create mode 100644 include/tee.h >>> create mode 100644 include/tee/optee_ta_avb.h >>> >>> -- >>> 2.17.1 >>> >> >> I missed the Android Verified Boot stuff going in. I did see the v1 >> patch but not the v2. >> >> Was there discussion of coding style for lib/libavb? > > I don't know. It was Igor who posted that. > >> >> Also, how is this stuff tested in U-Boot? I don't see any tests. > > This depends on OP-TEE running in secure world. > The tests are a bit destructive since we're writing in RPMB and also > need to have a specific key programmed. > > Before posting the V2 patch set I did some final manual testing: > > => avb init 1 > => avb read_rb 0 > I/TC: Dynamic shared memory is enabled > Rollback index: 0 > => avb read_rb 1 > Rollback index: 0 > => avb read_rb 3 > Rollback index: 0 > => avb read_rb 4 > Rollback index: 0 > => avb read_rb 5 > Rollback index: 34 > => avb write_rb 5 3 > Failed to write rollback index > => avb write_rb 5 35 > => avb write_rb 5 3 > Failed to write rollback index > => avb read_rb 5 > Rollback index: 35 OK, I wonder if that can be converted into a simple test in test/py? Better would be to have a fake sandbox OP-TEE implementation that we can use to write a test of all the code. Does that sound feasible? > > >> >> For the uclass, please add a sandbox driver and test even if there are >> no other tests. > > I've added that in the V2 patch set. OK great. Regards, Simon
On Thu, Aug 23, 2018 at 6:31 PM, Simon Glass <sjg@chromium.org> wrote: > Hi Jens, > > On 23 August 2018 at 05:23, Jens Wiklander <jens.wiklander@linaro.org> wrote: >> Hi Simon, >> >> On Thu, Aug 23, 2018 at 12:45 PM, Simon Glass <sjg@chromium.org> wrote: >>> Hi Jens, >>> >>> On 13 August 2018 at 09:53, Jens Wiklander <jens.wiklander@linaro.org> wrote: >>>> Hi, >>>> >>>> This adds support for storing AVB rollback indexes in the RPMB partition. >>>> The RPMB partition (content and key) is managed by OP-TEE >>>> (https://www.op-tee.org/) which is a secure OS leveraging ARM TrustZone. >>>> >>>> The Linux kernel can already support OP-TEE with reading and updating >>>> rollback indexes in the RPMB partition, the catch is that this is needed >>>> before the kernel has booted. >>>> >>>> The design here is the same as what is in the Linux kernel, with the >>>> exception that the user space daemon tee-supplicant is integrated in the >>>> OP-TEE driver here (drivers/tee/optee/supplicant.c) instead. A new uclass >>>> (UCLASS_TEE) is introduced to provide an abstraction for interfacing with a >>>> Trusted Execution Environment (TEE). There's also the OP-TEE driver using >>>> UCLASS_TEE for registration. >>>> >>>> A Trusted Application (TA) interface is added to be used by the AVB verify >>>> functions which are updated accordingly. The TA is managed by OP-TEE and is >>>> executed in a secure TrustZone protected environment. >>>> >>>> The header files drivers/tee/optee/optee_{msg,msg_supplicant,smc}.h and >>>> include/tee/optee_ta_avb.h are copied from >>>> https://github.com/OP-TEE/optee_os/tree/master more or less unmodified. >>>> They may need to be updated from time to time in order to support new >>>> features. >>>> >>>> In MMC there's a new function, mmc_rpmb_route_frames(), which as the name >>>> suggests is used to route RPMB frames to/from the MMC. This saves OP-TEE >>>> from implementing an MMC driver which would need to share resources with >>>> its counterpart here in U-boot. >>>> >>>> This was tested on a Hikey (Kirin 620) board. >>>> >>>> I've added myself as maintainer of the TEE stuff. >>>> >>>> Thanks, >>>> Jens >>>> >>>> Jens Wiklander (10): >>>> dm: fdt: scan for devices under /firmware too >>>> cmd: avb read_rb: print rb_idx in hexadecimal >>>> mmc: rpmb: add mmc_rpmb_route_frames() >>>> Add UCLASS_TEE for Trusted Execution Environment >>>> dt/bindings: add bindings for optee >>>> tee: add OP-TEE driver >>>> arm: dt: hikey: Add optee node >>>> optee: support routing of rpmb data frames to mmc >>>> tee: optee: support AVB trusted application >>>> avb_verify: support using OP-TEE TA AVB >>>> >>>> MAINTAINERS | 7 + >>>> arch/arm/dts/hi6220-hikey.dts | 7 + >>>> cmd/avb.c | 2 +- >>>> common/avb_verify.c | 132 +++- >>>> .../firmware/linaro,optee-tz.txt | 31 + >>>> drivers/Kconfig | 2 + >>>> drivers/Makefile | 1 + >>>> drivers/core/root.c | 15 +- >>>> drivers/mmc/rpmb.c | 160 +++++ >>>> drivers/tee/Kconfig | 18 + >>>> drivers/tee/Makefile | 4 + >>>> drivers/tee/optee/Kconfig | 23 + >>>> drivers/tee/optee/Makefile | 5 + >>>> drivers/tee/optee/core.c | 622 ++++++++++++++++++ >>>> drivers/tee/optee/optee_msg.h | 423 ++++++++++++ >>>> drivers/tee/optee/optee_msg_supplicant.h | 234 +++++++ >>>> drivers/tee/optee/optee_private.h | 41 ++ >>>> drivers/tee/optee/optee_smc.h | 444 +++++++++++++ >>>> drivers/tee/optee/rpmb.c | 184 ++++++ >>>> drivers/tee/optee/supplicant.c | 92 +++ >>>> drivers/tee/tee-uclass.c | 180 +++++ >>>> include/avb_verify.h | 4 + >>>> include/dm/uclass-id.h | 1 + >>>> include/mmc.h | 2 + >>>> include/tee.h | 141 ++++ >>>> include/tee/optee_ta_avb.h | 48 ++ >>>> 26 files changed, 2816 insertions(+), 7 deletions(-) >>>> create mode 100644 doc/device-tree-bindings/firmware/linaro,optee-tz.txt >>>> create mode 100644 drivers/tee/Kconfig >>>> create mode 100644 drivers/tee/Makefile >>>> create mode 100644 drivers/tee/optee/Kconfig >>>> create mode 100644 drivers/tee/optee/Makefile >>>> create mode 100644 drivers/tee/optee/core.c >>>> create mode 100644 drivers/tee/optee/optee_msg.h >>>> create mode 100644 drivers/tee/optee/optee_msg_supplicant.h >>>> create mode 100644 drivers/tee/optee/optee_private.h >>>> create mode 100644 drivers/tee/optee/optee_smc.h >>>> create mode 100644 drivers/tee/optee/rpmb.c >>>> create mode 100644 drivers/tee/optee/supplicant.c >>>> create mode 100644 drivers/tee/tee-uclass.c >>>> create mode 100644 include/tee.h >>>> create mode 100644 include/tee/optee_ta_avb.h >>>> >>>> -- >>>> 2.17.1 >>>> >>> >>> I missed the Android Verified Boot stuff going in. I did see the v1 >>> patch but not the v2. >>> >>> Was there discussion of coding style for lib/libavb? >> >> I don't know. It was Igor who posted that. >> >>> >>> Also, how is this stuff tested in U-Boot? I don't see any tests. >> >> This depends on OP-TEE running in secure world. >> The tests are a bit destructive since we're writing in RPMB and also >> need to have a specific key programmed. >> >> Before posting the V2 patch set I did some final manual testing: >> >> => avb init 1 >> => avb read_rb 0 >> I/TC: Dynamic shared memory is enabled >> Rollback index: 0 >> => avb read_rb 1 >> Rollback index: 0 >> => avb read_rb 3 >> Rollback index: 0 >> => avb read_rb 4 >> Rollback index: 0 >> => avb read_rb 5 >> Rollback index: 34 >> => avb write_rb 5 3 >> Failed to write rollback index >> => avb write_rb 5 35 >> => avb write_rb 5 3 >> Failed to write rollback index >> => avb read_rb 5 >> Rollback index: 35 > > OK, I wonder if that can be converted into a simple test in test/py? > > Better would be to have a fake sandbox OP-TEE implementation that we > can use to write a test of all the code. Does that sound feasible? Good idea, shouldn't be too hard. Thanks, Jens