From patchwork Tue Sep 25 14:40:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jens Wiklander X-Patchwork-Id: 147476 Delivered-To: patches@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp812662lji; Tue, 25 Sep 2018 07:40:47 -0700 (PDT) X-Received: by 2002:a2e:54b:: with SMTP id 72-v6mr1240693ljf.152.1537886447269; Tue, 25 Sep 2018 07:40:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537886447; cv=none; d=google.com; s=arc-20160816; b=BAuqoSspmgbUkNy9DDRowLQpQxaIrIN21ZruVuEyPo2b2zZpL4ieS0UXxgQU5qx35D HxCDyUeSeVGLgJc1MkgDz1Q98fLHiURoHVEwFE3AqarjS7p70TdAx6QHlqpUo+/aUFP+ SVfnX3m6lvGmlvudqtOdOpfPKlhG43bPPOGhwPEaeOE2KAJxucmGCJyah//l4jrfrlBY 1mNaiq0fa6F1czYca3nt7EBZ0jWCV9dqsFKag5VJP9NbCcGlQTd/aFn/z5vhCvnxXpdq wYnIwpyCgG9UhmOO0gMXszYB2RXrhYLFMuomZ/VZUH/D/5btx9qQy/OAjE0m2lwdgw0K fNEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hz8wRwm/EqPjhovh41FBL7mTCMRm9Z7L5V5D1YIqLcg=; b=HCSk/VxqpXNriWxAn6HBrekfejZM/ZWYRJlriJXeOq8pYodHtS2l+OzQal0uV+9K7g z6qzVUQtVnWTPnjdR5FzSjbfXLHQ0Y9l9Z+LVSQncg1lD/opEJjFnxyIZLGD6amxQ26a XYrMB2eZDNH59umoIuiGEUJxM4EDS8qpmPU4xKsv1RZvG+6g14L+TWI1vr6QxUrPuFIG ZZOk6F8NqwAYu8k+CNRkVZjmIvxRu2Kc0Hu+SI32jx+v6tas8g2DCTsKmtOKQackgkKm PRWJSyCT3nS9Pvq7KQjMvVLJYEQWb3zG6s1T3rUrUZ+fq0soiP3PajiJpGwmhG8/E6ap 2MmA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=eqdEMron; spf=pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=jens.wiklander@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id y14-v6sor1633563ljc.29.2018.09.25.07.40.47 for (Google Transport Security); Tue, 25 Sep 2018 07:40:47 -0700 (PDT) Received-SPF: pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=eqdEMron; spf=pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=jens.wiklander@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=hz8wRwm/EqPjhovh41FBL7mTCMRm9Z7L5V5D1YIqLcg=; b=eqdEMronsG2e10+CmQfbS3eMqbqWF94Cn4Eoawm2UHrAXUoBs4I4dRSDp7j3RL7bbd TxilLdH2aHTdBeGBBjr+cEoPEWElNMDJoM1fbSIbno079ScXH3b10OEXlW5xPyli2481 6UWefuKRHcJ1RoWllzZMFokm1RJOtB832t70g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=hz8wRwm/EqPjhovh41FBL7mTCMRm9Z7L5V5D1YIqLcg=; b=jElLkLv7sTbq6ly1HLY2OWZLzQsVtZZHDujlyn/I/mtsQAiUIROmg2/nGLLXs9798u bgM9yt45TgkmLPhJCYcMbZUjqaqIkHMtAe56WS/Uz2wASEMHHhHm9DpfF2uM4G98lz5g ee9ggvWyWSMO9GmNPtp/uJQhYNyV4gPin9i1GcN52nLF6vz1Qs5QxTfGcnJbKU7h1kBe yQyTZL2QbWmTqFQzZF++OSvMNvnEYsGtgwKrz4SkV2lVgQJJGDaK476uPnh1Nhf0TNZU +4eVgf1sQKN5NR3ypQPlfzcpmbmCdyZKuJD5uPUt9XfeLZcUwPoqUeeCQW0A+CyvBvm4 WDNg== X-Gm-Message-State: ABuFfoheTenrgm20+NmA67cU0w0d2NV177RGhzEMGIAJytZYtwDvwBeW +axEbVTpYdylgtnvnthOB09v44TN X-Google-Smtp-Source: ACcGV63wch4ftzNLRVAHrXu7kDVl0JuhMln0U7rFWkE6WFTttrTQdeNnUIxEt+vZeaOqBaq7zW1RAg== X-Received: by 2002:a2e:82c9:: with SMTP id n9-v6mr1240524ljh.111.1537886446948; Tue, 25 Sep 2018 07:40:46 -0700 (PDT) Return-Path: Received: from jax.urgonet (h-84-105.A175.priv.bahnhof.se. [79.136.84.105]) by smtp.gmail.com with ESMTPSA id g14-v6sm14483lja.96.2018.09.25.07.40.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Sep 2018 07:40:46 -0700 (PDT) From: Jens Wiklander To: u-boot@lists.denx.de Cc: Simon Glass , Igor Opaniuk , Tom Rini , Jaehoon Chung , Pierre Aubert , Albert Aribaud , Peter Griffin , Michal Simek , Jens Wiklander Subject: [PATCH v4 11/19] tee: optee: support AVB trusted application Date: Tue, 25 Sep 2018 16:40:15 +0200 Message-Id: <20180925144023.24555-12-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180925144023.24555-1-jens.wiklander@linaro.org> References: <20180925144023.24555-1-jens.wiklander@linaro.org> Adds configuration option OPTEE_TA_AVB and a header file describing the interface to the Android Verified Boot 2.0 (AVB) trusted application provided by OP-TEE. Tested-by: Igor Opaniuk Reviewed-by: Igor Opaniuk Signed-off-by: Jens Wiklander --- MAINTAINERS | 1 + drivers/tee/optee/Kconfig | 16 +++++++++++++ drivers/tee/tee-uclass.c | 24 +++++++++++++++++++ include/tee.h | 38 ++++++++++++++++++++++++++++++ include/tee/optee_ta_avb.h | 48 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 127 insertions(+) create mode 100644 include/tee/optee_ta_avb.h -- 2.17.1 Reviewed-by: Simon Glass diff --git a/MAINTAINERS b/MAINTAINERS index 5b085ad3acd6..1c96ece8cc9e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -590,6 +590,7 @@ M: Jens Wiklander S: Maintained F: drivers/tee/ F: include/tee.h +F: include/tee/ UBI M: Kyungmin Park diff --git a/drivers/tee/optee/Kconfig b/drivers/tee/optee/Kconfig index 7484e6fea114..dbfa7846a30f 100644 --- a/drivers/tee/optee/Kconfig +++ b/drivers/tee/optee/Kconfig @@ -9,3 +9,19 @@ config OPTEE mechanism. This driver can request services from OP-TEE, but also handle Remote Procedure Calls (RPC) from OP-TEE needed to execute a service. For more information see: https://www.op-tee.org + +if OPTEE + +menu "OP-TEE options" + +config OPTEE_TA_AVB + bool "Support AVB TA" + default y + help + Enables support for the AVB Trusted Application (TA) in OP-TEE. + The TA can support the "avb" subcommands "read_rb", "write"rb" + and "is_unlocked". + +endmenu + +endif diff --git a/drivers/tee/tee-uclass.c b/drivers/tee/tee-uclass.c index 1bee54ebf4af..abb88c0fee53 100644 --- a/drivers/tee/tee-uclass.c +++ b/drivers/tee/tee-uclass.c @@ -207,3 +207,27 @@ UCLASS_DRIVER(tee) = { .pre_probe = tee_pre_probe, .pre_remove = tee_pre_remove, }; + +void tee_optee_ta_uuid_from_octets(struct tee_optee_ta_uuid *d, + const u8 s[TEE_UUID_LEN]) +{ + d->time_low = ((u32)s[0] << 24) | ((u32)s[1] << 16) | + ((u32)s[2] << 8) | s[3], + d->time_mid = ((u32)s[4] << 8) | s[5]; + d->time_hi_and_version = ((u32)s[6] << 8) | s[7]; + memcpy(d->clock_seq_and_node, s + 8, sizeof(d->clock_seq_and_node)); +} + +void tee_optee_ta_uuid_to_octets(u8 d[TEE_UUID_LEN], + const struct tee_optee_ta_uuid *s) +{ + d[0] = s->time_low >> 24; + d[1] = s->time_low >> 16; + d[2] = s->time_low >> 8; + d[3] = s->time_low; + d[4] = s->time_mid >> 8; + d[5] = s->time_mid; + d[6] = s->time_hi_and_version >> 8; + d[7] = s->time_hi_and_version; + memcpy(d + 8, s->clock_seq_and_node, sizeof(s->clock_seq_and_node)); +} diff --git a/include/tee.h b/include/tee.h index b86dbec257b4..98b1c9cc693a 100644 --- a/include/tee.h +++ b/include/tee.h @@ -49,6 +49,22 @@ #define TEE_ORIGIN_TRUSTED_APP 0x00000004 struct udevice; + +/** + * struct tee_optee_ta_uuid - OP-TEE Trusted Application (TA) UUID format + * + * Used to identify an OP-TEE TA and define suitable to initialize structs + * of this format is distributed with the interface of the TA. The + * individual fields of this struct doesn't have any special meaning in + * OP-TEE. See RFC4122 for details on the format. + */ +struct tee_optee_ta_uuid { + u32 time_low; + u16 time_mid; + u16 time_hi_and_version; + u8 clock_seq_and_node[8]; +}; + /** * struct tee_shm - memory shared with the TEE * @dev: The TEE device @@ -333,4 +349,26 @@ int tee_close_session(struct udevice *dev, u32 session); int tee_invoke_func(struct udevice *dev, struct tee_invoke_arg *arg, uint num_param, struct tee_param *param); +/** + * tee_optee_ta_uuid_from_octets() - Converts to struct tee_optee_ta_uuid + * @d: Destination struct + * @s: Source UUID octets + * + * Conversion to a struct tee_optee_ta_uuid represantion from binary octet + * representation. + */ +void tee_optee_ta_uuid_from_octets(struct tee_optee_ta_uuid *d, + const u8 s[TEE_UUID_LEN]); + +/** + * tee_optee_ta_uuid_to_octets() - Converts from struct tee_optee_ta_uuid + * @d: Destination UUID octets + * @s: Source struct + * + * Conversion from a struct tee_optee_ta_uuid represantion to binary octet + * representation. + */ +void tee_optee_ta_uuid_to_octets(u8 d[TEE_UUID_LEN], + const struct tee_optee_ta_uuid *s); + #endif /* __TEE_H */ diff --git a/include/tee/optee_ta_avb.h b/include/tee/optee_ta_avb.h new file mode 100644 index 000000000000..074386af19a1 --- /dev/null +++ b/include/tee/optee_ta_avb.h @@ -0,0 +1,48 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/* Copyright (c) 2018, Linaro Limited */ + +#ifndef __TA_AVB_H +#define __TA_AVB_H + +#define TA_AVB_UUID { 0x023f8f1a, 0x292a, 0x432b, \ + { 0x8f, 0xc4, 0xde, 0x84, 0x71, 0x35, 0x80, 0x67 } } + +#define TA_AVB_MAX_ROLLBACK_LOCATIONS 256 + +/* + * Gets the rollback index corresponding to the given rollback index slot. + * + * in params[0].value.a: rollback index slot + * out params[1].value.a: upper 32 bits of rollback index + * out params[1].value.b: lower 32 bits of rollback index + */ +#define TA_AVB_CMD_READ_ROLLBACK_INDEX 0 + +/* + * Updates the rollback index corresponding to the given rollback index slot. + * + * Will refuse to update a slot with a lower value. + * + * in params[0].value.a: rollback index slot + * in params[1].value.a: upper 32 bits of rollback index + * in params[1].value.b: lower 32 bits of rollback index + */ +#define TA_AVB_CMD_WRITE_ROLLBACK_INDEX 1 + +/* + * Gets the lock state of the device. + * + * out params[0].value.a: lock state + */ +#define TA_AVB_CMD_READ_LOCK_STATE 2 + +/* + * Sets the lock state of the device. + * + * If the lock state is changed all rollback slots will be reset to 0 + * + * in params[0].value.a: lock state + */ +#define TA_AVB_CMD_WRITE_LOCK_STATE 3 + +#endif /* __TA_AVB_H */