| Message ID | 20210512150537.14758-2-etienne.carriere@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | [1/2] tee: define session login identifiers | expand |
On Wed, May 12, 2021 at 5:06 PM Etienne Carriere <etienne.carriere@linaro.org> wrote: > > OP-TEE supports an API extension to allow client to open a TEE session > as REE kernel which OP-TEE uses to differentiate client application > services from system services that only the REE OS kernel can access. > > This change allows U-Boot to invoke OP-TEE which such kernel identity > and therefore access kernel client specific services. > > Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> > --- > drivers/tee/optee/core.c | 24 +++++++++++++++++++++++- > drivers/tee/optee/optee_msg.h | 2 ++ > 2 files changed, 25 insertions(+), 1 deletion(-) > > diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c > index 73dbb22ba0..526bf125a0 100644 > --- a/drivers/tee/optee/core.c > +++ b/drivers/tee/optee/core.c > @@ -349,6 +349,28 @@ static int optee_close_session(struct udevice *dev, u32 session) > return 0; > } > > +static uint32_t optee_login_id(enum tee_session_login login) > +{ > + /* Treat invalid IDs as public login */ > + switch (login) { > + case TEE_SESSION_LOGIN_USER: > + return OPTEE_MSG_LOGIN_USER; > + case TEE_SESSION_LOGIN_GROUP: > + return OPTEE_MSG_LOGIN_GROUP; > + case TEE_SESSION_LOGIN_APPLICATION: > + return OPTEE_MSG_LOGIN_APPLICATION; > + case TEE_SESSION_LOGIN_APPLICATION_USER: > + return OPTEE_MSG_LOGIN_APPLICATION; > + case TEE_SESSION_LOGIN_APPLICATION_GROUP: > + return OPTEE_MSG_LOGIN_APPLICATION; > + case TEE_SESSION_LOGIN_REE_KERNEL: > + return OPTEE_MSG_LOGIN_REE_KERNEL; > + case TEE_SESSION_LOGIN_PUBLIC: > + default: > + return OPTEE_MSG_LOGIN_PUBLIC; > + } > +} > + I don't see any point in this translation, we could just as well use the correct values from the start. Cheers, Jens > static int optee_open_session(struct udevice *dev, > struct tee_open_session_arg *arg, > uint num_params, struct tee_param *params) > @@ -372,7 +394,7 @@ static int optee_open_session(struct udevice *dev, > OPTEE_MSG_ATTR_META; > memcpy(&msg_arg->params[0].u.value, arg->uuid, sizeof(arg->uuid)); > memcpy(&msg_arg->params[1].u.value, arg->uuid, sizeof(arg->clnt_uuid)); > - msg_arg->params[1].u.value.c = arg->clnt_login; > + msg_arg->params[1].u.value.c = optee_login_id(arg->clnt_login); > > rc = to_msg_param(msg_arg->params + 2, num_params, params); > if (rc) > diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h > index 8d40ce60c2..17e8d28e52 100644 > --- a/drivers/tee/optee/optee_msg.h > +++ b/drivers/tee/optee/optee_msg.h > @@ -95,6 +95,8 @@ > #define OPTEE_MSG_LOGIN_APPLICATION 0x00000004 > #define OPTEE_MSG_LOGIN_APPLICATION_USER 0x00000005 > #define OPTEE_MSG_LOGIN_APPLICATION_GROUP 0x00000006 > +/* OP-TEE extension: log as REE kernel */ > +#define OPTEE_MSG_LOGIN_REE_KERNEL 0x80000000 > > /* > * Page size used in non-contiguous buffer entries > -- > 2.17.1 >
On Mon, 17 May 2021 at 08:08, Jens Wiklander <jens.wiklander@linaro.org> wrote: > > On Wed, May 12, 2021 at 5:06 PM Etienne Carriere > <etienne.carriere@linaro.org> wrote: > > > > OP-TEE supports an API extension to allow client to open a TEE session > > as REE kernel which OP-TEE uses to differentiate client application > > services from system services that only the REE OS kernel can access. > > > > This change allows U-Boot to invoke OP-TEE which such kernel identity > > and therefore access kernel client specific services. > > > > Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> > > --- > > drivers/tee/optee/core.c | 24 +++++++++++++++++++++++- > > drivers/tee/optee/optee_msg.h | 2 ++ > > 2 files changed, 25 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c > > index 73dbb22ba0..526bf125a0 100644 > > --- a/drivers/tee/optee/core.c > > +++ b/drivers/tee/optee/core.c > > @@ -349,6 +349,28 @@ static int optee_close_session(struct udevice *dev, u32 session) > > return 0; > > } > > > > +static uint32_t optee_login_id(enum tee_session_login login) > > +{ > > + /* Treat invalid IDs as public login */ > > + switch (login) { > > + case TEE_SESSION_LOGIN_USER: > > + return OPTEE_MSG_LOGIN_USER; > > + case TEE_SESSION_LOGIN_GROUP: > > + return OPTEE_MSG_LOGIN_GROUP; > > + case TEE_SESSION_LOGIN_APPLICATION: > > + return OPTEE_MSG_LOGIN_APPLICATION; > > + case TEE_SESSION_LOGIN_APPLICATION_USER: > > + return OPTEE_MSG_LOGIN_APPLICATION; > > + case TEE_SESSION_LOGIN_APPLICATION_GROUP: > > + return OPTEE_MSG_LOGIN_APPLICATION; > > + case TEE_SESSION_LOGIN_REE_KERNEL: > > + return OPTEE_MSG_LOGIN_REE_KERNEL; > > + case TEE_SESSION_LOGIN_PUBLIC: > > + default: > > + return OPTEE_MSG_LOGIN_PUBLIC; > > + } > > +} > > + > > I don't see any point in this translation, we could just as well use > the correct values from the start. > > Cheers, > Jens Right, i'll check that. thanks etienne
diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index 73dbb22ba0..526bf125a0 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -349,6 +349,28 @@ static int optee_close_session(struct udevice *dev, u32 session) return 0; } +static uint32_t optee_login_id(enum tee_session_login login) +{ + /* Treat invalid IDs as public login */ + switch (login) { + case TEE_SESSION_LOGIN_USER: + return OPTEE_MSG_LOGIN_USER; + case TEE_SESSION_LOGIN_GROUP: + return OPTEE_MSG_LOGIN_GROUP; + case TEE_SESSION_LOGIN_APPLICATION: + return OPTEE_MSG_LOGIN_APPLICATION; + case TEE_SESSION_LOGIN_APPLICATION_USER: + return OPTEE_MSG_LOGIN_APPLICATION; + case TEE_SESSION_LOGIN_APPLICATION_GROUP: + return OPTEE_MSG_LOGIN_APPLICATION; + case TEE_SESSION_LOGIN_REE_KERNEL: + return OPTEE_MSG_LOGIN_REE_KERNEL; + case TEE_SESSION_LOGIN_PUBLIC: + default: + return OPTEE_MSG_LOGIN_PUBLIC; + } +} + static int optee_open_session(struct udevice *dev, struct tee_open_session_arg *arg, uint num_params, struct tee_param *params) @@ -372,7 +394,7 @@ static int optee_open_session(struct udevice *dev, OPTEE_MSG_ATTR_META; memcpy(&msg_arg->params[0].u.value, arg->uuid, sizeof(arg->uuid)); memcpy(&msg_arg->params[1].u.value, arg->uuid, sizeof(arg->clnt_uuid)); - msg_arg->params[1].u.value.c = arg->clnt_login; + msg_arg->params[1].u.value.c = optee_login_id(arg->clnt_login); rc = to_msg_param(msg_arg->params + 2, num_params, params); if (rc) diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h index 8d40ce60c2..17e8d28e52 100644 --- a/drivers/tee/optee/optee_msg.h +++ b/drivers/tee/optee/optee_msg.h @@ -95,6 +95,8 @@ #define OPTEE_MSG_LOGIN_APPLICATION 0x00000004 #define OPTEE_MSG_LOGIN_APPLICATION_USER 0x00000005 #define OPTEE_MSG_LOGIN_APPLICATION_GROUP 0x00000006 +/* OP-TEE extension: log as REE kernel */ +#define OPTEE_MSG_LOGIN_REE_KERNEL 0x80000000 /* * Page size used in non-contiguous buffer entries
OP-TEE supports an API extension to allow client to open a TEE session as REE kernel which OP-TEE uses to differentiate client application services from system services that only the REE OS kernel can access. This change allows U-Boot to invoke OP-TEE which such kernel identity and therefore access kernel client specific services. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> --- drivers/tee/optee/core.c | 24 +++++++++++++++++++++++- drivers/tee/optee/optee_msg.h | 2 ++ 2 files changed, 25 insertions(+), 1 deletion(-) -- 2.17.1