From: Sumit Garg <sumit.garg@linaro.org>
To: Christopher.Co@microsoft.com
Cc: Leif Lindholm <leif.lindholm@linaro.org>,
edk2-devel@lists.01.org,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Michael D Kinney <michael.d.kinney@intel.com>,
tee-dev@lists.linaro.org
Subject: Re: [PATCH edk2-platforms 01/27] Platform/Microsoft: Add OpteeClientPkg dec
Date: Fri, 2 Nov 2018 10:54:23 +0530 [thread overview]
Message-ID: <CAFA6WYN9B9zf6h4TVE9CFWCtOGds37Y30-YhTWWVnbnigQd17A@mail.gmail.com> (raw)
In-Reply-To: <DM5PR2101MB11289F621FB7B3A4E81D451394CF0@DM5PR2101MB1128.namprd21.prod.outlook.com>
+ OP-TEE ML.
On Fri, 2 Nov 2018 at 06:11, Chris Co <Christopher.Co@microsoft.com> wrote:
>
> Hi Sumit,
>
> Our full OpteeClientPkg has:
> - Our OpteeClientAPI implementation. I was monitoring the merge progress on OpteeLib and will look into moving over now that it is available.
> - The fTPM and AuthVar TA binaries. In our current design, the TA binaries are loaded at runtime. We could host the binaries themselves elsewhere on the filesystem, but we do not want these binaries as early/pseudo TAs. Is there a plan for OpteeLib to support loading full TAs?
Early TAs [1] are basically full TAs only, running in Secure EL0 mode.
So instead of loading TA from normal world file-system, they are
linked into a special data section in the OP-TEE core blob.
Also I don't think loading TAs dynamically especially during boot
makes much sense due to following reasons:
1. Increased boot time.
2. Fixed TAs like in your case which could be linked as early TAs as well.
And you mentioned filesystem, are you referring to root filesystem?
> - We have two client drivers: a firmware TPM TA driver and an authenticated variable TA driver. These talk through the tee-supplicant to their respective TAs.
>
Here from tee-supplicant apart from loading TAs, what other services
are you expecting? If you are looking for secure storage via RPMB,
that could be an enhancement to OpteeLib adding corresponding RPC
handling here [2].
[1] https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#early-trusted-applications
[2] https://github.com/tianocore/edk2/blob/master/ArmPkg/Library/OpteeLib/Optee.c#L147
Regards,
Sumit
> Chris
>
> > -----Original Message-----
> > From: Sumit Garg <sumit.garg@linaro.org>
> > Sent: Thursday, November 1, 2018 3:55 AM
> > To: Chris Co <Christopher.Co@microsoft.com>; Leif Lindholm
> > <leif.lindholm@linaro.org>
> > Cc: edk2-devel@lists.01.org; Ard Biesheuvel <ard.biesheuvel@linaro.org>;
> > Michael D Kinney <michael.d.kinney@intel.com>
> > Subject: Re: [PATCH edk2-platforms 01/27] Platform/Microsoft: Add
> > OpteeClientPkg dec
> >
> > Hi Christopher,
> >
> > Optee Client library has recently been merged to edk2 source code. It tries to
> > provide a generic interface [1] to OP-TEE based trusted applications
> > (pseudo/early).
> >
> > AFAIK, you don't need any platform specific hook in client interface to work
> > with upstream OP-TEE. So instead you should use Optee library.
> >
> > [1]
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.c
> > om%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FArmPkg%2FInclude%2FLibrary
> > %2FOpteeLib.h&data=02%7C01%7CChristopher.Co%40microsoft.com%7C
> > c19b84ef7f8f4213424108d63fe88f66%7C72f988bf86f141af91ab2d7cd011db47
> > %7C1%7C0%7C636766665404786500&sdata=m24akbKtoyCERVN77meoSU
> > H6E%2Bpf8W2P5MF7nvU5y7I%3D&reserved=0
> >
> > Regards,
> > Sumit
> >
> > On Thu, 1 Nov 2018 at 02:13, Leif Lindholm <leif.lindholm@linaro.org> wrote:
> > >
> > > +Sumit (just to loop you two together). Is there anything Microsoft
> > > platform specific about what will go in here?
> > >
> > > /
> > > Leif
> > >
> > > On Fri, Sep 21, 2018 at 08:25:53AM +0000, Chris Co wrote:
> > > > On Windows IoT Core devices with ARM TrustZone capabilities,
> > > > EDK2 runs in normal world and we use OP-TEE to execute secure world
> > > > operations. The overall package will contain client-side support to
> > > > invoke EDK2 services implemented as OP-TEE trusted applications that
> > > > run in secure world.
> > > >
> > > > This commit adds the initial dec file to add some PCD settings
> > > > needed by other packages.
> > > >
> > > > Contributed-under: TianoCore Contribution Agreement 1.1
> > > > Signed-off-by: Christopher Co <christopher.co@microsoft.com>
> > > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > > > Cc: Leif Lindholm <leif.lindholm@linaro.org>
> > > > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > > > ---
> > > > Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec | 49
> > > > ++++++++++++++++++++
> > > > 1 file changed, 49 insertions(+)
> > > >
> > > > diff --git a/Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec
> > > > b/Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec
> > > > new file mode 100644
> > > > index 000000000000..4752eab39ce3
> > > > --- /dev/null
> > > > +++ b/Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec
> > > > @@ -0,0 +1,49 @@
> > > > +## @file
> > > > +#
> > > > +# OP-TEE client package
> > > > +#
> > > > +# OP-TEE client package contains the client-side interface to invoke OP-
> > TEE TAs.
> > > > +# Certain EDKII services are implemented in Trusted Applications
> > > > +running in # the secure world OP-TEE OS.
> > > > +#
> > > > +# Copyright (c) 2018 Microsoft Corporation. All rights reserved.
> > > > +#
> > > > +# This program and the accompanying materials # are licensed and
> > > > +made available under the terms and conditions of the BSD License #
> > > > +which accompanies this distribution. The full text of the license
> > > > +may be found at #
> > > > +https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope
> > > > +nsource.org%2Flicenses%2Fbsd-
> > license.php&data=02%7C01%7CChristo
> > > >
> > +pher.Co%40microsoft.com%7Cc19b84ef7f8f4213424108d63fe88f66%7C72f988
> > > >
> > +bf86f141af91ab2d7cd011db47%7C1%7C0%7C636766665404786500&sda
> > ta=1
> > > > +MxFvlsMPhk19grEexBXo5VqRd0jZaCSRjxZCi87A2w%3D&reserved=0
> > > > +#
> > > > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> > > > +BASIS, # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> > EITHER EXPRESS OR IMPLIED.
> > > > +#
> > > > +##
> > > > +
> > > > +[Defines]
> > > > + DEC_SPECIFICATION = 0x0001001A
> > > > + PACKAGE_NAME = OpteeClientPkg
> > > > + PACKAGE_GUID = 77416fcb-10ec-4693-bdc0-1bdd74ec9595
> > > > + PACKAGE_VERSION = 0.01
> > > > +
> > > > +[Includes]
> > > > +
> > > > +[LibraryClasses]
> > > > +
> > > > +[Guids]
> > > > + gOpteeClientPkgTokenSpaceGuid = { 0x04ad34ca, 0xdd25, 0x4156, {
> > 0x90, 0xf5, 0x16, 0xf9, 0x40, 0xd0, 0x49, 0xe3 }}
> > > > +
> > > > +[PcdsFixedAtBuild]
> > > > +
> > > >
> > +gOpteeClientPkgTokenSpaceGuid.PcdTpm2AcpiBufferBase|0|UINT64|0x0000
> > > > +0005
> > > > +
> > > >
> > +gOpteeClientPkgTokenSpaceGuid.PcdTpm2AcpiBufferSize|0|UINT32|0x0000
> > > > +0006
> > > > +
> > > > + ## The base address of the Trust Zone OpTEE OS private memory
> > > > + region # This memory is manager privately by the OpTEE OS.
> > > > +
> > > > +
> > gOpteeClientPkgTokenSpaceGuid.PcdTrustZonePrivateMemoryBase|0xDEAD
> > > > + 1|UINT64|0x00000001
> > > > +
> > > > + ## The size of the Trust Zone OpTEE OS private memory region
> > > > +
> > > > +
> > gOpteeClientPkgTokenSpaceGuid.PcdTrustZonePrivateMemorySize|55|UIN
> > > > + T64|0x00000002
> > > > +
> > > > + ## The base address of the Trust Zone OpTEE OS shared memory
> > > > + region
> > > > +
> > > > +
> > gOpteeClientPkgTokenSpaceGuid.PcdTrustZoneSharedMemoryBase|0xDEAD2
> > > > + |UINT64|0x00000003
> > > > +
> > > > + ## The size of the Trust Zone OpTEE OS shared memory region
> > > > +
> > > > +
> > gOpteeClientPkgTokenSpaceGuid.PcdTrustZoneSharedMemorySize|0xAA|UI
> > > > + NT64|0x00000004
> > > > --
> > > > 2.16.2.gvfs.1.33.gf5370f1
> > > >
next prev parent reply other threads:[~2018-11-02 5:24 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-21 8:25 [PATCH edk2-platforms 00/27] Import Hummingboard Edge platform for Windows IoT Core Chris Co
2018-09-21 8:25 ` [PATCH edk2-platforms 01/27] Platform/Microsoft: Add OpteeClientPkg dec Chris Co
2018-10-31 20:43 ` Leif Lindholm
2018-11-01 10:55 ` Sumit Garg
2018-11-02 0:41 ` Chris Co
2018-11-02 5:24 ` Sumit Garg [this message]
2018-11-02 23:55 ` Chris Co
2018-11-05 10:07 ` Sumit Garg
2018-11-06 1:53 ` Chris Co
2018-11-06 11:09 ` Sumit Garg
2018-09-21 8:25 ` [PATCH edk2-platforms 02/27] Platform/Microsoft: Add SdMmc Dxe Driver Chris Co
2018-09-21 8:25 ` [PATCH edk2-platforms 03/27] Platform/Microsoft: Add MsPkg Chris Co
2018-10-31 21:00 ` Leif Lindholm
2018-09-21 8:25 ` [PATCH edk2-platforms 04/27] Silicon/NXP: Add iMXPlatformPkg dec Chris Co
2018-09-21 8:25 ` [PATCH edk2-platforms 05/27] Silicon/NXP: Add UART library support for i.MX platforms Chris Co
2018-11-01 8:59 ` Leif Lindholm
2018-11-02 1:46 ` Chris Co
2018-09-21 8:25 ` [PATCH edk2-platforms 06/27] Silicon/NXP: Add I2C " Chris Co
2018-11-01 17:53 ` Leif Lindholm
2018-09-21 8:25 ` [PATCH edk2-platforms 07/27] Silicon/NXP: Add i.MX display library support Chris Co
2018-11-01 18:05 ` Leif Lindholm
2018-11-29 0:55 ` Chris Co
2018-09-21 8:25 ` [PATCH edk2-platforms 08/27] Silicon/NXP: Add Virtual RTC support for i.MX platform Chris Co
2018-12-15 13:26 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 10/27] Silicon/NXP: Add iMX6Pkg dec Chris Co
2018-11-01 18:25 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 09/27] Silicon/NXP: Add headers for SoC-specific i.MX packages to use Chris Co
2018-11-01 18:20 ` Leif Lindholm
2018-12-01 0:22 ` Chris Co
2018-12-03 9:42 ` Leif Lindholm
2018-12-04 1:44 ` Chris Co
2018-12-04 9:33 ` Ard Biesheuvel
2018-12-04 12:22 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 11/27] Silicon/NXP: Add i.MX6 SoC header files Chris Co
2018-12-13 17:11 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 12/27] Silicon/NXP: Add i.MX6 I/O MUX library Chris Co
2018-11-08 18:00 ` Leif Lindholm
2018-12-04 1:41 ` Chris Co
2018-09-21 8:26 ` [PATCH edk2-platforms 13/27] Silicon/NXP: Add support for iMX SDHC Chris Co
2018-12-05 10:31 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 14/27] Silicon/NXP: Add i.MX6 GPT and EPIT timer headers Chris Co
2018-11-08 18:14 ` Leif Lindholm
2018-12-04 2:06 ` Chris Co
2018-12-04 12:58 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 15/27] Silicon/NXP: Add i.MX6 GPT Timer library Chris Co
2018-12-13 17:26 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 16/27] Silicon/NXP: Add i.MX6 Timer DXE driver Chris Co
2018-12-13 17:33 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 17/27] Silicon/NXP: Add i.MX6 USB Phy Library Chris Co
2018-12-14 17:10 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 18/27] Silicon/NXP: Add i.MX6 Clock Library Chris Co
2018-12-14 18:12 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 20/27] Silicon/NXP: Add i.MX6 Board init library Chris Co
2018-12-14 20:12 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 19/27] Silicon/NXP: Add i.MX6 ACPI tables Chris Co
2018-12-14 19:53 ` Leif Lindholm
2018-12-17 11:14 ` Ard Biesheuvel
2019-01-08 21:43 ` Chris Co
2019-01-29 14:09 ` Ard Biesheuvel
2018-09-21 8:26 ` [PATCH edk2-platforms 21/27] Silicon/NXP: Add i.MX6 PCIe DXE driver Chris Co
2018-12-14 21:59 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 23/27] Silicon/NXP: Add i.MX6 Smbios Driver Chris Co
2018-12-14 23:07 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 22/27] Silicon/NXP: Add i.MX6 GOP driver Chris Co
2018-12-14 22:37 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 24/27] Silicon/NXP: Add i.MX6 common dsc and fdf files Chris Co
2018-12-14 23:36 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 25/27] Platform/Solidrun: Add Hummingboard Peripheral Initialization Chris Co
2018-12-15 12:12 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 26/27] Platform/SolidRun: Add i.MX 6Quad Hummingboard Edge ACPI tables Chris Co
2018-12-15 12:19 ` Leif Lindholm
2018-09-21 8:26 ` [PATCH edk2-platforms 27/27] Platform/Solidrun: Add i.MX 6Quad Hummingboard Edge dsc and fdf files Chris Co
2018-12-15 12:28 ` Leif Lindholm
2018-12-15 13:32 ` [PATCH edk2-platforms 00/27] Import Hummingboard Edge platform for Windows IoT Core Leif Lindholm
2018-12-19 18:28 ` Chris Co
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFA6WYN9B9zf6h4TVE9CFWCtOGds37Y30-YhTWWVnbnigQd17A@mail.gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox