public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Sumit Garg <sumit.garg@linaro.org>
To: Matteo.Carlini@arm.com, Achin.Gupta@arm.com
Cc: udit.kumar@nxp.com, Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	edk2-devel@lists.01.org,  tee-dev@lists.linaro.org,
	Daniel Thompson <daniel.thompson@linaro.org>,
	 Jens Wiklander <jens.wiklander@linaro.org>,
	rod.dorris@nxp.com
Subject: Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE
Date: Mon, 27 Aug 2018 15:28:52 +0530	[thread overview]
Message-ID: <CAFA6WYOmowS9R+jz=tgPv4nsV-zGeXibXi0ApV64ZvY1B-B8sQ@mail.gmail.com> (raw)
In-Reply-To: <DB5PR08MB09013A00E4938D2D14E9CA9B91360@DB5PR08MB0901.eurprd08.prod.outlook.com>

On Fri, 24 Aug 2018 at 23:33, Matteo Carlini <Matteo.Carlini@arm.com> wrote:
>
> +Achin
>
> SPD (for OP-TEE and other Trusted-OSes payloads running at S-EL1) and SPM (for Secure Partitions at S-EL0) are currently mutually exclusive into Trusted Firmware-A codebase.
>
> In other words, you cannot turn them on in parallel and execute both a S-EL1 Trusted OS AND (one or many) S-EL0 Secure Partitions in the Secure World with the current Software Architecture.
>

IIUC, currently BL32 image is common in Trusted Firmware-A code-base.
If we turn on SPD then BL32=<trusted-os image> else if we turn on SPM
then BL32=<SPM S-EL0 image>, correct?

But I think SMC calling conventions (SMC Calling Convention [1] and
Management Mode Interface Specification [2]) doesn't put any such
restrictions as SMC function IDs are totally separate.

> Achin and other Arm architects are trying to figure out a way for solving this problem without the need for a v8.4 Secure-EL2 Hypervisor, obviously without leveraging the isolation benefits of it (see also [1]).
>

Agree we won't be having isolation benefits which provides added level
of Security.

> But Ard is right: there could be use-cases to ship UEFI systems with OP-TEE and TAs on top...and this should still be currently possible using the SPD dispatcher into TF-A. I've not looked deeply into this patch, but it doesn’t seem to contradict the above Sw architecture.
>
> The question would be: would you foresee the need for running one (or many) other (UEFI/EDK2-based) Secure Services in the Secure World into a Secure Partition (using the StandaloneMmPkg) *together* with OP-TEE?
>

As per following quote from Management Mode Interface Specification [2]:

"Management Mode (MM) provides an environment for implementing OS
agnostic services (MM services) like RAS error handling, secure
variable storage, and firmware updates in system firmware. The
services can be invoked synchronously and asynchronously."

It seems that MM mode is designed for more robust and platform
specific services whereas OP-TEE (or any trusted OS) use-cases seem to
be more complex like Entropy pool (RNG as in our case), DRM (could be
valid use-case for Android TV or Chromebook), keymaster or keystore
(for Edge devices) etc.

So it looks like they complement each other and we will have more
robustness once we migrate to v8.4 Secure-EL2 Hypervisor for isolation
support.

Please feel free to correct me if I missed something.

Regards,
Sumit

[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf
[2] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf

> Thanks
> Matteo
>
> [1]: https://community.arm.com/processors/b/blog/posts/architecting-more-secure-world-with-isolation-and-virtualization
>
> > -----Original Message-----
> > From: Udit Kumar <udit.kumar@nxp.com>
> > Sent: 24 August 2018 18:46
> > To: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Matteo Carlini
> > <Matteo.Carlini@arm.com>
> > Cc: Sumit Garg <sumit.garg@linaro.org>; edk2-devel@lists.01.org; tee-
> > dev@lists.linaro.org; daniel.thompson@linaro.org; jens.wiklander@linaro.org;
> > Rod Dorris <rod.dorris@nxp.com>
> > Subject: RE: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate
> > with OP-TEE
> >
> > Hi Ard
> >
> > > If MM mode is fundamentally incompatible with OP-TEE, then you cannot
> > > run both at the same time,
> >
> > Both cannot coexist unless you have v8.4 CPU
> >
> > Regards
> > Udit
> >
> > >
> > >
> > > >> -----Original Message-----
> > > >> From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of
> > > >> Sumit Garg
> > > >> Sent: Friday, August 24, 2018 2:51 PM
> > > >> To: edk2-devel@lists.01.org
> > > >> Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org;
> > > >> jens.wiklander@linaro.org
> > > >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to
> > > >> communicate with OP-TEE
> > > >>
> > > >> Add following APIs to communicate with OP-TEE static TA:
> > > >> 1. OpteeInit
> > > >> 2. OpteeOpenSession
> > > >> 3. OpteeCloseSession
> > > >> 4. OpteeInvokeFunc
> > > >>
> > > >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > > >> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> > > >> Contributed-under: TianoCore Contribution Agreement 1.1
> > > >> Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
> > > >> ---
> > > >>  ArmPkg/Include/Library/OpteeLib.h                  | 102 ++++++
> > > >>  ArmPkg/Library/OpteeLib/Optee.c                    | 358
> > > >> +++++++++++++++++++++
> > > >>  ArmPkg/Library/OpteeLib/OpteeLib.inf               |   2 +
> > > >>  ArmPkg/Library/OpteeLib/OpteeSmc.h                 |  43 +++
> > > >>  .../Include/IndustryStandard/GlobalPlatform.h      |  60 ++--
> > > >>  5 files changed, 531 insertions(+), 34 deletions(-)  create mode
> > > >> 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h
> > > >>  copy ArmPkg/Include/Library/OpteeLib.h =>
> > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%)
> > > >>
> > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h
> > > >> b/ArmPkg/Include/Library/OpteeLib.h
> > > >> index f65d8674d9b8..c323f49072f8 100644
> > > >> --- a/ArmPkg/Include/Library/OpteeLib.h
> > > >> +++ b/ArmPkg/Include/Library/OpteeLib.h
> > > >> @@ -25,10 +25,112 @@
> > > >>  #define OPTEE_OS_UID2          0xaf630002
> > > >>  #define OPTEE_OS_UID3          0xa5d5c51b
> > > >>
> > > >> +#define OPTEE_MSG_ATTR_TYPE_NONE                0x0
> > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT         0x1
> > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT        0x2
> > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT         0x3
> > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT           0x9
> > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT          0xa
> > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT           0xb
> > > >> +
> > > >> +#define OPTEE_MSG_ATTR_TYPE_MASK                0xff
> > > >> +
> > > >> +typedef struct {
> > > >> +  UINT64    BufPtr;
> > > >> +  UINT64    Size;
> > > >> +  UINT64    ShmRef;
> > > >> +} OPTEE_MSG_PARAM_MEM;
> > > >> +
> > > >> +typedef struct {
> > > >> +  UINT64    A;
> > > >> +  UINT64    B;
> > > >> +  UINT64    C;
> > > >> +} OPTEE_MSG_PARAM_VALUE;
> > > >> +
> > > >> +typedef struct {
> > > >> +  UINT64 Attr;
> > > >> +  union {
> > > >> +    OPTEE_MSG_PARAM_MEM      Mem;
> > > >> +    OPTEE_MSG_PARAM_VALUE    Value;
> > > >> +  } U;
> > > >> +} OPTEE_MSG_PARAM;
> > > >> +
> > > >> +#define MAX_PARAMS           4
> > > >> +
> > > >> +typedef struct {
> > > >> +        UINT32             Cmd;
> > > >> +        UINT32             Func;
> > > >> +        UINT32             Session;
> > > >> +        UINT32             CancelId;
> > > >> +        UINT32             Pad;
> > > >> +        UINT32             Ret;
> > > >> +        UINT32             RetOrigin;
> > > >> +        UINT32             NumParams;
> > > >> +
> > > >> +        // NumParams tells the actual number of element in Params
> > > >> +        OPTEE_MSG_PARAM    Params[MAX_PARAMS];
> > > >> +} OPTEE_MSG_ARG;
> > > >> +
> > > >> +#define OPTEE_UUID_LEN       16
> > > >> +
> > > >> +//
> > > >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument
> > > >> +// @Uuid:       [in] UUID of the Trusted Application
> > > >> +// @Session:    [out] Session id
> > > >> +// @Ret:        [out] Return value
> > > >> +// @RetOrigin   [out] Origin of the return value
> > > >> +//
> > > >> +typedef struct {
> > > >> +        UINT8     Uuid[OPTEE_UUID_LEN];
> > > >> +        UINT32    Session;
> > > >> +        UINT32    Ret;
> > > >> +        UINT32    RetOrigin;
> > > >> +} OPTEE_OPEN_SESSION_ARG;
> > > >> +
> > > >> +//
> > > >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument
> > > >> +// @Func:       [in] Trusted Application function, specific to the TA
> > > >> +// @Session:    [in] Session id
> > > >> +// @Ret:        [out] Return value
> > > >> +// @RetOrigin   [out] Origin of the return value
> > > >> +// @Params      [inout] Parameters for function to be invoked
> > > >> +//
> > > >> +typedef struct {
> > > >> +        UINT32             Func;
> > > >> +        UINT32             Session;
> > > >> +        UINT32             Ret;
> > > >> +        UINT32             RetOrigin;
> > > >> +        OPTEE_MSG_PARAM    Params[MAX_PARAMS];
> > > >> +} OPTEE_INVOKE_FUNC_ARG;
> > > >> +
> > > >>  BOOLEAN
> > > >>  EFIAPI
> > > >>  IsOpteePresent (
> > > >>    VOID
> > > >>    );
> > > >>
> > > >> +EFI_STATUS
> > > >> +EFIAPI
> > > >> +OpteeInit (
> > > >> +  VOID
> > > >> +  );
> > > >> +
> > > >> +EFI_STATUS
> > > >> +EFIAPI
> > > >> +OpteeOpenSession (
> > > >> +  IN OUT OPTEE_OPEN_SESSION_ARG      *OpenSessionArg
> > > >> +  );
> > > >> +
> > > >> +EFI_STATUS
> > > >> +EFIAPI
> > > >> +OpteeCloseSession (
> > > >> +  IN UINT32                      Session
> > > >> +  );
> > > >> +
> > > >> +EFI_STATUS
> > > >> +EFIAPI
> > > >> +OpteeInvokeFunc (
> > > >> +  IN OUT OPTEE_INVOKE_FUNC_ARG       *InvokeFuncArg
> > > >> +  );
> > > >> +
> > > >>  #endif
> > > >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c
> > > >> b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..2111022d3662
> > > >> 100644
> > > >> --- a/ArmPkg/Library/OpteeLib/Optee.c
> > > >> +++ b/ArmPkg/Library/OpteeLib/Optee.c
> > > >> @@ -14,11 +14,19 @@
> > > >>
> > > >>  **/
> > > >>
> > > >> +#include <Library/ArmMmuLib.h>
> > > >>  #include <Library/ArmSmcLib.h>
> > > >> +#include <Library/BaseMemoryLib.h>
> > > >>  #include <Library/BaseLib.h>
> > > >> +#include <Library/DebugLib.h>
> > > >>  #include <Library/OpteeLib.h>
> > > >>
> > > >>  #include <IndustryStandard/ArmStdSmc.h>
> > > >> +#include <IndustryStandard/GlobalPlatform.h>
> > > >> +#include <OpteeSmc.h>
> > > >> +#include <Uefi.h>
> > > >> +
> > > >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 };
> > > >>
> > > >>  /**
> > > >>    Check for OP-TEE presence.
> > > >> @@ -31,6 +39,7 @@ IsOpteePresent (
> > > >>  {
> > > >>    ARM_SMC_ARGS ArmSmcArgs;
> > > >>
> > > >> +  ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS));
> > > >>    // Send a Trusted OS Calls UID command
> > > >>    ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID;
> > > >>    ArmCallSmc (&ArmSmcArgs);
> > > >> @@ -44,3 +53,352 @@ IsOpteePresent (
> > > >>      return FALSE;
> > > >>    }
> > > >>  }
> > > >> +
> > > >> +STATIC
> > > >> +EFI_STATUS
> > > >> +OpteeShmMemRemap (
> > > >> +  VOID
> > > >> +  )
> > > >> +{
> > > >> +  ARM_SMC_ARGS                 ArmSmcArgs;
> > > >> +  EFI_PHYSICAL_ADDRESS         Paddr;
> > > >> +  EFI_PHYSICAL_ADDRESS         Start;
> > > >> +  EFI_PHYSICAL_ADDRESS         End;
> > > >> +  EFI_STATUS                   Status;
> > > >> +  UINTN                        Size;
> > > >> +
> > > >> +  ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS));
> > > >> +  ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG;
> > > >> +
> > > >> +  ArmCallSmc (&ArmSmcArgs);
> > > >> +  if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) {
> > > >> +    DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n"));
> > > >> +    return EFI_UNSUPPORTED;
> > > >> +  }
> > > >> +
> > > >> +  if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) {
> > > >> +    DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared
> > > memory
> > > >> supported\n"));
> > > >> +    return EFI_UNSUPPORTED;
> > > >> +  }
> > > >> +
> > > >> +  Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1);  End
> > > >> + =
> > > >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1);  Paddr =
> > > >> + Start; Size = End - Start;
> > > >> +
> > > >> +  if (Size < SIZE_4KB) {
> > > >> +    DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n"));
> > > >> +    return EFI_BUFFER_TOO_SMALL;
> > > >> +  }
> > > >> +
> > > >> +  Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB);
> > > >> + if (EFI_ERROR (Status)) {
> > > >> +    return Status;
> > > >> +  }
> > > >> +
> > > >> +  OpteeShmInfo.Base = (UINTN)Paddr;  OpteeShmInfo.Size = Size;
> > > >> +
> > > >> +  return EFI_SUCCESS;
> > > >> +}
> > > >> +
> > > >> +EFI_STATUS
> > > >> +EFIAPI
> > > >> +OpteeInit (
> > > >> +  VOID
> > > >> +  )
> > > >> +{
> > > >> +  EFI_STATUS      Status;
> > > >> +
> > > >> +  if (!IsOpteePresent ()) {
> > > >> +    DEBUG ((DEBUG_WARN, "OP-TEE not present\n"));
> > > >> +    return EFI_UNSUPPORTED;
> > > >> +  }
> > > >> +
> > > >> +  Status = OpteeShmMemRemap ();
> > > >> +  if (EFI_ERROR (Status)) {
> > > >> +    DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n"));
> > > >> +    return Status;
> > > >> +  }
> > > >> +
> > > >> +  return EFI_SUCCESS;
> > > >> +}
> > > >> +
> > > >> +/**
> > > >> +  Does Standard SMC to OP-TEE in secure world.
> > > >> +
> > > >> +  @param[in]  Parg   Physical address of message to pass to secure world
> > > >> +
> > > >> +  @return            0 on success, secure world return code otherwise
> > > >> +
> > > >> +**/
> > > >> +STATIC
> > > >> +UINT32
> > > >> +OpteeCallWithArg (
> > > >> +  IN EFI_PHYSICAL_ADDRESS Parg
> > > >> +  )
> > > >> +{
> > > >> +  ARM_SMC_ARGS ArmSmcArgs;
> > > >> +
> > > >> +  ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS));
> > > >> +  ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG;
> > > >> +  ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32);
> > > >> +  ArmSmcArgs.Arg2 = (UINT32)Parg;
> > > >> +
> > > >> +  while (TRUE) {
> > > >> +    ArmCallSmc (&ArmSmcArgs);
> > > >> +
> > > >> +    if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) {
> > > >> +      //
> > > >> +      // A foreign interrupt was raised while secure world was
> > > >> +      // executing, since they are handled in UEFI a dummy RPC is
> > > >> +      // performed to let UEFI take the interrupt through the normal
> > > >> +      // vector.
> > > >> +      //
> > > >> +      ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC;
> > > >> +    } else {
> > > >> +      break;
> > > >> +    }
> > > >> +  }
> > > >> +
> > > >> +  return ArmSmcArgs.Arg0;
> > > >> +}
> > > >> +
> > > >> +EFI_STATUS
> > > >> +EFIAPI
> > > >> +OpteeOpenSession (
> > > >> +  IN OUT OPTEE_OPEN_SESSION_ARG      *OpenSessionArg
> > > >> +  )
> > > >> +{
> > > >> +  OPTEE_MSG_ARG    *MsgArg;
> > > >> +
> > > >> +  MsgArg = NULL;
> > > >> +
> > > >> +  if (OpteeShmInfo.Base == 0) {
> > > >> +    DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n"));
> > > >> +    return EFI_NOT_STARTED;
> > > >> +  }
> > > >> +
> > > >> +  MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base;  ZeroMem (MsgArg,
> > > >> sizeof
> > > >> + (OPTEE_MSG_ARG));
> > > >> +
> > > >> +  MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION;
> > > >> +
> > > >> +  //
> > > >> +  // Initialize and add the meta parameters needed when opening a
> > > >> + // session.
> > > >> +  //
> > > >> +  MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT |
> > > >> +                           OPTEE_MSG_ATTR_META;
> > > >> + MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT |
> > > >> +                           OPTEE_MSG_ATTR_META;  CopyMem
> > > >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid,
> > > OPTEE_UUID_LEN);
> > > >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN);
> > > >> + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC;
> > > >> +
> > > >> +  MsgArg->NumParams = 2;
> > > >> +
> > > >> +  if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) {
> > > >> +    MsgArg->Ret = TEEC_ERROR_COMMUNICATION;
> > > >> +    MsgArg->RetOrigin = TEEC_ORIGIN_COMMS;  }
> > > >> +
> > > >> +  OpenSessionArg->Session = MsgArg->Session;  OpenSessionArg->Ret
> > > >> + =
> > > >> + MsgArg->Ret;  OpenSessionArg->RetOrigin = MsgArg->RetOrigin;
> > > >> +
> > > >> +  return EFI_SUCCESS;
> > > >> +}
> > > >> +
> > > >> +EFI_STATUS
> > > >> +EFIAPI
> > > >> +OpteeCloseSession (
> > > >> +  IN UINT32                      Session
> > > >> +  )
> > > >> +{
> > > >> +  OPTEE_MSG_ARG    *MsgArg;
> > > >> +
> > > >> +  MsgArg = NULL;
> > > >> +
> > > >> +  if (OpteeShmInfo.Base == 0) {
> > > >> +    DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n"));
> > > >> +    return EFI_NOT_STARTED;
> > > >> +  }
> > > >> +
> > > >> +  MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base;  ZeroMem (MsgArg,
> > > >> sizeof
> > > >> + (OPTEE_MSG_ARG));
> > > >> +
> > > >> +  MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION;  MsgArg->Session
> > > =
> > > >> + Session;
> > > >> +
> > > >> +  OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg);
> > > >> +
> > > >> +  return EFI_SUCCESS;
> > > >> +}
> > > >> +
> > > >> +STATIC
> > > >> +EFI_STATUS
> > > >> +OpteeToMsgParam (
> > > >> +  OUT OPTEE_MSG_PARAM    *MsgParams,
> > > >> +  IN UINT32              NumParams,
> > > >> +  IN OPTEE_MSG_PARAM     *InParams
> > > >> +  )
> > > >> +{
> > > >> +  UINT32                  Idx;
> > > >> +  UINTN                   ParamShmAddr;
> > > >> +  UINTN                   ShmSize;
> > > >> +  UINTN                   Size;
> > > >> +
> > > >> +  Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof
> > > >> + (UINT64) - 1);  ParamShmAddr = OpteeShmInfo.Base + Size;  ShmSize
> > > >> + = OpteeShmInfo.Size - Size;
> > > >> +
> > > >> +  for (Idx = 0; Idx < NumParams; Idx++) {
> > > >> +    CONST OPTEE_MSG_PARAM    *Ip;
> > > >> +    OPTEE_MSG_PARAM          *Mp;
> > > >> +    UINT32                   Attr;
> > > >> +
> > > >> +    Ip = InParams + Idx;
> > > >> +    Mp = MsgParams + Idx;
> > > >> +    Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK;
> > > >> +
> > > >> +    switch (Attr) {
> > > >> +    case OPTEE_MSG_ATTR_TYPE_NONE:
> > > >> +      Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE;
> > > >> +      ZeroMem (&Mp->U, sizeof (Mp->U));
> > > >> +      break;
> > > >> +
> > > >> +    case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT:
> > > >> +    case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT:
> > > >> +    case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT:
> > > >> +      Mp->Attr = Attr;
> > > >> +      Mp->U.Value.A = Ip->U.Value.A;
> > > >> +      Mp->U.Value.B = Ip->U.Value.B;
> > > >> +      Mp->U.Value.C = Ip->U.Value.C;
> > > >> +      break;
> > > >> +
> > > >> +    case OPTEE_MSG_ATTR_TYPE_MEM_INPUT:
> > > >> +    case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT:
> > > >> +    case OPTEE_MSG_ATTR_TYPE_MEM_INOUT:
> > > >> +      Mp->Attr = Attr;
> > > >> +
> > > >> +      if (Ip->U.Mem.Size > ShmSize) {
> > > >> +        return EFI_OUT_OF_RESOURCES;
> > > >> +      }
> > > >> +
> > > >> +      CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip-
> > > >> >U.Mem.Size);
> > > >> +      Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr;
> > > >> +      Mp->U.Mem.Size = Ip->U.Mem.Size;
> > > >> +
> > > >> +      Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1);
> > > >> +      ParamShmAddr += Size;
> > > >> +      ShmSize -= Size;
> > > >> +      break;
> > > >> +
> > > >> +    default:
> > > >> +      return EFI_INVALID_PARAMETER;
> > > >> +    }
> > > >> +  }
> > > >> +
> > > >> +  return EFI_SUCCESS;
> > > >> +}
> > > >> +
> > > >> +STATIC
> > > >> +EFI_STATUS
> > > >> +OpteeFromMsgParam (
> > > >> +  OUT OPTEE_MSG_PARAM    *OutParams,
> > > >> +  IN UINT32              NumParams,
> > > >> +  IN OPTEE_MSG_PARAM     *MsgParams
> > > >> +  )
> > > >> +{
> > > >> +  UINT32                 Idx;
> > > >> +
> > > >> +  for (Idx = 0; Idx < NumParams; Idx++) {
> > > >> +    OPTEE_MSG_PARAM          *Op;
> > > >> +    CONST OPTEE_MSG_PARAM    *Mp;
> > > >> +    UINT32                   Attr;
> > > >> +
> > > >> +    Op = OutParams + Idx;
> > > >> +    Mp = MsgParams + Idx;
> > > >> +    Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK;
> > > >> +
> > > >> +    switch (Attr) {
> > > >> +    case OPTEE_MSG_ATTR_TYPE_NONE:
> > > >> +      Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE;
> > > >> +      ZeroMem (&Op->U, sizeof (Op->U));
> > > >> +      break;
> > > >> +
> > > >> +    case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT:
> > > >> +    case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT:
> > > >> +    case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT:
> > > >> +      Op->Attr = Attr;
> > > >> +      Op->U.Value.A = Mp->U.Value.A;
> > > >> +      Op->U.Value.B = Mp->U.Value.B;
> > > >> +      Op->U.Value.C = Mp->U.Value.C;
> > > >> +      break;
> > > >> +
> > > >> +    case OPTEE_MSG_ATTR_TYPE_MEM_INPUT:
> > > >> +    case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT:
> > > >> +    case OPTEE_MSG_ATTR_TYPE_MEM_INOUT:
> > > >> +      Op->Attr = Attr;
> > > >> +
> > > >> +      if (Mp->U.Mem.Size > Op->U.Mem.Size) {
> > > >> +        return EFI_BAD_BUFFER_SIZE;
> > > >> +      }
> > > >> +
> > > >> +      CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr,
> > > >> Mp->U.Mem.Size);
> > > >> +      Op->U.Mem.Size = Mp->U.Mem.Size;
> > > >> +      break;
> > > >> +
> > > >> +    default:
> > > >> +      return EFI_INVALID_PARAMETER;
> > > >> +    }
> > > >> +  }
> > > >> +
> > > >> +  return EFI_SUCCESS;
> > > >> +}
> > > >> +
> > > >> +EFI_STATUS
> > > >> +EFIAPI
> > > >> +OpteeInvokeFunc (
> > > >> +  IN OUT OPTEE_INVOKE_FUNC_ARG       *InvokeFuncArg
> > > >> +  )
> > > >> +{
> > > >> +  EFI_STATUS       Status;
> > > >> +  OPTEE_MSG_ARG    *MsgArg;
> > > >> +
> > > >> +  MsgArg = NULL;
> > > >> +
> > > >> +  if (OpteeShmInfo.Base == 0) {
> > > >> +    DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n"));
> > > >> +    return EFI_NOT_STARTED;
> > > >> +  }
> > > >> +
> > > >> +  MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base;  ZeroMem (MsgArg,
> > > >> sizeof
> > > >> + (OPTEE_MSG_ARG));
> > > >> +
> > > >> +  MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND;  MsgArg-
> > > >Func =
> > > >> + InvokeFuncArg->Func;  MsgArg->Session = InvokeFuncArg->Session;
> > > >> +
> > > >> +  Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS,
> > > >> + InvokeFuncArg->Params);  if (Status)
> > > >> +    return Status;
> > > >> +
> > > >> +  MsgArg->NumParams = MAX_PARAMS;
> > > >> +
> > > >> +  if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) {
> > > >> +    MsgArg->Ret = TEEC_ERROR_COMMUNICATION;
> > > >> +    MsgArg->RetOrigin = TEEC_ORIGIN_COMMS;  }
> > > >> +
> > > >> +  if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS,
> > > >> MsgArg->Params)) {
> > > >> +    MsgArg->Ret = TEEC_ERROR_COMMUNICATION;
> > > >> +    MsgArg->RetOrigin = TEEC_ORIGIN_COMMS;  }
> > > >> +
> > > >> +  InvokeFuncArg->Ret = MsgArg->Ret;  InvokeFuncArg->RetOrigin =
> > > >> + MsgArg->RetOrigin;
> > > >> +
> > > >> +  return EFI_SUCCESS;
> > > >> +}
> > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf
> > > >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf
> > > >> index 5abd427379cc..e03054a7167d 100644
> > > >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf
> > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf
> > > >> @@ -23,11 +23,13 @@ [Defines]
> > > >>
> > > >>  [Sources]
> > > >>    Optee.c
> > > >> +  OpteeSmc.h
> > > >>
> > > >>  [Packages]
> > > >>    ArmPkg/ArmPkg.dec
> > > >>    MdePkg/MdePkg.dec
> > > >>
> > > >>  [LibraryClasses]
> > > >> +  ArmMmuLib
> > > >>    ArmSmcLib
> > > >>    BaseLib
> > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h
> > > >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h
> > > >> new file mode 100644
> > > >> index 000000000000..e2ea35784a0a
> > > >> --- /dev/null
> > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h
> > > >> @@ -0,0 +1,43 @@
> > > >> +/** @file
> > > >> +  OP-TEE SMC header file.
> > > >> +
> > > >> +  Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR>
> > > >> +
> > > >> +  This program and the accompanying materials  are licensed and
> > > >> + made available under the terms and conditions of the BSD License
> > > >> + which accompanies this distribution.  The full text of the
> > > >> + license may be found at
> > > >> +
> > > >> +
> > > >>
> > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope
> > > >> n
> > > >> + source.org%2Flicenses%2Fbsd-
> > > >> license.php&amp;data=02%7C01%7Cudit.kumar%
> > > >> +
> > > >>
> > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f
> > > >> a92cd99
> > > >> +
> > > >>
> > > c5c301635%7C0%7C0%7C636706993250535371&amp;sdata=pyZF9Ku3qEpp
> > > >> OOKCyshbg
> > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&amp;reserved=0
> > > >> +
> > > >> +  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> > > >> BASIS,
> > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> > > >> EXPRESS OR IMPLIED.
> > > >> +
> > > >> +**/
> > > >> +
> > > >> +#ifndef _OPTEE_SMC_H_
> > > >> +#define _OPTEE_SMC_H_
> > > >> +
> > > >> +/* Returned in Arg0 only from Trusted OS functions */
> > > >> +#define OPTEE_SMC_RETURN_OK                     0x0
> > > >> +
> > > >> +#define OPTEE_SMC_RETURN_FROM_RPC               0x32000003
> > > >> +#define OPTEE_SMC_CALL_WITH_ARG                 0x32000004
> > > >> +#define OPTEE_SMC_GET_SHM_CONFIG                0xb2000007
> > > >> +
> > > >> +#define OPTEE_SMC_SHM_CACHED                    1
> > > >> +
> > > >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR       0xffff0004
> > > >> +
> > > >> +#define OPTEE_MSG_CMD_OPEN_SESSION              0
> > > >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND            1
> > > >> +#define OPTEE_MSG_CMD_CLOSE_SESSION             2
> > > >> +
> > > >> +#define OPTEE_MSG_ATTR_META                     0x100
> > > >> +
> > > >> +#define TEE_LOGIN_PUBLIC                        0x0
> > > >> +
> > > >> +typedef struct {
> > > >> +  UINTN    Base;
> > > >> +  UINTN    Size;
> > > >> +} OPTEE_SHARED_MEMORY_INFO;
> > > >> +
> > > >> +#endif
> > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h
> > > >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h
> > > >> similarity index 53%
> > > >> copy from ArmPkg/Include/Library/OpteeLib.h copy to
> > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h
> > > >> index f65d8674d9b8..14c621d89971 100644
> > > >> --- a/ArmPkg/Include/Library/OpteeLib.h
> > > >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h
> > > >> @@ -1,34 +1,26 @@
> > > >> -/** @file
> > > >> -  OP-TEE specific header file.
> > > >> -
> > > >> -  Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR>
> > > >> -
> > > >> -  This program and the accompanying materials
> > > >> -  are licensed and made available under the terms and conditions
> > > >> of the BSD License
> > > >> -  which accompanies this distribution.  The full text of the
> > > >> license may be found at
> > > >> -
> > > >>
> > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope
> > > >> nsource.org%2Flicenses%2Fbsd-
> > > >>
> > > license.php&amp;data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c
> > > >>
> > > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%
> > > >>
> > > 7C0%7C636706993250535371&amp;sdata=pyZF9Ku3qEppOOKCyshbg9oCT4
> > > >> P6AwM2olKY3%2B2ImWs%3D&amp;reserved=0
> > > >> -
> > > >> -  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> > > >> BASIS,
> > > >> -  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> > > EXPRESS
> > > >> OR IMPLIED.
> > > >> -
> > > >> -**/
> > > >> -
> > > >> -#ifndef _OPTEE_H_
> > > >> -#define _OPTEE_H_
> > > >> -
> > > >> -/*
> > > >> - * The 'Trusted OS Call UID' is supposed to return the following
> > > >> UUID for
> > > >> - * OP-TEE OS. This is a 128-bit value.
> > > >> - */
> > > >> -#define OPTEE_OS_UID0          0x384fb3e0
> > > >> -#define OPTEE_OS_UID1          0xe7f811e3
> > > >> -#define OPTEE_OS_UID2          0xaf630002
> > > >> -#define OPTEE_OS_UID3          0xa5d5c51b
> > > >> -
> > > >> -BOOLEAN
> > > >> -EFIAPI
> > > >> -IsOpteePresent (
> > > >> -  VOID
> > > >> -  );
> > > >> -
> > > >> -#endif
> > > >> +/** @file
> > > >> +  Standardized Global Platform header file.
> > > >> +
> > > >> +  Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR>
> > > >> +
> > > >> +  This program and the accompanying materials  are licensed and
> > > >> + made available under the terms and conditions of the BSD License
> > > >> + which accompanies this distribution.  The full text of the
> > > >> + license may be found at
> > > >> +
> > > >> +
> > > >>
> > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope
> > > >> n
> > > >> + source.org%2Flicenses%2Fbsd-
> > > >> license.php&amp;data=02%7C01%7Cudit.kumar%
> > > >> +
> > > >>
> > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f
> > > >> a92cd99
> > > >> +
> > > >>
> > > c5c301635%7C0%7C0%7C636706993250535371&amp;sdata=pyZF9Ku3qEpp
> > > >> OOKCyshbg
> > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&amp;reserved=0
> > > >> +
> > > >> +  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> > > >> BASIS,
> > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> > > >> EXPRESS OR IMPLIED.
> > > >> +
> > > >> +**/
> > > >> +
> > > >> +#ifndef _GLOBAL_PLATFORM_H_
> > > >> +#define _GLOBAL_PLATFORM_H_
> > > >> +
> > > >> +#define TEEC_ORIGIN_COMMS                       0x00000002
> > > >> +
> > > >> +#define TEEC_SUCCESS                            0x00000000
> > > >> +#define TEEC_ERROR_BAD_PARAMETERS               0xFFFF0006
> > > >> +#define TEEC_ERROR_COMMUNICATION                0xFFFF000E
> > > >> +#define TEEC_ERROR_OUT_OF_MEMORY                0xFFFF000C
> > > >> +
> > > >> +#endif
> > > >> --
> > > >> 2.7.4
> > > >>
> > > >> _______________________________________________
> > > >> edk2-devel mailing list
> > > >> edk2-devel@lists.01.org
> > > >>
> > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli
> > > >> st
> > > >> s.01.org%2Fmailman%2Flistinfo%2Fedk2-
> > > >>
> > > devel&amp;data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e
> > > >>
> > > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%
> > > >>
> > > 7C636706993250535371&amp;sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP
> > > >> u%2Fhcds3j9aDPnU%3D&amp;reserved=0
> > > > _______________________________________________
> > > > edk2-devel mailing list
> > > > edk2-devel@lists.01.org
> > > >
> > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis
> > > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2-
> > > devel&amp;data=02%7C01%7Cudit.ku
> > > >
> > > mar%40nxp.com%7C5311c5dc22d54095d79d08d609e7fbf5%7C686ea1d3bc2
> > > b4c6fa92
> > > >
> > > cd99c5c301635%7C0%7C0%7C636707289305519903&amp;sdata=dwLUq8j9f
> > > 9rxeb37V
> > > > 8fGZKoiWh1TNBnhVFqnuF5oN3g%3D&amp;reserved=0
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


  reply	other threads:[~2018-08-27  9:59 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-24  9:21 [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE Sumit Garg
     [not found] ` <f9970701-8edc-66d1-7272-a14d39e532f0@linaro.org>
2018-08-24 12:09   ` [Tee-dev] " Sumit Garg
     [not found]     ` <c8005328-f548-edb1-8ebc-a93452e3f229@linaro.org>
2018-08-24 12:21       ` Sumit Garg
2018-08-24 13:18 ` Ard Biesheuvel
2018-08-27  5:22   ` Sumit Garg
2018-08-24 16:20 ` Udit Kumar
2018-08-24 17:35   ` Ard Biesheuvel
2018-08-24 17:45     ` Udit Kumar
2018-08-24 18:03       ` Matteo Carlini
2018-08-27  9:58         ` Sumit Garg [this message]
2018-08-28 13:08           ` Achin Gupta
2018-08-28 16:34             ` Sumit Garg
2018-08-29  4:38               ` Udit Kumar
2018-08-29  5:41               ` Bhupesh Sharma
2018-08-29  7:44                 ` Sumit Garg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAFA6WYOmowS9R+jz=tgPv4nsV-zGeXibXi0ApV64ZvY1B-B8sQ@mail.gmail.com' \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox