From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:400c:c05::241; helo=mail-vk0-x241.google.com; envelope-from=sumit.garg@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-vk0-x241.google.com (mail-vk0-x241.google.com [IPv6:2607:f8b0:400c:c05::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 40993210F93C6 for ; Wed, 29 Aug 2018 00:45:00 -0700 (PDT) Received: by mail-vk0-x241.google.com with SMTP id s17-v6so2066864vke.10 for ; Wed, 29 Aug 2018 00:45:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=K0bUHP88NWvvy/b9U7SBVM5byBkbT5/D3EYjDFnzlGs=; b=Z+IRq1K+aw3gKPmIGosNMKP9mObKdtmN6GAX+YiNPgowJ1JYSJBMaqdZ/cfGuny4R0 GUNbz+MZCtVwl8D69y67+kBMYU8KwR8ZQEXdIyAIPEsot2LM48TpB+L5OQ11jzDM1XpB Iupa7WnHDk6+dRtWCa5cDKs8566M+H51IQGYY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=K0bUHP88NWvvy/b9U7SBVM5byBkbT5/D3EYjDFnzlGs=; b=m6aDAQIkawAcpkDYX6aktD54MDHaUSN+a0nofvuNTzPjHtDmt8Tuu3Spc0nwE2V6Zm kg/4i64eDWRk+A7nYn27pz1Dj8VbiE6vmFtcsl8DRAmr5NI/rg9hiX+E6XF1/JYQdHUq nshepu63MnOohqqEfql2GcoPt7Vxyv6zaB0HQaGOATq73Z8u4vSo3NOBpWqTuDhkeeME gZ6OptzmPRxsMfbg7IUFXPv8hMDLtqDoEIKYBKdx3ToSIXH511rtBRC6+HOWw/y2Ozz2 0ZIHRbZIG7O0kKtYmBPsd0YJG40yibcO+VYC/6wXkd3nJ0t1OzNbLJmofjcDNhmyRQlC fosw== X-Gm-Message-State: APzg51APzu0ETfyh1xCBB3kmEcd16Jhx0umsa5CUhFF1qWGxH1WMgr4k aADbIaxgZkEtsiC4o+7JS83uKzEa7lGWHjUyksWMfQ== X-Google-Smtp-Source: ANB0VdZ23/MhKu96V13CfUMohqREyjplQ77nu5X4r7M/cPUF2KBrwmQTuAB85smfXmMJzf9tGtzmQeFLeUjMCcQMX4U= X-Received: by 2002:a1f:39c2:: with SMTP id g185-v6mr3131278vka.165.1535528699086; Wed, 29 Aug 2018 00:44:59 -0700 (PDT) MIME-Version: 1.0 References: <1535102474-24383-1-git-send-email-sumit.garg@linaro.org> <20180828130822.GL28113@e104320-lin> In-Reply-To: From: Sumit Garg Date: Wed, 29 Aug 2018 13:14:46 +0530 Message-ID: To: bhsharma@redhat.com Cc: achin.gupta@arm.com, Ard Biesheuvel , Daniel Thompson , edk2-devel@lists.01.org, tee-dev@lists.linaro.org, rod.dorris@nxp.com, nd@arm.com, Jens Wiklander Subject: Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2018 07:45:01 -0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Bhupesh, On Wed, 29 Aug 2018 at 11:11, Bhupesh Sharma wrote: > > Hi Sumit, > > On Tue, Aug 28, 2018 at 10:04 PM, Sumit Garg wrot= e: > > Hi Achin, > > > > On Tue, 28 Aug 2018 at 18:38, Achin Gupta wrote: > >> > >> Hi Sumit, > >> > >> Apologies for not replying sooner. Some questions and thoughts inline. > >> > >> On Mon, Aug 27, 2018 at 03:28:52PM +0530, Sumit Garg wrote: > >> > On Fri, 24 Aug 2018 at 23:33, Matteo Carlini wrote: > >> > > > >> > > +Achin > >> > > > >> > > SPD (for OP-TEE and other Trusted-OSes payloads running at S-EL1) = and SPM (for Secure Partitions at S-EL0) are currently mutually exclusive i= nto Trusted Firmware-A codebase. > >> > > > >> > > In other words, you cannot turn them on in parallel and execute bo= th a S-EL1 Trusted OS AND (one or many) S-EL0 Secure Partitions in the Secu= re World with the current Software Architecture. > >> > > > >> > > >> > IIUC, currently BL32 image is common in Trusted Firmware-A code-base= . > >> > If we turn on SPD then BL32=3D else if we turn on = SPM > >> > then BL32=3D, correct? > >> > >> Yes! BL32 is a TOS image if SPD is enabled. It is a S-EL0 Standalone M= M Secure > >> partition image if SPM is enabled. > >> > >> > > >> > But I think SMC calling conventions (SMC Calling Convention [1] and > >> > Management Mode Interface Specification [2]) doesn't put any such > >> > restrictions as SMC function IDs are totally separate. > >> > >> Yes, this was an implementation choice to ensure that either a S-EL1 p= ayload > >> (Trusted OS) or a S-EL0 payload (MM SP) could be included in an Arm TF= build but > >> not both. > >> > >> > > >> > > Achin and other Arm architects are trying to figure out a way for = solving this problem without the need for a v8.4 Secure-EL2 Hypervisor, obv= iously without leveraging the isolation benefits of it (see also [1]). > >> > > > >> > > >> > Agree we won't be having isolation benefits which provides added lev= el > >> > of Security. > >> > > >> > > But Ard is right: there could be use-cases to ship UEFI systems wi= th OP-TEE and TAs on top...and this should still be currently possible usin= g the SPD dispatcher into TF-A. I've not looked deeply into this patch, but= it doesn=E2=80=99t seem to contradict the above Sw architecture. > >> > > > >> > > The question would be: would you foresee the need for running one = (or many) other (UEFI/EDK2-based) Secure Services in the Secure World into = a Secure Partition (using the StandaloneMmPkg) *together* with OP-TEE? > >> > > > >> > > >> > As per following quote from Management Mode Interface Specification = [2]: > >> > > >> > "Management Mode (MM) provides an environment for implementing OS > >> > agnostic services (MM services) like RAS error handling, secure > >> > variable storage, and firmware updates in system firmware. The > >> > services can be invoked synchronously and asynchronously." > >> > > >> > It seems that MM mode is designed for more robust and platform > >> > specific services whereas OP-TEE (or any trusted OS) use-cases seem = to > >> > be more complex like Entropy pool (RNG as in our case), DRM (could b= e > >> > valid use-case for Android TV or Chromebook), keymaster or keystore > >> > (for Edge devices) etc. > >> > >> It really depends upon the secure sw stack, use case and the requireme= nts. MM > >> interface specification specifies a blocking SMC (MM_COMMUNICATE) to a= ccess a > >> secure service implemented in S-EL0. > >> > >> In the UEFI/PI/EDK2 context, MM drivers are used to satisfy a variety = of use > >> cases during boot through the EFI_MM_COMMUNICATION_PROTOCOL (the bad p= ress of > >> SMM aside!). MM_COMMUNICATE SMC provides a channel into the secure wor= ld to the > >> backend of this protocol on Arm systems. So any service accessible thr= ough this > >> protocol could be implemented on Arm systems in a MM SP. > >> > >> IIUC, in your case there is OP-TEE and firmware in the secure world. O= P-TEE has > >> a static TA that provides the random data service and you want to leve= rage it at > >> boot time? Ditto for other services? > > > > Correct, actually we tried to create OP-TEE static (pseudo) TA that > > provides RNG service using thermal sensor noise and secure timer > > interrupts (FIQs) to fill entropy pool. Using this service via OP-TEE > > library in UEFI (subset in terms of functionality as compared to > > OP-TEE kernel driver) for features like KASLR etc. > > Commenting on this from a distribution p-o-v, we have arn64 boards > available which have good entropy sources available but do not support > EFI_RNG_PROTOCOL as they would not like the EFI firmware running in > EL2 mode to use the secure entropy sources (which should be touched > only by secure EL3 or EL1 softwares). > > In such cases, we are not able to support KASLR linux boot on such > boards as there is basically no EFI_RNG_PROTOCOL support (see [1]). > Ofcourse we can ask them to plug-in usb keys (Ard has a driver > available for the Chaos Usb Key, see [2]) to help generate the random > entropy for us, but it is not always possible in a production > environment. Using on-board entropy sources (if available), is the > best possible alternative there. > > We rely on using NS-EL0 user-space calls like linux's getrandom() to > get entropy from the random pool if required in he linux user-space, > but these implementation have their own limitations (see [3] and [4]), > so may be on arm64 systems which support secure partitions/trusted-os > we can had over these getrandom() calls to OPTEE-TAs which can get the > entropy value from the secure sources as well. Following is brief description regarding RNG implementation we have: 1. Boot time: Support for EFI_RNG_PROTOCOL using this OP-TEE Library to access RNG service. Using EFI_RNG_PROTOCOL to provide kaslr-seed and initial seed for kernel entropy pool. 2. Run time: In Linux we tried to emulate "hw_random" char driver (/dev/hwrng) using kernel TEE internal client interface [1] to access RNG service. Using /dev/hwrng, we added entropy to kernel entropy pools (/dev/random) which could be used by Linux user-space via getrandom() system calls. I hope above implementation suffices your use-case too. BTW, we do have a session regarding this at Linaro Connect [2]. [1] https://patchwork.kernel.org/patch/10513611/ [2] https://yvr18.pathable.com/meetings/740437 Regards, Sumit > > [1] https://www.spinics.net/lists/arm-kernel/msg640435.html > [2] https://www.spinics.net/lists/arm-kernel/msg640437.html > [3] https://www.mail-archive.com/kexec@lists.infradead.org/msg19586.html > [4] https://access.redhat.com/security/cve/cve-2018-1108 > > Thanks, > Bhupesh > > >> So you do not really need an MM partition > >> running alongside OP-TEE? > >> > > > >> So you do not really need an MM partition > >> running alongside OP-TEE? > >> > > > > Agree that most of secure services can be implemented as static > > (pseudo) TAs. But if I think about services like RAS error handling > > and firmware updates. Is Trusted OS (OP-TEE or any third party OS) an > > appropriate place to implement these platform specific services? > > > >> In any case, what we are working on is to define a set of standard SMC > >> interfaces that can be used to talk to a secure service in a payload i= n S-EL1 or > >> S-EL0. This standard ABI will avoid the need to use payload specific S= MCs in the > >> normal world e.g. OP-TEE specific SMCs. > >> > > > > It would be nice to have such standard ABI. > > > >> Side topic! Do you foresee a usecase for DRM through UEFI during boot?= Would it > >> work in the absence of RPC support in the Optee Library? IIUC, at runt= ime, DRM > >> traffic will be routed through the OP-TEE driver in the OS instead of = UEFI since > >> there is no UEFI runtime service interface to do DRM? > >> > > > > Correct, I don't foresee DRM use-case during UEFI boot. Actually by > > DRM use-case I mean to say via OP-TEE driver in OS only. Earlier I was > > trying to list use-cases of OP-TEE on devices using UEFI as a > > boot-loader. > > > > Regards, > > Sumit > > > >> > > >> > So it looks like they complement each other and we will have more > >> > robustness once we migrate to v8.4 Secure-EL2 Hypervisor for isolati= on > >> > support. > >> > >> In a way yes! The robustness bit is not really related to the interfac= e used to > >> access as service. > >> > >> > > >> > Please feel free to correct me if I missed something. > >> > >> Hope this makes sense. > >> > >> cheers, > >> Achin > >> > >> > > >> > Regards, > >> > Sumit > >> > > >> > [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DE= N0028B_SMC_Calling_Convention.pdf > >> > [2] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN006= 0A_ARM_MM_Interface_Specification.pdf > >> > > >> > > Thanks > >> > > Matteo > >> > > > >> > > [1]: https://community.arm.com/processors/b/blog/posts/architectin= g-more-secure-world-with-isolation-and-virtualization > >> > > > >> > > > -----Original Message----- > >> > > > From: Udit Kumar > >> > > > Sent: 24 August 2018 18:46 > >> > > > To: Ard Biesheuvel ; Matteo Carlini > >> > > > > >> > > > Cc: Sumit Garg ; edk2-devel@lists.01.org;= tee- > >> > > > dev@lists.linaro.org; daniel.thompson@linaro.org; jens.wiklander= @linaro.org; > >> > > > Rod Dorris > >> > > > Subject: RE: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to com= municate > >> > > > with OP-TEE > >> > > > > >> > > > Hi Ard > >> > > > > >> > > > > If MM mode is fundamentally incompatible with OP-TEE, then you= cannot > >> > > > > run both at the same time, > >> > > > > >> > > > Both cannot coexist unless you have v8.4 CPU > >> > > > > >> > > > Regards > >> > > > Udit > >> > > > > >> > > > > > >> > > > > > >> > > > > >> -----Original Message----- > >> > > > > >> From: edk2-devel On Behal= f Of > >> > > > > >> Sumit Garg > >> > > > > >> Sent: Friday, August 24, 2018 2:51 PM > >> > > > > >> To: edk2-devel@lists.01.org > >> > > > > >> Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org; > >> > > > > >> jens.wiklander@linaro.org > >> > > > > >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to > >> > > > > >> communicate with OP-TEE > >> > > > > >> > >> > > > > >> Add following APIs to communicate with OP-TEE static TA: > >> > > > > >> 1. OpteeInit > >> > > > > >> 2. OpteeOpenSession > >> > > > > >> 3. OpteeCloseSession > >> > > > > >> 4. OpteeInvokeFunc > >> > > > > >> > >> > > > > >> Cc: Ard Biesheuvel > >> > > > > >> Cc: Leif Lindholm > >> > > > > >> Contributed-under: TianoCore Contribution Agreement 1.1 > >> > > > > >> Signed-off-by: Sumit Garg > >> > > > > >> --- > >> > > > > >> ArmPkg/Include/Library/OpteeLib.h | 102 += +++++ > >> > > > > >> ArmPkg/Library/OpteeLib/Optee.c | 358 > >> > > > > >> +++++++++++++++++++++ > >> > > > > >> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > >> > > > > >> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 += ++ > >> > > > > >> .../Include/IndustryStandard/GlobalPlatform.h | 60 += +-- > >> > > > > >> 5 files changed, 531 insertions(+), 34 deletions(-) creat= e mode > >> > > > > >> 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > >> > > > > >> copy ArmPkg/Include/Library/OpteeLib.h =3D> > >> > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > >> > > > > >> > >> > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> b/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> index f65d8674d9b8..c323f49072f8 100644 > >> > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> +++ b/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> @@ -25,10 +25,112 @@ > >> > > > > >> #define OPTEE_OS_UID2 0xaf630002 > >> > > > > >> #define OPTEE_OS_UID3 0xa5d5c51b > >> > > > > >> > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > >> > > > > >> + > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > >> > > > > >> + > >> > > > > >> +typedef struct { > >> > > > > >> + UINT64 BufPtr; > >> > > > > >> + UINT64 Size; > >> > > > > >> + UINT64 ShmRef; > >> > > > > >> +} OPTEE_MSG_PARAM_MEM; > >> > > > > >> + > >> > > > > >> +typedef struct { > >> > > > > >> + UINT64 A; > >> > > > > >> + UINT64 B; > >> > > > > >> + UINT64 C; > >> > > > > >> +} OPTEE_MSG_PARAM_VALUE; > >> > > > > >> + > >> > > > > >> +typedef struct { > >> > > > > >> + UINT64 Attr; > >> > > > > >> + union { > >> > > > > >> + OPTEE_MSG_PARAM_MEM Mem; > >> > > > > >> + OPTEE_MSG_PARAM_VALUE Value; > >> > > > > >> + } U; > >> > > > > >> +} OPTEE_MSG_PARAM; > >> > > > > >> + > >> > > > > >> +#define MAX_PARAMS 4 > >> > > > > >> + > >> > > > > >> +typedef struct { > >> > > > > >> + UINT32 Cmd; > >> > > > > >> + UINT32 Func; > >> > > > > >> + UINT32 Session; > >> > > > > >> + UINT32 CancelId; > >> > > > > >> + UINT32 Pad; > >> > > > > >> + UINT32 Ret; > >> > > > > >> + UINT32 RetOrigin; > >> > > > > >> + UINT32 NumParams; > >> > > > > >> + > >> > > > > >> + // NumParams tells the actual number of element in= Params > >> > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > >> > > > > >> +} OPTEE_MSG_ARG; > >> > > > > >> + > >> > > > > >> +#define OPTEE_UUID_LEN 16 > >> > > > > >> + > >> > > > > >> +// > >> > > > > >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > >> > > > > >> +// @Uuid: [in] UUID of the Trusted Application > >> > > > > >> +// @Session: [out] Session id > >> > > > > >> +// @Ret: [out] Return value > >> > > > > >> +// @RetOrigin [out] Origin of the return value > >> > > > > >> +// > >> > > > > >> +typedef struct { > >> > > > > >> + UINT8 Uuid[OPTEE_UUID_LEN]; > >> > > > > >> + UINT32 Session; > >> > > > > >> + UINT32 Ret; > >> > > > > >> + UINT32 RetOrigin; > >> > > > > >> +} OPTEE_OPEN_SESSION_ARG; > >> > > > > >> + > >> > > > > >> +// > >> > > > > >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument > >> > > > > >> +// @Func: [in] Trusted Application function, specifi= c to the TA > >> > > > > >> +// @Session: [in] Session id > >> > > > > >> +// @Ret: [out] Return value > >> > > > > >> +// @RetOrigin [out] Origin of the return value > >> > > > > >> +// @Params [inout] Parameters for function to be invo= ked > >> > > > > >> +// > >> > > > > >> +typedef struct { > >> > > > > >> + UINT32 Func; > >> > > > > >> + UINT32 Session; > >> > > > > >> + UINT32 Ret; > >> > > > > >> + UINT32 RetOrigin; > >> > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > >> > > > > >> +} OPTEE_INVOKE_FUNC_ARG; > >> > > > > >> + > >> > > > > >> BOOLEAN > >> > > > > >> EFIAPI > >> > > > > >> IsOpteePresent ( > >> > > > > >> VOID > >> > > > > >> ); > >> > > > > >> > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeInit ( > >> > > > > >> + VOID > >> > > > > >> + ); > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeOpenSession ( > >> > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > >> > > > > >> + ); > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeCloseSession ( > >> > > > > >> + IN UINT32 Session > >> > > > > >> + ); > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeInvokeFunc ( > >> > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > >> > > > > >> + ); > >> > > > > >> + > >> > > > > >> #endif > >> > > > > >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c > >> > > > > >> b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..21110= 22d3662 > >> > > > > >> 100644 > >> > > > > >> --- a/ArmPkg/Library/OpteeLib/Optee.c > >> > > > > >> +++ b/ArmPkg/Library/OpteeLib/Optee.c > >> > > > > >> @@ -14,11 +14,19 @@ > >> > > > > >> > >> > > > > >> **/ > >> > > > > >> > >> > > > > >> +#include > >> > > > > >> #include > >> > > > > >> +#include > >> > > > > >> #include > >> > > > > >> +#include > >> > > > > >> #include > >> > > > > >> > >> > > > > >> #include > >> > > > > >> +#include > >> > > > > >> +#include > >> > > > > >> +#include > >> > > > > >> + > >> > > > > >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo =3D { 0 }; > >> > > > > >> > >> > > > > >> /** > >> > > > > >> Check for OP-TEE presence. > >> > > > > >> @@ -31,6 +39,7 @@ IsOpteePresent ( > >> > > > > >> { > >> > > > > >> ARM_SMC_ARGS ArmSmcArgs; > >> > > > > >> > >> > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > >> > > > > >> // Send a Trusted OS Calls UID command > >> > > > > >> ArmSmcArgs.Arg0 =3D ARM_SMC_ID_TOS_UID; > >> > > > > >> ArmCallSmc (&ArmSmcArgs); > >> > > > > >> @@ -44,3 +53,352 @@ IsOpteePresent ( > >> > > > > >> return FALSE; > >> > > > > >> } > >> > > > > >> } > >> > > > > >> + > >> > > > > >> +STATIC > >> > > > > >> +EFI_STATUS > >> > > > > >> +OpteeShmMemRemap ( > >> > > > > >> + VOID > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > >> > > > > >> + EFI_PHYSICAL_ADDRESS Paddr; > >> > > > > >> + EFI_PHYSICAL_ADDRESS Start; > >> > > > > >> + EFI_PHYSICAL_ADDRESS End; > >> > > > > >> + EFI_STATUS Status; > >> > > > > >> + UINTN Size; > >> > > > > >> + > >> > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > >> > > > > >> + ArmSmcArgs.Arg0 =3D OPTEE_SMC_GET_SHM_CONFIG; > >> > > > > >> + > >> > > > > >> + ArmCallSmc (&ArmSmcArgs); > >> > > > > >> + if (ArmSmcArgs.Arg0 !=3D OPTEE_SMC_RETURN_OK) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supporte= d\n")); > >> > > > > >> + return EFI_UNSUPPORTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + if (ArmSmcArgs.Arg3 !=3D OPTEE_SMC_SHM_CACHED) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared > >> > > > > memory > >> > > > > >> supported\n")); > >> > > > > >> + return EFI_UNSUPPORTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + Start =3D (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB = - 1); End > >> > > > > >> + =3D > >> > > > > >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); P= addr =3D > >> > > > > >> + Start; Size =3D End - Start; > >> > > > > >> + > >> > > > > >> + if (Size < SIZE_4KB) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n"= )); > >> > > > > >> + return EFI_BUFFER_TOO_SMALL; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + Status =3D ArmSetMemoryAttributes (Paddr, Size, EFI_MEMO= RY_WB); > >> > > > > >> + if (EFI_ERROR (Status)) { > >> > > > > >> + return Status; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + OpteeShmInfo.Base =3D (UINTN)Paddr; OpteeShmInfo.Size = =3D Size; > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeInit ( > >> > > > > >> + VOID > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + EFI_STATUS Status; > >> > > > > >> + > >> > > > > >> + if (!IsOpteePresent ()) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > >> > > > > >> + return EFI_UNSUPPORTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + Status =3D OpteeShmMemRemap (); > >> > > > > >> + if (EFI_ERROR (Status)) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed= \n")); > >> > > > > >> + return Status; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +/** > >> > > > > >> + Does Standard SMC to OP-TEE in secure world. > >> > > > > >> + > >> > > > > >> + @param[in] Parg Physical address of message to pass t= o secure world > >> > > > > >> + > >> > > > > >> + @return 0 on success, secure world return cod= e otherwise > >> > > > > >> + > >> > > > > >> +**/ > >> > > > > >> +STATIC > >> > > > > >> +UINT32 > >> > > > > >> +OpteeCallWithArg ( > >> > > > > >> + IN EFI_PHYSICAL_ADDRESS Parg > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > >> > > > > >> + > >> > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > >> > > > > >> + ArmSmcArgs.Arg0 =3D OPTEE_SMC_CALL_WITH_ARG; > >> > > > > >> + ArmSmcArgs.Arg1 =3D (UINT32)(Parg >> 32); > >> > > > > >> + ArmSmcArgs.Arg2 =3D (UINT32)Parg; > >> > > > > >> + > >> > > > > >> + while (TRUE) { > >> > > > > >> + ArmCallSmc (&ArmSmcArgs); > >> > > > > >> + > >> > > > > >> + if (ArmSmcArgs.Arg0 =3D=3D OPTEE_SMC_RETURN_RPC_FOREIG= N_INTR) { > >> > > > > >> + // > >> > > > > >> + // A foreign interrupt was raised while secure world= was > >> > > > > >> + // executing, since they are handled in UEFI a dummy= RPC is > >> > > > > >> + // performed to let UEFI take the interrupt through = the normal > >> > > > > >> + // vector. > >> > > > > >> + // > >> > > > > >> + ArmSmcArgs.Arg0 =3D OPTEE_SMC_RETURN_FROM_RPC; > >> > > > > >> + } else { > >> > > > > >> + break; > >> > > > > >> + } > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + return ArmSmcArgs.Arg0; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeOpenSession ( > >> > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + OPTEE_MSG_ARG *MsgArg; > >> > > > > >> + > >> > > > > >> + MsgArg =3D NULL; > >> > > > > >> + > >> > > > > >> + if (OpteeShmInfo.Base =3D=3D 0) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > >> > > > > >> + return EFI_NOT_STARTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + MsgArg =3D (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem = (MsgArg, > >> > > > > >> sizeof > >> > > > > >> + (OPTEE_MSG_ARG)); > >> > > > > >> + > >> > > > > >> + MsgArg->Cmd =3D OPTEE_MSG_CMD_OPEN_SESSION; > >> > > > > >> + > >> > > > > >> + // > >> > > > > >> + // Initialize and add the meta parameters needed when op= ening a > >> > > > > >> + // session. > >> > > > > >> + // > >> > > > > >> + MsgArg->Params[0].Attr =3D OPTEE_MSG_ATTR_TYPE_VALUE_INP= UT | > >> > > > > >> + OPTEE_MSG_ATTR_META; > >> > > > > >> + MsgArg->Params[1].Attr =3D OPTEE_MSG_ATTR_TYPE_VALUE_INPU= T | > >> > > > > >> + OPTEE_MSG_ATTR_META; CopyMem > >> > > > > >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, > >> > > > > OPTEE_UUID_LEN); > >> > > > > >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > >> > > > > >> + MsgArg->Params[1].U.Value.C =3D TEE_LOGIN_PUBLIC; > >> > > > > >> + > >> > > > > >> + MsgArg->NumParams =3D 2; > >> > > > > >> + > >> > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > >> > > > > >> + MsgArg->Ret =3D TEEC_ERROR_COMMUNICATION; > >> > > > > >> + MsgArg->RetOrigin =3D TEEC_ORIGIN_COMMS; } > >> > > > > >> + > >> > > > > >> + OpenSessionArg->Session =3D MsgArg->Session; OpenSessio= nArg->Ret > >> > > > > >> + =3D > >> > > > > >> + MsgArg->Ret; OpenSessionArg->RetOrigin =3D MsgArg->RetOr= igin; > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeCloseSession ( > >> > > > > >> + IN UINT32 Session > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + OPTEE_MSG_ARG *MsgArg; > >> > > > > >> + > >> > > > > >> + MsgArg =3D NULL; > >> > > > > >> + > >> > > > > >> + if (OpteeShmInfo.Base =3D=3D 0) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > >> > > > > >> + return EFI_NOT_STARTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + MsgArg =3D (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem = (MsgArg, > >> > > > > >> sizeof > >> > > > > >> + (OPTEE_MSG_ARG)); > >> > > > > >> + > >> > > > > >> + MsgArg->Cmd =3D OPTEE_MSG_CMD_CLOSE_SESSION; MsgArg->Se= ssion > >> > > > > =3D > >> > > > > >> + Session; > >> > > > > >> + > >> > > > > >> + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +STATIC > >> > > > > >> +EFI_STATUS > >> > > > > >> +OpteeToMsgParam ( > >> > > > > >> + OUT OPTEE_MSG_PARAM *MsgParams, > >> > > > > >> + IN UINT32 NumParams, > >> > > > > >> + IN OPTEE_MSG_PARAM *InParams > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + UINT32 Idx; > >> > > > > >> + UINTN ParamShmAddr; > >> > > > > >> + UINTN ShmSize; > >> > > > > >> + UINTN Size; > >> > > > > >> + > >> > > > > >> + Size =3D (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) = & ~(sizeof > >> > > > > >> + (UINT64) - 1); ParamShmAddr =3D OpteeShmInfo.Base + Size= ; ShmSize > >> > > > > >> + =3D OpteeShmInfo.Size - Size; > >> > > > > >> + > >> > > > > >> + for (Idx =3D 0; Idx < NumParams; Idx++) { > >> > > > > >> + CONST OPTEE_MSG_PARAM *Ip; > >> > > > > >> + OPTEE_MSG_PARAM *Mp; > >> > > > > >> + UINT32 Attr; > >> > > > > >> + > >> > > > > >> + Ip =3D InParams + Idx; > >> > > > > >> + Mp =3D MsgParams + Idx; > >> > > > > >> + Attr =3D Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > >> > > > > >> + > >> > > > > >> + switch (Attr) { > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > >> > > > > >> + Mp->Attr =3D OPTEE_MSG_ATTR_TYPE_NONE; > >> > > > > >> + ZeroMem (&Mp->U, sizeof (Mp->U)); > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > >> > > > > >> + Mp->Attr =3D Attr; > >> > > > > >> + Mp->U.Value.A =3D Ip->U.Value.A; > >> > > > > >> + Mp->U.Value.B =3D Ip->U.Value.B; > >> > > > > >> + Mp->U.Value.C =3D Ip->U.Value.C; > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > >> > > > > >> + Mp->Attr =3D Attr; > >> > > > > >> + > >> > > > > >> + if (Ip->U.Mem.Size > ShmSize) { > >> > > > > >> + return EFI_OUT_OF_RESOURCES; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.Buf= Ptr, Ip- > >> > > > > >> >U.Mem.Size); > >> > > > > >> + Mp->U.Mem.BufPtr =3D (UINT64)ParamShmAddr; > >> > > > > >> + Mp->U.Mem.Size =3D Ip->U.Mem.Size; > >> > > > > >> + > >> > > > > >> + Size =3D (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(= sizeof (UINT64) - 1); > >> > > > > >> + ParamShmAddr +=3D Size; > >> > > > > >> + ShmSize -=3D Size; > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + default: > >> > > > > >> + return EFI_INVALID_PARAMETER; > >> > > > > >> + } > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +STATIC > >> > > > > >> +EFI_STATUS > >> > > > > >> +OpteeFromMsgParam ( > >> > > > > >> + OUT OPTEE_MSG_PARAM *OutParams, > >> > > > > >> + IN UINT32 NumParams, > >> > > > > >> + IN OPTEE_MSG_PARAM *MsgParams > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + UINT32 Idx; > >> > > > > >> + > >> > > > > >> + for (Idx =3D 0; Idx < NumParams; Idx++) { > >> > > > > >> + OPTEE_MSG_PARAM *Op; > >> > > > > >> + CONST OPTEE_MSG_PARAM *Mp; > >> > > > > >> + UINT32 Attr; > >> > > > > >> + > >> > > > > >> + Op =3D OutParams + Idx; > >> > > > > >> + Mp =3D MsgParams + Idx; > >> > > > > >> + Attr =3D Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > >> > > > > >> + > >> > > > > >> + switch (Attr) { > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > >> > > > > >> + Op->Attr =3D OPTEE_MSG_ATTR_TYPE_NONE; > >> > > > > >> + ZeroMem (&Op->U, sizeof (Op->U)); > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > >> > > > > >> + Op->Attr =3D Attr; > >> > > > > >> + Op->U.Value.A =3D Mp->U.Value.A; > >> > > > > >> + Op->U.Value.B =3D Mp->U.Value.B; > >> > > > > >> + Op->U.Value.C =3D Mp->U.Value.C; > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > >> > > > > >> + Op->Attr =3D Attr; > >> > > > > >> + > >> > > > > >> + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > >> > > > > >> + return EFI_BAD_BUFFER_SIZE; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem= .BufPtr, > >> > > > > >> Mp->U.Mem.Size); > >> > > > > >> + Op->U.Mem.Size =3D Mp->U.Mem.Size; > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + default: > >> > > > > >> + return EFI_INVALID_PARAMETER; > >> > > > > >> + } > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeInvokeFunc ( > >> > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + EFI_STATUS Status; > >> > > > > >> + OPTEE_MSG_ARG *MsgArg; > >> > > > > >> + > >> > > > > >> + MsgArg =3D NULL; > >> > > > > >> + > >> > > > > >> + if (OpteeShmInfo.Base =3D=3D 0) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > >> > > > > >> + return EFI_NOT_STARTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + MsgArg =3D (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem = (MsgArg, > >> > > > > >> sizeof > >> > > > > >> + (OPTEE_MSG_ARG)); > >> > > > > >> + > >> > > > > >> + MsgArg->Cmd =3D OPTEE_MSG_CMD_INVOKE_COMMAND; MsgArg- > >> > > > > >Func =3D > >> > > > > >> + InvokeFuncArg->Func; MsgArg->Session =3D InvokeFuncArg->= Session; > >> > > > > >> + > >> > > > > >> + Status =3D OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, > >> > > > > >> + InvokeFuncArg->Params); if (Status) > >> > > > > >> + return Status; > >> > > > > >> + > >> > > > > >> + MsgArg->NumParams =3D MAX_PARAMS; > >> > > > > >> + > >> > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > >> > > > > >> + MsgArg->Ret =3D TEEC_ERROR_COMMUNICATION; > >> > > > > >> + MsgArg->RetOrigin =3D TEEC_ORIGIN_COMMS; } > >> > > > > >> + > >> > > > > >> + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS= , > >> > > > > >> MsgArg->Params)) { > >> > > > > >> + MsgArg->Ret =3D TEEC_ERROR_COMMUNICATION; > >> > > > > >> + MsgArg->RetOrigin =3D TEEC_ORIGIN_COMMS; } > >> > > > > >> + > >> > > > > >> + InvokeFuncArg->Ret =3D MsgArg->Ret; InvokeFuncArg->RetO= rigin =3D > >> > > > > >> + MsgArg->RetOrigin; > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> > > > > >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> > > > > >> index 5abd427379cc..e03054a7167d 100644 > >> > > > > >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> > > > > >> @@ -23,11 +23,13 @@ [Defines] > >> > > > > >> > >> > > > > >> [Sources] > >> > > > > >> Optee.c > >> > > > > >> + OpteeSmc.h > >> > > > > >> > >> > > > > >> [Packages] > >> > > > > >> ArmPkg/ArmPkg.dec > >> > > > > >> MdePkg/MdePkg.dec > >> > > > > >> > >> > > > > >> [LibraryClasses] > >> > > > > >> + ArmMmuLib > >> > > > > >> ArmSmcLib > >> > > > > >> BaseLib > >> > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h > >> > > > > >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h > >> > > > > >> new file mode 100644 > >> > > > > >> index 000000000000..e2ea35784a0a > >> > > > > >> --- /dev/null > >> > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > >> > > > > >> @@ -0,0 +1,43 @@ > >> > > > > >> +/** @file > >> > > > > >> + OP-TEE SMC header file. > >> > > > > >> + > >> > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.
> >> > > > > >> + > >> > > > > >> + This program and the accompanying materials are license= d and > >> > > > > >> + made available under the terms and conditions of the BSD = License > >> > > > > >> + which accompanies this distribution. The full text of th= e > >> > > > > >> + license may be found at > >> > > > > >> + > >> > > > > >> + > >> > > > > >> > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=3Dhttp%3A= %2F%2Fope > >> > > > > >> n > >> > > > > >> + source.org%2Flicenses%2Fbsd- > >> > > > > >> license.php&data=3D02%7C01%7Cudit.kumar% > >> > > > > >> + > >> > > > > >> > >> > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6= f > >> > > > > >> a92cd99 > >> > > > > >> + > >> > > > > >> > >> > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=3DpyZF9Ku3qEp= p > >> > > > > >> OOKCyshbg > >> > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=3D0 > >> > > > > >> + > >> > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "= AS IS" > >> > > > > >> BASIS, > >> > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > >> > > > > >> EXPRESS OR IMPLIED. > >> > > > > >> + > >> > > > > >> +**/ > >> > > > > >> + > >> > > > > >> +#ifndef _OPTEE_SMC_H_ > >> > > > > >> +#define _OPTEE_SMC_H_ > >> > > > > >> + > >> > > > > >> +/* Returned in Arg0 only from Trusted OS functions */ > >> > > > > >> +#define OPTEE_SMC_RETURN_OK 0x0 > >> > > > > >> + > >> > > > > >> +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > >> > > > > >> +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > >> > > > > >> +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > >> > > > > >> + > >> > > > > >> +#define OPTEE_SMC_SHM_CACHED 1 > >> > > > > >> + > >> > > > > >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 > >> > > > > >> + > >> > > > > >> +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > >> > > > > >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > >> > > > > >> +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > >> > > > > >> + > >> > > > > >> +#define OPTEE_MSG_ATTR_META 0x100 > >> > > > > >> + > >> > > > > >> +#define TEE_LOGIN_PUBLIC 0x0 > >> > > > > >> + > >> > > > > >> +typedef struct { > >> > > > > >> + UINTN Base; > >> > > > > >> + UINTN Size; > >> > > > > >> +} OPTEE_SHARED_MEMORY_INFO; > >> > > > > >> + > >> > > > > >> +#endif > >> > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > >> > > > > >> similarity index 53% > >> > > > > >> copy from ArmPkg/Include/Library/OpteeLib.h copy to > >> > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h > >> > > > > >> index f65d8674d9b8..14c621d89971 100644 > >> > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > >> > > > > >> @@ -1,34 +1,26 @@ > >> > > > > >> -/** @file > >> > > > > >> - OP-TEE specific header file. > >> > > > > >> - > >> > > > > >> - Copyright (c) 2018, Linaro Ltd. All rights reserved.
> >> > > > > >> - > >> > > > > >> - This program and the accompanying materials > >> > > > > >> - are licensed and made available under the terms and cond= itions > >> > > > > >> of the BSD License > >> > > > > >> - which accompanies this distribution. The full text of t= he > >> > > > > >> license may be found at > >> > > > > >> - > >> > > > > >> > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=3Dhttp%3A= %2F%2Fope > >> > > > > >> nsource.org%2Flicenses%2Fbsd- > >> > > > > >> > >> > > > > license.php&data=3D02%7C01%7Cudit.kumar%40nxp.com%7Ce95635= d0c > >> > > > > >> > >> > > > > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0= % > >> > > > > >> > >> > > > > 7C0%7C636706993250535371&sdata=3DpyZF9Ku3qEppOOKCyshbg9oCT= 4 > >> > > > > >> P6AwM2olKY3%2B2ImWs%3D&reserved=3D0 > >> > > > > >> - > >> > > > > >> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "= AS IS" > >> > > > > >> BASIS, > >> > > > > >> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHE= R > >> > > > > EXPRESS > >> > > > > >> OR IMPLIED. > >> > > > > >> - > >> > > > > >> -**/ > >> > > > > >> - > >> > > > > >> -#ifndef _OPTEE_H_ > >> > > > > >> -#define _OPTEE_H_ > >> > > > > >> - > >> > > > > >> -/* > >> > > > > >> - * The 'Trusted OS Call UID' is supposed to return the fol= lowing > >> > > > > >> UUID for > >> > > > > >> - * OP-TEE OS. This is a 128-bit value. > >> > > > > >> - */ > >> > > > > >> -#define OPTEE_OS_UID0 0x384fb3e0 > >> > > > > >> -#define OPTEE_OS_UID1 0xe7f811e3 > >> > > > > >> -#define OPTEE_OS_UID2 0xaf630002 > >> > > > > >> -#define OPTEE_OS_UID3 0xa5d5c51b > >> > > > > >> - > >> > > > > >> -BOOLEAN > >> > > > > >> -EFIAPI > >> > > > > >> -IsOpteePresent ( > >> > > > > >> - VOID > >> > > > > >> - ); > >> > > > > >> - > >> > > > > >> -#endif > >> > > > > >> +/** @file > >> > > > > >> + Standardized Global Platform header file. > >> > > > > >> + > >> > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.
> >> > > > > >> + > >> > > > > >> + This program and the accompanying materials are license= d and > >> > > > > >> + made available under the terms and conditions of the BSD = License > >> > > > > >> + which accompanies this distribution. The full text of th= e > >> > > > > >> + license may be found at > >> > > > > >> + > >> > > > > >> + > >> > > > > >> > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=3Dhttp%3A= %2F%2Fope > >> > > > > >> n > >> > > > > >> + source.org%2Flicenses%2Fbsd- > >> > > > > >> license.php&data=3D02%7C01%7Cudit.kumar% > >> > > > > >> + > >> > > > > >> > >> > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6= f > >> > > > > >> a92cd99 > >> > > > > >> + > >> > > > > >> > >> > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=3DpyZF9Ku3qEp= p > >> > > > > >> OOKCyshbg > >> > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=3D0 > >> > > > > >> + > >> > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "= AS IS" > >> > > > > >> BASIS, > >> > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > >> > > > > >> EXPRESS OR IMPLIED. > >> > > > > >> + > >> > > > > >> +**/ > >> > > > > >> + > >> > > > > >> +#ifndef _GLOBAL_PLATFORM_H_ > >> > > > > >> +#define _GLOBAL_PLATFORM_H_ > >> > > > > >> + > >> > > > > >> +#define TEEC_ORIGIN_COMMS 0x00000002 > >> > > > > >> + > >> > > > > >> +#define TEEC_SUCCESS 0x00000000 > >> > > > > >> +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > >> > > > > >> +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > >> > > > > >> +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > >> > > > > >> + > >> > > > > >> +#endif > >> > > > > >> -- > >> > > > > >> 2.7.4 > >> > > > > >> > >> > > > > >> _______________________________________________ > >> > > > > >> edk2-devel mailing list > >> > > > > >> edk2-devel@lists.01.org > >> > > > > >> > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=3Dhttps%3= A%2F%2Fli > >> > > > > >> st > >> > > > > >> s.01.org%2Fmailman%2Flistinfo%2Fedk2- > >> > > > > >> > >> > > > > devel&data=3D02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c7= 4e > >> > > > > >> > >> > > > > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% > >> > > > > >> > >> > > > > 7C636706993250535371&sdata=3DmsA6jGRAkpWoQ33VsDfbWqgGcIMTP > >> > > > > >> u%2Fhcds3j9aDPnU%3D&reserved=3D0 > >> > > > > > _______________________________________________ > >> > > > > > edk2-devel mailing list > >> > > > > > edk2-devel@lists.01.org > >> > > > > > > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=3Dhttps%3= A%2F%2Flis > >> > > > > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- > >> > > > > devel&data=3D02%7C01%7Cudit.ku > >> > > > > > > >> > > > > mar%40nxp.com%7C5311c5dc22d54095d79d08d609e7fbf5%7C686ea1d3bc2 > >> > > > > b4c6fa92 > >> > > > > > > >> > > > > cd99c5c301635%7C0%7C0%7C636707289305519903&sdata=3DdwLUq8j= 9f > >> > > > > 9rxeb37V > >> > > > > > 8fGZKoiWh1TNBnhVFqnuF5oN3g%3D&reserved=3D0 > >> > > IMPORTANT NOTICE: The contents of this email and any attachments a= re confidential and may also be privileged. If you are not the intended rec= ipient, please notify the sender immediately and do not disclose the conten= ts to any other person, use it for any purpose, or store or copy the inform= ation in any medium. Thank you. > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel