* [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE
@ 2018-08-24 9:21 Sumit Garg
[not found] ` <f9970701-8edc-66d1-7272-a14d39e532f0@linaro.org>
` (2 more replies)
0 siblings, 3 replies; 15+ messages in thread
From: Sumit Garg @ 2018-08-24 9:21 UTC (permalink / raw)
To: edk2-devel
Cc: tee-dev, daniel.thompson, jens.wiklander, Sumit Garg,
Ard Biesheuvel, Leif Lindholm
Add following APIs to communicate with OP-TEE static TA:
1. OpteeInit
2. OpteeOpenSession
3. OpteeCloseSession
4. OpteeInvokeFunc
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
---
ArmPkg/Include/Library/OpteeLib.h | 102 ++++++
ArmPkg/Library/OpteeLib/Optee.c | 358 +++++++++++++++++++++
ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 +
ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++
.../Include/IndustryStandard/GlobalPlatform.h | 60 ++--
5 files changed, 531 insertions(+), 34 deletions(-)
create mode 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h
copy ArmPkg/Include/Library/OpteeLib.h => MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%)
diff --git a/ArmPkg/Include/Library/OpteeLib.h b/ArmPkg/Include/Library/OpteeLib.h
index f65d8674d9b8..c323f49072f8 100644
--- a/ArmPkg/Include/Library/OpteeLib.h
+++ b/ArmPkg/Include/Library/OpteeLib.h
@@ -25,10 +25,112 @@
#define OPTEE_OS_UID2 0xaf630002
#define OPTEE_OS_UID3 0xa5d5c51b
+#define OPTEE_MSG_ATTR_TYPE_NONE 0x0
+#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1
+#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2
+#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3
+#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9
+#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa
+#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb
+
+#define OPTEE_MSG_ATTR_TYPE_MASK 0xff
+
+typedef struct {
+ UINT64 BufPtr;
+ UINT64 Size;
+ UINT64 ShmRef;
+} OPTEE_MSG_PARAM_MEM;
+
+typedef struct {
+ UINT64 A;
+ UINT64 B;
+ UINT64 C;
+} OPTEE_MSG_PARAM_VALUE;
+
+typedef struct {
+ UINT64 Attr;
+ union {
+ OPTEE_MSG_PARAM_MEM Mem;
+ OPTEE_MSG_PARAM_VALUE Value;
+ } U;
+} OPTEE_MSG_PARAM;
+
+#define MAX_PARAMS 4
+
+typedef struct {
+ UINT32 Cmd;
+ UINT32 Func;
+ UINT32 Session;
+ UINT32 CancelId;
+ UINT32 Pad;
+ UINT32 Ret;
+ UINT32 RetOrigin;
+ UINT32 NumParams;
+
+ // NumParams tells the actual number of element in Params
+ OPTEE_MSG_PARAM Params[MAX_PARAMS];
+} OPTEE_MSG_ARG;
+
+#define OPTEE_UUID_LEN 16
+
+//
+// struct OPTEE_OPEN_SESSION_ARG - Open session argument
+// @Uuid: [in] UUID of the Trusted Application
+// @Session: [out] Session id
+// @Ret: [out] Return value
+// @RetOrigin [out] Origin of the return value
+//
+typedef struct {
+ UINT8 Uuid[OPTEE_UUID_LEN];
+ UINT32 Session;
+ UINT32 Ret;
+ UINT32 RetOrigin;
+} OPTEE_OPEN_SESSION_ARG;
+
+//
+// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument
+// @Func: [in] Trusted Application function, specific to the TA
+// @Session: [in] Session id
+// @Ret: [out] Return value
+// @RetOrigin [out] Origin of the return value
+// @Params [inout] Parameters for function to be invoked
+//
+typedef struct {
+ UINT32 Func;
+ UINT32 Session;
+ UINT32 Ret;
+ UINT32 RetOrigin;
+ OPTEE_MSG_PARAM Params[MAX_PARAMS];
+} OPTEE_INVOKE_FUNC_ARG;
+
BOOLEAN
EFIAPI
IsOpteePresent (
VOID
);
+EFI_STATUS
+EFIAPI
+OpteeInit (
+ VOID
+ );
+
+EFI_STATUS
+EFIAPI
+OpteeOpenSession (
+ IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg
+ );
+
+EFI_STATUS
+EFIAPI
+OpteeCloseSession (
+ IN UINT32 Session
+ );
+
+EFI_STATUS
+EFIAPI
+OpteeInvokeFunc (
+ IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg
+ );
+
#endif
diff --git a/ArmPkg/Library/OpteeLib/Optee.c b/ArmPkg/Library/OpteeLib/Optee.c
index 574527f8b5ea..2111022d3662 100644
--- a/ArmPkg/Library/OpteeLib/Optee.c
+++ b/ArmPkg/Library/OpteeLib/Optee.c
@@ -14,11 +14,19 @@
**/
+#include <Library/ArmMmuLib.h>
#include <Library/ArmSmcLib.h>
+#include <Library/BaseMemoryLib.h>
#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
#include <Library/OpteeLib.h>
#include <IndustryStandard/ArmStdSmc.h>
+#include <IndustryStandard/GlobalPlatform.h>
+#include <OpteeSmc.h>
+#include <Uefi.h>
+
+STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 };
/**
Check for OP-TEE presence.
@@ -31,6 +39,7 @@ IsOpteePresent (
{
ARM_SMC_ARGS ArmSmcArgs;
+ ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS));
// Send a Trusted OS Calls UID command
ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID;
ArmCallSmc (&ArmSmcArgs);
@@ -44,3 +53,352 @@ IsOpteePresent (
return FALSE;
}
}
+
+STATIC
+EFI_STATUS
+OpteeShmMemRemap (
+ VOID
+ )
+{
+ ARM_SMC_ARGS ArmSmcArgs;
+ EFI_PHYSICAL_ADDRESS Paddr;
+ EFI_PHYSICAL_ADDRESS Start;
+ EFI_PHYSICAL_ADDRESS End;
+ EFI_STATUS Status;
+ UINTN Size;
+
+ ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS));
+ ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG;
+
+ ArmCallSmc (&ArmSmcArgs);
+ if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) {
+ DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n"));
+ return EFI_UNSUPPORTED;
+ }
+
+ if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) {
+ DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared memory supported\n"));
+ return EFI_UNSUPPORTED;
+ }
+
+ Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1);
+ End = (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1);
+ Paddr = Start;
+ Size = End - Start;
+
+ if (Size < SIZE_4KB) {
+ DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n"));
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ OpteeShmInfo.Base = (UINTN)Paddr;
+ OpteeShmInfo.Size = Size;
+
+ return EFI_SUCCESS;
+}
+
+EFI_STATUS
+EFIAPI
+OpteeInit (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ if (!IsOpteePresent ()) {
+ DEBUG ((DEBUG_WARN, "OP-TEE not present\n"));
+ return EFI_UNSUPPORTED;
+ }
+
+ Status = OpteeShmMemRemap ();
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n"));
+ return Status;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Does Standard SMC to OP-TEE in secure world.
+
+ @param[in] Parg Physical address of message to pass to secure world
+
+ @return 0 on success, secure world return code otherwise
+
+**/
+STATIC
+UINT32
+OpteeCallWithArg (
+ IN EFI_PHYSICAL_ADDRESS Parg
+ )
+{
+ ARM_SMC_ARGS ArmSmcArgs;
+
+ ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS));
+ ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG;
+ ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32);
+ ArmSmcArgs.Arg2 = (UINT32)Parg;
+
+ while (TRUE) {
+ ArmCallSmc (&ArmSmcArgs);
+
+ if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) {
+ //
+ // A foreign interrupt was raised while secure world was
+ // executing, since they are handled in UEFI a dummy RPC is
+ // performed to let UEFI take the interrupt through the normal
+ // vector.
+ //
+ ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC;
+ } else {
+ break;
+ }
+ }
+
+ return ArmSmcArgs.Arg0;
+}
+
+EFI_STATUS
+EFIAPI
+OpteeOpenSession (
+ IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg
+ )
+{
+ OPTEE_MSG_ARG *MsgArg;
+
+ MsgArg = NULL;
+
+ if (OpteeShmInfo.Base == 0) {
+ DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n"));
+ return EFI_NOT_STARTED;
+ }
+
+ MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base;
+ ZeroMem (MsgArg, sizeof (OPTEE_MSG_ARG));
+
+ MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION;
+
+ //
+ // Initialize and add the meta parameters needed when opening a
+ // session.
+ //
+ MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT |
+ OPTEE_MSG_ATTR_META;
+ MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT |
+ OPTEE_MSG_ATTR_META;
+ CopyMem (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, OPTEE_UUID_LEN);
+ ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN);
+ MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC;
+
+ MsgArg->NumParams = 2;
+
+ if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) {
+ MsgArg->Ret = TEEC_ERROR_COMMUNICATION;
+ MsgArg->RetOrigin = TEEC_ORIGIN_COMMS;
+ }
+
+ OpenSessionArg->Session = MsgArg->Session;
+ OpenSessionArg->Ret = MsgArg->Ret;
+ OpenSessionArg->RetOrigin = MsgArg->RetOrigin;
+
+ return EFI_SUCCESS;
+}
+
+EFI_STATUS
+EFIAPI
+OpteeCloseSession (
+ IN UINT32 Session
+ )
+{
+ OPTEE_MSG_ARG *MsgArg;
+
+ MsgArg = NULL;
+
+ if (OpteeShmInfo.Base == 0) {
+ DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n"));
+ return EFI_NOT_STARTED;
+ }
+
+ MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base;
+ ZeroMem (MsgArg, sizeof (OPTEE_MSG_ARG));
+
+ MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION;
+ MsgArg->Session = Session;
+
+ OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg);
+
+ return EFI_SUCCESS;
+}
+
+STATIC
+EFI_STATUS
+OpteeToMsgParam (
+ OUT OPTEE_MSG_PARAM *MsgParams,
+ IN UINT32 NumParams,
+ IN OPTEE_MSG_PARAM *InParams
+ )
+{
+ UINT32 Idx;
+ UINTN ParamShmAddr;
+ UINTN ShmSize;
+ UINTN Size;
+
+ Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1);
+ ParamShmAddr = OpteeShmInfo.Base + Size;
+ ShmSize = OpteeShmInfo.Size - Size;
+
+ for (Idx = 0; Idx < NumParams; Idx++) {
+ CONST OPTEE_MSG_PARAM *Ip;
+ OPTEE_MSG_PARAM *Mp;
+ UINT32 Attr;
+
+ Ip = InParams + Idx;
+ Mp = MsgParams + Idx;
+ Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK;
+
+ switch (Attr) {
+ case OPTEE_MSG_ATTR_TYPE_NONE:
+ Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE;
+ ZeroMem (&Mp->U, sizeof (Mp->U));
+ break;
+
+ case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT:
+ case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT:
+ case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT:
+ Mp->Attr = Attr;
+ Mp->U.Value.A = Ip->U.Value.A;
+ Mp->U.Value.B = Ip->U.Value.B;
+ Mp->U.Value.C = Ip->U.Value.C;
+ break;
+
+ case OPTEE_MSG_ATTR_TYPE_MEM_INPUT:
+ case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT:
+ case OPTEE_MSG_ATTR_TYPE_MEM_INOUT:
+ Mp->Attr = Attr;
+
+ if (Ip->U.Mem.Size > ShmSize) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip->U.Mem.Size);
+ Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr;
+ Mp->U.Mem.Size = Ip->U.Mem.Size;
+
+ Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1);
+ ParamShmAddr += Size;
+ ShmSize -= Size;
+ break;
+
+ default:
+ return EFI_INVALID_PARAMETER;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+STATIC
+EFI_STATUS
+OpteeFromMsgParam (
+ OUT OPTEE_MSG_PARAM *OutParams,
+ IN UINT32 NumParams,
+ IN OPTEE_MSG_PARAM *MsgParams
+ )
+{
+ UINT32 Idx;
+
+ for (Idx = 0; Idx < NumParams; Idx++) {
+ OPTEE_MSG_PARAM *Op;
+ CONST OPTEE_MSG_PARAM *Mp;
+ UINT32 Attr;
+
+ Op = OutParams + Idx;
+ Mp = MsgParams + Idx;
+ Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK;
+
+ switch (Attr) {
+ case OPTEE_MSG_ATTR_TYPE_NONE:
+ Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE;
+ ZeroMem (&Op->U, sizeof (Op->U));
+ break;
+
+ case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT:
+ case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT:
+ case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT:
+ Op->Attr = Attr;
+ Op->U.Value.A = Mp->U.Value.A;
+ Op->U.Value.B = Mp->U.Value.B;
+ Op->U.Value.C = Mp->U.Value.C;
+ break;
+
+ case OPTEE_MSG_ATTR_TYPE_MEM_INPUT:
+ case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT:
+ case OPTEE_MSG_ATTR_TYPE_MEM_INOUT:
+ Op->Attr = Attr;
+
+ if (Mp->U.Mem.Size > Op->U.Mem.Size) {
+ return EFI_BAD_BUFFER_SIZE;
+ }
+
+ CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, Mp->U.Mem.Size);
+ Op->U.Mem.Size = Mp->U.Mem.Size;
+ break;
+
+ default:
+ return EFI_INVALID_PARAMETER;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+EFI_STATUS
+EFIAPI
+OpteeInvokeFunc (
+ IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg
+ )
+{
+ EFI_STATUS Status;
+ OPTEE_MSG_ARG *MsgArg;
+
+ MsgArg = NULL;
+
+ if (OpteeShmInfo.Base == 0) {
+ DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n"));
+ return EFI_NOT_STARTED;
+ }
+
+ MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base;
+ ZeroMem (MsgArg, sizeof (OPTEE_MSG_ARG));
+
+ MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND;
+ MsgArg->Func = InvokeFuncArg->Func;
+ MsgArg->Session = InvokeFuncArg->Session;
+
+ Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, InvokeFuncArg->Params);
+ if (Status)
+ return Status;
+
+ MsgArg->NumParams = MAX_PARAMS;
+
+ if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) {
+ MsgArg->Ret = TEEC_ERROR_COMMUNICATION;
+ MsgArg->RetOrigin = TEEC_ORIGIN_COMMS;
+ }
+
+ if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, MsgArg->Params)) {
+ MsgArg->Ret = TEEC_ERROR_COMMUNICATION;
+ MsgArg->RetOrigin = TEEC_ORIGIN_COMMS;
+ }
+
+ InvokeFuncArg->Ret = MsgArg->Ret;
+ InvokeFuncArg->RetOrigin = MsgArg->RetOrigin;
+
+ return EFI_SUCCESS;
+}
diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf b/ArmPkg/Library/OpteeLib/OpteeLib.inf
index 5abd427379cc..e03054a7167d 100644
--- a/ArmPkg/Library/OpteeLib/OpteeLib.inf
+++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf
@@ -23,11 +23,13 @@ [Defines]
[Sources]
Optee.c
+ OpteeSmc.h
[Packages]
ArmPkg/ArmPkg.dec
MdePkg/MdePkg.dec
[LibraryClasses]
+ ArmMmuLib
ArmSmcLib
BaseLib
diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h b/ArmPkg/Library/OpteeLib/OpteeSmc.h
new file mode 100644
index 000000000000..e2ea35784a0a
--- /dev/null
+++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h
@@ -0,0 +1,43 @@
+/** @file
+ OP-TEE SMC header file.
+
+ Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _OPTEE_SMC_H_
+#define _OPTEE_SMC_H_
+
+/* Returned in Arg0 only from Trusted OS functions */
+#define OPTEE_SMC_RETURN_OK 0x0
+
+#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003
+#define OPTEE_SMC_CALL_WITH_ARG 0x32000004
+#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007
+
+#define OPTEE_SMC_SHM_CACHED 1
+
+#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004
+
+#define OPTEE_MSG_CMD_OPEN_SESSION 0
+#define OPTEE_MSG_CMD_INVOKE_COMMAND 1
+#define OPTEE_MSG_CMD_CLOSE_SESSION 2
+
+#define OPTEE_MSG_ATTR_META 0x100
+
+#define TEE_LOGIN_PUBLIC 0x0
+
+typedef struct {
+ UINTN Base;
+ UINTN Size;
+} OPTEE_SHARED_MEMORY_INFO;
+
+#endif
diff --git a/ArmPkg/Include/Library/OpteeLib.h b/MdePkg/Include/IndustryStandard/GlobalPlatform.h
similarity index 53%
copy from ArmPkg/Include/Library/OpteeLib.h
copy to MdePkg/Include/IndustryStandard/GlobalPlatform.h
index f65d8674d9b8..14c621d89971 100644
--- a/ArmPkg/Include/Library/OpteeLib.h
+++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h
@@ -1,34 +1,26 @@
-/** @file
- OP-TEE specific header file.
-
- Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _OPTEE_H_
-#define _OPTEE_H_
-
-/*
- * The 'Trusted OS Call UID' is supposed to return the following UUID for
- * OP-TEE OS. This is a 128-bit value.
- */
-#define OPTEE_OS_UID0 0x384fb3e0
-#define OPTEE_OS_UID1 0xe7f811e3
-#define OPTEE_OS_UID2 0xaf630002
-#define OPTEE_OS_UID3 0xa5d5c51b
-
-BOOLEAN
-EFIAPI
-IsOpteePresent (
- VOID
- );
-
-#endif
+/** @file
+ Standardized Global Platform header file.
+
+ Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _GLOBAL_PLATFORM_H_
+#define _GLOBAL_PLATFORM_H_
+
+#define TEEC_ORIGIN_COMMS 0x00000002
+
+#define TEEC_SUCCESS 0x00000000
+#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006
+#define TEEC_ERROR_COMMUNICATION 0xFFFF000E
+#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C
+
+#endif
--
2.7.4
^ permalink raw reply related [flat|nested] 15+ messages in thread[parent not found: <f9970701-8edc-66d1-7272-a14d39e532f0@linaro.org>]
* Re: [Tee-dev] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE [not found] ` <f9970701-8edc-66d1-7272-a14d39e532f0@linaro.org> @ 2018-08-24 12:09 ` Sumit Garg [not found] ` <c8005328-f548-edb1-8ebc-a93452e3f229@linaro.org> 0 siblings, 1 reply; 15+ messages in thread From: Sumit Garg @ 2018-08-24 12:09 UTC (permalink / raw) To: Jerome Forissier Cc: edk2-devel, Daniel Thompson, Ard Biesheuvel, Leif Lindholm, tee-dev On Fri, 24 Aug 2018 at 15:57, Jerome Forissier <jerome.forissier@linaro.org> wrote: > > > > On 08/24/2018 11:21 AM, Sumit Garg wrote: > > Add following APIs to communicate with OP-TEE static TA: > > "static TAs" are now preferably called "pseudo TAs" [1], Sure will use "pseudo TAs" instead. > but it seems this API could be used to invoke "early TAs" as well. Agree this API could work with "early TAs" as well. > Or any kind of > Trusted Application as long as the non-secure infrastructure is > available (OP-TEE kernel driver and tee-supplicant daemon). > Current patch for UEFI doesn't provide non-secure infrastructure like support for RPC load TA command. I am not sure about usefulness of such infrastructure during boot. Anyhow this driver could be extended to provide non-secure infrastructure as well. -Sumit > [1] > https://github.com/OP-TEE/optee_os/blob/3.2.0/documentation/optee_design.md#12-trusted-applications > > > 1. OpteeInit > > 2. OpteeOpenSession > > 3. OpteeCloseSession > > 4. OpteeInvokeFunc > > > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > > Cc: Leif Lindholm <leif.lindholm@linaro.org> > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > > --- > > ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > > ArmPkg/Library/OpteeLib/Optee.c | 358 +++++++++++++++++++++ > > ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > > ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > > .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > > 5 files changed, 531 insertions(+), 34 deletions(-) > > create mode 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > > copy ArmPkg/Include/Library/OpteeLib.h => MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > [...] > ^ permalink raw reply [flat|nested] 15+ messages in thread
[parent not found: <c8005328-f548-edb1-8ebc-a93452e3f229@linaro.org>]
* Re: [Tee-dev] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE [not found] ` <c8005328-f548-edb1-8ebc-a93452e3f229@linaro.org> @ 2018-08-24 12:21 ` Sumit Garg 0 siblings, 0 replies; 15+ messages in thread From: Sumit Garg @ 2018-08-24 12:21 UTC (permalink / raw) To: Jerome Forissier Cc: edk2-devel, Daniel Thompson, Ard Biesheuvel, Leif Lindholm, tee-dev On Fri, 24 Aug 2018 at 17:48, Jerome Forissier <jerome.forissier@linaro.org> wrote: > > > > On 08/24/2018 02:09 PM, Sumit Garg wrote: > > On Fri, 24 Aug 2018 at 15:57, Jerome Forissier > > <jerome.forissier@linaro.org> wrote: > >> > >> > >> > >> On 08/24/2018 11:21 AM, Sumit Garg wrote: > >>> Add following APIs to communicate with OP-TEE static TA: > >> > >> "static TAs" are now preferably called "pseudo TAs" [1], > > > > Sure will use "pseudo TAs" instead. > > > >> but it seems this API could be used to invoke "early TAs" as well.> > > Agree this API could work with "early TAs" as well. > > SO the exact, precise description is "pseudo/early TAs" ;-) > Ok I will use this in v2. > > > >> Or any kind of > >> Trusted Application as long as the non-secure infrastructure is > >> available (OP-TEE kernel driver and tee-supplicant daemon). > >> > > > > Current patch for UEFI doesn't provide non-secure infrastructure like > > support for RPC load TA command. I am not sure about usefulness of > > such infrastructure during boot. > > OK that's the info I was missing, if it's for boot time only then > "regular" TAs are out-of-scope clearly. > > > Anyhow this driver could be extended > > to provide non-secure infrastructure as well. > > > > -Sumit > > > >> [1] > >> https://github.com/OP-TEE/optee_os/blob/3.2.0/documentation/optee_design.md#12-trusted-applications > >> > >>> 1. OpteeInit > >>> 2. OpteeOpenSession > >>> 3. OpteeCloseSession > >>> 4. OpteeInvokeFunc > >>> > >>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > >>> Cc: Leif Lindholm <leif.lindholm@linaro.org> > >>> Contributed-under: TianoCore Contribution Agreement 1.1 > >>> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > >>> --- > >>> ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > >>> ArmPkg/Library/OpteeLib/Optee.c | 358 +++++++++++++++++++++ > >>> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > >>> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > >>> .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > >>> 5 files changed, 531 insertions(+), 34 deletions(-) > >>> create mode 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > >>> copy ArmPkg/Include/Library/OpteeLib.h => MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > >> [...] > >> ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-24 9:21 [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE Sumit Garg [not found] ` <f9970701-8edc-66d1-7272-a14d39e532f0@linaro.org> @ 2018-08-24 13:18 ` Ard Biesheuvel 2018-08-27 5:22 ` Sumit Garg 2018-08-24 16:20 ` Udit Kumar 2 siblings, 1 reply; 15+ messages in thread From: Ard Biesheuvel @ 2018-08-24 13:18 UTC (permalink / raw) To: Sumit Garg Cc: edk2-devel@lists.01.org, tee-dev, Daniel Thompson, Jens Wiklander, Leif Lindholm Hi Sumit, On 24 August 2018 at 10:21, Sumit Garg <sumit.garg@linaro.org> wrote: > Add following APIs to communicate with OP-TEE static TA: > 1. OpteeInit > 2. OpteeOpenSession > 3. OpteeCloseSession > 4. OpteeInvokeFunc > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Leif Lindholm <leif.lindholm@linaro.org> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > --- > ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > ArmPkg/Library/OpteeLib/Optee.c | 358 +++++++++++++++++++++ > ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > 5 files changed, 531 insertions(+), 34 deletions(-) > create mode 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > copy ArmPkg/Include/Library/OpteeLib.h => MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > > diff --git a/ArmPkg/Include/Library/OpteeLib.h b/ArmPkg/Include/Library/OpteeLib.h > index f65d8674d9b8..c323f49072f8 100644 > --- a/ArmPkg/Include/Library/OpteeLib.h > +++ b/ArmPkg/Include/Library/OpteeLib.h > @@ -25,10 +25,112 @@ > #define OPTEE_OS_UID2 0xaf630002 > #define OPTEE_OS_UID3 0xa5d5c51b > > +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > + > +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > + > +typedef struct { > + UINT64 BufPtr; > + UINT64 Size; > + UINT64 ShmRef; > +} OPTEE_MSG_PARAM_MEM; > + > +typedef struct { > + UINT64 A; > + UINT64 B; > + UINT64 C; > +} OPTEE_MSG_PARAM_VALUE; > + > +typedef struct { > + UINT64 Attr; > + union { > + OPTEE_MSG_PARAM_MEM Mem; > + OPTEE_MSG_PARAM_VALUE Value; > + } U; > +} OPTEE_MSG_PARAM; > + > +#define MAX_PARAMS 4 > + > +typedef struct { > + UINT32 Cmd; > + UINT32 Func; > + UINT32 Session; > + UINT32 CancelId; > + UINT32 Pad; > + UINT32 Ret; > + UINT32 RetOrigin; > + UINT32 NumParams; > + > + // NumParams tells the actual number of element in Params > + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > +} OPTEE_MSG_ARG; > + > +#define OPTEE_UUID_LEN 16 > + > +// > +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > +// @Uuid: [in] UUID of the Trusted Application > +// @Session: [out] Session id > +// @Ret: [out] Return value > +// @RetOrigin [out] Origin of the return value > +// > +typedef struct { > + UINT8 Uuid[OPTEE_UUID_LEN]; > + UINT32 Session; > + UINT32 Ret; > + UINT32 RetOrigin; > +} OPTEE_OPEN_SESSION_ARG; > + What I meant before was typedef struct { UINT8 Uuid[OPTEE_UUID_LEN]; // [in] UUID of the Trusted Application UINT32 Session; // [out] Session id UINT32 Ret; // [out] Return value UINT32 RetOrigin; // [out] Origin of the return value } OPTEE_OPEN_SESSION_ARG; > +// > +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument > +// @Func: [in] Trusted Application function, specific to the TA > +// @Session: [in] Session id > +// @Ret: [out] Return value > +// @RetOrigin [out] Origin of the return value > +// @Params [inout] Parameters for function to be invoked > +// > +typedef struct { > + UINT32 Func; > + UINT32 Session; > + UINT32 Ret; > + UINT32 RetOrigin; > + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > +} OPTEE_INVOKE_FUNC_ARG; > + > BOOLEAN > EFIAPI > IsOpteePresent ( > VOID > ); > > +EFI_STATUS > +EFIAPI > +OpteeInit ( > + VOID > + ); > + > +EFI_STATUS > +EFIAPI > +OpteeOpenSession ( > + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > + ); > + > +EFI_STATUS > +EFIAPI > +OpteeCloseSession ( > + IN UINT32 Session > + ); > + > +EFI_STATUS > +EFIAPI > +OpteeInvokeFunc ( > + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > + ); > + > #endif > diff --git a/ArmPkg/Library/OpteeLib/Optee.c b/ArmPkg/Library/OpteeLib/Optee.c > index 574527f8b5ea..2111022d3662 100644 > --- a/ArmPkg/Library/OpteeLib/Optee.c > +++ b/ArmPkg/Library/OpteeLib/Optee.c > @@ -14,11 +14,19 @@ > > **/ > > +#include <Library/ArmMmuLib.h> > #include <Library/ArmSmcLib.h> > +#include <Library/BaseMemoryLib.h> > #include <Library/BaseLib.h> > +#include <Library/DebugLib.h> > #include <Library/OpteeLib.h> > > #include <IndustryStandard/ArmStdSmc.h> > +#include <IndustryStandard/GlobalPlatform.h> > +#include <OpteeSmc.h> > +#include <Uefi.h> > + > +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; > > /** > Check for OP-TEE presence. > @@ -31,6 +39,7 @@ IsOpteePresent ( > { > ARM_SMC_ARGS ArmSmcArgs; > > + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > // Send a Trusted OS Calls UID command > ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; > ArmCallSmc (&ArmSmcArgs); > @@ -44,3 +53,352 @@ IsOpteePresent ( > return FALSE; > } > } > + > +STATIC > +EFI_STATUS > +OpteeShmMemRemap ( > + VOID > + ) > +{ > + ARM_SMC_ARGS ArmSmcArgs; > + EFI_PHYSICAL_ADDRESS Paddr; > + EFI_PHYSICAL_ADDRESS Start; > + EFI_PHYSICAL_ADDRESS End; > + EFI_STATUS Status; > + UINTN Size; > + > + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; > + > + ArmCallSmc (&ArmSmcArgs); > + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { > + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); > + return EFI_UNSUPPORTED; > + } > + > + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { > + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared memory supported\n")); > + return EFI_UNSUPPORTED; > + } > + > + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); > + End = (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); > + Paddr = Start; > + Size = End - Start; > + > + if (Size < SIZE_4KB) { > + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); > + return EFI_BUFFER_TOO_SMALL; > + } > + > + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); > + if (EFI_ERROR (Status)) { > + return Status; > + } > + > + OpteeShmInfo.Base = (UINTN)Paddr; > + OpteeShmInfo.Size = Size; > + > + return EFI_SUCCESS; > +} > + > +EFI_STATUS > +EFIAPI > +OpteeInit ( > + VOID > + ) > +{ > + EFI_STATUS Status; > + > + if (!IsOpteePresent ()) { > + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > + return EFI_UNSUPPORTED; > + } > + > + Status = OpteeShmMemRemap (); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + Does Standard SMC to OP-TEE in secure world. > + > + @param[in] Parg Physical address of message to pass to secure world > + > + @return 0 on success, secure world return code otherwise > + > +**/ > +STATIC > +UINT32 > +OpteeCallWithArg ( > + IN EFI_PHYSICAL_ADDRESS Parg > + ) > +{ > + ARM_SMC_ARGS ArmSmcArgs; > + > + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; > + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); > + ArmSmcArgs.Arg2 = (UINT32)Parg; > + > + while (TRUE) { > + ArmCallSmc (&ArmSmcArgs); > + > + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { > + // > + // A foreign interrupt was raised while secure world was > + // executing, since they are handled in UEFI a dummy RPC is > + // performed to let UEFI take the interrupt through the normal > + // vector. > + // > + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; > + } else { > + break; > + } > + } > + > + return ArmSmcArgs.Arg0; > +} > + > +EFI_STATUS > +EFIAPI > +OpteeOpenSession ( > + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > + ) > +{ > + OPTEE_MSG_ARG *MsgArg; > + > + MsgArg = NULL; > + > + if (OpteeShmInfo.Base == 0) { > + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > + return EFI_NOT_STARTED; > + } > + > + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; > + ZeroMem (MsgArg, sizeof (OPTEE_MSG_ARG)); > + > + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; > + > + // > + // Initialize and add the meta parameters needed when opening a > + // session. > + // > + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > + OPTEE_MSG_ATTR_META; > + MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > + OPTEE_MSG_ATTR_META; > + CopyMem (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, OPTEE_UUID_LEN); > + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; > + > + MsgArg->NumParams = 2; > + > + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; > + } > + > + OpenSessionArg->Session = MsgArg->Session; > + OpenSessionArg->Ret = MsgArg->Ret; > + OpenSessionArg->RetOrigin = MsgArg->RetOrigin; > + > + return EFI_SUCCESS; > +} > + > +EFI_STATUS > +EFIAPI > +OpteeCloseSession ( > + IN UINT32 Session > + ) > +{ > + OPTEE_MSG_ARG *MsgArg; > + > + MsgArg = NULL; > + > + if (OpteeShmInfo.Base == 0) { > + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > + return EFI_NOT_STARTED; > + } > + > + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; > + ZeroMem (MsgArg, sizeof (OPTEE_MSG_ARG)); > + > + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; > + MsgArg->Session = Session; > + > + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > + > + return EFI_SUCCESS; > +} > + > +STATIC > +EFI_STATUS > +OpteeToMsgParam ( > + OUT OPTEE_MSG_PARAM *MsgParams, > + IN UINT32 NumParams, > + IN OPTEE_MSG_PARAM *InParams > + ) > +{ > + UINT32 Idx; > + UINTN ParamShmAddr; > + UINTN ShmSize; > + UINTN Size; > + > + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); > + ParamShmAddr = OpteeShmInfo.Base + Size; > + ShmSize = OpteeShmInfo.Size - Size; > + > + for (Idx = 0; Idx < NumParams; Idx++) { > + CONST OPTEE_MSG_PARAM *Ip; > + OPTEE_MSG_PARAM *Mp; > + UINT32 Attr; > + > + Ip = InParams + Idx; > + Mp = MsgParams + Idx; > + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > + > + switch (Attr) { > + case OPTEE_MSG_ATTR_TYPE_NONE: > + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > + ZeroMem (&Mp->U, sizeof (Mp->U)); > + break; > + > + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > + Mp->Attr = Attr; > + Mp->U.Value.A = Ip->U.Value.A; > + Mp->U.Value.B = Ip->U.Value.B; > + Mp->U.Value.C = Ip->U.Value.C; > + break; > + > + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > + Mp->Attr = Attr; > + > + if (Ip->U.Mem.Size > ShmSize) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip->U.Mem.Size); > + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; > + Mp->U.Mem.Size = Ip->U.Mem.Size; > + > + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); > + ParamShmAddr += Size; > + ShmSize -= Size; > + break; > + > + default: > + return EFI_INVALID_PARAMETER; > + } > + } > + > + return EFI_SUCCESS; > +} > + > +STATIC > +EFI_STATUS > +OpteeFromMsgParam ( > + OUT OPTEE_MSG_PARAM *OutParams, > + IN UINT32 NumParams, > + IN OPTEE_MSG_PARAM *MsgParams > + ) > +{ > + UINT32 Idx; > + > + for (Idx = 0; Idx < NumParams; Idx++) { > + OPTEE_MSG_PARAM *Op; > + CONST OPTEE_MSG_PARAM *Mp; > + UINT32 Attr; > + > + Op = OutParams + Idx; > + Mp = MsgParams + Idx; > + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > + > + switch (Attr) { > + case OPTEE_MSG_ATTR_TYPE_NONE: > + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > + ZeroMem (&Op->U, sizeof (Op->U)); > + break; > + > + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > + Op->Attr = Attr; > + Op->U.Value.A = Mp->U.Value.A; > + Op->U.Value.B = Mp->U.Value.B; > + Op->U.Value.C = Mp->U.Value.C; > + break; > + > + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > + Op->Attr = Attr; > + > + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > + return EFI_BAD_BUFFER_SIZE; > + } > + > + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, Mp->U.Mem.Size); > + Op->U.Mem.Size = Mp->U.Mem.Size; > + break; > + > + default: > + return EFI_INVALID_PARAMETER; > + } > + } > + > + return EFI_SUCCESS; > +} > + > +EFI_STATUS > +EFIAPI > +OpteeInvokeFunc ( > + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > + ) > +{ > + EFI_STATUS Status; > + OPTEE_MSG_ARG *MsgArg; > + > + MsgArg = NULL; > + > + if (OpteeShmInfo.Base == 0) { > + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > + return EFI_NOT_STARTED; > + } > + > + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; > + ZeroMem (MsgArg, sizeof (OPTEE_MSG_ARG)); > + > + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; > + MsgArg->Func = InvokeFuncArg->Func; > + MsgArg->Session = InvokeFuncArg->Session; > + > + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, InvokeFuncArg->Params); > + if (Status) > + return Status; > + > + MsgArg->NumParams = MAX_PARAMS; > + > + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; > + } > + > + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, MsgArg->Params)) { > + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; > + } > + > + InvokeFuncArg->Ret = MsgArg->Ret; > + InvokeFuncArg->RetOrigin = MsgArg->RetOrigin; > + > + return EFI_SUCCESS; > +} > diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf b/ArmPkg/Library/OpteeLib/OpteeLib.inf > index 5abd427379cc..e03054a7167d 100644 > --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > @@ -23,11 +23,13 @@ [Defines] > > [Sources] > Optee.c > + OpteeSmc.h > > [Packages] > ArmPkg/ArmPkg.dec > MdePkg/MdePkg.dec > > [LibraryClasses] > + ArmMmuLib > ArmSmcLib > BaseLib > diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h b/ArmPkg/Library/OpteeLib/OpteeSmc.h > new file mode 100644 > index 000000000000..e2ea35784a0a > --- /dev/null > +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > @@ -0,0 +1,43 @@ > +/** @file > + OP-TEE SMC header file. > + > + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > + > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the BSD License > + which accompanies this distribution. The full text of the license may be found at > + http://opensource.org/licenses/bsd-license.php > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef _OPTEE_SMC_H_ > +#define _OPTEE_SMC_H_ > + > +/* Returned in Arg0 only from Trusted OS functions */ > +#define OPTEE_SMC_RETURN_OK 0x0 > + > +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > + > +#define OPTEE_SMC_SHM_CACHED 1 > + > +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 > + > +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > + > +#define OPTEE_MSG_ATTR_META 0x100 > + > +#define TEE_LOGIN_PUBLIC 0x0 > + > +typedef struct { > + UINTN Base; > + UINTN Size; > +} OPTEE_SHARED_MEMORY_INFO; > + > +#endif > diff --git a/ArmPkg/Include/Library/OpteeLib.h b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > similarity index 53% > copy from ArmPkg/Include/Library/OpteeLib.h > copy to MdePkg/Include/IndustryStandard/GlobalPlatform.h > index f65d8674d9b8..14c621d89971 100644 > --- a/ArmPkg/Include/Library/OpteeLib.h > +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h This has to go into a separate patch, and has to be cc'ed to the MdePkg maintainers as well. > @@ -1,34 +1,26 @@ > -/** @file > - OP-TEE specific header file. > - > - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > - > - This program and the accompanying materials > - are licensed and made available under the terms and conditions of the BSD License > - which accompanies this distribution. The full text of the license may be found at > - http://opensource.org/licenses/bsd-license.php > - > - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > - > -**/ > - > -#ifndef _OPTEE_H_ > -#define _OPTEE_H_ > - > -/* > - * The 'Trusted OS Call UID' is supposed to return the following UUID for > - * OP-TEE OS. This is a 128-bit value. > - */ > -#define OPTEE_OS_UID0 0x384fb3e0 > -#define OPTEE_OS_UID1 0xe7f811e3 > -#define OPTEE_OS_UID2 0xaf630002 > -#define OPTEE_OS_UID3 0xa5d5c51b > - > -BOOLEAN > -EFIAPI > -IsOpteePresent ( > - VOID > - ); > - > -#endif > +/** @file > + Standardized Global Platform header file. > + Can you please include some URL reference here? > + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > + > + This program and the accompanying materials > + are licensed and made available under the terms and conditions of the BSD License > + which accompanies this distribution. The full text of the license may be found at > + http://opensource.org/licenses/bsd-license.php > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef _GLOBAL_PLATFORM_H_ > +#define _GLOBAL_PLATFORM_H_ > + > +#define TEEC_ORIGIN_COMMS 0x00000002 > + > +#define TEEC_SUCCESS 0x00000000 > +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > + > +#endif > -- > 2.7.4 > ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-24 13:18 ` Ard Biesheuvel @ 2018-08-27 5:22 ` Sumit Garg 0 siblings, 0 replies; 15+ messages in thread From: Sumit Garg @ 2018-08-27 5:22 UTC (permalink / raw) To: Ard Biesheuvel Cc: edk2-devel, tee-dev, Daniel Thompson, Jens Wiklander, Leif Lindholm On Fri, 24 Aug 2018 at 18:48, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote: > > Hi Sumit, > > On 24 August 2018 at 10:21, Sumit Garg <sumit.garg@linaro.org> wrote: > > Add following APIs to communicate with OP-TEE static TA: > > 1. OpteeInit > > 2. OpteeOpenSession > > 3. OpteeCloseSession > > 4. OpteeInvokeFunc > > > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > > Cc: Leif Lindholm <leif.lindholm@linaro.org> > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > > --- > > ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > > ArmPkg/Library/OpteeLib/Optee.c | 358 +++++++++++++++++++++ > > ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > > ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > > .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > > 5 files changed, 531 insertions(+), 34 deletions(-) > > create mode 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > > copy ArmPkg/Include/Library/OpteeLib.h => MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > > > > diff --git a/ArmPkg/Include/Library/OpteeLib.h b/ArmPkg/Include/Library/OpteeLib.h > > index f65d8674d9b8..c323f49072f8 100644 > > --- a/ArmPkg/Include/Library/OpteeLib.h > > +++ b/ArmPkg/Include/Library/OpteeLib.h > > @@ -25,10 +25,112 @@ > > #define OPTEE_OS_UID2 0xaf630002 > > #define OPTEE_OS_UID3 0xa5d5c51b > > > > +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > > +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > > +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > > +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > > +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > > +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > > +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > > + > > +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > > + > > +typedef struct { > > + UINT64 BufPtr; > > + UINT64 Size; > > + UINT64 ShmRef; > > +} OPTEE_MSG_PARAM_MEM; > > + > > +typedef struct { > > + UINT64 A; > > + UINT64 B; > > + UINT64 C; > > +} OPTEE_MSG_PARAM_VALUE; > > + > > +typedef struct { > > + UINT64 Attr; > > + union { > > + OPTEE_MSG_PARAM_MEM Mem; > > + OPTEE_MSG_PARAM_VALUE Value; > > + } U; > > +} OPTEE_MSG_PARAM; > > + > > +#define MAX_PARAMS 4 > > + > > +typedef struct { > > + UINT32 Cmd; > > + UINT32 Func; > > + UINT32 Session; > > + UINT32 CancelId; > > + UINT32 Pad; > > + UINT32 Ret; > > + UINT32 RetOrigin; > > + UINT32 NumParams; > > + > > + // NumParams tells the actual number of element in Params > > + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > +} OPTEE_MSG_ARG; > > + > > +#define OPTEE_UUID_LEN 16 > > + > > +// > > +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > > +// @Uuid: [in] UUID of the Trusted Application > > +// @Session: [out] Session id > > +// @Ret: [out] Return value > > +// @RetOrigin [out] Origin of the return value > > +// > > +typedef struct { > > + UINT8 Uuid[OPTEE_UUID_LEN]; > > + UINT32 Session; > > + UINT32 Ret; > > + UINT32 RetOrigin; > > +} OPTEE_OPEN_SESSION_ARG; > > + > > What I meant before was > > typedef struct { > UINT8 Uuid[OPTEE_UUID_LEN]; // [in] UUID of the Trusted Application > UINT32 Session; // [out] Session id > UINT32 Ret; // [out] Return value > UINT32 RetOrigin; // [out] Origin of the return value > } OPTEE_OPEN_SESSION_ARG; > > Sure, will use this format instead. > > > > > +// > > +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument > > +// @Func: [in] Trusted Application function, specific to the TA > > +// @Session: [in] Session id > > +// @Ret: [out] Return value > > +// @RetOrigin [out] Origin of the return value > > +// @Params [inout] Parameters for function to be invoked > > +// > > +typedef struct { > > + UINT32 Func; > > + UINT32 Session; > > + UINT32 Ret; > > + UINT32 RetOrigin; > > + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > +} OPTEE_INVOKE_FUNC_ARG; > > + > > BOOLEAN > > EFIAPI > > IsOpteePresent ( > > VOID > > ); > > > > +EFI_STATUS > > +EFIAPI > > +OpteeInit ( > > + VOID > > + ); > > + > > +EFI_STATUS > > +EFIAPI > > +OpteeOpenSession ( > > + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > + ); > > + > > +EFI_STATUS > > +EFIAPI > > +OpteeCloseSession ( > > + IN UINT32 Session > > + ); > > + > > +EFI_STATUS > > +EFIAPI > > +OpteeInvokeFunc ( > > + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > + ); > > + > > #endif > > diff --git a/ArmPkg/Library/OpteeLib/Optee.c b/ArmPkg/Library/OpteeLib/Optee.c > > index 574527f8b5ea..2111022d3662 100644 > > --- a/ArmPkg/Library/OpteeLib/Optee.c > > +++ b/ArmPkg/Library/OpteeLib/Optee.c > > @@ -14,11 +14,19 @@ > > > > **/ > > > > +#include <Library/ArmMmuLib.h> > > #include <Library/ArmSmcLib.h> > > +#include <Library/BaseMemoryLib.h> > > #include <Library/BaseLib.h> > > +#include <Library/DebugLib.h> > > #include <Library/OpteeLib.h> > > > > #include <IndustryStandard/ArmStdSmc.h> > > +#include <IndustryStandard/GlobalPlatform.h> > > +#include <OpteeSmc.h> > > +#include <Uefi.h> > > + > > +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; > > > > /** > > Check for OP-TEE presence. > > @@ -31,6 +39,7 @@ IsOpteePresent ( > > { > > ARM_SMC_ARGS ArmSmcArgs; > > > > + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > // Send a Trusted OS Calls UID command > > ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; > > ArmCallSmc (&ArmSmcArgs); > > @@ -44,3 +53,352 @@ IsOpteePresent ( > > return FALSE; > > } > > } > > + > > +STATIC > > +EFI_STATUS > > +OpteeShmMemRemap ( > > + VOID > > + ) > > +{ > > + ARM_SMC_ARGS ArmSmcArgs; > > + EFI_PHYSICAL_ADDRESS Paddr; > > + EFI_PHYSICAL_ADDRESS Start; > > + EFI_PHYSICAL_ADDRESS End; > > + EFI_STATUS Status; > > + UINTN Size; > > + > > + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; > > + > > + ArmCallSmc (&ArmSmcArgs); > > + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { > > + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); > > + return EFI_UNSUPPORTED; > > + } > > + > > + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { > > + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared memory supported\n")); > > + return EFI_UNSUPPORTED; > > + } > > + > > + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); > > + End = (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); > > + Paddr = Start; > > + Size = End - Start; > > + > > + if (Size < SIZE_4KB) { > > + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); > > + return EFI_BUFFER_TOO_SMALL; > > + } > > + > > + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); > > + if (EFI_ERROR (Status)) { > > + return Status; > > + } > > + > > + OpteeShmInfo.Base = (UINTN)Paddr; > > + OpteeShmInfo.Size = Size; > > + > > + return EFI_SUCCESS; > > +} > > + > > +EFI_STATUS > > +EFIAPI > > +OpteeInit ( > > + VOID > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + if (!IsOpteePresent ()) { > > + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > > + return EFI_UNSUPPORTED; > > + } > > + > > + Status = OpteeShmMemRemap (); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); > > + return Status; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + Does Standard SMC to OP-TEE in secure world. > > + > > + @param[in] Parg Physical address of message to pass to secure world > > + > > + @return 0 on success, secure world return code otherwise > > + > > +**/ > > +STATIC > > +UINT32 > > +OpteeCallWithArg ( > > + IN EFI_PHYSICAL_ADDRESS Parg > > + ) > > +{ > > + ARM_SMC_ARGS ArmSmcArgs; > > + > > + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; > > + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); > > + ArmSmcArgs.Arg2 = (UINT32)Parg; > > + > > + while (TRUE) { > > + ArmCallSmc (&ArmSmcArgs); > > + > > + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { > > + // > > + // A foreign interrupt was raised while secure world was > > + // executing, since they are handled in UEFI a dummy RPC is > > + // performed to let UEFI take the interrupt through the normal > > + // vector. > > + // > > + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; > > + } else { > > + break; > > + } > > + } > > + > > + return ArmSmcArgs.Arg0; > > +} > > + > > +EFI_STATUS > > +EFIAPI > > +OpteeOpenSession ( > > + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > + ) > > +{ > > + OPTEE_MSG_ARG *MsgArg; > > + > > + MsgArg = NULL; > > + > > + if (OpteeShmInfo.Base == 0) { > > + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > + return EFI_NOT_STARTED; > > + } > > + > > + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; > > + ZeroMem (MsgArg, sizeof (OPTEE_MSG_ARG)); > > + > > + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; > > + > > + // > > + // Initialize and add the meta parameters needed when opening a > > + // session. > > + // > > + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > + OPTEE_MSG_ATTR_META; > > + MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > + OPTEE_MSG_ATTR_META; > > + CopyMem (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, OPTEE_UUID_LEN); > > + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > > + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; > > + > > + MsgArg->NumParams = 2; > > + > > + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; > > + } > > + > > + OpenSessionArg->Session = MsgArg->Session; > > + OpenSessionArg->Ret = MsgArg->Ret; > > + OpenSessionArg->RetOrigin = MsgArg->RetOrigin; > > + > > + return EFI_SUCCESS; > > +} > > + > > +EFI_STATUS > > +EFIAPI > > +OpteeCloseSession ( > > + IN UINT32 Session > > + ) > > +{ > > + OPTEE_MSG_ARG *MsgArg; > > + > > + MsgArg = NULL; > > + > > + if (OpteeShmInfo.Base == 0) { > > + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > + return EFI_NOT_STARTED; > > + } > > + > > + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; > > + ZeroMem (MsgArg, sizeof (OPTEE_MSG_ARG)); > > + > > + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; > > + MsgArg->Session = Session; > > + > > + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > > + > > + return EFI_SUCCESS; > > +} > > + > > +STATIC > > +EFI_STATUS > > +OpteeToMsgParam ( > > + OUT OPTEE_MSG_PARAM *MsgParams, > > + IN UINT32 NumParams, > > + IN OPTEE_MSG_PARAM *InParams > > + ) > > +{ > > + UINT32 Idx; > > + UINTN ParamShmAddr; > > + UINTN ShmSize; > > + UINTN Size; > > + > > + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); > > + ParamShmAddr = OpteeShmInfo.Base + Size; > > + ShmSize = OpteeShmInfo.Size - Size; > > + > > + for (Idx = 0; Idx < NumParams; Idx++) { > > + CONST OPTEE_MSG_PARAM *Ip; > > + OPTEE_MSG_PARAM *Mp; > > + UINT32 Attr; > > + > > + Ip = InParams + Idx; > > + Mp = MsgParams + Idx; > > + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > + > > + switch (Attr) { > > + case OPTEE_MSG_ATTR_TYPE_NONE: > > + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > + ZeroMem (&Mp->U, sizeof (Mp->U)); > > + break; > > + > > + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > + Mp->Attr = Attr; > > + Mp->U.Value.A = Ip->U.Value.A; > > + Mp->U.Value.B = Ip->U.Value.B; > > + Mp->U.Value.C = Ip->U.Value.C; > > + break; > > + > > + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > + Mp->Attr = Attr; > > + > > + if (Ip->U.Mem.Size > ShmSize) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip->U.Mem.Size); > > + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; > > + Mp->U.Mem.Size = Ip->U.Mem.Size; > > + > > + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); > > + ParamShmAddr += Size; > > + ShmSize -= Size; > > + break; > > + > > + default: > > + return EFI_INVALID_PARAMETER; > > + } > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +STATIC > > +EFI_STATUS > > +OpteeFromMsgParam ( > > + OUT OPTEE_MSG_PARAM *OutParams, > > + IN UINT32 NumParams, > > + IN OPTEE_MSG_PARAM *MsgParams > > + ) > > +{ > > + UINT32 Idx; > > + > > + for (Idx = 0; Idx < NumParams; Idx++) { > > + OPTEE_MSG_PARAM *Op; > > + CONST OPTEE_MSG_PARAM *Mp; > > + UINT32 Attr; > > + > > + Op = OutParams + Idx; > > + Mp = MsgParams + Idx; > > + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > + > > + switch (Attr) { > > + case OPTEE_MSG_ATTR_TYPE_NONE: > > + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > + ZeroMem (&Op->U, sizeof (Op->U)); > > + break; > > + > > + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > + Op->Attr = Attr; > > + Op->U.Value.A = Mp->U.Value.A; > > + Op->U.Value.B = Mp->U.Value.B; > > + Op->U.Value.C = Mp->U.Value.C; > > + break; > > + > > + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > + Op->Attr = Attr; > > + > > + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > > + return EFI_BAD_BUFFER_SIZE; > > + } > > + > > + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, Mp->U.Mem.Size); > > + Op->U.Mem.Size = Mp->U.Mem.Size; > > + break; > > + > > + default: > > + return EFI_INVALID_PARAMETER; > > + } > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +EFI_STATUS > > +EFIAPI > > +OpteeInvokeFunc ( > > + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > + ) > > +{ > > + EFI_STATUS Status; > > + OPTEE_MSG_ARG *MsgArg; > > + > > + MsgArg = NULL; > > + > > + if (OpteeShmInfo.Base == 0) { > > + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > + return EFI_NOT_STARTED; > > + } > > + > > + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; > > + ZeroMem (MsgArg, sizeof (OPTEE_MSG_ARG)); > > + > > + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; > > + MsgArg->Func = InvokeFuncArg->Func; > > + MsgArg->Session = InvokeFuncArg->Session; > > + > > + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, InvokeFuncArg->Params); > > + if (Status) > > + return Status; > > + > > + MsgArg->NumParams = MAX_PARAMS; > > + > > + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; > > + } > > + > > + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, MsgArg->Params)) { > > + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; > > + } > > + > > + InvokeFuncArg->Ret = MsgArg->Ret; > > + InvokeFuncArg->RetOrigin = MsgArg->RetOrigin; > > + > > + return EFI_SUCCESS; > > +} > > diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > index 5abd427379cc..e03054a7167d 100644 > > --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > @@ -23,11 +23,13 @@ [Defines] > > > > [Sources] > > Optee.c > > + OpteeSmc.h > > > > [Packages] > > ArmPkg/ArmPkg.dec > > MdePkg/MdePkg.dec > > > > [LibraryClasses] > > + ArmMmuLib > > ArmSmcLib > > BaseLib > > diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > new file mode 100644 > > index 000000000000..e2ea35784a0a > > --- /dev/null > > +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > @@ -0,0 +1,43 @@ > > +/** @file > > + OP-TEE SMC header file. > > + > > + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > + > > + This program and the accompanying materials > > + are licensed and made available under the terms and conditions of the BSD License > > + which accompanies this distribution. The full text of the license may be found at > > + http://opensource.org/licenses/bsd-license.php > > + > > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > > + > > +**/ > > + > > +#ifndef _OPTEE_SMC_H_ > > +#define _OPTEE_SMC_H_ > > + > > +/* Returned in Arg0 only from Trusted OS functions */ > > +#define OPTEE_SMC_RETURN_OK 0x0 > > + > > +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > > +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > > +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > > + > > +#define OPTEE_SMC_SHM_CACHED 1 > > + > > +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 > > + > > +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > > +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > > +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > > + > > +#define OPTEE_MSG_ATTR_META 0x100 > > + > > +#define TEE_LOGIN_PUBLIC 0x0 > > + > > +typedef struct { > > + UINTN Base; > > + UINTN Size; > > +} OPTEE_SHARED_MEMORY_INFO; > > + > > +#endif > > diff --git a/ArmPkg/Include/Library/OpteeLib.h b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > similarity index 53% > > copy from ArmPkg/Include/Library/OpteeLib.h > > copy to MdePkg/Include/IndustryStandard/GlobalPlatform.h > > index f65d8674d9b8..14c621d89971 100644 > > --- a/ArmPkg/Include/Library/OpteeLib.h > > +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > This has to go into a separate patch, and has to be cc'ed to the > MdePkg maintainers as well. > Ok, will create a separate patch for this and cc MdePkg maintainers. > > @@ -1,34 +1,26 @@ > > -/** @file > > - OP-TEE specific header file. > > - > > - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > - > > - This program and the accompanying materials > > - are licensed and made available under the terms and conditions of the BSD License > > - which accompanies this distribution. The full text of the license may be found at > > - http://opensource.org/licenses/bsd-license.php > > - > > - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > > - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > > - > > -**/ > > - > > -#ifndef _OPTEE_H_ > > -#define _OPTEE_H_ > > - > > -/* > > - * The 'Trusted OS Call UID' is supposed to return the following UUID for > > - * OP-TEE OS. This is a 128-bit value. > > - */ > > -#define OPTEE_OS_UID0 0x384fb3e0 > > -#define OPTEE_OS_UID1 0xe7f811e3 > > -#define OPTEE_OS_UID2 0xaf630002 > > -#define OPTEE_OS_UID3 0xa5d5c51b > > - > > -BOOLEAN > > -EFIAPI > > -IsOpteePresent ( > > - VOID > > - ); > > - > > -#endif > > +/** @file > > + Standardized Global Platform header file. > > + > > Can you please include some URL reference here? > Sure will add reference to Global Platform TEE Client Specification. -Sumit > > + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > + > > + This program and the accompanying materials > > + are licensed and made available under the terms and conditions of the BSD License > > + which accompanies this distribution. The full text of the license may be found at > > + http://opensource.org/licenses/bsd-license.php > > + > > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > > + > > +**/ > > + > > +#ifndef _GLOBAL_PLATFORM_H_ > > +#define _GLOBAL_PLATFORM_H_ > > + > > +#define TEEC_ORIGIN_COMMS 0x00000002 > > + > > +#define TEEC_SUCCESS 0x00000000 > > +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > > +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > > +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > > + > > +#endif > > -- > > 2.7.4 > > ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-24 9:21 [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE Sumit Garg [not found] ` <f9970701-8edc-66d1-7272-a14d39e532f0@linaro.org> 2018-08-24 13:18 ` Ard Biesheuvel @ 2018-08-24 16:20 ` Udit Kumar 2018-08-24 17:35 ` Ard Biesheuvel 2 siblings, 1 reply; 15+ messages in thread From: Udit Kumar @ 2018-08-24 16:20 UTC (permalink / raw) To: Sumit Garg, edk2-devel@lists.01.org Cc: daniel.thompson@linaro.org, tee-dev@lists.linaro.org, jens.wiklander@linaro.org, Rod Dorris, Matteo Carlini Hi Sumit What use case you have in mind, to interface op-tee with UEFI. What ARM proposed (Matteo in cc), to run MM mode in Secure side of machine with SPM. Moreover SPD (OP-TEE) and SPM(MM mode) cannot co-exists on current arm devices. Then how do you see MM mode working. Regards Udit > -----Original Message----- > From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of Sumit > Garg > Sent: Friday, August 24, 2018 2:51 PM > To: edk2-devel@lists.01.org > Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org; > jens.wiklander@linaro.org > Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate > with OP-TEE > > Add following APIs to communicate with OP-TEE static TA: > 1. OpteeInit > 2. OpteeOpenSession > 3. OpteeCloseSession > 4. OpteeInvokeFunc > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Leif Lindholm <leif.lindholm@linaro.org> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > --- > ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > ArmPkg/Library/OpteeLib/Optee.c | 358 > +++++++++++++++++++++ > ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > 5 files changed, 531 insertions(+), 34 deletions(-) create mode 100644 > ArmPkg/Library/OpteeLib/OpteeSmc.h > copy ArmPkg/Include/Library/OpteeLib.h => > MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > > diff --git a/ArmPkg/Include/Library/OpteeLib.h > b/ArmPkg/Include/Library/OpteeLib.h > index f65d8674d9b8..c323f49072f8 100644 > --- a/ArmPkg/Include/Library/OpteeLib.h > +++ b/ArmPkg/Include/Library/OpteeLib.h > @@ -25,10 +25,112 @@ > #define OPTEE_OS_UID2 0xaf630002 > #define OPTEE_OS_UID3 0xa5d5c51b > > +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > + > +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > + > +typedef struct { > + UINT64 BufPtr; > + UINT64 Size; > + UINT64 ShmRef; > +} OPTEE_MSG_PARAM_MEM; > + > +typedef struct { > + UINT64 A; > + UINT64 B; > + UINT64 C; > +} OPTEE_MSG_PARAM_VALUE; > + > +typedef struct { > + UINT64 Attr; > + union { > + OPTEE_MSG_PARAM_MEM Mem; > + OPTEE_MSG_PARAM_VALUE Value; > + } U; > +} OPTEE_MSG_PARAM; > + > +#define MAX_PARAMS 4 > + > +typedef struct { > + UINT32 Cmd; > + UINT32 Func; > + UINT32 Session; > + UINT32 CancelId; > + UINT32 Pad; > + UINT32 Ret; > + UINT32 RetOrigin; > + UINT32 NumParams; > + > + // NumParams tells the actual number of element in Params > + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > +} OPTEE_MSG_ARG; > + > +#define OPTEE_UUID_LEN 16 > + > +// > +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > +// @Uuid: [in] UUID of the Trusted Application > +// @Session: [out] Session id > +// @Ret: [out] Return value > +// @RetOrigin [out] Origin of the return value > +// > +typedef struct { > + UINT8 Uuid[OPTEE_UUID_LEN]; > + UINT32 Session; > + UINT32 Ret; > + UINT32 RetOrigin; > +} OPTEE_OPEN_SESSION_ARG; > + > +// > +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument > +// @Func: [in] Trusted Application function, specific to the TA > +// @Session: [in] Session id > +// @Ret: [out] Return value > +// @RetOrigin [out] Origin of the return value > +// @Params [inout] Parameters for function to be invoked > +// > +typedef struct { > + UINT32 Func; > + UINT32 Session; > + UINT32 Ret; > + UINT32 RetOrigin; > + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > +} OPTEE_INVOKE_FUNC_ARG; > + > BOOLEAN > EFIAPI > IsOpteePresent ( > VOID > ); > > +EFI_STATUS > +EFIAPI > +OpteeInit ( > + VOID > + ); > + > +EFI_STATUS > +EFIAPI > +OpteeOpenSession ( > + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > + ); > + > +EFI_STATUS > +EFIAPI > +OpteeCloseSession ( > + IN UINT32 Session > + ); > + > +EFI_STATUS > +EFIAPI > +OpteeInvokeFunc ( > + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > + ); > + > #endif > diff --git a/ArmPkg/Library/OpteeLib/Optee.c > b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..2111022d3662 > 100644 > --- a/ArmPkg/Library/OpteeLib/Optee.c > +++ b/ArmPkg/Library/OpteeLib/Optee.c > @@ -14,11 +14,19 @@ > > **/ > > +#include <Library/ArmMmuLib.h> > #include <Library/ArmSmcLib.h> > +#include <Library/BaseMemoryLib.h> > #include <Library/BaseLib.h> > +#include <Library/DebugLib.h> > #include <Library/OpteeLib.h> > > #include <IndustryStandard/ArmStdSmc.h> > +#include <IndustryStandard/GlobalPlatform.h> > +#include <OpteeSmc.h> > +#include <Uefi.h> > + > +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; > > /** > Check for OP-TEE presence. > @@ -31,6 +39,7 @@ IsOpteePresent ( > { > ARM_SMC_ARGS ArmSmcArgs; > > + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > // Send a Trusted OS Calls UID command > ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; > ArmCallSmc (&ArmSmcArgs); > @@ -44,3 +53,352 @@ IsOpteePresent ( > return FALSE; > } > } > + > +STATIC > +EFI_STATUS > +OpteeShmMemRemap ( > + VOID > + ) > +{ > + ARM_SMC_ARGS ArmSmcArgs; > + EFI_PHYSICAL_ADDRESS Paddr; > + EFI_PHYSICAL_ADDRESS Start; > + EFI_PHYSICAL_ADDRESS End; > + EFI_STATUS Status; > + UINTN Size; > + > + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; > + > + ArmCallSmc (&ArmSmcArgs); > + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { > + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); > + return EFI_UNSUPPORTED; > + } > + > + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { > + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared memory > supported\n")); > + return EFI_UNSUPPORTED; > + } > + > + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); End = > + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); Paddr = Start; > + Size = End - Start; > + > + if (Size < SIZE_4KB) { > + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); > + return EFI_BUFFER_TOO_SMALL; > + } > + > + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); if > + (EFI_ERROR (Status)) { > + return Status; > + } > + > + OpteeShmInfo.Base = (UINTN)Paddr; > + OpteeShmInfo.Size = Size; > + > + return EFI_SUCCESS; > +} > + > +EFI_STATUS > +EFIAPI > +OpteeInit ( > + VOID > + ) > +{ > + EFI_STATUS Status; > + > + if (!IsOpteePresent ()) { > + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > + return EFI_UNSUPPORTED; > + } > + > + Status = OpteeShmMemRemap (); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + Does Standard SMC to OP-TEE in secure world. > + > + @param[in] Parg Physical address of message to pass to secure world > + > + @return 0 on success, secure world return code otherwise > + > +**/ > +STATIC > +UINT32 > +OpteeCallWithArg ( > + IN EFI_PHYSICAL_ADDRESS Parg > + ) > +{ > + ARM_SMC_ARGS ArmSmcArgs; > + > + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; > + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); > + ArmSmcArgs.Arg2 = (UINT32)Parg; > + > + while (TRUE) { > + ArmCallSmc (&ArmSmcArgs); > + > + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { > + // > + // A foreign interrupt was raised while secure world was > + // executing, since they are handled in UEFI a dummy RPC is > + // performed to let UEFI take the interrupt through the normal > + // vector. > + // > + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; > + } else { > + break; > + } > + } > + > + return ArmSmcArgs.Arg0; > +} > + > +EFI_STATUS > +EFIAPI > +OpteeOpenSession ( > + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > + ) > +{ > + OPTEE_MSG_ARG *MsgArg; > + > + MsgArg = NULL; > + > + if (OpteeShmInfo.Base == 0) { > + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > + return EFI_NOT_STARTED; > + } > + > + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > sizeof > + (OPTEE_MSG_ARG)); > + > + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; > + > + // > + // Initialize and add the meta parameters needed when opening a // > + session. > + // > + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > + OPTEE_MSG_ATTR_META; MsgArg->Params[1].Attr > + = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > + OPTEE_MSG_ATTR_META; CopyMem > + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, OPTEE_UUID_LEN); > + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; > + > + MsgArg->NumParams = 2; > + > + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > + > + OpenSessionArg->Session = MsgArg->Session; OpenSessionArg->Ret = > + MsgArg->Ret; OpenSessionArg->RetOrigin = MsgArg->RetOrigin; > + > + return EFI_SUCCESS; > +} > + > +EFI_STATUS > +EFIAPI > +OpteeCloseSession ( > + IN UINT32 Session > + ) > +{ > + OPTEE_MSG_ARG *MsgArg; > + > + MsgArg = NULL; > + > + if (OpteeShmInfo.Base == 0) { > + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > + return EFI_NOT_STARTED; > + } > + > + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > sizeof > + (OPTEE_MSG_ARG)); > + > + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; MsgArg->Session = > + Session; > + > + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > + > + return EFI_SUCCESS; > +} > + > +STATIC > +EFI_STATUS > +OpteeToMsgParam ( > + OUT OPTEE_MSG_PARAM *MsgParams, > + IN UINT32 NumParams, > + IN OPTEE_MSG_PARAM *InParams > + ) > +{ > + UINT32 Idx; > + UINTN ParamShmAddr; > + UINTN ShmSize; > + UINTN Size; > + > + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof > + (UINT64) - 1); ParamShmAddr = OpteeShmInfo.Base + Size; ShmSize = > + OpteeShmInfo.Size - Size; > + > + for (Idx = 0; Idx < NumParams; Idx++) { > + CONST OPTEE_MSG_PARAM *Ip; > + OPTEE_MSG_PARAM *Mp; > + UINT32 Attr; > + > + Ip = InParams + Idx; > + Mp = MsgParams + Idx; > + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > + > + switch (Attr) { > + case OPTEE_MSG_ATTR_TYPE_NONE: > + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > + ZeroMem (&Mp->U, sizeof (Mp->U)); > + break; > + > + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > + Mp->Attr = Attr; > + Mp->U.Value.A = Ip->U.Value.A; > + Mp->U.Value.B = Ip->U.Value.B; > + Mp->U.Value.C = Ip->U.Value.C; > + break; > + > + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > + Mp->Attr = Attr; > + > + if (Ip->U.Mem.Size > ShmSize) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip- > >U.Mem.Size); > + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; > + Mp->U.Mem.Size = Ip->U.Mem.Size; > + > + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); > + ParamShmAddr += Size; > + ShmSize -= Size; > + break; > + > + default: > + return EFI_INVALID_PARAMETER; > + } > + } > + > + return EFI_SUCCESS; > +} > + > +STATIC > +EFI_STATUS > +OpteeFromMsgParam ( > + OUT OPTEE_MSG_PARAM *OutParams, > + IN UINT32 NumParams, > + IN OPTEE_MSG_PARAM *MsgParams > + ) > +{ > + UINT32 Idx; > + > + for (Idx = 0; Idx < NumParams; Idx++) { > + OPTEE_MSG_PARAM *Op; > + CONST OPTEE_MSG_PARAM *Mp; > + UINT32 Attr; > + > + Op = OutParams + Idx; > + Mp = MsgParams + Idx; > + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > + > + switch (Attr) { > + case OPTEE_MSG_ATTR_TYPE_NONE: > + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > + ZeroMem (&Op->U, sizeof (Op->U)); > + break; > + > + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > + Op->Attr = Attr; > + Op->U.Value.A = Mp->U.Value.A; > + Op->U.Value.B = Mp->U.Value.B; > + Op->U.Value.C = Mp->U.Value.C; > + break; > + > + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > + Op->Attr = Attr; > + > + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > + return EFI_BAD_BUFFER_SIZE; > + } > + > + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, > Mp->U.Mem.Size); > + Op->U.Mem.Size = Mp->U.Mem.Size; > + break; > + > + default: > + return EFI_INVALID_PARAMETER; > + } > + } > + > + return EFI_SUCCESS; > +} > + > +EFI_STATUS > +EFIAPI > +OpteeInvokeFunc ( > + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > + ) > +{ > + EFI_STATUS Status; > + OPTEE_MSG_ARG *MsgArg; > + > + MsgArg = NULL; > + > + if (OpteeShmInfo.Base == 0) { > + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > + return EFI_NOT_STARTED; > + } > + > + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > sizeof > + (OPTEE_MSG_ARG)); > + > + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; MsgArg->Func = > + InvokeFuncArg->Func; MsgArg->Session = InvokeFuncArg->Session; > + > + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, > + InvokeFuncArg->Params); if (Status) > + return Status; > + > + MsgArg->NumParams = MAX_PARAMS; > + > + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > + > + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, > MsgArg->Params)) { > + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > + > + InvokeFuncArg->Ret = MsgArg->Ret; > + InvokeFuncArg->RetOrigin = MsgArg->RetOrigin; > + > + return EFI_SUCCESS; > +} > diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf > b/ArmPkg/Library/OpteeLib/OpteeLib.inf > index 5abd427379cc..e03054a7167d 100644 > --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > @@ -23,11 +23,13 @@ [Defines] > > [Sources] > Optee.c > + OpteeSmc.h > > [Packages] > ArmPkg/ArmPkg.dec > MdePkg/MdePkg.dec > > [LibraryClasses] > + ArmMmuLib > ArmSmcLib > BaseLib > diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h > b/ArmPkg/Library/OpteeLib/OpteeSmc.h > new file mode 100644 > index 000000000000..e2ea35784a0a > --- /dev/null > +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > @@ -0,0 +1,43 @@ > +/** @file > + OP-TEE SMC header file. > + > + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > + > + This program and the accompanying materials are licensed and made > + available under the terms and conditions of the BSD License which > + accompanies this distribution. The full text of the license may be > + found at > + > + > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > n > + source.org%2Flicenses%2Fbsd- > license.php&data=02%7C01%7Cudit.kumar% > + > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > a92cd99 > + > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > OOKCyshbg > + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef _OPTEE_SMC_H_ > +#define _OPTEE_SMC_H_ > + > +/* Returned in Arg0 only from Trusted OS functions */ > +#define OPTEE_SMC_RETURN_OK 0x0 > + > +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > + > +#define OPTEE_SMC_SHM_CACHED 1 > + > +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 > + > +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > + > +#define OPTEE_MSG_ATTR_META 0x100 > + > +#define TEE_LOGIN_PUBLIC 0x0 > + > +typedef struct { > + UINTN Base; > + UINTN Size; > +} OPTEE_SHARED_MEMORY_INFO; > + > +#endif > diff --git a/ArmPkg/Include/Library/OpteeLib.h > b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > similarity index 53% > copy from ArmPkg/Include/Library/OpteeLib.h copy to > MdePkg/Include/IndustryStandard/GlobalPlatform.h > index f65d8674d9b8..14c621d89971 100644 > --- a/ArmPkg/Include/Library/OpteeLib.h > +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > @@ -1,34 +1,26 @@ > -/** @file > - OP-TEE specific header file. > - > - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > - > - This program and the accompanying materials > - are licensed and made available under the terms and conditions of the BSD > License > - which accompanies this distribution. The full text of the license may be > found at > - > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > nsource.org%2Flicenses%2Fbsd- > license.php&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0% > 7C0%7C636706993250535371&sdata=pyZF9Ku3qEppOOKCyshbg9oCT4 > P6AwM2olKY3%2B2ImWs%3D&reserved=0 > - > - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > - > -**/ > - > -#ifndef _OPTEE_H_ > -#define _OPTEE_H_ > - > -/* > - * The 'Trusted OS Call UID' is supposed to return the following UUID for > - * OP-TEE OS. This is a 128-bit value. > - */ > -#define OPTEE_OS_UID0 0x384fb3e0 > -#define OPTEE_OS_UID1 0xe7f811e3 > -#define OPTEE_OS_UID2 0xaf630002 > -#define OPTEE_OS_UID3 0xa5d5c51b > - > -BOOLEAN > -EFIAPI > -IsOpteePresent ( > - VOID > - ); > - > -#endif > +/** @file > + Standardized Global Platform header file. > + > + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > + > + This program and the accompanying materials are licensed and made > + available under the terms and conditions of the BSD License which > + accompanies this distribution. The full text of the license may be > + found at > + > + > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > n > + source.org%2Flicenses%2Fbsd- > license.php&data=02%7C01%7Cudit.kumar% > + > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > a92cd99 > + > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > OOKCyshbg > + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +#ifndef _GLOBAL_PLATFORM_H_ > +#define _GLOBAL_PLATFORM_H_ > + > +#define TEEC_ORIGIN_COMMS 0x00000002 > + > +#define TEEC_SUCCESS 0x00000000 > +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > + > +#endif > -- > 2.7.4 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > s.01.org%2Fmailman%2Flistinfo%2Fedk2- > devel&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% > 7C636706993250535371&sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP > u%2Fhcds3j9aDPnU%3D&reserved=0 ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-24 16:20 ` Udit Kumar @ 2018-08-24 17:35 ` Ard Biesheuvel 2018-08-24 17:45 ` Udit Kumar 0 siblings, 1 reply; 15+ messages in thread From: Ard Biesheuvel @ 2018-08-24 17:35 UTC (permalink / raw) To: Udit Kumar, Matteo Carlini Cc: Sumit Garg, edk2-devel@lists.01.org, tee-dev@lists.linaro.org, daniel.thompson@linaro.org, jens.wiklander@linaro.org, Rod Dorris (+ Matteo) On 24 August 2018 at 17:20, Udit Kumar <udit.kumar@nxp.com> wrote: > Hi Sumit > What use case you have in mind, to interface op-tee with UEFI. > > What ARM proposed (Matteo in cc), to run MM mode in Secure side of machine with SPM. > Moreover SPD (OP-TEE) and SPM(MM mode) cannot co-exists on current arm devices. > Then how do you see MM mode working. > If MM mode is fundamentally incompatible with OP-TEE, then you cannot run both at the same time. But that doesn't mean there are no use cases for shipping a UEFI system with OP-TEE. I will let Sumit elaborate on the details if you're interested, but he has working code to use the thermal sensors on SynQuacer (which are secure world only) to gather entropy and expose it to the OS via the EFI_RNG_PROTOCOL, which is implemented on top of this OP-TEE client library. >> -----Original Message----- >> From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of Sumit >> Garg >> Sent: Friday, August 24, 2018 2:51 PM >> To: edk2-devel@lists.01.org >> Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org; >> jens.wiklander@linaro.org >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate >> with OP-TEE >> >> Add following APIs to communicate with OP-TEE static TA: >> 1. OpteeInit >> 2. OpteeOpenSession >> 3. OpteeCloseSession >> 4. OpteeInvokeFunc >> >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> >> Cc: Leif Lindholm <leif.lindholm@linaro.org> >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> >> --- >> ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ >> ArmPkg/Library/OpteeLib/Optee.c | 358 >> +++++++++++++++++++++ >> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + >> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ >> .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- >> 5 files changed, 531 insertions(+), 34 deletions(-) create mode 100644 >> ArmPkg/Library/OpteeLib/OpteeSmc.h >> copy ArmPkg/Include/Library/OpteeLib.h => >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) >> >> diff --git a/ArmPkg/Include/Library/OpteeLib.h >> b/ArmPkg/Include/Library/OpteeLib.h >> index f65d8674d9b8..c323f49072f8 100644 >> --- a/ArmPkg/Include/Library/OpteeLib.h >> +++ b/ArmPkg/Include/Library/OpteeLib.h >> @@ -25,10 +25,112 @@ >> #define OPTEE_OS_UID2 0xaf630002 >> #define OPTEE_OS_UID3 0xa5d5c51b >> >> +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb >> + >> +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff >> + >> +typedef struct { >> + UINT64 BufPtr; >> + UINT64 Size; >> + UINT64 ShmRef; >> +} OPTEE_MSG_PARAM_MEM; >> + >> +typedef struct { >> + UINT64 A; >> + UINT64 B; >> + UINT64 C; >> +} OPTEE_MSG_PARAM_VALUE; >> + >> +typedef struct { >> + UINT64 Attr; >> + union { >> + OPTEE_MSG_PARAM_MEM Mem; >> + OPTEE_MSG_PARAM_VALUE Value; >> + } U; >> +} OPTEE_MSG_PARAM; >> + >> +#define MAX_PARAMS 4 >> + >> +typedef struct { >> + UINT32 Cmd; >> + UINT32 Func; >> + UINT32 Session; >> + UINT32 CancelId; >> + UINT32 Pad; >> + UINT32 Ret; >> + UINT32 RetOrigin; >> + UINT32 NumParams; >> + >> + // NumParams tells the actual number of element in Params >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; >> +} OPTEE_MSG_ARG; >> + >> +#define OPTEE_UUID_LEN 16 >> + >> +// >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument >> +// @Uuid: [in] UUID of the Trusted Application >> +// @Session: [out] Session id >> +// @Ret: [out] Return value >> +// @RetOrigin [out] Origin of the return value >> +// >> +typedef struct { >> + UINT8 Uuid[OPTEE_UUID_LEN]; >> + UINT32 Session; >> + UINT32 Ret; >> + UINT32 RetOrigin; >> +} OPTEE_OPEN_SESSION_ARG; >> + >> +// >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument >> +// @Func: [in] Trusted Application function, specific to the TA >> +// @Session: [in] Session id >> +// @Ret: [out] Return value >> +// @RetOrigin [out] Origin of the return value >> +// @Params [inout] Parameters for function to be invoked >> +// >> +typedef struct { >> + UINT32 Func; >> + UINT32 Session; >> + UINT32 Ret; >> + UINT32 RetOrigin; >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; >> +} OPTEE_INVOKE_FUNC_ARG; >> + >> BOOLEAN >> EFIAPI >> IsOpteePresent ( >> VOID >> ); >> >> +EFI_STATUS >> +EFIAPI >> +OpteeInit ( >> + VOID >> + ); >> + >> +EFI_STATUS >> +EFIAPI >> +OpteeOpenSession ( >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg >> + ); >> + >> +EFI_STATUS >> +EFIAPI >> +OpteeCloseSession ( >> + IN UINT32 Session >> + ); >> + >> +EFI_STATUS >> +EFIAPI >> +OpteeInvokeFunc ( >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg >> + ); >> + >> #endif >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c >> b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..2111022d3662 >> 100644 >> --- a/ArmPkg/Library/OpteeLib/Optee.c >> +++ b/ArmPkg/Library/OpteeLib/Optee.c >> @@ -14,11 +14,19 @@ >> >> **/ >> >> +#include <Library/ArmMmuLib.h> >> #include <Library/ArmSmcLib.h> >> +#include <Library/BaseMemoryLib.h> >> #include <Library/BaseLib.h> >> +#include <Library/DebugLib.h> >> #include <Library/OpteeLib.h> >> >> #include <IndustryStandard/ArmStdSmc.h> >> +#include <IndustryStandard/GlobalPlatform.h> >> +#include <OpteeSmc.h> >> +#include <Uefi.h> >> + >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; >> >> /** >> Check for OP-TEE presence. >> @@ -31,6 +39,7 @@ IsOpteePresent ( >> { >> ARM_SMC_ARGS ArmSmcArgs; >> >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); >> // Send a Trusted OS Calls UID command >> ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; >> ArmCallSmc (&ArmSmcArgs); >> @@ -44,3 +53,352 @@ IsOpteePresent ( >> return FALSE; >> } >> } >> + >> +STATIC >> +EFI_STATUS >> +OpteeShmMemRemap ( >> + VOID >> + ) >> +{ >> + ARM_SMC_ARGS ArmSmcArgs; >> + EFI_PHYSICAL_ADDRESS Paddr; >> + EFI_PHYSICAL_ADDRESS Start; >> + EFI_PHYSICAL_ADDRESS End; >> + EFI_STATUS Status; >> + UINTN Size; >> + >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); >> + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; >> + >> + ArmCallSmc (&ArmSmcArgs); >> + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); >> + return EFI_UNSUPPORTED; >> + } >> + >> + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { >> + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared memory >> supported\n")); >> + return EFI_UNSUPPORTED; >> + } >> + >> + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); End = >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); Paddr = Start; >> + Size = End - Start; >> + >> + if (Size < SIZE_4KB) { >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); >> + return EFI_BUFFER_TOO_SMALL; >> + } >> + >> + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); if >> + (EFI_ERROR (Status)) { >> + return Status; >> + } >> + >> + OpteeShmInfo.Base = (UINTN)Paddr; >> + OpteeShmInfo.Size = Size; >> + >> + return EFI_SUCCESS; >> +} >> + >> +EFI_STATUS >> +EFIAPI >> +OpteeInit ( >> + VOID >> + ) >> +{ >> + EFI_STATUS Status; >> + >> + if (!IsOpteePresent ()) { >> + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); >> + return EFI_UNSUPPORTED; >> + } >> + >> + Status = OpteeShmMemRemap (); >> + if (EFI_ERROR (Status)) { >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); >> + return Status; >> + } >> + >> + return EFI_SUCCESS; >> +} >> + >> +/** >> + Does Standard SMC to OP-TEE in secure world. >> + >> + @param[in] Parg Physical address of message to pass to secure world >> + >> + @return 0 on success, secure world return code otherwise >> + >> +**/ >> +STATIC >> +UINT32 >> +OpteeCallWithArg ( >> + IN EFI_PHYSICAL_ADDRESS Parg >> + ) >> +{ >> + ARM_SMC_ARGS ArmSmcArgs; >> + >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); >> + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; >> + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); >> + ArmSmcArgs.Arg2 = (UINT32)Parg; >> + >> + while (TRUE) { >> + ArmCallSmc (&ArmSmcArgs); >> + >> + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { >> + // >> + // A foreign interrupt was raised while secure world was >> + // executing, since they are handled in UEFI a dummy RPC is >> + // performed to let UEFI take the interrupt through the normal >> + // vector. >> + // >> + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; >> + } else { >> + break; >> + } >> + } >> + >> + return ArmSmcArgs.Arg0; >> +} >> + >> +EFI_STATUS >> +EFIAPI >> +OpteeOpenSession ( >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg >> + ) >> +{ >> + OPTEE_MSG_ARG *MsgArg; >> + >> + MsgArg = NULL; >> + >> + if (OpteeShmInfo.Base == 0) { >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); >> + return EFI_NOT_STARTED; >> + } >> + >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, >> sizeof >> + (OPTEE_MSG_ARG)); >> + >> + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; >> + >> + // >> + // Initialize and add the meta parameters needed when opening a // >> + session. >> + // >> + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | >> + OPTEE_MSG_ATTR_META; MsgArg->Params[1].Attr >> + = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | >> + OPTEE_MSG_ATTR_META; CopyMem >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, OPTEE_UUID_LEN); >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); >> + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; >> + >> + MsgArg->NumParams = 2; >> + >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } >> + >> + OpenSessionArg->Session = MsgArg->Session; OpenSessionArg->Ret = >> + MsgArg->Ret; OpenSessionArg->RetOrigin = MsgArg->RetOrigin; >> + >> + return EFI_SUCCESS; >> +} >> + >> +EFI_STATUS >> +EFIAPI >> +OpteeCloseSession ( >> + IN UINT32 Session >> + ) >> +{ >> + OPTEE_MSG_ARG *MsgArg; >> + >> + MsgArg = NULL; >> + >> + if (OpteeShmInfo.Base == 0) { >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); >> + return EFI_NOT_STARTED; >> + } >> + >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, >> sizeof >> + (OPTEE_MSG_ARG)); >> + >> + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; MsgArg->Session = >> + Session; >> + >> + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); >> + >> + return EFI_SUCCESS; >> +} >> + >> +STATIC >> +EFI_STATUS >> +OpteeToMsgParam ( >> + OUT OPTEE_MSG_PARAM *MsgParams, >> + IN UINT32 NumParams, >> + IN OPTEE_MSG_PARAM *InParams >> + ) >> +{ >> + UINT32 Idx; >> + UINTN ParamShmAddr; >> + UINTN ShmSize; >> + UINTN Size; >> + >> + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof >> + (UINT64) - 1); ParamShmAddr = OpteeShmInfo.Base + Size; ShmSize = >> + OpteeShmInfo.Size - Size; >> + >> + for (Idx = 0; Idx < NumParams; Idx++) { >> + CONST OPTEE_MSG_PARAM *Ip; >> + OPTEE_MSG_PARAM *Mp; >> + UINT32 Attr; >> + >> + Ip = InParams + Idx; >> + Mp = MsgParams + Idx; >> + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; >> + >> + switch (Attr) { >> + case OPTEE_MSG_ATTR_TYPE_NONE: >> + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; >> + ZeroMem (&Mp->U, sizeof (Mp->U)); >> + break; >> + >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: >> + Mp->Attr = Attr; >> + Mp->U.Value.A = Ip->U.Value.A; >> + Mp->U.Value.B = Ip->U.Value.B; >> + Mp->U.Value.C = Ip->U.Value.C; >> + break; >> + >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: >> + Mp->Attr = Attr; >> + >> + if (Ip->U.Mem.Size > ShmSize) { >> + return EFI_OUT_OF_RESOURCES; >> + } >> + >> + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip- >> >U.Mem.Size); >> + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; >> + Mp->U.Mem.Size = Ip->U.Mem.Size; >> + >> + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); >> + ParamShmAddr += Size; >> + ShmSize -= Size; >> + break; >> + >> + default: >> + return EFI_INVALID_PARAMETER; >> + } >> + } >> + >> + return EFI_SUCCESS; >> +} >> + >> +STATIC >> +EFI_STATUS >> +OpteeFromMsgParam ( >> + OUT OPTEE_MSG_PARAM *OutParams, >> + IN UINT32 NumParams, >> + IN OPTEE_MSG_PARAM *MsgParams >> + ) >> +{ >> + UINT32 Idx; >> + >> + for (Idx = 0; Idx < NumParams; Idx++) { >> + OPTEE_MSG_PARAM *Op; >> + CONST OPTEE_MSG_PARAM *Mp; >> + UINT32 Attr; >> + >> + Op = OutParams + Idx; >> + Mp = MsgParams + Idx; >> + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; >> + >> + switch (Attr) { >> + case OPTEE_MSG_ATTR_TYPE_NONE: >> + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; >> + ZeroMem (&Op->U, sizeof (Op->U)); >> + break; >> + >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: >> + Op->Attr = Attr; >> + Op->U.Value.A = Mp->U.Value.A; >> + Op->U.Value.B = Mp->U.Value.B; >> + Op->U.Value.C = Mp->U.Value.C; >> + break; >> + >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: >> + Op->Attr = Attr; >> + >> + if (Mp->U.Mem.Size > Op->U.Mem.Size) { >> + return EFI_BAD_BUFFER_SIZE; >> + } >> + >> + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, >> Mp->U.Mem.Size); >> + Op->U.Mem.Size = Mp->U.Mem.Size; >> + break; >> + >> + default: >> + return EFI_INVALID_PARAMETER; >> + } >> + } >> + >> + return EFI_SUCCESS; >> +} >> + >> +EFI_STATUS >> +EFIAPI >> +OpteeInvokeFunc ( >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg >> + ) >> +{ >> + EFI_STATUS Status; >> + OPTEE_MSG_ARG *MsgArg; >> + >> + MsgArg = NULL; >> + >> + if (OpteeShmInfo.Base == 0) { >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); >> + return EFI_NOT_STARTED; >> + } >> + >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, >> sizeof >> + (OPTEE_MSG_ARG)); >> + >> + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; MsgArg->Func = >> + InvokeFuncArg->Func; MsgArg->Session = InvokeFuncArg->Session; >> + >> + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, >> + InvokeFuncArg->Params); if (Status) >> + return Status; >> + >> + MsgArg->NumParams = MAX_PARAMS; >> + >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } >> + >> + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, >> MsgArg->Params)) { >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } >> + >> + InvokeFuncArg->Ret = MsgArg->Ret; >> + InvokeFuncArg->RetOrigin = MsgArg->RetOrigin; >> + >> + return EFI_SUCCESS; >> +} >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf >> index 5abd427379cc..e03054a7167d 100644 >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf >> @@ -23,11 +23,13 @@ [Defines] >> >> [Sources] >> Optee.c >> + OpteeSmc.h >> >> [Packages] >> ArmPkg/ArmPkg.dec >> MdePkg/MdePkg.dec >> >> [LibraryClasses] >> + ArmMmuLib >> ArmSmcLib >> BaseLib >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h >> new file mode 100644 >> index 000000000000..e2ea35784a0a >> --- /dev/null >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h >> @@ -0,0 +1,43 @@ >> +/** @file >> + OP-TEE SMC header file. >> + >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> >> + >> + This program and the accompanying materials are licensed and made >> + available under the terms and conditions of the BSD License which >> + accompanies this distribution. The full text of the license may be >> + found at >> + >> + >> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope >> n >> + source.org%2Flicenses%2Fbsd- >> license.php&data=02%7C01%7Cudit.kumar% >> + >> 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f >> a92cd99 >> + >> c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp >> OOKCyshbg >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 >> + >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >> BASIS, >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >> EXPRESS OR IMPLIED. >> + >> +**/ >> + >> +#ifndef _OPTEE_SMC_H_ >> +#define _OPTEE_SMC_H_ >> + >> +/* Returned in Arg0 only from Trusted OS functions */ >> +#define OPTEE_SMC_RETURN_OK 0x0 >> + >> +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 >> +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 >> +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 >> + >> +#define OPTEE_SMC_SHM_CACHED 1 >> + >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 >> + >> +#define OPTEE_MSG_CMD_OPEN_SESSION 0 >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 >> +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 >> + >> +#define OPTEE_MSG_ATTR_META 0x100 >> + >> +#define TEE_LOGIN_PUBLIC 0x0 >> + >> +typedef struct { >> + UINTN Base; >> + UINTN Size; >> +} OPTEE_SHARED_MEMORY_INFO; >> + >> +#endif >> diff --git a/ArmPkg/Include/Library/OpteeLib.h >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h >> similarity index 53% >> copy from ArmPkg/Include/Library/OpteeLib.h copy to >> MdePkg/Include/IndustryStandard/GlobalPlatform.h >> index f65d8674d9b8..14c621d89971 100644 >> --- a/ArmPkg/Include/Library/OpteeLib.h >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h >> @@ -1,34 +1,26 @@ >> -/** @file >> - OP-TEE specific header file. >> - >> - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> >> - >> - This program and the accompanying materials >> - are licensed and made available under the terms and conditions of the BSD >> License >> - which accompanies this distribution. The full text of the license may be >> found at >> - >> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope >> nsource.org%2Flicenses%2Fbsd- >> license.php&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c >> 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0% >> 7C0%7C636706993250535371&sdata=pyZF9Ku3qEppOOKCyshbg9oCT4 >> P6AwM2olKY3%2B2ImWs%3D&reserved=0 >> - >> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >> BASIS, >> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >> EXPRESS OR IMPLIED. >> - >> -**/ >> - >> -#ifndef _OPTEE_H_ >> -#define _OPTEE_H_ >> - >> -/* >> - * The 'Trusted OS Call UID' is supposed to return the following UUID for >> - * OP-TEE OS. This is a 128-bit value. >> - */ >> -#define OPTEE_OS_UID0 0x384fb3e0 >> -#define OPTEE_OS_UID1 0xe7f811e3 >> -#define OPTEE_OS_UID2 0xaf630002 >> -#define OPTEE_OS_UID3 0xa5d5c51b >> - >> -BOOLEAN >> -EFIAPI >> -IsOpteePresent ( >> - VOID >> - ); >> - >> -#endif >> +/** @file >> + Standardized Global Platform header file. >> + >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> >> + >> + This program and the accompanying materials are licensed and made >> + available under the terms and conditions of the BSD License which >> + accompanies this distribution. The full text of the license may be >> + found at >> + >> + >> https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope >> n >> + source.org%2Flicenses%2Fbsd- >> license.php&data=02%7C01%7Cudit.kumar% >> + >> 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f >> a92cd99 >> + >> c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp >> OOKCyshbg >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 >> + >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >> BASIS, >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >> EXPRESS OR IMPLIED. >> + >> +**/ >> + >> +#ifndef _GLOBAL_PLATFORM_H_ >> +#define _GLOBAL_PLATFORM_H_ >> + >> +#define TEEC_ORIGIN_COMMS 0x00000002 >> + >> +#define TEEC_SUCCESS 0x00000000 >> +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 >> +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E >> +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C >> + >> +#endif >> -- >> 2.7.4 >> >> _______________________________________________ >> edk2-devel mailing list >> edk2-devel@lists.01.org >> https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist >> s.01.org%2Fmailman%2Flistinfo%2Fedk2- >> devel&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e >> dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% >> 7C636706993250535371&sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP >> u%2Fhcds3j9aDPnU%3D&reserved=0 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-24 17:35 ` Ard Biesheuvel @ 2018-08-24 17:45 ` Udit Kumar 2018-08-24 18:03 ` Matteo Carlini 0 siblings, 1 reply; 15+ messages in thread From: Udit Kumar @ 2018-08-24 17:45 UTC (permalink / raw) To: Ard Biesheuvel, Matteo Carlini Cc: Sumit Garg, edk2-devel@lists.01.org, tee-dev@lists.linaro.org, daniel.thompson@linaro.org, jens.wiklander@linaro.org, Rod Dorris Hi Ard > If MM mode is fundamentally incompatible with OP-TEE, then you cannot > run both at the same time, Both cannot coexist unless you have v8.4 CPU Regards Udit > > > >> -----Original Message----- > >> From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of Sumit > >> Garg > >> Sent: Friday, August 24, 2018 2:51 PM > >> To: edk2-devel@lists.01.org > >> Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org; > >> jens.wiklander@linaro.org > >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate > >> with OP-TEE > >> > >> Add following APIs to communicate with OP-TEE static TA: > >> 1. OpteeInit > >> 2. OpteeOpenSession > >> 3. OpteeCloseSession > >> 4. OpteeInvokeFunc > >> > >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > >> Cc: Leif Lindholm <leif.lindholm@linaro.org> > >> Contributed-under: TianoCore Contribution Agreement 1.1 > >> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > >> --- > >> ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > >> ArmPkg/Library/OpteeLib/Optee.c | 358 > >> +++++++++++++++++++++ > >> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > >> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > >> .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > >> 5 files changed, 531 insertions(+), 34 deletions(-) create mode > >> 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > >> copy ArmPkg/Include/Library/OpteeLib.h => > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > >> > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > >> b/ArmPkg/Include/Library/OpteeLib.h > >> index f65d8674d9b8..c323f49072f8 100644 > >> --- a/ArmPkg/Include/Library/OpteeLib.h > >> +++ b/ArmPkg/Include/Library/OpteeLib.h > >> @@ -25,10 +25,112 @@ > >> #define OPTEE_OS_UID2 0xaf630002 > >> #define OPTEE_OS_UID3 0xa5d5c51b > >> > >> +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > >> + > >> +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > >> + > >> +typedef struct { > >> + UINT64 BufPtr; > >> + UINT64 Size; > >> + UINT64 ShmRef; > >> +} OPTEE_MSG_PARAM_MEM; > >> + > >> +typedef struct { > >> + UINT64 A; > >> + UINT64 B; > >> + UINT64 C; > >> +} OPTEE_MSG_PARAM_VALUE; > >> + > >> +typedef struct { > >> + UINT64 Attr; > >> + union { > >> + OPTEE_MSG_PARAM_MEM Mem; > >> + OPTEE_MSG_PARAM_VALUE Value; > >> + } U; > >> +} OPTEE_MSG_PARAM; > >> + > >> +#define MAX_PARAMS 4 > >> + > >> +typedef struct { > >> + UINT32 Cmd; > >> + UINT32 Func; > >> + UINT32 Session; > >> + UINT32 CancelId; > >> + UINT32 Pad; > >> + UINT32 Ret; > >> + UINT32 RetOrigin; > >> + UINT32 NumParams; > >> + > >> + // NumParams tells the actual number of element in Params > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > >> +} OPTEE_MSG_ARG; > >> + > >> +#define OPTEE_UUID_LEN 16 > >> + > >> +// > >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > >> +// @Uuid: [in] UUID of the Trusted Application > >> +// @Session: [out] Session id > >> +// @Ret: [out] Return value > >> +// @RetOrigin [out] Origin of the return value > >> +// > >> +typedef struct { > >> + UINT8 Uuid[OPTEE_UUID_LEN]; > >> + UINT32 Session; > >> + UINT32 Ret; > >> + UINT32 RetOrigin; > >> +} OPTEE_OPEN_SESSION_ARG; > >> + > >> +// > >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument > >> +// @Func: [in] Trusted Application function, specific to the TA > >> +// @Session: [in] Session id > >> +// @Ret: [out] Return value > >> +// @RetOrigin [out] Origin of the return value > >> +// @Params [inout] Parameters for function to be invoked > >> +// > >> +typedef struct { > >> + UINT32 Func; > >> + UINT32 Session; > >> + UINT32 Ret; > >> + UINT32 RetOrigin; > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > >> +} OPTEE_INVOKE_FUNC_ARG; > >> + > >> BOOLEAN > >> EFIAPI > >> IsOpteePresent ( > >> VOID > >> ); > >> > >> +EFI_STATUS > >> +EFIAPI > >> +OpteeInit ( > >> + VOID > >> + ); > >> + > >> +EFI_STATUS > >> +EFIAPI > >> +OpteeOpenSession ( > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > >> + ); > >> + > >> +EFI_STATUS > >> +EFIAPI > >> +OpteeCloseSession ( > >> + IN UINT32 Session > >> + ); > >> + > >> +EFI_STATUS > >> +EFIAPI > >> +OpteeInvokeFunc ( > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > >> + ); > >> + > >> #endif > >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c > >> b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..2111022d3662 > >> 100644 > >> --- a/ArmPkg/Library/OpteeLib/Optee.c > >> +++ b/ArmPkg/Library/OpteeLib/Optee.c > >> @@ -14,11 +14,19 @@ > >> > >> **/ > >> > >> +#include <Library/ArmMmuLib.h> > >> #include <Library/ArmSmcLib.h> > >> +#include <Library/BaseMemoryLib.h> > >> #include <Library/BaseLib.h> > >> +#include <Library/DebugLib.h> > >> #include <Library/OpteeLib.h> > >> > >> #include <IndustryStandard/ArmStdSmc.h> > >> +#include <IndustryStandard/GlobalPlatform.h> > >> +#include <OpteeSmc.h> > >> +#include <Uefi.h> > >> + > >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; > >> > >> /** > >> Check for OP-TEE presence. > >> @@ -31,6 +39,7 @@ IsOpteePresent ( > >> { > >> ARM_SMC_ARGS ArmSmcArgs; > >> > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > >> // Send a Trusted OS Calls UID command > >> ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; > >> ArmCallSmc (&ArmSmcArgs); > >> @@ -44,3 +53,352 @@ IsOpteePresent ( > >> return FALSE; > >> } > >> } > >> + > >> +STATIC > >> +EFI_STATUS > >> +OpteeShmMemRemap ( > >> + VOID > >> + ) > >> +{ > >> + ARM_SMC_ARGS ArmSmcArgs; > >> + EFI_PHYSICAL_ADDRESS Paddr; > >> + EFI_PHYSICAL_ADDRESS Start; > >> + EFI_PHYSICAL_ADDRESS End; > >> + EFI_STATUS Status; > >> + UINTN Size; > >> + > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; > >> + > >> + ArmCallSmc (&ArmSmcArgs); > >> + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); > >> + return EFI_UNSUPPORTED; > >> + } > >> + > >> + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { > >> + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared > memory > >> supported\n")); > >> + return EFI_UNSUPPORTED; > >> + } > >> + > >> + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); End = > >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); Paddr = > >> + Start; Size = End - Start; > >> + > >> + if (Size < SIZE_4KB) { > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); > >> + return EFI_BUFFER_TOO_SMALL; > >> + } > >> + > >> + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); if > >> + (EFI_ERROR (Status)) { > >> + return Status; > >> + } > >> + > >> + OpteeShmInfo.Base = (UINTN)Paddr; > >> + OpteeShmInfo.Size = Size; > >> + > >> + return EFI_SUCCESS; > >> +} > >> + > >> +EFI_STATUS > >> +EFIAPI > >> +OpteeInit ( > >> + VOID > >> + ) > >> +{ > >> + EFI_STATUS Status; > >> + > >> + if (!IsOpteePresent ()) { > >> + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > >> + return EFI_UNSUPPORTED; > >> + } > >> + > >> + Status = OpteeShmMemRemap (); > >> + if (EFI_ERROR (Status)) { > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); > >> + return Status; > >> + } > >> + > >> + return EFI_SUCCESS; > >> +} > >> + > >> +/** > >> + Does Standard SMC to OP-TEE in secure world. > >> + > >> + @param[in] Parg Physical address of message to pass to secure world > >> + > >> + @return 0 on success, secure world return code otherwise > >> + > >> +**/ > >> +STATIC > >> +UINT32 > >> +OpteeCallWithArg ( > >> + IN EFI_PHYSICAL_ADDRESS Parg > >> + ) > >> +{ > >> + ARM_SMC_ARGS ArmSmcArgs; > >> + > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; > >> + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); > >> + ArmSmcArgs.Arg2 = (UINT32)Parg; > >> + > >> + while (TRUE) { > >> + ArmCallSmc (&ArmSmcArgs); > >> + > >> + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { > >> + // > >> + // A foreign interrupt was raised while secure world was > >> + // executing, since they are handled in UEFI a dummy RPC is > >> + // performed to let UEFI take the interrupt through the normal > >> + // vector. > >> + // > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; > >> + } else { > >> + break; > >> + } > >> + } > >> + > >> + return ArmSmcArgs.Arg0; > >> +} > >> + > >> +EFI_STATUS > >> +EFIAPI > >> +OpteeOpenSession ( > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > >> + ) > >> +{ > >> + OPTEE_MSG_ARG *MsgArg; > >> + > >> + MsgArg = NULL; > >> + > >> + if (OpteeShmInfo.Base == 0) { > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > >> + return EFI_NOT_STARTED; > >> + } > >> + > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > >> sizeof > >> + (OPTEE_MSG_ARG)); > >> + > >> + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; > >> + > >> + // > >> + // Initialize and add the meta parameters needed when opening a > >> + // session. > >> + // > >> + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > >> + OPTEE_MSG_ATTR_META; > >> + MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > >> + OPTEE_MSG_ATTR_META; CopyMem > >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, > OPTEE_UUID_LEN); > >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > >> + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; > >> + > >> + MsgArg->NumParams = 2; > >> + > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > >> + > >> + OpenSessionArg->Session = MsgArg->Session; OpenSessionArg->Ret = > >> + MsgArg->Ret; OpenSessionArg->RetOrigin = MsgArg->RetOrigin; > >> + > >> + return EFI_SUCCESS; > >> +} > >> + > >> +EFI_STATUS > >> +EFIAPI > >> +OpteeCloseSession ( > >> + IN UINT32 Session > >> + ) > >> +{ > >> + OPTEE_MSG_ARG *MsgArg; > >> + > >> + MsgArg = NULL; > >> + > >> + if (OpteeShmInfo.Base == 0) { > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > >> + return EFI_NOT_STARTED; > >> + } > >> + > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > >> sizeof > >> + (OPTEE_MSG_ARG)); > >> + > >> + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; MsgArg->Session > = > >> + Session; > >> + > >> + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > >> + > >> + return EFI_SUCCESS; > >> +} > >> + > >> +STATIC > >> +EFI_STATUS > >> +OpteeToMsgParam ( > >> + OUT OPTEE_MSG_PARAM *MsgParams, > >> + IN UINT32 NumParams, > >> + IN OPTEE_MSG_PARAM *InParams > >> + ) > >> +{ > >> + UINT32 Idx; > >> + UINTN ParamShmAddr; > >> + UINTN ShmSize; > >> + UINTN Size; > >> + > >> + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof > >> + (UINT64) - 1); ParamShmAddr = OpteeShmInfo.Base + Size; ShmSize = > >> + OpteeShmInfo.Size - Size; > >> + > >> + for (Idx = 0; Idx < NumParams; Idx++) { > >> + CONST OPTEE_MSG_PARAM *Ip; > >> + OPTEE_MSG_PARAM *Mp; > >> + UINT32 Attr; > >> + > >> + Ip = InParams + Idx; > >> + Mp = MsgParams + Idx; > >> + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > >> + > >> + switch (Attr) { > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > >> + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > >> + ZeroMem (&Mp->U, sizeof (Mp->U)); > >> + break; > >> + > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > >> + Mp->Attr = Attr; > >> + Mp->U.Value.A = Ip->U.Value.A; > >> + Mp->U.Value.B = Ip->U.Value.B; > >> + Mp->U.Value.C = Ip->U.Value.C; > >> + break; > >> + > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > >> + Mp->Attr = Attr; > >> + > >> + if (Ip->U.Mem.Size > ShmSize) { > >> + return EFI_OUT_OF_RESOURCES; > >> + } > >> + > >> + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip- > >> >U.Mem.Size); > >> + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; > >> + Mp->U.Mem.Size = Ip->U.Mem.Size; > >> + > >> + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); > >> + ParamShmAddr += Size; > >> + ShmSize -= Size; > >> + break; > >> + > >> + default: > >> + return EFI_INVALID_PARAMETER; > >> + } > >> + } > >> + > >> + return EFI_SUCCESS; > >> +} > >> + > >> +STATIC > >> +EFI_STATUS > >> +OpteeFromMsgParam ( > >> + OUT OPTEE_MSG_PARAM *OutParams, > >> + IN UINT32 NumParams, > >> + IN OPTEE_MSG_PARAM *MsgParams > >> + ) > >> +{ > >> + UINT32 Idx; > >> + > >> + for (Idx = 0; Idx < NumParams; Idx++) { > >> + OPTEE_MSG_PARAM *Op; > >> + CONST OPTEE_MSG_PARAM *Mp; > >> + UINT32 Attr; > >> + > >> + Op = OutParams + Idx; > >> + Mp = MsgParams + Idx; > >> + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > >> + > >> + switch (Attr) { > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > >> + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > >> + ZeroMem (&Op->U, sizeof (Op->U)); > >> + break; > >> + > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > >> + Op->Attr = Attr; > >> + Op->U.Value.A = Mp->U.Value.A; > >> + Op->U.Value.B = Mp->U.Value.B; > >> + Op->U.Value.C = Mp->U.Value.C; > >> + break; > >> + > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > >> + Op->Attr = Attr; > >> + > >> + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > >> + return EFI_BAD_BUFFER_SIZE; > >> + } > >> + > >> + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, > >> Mp->U.Mem.Size); > >> + Op->U.Mem.Size = Mp->U.Mem.Size; > >> + break; > >> + > >> + default: > >> + return EFI_INVALID_PARAMETER; > >> + } > >> + } > >> + > >> + return EFI_SUCCESS; > >> +} > >> + > >> +EFI_STATUS > >> +EFIAPI > >> +OpteeInvokeFunc ( > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > >> + ) > >> +{ > >> + EFI_STATUS Status; > >> + OPTEE_MSG_ARG *MsgArg; > >> + > >> + MsgArg = NULL; > >> + > >> + if (OpteeShmInfo.Base == 0) { > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > >> + return EFI_NOT_STARTED; > >> + } > >> + > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > >> sizeof > >> + (OPTEE_MSG_ARG)); > >> + > >> + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; MsgArg- > >Func = > >> + InvokeFuncArg->Func; MsgArg->Session = InvokeFuncArg->Session; > >> + > >> + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, > >> + InvokeFuncArg->Params); if (Status) > >> + return Status; > >> + > >> + MsgArg->NumParams = MAX_PARAMS; > >> + > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > >> + > >> + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, > >> MsgArg->Params)) { > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > >> + > >> + InvokeFuncArg->Ret = MsgArg->Ret; > >> + InvokeFuncArg->RetOrigin = MsgArg->RetOrigin; > >> + > >> + return EFI_SUCCESS; > >> +} > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> index 5abd427379cc..e03054a7167d 100644 > >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> @@ -23,11 +23,13 @@ [Defines] > >> > >> [Sources] > >> Optee.c > >> + OpteeSmc.h > >> > >> [Packages] > >> ArmPkg/ArmPkg.dec > >> MdePkg/MdePkg.dec > >> > >> [LibraryClasses] > >> + ArmMmuLib > >> ArmSmcLib > >> BaseLib > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h > >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h > >> new file mode 100644 > >> index 000000000000..e2ea35784a0a > >> --- /dev/null > >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > >> @@ -0,0 +1,43 @@ > >> +/** @file > >> + OP-TEE SMC header file. > >> + > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > >> + > >> + This program and the accompanying materials are licensed and made > >> + available under the terms and conditions of the BSD License which > >> + accompanies this distribution. The full text of the license may be > >> + found at > >> + > >> + > >> > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > >> n > >> + source.org%2Flicenses%2Fbsd- > >> license.php&data=02%7C01%7Cudit.kumar% > >> + > >> > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > >> a92cd99 > >> + > >> > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > >> OOKCyshbg > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > >> + > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > >> BASIS, > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > >> EXPRESS OR IMPLIED. > >> + > >> +**/ > >> + > >> +#ifndef _OPTEE_SMC_H_ > >> +#define _OPTEE_SMC_H_ > >> + > >> +/* Returned in Arg0 only from Trusted OS functions */ > >> +#define OPTEE_SMC_RETURN_OK 0x0 > >> + > >> +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > >> +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > >> +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > >> + > >> +#define OPTEE_SMC_SHM_CACHED 1 > >> + > >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 > >> + > >> +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > >> +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > >> + > >> +#define OPTEE_MSG_ATTR_META 0x100 > >> + > >> +#define TEE_LOGIN_PUBLIC 0x0 > >> + > >> +typedef struct { > >> + UINTN Base; > >> + UINTN Size; > >> +} OPTEE_SHARED_MEMORY_INFO; > >> + > >> +#endif > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > >> similarity index 53% > >> copy from ArmPkg/Include/Library/OpteeLib.h copy to > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h > >> index f65d8674d9b8..14c621d89971 100644 > >> --- a/ArmPkg/Include/Library/OpteeLib.h > >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > >> @@ -1,34 +1,26 @@ > >> -/** @file > >> - OP-TEE specific header file. > >> - > >> - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > >> - > >> - This program and the accompanying materials > >> - are licensed and made available under the terms and conditions of > >> the BSD License > >> - which accompanies this distribution. The full text of the license > >> may be found at > >> - > >> > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > >> nsource.org%2Flicenses%2Fbsd- > >> > license.php&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c > >> > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0% > >> > 7C0%7C636706993250535371&sdata=pyZF9Ku3qEppOOKCyshbg9oCT4 > >> P6AwM2olKY3%2B2ImWs%3D&reserved=0 > >> - > >> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > >> BASIS, > >> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS > >> OR IMPLIED. > >> - > >> -**/ > >> - > >> -#ifndef _OPTEE_H_ > >> -#define _OPTEE_H_ > >> - > >> -/* > >> - * The 'Trusted OS Call UID' is supposed to return the following > >> UUID for > >> - * OP-TEE OS. This is a 128-bit value. > >> - */ > >> -#define OPTEE_OS_UID0 0x384fb3e0 > >> -#define OPTEE_OS_UID1 0xe7f811e3 > >> -#define OPTEE_OS_UID2 0xaf630002 > >> -#define OPTEE_OS_UID3 0xa5d5c51b > >> - > >> -BOOLEAN > >> -EFIAPI > >> -IsOpteePresent ( > >> - VOID > >> - ); > >> - > >> -#endif > >> +/** @file > >> + Standardized Global Platform header file. > >> + > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > >> + > >> + This program and the accompanying materials are licensed and made > >> + available under the terms and conditions of the BSD License which > >> + accompanies this distribution. The full text of the license may be > >> + found at > >> + > >> + > >> > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > >> n > >> + source.org%2Flicenses%2Fbsd- > >> license.php&data=02%7C01%7Cudit.kumar% > >> + > >> > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > >> a92cd99 > >> + > >> > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > >> OOKCyshbg > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > >> + > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > >> BASIS, > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > >> EXPRESS OR IMPLIED. > >> + > >> +**/ > >> + > >> +#ifndef _GLOBAL_PLATFORM_H_ > >> +#define _GLOBAL_PLATFORM_H_ > >> + > >> +#define TEEC_ORIGIN_COMMS 0x00000002 > >> + > >> +#define TEEC_SUCCESS 0x00000000 > >> +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > >> +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > >> +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > >> + > >> +#endif > >> -- > >> 2.7.4 > >> > >> _______________________________________________ > >> edk2-devel mailing list > >> edk2-devel@lists.01.org > >> > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > >> st > >> s.01.org%2Fmailman%2Flistinfo%2Fedk2- > >> > devel&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e > >> > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% > >> > 7C636706993250535371&sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP > >> u%2Fhcds3j9aDPnU%3D&reserved=0 > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- > devel&data=02%7C01%7Cudit.ku > > > mar%40nxp.com%7C5311c5dc22d54095d79d08d609e7fbf5%7C686ea1d3bc2 > b4c6fa92 > > > cd99c5c301635%7C0%7C0%7C636707289305519903&sdata=dwLUq8j9f > 9rxeb37V > > 8fGZKoiWh1TNBnhVFqnuF5oN3g%3D&reserved=0 ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-24 17:45 ` Udit Kumar @ 2018-08-24 18:03 ` Matteo Carlini 2018-08-27 9:58 ` Sumit Garg 0 siblings, 1 reply; 15+ messages in thread From: Matteo Carlini @ 2018-08-24 18:03 UTC (permalink / raw) To: Udit Kumar, Ard Biesheuvel, Achin Gupta Cc: Sumit Garg, edk2-devel@lists.01.org, tee-dev@lists.linaro.org, daniel.thompson@linaro.org, jens.wiklander@linaro.org, Rod Dorris +Achin SPD (for OP-TEE and other Trusted-OSes payloads running at S-EL1) and SPM (for Secure Partitions at S-EL0) are currently mutually exclusive into Trusted Firmware-A codebase. In other words, you cannot turn them on in parallel and execute both a S-EL1 Trusted OS AND (one or many) S-EL0 Secure Partitions in the Secure World with the current Software Architecture. Achin and other Arm architects are trying to figure out a way for solving this problem without the need for a v8.4 Secure-EL2 Hypervisor, obviously without leveraging the isolation benefits of it (see also [1]). But Ard is right: there could be use-cases to ship UEFI systems with OP-TEE and TAs on top...and this should still be currently possible using the SPD dispatcher into TF-A. I've not looked deeply into this patch, but it doesn’t seem to contradict the above Sw architecture. The question would be: would you foresee the need for running one (or many) other (UEFI/EDK2-based) Secure Services in the Secure World into a Secure Partition (using the StandaloneMmPkg) *together* with OP-TEE? Thanks Matteo [1]: https://community.arm.com/processors/b/blog/posts/architecting-more-secure-world-with-isolation-and-virtualization > -----Original Message----- > From: Udit Kumar <udit.kumar@nxp.com> > Sent: 24 August 2018 18:46 > To: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Matteo Carlini > <Matteo.Carlini@arm.com> > Cc: Sumit Garg <sumit.garg@linaro.org>; edk2-devel@lists.01.org; tee- > dev@lists.linaro.org; daniel.thompson@linaro.org; jens.wiklander@linaro.org; > Rod Dorris <rod.dorris@nxp.com> > Subject: RE: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate > with OP-TEE > > Hi Ard > > > If MM mode is fundamentally incompatible with OP-TEE, then you cannot > > run both at the same time, > > Both cannot coexist unless you have v8.4 CPU > > Regards > Udit > > > > > > > >> -----Original Message----- > > >> From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of > > >> Sumit Garg > > >> Sent: Friday, August 24, 2018 2:51 PM > > >> To: edk2-devel@lists.01.org > > >> Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org; > > >> jens.wiklander@linaro.org > > >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to > > >> communicate with OP-TEE > > >> > > >> Add following APIs to communicate with OP-TEE static TA: > > >> 1. OpteeInit > > >> 2. OpteeOpenSession > > >> 3. OpteeCloseSession > > >> 4. OpteeInvokeFunc > > >> > > >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > > >> Cc: Leif Lindholm <leif.lindholm@linaro.org> > > >> Contributed-under: TianoCore Contribution Agreement 1.1 > > >> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > > >> --- > > >> ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > > >> ArmPkg/Library/OpteeLib/Optee.c | 358 > > >> +++++++++++++++++++++ > > >> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > > >> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > > >> .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > > >> 5 files changed, 531 insertions(+), 34 deletions(-) create mode > > >> 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > > >> copy ArmPkg/Include/Library/OpteeLib.h => > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > > >> > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > >> b/ArmPkg/Include/Library/OpteeLib.h > > >> index f65d8674d9b8..c323f49072f8 100644 > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > >> +++ b/ArmPkg/Include/Library/OpteeLib.h > > >> @@ -25,10 +25,112 @@ > > >> #define OPTEE_OS_UID2 0xaf630002 > > >> #define OPTEE_OS_UID3 0xa5d5c51b > > >> > > >> +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > > >> + > > >> +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > > >> + > > >> +typedef struct { > > >> + UINT64 BufPtr; > > >> + UINT64 Size; > > >> + UINT64 ShmRef; > > >> +} OPTEE_MSG_PARAM_MEM; > > >> + > > >> +typedef struct { > > >> + UINT64 A; > > >> + UINT64 B; > > >> + UINT64 C; > > >> +} OPTEE_MSG_PARAM_VALUE; > > >> + > > >> +typedef struct { > > >> + UINT64 Attr; > > >> + union { > > >> + OPTEE_MSG_PARAM_MEM Mem; > > >> + OPTEE_MSG_PARAM_VALUE Value; > > >> + } U; > > >> +} OPTEE_MSG_PARAM; > > >> + > > >> +#define MAX_PARAMS 4 > > >> + > > >> +typedef struct { > > >> + UINT32 Cmd; > > >> + UINT32 Func; > > >> + UINT32 Session; > > >> + UINT32 CancelId; > > >> + UINT32 Pad; > > >> + UINT32 Ret; > > >> + UINT32 RetOrigin; > > >> + UINT32 NumParams; > > >> + > > >> + // NumParams tells the actual number of element in Params > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > >> +} OPTEE_MSG_ARG; > > >> + > > >> +#define OPTEE_UUID_LEN 16 > > >> + > > >> +// > > >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > > >> +// @Uuid: [in] UUID of the Trusted Application > > >> +// @Session: [out] Session id > > >> +// @Ret: [out] Return value > > >> +// @RetOrigin [out] Origin of the return value > > >> +// > > >> +typedef struct { > > >> + UINT8 Uuid[OPTEE_UUID_LEN]; > > >> + UINT32 Session; > > >> + UINT32 Ret; > > >> + UINT32 RetOrigin; > > >> +} OPTEE_OPEN_SESSION_ARG; > > >> + > > >> +// > > >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument > > >> +// @Func: [in] Trusted Application function, specific to the TA > > >> +// @Session: [in] Session id > > >> +// @Ret: [out] Return value > > >> +// @RetOrigin [out] Origin of the return value > > >> +// @Params [inout] Parameters for function to be invoked > > >> +// > > >> +typedef struct { > > >> + UINT32 Func; > > >> + UINT32 Session; > > >> + UINT32 Ret; > > >> + UINT32 RetOrigin; > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > >> +} OPTEE_INVOKE_FUNC_ARG; > > >> + > > >> BOOLEAN > > >> EFIAPI > > >> IsOpteePresent ( > > >> VOID > > >> ); > > >> > > >> +EFI_STATUS > > >> +EFIAPI > > >> +OpteeInit ( > > >> + VOID > > >> + ); > > >> + > > >> +EFI_STATUS > > >> +EFIAPI > > >> +OpteeOpenSession ( > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > >> + ); > > >> + > > >> +EFI_STATUS > > >> +EFIAPI > > >> +OpteeCloseSession ( > > >> + IN UINT32 Session > > >> + ); > > >> + > > >> +EFI_STATUS > > >> +EFIAPI > > >> +OpteeInvokeFunc ( > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > >> + ); > > >> + > > >> #endif > > >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c > > >> b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..2111022d3662 > > >> 100644 > > >> --- a/ArmPkg/Library/OpteeLib/Optee.c > > >> +++ b/ArmPkg/Library/OpteeLib/Optee.c > > >> @@ -14,11 +14,19 @@ > > >> > > >> **/ > > >> > > >> +#include <Library/ArmMmuLib.h> > > >> #include <Library/ArmSmcLib.h> > > >> +#include <Library/BaseMemoryLib.h> > > >> #include <Library/BaseLib.h> > > >> +#include <Library/DebugLib.h> > > >> #include <Library/OpteeLib.h> > > >> > > >> #include <IndustryStandard/ArmStdSmc.h> > > >> +#include <IndustryStandard/GlobalPlatform.h> > > >> +#include <OpteeSmc.h> > > >> +#include <Uefi.h> > > >> + > > >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; > > >> > > >> /** > > >> Check for OP-TEE presence. > > >> @@ -31,6 +39,7 @@ IsOpteePresent ( > > >> { > > >> ARM_SMC_ARGS ArmSmcArgs; > > >> > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > >> // Send a Trusted OS Calls UID command > > >> ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; > > >> ArmCallSmc (&ArmSmcArgs); > > >> @@ -44,3 +53,352 @@ IsOpteePresent ( > > >> return FALSE; > > >> } > > >> } > > >> + > > >> +STATIC > > >> +EFI_STATUS > > >> +OpteeShmMemRemap ( > > >> + VOID > > >> + ) > > >> +{ > > >> + ARM_SMC_ARGS ArmSmcArgs; > > >> + EFI_PHYSICAL_ADDRESS Paddr; > > >> + EFI_PHYSICAL_ADDRESS Start; > > >> + EFI_PHYSICAL_ADDRESS End; > > >> + EFI_STATUS Status; > > >> + UINTN Size; > > >> + > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; > > >> + > > >> + ArmCallSmc (&ArmSmcArgs); > > >> + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); > > >> + return EFI_UNSUPPORTED; > > >> + } > > >> + > > >> + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { > > >> + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared > > memory > > >> supported\n")); > > >> + return EFI_UNSUPPORTED; > > >> + } > > >> + > > >> + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); End > > >> + = > > >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); Paddr = > > >> + Start; Size = End - Start; > > >> + > > >> + if (Size < SIZE_4KB) { > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); > > >> + return EFI_BUFFER_TOO_SMALL; > > >> + } > > >> + > > >> + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); > > >> + if (EFI_ERROR (Status)) { > > >> + return Status; > > >> + } > > >> + > > >> + OpteeShmInfo.Base = (UINTN)Paddr; OpteeShmInfo.Size = Size; > > >> + > > >> + return EFI_SUCCESS; > > >> +} > > >> + > > >> +EFI_STATUS > > >> +EFIAPI > > >> +OpteeInit ( > > >> + VOID > > >> + ) > > >> +{ > > >> + EFI_STATUS Status; > > >> + > > >> + if (!IsOpteePresent ()) { > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > > >> + return EFI_UNSUPPORTED; > > >> + } > > >> + > > >> + Status = OpteeShmMemRemap (); > > >> + if (EFI_ERROR (Status)) { > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); > > >> + return Status; > > >> + } > > >> + > > >> + return EFI_SUCCESS; > > >> +} > > >> + > > >> +/** > > >> + Does Standard SMC to OP-TEE in secure world. > > >> + > > >> + @param[in] Parg Physical address of message to pass to secure world > > >> + > > >> + @return 0 on success, secure world return code otherwise > > >> + > > >> +**/ > > >> +STATIC > > >> +UINT32 > > >> +OpteeCallWithArg ( > > >> + IN EFI_PHYSICAL_ADDRESS Parg > > >> + ) > > >> +{ > > >> + ARM_SMC_ARGS ArmSmcArgs; > > >> + > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; > > >> + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); > > >> + ArmSmcArgs.Arg2 = (UINT32)Parg; > > >> + > > >> + while (TRUE) { > > >> + ArmCallSmc (&ArmSmcArgs); > > >> + > > >> + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { > > >> + // > > >> + // A foreign interrupt was raised while secure world was > > >> + // executing, since they are handled in UEFI a dummy RPC is > > >> + // performed to let UEFI take the interrupt through the normal > > >> + // vector. > > >> + // > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; > > >> + } else { > > >> + break; > > >> + } > > >> + } > > >> + > > >> + return ArmSmcArgs.Arg0; > > >> +} > > >> + > > >> +EFI_STATUS > > >> +EFIAPI > > >> +OpteeOpenSession ( > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > >> + ) > > >> +{ > > >> + OPTEE_MSG_ARG *MsgArg; > > >> + > > >> + MsgArg = NULL; > > >> + > > >> + if (OpteeShmInfo.Base == 0) { > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > >> + return EFI_NOT_STARTED; > > >> + } > > >> + > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > >> sizeof > > >> + (OPTEE_MSG_ARG)); > > >> + > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; > > >> + > > >> + // > > >> + // Initialize and add the meta parameters needed when opening a > > >> + // session. > > >> + // > > >> + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > >> + OPTEE_MSG_ATTR_META; > > >> + MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > >> + OPTEE_MSG_ATTR_META; CopyMem > > >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, > > OPTEE_UUID_LEN); > > >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > > >> + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; > > >> + > > >> + MsgArg->NumParams = 2; > > >> + > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > >> + > > >> + OpenSessionArg->Session = MsgArg->Session; OpenSessionArg->Ret > > >> + = > > >> + MsgArg->Ret; OpenSessionArg->RetOrigin = MsgArg->RetOrigin; > > >> + > > >> + return EFI_SUCCESS; > > >> +} > > >> + > > >> +EFI_STATUS > > >> +EFIAPI > > >> +OpteeCloseSession ( > > >> + IN UINT32 Session > > >> + ) > > >> +{ > > >> + OPTEE_MSG_ARG *MsgArg; > > >> + > > >> + MsgArg = NULL; > > >> + > > >> + if (OpteeShmInfo.Base == 0) { > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > >> + return EFI_NOT_STARTED; > > >> + } > > >> + > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > >> sizeof > > >> + (OPTEE_MSG_ARG)); > > >> + > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; MsgArg->Session > > = > > >> + Session; > > >> + > > >> + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > > >> + > > >> + return EFI_SUCCESS; > > >> +} > > >> + > > >> +STATIC > > >> +EFI_STATUS > > >> +OpteeToMsgParam ( > > >> + OUT OPTEE_MSG_PARAM *MsgParams, > > >> + IN UINT32 NumParams, > > >> + IN OPTEE_MSG_PARAM *InParams > > >> + ) > > >> +{ > > >> + UINT32 Idx; > > >> + UINTN ParamShmAddr; > > >> + UINTN ShmSize; > > >> + UINTN Size; > > >> + > > >> + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof > > >> + (UINT64) - 1); ParamShmAddr = OpteeShmInfo.Base + Size; ShmSize > > >> + = OpteeShmInfo.Size - Size; > > >> + > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > >> + CONST OPTEE_MSG_PARAM *Ip; > > >> + OPTEE_MSG_PARAM *Mp; > > >> + UINT32 Attr; > > >> + > > >> + Ip = InParams + Idx; > > >> + Mp = MsgParams + Idx; > > >> + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > >> + > > >> + switch (Attr) { > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > >> + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > >> + ZeroMem (&Mp->U, sizeof (Mp->U)); > > >> + break; > > >> + > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > >> + Mp->Attr = Attr; > > >> + Mp->U.Value.A = Ip->U.Value.A; > > >> + Mp->U.Value.B = Ip->U.Value.B; > > >> + Mp->U.Value.C = Ip->U.Value.C; > > >> + break; > > >> + > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > >> + Mp->Attr = Attr; > > >> + > > >> + if (Ip->U.Mem.Size > ShmSize) { > > >> + return EFI_OUT_OF_RESOURCES; > > >> + } > > >> + > > >> + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip- > > >> >U.Mem.Size); > > >> + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; > > >> + Mp->U.Mem.Size = Ip->U.Mem.Size; > > >> + > > >> + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); > > >> + ParamShmAddr += Size; > > >> + ShmSize -= Size; > > >> + break; > > >> + > > >> + default: > > >> + return EFI_INVALID_PARAMETER; > > >> + } > > >> + } > > >> + > > >> + return EFI_SUCCESS; > > >> +} > > >> + > > >> +STATIC > > >> +EFI_STATUS > > >> +OpteeFromMsgParam ( > > >> + OUT OPTEE_MSG_PARAM *OutParams, > > >> + IN UINT32 NumParams, > > >> + IN OPTEE_MSG_PARAM *MsgParams > > >> + ) > > >> +{ > > >> + UINT32 Idx; > > >> + > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > >> + OPTEE_MSG_PARAM *Op; > > >> + CONST OPTEE_MSG_PARAM *Mp; > > >> + UINT32 Attr; > > >> + > > >> + Op = OutParams + Idx; > > >> + Mp = MsgParams + Idx; > > >> + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > >> + > > >> + switch (Attr) { > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > >> + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > >> + ZeroMem (&Op->U, sizeof (Op->U)); > > >> + break; > > >> + > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > >> + Op->Attr = Attr; > > >> + Op->U.Value.A = Mp->U.Value.A; > > >> + Op->U.Value.B = Mp->U.Value.B; > > >> + Op->U.Value.C = Mp->U.Value.C; > > >> + break; > > >> + > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > >> + Op->Attr = Attr; > > >> + > > >> + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > > >> + return EFI_BAD_BUFFER_SIZE; > > >> + } > > >> + > > >> + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, > > >> Mp->U.Mem.Size); > > >> + Op->U.Mem.Size = Mp->U.Mem.Size; > > >> + break; > > >> + > > >> + default: > > >> + return EFI_INVALID_PARAMETER; > > >> + } > > >> + } > > >> + > > >> + return EFI_SUCCESS; > > >> +} > > >> + > > >> +EFI_STATUS > > >> +EFIAPI > > >> +OpteeInvokeFunc ( > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > >> + ) > > >> +{ > > >> + EFI_STATUS Status; > > >> + OPTEE_MSG_ARG *MsgArg; > > >> + > > >> + MsgArg = NULL; > > >> + > > >> + if (OpteeShmInfo.Base == 0) { > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > >> + return EFI_NOT_STARTED; > > >> + } > > >> + > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > >> sizeof > > >> + (OPTEE_MSG_ARG)); > > >> + > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; MsgArg- > > >Func = > > >> + InvokeFuncArg->Func; MsgArg->Session = InvokeFuncArg->Session; > > >> + > > >> + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, > > >> + InvokeFuncArg->Params); if (Status) > > >> + return Status; > > >> + > > >> + MsgArg->NumParams = MAX_PARAMS; > > >> + > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > >> + > > >> + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, > > >> MsgArg->Params)) { > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > >> + > > >> + InvokeFuncArg->Ret = MsgArg->Ret; InvokeFuncArg->RetOrigin = > > >> + MsgArg->RetOrigin; > > >> + > > >> + return EFI_SUCCESS; > > >> +} > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > >> index 5abd427379cc..e03054a7167d 100644 > > >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > >> @@ -23,11 +23,13 @@ [Defines] > > >> > > >> [Sources] > > >> Optee.c > > >> + OpteeSmc.h > > >> > > >> [Packages] > > >> ArmPkg/ArmPkg.dec > > >> MdePkg/MdePkg.dec > > >> > > >> [LibraryClasses] > > >> + ArmMmuLib > > >> ArmSmcLib > > >> BaseLib > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h > > >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > >> new file mode 100644 > > >> index 000000000000..e2ea35784a0a > > >> --- /dev/null > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > >> @@ -0,0 +1,43 @@ > > >> +/** @file > > >> + OP-TEE SMC header file. > > >> + > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > >> + > > >> + This program and the accompanying materials are licensed and > > >> + made available under the terms and conditions of the BSD License > > >> + which accompanies this distribution. The full text of the > > >> + license may be found at > > >> + > > >> + > > >> > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > >> n > > >> + source.org%2Flicenses%2Fbsd- > > >> license.php&data=02%7C01%7Cudit.kumar% > > >> + > > >> > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > > >> a92cd99 > > >> + > > >> > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > >> OOKCyshbg > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > >> + > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > >> BASIS, > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > >> EXPRESS OR IMPLIED. > > >> + > > >> +**/ > > >> + > > >> +#ifndef _OPTEE_SMC_H_ > > >> +#define _OPTEE_SMC_H_ > > >> + > > >> +/* Returned in Arg0 only from Trusted OS functions */ > > >> +#define OPTEE_SMC_RETURN_OK 0x0 > > >> + > > >> +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > > >> +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > > >> +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > > >> + > > >> +#define OPTEE_SMC_SHM_CACHED 1 > > >> + > > >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 > > >> + > > >> +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > > >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > > >> +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > > >> + > > >> +#define OPTEE_MSG_ATTR_META 0x100 > > >> + > > >> +#define TEE_LOGIN_PUBLIC 0x0 > > >> + > > >> +typedef struct { > > >> + UINTN Base; > > >> + UINTN Size; > > >> +} OPTEE_SHARED_MEMORY_INFO; > > >> + > > >> +#endif > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > >> similarity index 53% > > >> copy from ArmPkg/Include/Library/OpteeLib.h copy to > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h > > >> index f65d8674d9b8..14c621d89971 100644 > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > >> @@ -1,34 +1,26 @@ > > >> -/** @file > > >> - OP-TEE specific header file. > > >> - > > >> - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > >> - > > >> - This program and the accompanying materials > > >> - are licensed and made available under the terms and conditions > > >> of the BSD License > > >> - which accompanies this distribution. The full text of the > > >> license may be found at > > >> - > > >> > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > >> nsource.org%2Flicenses%2Fbsd- > > >> > > license.php&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c > > >> > > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0% > > >> > > 7C0%7C636706993250535371&sdata=pyZF9Ku3qEppOOKCyshbg9oCT4 > > >> P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > >> - > > >> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > >> BASIS, > > >> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > EXPRESS > > >> OR IMPLIED. > > >> - > > >> -**/ > > >> - > > >> -#ifndef _OPTEE_H_ > > >> -#define _OPTEE_H_ > > >> - > > >> -/* > > >> - * The 'Trusted OS Call UID' is supposed to return the following > > >> UUID for > > >> - * OP-TEE OS. This is a 128-bit value. > > >> - */ > > >> -#define OPTEE_OS_UID0 0x384fb3e0 > > >> -#define OPTEE_OS_UID1 0xe7f811e3 > > >> -#define OPTEE_OS_UID2 0xaf630002 > > >> -#define OPTEE_OS_UID3 0xa5d5c51b > > >> - > > >> -BOOLEAN > > >> -EFIAPI > > >> -IsOpteePresent ( > > >> - VOID > > >> - ); > > >> - > > >> -#endif > > >> +/** @file > > >> + Standardized Global Platform header file. > > >> + > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > >> + > > >> + This program and the accompanying materials are licensed and > > >> + made available under the terms and conditions of the BSD License > > >> + which accompanies this distribution. The full text of the > > >> + license may be found at > > >> + > > >> + > > >> > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > >> n > > >> + source.org%2Flicenses%2Fbsd- > > >> license.php&data=02%7C01%7Cudit.kumar% > > >> + > > >> > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > > >> a92cd99 > > >> + > > >> > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > >> OOKCyshbg > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > >> + > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > >> BASIS, > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > >> EXPRESS OR IMPLIED. > > >> + > > >> +**/ > > >> + > > >> +#ifndef _GLOBAL_PLATFORM_H_ > > >> +#define _GLOBAL_PLATFORM_H_ > > >> + > > >> +#define TEEC_ORIGIN_COMMS 0x00000002 > > >> + > > >> +#define TEEC_SUCCESS 0x00000000 > > >> +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > > >> +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > > >> +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > > >> + > > >> +#endif > > >> -- > > >> 2.7.4 > > >> > > >> _______________________________________________ > > >> edk2-devel mailing list > > >> edk2-devel@lists.01.org > > >> > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > > >> st > > >> s.01.org%2Fmailman%2Flistinfo%2Fedk2- > > >> > > devel&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e > > >> > > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% > > >> > > 7C636706993250535371&sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP > > >> u%2Fhcds3j9aDPnU%3D&reserved=0 > > > _______________________________________________ > > > edk2-devel mailing list > > > edk2-devel@lists.01.org > > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis > > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- > > devel&data=02%7C01%7Cudit.ku > > > > > mar%40nxp.com%7C5311c5dc22d54095d79d08d609e7fbf5%7C686ea1d3bc2 > > b4c6fa92 > > > > > cd99c5c301635%7C0%7C0%7C636707289305519903&sdata=dwLUq8j9f > > 9rxeb37V > > > 8fGZKoiWh1TNBnhVFqnuF5oN3g%3D&reserved=0 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-24 18:03 ` Matteo Carlini @ 2018-08-27 9:58 ` Sumit Garg 2018-08-28 13:08 ` Achin Gupta 0 siblings, 1 reply; 15+ messages in thread From: Sumit Garg @ 2018-08-27 9:58 UTC (permalink / raw) To: Matteo.Carlini, Achin.Gupta Cc: udit.kumar, Ard Biesheuvel, edk2-devel, tee-dev, Daniel Thompson, Jens Wiklander, rod.dorris On Fri, 24 Aug 2018 at 23:33, Matteo Carlini <Matteo.Carlini@arm.com> wrote: > > +Achin > > SPD (for OP-TEE and other Trusted-OSes payloads running at S-EL1) and SPM (for Secure Partitions at S-EL0) are currently mutually exclusive into Trusted Firmware-A codebase. > > In other words, you cannot turn them on in parallel and execute both a S-EL1 Trusted OS AND (one or many) S-EL0 Secure Partitions in the Secure World with the current Software Architecture. > IIUC, currently BL32 image is common in Trusted Firmware-A code-base. If we turn on SPD then BL32=<trusted-os image> else if we turn on SPM then BL32=<SPM S-EL0 image>, correct? But I think SMC calling conventions (SMC Calling Convention [1] and Management Mode Interface Specification [2]) doesn't put any such restrictions as SMC function IDs are totally separate. > Achin and other Arm architects are trying to figure out a way for solving this problem without the need for a v8.4 Secure-EL2 Hypervisor, obviously without leveraging the isolation benefits of it (see also [1]). > Agree we won't be having isolation benefits which provides added level of Security. > But Ard is right: there could be use-cases to ship UEFI systems with OP-TEE and TAs on top...and this should still be currently possible using the SPD dispatcher into TF-A. I've not looked deeply into this patch, but it doesn’t seem to contradict the above Sw architecture. > > The question would be: would you foresee the need for running one (or many) other (UEFI/EDK2-based) Secure Services in the Secure World into a Secure Partition (using the StandaloneMmPkg) *together* with OP-TEE? > As per following quote from Management Mode Interface Specification [2]: "Management Mode (MM) provides an environment for implementing OS agnostic services (MM services) like RAS error handling, secure variable storage, and firmware updates in system firmware. The services can be invoked synchronously and asynchronously." It seems that MM mode is designed for more robust and platform specific services whereas OP-TEE (or any trusted OS) use-cases seem to be more complex like Entropy pool (RNG as in our case), DRM (could be valid use-case for Android TV or Chromebook), keymaster or keystore (for Edge devices) etc. So it looks like they complement each other and we will have more robustness once we migrate to v8.4 Secure-EL2 Hypervisor for isolation support. Please feel free to correct me if I missed something. Regards, Sumit [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf [2] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf > Thanks > Matteo > > [1]: https://community.arm.com/processors/b/blog/posts/architecting-more-secure-world-with-isolation-and-virtualization > > > -----Original Message----- > > From: Udit Kumar <udit.kumar@nxp.com> > > Sent: 24 August 2018 18:46 > > To: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Matteo Carlini > > <Matteo.Carlini@arm.com> > > Cc: Sumit Garg <sumit.garg@linaro.org>; edk2-devel@lists.01.org; tee- > > dev@lists.linaro.org; daniel.thompson@linaro.org; jens.wiklander@linaro.org; > > Rod Dorris <rod.dorris@nxp.com> > > Subject: RE: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate > > with OP-TEE > > > > Hi Ard > > > > > If MM mode is fundamentally incompatible with OP-TEE, then you cannot > > > run both at the same time, > > > > Both cannot coexist unless you have v8.4 CPU > > > > Regards > > Udit > > > > > > > > > > > >> -----Original Message----- > > > >> From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of > > > >> Sumit Garg > > > >> Sent: Friday, August 24, 2018 2:51 PM > > > >> To: edk2-devel@lists.01.org > > > >> Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org; > > > >> jens.wiklander@linaro.org > > > >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to > > > >> communicate with OP-TEE > > > >> > > > >> Add following APIs to communicate with OP-TEE static TA: > > > >> 1. OpteeInit > > > >> 2. OpteeOpenSession > > > >> 3. OpteeCloseSession > > > >> 4. OpteeInvokeFunc > > > >> > > > >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > > > >> Cc: Leif Lindholm <leif.lindholm@linaro.org> > > > >> Contributed-under: TianoCore Contribution Agreement 1.1 > > > >> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > > > >> --- > > > >> ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > > > >> ArmPkg/Library/OpteeLib/Optee.c | 358 > > > >> +++++++++++++++++++++ > > > >> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > > > >> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > > > >> .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > > > >> 5 files changed, 531 insertions(+), 34 deletions(-) create mode > > > >> 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > > > >> copy ArmPkg/Include/Library/OpteeLib.h => > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > > > >> > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > > >> b/ArmPkg/Include/Library/OpteeLib.h > > > >> index f65d8674d9b8..c323f49072f8 100644 > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > > >> +++ b/ArmPkg/Include/Library/OpteeLib.h > > > >> @@ -25,10 +25,112 @@ > > > >> #define OPTEE_OS_UID2 0xaf630002 > > > >> #define OPTEE_OS_UID3 0xa5d5c51b > > > >> > > > >> +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > > > >> + > > > >> +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > > > >> + > > > >> +typedef struct { > > > >> + UINT64 BufPtr; > > > >> + UINT64 Size; > > > >> + UINT64 ShmRef; > > > >> +} OPTEE_MSG_PARAM_MEM; > > > >> + > > > >> +typedef struct { > > > >> + UINT64 A; > > > >> + UINT64 B; > > > >> + UINT64 C; > > > >> +} OPTEE_MSG_PARAM_VALUE; > > > >> + > > > >> +typedef struct { > > > >> + UINT64 Attr; > > > >> + union { > > > >> + OPTEE_MSG_PARAM_MEM Mem; > > > >> + OPTEE_MSG_PARAM_VALUE Value; > > > >> + } U; > > > >> +} OPTEE_MSG_PARAM; > > > >> + > > > >> +#define MAX_PARAMS 4 > > > >> + > > > >> +typedef struct { > > > >> + UINT32 Cmd; > > > >> + UINT32 Func; > > > >> + UINT32 Session; > > > >> + UINT32 CancelId; > > > >> + UINT32 Pad; > > > >> + UINT32 Ret; > > > >> + UINT32 RetOrigin; > > > >> + UINT32 NumParams; > > > >> + > > > >> + // NumParams tells the actual number of element in Params > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > > >> +} OPTEE_MSG_ARG; > > > >> + > > > >> +#define OPTEE_UUID_LEN 16 > > > >> + > > > >> +// > > > >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > > > >> +// @Uuid: [in] UUID of the Trusted Application > > > >> +// @Session: [out] Session id > > > >> +// @Ret: [out] Return value > > > >> +// @RetOrigin [out] Origin of the return value > > > >> +// > > > >> +typedef struct { > > > >> + UINT8 Uuid[OPTEE_UUID_LEN]; > > > >> + UINT32 Session; > > > >> + UINT32 Ret; > > > >> + UINT32 RetOrigin; > > > >> +} OPTEE_OPEN_SESSION_ARG; > > > >> + > > > >> +// > > > >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument > > > >> +// @Func: [in] Trusted Application function, specific to the TA > > > >> +// @Session: [in] Session id > > > >> +// @Ret: [out] Return value > > > >> +// @RetOrigin [out] Origin of the return value > > > >> +// @Params [inout] Parameters for function to be invoked > > > >> +// > > > >> +typedef struct { > > > >> + UINT32 Func; > > > >> + UINT32 Session; > > > >> + UINT32 Ret; > > > >> + UINT32 RetOrigin; > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > > >> +} OPTEE_INVOKE_FUNC_ARG; > > > >> + > > > >> BOOLEAN > > > >> EFIAPI > > > >> IsOpteePresent ( > > > >> VOID > > > >> ); > > > >> > > > >> +EFI_STATUS > > > >> +EFIAPI > > > >> +OpteeInit ( > > > >> + VOID > > > >> + ); > > > >> + > > > >> +EFI_STATUS > > > >> +EFIAPI > > > >> +OpteeOpenSession ( > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > > >> + ); > > > >> + > > > >> +EFI_STATUS > > > >> +EFIAPI > > > >> +OpteeCloseSession ( > > > >> + IN UINT32 Session > > > >> + ); > > > >> + > > > >> +EFI_STATUS > > > >> +EFIAPI > > > >> +OpteeInvokeFunc ( > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > > >> + ); > > > >> + > > > >> #endif > > > >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c > > > >> b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..2111022d3662 > > > >> 100644 > > > >> --- a/ArmPkg/Library/OpteeLib/Optee.c > > > >> +++ b/ArmPkg/Library/OpteeLib/Optee.c > > > >> @@ -14,11 +14,19 @@ > > > >> > > > >> **/ > > > >> > > > >> +#include <Library/ArmMmuLib.h> > > > >> #include <Library/ArmSmcLib.h> > > > >> +#include <Library/BaseMemoryLib.h> > > > >> #include <Library/BaseLib.h> > > > >> +#include <Library/DebugLib.h> > > > >> #include <Library/OpteeLib.h> > > > >> > > > >> #include <IndustryStandard/ArmStdSmc.h> > > > >> +#include <IndustryStandard/GlobalPlatform.h> > > > >> +#include <OpteeSmc.h> > > > >> +#include <Uefi.h> > > > >> + > > > >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; > > > >> > > > >> /** > > > >> Check for OP-TEE presence. > > > >> @@ -31,6 +39,7 @@ IsOpteePresent ( > > > >> { > > > >> ARM_SMC_ARGS ArmSmcArgs; > > > >> > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > >> // Send a Trusted OS Calls UID command > > > >> ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; > > > >> ArmCallSmc (&ArmSmcArgs); > > > >> @@ -44,3 +53,352 @@ IsOpteePresent ( > > > >> return FALSE; > > > >> } > > > >> } > > > >> + > > > >> +STATIC > > > >> +EFI_STATUS > > > >> +OpteeShmMemRemap ( > > > >> + VOID > > > >> + ) > > > >> +{ > > > >> + ARM_SMC_ARGS ArmSmcArgs; > > > >> + EFI_PHYSICAL_ADDRESS Paddr; > > > >> + EFI_PHYSICAL_ADDRESS Start; > > > >> + EFI_PHYSICAL_ADDRESS End; > > > >> + EFI_STATUS Status; > > > >> + UINTN Size; > > > >> + > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; > > > >> + > > > >> + ArmCallSmc (&ArmSmcArgs); > > > >> + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); > > > >> + return EFI_UNSUPPORTED; > > > >> + } > > > >> + > > > >> + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared > > > memory > > > >> supported\n")); > > > >> + return EFI_UNSUPPORTED; > > > >> + } > > > >> + > > > >> + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); End > > > >> + = > > > >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); Paddr = > > > >> + Start; Size = End - Start; > > > >> + > > > >> + if (Size < SIZE_4KB) { > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); > > > >> + return EFI_BUFFER_TOO_SMALL; > > > >> + } > > > >> + > > > >> + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); > > > >> + if (EFI_ERROR (Status)) { > > > >> + return Status; > > > >> + } > > > >> + > > > >> + OpteeShmInfo.Base = (UINTN)Paddr; OpteeShmInfo.Size = Size; > > > >> + > > > >> + return EFI_SUCCESS; > > > >> +} > > > >> + > > > >> +EFI_STATUS > > > >> +EFIAPI > > > >> +OpteeInit ( > > > >> + VOID > > > >> + ) > > > >> +{ > > > >> + EFI_STATUS Status; > > > >> + > > > >> + if (!IsOpteePresent ()) { > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > > > >> + return EFI_UNSUPPORTED; > > > >> + } > > > >> + > > > >> + Status = OpteeShmMemRemap (); > > > >> + if (EFI_ERROR (Status)) { > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); > > > >> + return Status; > > > >> + } > > > >> + > > > >> + return EFI_SUCCESS; > > > >> +} > > > >> + > > > >> +/** > > > >> + Does Standard SMC to OP-TEE in secure world. > > > >> + > > > >> + @param[in] Parg Physical address of message to pass to secure world > > > >> + > > > >> + @return 0 on success, secure world return code otherwise > > > >> + > > > >> +**/ > > > >> +STATIC > > > >> +UINT32 > > > >> +OpteeCallWithArg ( > > > >> + IN EFI_PHYSICAL_ADDRESS Parg > > > >> + ) > > > >> +{ > > > >> + ARM_SMC_ARGS ArmSmcArgs; > > > >> + > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; > > > >> + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); > > > >> + ArmSmcArgs.Arg2 = (UINT32)Parg; > > > >> + > > > >> + while (TRUE) { > > > >> + ArmCallSmc (&ArmSmcArgs); > > > >> + > > > >> + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { > > > >> + // > > > >> + // A foreign interrupt was raised while secure world was > > > >> + // executing, since they are handled in UEFI a dummy RPC is > > > >> + // performed to let UEFI take the interrupt through the normal > > > >> + // vector. > > > >> + // > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; > > > >> + } else { > > > >> + break; > > > >> + } > > > >> + } > > > >> + > > > >> + return ArmSmcArgs.Arg0; > > > >> +} > > > >> + > > > >> +EFI_STATUS > > > >> +EFIAPI > > > >> +OpteeOpenSession ( > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > > >> + ) > > > >> +{ > > > >> + OPTEE_MSG_ARG *MsgArg; > > > >> + > > > >> + MsgArg = NULL; > > > >> + > > > >> + if (OpteeShmInfo.Base == 0) { > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > >> + return EFI_NOT_STARTED; > > > >> + } > > > >> + > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > >> sizeof > > > >> + (OPTEE_MSG_ARG)); > > > >> + > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; > > > >> + > > > >> + // > > > >> + // Initialize and add the meta parameters needed when opening a > > > >> + // session. > > > >> + // > > > >> + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > > >> + OPTEE_MSG_ATTR_META; > > > >> + MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > > >> + OPTEE_MSG_ATTR_META; CopyMem > > > >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, > > > OPTEE_UUID_LEN); > > > >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > > > >> + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; > > > >> + > > > >> + MsgArg->NumParams = 2; > > > >> + > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > >> + > > > >> + OpenSessionArg->Session = MsgArg->Session; OpenSessionArg->Ret > > > >> + = > > > >> + MsgArg->Ret; OpenSessionArg->RetOrigin = MsgArg->RetOrigin; > > > >> + > > > >> + return EFI_SUCCESS; > > > >> +} > > > >> + > > > >> +EFI_STATUS > > > >> +EFIAPI > > > >> +OpteeCloseSession ( > > > >> + IN UINT32 Session > > > >> + ) > > > >> +{ > > > >> + OPTEE_MSG_ARG *MsgArg; > > > >> + > > > >> + MsgArg = NULL; > > > >> + > > > >> + if (OpteeShmInfo.Base == 0) { > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > >> + return EFI_NOT_STARTED; > > > >> + } > > > >> + > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > >> sizeof > > > >> + (OPTEE_MSG_ARG)); > > > >> + > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; MsgArg->Session > > > = > > > >> + Session; > > > >> + > > > >> + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > > > >> + > > > >> + return EFI_SUCCESS; > > > >> +} > > > >> + > > > >> +STATIC > > > >> +EFI_STATUS > > > >> +OpteeToMsgParam ( > > > >> + OUT OPTEE_MSG_PARAM *MsgParams, > > > >> + IN UINT32 NumParams, > > > >> + IN OPTEE_MSG_PARAM *InParams > > > >> + ) > > > >> +{ > > > >> + UINT32 Idx; > > > >> + UINTN ParamShmAddr; > > > >> + UINTN ShmSize; > > > >> + UINTN Size; > > > >> + > > > >> + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof > > > >> + (UINT64) - 1); ParamShmAddr = OpteeShmInfo.Base + Size; ShmSize > > > >> + = OpteeShmInfo.Size - Size; > > > >> + > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > > >> + CONST OPTEE_MSG_PARAM *Ip; > > > >> + OPTEE_MSG_PARAM *Mp; > > > >> + UINT32 Attr; > > > >> + > > > >> + Ip = InParams + Idx; > > > >> + Mp = MsgParams + Idx; > > > >> + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > > >> + > > > >> + switch (Attr) { > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > > >> + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > > >> + ZeroMem (&Mp->U, sizeof (Mp->U)); > > > >> + break; > > > >> + > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > > >> + Mp->Attr = Attr; > > > >> + Mp->U.Value.A = Ip->U.Value.A; > > > >> + Mp->U.Value.B = Ip->U.Value.B; > > > >> + Mp->U.Value.C = Ip->U.Value.C; > > > >> + break; > > > >> + > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > > >> + Mp->Attr = Attr; > > > >> + > > > >> + if (Ip->U.Mem.Size > ShmSize) { > > > >> + return EFI_OUT_OF_RESOURCES; > > > >> + } > > > >> + > > > >> + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip- > > > >> >U.Mem.Size); > > > >> + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; > > > >> + Mp->U.Mem.Size = Ip->U.Mem.Size; > > > >> + > > > >> + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); > > > >> + ParamShmAddr += Size; > > > >> + ShmSize -= Size; > > > >> + break; > > > >> + > > > >> + default: > > > >> + return EFI_INVALID_PARAMETER; > > > >> + } > > > >> + } > > > >> + > > > >> + return EFI_SUCCESS; > > > >> +} > > > >> + > > > >> +STATIC > > > >> +EFI_STATUS > > > >> +OpteeFromMsgParam ( > > > >> + OUT OPTEE_MSG_PARAM *OutParams, > > > >> + IN UINT32 NumParams, > > > >> + IN OPTEE_MSG_PARAM *MsgParams > > > >> + ) > > > >> +{ > > > >> + UINT32 Idx; > > > >> + > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > > >> + OPTEE_MSG_PARAM *Op; > > > >> + CONST OPTEE_MSG_PARAM *Mp; > > > >> + UINT32 Attr; > > > >> + > > > >> + Op = OutParams + Idx; > > > >> + Mp = MsgParams + Idx; > > > >> + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > > >> + > > > >> + switch (Attr) { > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > > >> + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > > >> + ZeroMem (&Op->U, sizeof (Op->U)); > > > >> + break; > > > >> + > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > > >> + Op->Attr = Attr; > > > >> + Op->U.Value.A = Mp->U.Value.A; > > > >> + Op->U.Value.B = Mp->U.Value.B; > > > >> + Op->U.Value.C = Mp->U.Value.C; > > > >> + break; > > > >> + > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > > >> + Op->Attr = Attr; > > > >> + > > > >> + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > > > >> + return EFI_BAD_BUFFER_SIZE; > > > >> + } > > > >> + > > > >> + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, > > > >> Mp->U.Mem.Size); > > > >> + Op->U.Mem.Size = Mp->U.Mem.Size; > > > >> + break; > > > >> + > > > >> + default: > > > >> + return EFI_INVALID_PARAMETER; > > > >> + } > > > >> + } > > > >> + > > > >> + return EFI_SUCCESS; > > > >> +} > > > >> + > > > >> +EFI_STATUS > > > >> +EFIAPI > > > >> +OpteeInvokeFunc ( > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > > >> + ) > > > >> +{ > > > >> + EFI_STATUS Status; > > > >> + OPTEE_MSG_ARG *MsgArg; > > > >> + > > > >> + MsgArg = NULL; > > > >> + > > > >> + if (OpteeShmInfo.Base == 0) { > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > >> + return EFI_NOT_STARTED; > > > >> + } > > > >> + > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > >> sizeof > > > >> + (OPTEE_MSG_ARG)); > > > >> + > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; MsgArg- > > > >Func = > > > >> + InvokeFuncArg->Func; MsgArg->Session = InvokeFuncArg->Session; > > > >> + > > > >> + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, > > > >> + InvokeFuncArg->Params); if (Status) > > > >> + return Status; > > > >> + > > > >> + MsgArg->NumParams = MAX_PARAMS; > > > >> + > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > >> + > > > >> + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, > > > >> MsgArg->Params)) { > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > >> + > > > >> + InvokeFuncArg->Ret = MsgArg->Ret; InvokeFuncArg->RetOrigin = > > > >> + MsgArg->RetOrigin; > > > >> + > > > >> + return EFI_SUCCESS; > > > >> +} > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > >> index 5abd427379cc..e03054a7167d 100644 > > > >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > >> @@ -23,11 +23,13 @@ [Defines] > > > >> > > > >> [Sources] > > > >> Optee.c > > > >> + OpteeSmc.h > > > >> > > > >> [Packages] > > > >> ArmPkg/ArmPkg.dec > > > >> MdePkg/MdePkg.dec > > > >> > > > >> [LibraryClasses] > > > >> + ArmMmuLib > > > >> ArmSmcLib > > > >> BaseLib > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > >> new file mode 100644 > > > >> index 000000000000..e2ea35784a0a > > > >> --- /dev/null > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > >> @@ -0,0 +1,43 @@ > > > >> +/** @file > > > >> + OP-TEE SMC header file. > > > >> + > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > >> + > > > >> + This program and the accompanying materials are licensed and > > > >> + made available under the terms and conditions of the BSD License > > > >> + which accompanies this distribution. The full text of the > > > >> + license may be found at > > > >> + > > > >> + > > > >> > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > >> n > > > >> + source.org%2Flicenses%2Fbsd- > > > >> license.php&data=02%7C01%7Cudit.kumar% > > > >> + > > > >> > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > > > >> a92cd99 > > > >> + > > > >> > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > > >> OOKCyshbg > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > >> + > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > >> BASIS, > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > >> EXPRESS OR IMPLIED. > > > >> + > > > >> +**/ > > > >> + > > > >> +#ifndef _OPTEE_SMC_H_ > > > >> +#define _OPTEE_SMC_H_ > > > >> + > > > >> +/* Returned in Arg0 only from Trusted OS functions */ > > > >> +#define OPTEE_SMC_RETURN_OK 0x0 > > > >> + > > > >> +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > > > >> +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > > > >> +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > > > >> + > > > >> +#define OPTEE_SMC_SHM_CACHED 1 > > > >> + > > > >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 > > > >> + > > > >> +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > > > >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > > > >> +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > > > >> + > > > >> +#define OPTEE_MSG_ATTR_META 0x100 > > > >> + > > > >> +#define TEE_LOGIN_PUBLIC 0x0 > > > >> + > > > >> +typedef struct { > > > >> + UINTN Base; > > > >> + UINTN Size; > > > >> +} OPTEE_SHARED_MEMORY_INFO; > > > >> + > > > >> +#endif > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > > >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > >> similarity index 53% > > > >> copy from ArmPkg/Include/Library/OpteeLib.h copy to > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > >> index f65d8674d9b8..14c621d89971 100644 > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > > >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > >> @@ -1,34 +1,26 @@ > > > >> -/** @file > > > >> - OP-TEE specific header file. > > > >> - > > > >> - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > >> - > > > >> - This program and the accompanying materials > > > >> - are licensed and made available under the terms and conditions > > > >> of the BSD License > > > >> - which accompanies this distribution. The full text of the > > > >> license may be found at > > > >> - > > > >> > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > >> nsource.org%2Flicenses%2Fbsd- > > > >> > > > license.php&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c > > > >> > > > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0% > > > >> > > > 7C0%7C636706993250535371&sdata=pyZF9Ku3qEppOOKCyshbg9oCT4 > > > >> P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > >> - > > > >> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > >> BASIS, > > > >> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > EXPRESS > > > >> OR IMPLIED. > > > >> - > > > >> -**/ > > > >> - > > > >> -#ifndef _OPTEE_H_ > > > >> -#define _OPTEE_H_ > > > >> - > > > >> -/* > > > >> - * The 'Trusted OS Call UID' is supposed to return the following > > > >> UUID for > > > >> - * OP-TEE OS. This is a 128-bit value. > > > >> - */ > > > >> -#define OPTEE_OS_UID0 0x384fb3e0 > > > >> -#define OPTEE_OS_UID1 0xe7f811e3 > > > >> -#define OPTEE_OS_UID2 0xaf630002 > > > >> -#define OPTEE_OS_UID3 0xa5d5c51b > > > >> - > > > >> -BOOLEAN > > > >> -EFIAPI > > > >> -IsOpteePresent ( > > > >> - VOID > > > >> - ); > > > >> - > > > >> -#endif > > > >> +/** @file > > > >> + Standardized Global Platform header file. > > > >> + > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > >> + > > > >> + This program and the accompanying materials are licensed and > > > >> + made available under the terms and conditions of the BSD License > > > >> + which accompanies this distribution. The full text of the > > > >> + license may be found at > > > >> + > > > >> + > > > >> > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > >> n > > > >> + source.org%2Flicenses%2Fbsd- > > > >> license.php&data=02%7C01%7Cudit.kumar% > > > >> + > > > >> > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > > > >> a92cd99 > > > >> + > > > >> > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > > >> OOKCyshbg > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > >> + > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > >> BASIS, > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > >> EXPRESS OR IMPLIED. > > > >> + > > > >> +**/ > > > >> + > > > >> +#ifndef _GLOBAL_PLATFORM_H_ > > > >> +#define _GLOBAL_PLATFORM_H_ > > > >> + > > > >> +#define TEEC_ORIGIN_COMMS 0x00000002 > > > >> + > > > >> +#define TEEC_SUCCESS 0x00000000 > > > >> +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > > > >> +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > > > >> +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > > > >> + > > > >> +#endif > > > >> -- > > > >> 2.7.4 > > > >> > > > >> _______________________________________________ > > > >> edk2-devel mailing list > > > >> edk2-devel@lists.01.org > > > >> > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > > > >> st > > > >> s.01.org%2Fmailman%2Flistinfo%2Fedk2- > > > >> > > > devel&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e > > > >> > > > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% > > > >> > > > 7C636706993250535371&sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP > > > >> u%2Fhcds3j9aDPnU%3D&reserved=0 > > > > _______________________________________________ > > > > edk2-devel mailing list > > > > edk2-devel@lists.01.org > > > > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis > > > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- > > > devel&data=02%7C01%7Cudit.ku > > > > > > > mar%40nxp.com%7C5311c5dc22d54095d79d08d609e7fbf5%7C686ea1d3bc2 > > > b4c6fa92 > > > > > > > cd99c5c301635%7C0%7C0%7C636707289305519903&sdata=dwLUq8j9f > > > 9rxeb37V > > > > 8fGZKoiWh1TNBnhVFqnuF5oN3g%3D&reserved=0 > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-27 9:58 ` Sumit Garg @ 2018-08-28 13:08 ` Achin Gupta 2018-08-28 16:34 ` Sumit Garg 0 siblings, 1 reply; 15+ messages in thread From: Achin Gupta @ 2018-08-28 13:08 UTC (permalink / raw) To: Sumit Garg Cc: Matteo.Carlini, udit.kumar, Ard Biesheuvel, edk2-devel, tee-dev, Daniel Thompson, Jens Wiklander, rod.dorris, nd Hi Sumit, Apologies for not replying sooner. Some questions and thoughts inline. On Mon, Aug 27, 2018 at 03:28:52PM +0530, Sumit Garg wrote: > On Fri, 24 Aug 2018 at 23:33, Matteo Carlini <Matteo.Carlini@arm.com> wrote: > > > > +Achin > > > > SPD (for OP-TEE and other Trusted-OSes payloads running at S-EL1) and SPM (for Secure Partitions at S-EL0) are currently mutually exclusive into Trusted Firmware-A codebase. > > > > In other words, you cannot turn them on in parallel and execute both a S-EL1 Trusted OS AND (one or many) S-EL0 Secure Partitions in the Secure World with the current Software Architecture. > > > > IIUC, currently BL32 image is common in Trusted Firmware-A code-base. > If we turn on SPD then BL32=<trusted-os image> else if we turn on SPM > then BL32=<SPM S-EL0 image>, correct? Yes! BL32 is a TOS image if SPD is enabled. It is a S-EL0 Standalone MM Secure partition image if SPM is enabled. > > But I think SMC calling conventions (SMC Calling Convention [1] and > Management Mode Interface Specification [2]) doesn't put any such > restrictions as SMC function IDs are totally separate. Yes, this was an implementation choice to ensure that either a S-EL1 payload (Trusted OS) or a S-EL0 payload (MM SP) could be included in an Arm TF build but not both. > > > Achin and other Arm architects are trying to figure out a way for solving this problem without the need for a v8.4 Secure-EL2 Hypervisor, obviously without leveraging the isolation benefits of it (see also [1]). > > > > Agree we won't be having isolation benefits which provides added level > of Security. > > > But Ard is right: there could be use-cases to ship UEFI systems with OP-TEE and TAs on top...and this should still be currently possible using the SPD dispatcher into TF-A. I've not looked deeply into this patch, but it doesn’t seem to contradict the above Sw architecture. > > > > The question would be: would you foresee the need for running one (or many) other (UEFI/EDK2-based) Secure Services in the Secure World into a Secure Partition (using the StandaloneMmPkg) *together* with OP-TEE? > > > > As per following quote from Management Mode Interface Specification [2]: > > "Management Mode (MM) provides an environment for implementing OS > agnostic services (MM services) like RAS error handling, secure > variable storage, and firmware updates in system firmware. The > services can be invoked synchronously and asynchronously." > > It seems that MM mode is designed for more robust and platform > specific services whereas OP-TEE (or any trusted OS) use-cases seem to > be more complex like Entropy pool (RNG as in our case), DRM (could be > valid use-case for Android TV or Chromebook), keymaster or keystore > (for Edge devices) etc. It really depends upon the secure sw stack, use case and the requirements. MM interface specification specifies a blocking SMC (MM_COMMUNICATE) to access a secure service implemented in S-EL0. In the UEFI/PI/EDK2 context, MM drivers are used to satisfy a variety of use cases during boot through the EFI_MM_COMMUNICATION_PROTOCOL (the bad press of SMM aside!). MM_COMMUNICATE SMC provides a channel into the secure world to the backend of this protocol on Arm systems. So any service accessible through this protocol could be implemented on Arm systems in a MM SP. IIUC, in your case there is OP-TEE and firmware in the secure world. OP-TEE has a static TA that provides the random data service and you want to leverage it at boot time? Ditto for other services? So you do not really need an MM partition running alongside OP-TEE? In any case, what we are working on is to define a set of standard SMC interfaces that can be used to talk to a secure service in a payload in S-EL1 or S-EL0. This standard ABI will avoid the need to use payload specific SMCs in the normal world e.g. OP-TEE specific SMCs. Side topic! Do you foresee a usecase for DRM through UEFI during boot? Would it work in the absence of RPC support in the Optee Library? IIUC, at runtime, DRM traffic will be routed through the OP-TEE driver in the OS instead of UEFI since there is no UEFI runtime service interface to do DRM? > > So it looks like they complement each other and we will have more > robustness once we migrate to v8.4 Secure-EL2 Hypervisor for isolation > support. In a way yes! The robustness bit is not really related to the interface used to access as service. > > Please feel free to correct me if I missed something. Hope this makes sense. cheers, Achin > > Regards, > Sumit > > [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf > [2] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf > > > Thanks > > Matteo > > > > [1]: https://community.arm.com/processors/b/blog/posts/architecting-more-secure-world-with-isolation-and-virtualization > > > > > -----Original Message----- > > > From: Udit Kumar <udit.kumar@nxp.com> > > > Sent: 24 August 2018 18:46 > > > To: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Matteo Carlini > > > <Matteo.Carlini@arm.com> > > > Cc: Sumit Garg <sumit.garg@linaro.org>; edk2-devel@lists.01.org; tee- > > > dev@lists.linaro.org; daniel.thompson@linaro.org; jens.wiklander@linaro.org; > > > Rod Dorris <rod.dorris@nxp.com> > > > Subject: RE: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate > > > with OP-TEE > > > > > > Hi Ard > > > > > > > If MM mode is fundamentally incompatible with OP-TEE, then you cannot > > > > run both at the same time, > > > > > > Both cannot coexist unless you have v8.4 CPU > > > > > > Regards > > > Udit > > > > > > > > > > > > > > > >> -----Original Message----- > > > > >> From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of > > > > >> Sumit Garg > > > > >> Sent: Friday, August 24, 2018 2:51 PM > > > > >> To: edk2-devel@lists.01.org > > > > >> Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org; > > > > >> jens.wiklander@linaro.org > > > > >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to > > > > >> communicate with OP-TEE > > > > >> > > > > >> Add following APIs to communicate with OP-TEE static TA: > > > > >> 1. OpteeInit > > > > >> 2. OpteeOpenSession > > > > >> 3. OpteeCloseSession > > > > >> 4. OpteeInvokeFunc > > > > >> > > > > >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > > > > >> Cc: Leif Lindholm <leif.lindholm@linaro.org> > > > > >> Contributed-under: TianoCore Contribution Agreement 1.1 > > > > >> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > > > > >> --- > > > > >> ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > > > > >> ArmPkg/Library/OpteeLib/Optee.c | 358 > > > > >> +++++++++++++++++++++ > > > > >> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > > > > >> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > > > > >> .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > > > > >> 5 files changed, 531 insertions(+), 34 deletions(-) create mode > > > > >> 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > >> copy ArmPkg/Include/Library/OpteeLib.h => > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > > > > >> > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > > > >> b/ArmPkg/Include/Library/OpteeLib.h > > > > >> index f65d8674d9b8..c323f49072f8 100644 > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > > > >> +++ b/ArmPkg/Include/Library/OpteeLib.h > > > > >> @@ -25,10 +25,112 @@ > > > > >> #define OPTEE_OS_UID2 0xaf630002 > > > > >> #define OPTEE_OS_UID3 0xa5d5c51b > > > > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > > > > >> + > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > > > > >> + > > > > >> +typedef struct { > > > > >> + UINT64 BufPtr; > > > > >> + UINT64 Size; > > > > >> + UINT64 ShmRef; > > > > >> +} OPTEE_MSG_PARAM_MEM; > > > > >> + > > > > >> +typedef struct { > > > > >> + UINT64 A; > > > > >> + UINT64 B; > > > > >> + UINT64 C; > > > > >> +} OPTEE_MSG_PARAM_VALUE; > > > > >> + > > > > >> +typedef struct { > > > > >> + UINT64 Attr; > > > > >> + union { > > > > >> + OPTEE_MSG_PARAM_MEM Mem; > > > > >> + OPTEE_MSG_PARAM_VALUE Value; > > > > >> + } U; > > > > >> +} OPTEE_MSG_PARAM; > > > > >> + > > > > >> +#define MAX_PARAMS 4 > > > > >> + > > > > >> +typedef struct { > > > > >> + UINT32 Cmd; > > > > >> + UINT32 Func; > > > > >> + UINT32 Session; > > > > >> + UINT32 CancelId; > > > > >> + UINT32 Pad; > > > > >> + UINT32 Ret; > > > > >> + UINT32 RetOrigin; > > > > >> + UINT32 NumParams; > > > > >> + > > > > >> + // NumParams tells the actual number of element in Params > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > > > >> +} OPTEE_MSG_ARG; > > > > >> + > > > > >> +#define OPTEE_UUID_LEN 16 > > > > >> + > > > > >> +// > > > > >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > > > > >> +// @Uuid: [in] UUID of the Trusted Application > > > > >> +// @Session: [out] Session id > > > > >> +// @Ret: [out] Return value > > > > >> +// @RetOrigin [out] Origin of the return value > > > > >> +// > > > > >> +typedef struct { > > > > >> + UINT8 Uuid[OPTEE_UUID_LEN]; > > > > >> + UINT32 Session; > > > > >> + UINT32 Ret; > > > > >> + UINT32 RetOrigin; > > > > >> +} OPTEE_OPEN_SESSION_ARG; > > > > >> + > > > > >> +// > > > > >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument > > > > >> +// @Func: [in] Trusted Application function, specific to the TA > > > > >> +// @Session: [in] Session id > > > > >> +// @Ret: [out] Return value > > > > >> +// @RetOrigin [out] Origin of the return value > > > > >> +// @Params [inout] Parameters for function to be invoked > > > > >> +// > > > > >> +typedef struct { > > > > >> + UINT32 Func; > > > > >> + UINT32 Session; > > > > >> + UINT32 Ret; > > > > >> + UINT32 RetOrigin; > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > > > >> +} OPTEE_INVOKE_FUNC_ARG; > > > > >> + > > > > >> BOOLEAN > > > > >> EFIAPI > > > > >> IsOpteePresent ( > > > > >> VOID > > > > >> ); > > > > >> > > > > >> +EFI_STATUS > > > > >> +EFIAPI > > > > >> +OpteeInit ( > > > > >> + VOID > > > > >> + ); > > > > >> + > > > > >> +EFI_STATUS > > > > >> +EFIAPI > > > > >> +OpteeOpenSession ( > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > > > >> + ); > > > > >> + > > > > >> +EFI_STATUS > > > > >> +EFIAPI > > > > >> +OpteeCloseSession ( > > > > >> + IN UINT32 Session > > > > >> + ); > > > > >> + > > > > >> +EFI_STATUS > > > > >> +EFIAPI > > > > >> +OpteeInvokeFunc ( > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > > > >> + ); > > > > >> + > > > > >> #endif > > > > >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c > > > > >> b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..2111022d3662 > > > > >> 100644 > > > > >> --- a/ArmPkg/Library/OpteeLib/Optee.c > > > > >> +++ b/ArmPkg/Library/OpteeLib/Optee.c > > > > >> @@ -14,11 +14,19 @@ > > > > >> > > > > >> **/ > > > > >> > > > > >> +#include <Library/ArmMmuLib.h> > > > > >> #include <Library/ArmSmcLib.h> > > > > >> +#include <Library/BaseMemoryLib.h> > > > > >> #include <Library/BaseLib.h> > > > > >> +#include <Library/DebugLib.h> > > > > >> #include <Library/OpteeLib.h> > > > > >> > > > > >> #include <IndustryStandard/ArmStdSmc.h> > > > > >> +#include <IndustryStandard/GlobalPlatform.h> > > > > >> +#include <OpteeSmc.h> > > > > >> +#include <Uefi.h> > > > > >> + > > > > >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; > > > > >> > > > > >> /** > > > > >> Check for OP-TEE presence. > > > > >> @@ -31,6 +39,7 @@ IsOpteePresent ( > > > > >> { > > > > >> ARM_SMC_ARGS ArmSmcArgs; > > > > >> > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > >> // Send a Trusted OS Calls UID command > > > > >> ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; > > > > >> ArmCallSmc (&ArmSmcArgs); > > > > >> @@ -44,3 +53,352 @@ IsOpteePresent ( > > > > >> return FALSE; > > > > >> } > > > > >> } > > > > >> + > > > > >> +STATIC > > > > >> +EFI_STATUS > > > > >> +OpteeShmMemRemap ( > > > > >> + VOID > > > > >> + ) > > > > >> +{ > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > > > > >> + EFI_PHYSICAL_ADDRESS Paddr; > > > > >> + EFI_PHYSICAL_ADDRESS Start; > > > > >> + EFI_PHYSICAL_ADDRESS End; > > > > >> + EFI_STATUS Status; > > > > >> + UINTN Size; > > > > >> + > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; > > > > >> + > > > > >> + ArmCallSmc (&ArmSmcArgs); > > > > >> + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); > > > > >> + return EFI_UNSUPPORTED; > > > > >> + } > > > > >> + > > > > >> + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared > > > > memory > > > > >> supported\n")); > > > > >> + return EFI_UNSUPPORTED; > > > > >> + } > > > > >> + > > > > >> + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); End > > > > >> + = > > > > >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); Paddr = > > > > >> + Start; Size = End - Start; > > > > >> + > > > > >> + if (Size < SIZE_4KB) { > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); > > > > >> + return EFI_BUFFER_TOO_SMALL; > > > > >> + } > > > > >> + > > > > >> + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); > > > > >> + if (EFI_ERROR (Status)) { > > > > >> + return Status; > > > > >> + } > > > > >> + > > > > >> + OpteeShmInfo.Base = (UINTN)Paddr; OpteeShmInfo.Size = Size; > > > > >> + > > > > >> + return EFI_SUCCESS; > > > > >> +} > > > > >> + > > > > >> +EFI_STATUS > > > > >> +EFIAPI > > > > >> +OpteeInit ( > > > > >> + VOID > > > > >> + ) > > > > >> +{ > > > > >> + EFI_STATUS Status; > > > > >> + > > > > >> + if (!IsOpteePresent ()) { > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > > > > >> + return EFI_UNSUPPORTED; > > > > >> + } > > > > >> + > > > > >> + Status = OpteeShmMemRemap (); > > > > >> + if (EFI_ERROR (Status)) { > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); > > > > >> + return Status; > > > > >> + } > > > > >> + > > > > >> + return EFI_SUCCESS; > > > > >> +} > > > > >> + > > > > >> +/** > > > > >> + Does Standard SMC to OP-TEE in secure world. > > > > >> + > > > > >> + @param[in] Parg Physical address of message to pass to secure world > > > > >> + > > > > >> + @return 0 on success, secure world return code otherwise > > > > >> + > > > > >> +**/ > > > > >> +STATIC > > > > >> +UINT32 > > > > >> +OpteeCallWithArg ( > > > > >> + IN EFI_PHYSICAL_ADDRESS Parg > > > > >> + ) > > > > >> +{ > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > > > > >> + > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; > > > > >> + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); > > > > >> + ArmSmcArgs.Arg2 = (UINT32)Parg; > > > > >> + > > > > >> + while (TRUE) { > > > > >> + ArmCallSmc (&ArmSmcArgs); > > > > >> + > > > > >> + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { > > > > >> + // > > > > >> + // A foreign interrupt was raised while secure world was > > > > >> + // executing, since they are handled in UEFI a dummy RPC is > > > > >> + // performed to let UEFI take the interrupt through the normal > > > > >> + // vector. > > > > >> + // > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; > > > > >> + } else { > > > > >> + break; > > > > >> + } > > > > >> + } > > > > >> + > > > > >> + return ArmSmcArgs.Arg0; > > > > >> +} > > > > >> + > > > > >> +EFI_STATUS > > > > >> +EFIAPI > > > > >> +OpteeOpenSession ( > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > > > >> + ) > > > > >> +{ > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > >> + > > > > >> + MsgArg = NULL; > > > > >> + > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > >> + return EFI_NOT_STARTED; > > > > >> + } > > > > >> + > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > > >> sizeof > > > > >> + (OPTEE_MSG_ARG)); > > > > >> + > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; > > > > >> + > > > > >> + // > > > > >> + // Initialize and add the meta parameters needed when opening a > > > > >> + // session. > > > > >> + // > > > > >> + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > > > >> + OPTEE_MSG_ATTR_META; > > > > >> + MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > > > >> + OPTEE_MSG_ATTR_META; CopyMem > > > > >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, > > > > OPTEE_UUID_LEN); > > > > >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > > > > >> + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; > > > > >> + > > > > >> + MsgArg->NumParams = 2; > > > > >> + > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > >> + > > > > >> + OpenSessionArg->Session = MsgArg->Session; OpenSessionArg->Ret > > > > >> + = > > > > >> + MsgArg->Ret; OpenSessionArg->RetOrigin = MsgArg->RetOrigin; > > > > >> + > > > > >> + return EFI_SUCCESS; > > > > >> +} > > > > >> + > > > > >> +EFI_STATUS > > > > >> +EFIAPI > > > > >> +OpteeCloseSession ( > > > > >> + IN UINT32 Session > > > > >> + ) > > > > >> +{ > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > >> + > > > > >> + MsgArg = NULL; > > > > >> + > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > >> + return EFI_NOT_STARTED; > > > > >> + } > > > > >> + > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > > >> sizeof > > > > >> + (OPTEE_MSG_ARG)); > > > > >> + > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; MsgArg->Session > > > > = > > > > >> + Session; > > > > >> + > > > > >> + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > > > > >> + > > > > >> + return EFI_SUCCESS; > > > > >> +} > > > > >> + > > > > >> +STATIC > > > > >> +EFI_STATUS > > > > >> +OpteeToMsgParam ( > > > > >> + OUT OPTEE_MSG_PARAM *MsgParams, > > > > >> + IN UINT32 NumParams, > > > > >> + IN OPTEE_MSG_PARAM *InParams > > > > >> + ) > > > > >> +{ > > > > >> + UINT32 Idx; > > > > >> + UINTN ParamShmAddr; > > > > >> + UINTN ShmSize; > > > > >> + UINTN Size; > > > > >> + > > > > >> + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof > > > > >> + (UINT64) - 1); ParamShmAddr = OpteeShmInfo.Base + Size; ShmSize > > > > >> + = OpteeShmInfo.Size - Size; > > > > >> + > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > > > >> + CONST OPTEE_MSG_PARAM *Ip; > > > > >> + OPTEE_MSG_PARAM *Mp; > > > > >> + UINT32 Attr; > > > > >> + > > > > >> + Ip = InParams + Idx; > > > > >> + Mp = MsgParams + Idx; > > > > >> + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > > > >> + > > > > >> + switch (Attr) { > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > > > >> + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > > > >> + ZeroMem (&Mp->U, sizeof (Mp->U)); > > > > >> + break; > > > > >> + > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > > > >> + Mp->Attr = Attr; > > > > >> + Mp->U.Value.A = Ip->U.Value.A; > > > > >> + Mp->U.Value.B = Ip->U.Value.B; > > > > >> + Mp->U.Value.C = Ip->U.Value.C; > > > > >> + break; > > > > >> + > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > > > >> + Mp->Attr = Attr; > > > > >> + > > > > >> + if (Ip->U.Mem.Size > ShmSize) { > > > > >> + return EFI_OUT_OF_RESOURCES; > > > > >> + } > > > > >> + > > > > >> + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip- > > > > >> >U.Mem.Size); > > > > >> + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; > > > > >> + Mp->U.Mem.Size = Ip->U.Mem.Size; > > > > >> + > > > > >> + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); > > > > >> + ParamShmAddr += Size; > > > > >> + ShmSize -= Size; > > > > >> + break; > > > > >> + > > > > >> + default: > > > > >> + return EFI_INVALID_PARAMETER; > > > > >> + } > > > > >> + } > > > > >> + > > > > >> + return EFI_SUCCESS; > > > > >> +} > > > > >> + > > > > >> +STATIC > > > > >> +EFI_STATUS > > > > >> +OpteeFromMsgParam ( > > > > >> + OUT OPTEE_MSG_PARAM *OutParams, > > > > >> + IN UINT32 NumParams, > > > > >> + IN OPTEE_MSG_PARAM *MsgParams > > > > >> + ) > > > > >> +{ > > > > >> + UINT32 Idx; > > > > >> + > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > > > >> + OPTEE_MSG_PARAM *Op; > > > > >> + CONST OPTEE_MSG_PARAM *Mp; > > > > >> + UINT32 Attr; > > > > >> + > > > > >> + Op = OutParams + Idx; > > > > >> + Mp = MsgParams + Idx; > > > > >> + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > > > >> + > > > > >> + switch (Attr) { > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > > > >> + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > > > >> + ZeroMem (&Op->U, sizeof (Op->U)); > > > > >> + break; > > > > >> + > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > > > >> + Op->Attr = Attr; > > > > >> + Op->U.Value.A = Mp->U.Value.A; > > > > >> + Op->U.Value.B = Mp->U.Value.B; > > > > >> + Op->U.Value.C = Mp->U.Value.C; > > > > >> + break; > > > > >> + > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > > > >> + Op->Attr = Attr; > > > > >> + > > > > >> + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > > > > >> + return EFI_BAD_BUFFER_SIZE; > > > > >> + } > > > > >> + > > > > >> + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, > > > > >> Mp->U.Mem.Size); > > > > >> + Op->U.Mem.Size = Mp->U.Mem.Size; > > > > >> + break; > > > > >> + > > > > >> + default: > > > > >> + return EFI_INVALID_PARAMETER; > > > > >> + } > > > > >> + } > > > > >> + > > > > >> + return EFI_SUCCESS; > > > > >> +} > > > > >> + > > > > >> +EFI_STATUS > > > > >> +EFIAPI > > > > >> +OpteeInvokeFunc ( > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > > > >> + ) > > > > >> +{ > > > > >> + EFI_STATUS Status; > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > >> + > > > > >> + MsgArg = NULL; > > > > >> + > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > >> + return EFI_NOT_STARTED; > > > > >> + } > > > > >> + > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > > >> sizeof > > > > >> + (OPTEE_MSG_ARG)); > > > > >> + > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; MsgArg- > > > > >Func = > > > > >> + InvokeFuncArg->Func; MsgArg->Session = InvokeFuncArg->Session; > > > > >> + > > > > >> + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, > > > > >> + InvokeFuncArg->Params); if (Status) > > > > >> + return Status; > > > > >> + > > > > >> + MsgArg->NumParams = MAX_PARAMS; > > > > >> + > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > >> + > > > > >> + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, > > > > >> MsgArg->Params)) { > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > >> + > > > > >> + InvokeFuncArg->Ret = MsgArg->Ret; InvokeFuncArg->RetOrigin = > > > > >> + MsgArg->RetOrigin; > > > > >> + > > > > >> + return EFI_SUCCESS; > > > > >> +} > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > >> index 5abd427379cc..e03054a7167d 100644 > > > > >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > >> @@ -23,11 +23,13 @@ [Defines] > > > > >> > > > > >> [Sources] > > > > >> Optee.c > > > > >> + OpteeSmc.h > > > > >> > > > > >> [Packages] > > > > >> ArmPkg/ArmPkg.dec > > > > >> MdePkg/MdePkg.dec > > > > >> > > > > >> [LibraryClasses] > > > > >> + ArmMmuLib > > > > >> ArmSmcLib > > > > >> BaseLib > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > >> new file mode 100644 > > > > >> index 000000000000..e2ea35784a0a > > > > >> --- /dev/null > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > >> @@ -0,0 +1,43 @@ > > > > >> +/** @file > > > > >> + OP-TEE SMC header file. > > > > >> + > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > >> + > > > > >> + This program and the accompanying materials are licensed and > > > > >> + made available under the terms and conditions of the BSD License > > > > >> + which accompanies this distribution. The full text of the > > > > >> + license may be found at > > > > >> + > > > > >> + > > > > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > > >> n > > > > >> + source.org%2Flicenses%2Fbsd- > > > > >> license.php&data=02%7C01%7Cudit.kumar% > > > > >> + > > > > >> > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > > > > >> a92cd99 > > > > >> + > > > > >> > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > > > >> OOKCyshbg > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > >> + > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > > >> BASIS, > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > > >> EXPRESS OR IMPLIED. > > > > >> + > > > > >> +**/ > > > > >> + > > > > >> +#ifndef _OPTEE_SMC_H_ > > > > >> +#define _OPTEE_SMC_H_ > > > > >> + > > > > >> +/* Returned in Arg0 only from Trusted OS functions */ > > > > >> +#define OPTEE_SMC_RETURN_OK 0x0 > > > > >> + > > > > >> +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > > > > >> +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > > > > >> +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > > > > >> + > > > > >> +#define OPTEE_SMC_SHM_CACHED 1 > > > > >> + > > > > >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 > > > > >> + > > > > >> +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > > > > >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > > > > >> +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > > > > >> + > > > > >> +#define OPTEE_MSG_ATTR_META 0x100 > > > > >> + > > > > >> +#define TEE_LOGIN_PUBLIC 0x0 > > > > >> + > > > > >> +typedef struct { > > > > >> + UINTN Base; > > > > >> + UINTN Size; > > > > >> +} OPTEE_SHARED_MEMORY_INFO; > > > > >> + > > > > >> +#endif > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > > > >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > >> similarity index 53% > > > > >> copy from ArmPkg/Include/Library/OpteeLib.h copy to > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > >> index f65d8674d9b8..14c621d89971 100644 > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > > > >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > >> @@ -1,34 +1,26 @@ > > > > >> -/** @file > > > > >> - OP-TEE specific header file. > > > > >> - > > > > >> - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > >> - > > > > >> - This program and the accompanying materials > > > > >> - are licensed and made available under the terms and conditions > > > > >> of the BSD License > > > > >> - which accompanies this distribution. The full text of the > > > > >> license may be found at > > > > >> - > > > > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > > >> nsource.org%2Flicenses%2Fbsd- > > > > >> > > > > license.php&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c > > > > >> > > > > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0% > > > > >> > > > > 7C0%7C636706993250535371&sdata=pyZF9Ku3qEppOOKCyshbg9oCT4 > > > > >> P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > >> - > > > > >> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > > >> BASIS, > > > > >> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > > EXPRESS > > > > >> OR IMPLIED. > > > > >> - > > > > >> -**/ > > > > >> - > > > > >> -#ifndef _OPTEE_H_ > > > > >> -#define _OPTEE_H_ > > > > >> - > > > > >> -/* > > > > >> - * The 'Trusted OS Call UID' is supposed to return the following > > > > >> UUID for > > > > >> - * OP-TEE OS. This is a 128-bit value. > > > > >> - */ > > > > >> -#define OPTEE_OS_UID0 0x384fb3e0 > > > > >> -#define OPTEE_OS_UID1 0xe7f811e3 > > > > >> -#define OPTEE_OS_UID2 0xaf630002 > > > > >> -#define OPTEE_OS_UID3 0xa5d5c51b > > > > >> - > > > > >> -BOOLEAN > > > > >> -EFIAPI > > > > >> -IsOpteePresent ( > > > > >> - VOID > > > > >> - ); > > > > >> - > > > > >> -#endif > > > > >> +/** @file > > > > >> + Standardized Global Platform header file. > > > > >> + > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > >> + > > > > >> + This program and the accompanying materials are licensed and > > > > >> + made available under the terms and conditions of the BSD License > > > > >> + which accompanies this distribution. The full text of the > > > > >> + license may be found at > > > > >> + > > > > >> + > > > > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > > >> n > > > > >> + source.org%2Flicenses%2Fbsd- > > > > >> license.php&data=02%7C01%7Cudit.kumar% > > > > >> + > > > > >> > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > > > > >> a92cd99 > > > > >> + > > > > >> > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > > > >> OOKCyshbg > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > >> + > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > > >> BASIS, > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > > >> EXPRESS OR IMPLIED. > > > > >> + > > > > >> +**/ > > > > >> + > > > > >> +#ifndef _GLOBAL_PLATFORM_H_ > > > > >> +#define _GLOBAL_PLATFORM_H_ > > > > >> + > > > > >> +#define TEEC_ORIGIN_COMMS 0x00000002 > > > > >> + > > > > >> +#define TEEC_SUCCESS 0x00000000 > > > > >> +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > > > > >> +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > > > > >> +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > > > > >> + > > > > >> +#endif > > > > >> -- > > > > >> 2.7.4 > > > > >> > > > > >> _______________________________________________ > > > > >> edk2-devel mailing list > > > > >> edk2-devel@lists.01.org > > > > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > > > > >> st > > > > >> s.01.org%2Fmailman%2Flistinfo%2Fedk2- > > > > >> > > > > devel&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e > > > > >> > > > > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% > > > > >> > > > > 7C636706993250535371&sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP > > > > >> u%2Fhcds3j9aDPnU%3D&reserved=0 > > > > > _______________________________________________ > > > > > edk2-devel mailing list > > > > > edk2-devel@lists.01.org > > > > > > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis > > > > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- > > > > devel&data=02%7C01%7Cudit.ku > > > > > > > > > mar%40nxp.com%7C5311c5dc22d54095d79d08d609e7fbf5%7C686ea1d3bc2 > > > > b4c6fa92 > > > > > > > > > cd99c5c301635%7C0%7C0%7C636707289305519903&sdata=dwLUq8j9f > > > > 9rxeb37V > > > > > 8fGZKoiWh1TNBnhVFqnuF5oN3g%3D&reserved=0 > > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-28 13:08 ` Achin Gupta @ 2018-08-28 16:34 ` Sumit Garg 2018-08-29 4:38 ` Udit Kumar 2018-08-29 5:41 ` Bhupesh Sharma 0 siblings, 2 replies; 15+ messages in thread From: Sumit Garg @ 2018-08-28 16:34 UTC (permalink / raw) To: achin.gupta Cc: Matteo.Carlini, udit.kumar, Ard Biesheuvel, edk2-devel, tee-dev, Daniel Thompson, Jens Wiklander, rod.dorris, nd Hi Achin, On Tue, 28 Aug 2018 at 18:38, Achin Gupta <achin.gupta@arm.com> wrote: > > Hi Sumit, > > Apologies for not replying sooner. Some questions and thoughts inline. > > On Mon, Aug 27, 2018 at 03:28:52PM +0530, Sumit Garg wrote: > > On Fri, 24 Aug 2018 at 23:33, Matteo Carlini <Matteo.Carlini@arm.com> wrote: > > > > > > +Achin > > > > > > SPD (for OP-TEE and other Trusted-OSes payloads running at S-EL1) and SPM (for Secure Partitions at S-EL0) are currently mutually exclusive into Trusted Firmware-A codebase. > > > > > > In other words, you cannot turn them on in parallel and execute both a S-EL1 Trusted OS AND (one or many) S-EL0 Secure Partitions in the Secure World with the current Software Architecture. > > > > > > > IIUC, currently BL32 image is common in Trusted Firmware-A code-base. > > If we turn on SPD then BL32=<trusted-os image> else if we turn on SPM > > then BL32=<SPM S-EL0 image>, correct? > > Yes! BL32 is a TOS image if SPD is enabled. It is a S-EL0 Standalone MM Secure > partition image if SPM is enabled. > > > > > But I think SMC calling conventions (SMC Calling Convention [1] and > > Management Mode Interface Specification [2]) doesn't put any such > > restrictions as SMC function IDs are totally separate. > > Yes, this was an implementation choice to ensure that either a S-EL1 payload > (Trusted OS) or a S-EL0 payload (MM SP) could be included in an Arm TF build but > not both. > > > > > > Achin and other Arm architects are trying to figure out a way for solving this problem without the need for a v8.4 Secure-EL2 Hypervisor, obviously without leveraging the isolation benefits of it (see also [1]). > > > > > > > Agree we won't be having isolation benefits which provides added level > > of Security. > > > > > But Ard is right: there could be use-cases to ship UEFI systems with OP-TEE and TAs on top...and this should still be currently possible using the SPD dispatcher into TF-A. I've not looked deeply into this patch, but it doesn’t seem to contradict the above Sw architecture. > > > > > > The question would be: would you foresee the need for running one (or many) other (UEFI/EDK2-based) Secure Services in the Secure World into a Secure Partition (using the StandaloneMmPkg) *together* with OP-TEE? > > > > > > > As per following quote from Management Mode Interface Specification [2]: > > > > "Management Mode (MM) provides an environment for implementing OS > > agnostic services (MM services) like RAS error handling, secure > > variable storage, and firmware updates in system firmware. The > > services can be invoked synchronously and asynchronously." > > > > It seems that MM mode is designed for more robust and platform > > specific services whereas OP-TEE (or any trusted OS) use-cases seem to > > be more complex like Entropy pool (RNG as in our case), DRM (could be > > valid use-case for Android TV or Chromebook), keymaster or keystore > > (for Edge devices) etc. > > It really depends upon the secure sw stack, use case and the requirements. MM > interface specification specifies a blocking SMC (MM_COMMUNICATE) to access a > secure service implemented in S-EL0. > > In the UEFI/PI/EDK2 context, MM drivers are used to satisfy a variety of use > cases during boot through the EFI_MM_COMMUNICATION_PROTOCOL (the bad press of > SMM aside!). MM_COMMUNICATE SMC provides a channel into the secure world to the > backend of this protocol on Arm systems. So any service accessible through this > protocol could be implemented on Arm systems in a MM SP. > > IIUC, in your case there is OP-TEE and firmware in the secure world. OP-TEE has > a static TA that provides the random data service and you want to leverage it at > boot time? Ditto for other services? Correct, actually we tried to create OP-TEE static (pseudo) TA that provides RNG service using thermal sensor noise and secure timer interrupts (FIQs) to fill entropy pool. Using this service via OP-TEE library in UEFI (subset in terms of functionality as compared to OP-TEE kernel driver) for features like KASLR etc. > So you do not really need an MM partition > running alongside OP-TEE? > Agree that most of secure services can be implemented as static (pseudo) TAs. But if I think about services like RAS error handling and firmware updates. Is Trusted OS (OP-TEE or any third party OS) an appropriate place to implement these platform specific services? > In any case, what we are working on is to define a set of standard SMC > interfaces that can be used to talk to a secure service in a payload in S-EL1 or > S-EL0. This standard ABI will avoid the need to use payload specific SMCs in the > normal world e.g. OP-TEE specific SMCs. > It would be nice to have such standard ABI. > Side topic! Do you foresee a usecase for DRM through UEFI during boot? Would it > work in the absence of RPC support in the Optee Library? IIUC, at runtime, DRM > traffic will be routed through the OP-TEE driver in the OS instead of UEFI since > there is no UEFI runtime service interface to do DRM? > Correct, I don't foresee DRM use-case during UEFI boot. Actually by DRM use-case I mean to say via OP-TEE driver in OS only. Earlier I was trying to list use-cases of OP-TEE on devices using UEFI as a boot-loader. Regards, Sumit > > > > So it looks like they complement each other and we will have more > > robustness once we migrate to v8.4 Secure-EL2 Hypervisor for isolation > > support. > > In a way yes! The robustness bit is not really related to the interface used to > access as service. > > > > > Please feel free to correct me if I missed something. > > Hope this makes sense. > > cheers, > Achin > > > > > Regards, > > Sumit > > > > [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf > > [2] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf > > > > > Thanks > > > Matteo > > > > > > [1]: https://community.arm.com/processors/b/blog/posts/architecting-more-secure-world-with-isolation-and-virtualization > > > > > > > -----Original Message----- > > > > From: Udit Kumar <udit.kumar@nxp.com> > > > > Sent: 24 August 2018 18:46 > > > > To: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Matteo Carlini > > > > <Matteo.Carlini@arm.com> > > > > Cc: Sumit Garg <sumit.garg@linaro.org>; edk2-devel@lists.01.org; tee- > > > > dev@lists.linaro.org; daniel.thompson@linaro.org; jens.wiklander@linaro.org; > > > > Rod Dorris <rod.dorris@nxp.com> > > > > Subject: RE: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate > > > > with OP-TEE > > > > > > > > Hi Ard > > > > > > > > > If MM mode is fundamentally incompatible with OP-TEE, then you cannot > > > > > run both at the same time, > > > > > > > > Both cannot coexist unless you have v8.4 CPU > > > > > > > > Regards > > > > Udit > > > > > > > > > > > > > > > > > > > >> -----Original Message----- > > > > > >> From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of > > > > > >> Sumit Garg > > > > > >> Sent: Friday, August 24, 2018 2:51 PM > > > > > >> To: edk2-devel@lists.01.org > > > > > >> Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org; > > > > > >> jens.wiklander@linaro.org > > > > > >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to > > > > > >> communicate with OP-TEE > > > > > >> > > > > > >> Add following APIs to communicate with OP-TEE static TA: > > > > > >> 1. OpteeInit > > > > > >> 2. OpteeOpenSession > > > > > >> 3. OpteeCloseSession > > > > > >> 4. OpteeInvokeFunc > > > > > >> > > > > > >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > > > > > >> Cc: Leif Lindholm <leif.lindholm@linaro.org> > > > > > >> Contributed-under: TianoCore Contribution Agreement 1.1 > > > > > >> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > > > > > >> --- > > > > > >> ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > > > > > >> ArmPkg/Library/OpteeLib/Optee.c | 358 > > > > > >> +++++++++++++++++++++ > > > > > >> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > > > > > >> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > > > > > >> .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > > > > > >> 5 files changed, 531 insertions(+), 34 deletions(-) create mode > > > > > >> 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > >> copy ArmPkg/Include/Library/OpteeLib.h => > > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > > > > > >> > > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > > > > >> b/ArmPkg/Include/Library/OpteeLib.h > > > > > >> index f65d8674d9b8..c323f49072f8 100644 > > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > > > > >> +++ b/ArmPkg/Include/Library/OpteeLib.h > > > > > >> @@ -25,10 +25,112 @@ > > > > > >> #define OPTEE_OS_UID2 0xaf630002 > > > > > >> #define OPTEE_OS_UID3 0xa5d5c51b > > > > > >> > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > > > > > >> + > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > > > > > >> + > > > > > >> +typedef struct { > > > > > >> + UINT64 BufPtr; > > > > > >> + UINT64 Size; > > > > > >> + UINT64 ShmRef; > > > > > >> +} OPTEE_MSG_PARAM_MEM; > > > > > >> + > > > > > >> +typedef struct { > > > > > >> + UINT64 A; > > > > > >> + UINT64 B; > > > > > >> + UINT64 C; > > > > > >> +} OPTEE_MSG_PARAM_VALUE; > > > > > >> + > > > > > >> +typedef struct { > > > > > >> + UINT64 Attr; > > > > > >> + union { > > > > > >> + OPTEE_MSG_PARAM_MEM Mem; > > > > > >> + OPTEE_MSG_PARAM_VALUE Value; > > > > > >> + } U; > > > > > >> +} OPTEE_MSG_PARAM; > > > > > >> + > > > > > >> +#define MAX_PARAMS 4 > > > > > >> + > > > > > >> +typedef struct { > > > > > >> + UINT32 Cmd; > > > > > >> + UINT32 Func; > > > > > >> + UINT32 Session; > > > > > >> + UINT32 CancelId; > > > > > >> + UINT32 Pad; > > > > > >> + UINT32 Ret; > > > > > >> + UINT32 RetOrigin; > > > > > >> + UINT32 NumParams; > > > > > >> + > > > > > >> + // NumParams tells the actual number of element in Params > > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > > > > >> +} OPTEE_MSG_ARG; > > > > > >> + > > > > > >> +#define OPTEE_UUID_LEN 16 > > > > > >> + > > > > > >> +// > > > > > >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > > > > > >> +// @Uuid: [in] UUID of the Trusted Application > > > > > >> +// @Session: [out] Session id > > > > > >> +// @Ret: [out] Return value > > > > > >> +// @RetOrigin [out] Origin of the return value > > > > > >> +// > > > > > >> +typedef struct { > > > > > >> + UINT8 Uuid[OPTEE_UUID_LEN]; > > > > > >> + UINT32 Session; > > > > > >> + UINT32 Ret; > > > > > >> + UINT32 RetOrigin; > > > > > >> +} OPTEE_OPEN_SESSION_ARG; > > > > > >> + > > > > > >> +// > > > > > >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument > > > > > >> +// @Func: [in] Trusted Application function, specific to the TA > > > > > >> +// @Session: [in] Session id > > > > > >> +// @Ret: [out] Return value > > > > > >> +// @RetOrigin [out] Origin of the return value > > > > > >> +// @Params [inout] Parameters for function to be invoked > > > > > >> +// > > > > > >> +typedef struct { > > > > > >> + UINT32 Func; > > > > > >> + UINT32 Session; > > > > > >> + UINT32 Ret; > > > > > >> + UINT32 RetOrigin; > > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > > > > >> +} OPTEE_INVOKE_FUNC_ARG; > > > > > >> + > > > > > >> BOOLEAN > > > > > >> EFIAPI > > > > > >> IsOpteePresent ( > > > > > >> VOID > > > > > >> ); > > > > > >> > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeInit ( > > > > > >> + VOID > > > > > >> + ); > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeOpenSession ( > > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > > > > >> + ); > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeCloseSession ( > > > > > >> + IN UINT32 Session > > > > > >> + ); > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeInvokeFunc ( > > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > > > > >> + ); > > > > > >> + > > > > > >> #endif > > > > > >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c > > > > > >> b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..2111022d3662 > > > > > >> 100644 > > > > > >> --- a/ArmPkg/Library/OpteeLib/Optee.c > > > > > >> +++ b/ArmPkg/Library/OpteeLib/Optee.c > > > > > >> @@ -14,11 +14,19 @@ > > > > > >> > > > > > >> **/ > > > > > >> > > > > > >> +#include <Library/ArmMmuLib.h> > > > > > >> #include <Library/ArmSmcLib.h> > > > > > >> +#include <Library/BaseMemoryLib.h> > > > > > >> #include <Library/BaseLib.h> > > > > > >> +#include <Library/DebugLib.h> > > > > > >> #include <Library/OpteeLib.h> > > > > > >> > > > > > >> #include <IndustryStandard/ArmStdSmc.h> > > > > > >> +#include <IndustryStandard/GlobalPlatform.h> > > > > > >> +#include <OpteeSmc.h> > > > > > >> +#include <Uefi.h> > > > > > >> + > > > > > >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; > > > > > >> > > > > > >> /** > > > > > >> Check for OP-TEE presence. > > > > > >> @@ -31,6 +39,7 @@ IsOpteePresent ( > > > > > >> { > > > > > >> ARM_SMC_ARGS ArmSmcArgs; > > > > > >> > > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > > >> // Send a Trusted OS Calls UID command > > > > > >> ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; > > > > > >> ArmCallSmc (&ArmSmcArgs); > > > > > >> @@ -44,3 +53,352 @@ IsOpteePresent ( > > > > > >> return FALSE; > > > > > >> } > > > > > >> } > > > > > >> + > > > > > >> +STATIC > > > > > >> +EFI_STATUS > > > > > >> +OpteeShmMemRemap ( > > > > > >> + VOID > > > > > >> + ) > > > > > >> +{ > > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > > > > > >> + EFI_PHYSICAL_ADDRESS Paddr; > > > > > >> + EFI_PHYSICAL_ADDRESS Start; > > > > > >> + EFI_PHYSICAL_ADDRESS End; > > > > > >> + EFI_STATUS Status; > > > > > >> + UINTN Size; > > > > > >> + > > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; > > > > > >> + > > > > > >> + ArmCallSmc (&ArmSmcArgs); > > > > > >> + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); > > > > > >> + return EFI_UNSUPPORTED; > > > > > >> + } > > > > > >> + > > > > > >> + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared > > > > > memory > > > > > >> supported\n")); > > > > > >> + return EFI_UNSUPPORTED; > > > > > >> + } > > > > > >> + > > > > > >> + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); End > > > > > >> + = > > > > > >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); Paddr = > > > > > >> + Start; Size = End - Start; > > > > > >> + > > > > > >> + if (Size < SIZE_4KB) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); > > > > > >> + return EFI_BUFFER_TOO_SMALL; > > > > > >> + } > > > > > >> + > > > > > >> + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); > > > > > >> + if (EFI_ERROR (Status)) { > > > > > >> + return Status; > > > > > >> + } > > > > > >> + > > > > > >> + OpteeShmInfo.Base = (UINTN)Paddr; OpteeShmInfo.Size = Size; > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeInit ( > > > > > >> + VOID > > > > > >> + ) > > > > > >> +{ > > > > > >> + EFI_STATUS Status; > > > > > >> + > > > > > >> + if (!IsOpteePresent ()) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > > > > > >> + return EFI_UNSUPPORTED; > > > > > >> + } > > > > > >> + > > > > > >> + Status = OpteeShmMemRemap (); > > > > > >> + if (EFI_ERROR (Status)) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); > > > > > >> + return Status; > > > > > >> + } > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +/** > > > > > >> + Does Standard SMC to OP-TEE in secure world. > > > > > >> + > > > > > >> + @param[in] Parg Physical address of message to pass to secure world > > > > > >> + > > > > > >> + @return 0 on success, secure world return code otherwise > > > > > >> + > > > > > >> +**/ > > > > > >> +STATIC > > > > > >> +UINT32 > > > > > >> +OpteeCallWithArg ( > > > > > >> + IN EFI_PHYSICAL_ADDRESS Parg > > > > > >> + ) > > > > > >> +{ > > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > > > > > >> + > > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; > > > > > >> + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); > > > > > >> + ArmSmcArgs.Arg2 = (UINT32)Parg; > > > > > >> + > > > > > >> + while (TRUE) { > > > > > >> + ArmCallSmc (&ArmSmcArgs); > > > > > >> + > > > > > >> + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { > > > > > >> + // > > > > > >> + // A foreign interrupt was raised while secure world was > > > > > >> + // executing, since they are handled in UEFI a dummy RPC is > > > > > >> + // performed to let UEFI take the interrupt through the normal > > > > > >> + // vector. > > > > > >> + // > > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; > > > > > >> + } else { > > > > > >> + break; > > > > > >> + } > > > > > >> + } > > > > > >> + > > > > > >> + return ArmSmcArgs.Arg0; > > > > > >> +} > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeOpenSession ( > > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > > > > >> + ) > > > > > >> +{ > > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > > >> + > > > > > >> + MsgArg = NULL; > > > > > >> + > > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > > >> + return EFI_NOT_STARTED; > > > > > >> + } > > > > > >> + > > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > > > >> sizeof > > > > > >> + (OPTEE_MSG_ARG)); > > > > > >> + > > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; > > > > > >> + > > > > > >> + // > > > > > >> + // Initialize and add the meta parameters needed when opening a > > > > > >> + // session. > > > > > >> + // > > > > > >> + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > > > > >> + OPTEE_MSG_ATTR_META; > > > > > >> + MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > > > > >> + OPTEE_MSG_ATTR_META; CopyMem > > > > > >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, > > > > > OPTEE_UUID_LEN); > > > > > >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > > > > > >> + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; > > > > > >> + > > > > > >> + MsgArg->NumParams = 2; > > > > > >> + > > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > > >> + > > > > > >> + OpenSessionArg->Session = MsgArg->Session; OpenSessionArg->Ret > > > > > >> + = > > > > > >> + MsgArg->Ret; OpenSessionArg->RetOrigin = MsgArg->RetOrigin; > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeCloseSession ( > > > > > >> + IN UINT32 Session > > > > > >> + ) > > > > > >> +{ > > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > > >> + > > > > > >> + MsgArg = NULL; > > > > > >> + > > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > > >> + return EFI_NOT_STARTED; > > > > > >> + } > > > > > >> + > > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > > > >> sizeof > > > > > >> + (OPTEE_MSG_ARG)); > > > > > >> + > > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; MsgArg->Session > > > > > = > > > > > >> + Session; > > > > > >> + > > > > > >> + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +STATIC > > > > > >> +EFI_STATUS > > > > > >> +OpteeToMsgParam ( > > > > > >> + OUT OPTEE_MSG_PARAM *MsgParams, > > > > > >> + IN UINT32 NumParams, > > > > > >> + IN OPTEE_MSG_PARAM *InParams > > > > > >> + ) > > > > > >> +{ > > > > > >> + UINT32 Idx; > > > > > >> + UINTN ParamShmAddr; > > > > > >> + UINTN ShmSize; > > > > > >> + UINTN Size; > > > > > >> + > > > > > >> + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof > > > > > >> + (UINT64) - 1); ParamShmAddr = OpteeShmInfo.Base + Size; ShmSize > > > > > >> + = OpteeShmInfo.Size - Size; > > > > > >> + > > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > > > > >> + CONST OPTEE_MSG_PARAM *Ip; > > > > > >> + OPTEE_MSG_PARAM *Mp; > > > > > >> + UINT32 Attr; > > > > > >> + > > > > > >> + Ip = InParams + Idx; > > > > > >> + Mp = MsgParams + Idx; > > > > > >> + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > > > > >> + > > > > > >> + switch (Attr) { > > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > > > > >> + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > > > > >> + ZeroMem (&Mp->U, sizeof (Mp->U)); > > > > > >> + break; > > > > > >> + > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > > > > >> + Mp->Attr = Attr; > > > > > >> + Mp->U.Value.A = Ip->U.Value.A; > > > > > >> + Mp->U.Value.B = Ip->U.Value.B; > > > > > >> + Mp->U.Value.C = Ip->U.Value.C; > > > > > >> + break; > > > > > >> + > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > > > > >> + Mp->Attr = Attr; > > > > > >> + > > > > > >> + if (Ip->U.Mem.Size > ShmSize) { > > > > > >> + return EFI_OUT_OF_RESOURCES; > > > > > >> + } > > > > > >> + > > > > > >> + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip- > > > > > >> >U.Mem.Size); > > > > > >> + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; > > > > > >> + Mp->U.Mem.Size = Ip->U.Mem.Size; > > > > > >> + > > > > > >> + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); > > > > > >> + ParamShmAddr += Size; > > > > > >> + ShmSize -= Size; > > > > > >> + break; > > > > > >> + > > > > > >> + default: > > > > > >> + return EFI_INVALID_PARAMETER; > > > > > >> + } > > > > > >> + } > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +STATIC > > > > > >> +EFI_STATUS > > > > > >> +OpteeFromMsgParam ( > > > > > >> + OUT OPTEE_MSG_PARAM *OutParams, > > > > > >> + IN UINT32 NumParams, > > > > > >> + IN OPTEE_MSG_PARAM *MsgParams > > > > > >> + ) > > > > > >> +{ > > > > > >> + UINT32 Idx; > > > > > >> + > > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > > > > >> + OPTEE_MSG_PARAM *Op; > > > > > >> + CONST OPTEE_MSG_PARAM *Mp; > > > > > >> + UINT32 Attr; > > > > > >> + > > > > > >> + Op = OutParams + Idx; > > > > > >> + Mp = MsgParams + Idx; > > > > > >> + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > > > > >> + > > > > > >> + switch (Attr) { > > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > > > > >> + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > > > > >> + ZeroMem (&Op->U, sizeof (Op->U)); > > > > > >> + break; > > > > > >> + > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > > > > >> + Op->Attr = Attr; > > > > > >> + Op->U.Value.A = Mp->U.Value.A; > > > > > >> + Op->U.Value.B = Mp->U.Value.B; > > > > > >> + Op->U.Value.C = Mp->U.Value.C; > > > > > >> + break; > > > > > >> + > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > > > > >> + Op->Attr = Attr; > > > > > >> + > > > > > >> + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > > > > > >> + return EFI_BAD_BUFFER_SIZE; > > > > > >> + } > > > > > >> + > > > > > >> + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, > > > > > >> Mp->U.Mem.Size); > > > > > >> + Op->U.Mem.Size = Mp->U.Mem.Size; > > > > > >> + break; > > > > > >> + > > > > > >> + default: > > > > > >> + return EFI_INVALID_PARAMETER; > > > > > >> + } > > > > > >> + } > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeInvokeFunc ( > > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > > > > >> + ) > > > > > >> +{ > > > > > >> + EFI_STATUS Status; > > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > > >> + > > > > > >> + MsgArg = NULL; > > > > > >> + > > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > > >> + return EFI_NOT_STARTED; > > > > > >> + } > > > > > >> + > > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > > > >> sizeof > > > > > >> + (OPTEE_MSG_ARG)); > > > > > >> + > > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; MsgArg- > > > > > >Func = > > > > > >> + InvokeFuncArg->Func; MsgArg->Session = InvokeFuncArg->Session; > > > > > >> + > > > > > >> + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, > > > > > >> + InvokeFuncArg->Params); if (Status) > > > > > >> + return Status; > > > > > >> + > > > > > >> + MsgArg->NumParams = MAX_PARAMS; > > > > > >> + > > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > > >> + > > > > > >> + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, > > > > > >> MsgArg->Params)) { > > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > > >> + > > > > > >> + InvokeFuncArg->Ret = MsgArg->Ret; InvokeFuncArg->RetOrigin = > > > > > >> + MsgArg->RetOrigin; > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > >> index 5abd427379cc..e03054a7167d 100644 > > > > > >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > >> @@ -23,11 +23,13 @@ [Defines] > > > > > >> > > > > > >> [Sources] > > > > > >> Optee.c > > > > > >> + OpteeSmc.h > > > > > >> > > > > > >> [Packages] > > > > > >> ArmPkg/ArmPkg.dec > > > > > >> MdePkg/MdePkg.dec > > > > > >> > > > > > >> [LibraryClasses] > > > > > >> + ArmMmuLib > > > > > >> ArmSmcLib > > > > > >> BaseLib > > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > >> new file mode 100644 > > > > > >> index 000000000000..e2ea35784a0a > > > > > >> --- /dev/null > > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > >> @@ -0,0 +1,43 @@ > > > > > >> +/** @file > > > > > >> + OP-TEE SMC header file. > > > > > >> + > > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > > >> + > > > > > >> + This program and the accompanying materials are licensed and > > > > > >> + made available under the terms and conditions of the BSD License > > > > > >> + which accompanies this distribution. The full text of the > > > > > >> + license may be found at > > > > > >> + > > > > > >> + > > > > > >> > > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > > > >> n > > > > > >> + source.org%2Flicenses%2Fbsd- > > > > > >> license.php&data=02%7C01%7Cudit.kumar% > > > > > >> + > > > > > >> > > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > > > > > >> a92cd99 > > > > > >> + > > > > > >> > > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > > > > >> OOKCyshbg > > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > > >> + > > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > > > >> BASIS, > > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > > > >> EXPRESS OR IMPLIED. > > > > > >> + > > > > > >> +**/ > > > > > >> + > > > > > >> +#ifndef _OPTEE_SMC_H_ > > > > > >> +#define _OPTEE_SMC_H_ > > > > > >> + > > > > > >> +/* Returned in Arg0 only from Trusted OS functions */ > > > > > >> +#define OPTEE_SMC_RETURN_OK 0x0 > > > > > >> + > > > > > >> +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > > > > > >> +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > > > > > >> +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > > > > > >> + > > > > > >> +#define OPTEE_SMC_SHM_CACHED 1 > > > > > >> + > > > > > >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 > > > > > >> + > > > > > >> +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > > > > > >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > > > > > >> +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > > > > > >> + > > > > > >> +#define OPTEE_MSG_ATTR_META 0x100 > > > > > >> + > > > > > >> +#define TEE_LOGIN_PUBLIC 0x0 > > > > > >> + > > > > > >> +typedef struct { > > > > > >> + UINTN Base; > > > > > >> + UINTN Size; > > > > > >> +} OPTEE_SHARED_MEMORY_INFO; > > > > > >> + > > > > > >> +#endif > > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > > > > >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > > >> similarity index 53% > > > > > >> copy from ArmPkg/Include/Library/OpteeLib.h copy to > > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > > >> index f65d8674d9b8..14c621d89971 100644 > > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > > > > >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > > >> @@ -1,34 +1,26 @@ > > > > > >> -/** @file > > > > > >> - OP-TEE specific header file. > > > > > >> - > > > > > >> - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > > >> - > > > > > >> - This program and the accompanying materials > > > > > >> - are licensed and made available under the terms and conditions > > > > > >> of the BSD License > > > > > >> - which accompanies this distribution. The full text of the > > > > > >> license may be found at > > > > > >> - > > > > > >> > > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > > > >> nsource.org%2Flicenses%2Fbsd- > > > > > >> > > > > > license.php&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c > > > > > >> > > > > > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0% > > > > > >> > > > > > 7C0%7C636706993250535371&sdata=pyZF9Ku3qEppOOKCyshbg9oCT4 > > > > > >> P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > > >> - > > > > > >> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > > > >> BASIS, > > > > > >> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > > > EXPRESS > > > > > >> OR IMPLIED. > > > > > >> - > > > > > >> -**/ > > > > > >> - > > > > > >> -#ifndef _OPTEE_H_ > > > > > >> -#define _OPTEE_H_ > > > > > >> - > > > > > >> -/* > > > > > >> - * The 'Trusted OS Call UID' is supposed to return the following > > > > > >> UUID for > > > > > >> - * OP-TEE OS. This is a 128-bit value. > > > > > >> - */ > > > > > >> -#define OPTEE_OS_UID0 0x384fb3e0 > > > > > >> -#define OPTEE_OS_UID1 0xe7f811e3 > > > > > >> -#define OPTEE_OS_UID2 0xaf630002 > > > > > >> -#define OPTEE_OS_UID3 0xa5d5c51b > > > > > >> - > > > > > >> -BOOLEAN > > > > > >> -EFIAPI > > > > > >> -IsOpteePresent ( > > > > > >> - VOID > > > > > >> - ); > > > > > >> - > > > > > >> -#endif > > > > > >> +/** @file > > > > > >> + Standardized Global Platform header file. > > > > > >> + > > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > > >> + > > > > > >> + This program and the accompanying materials are licensed and > > > > > >> + made available under the terms and conditions of the BSD License > > > > > >> + which accompanies this distribution. The full text of the > > > > > >> + license may be found at > > > > > >> + > > > > > >> + > > > > > >> > > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > > > >> n > > > > > >> + source.org%2Flicenses%2Fbsd- > > > > > >> license.php&data=02%7C01%7Cudit.kumar% > > > > > >> + > > > > > >> > > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > > > > > >> a92cd99 > > > > > >> + > > > > > >> > > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > > > > >> OOKCyshbg > > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > > >> + > > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > > > >> BASIS, > > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > > > >> EXPRESS OR IMPLIED. > > > > > >> + > > > > > >> +**/ > > > > > >> + > > > > > >> +#ifndef _GLOBAL_PLATFORM_H_ > > > > > >> +#define _GLOBAL_PLATFORM_H_ > > > > > >> + > > > > > >> +#define TEEC_ORIGIN_COMMS 0x00000002 > > > > > >> + > > > > > >> +#define TEEC_SUCCESS 0x00000000 > > > > > >> +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > > > > > >> +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > > > > > >> +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > > > > > >> + > > > > > >> +#endif > > > > > >> -- > > > > > >> 2.7.4 > > > > > >> > > > > > >> _______________________________________________ > > > > > >> edk2-devel mailing list > > > > > >> edk2-devel@lists.01.org > > > > > >> > > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > > > > > >> st > > > > > >> s.01.org%2Fmailman%2Flistinfo%2Fedk2- > > > > > >> > > > > > devel&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e > > > > > >> > > > > > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% > > > > > >> > > > > > 7C636706993250535371&sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP > > > > > >> u%2Fhcds3j9aDPnU%3D&reserved=0 > > > > > > _______________________________________________ > > > > > > edk2-devel mailing list > > > > > > edk2-devel@lists.01.org > > > > > > > > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis > > > > > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- > > > > > devel&data=02%7C01%7Cudit.ku > > > > > > > > > > > mar%40nxp.com%7C5311c5dc22d54095d79d08d609e7fbf5%7C686ea1d3bc2 > > > > > b4c6fa92 > > > > > > > > > > > cd99c5c301635%7C0%7C0%7C636707289305519903&sdata=dwLUq8j9f > > > > > 9rxeb37V > > > > > > 8fGZKoiWh1TNBnhVFqnuF5oN3g%3D&reserved=0 > > > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-28 16:34 ` Sumit Garg @ 2018-08-29 4:38 ` Udit Kumar 2018-08-29 5:41 ` Bhupesh Sharma 1 sibling, 0 replies; 15+ messages in thread From: Udit Kumar @ 2018-08-29 4:38 UTC (permalink / raw) To: Sumit Garg, achin.gupta@arm.com Cc: Matteo.Carlini@arm.com, Ard Biesheuvel, edk2-devel@lists.01.org, tee-dev@lists.linaro.org, Daniel Thompson, Jens Wiklander, Rod Dorris, nd@arm.com > > So you do not really need an MM partition running alongside OP-TEE? > > > > Agree that most of secure services can be implemented as static > (pseudo) TAs. But if I think about services like RAS error handling and > firmware updates. Is Trusted OS (OP-TEE or any third party OS) an > appropriate place to implement these platform specific services? In my view, UEFI/MM services should be TOS specific. These must be independent of TOS. > Regards, > Sumit > > > > > > > So it looks like they complement each other and we will have more > > > robustness once we migrate to v8.4 Secure-EL2 Hypervisor for > > > isolation support. > > > > In a way yes! The robustness bit is not really related to the > > interface used to access as service. > > > > > > > > Please feel free to correct me if I missed something. > > > > Hope this makes sense. > > > > cheers, > > Achin > > > > > > > > Regards, > > > Sumit > > > > > > [1] > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fin > > > > focenter.arm.com%2Fhelp%2Ftopic%2Fcom.arm.doc.den0028b%2FARM_DE > N0028 > > > > B_SMC_Calling_Convention.pdf&data=02%7C01%7Cudit.kumar%40nxp. > com > > > > %7C8e3b0815c5424819b54f08d60d043499%7C686ea1d3bc2b4c6fa92cd99c5 > c3016 > > > > 35%7C0%7C0%7C636710709050808156&sdata=ad%2BlzFhGuZo9weUA > CLYz3h%2 > > > FiGtRRbibouX7uXxrRQfw%3D&reserved=0 > > > [2] > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fin > > > > focenter.arm.com%2Fhelp%2Ftopic%2Fcom.arm.doc.den0060a%2FDEN0060 > A_AR > > > > M_MM_Interface_Specification.pdf&data=02%7C01%7Cudit.kumar%40 > nxp > > > > .com%7C8e3b0815c5424819b54f08d60d043499%7C686ea1d3bc2b4c6fa92cd > 99c5c > > > > 301635%7C0%7C0%7C636710709050808156&sdata=CdVkFdX0dYkb%2F > 8LzQXtJ > > > WjlKjIsBoG1QHjxVvTIlV8k%3D&reserved=0 > > > > > > > Thanks > > > > Matteo > > > > > > > > [1]: > > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2 > > > > > Fcommunity.arm.com%2Fprocessors%2Fb%2Fblog%2Fposts%2Farchitecting- > > > > more-secure-world-with-isolation-and-virtualization&data=02%7C > > > > > 01%7Cudit.kumar%40nxp.com%7C8e3b0815c5424819b54f08d60d043499%7 > C686 > > > > > ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C636710709050808156&am > p;sda > > > > > ta=fCaQAmaYd7Qur81A%2BRPvJ373e2uRuE0IJFTUDx8JzfU%3D&reserve > d=0 > > > > > > > > > -----Original Message----- > > > > > From: Udit Kumar <udit.kumar@nxp.com> > > > > > Sent: 24 August 2018 18:46 > > > > > To: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Matteo Carlini > > > > > <Matteo.Carlini@arm.com> > > > > > Cc: Sumit Garg <sumit.garg@linaro.org>; edk2-devel@lists.01.org; > > > > > tee- dev@lists.linaro.org; daniel.thompson@linaro.org; > > > > > jens.wiklander@linaro.org; Rod Dorris <rod.dorris@nxp.com> > > > > > Subject: RE: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to > > > > > communicate with OP-TEE > > > > > > > > > > Hi Ard > > > > > > > > > > > If MM mode is fundamentally incompatible with OP-TEE, then you > > > > > > cannot run both at the same time, > > > > > > > > > > Both cannot coexist unless you have v8.4 CPU > > > > > > > > > > Regards > > > > > Udit > > > > > > > > > > > > > > > > > > > > > > > >> -----Original Message----- > > > > > > >> From: edk2-devel <edk2-devel-bounces@lists.01.org> On > > > > > > >> Behalf Of Sumit Garg > > > > > > >> Sent: Friday, August 24, 2018 2:51 PM > > > > > > >> To: edk2-devel@lists.01.org > > > > > > >> Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org; > > > > > > >> jens.wiklander@linaro.org > > > > > > >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to > > > > > > >> communicate with OP-TEE > > > > > > >> > > > > > > >> Add following APIs to communicate with OP-TEE static TA: > > > > > > >> 1. OpteeInit > > > > > > >> 2. OpteeOpenSession > > > > > > >> 3. OpteeCloseSession > > > > > > >> 4. OpteeInvokeFunc > > > > > > >> > > > > > > >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > > > > > > >> Cc: Leif Lindholm <leif.lindholm@linaro.org> > > > > > > >> Contributed-under: TianoCore Contribution Agreement 1.1 > > > > > > >> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > > > > > > >> --- > > > > > > >> ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > > > > > > >> ArmPkg/Library/OpteeLib/Optee.c | 358 > > > > > > >> +++++++++++++++++++++ > > > > > > >> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > > > > > > >> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > > > > > > >> .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > > > > > > >> 5 files changed, 531 insertions(+), 34 deletions(-) > > > > > > >> create mode > > > > > > >> 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > > >> copy ArmPkg/Include/Library/OpteeLib.h => > > > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > > > > > > >> > > > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > > > > > >> b/ArmPkg/Include/Library/OpteeLib.h > > > > > > >> index f65d8674d9b8..c323f49072f8 100644 > > > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > > > > > >> +++ b/ArmPkg/Include/Library/OpteeLib.h > > > > > > >> @@ -25,10 +25,112 @@ > > > > > > >> #define OPTEE_OS_UID2 0xaf630002 > > > > > > >> #define OPTEE_OS_UID3 0xa5d5c51b > > > > > > >> > > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > > > > > > >> + > > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > > > > > > >> + > > > > > > >> +typedef struct { > > > > > > >> + UINT64 BufPtr; > > > > > > >> + UINT64 Size; > > > > > > >> + UINT64 ShmRef; > > > > > > >> +} OPTEE_MSG_PARAM_MEM; > > > > > > >> + > > > > > > >> +typedef struct { > > > > > > >> + UINT64 A; > > > > > > >> + UINT64 B; > > > > > > >> + UINT64 C; > > > > > > >> +} OPTEE_MSG_PARAM_VALUE; > > > > > > >> + > > > > > > >> +typedef struct { > > > > > > >> + UINT64 Attr; > > > > > > >> + union { > > > > > > >> + OPTEE_MSG_PARAM_MEM Mem; > > > > > > >> + OPTEE_MSG_PARAM_VALUE Value; > > > > > > >> + } U; > > > > > > >> +} OPTEE_MSG_PARAM; > > > > > > >> + > > > > > > >> +#define MAX_PARAMS 4 > > > > > > >> + > > > > > > >> +typedef struct { > > > > > > >> + UINT32 Cmd; > > > > > > >> + UINT32 Func; > > > > > > >> + UINT32 Session; > > > > > > >> + UINT32 CancelId; > > > > > > >> + UINT32 Pad; > > > > > > >> + UINT32 Ret; > > > > > > >> + UINT32 RetOrigin; > > > > > > >> + UINT32 NumParams; > > > > > > >> + > > > > > > >> + // NumParams tells the actual number of element in > Params > > > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > > > > > >> +} OPTEE_MSG_ARG; > > > > > > >> + > > > > > > >> +#define OPTEE_UUID_LEN 16 > > > > > > >> + > > > > > > >> +// > > > > > > >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > > > > > > >> +// @Uuid: [in] UUID of the Trusted Application > > > > > > >> +// @Session: [out] Session id > > > > > > >> +// @Ret: [out] Return value > > > > > > >> +// @RetOrigin [out] Origin of the return value > > > > > > >> +// > > > > > > >> +typedef struct { > > > > > > >> + UINT8 Uuid[OPTEE_UUID_LEN]; > > > > > > >> + UINT32 Session; > > > > > > >> + UINT32 Ret; > > > > > > >> + UINT32 RetOrigin; > > > > > > >> +} OPTEE_OPEN_SESSION_ARG; > > > > > > >> + > > > > > > >> +// > > > > > > >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function > argument > > > > > > >> +// @Func: [in] Trusted Application function, specific to the > TA > > > > > > >> +// @Session: [in] Session id > > > > > > >> +// @Ret: [out] Return value > > > > > > >> +// @RetOrigin [out] Origin of the return value > > > > > > >> +// @Params [inout] Parameters for function to be invoked > > > > > > >> +// > > > > > > >> +typedef struct { > > > > > > >> + UINT32 Func; > > > > > > >> + UINT32 Session; > > > > > > >> + UINT32 Ret; > > > > > > >> + UINT32 RetOrigin; > > > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > > > > > >> +} OPTEE_INVOKE_FUNC_ARG; > > > > > > >> + > > > > > > >> BOOLEAN > > > > > > >> EFIAPI > > > > > > >> IsOpteePresent ( > > > > > > >> VOID > > > > > > >> ); > > > > > > >> > > > > > > >> +EFI_STATUS > > > > > > >> +EFIAPI > > > > > > >> +OpteeInit ( > > > > > > >> + VOID > > > > > > >> + ); > > > > > > >> + > > > > > > >> +EFI_STATUS > > > > > > >> +EFIAPI > > > > > > >> +OpteeOpenSession ( > > > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > > > > > >> + ); > > > > > > >> + > > > > > > >> +EFI_STATUS > > > > > > >> +EFIAPI > > > > > > >> +OpteeCloseSession ( > > > > > > >> + IN UINT32 Session > > > > > > >> + ); > > > > > > >> + > > > > > > >> +EFI_STATUS > > > > > > >> +EFIAPI > > > > > > >> +OpteeInvokeFunc ( > > > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > > > > > >> + ); > > > > > > >> + > > > > > > >> #endif > > > > > > >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c > > > > > > >> b/ArmPkg/Library/OpteeLib/Optee.c index > > > > > > >> 574527f8b5ea..2111022d3662 > > > > > > >> 100644 > > > > > > >> --- a/ArmPkg/Library/OpteeLib/Optee.c > > > > > > >> +++ b/ArmPkg/Library/OpteeLib/Optee.c > > > > > > >> @@ -14,11 +14,19 @@ > > > > > > >> > > > > > > >> **/ > > > > > > >> > > > > > > >> +#include <Library/ArmMmuLib.h> > > > > > > >> #include <Library/ArmSmcLib.h> > > > > > > >> +#include <Library/BaseMemoryLib.h> > > > > > > >> #include <Library/BaseLib.h> > > > > > > >> +#include <Library/DebugLib.h> > > > > > > >> #include <Library/OpteeLib.h> > > > > > > >> > > > > > > >> #include <IndustryStandard/ArmStdSmc.h> > > > > > > >> +#include <IndustryStandard/GlobalPlatform.h> > > > > > > >> +#include <OpteeSmc.h> > > > > > > >> +#include <Uefi.h> > > > > > > >> + > > > > > > >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; > > > > > > >> > > > > > > >> /** > > > > > > >> Check for OP-TEE presence. > > > > > > >> @@ -31,6 +39,7 @@ IsOpteePresent ( { > > > > > > >> ARM_SMC_ARGS ArmSmcArgs; > > > > > > >> > > > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > > > >> // Send a Trusted OS Calls UID command > > > > > > >> ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; > > > > > > >> ArmCallSmc (&ArmSmcArgs); @@ -44,3 +53,352 @@ > > > > > > >> IsOpteePresent ( > > > > > > >> return FALSE; > > > > > > >> } > > > > > > >> } > > > > > > >> + > > > > > > >> +STATIC > > > > > > >> +EFI_STATUS > > > > > > >> +OpteeShmMemRemap ( > > > > > > >> + VOID > > > > > > >> + ) > > > > > > >> +{ > > > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > > > > > > >> + EFI_PHYSICAL_ADDRESS Paddr; > > > > > > >> + EFI_PHYSICAL_ADDRESS Start; > > > > > > >> + EFI_PHYSICAL_ADDRESS End; > > > > > > >> + EFI_STATUS Status; > > > > > > >> + UINTN Size; > > > > > > >> + > > > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; > > > > > > >> + > > > > > > >> + ArmCallSmc (&ArmSmcArgs); if (ArmSmcArgs.Arg0 != > > > > > > >> + OPTEE_SMC_RETURN_OK) { > > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not > supported\n")); > > > > > > >> + return EFI_UNSUPPORTED; } > > > > > > >> + > > > > > > >> + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { > > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared > > > > > > memory > > > > > > >> supported\n")); > > > > > > >> + return EFI_UNSUPPORTED; } > > > > > > >> + > > > > > > >> + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - > > > > > > >> + 1); End = > > > > > > >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); > > > > > > >> + Paddr = Start; Size = End - Start; > > > > > > >> + > > > > > > >> + if (Size < SIZE_4KB) { > > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too > small\n")); > > > > > > >> + return EFI_BUFFER_TOO_SMALL; } > > > > > > >> + > > > > > > >> + Status = ArmSetMemoryAttributes (Paddr, Size, > > > > > > >> + EFI_MEMORY_WB); if (EFI_ERROR (Status)) { > > > > > > >> + return Status; > > > > > > >> + } > > > > > > >> + > > > > > > >> + OpteeShmInfo.Base = (UINTN)Paddr; OpteeShmInfo.Size = > > > > > > >> + Size; > > > > > > >> + > > > > > > >> + return EFI_SUCCESS; > > > > > > >> +} > > > > > > >> + > > > > > > >> +EFI_STATUS > > > > > > >> +EFIAPI > > > > > > >> +OpteeInit ( > > > > > > >> + VOID > > > > > > >> + ) > > > > > > >> +{ > > > > > > >> + EFI_STATUS Status; > > > > > > >> + > > > > > > >> + if (!IsOpteePresent ()) { > > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > > > > > > >> + return EFI_UNSUPPORTED; } > > > > > > >> + > > > > > > >> + Status = OpteeShmMemRemap (); if (EFI_ERROR (Status)) { > > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap > failed\n")); > > > > > > >> + return Status; > > > > > > >> + } > > > > > > >> + > > > > > > >> + return EFI_SUCCESS; > > > > > > >> +} > > > > > > >> + > > > > > > >> +/** > > > > > > >> + Does Standard SMC to OP-TEE in secure world. > > > > > > >> + > > > > > > >> + @param[in] Parg Physical address of message to pass to > secure world > > > > > > >> + > > > > > > >> + @return 0 on success, secure world return code > otherwise > > > > > > >> + > > > > > > >> +**/ > > > > > > >> +STATIC > > > > > > >> +UINT32 > > > > > > >> +OpteeCallWithArg ( > > > > > > >> + IN EFI_PHYSICAL_ADDRESS Parg > > > > > > >> + ) > > > > > > >> +{ > > > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > > > > > > >> + > > > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; > > > > > > >> + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); > > > > > > >> + ArmSmcArgs.Arg2 = (UINT32)Parg; > > > > > > >> + > > > > > > >> + while (TRUE) { > > > > > > >> + ArmCallSmc (&ArmSmcArgs); > > > > > > >> + > > > > > > >> + if (ArmSmcArgs.Arg0 == > OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { > > > > > > >> + // > > > > > > >> + // A foreign interrupt was raised while secure world was > > > > > > >> + // executing, since they are handled in UEFI a dummy RPC is > > > > > > >> + // performed to let UEFI take the interrupt through the > normal > > > > > > >> + // vector. > > > > > > >> + // > > > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; > > > > > > >> + } else { > > > > > > >> + break; > > > > > > >> + } > > > > > > >> + } > > > > > > >> + > > > > > > >> + return ArmSmcArgs.Arg0; > > > > > > >> +} > > > > > > >> + > > > > > > >> +EFI_STATUS > > > > > > >> +EFIAPI > > > > > > >> +OpteeOpenSession ( > > > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > > > > > >> + ) > > > > > > >> +{ > > > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > > > >> + > > > > > > >> + MsgArg = NULL; > > > > > > >> + > > > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > > > >> + return EFI_NOT_STARTED; } > > > > > > >> + > > > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem > > > > > > >> + (MsgArg, > > > > > > >> sizeof > > > > > > >> + (OPTEE_MSG_ARG)); > > > > > > >> + > > > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; > > > > > > >> + > > > > > > >> + // > > > > > > >> + // Initialize and add the meta parameters needed when > > > > > > >> + opening a // session. > > > > > > >> + // > > > > > > >> + MsgArg->Params[0].Attr = > OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > > > > > >> + OPTEE_MSG_ATTR_META; > > > > > > >> + MsgArg->Params[1].Attr = > OPTEE_MSG_ATTR_TYPE_VALUE_INPUT > > > > > > >> + MsgArg->| > > > > > > >> + OPTEE_MSG_ATTR_META; CopyMem > > > > > > >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, > > > > > > OPTEE_UUID_LEN); > > > > > > >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > > > > > > >> + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; > > > > > > >> + > > > > > > >> + MsgArg->NumParams = 2; > > > > > > >> + > > > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > > > >> + > > > > > > >> + OpenSessionArg->Session = MsgArg->Session; > > > > > > >> + OpenSessionArg->Ret = > > > > > > >> + MsgArg->Ret; OpenSessionArg->RetOrigin = > > > > > > >> + MsgArg->MsgArg->RetOrigin; > > > > > > >> + > > > > > > >> + return EFI_SUCCESS; > > > > > > >> +} > > > > > > >> + > > > > > > >> +EFI_STATUS > > > > > > >> +EFIAPI > > > > > > >> +OpteeCloseSession ( > > > > > > >> + IN UINT32 Session > > > > > > >> + ) > > > > > > >> +{ > > > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > > > >> + > > > > > > >> + MsgArg = NULL; > > > > > > >> + > > > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > > > >> + return EFI_NOT_STARTED; } > > > > > > >> + > > > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem > > > > > > >> + (MsgArg, > > > > > > >> sizeof > > > > > > >> + (OPTEE_MSG_ARG)); > > > > > > >> + > > > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; > > > > > > >> + MsgArg->Session > > > > > > = > > > > > > >> + Session; > > > > > > >> + > > > > > > >> + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > > > > > > >> + > > > > > > >> + return EFI_SUCCESS; > > > > > > >> +} > > > > > > >> + > > > > > > >> +STATIC > > > > > > >> +EFI_STATUS > > > > > > >> +OpteeToMsgParam ( > > > > > > >> + OUT OPTEE_MSG_PARAM *MsgParams, > > > > > > >> + IN UINT32 NumParams, > > > > > > >> + IN OPTEE_MSG_PARAM *InParams > > > > > > >> + ) > > > > > > >> +{ > > > > > > >> + UINT32 Idx; > > > > > > >> + UINTN ParamShmAddr; > > > > > > >> + UINTN ShmSize; > > > > > > >> + UINTN Size; > > > > > > >> + > > > > > > >> + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & > > > > > > >> + ~(sizeof > > > > > > >> + (UINT64) - 1); ParamShmAddr = OpteeShmInfo.Base + Size; > > > > > > >> + ShmSize = OpteeShmInfo.Size - Size; > > > > > > >> + > > > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > > > > > >> + CONST OPTEE_MSG_PARAM *Ip; > > > > > > >> + OPTEE_MSG_PARAM *Mp; > > > > > > >> + UINT32 Attr; > > > > > > >> + > > > > > > >> + Ip = InParams + Idx; > > > > > > >> + Mp = MsgParams + Idx; > > > > > > >> + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > > > > > >> + > > > > > > >> + switch (Attr) { > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > > > > > >> + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > > > > > >> + ZeroMem (&Mp->U, sizeof (Mp->U)); > > > > > > >> + break; > > > > > > >> + > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > > > > > >> + Mp->Attr = Attr; > > > > > > >> + Mp->U.Value.A = Ip->U.Value.A; > > > > > > >> + Mp->U.Value.B = Ip->U.Value.B; > > > > > > >> + Mp->U.Value.C = Ip->U.Value.C; > > > > > > >> + break; > > > > > > >> + > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > > > > > >> + Mp->Attr = Attr; > > > > > > >> + > > > > > > >> + if (Ip->U.Mem.Size > ShmSize) { > > > > > > >> + return EFI_OUT_OF_RESOURCES; > > > > > > >> + } > > > > > > >> + > > > > > > >> + CopyMem ((VOID *)ParamShmAddr, (VOID > > > > > > >> + *)Ip->U.Mem.BufPtr, Ip- > > > > > > >> >U.Mem.Size); > > > > > > >> + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; > > > > > > >> + Mp->U.Mem.Size = Ip->U.Mem.Size; > > > > > > >> + > > > > > > >> + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof > (UINT64) - 1); > > > > > > >> + ParamShmAddr += Size; > > > > > > >> + ShmSize -= Size; > > > > > > >> + break; > > > > > > >> + > > > > > > >> + default: > > > > > > >> + return EFI_INVALID_PARAMETER; > > > > > > >> + } > > > > > > >> + } > > > > > > >> + > > > > > > >> + return EFI_SUCCESS; > > > > > > >> +} > > > > > > >> + > > > > > > >> +STATIC > > > > > > >> +EFI_STATUS > > > > > > >> +OpteeFromMsgParam ( > > > > > > >> + OUT OPTEE_MSG_PARAM *OutParams, > > > > > > >> + IN UINT32 NumParams, > > > > > > >> + IN OPTEE_MSG_PARAM *MsgParams > > > > > > >> + ) > > > > > > >> +{ > > > > > > >> + UINT32 Idx; > > > > > > >> + > > > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > > > > > >> + OPTEE_MSG_PARAM *Op; > > > > > > >> + CONST OPTEE_MSG_PARAM *Mp; > > > > > > >> + UINT32 Attr; > > > > > > >> + > > > > > > >> + Op = OutParams + Idx; > > > > > > >> + Mp = MsgParams + Idx; > > > > > > >> + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > > > > > >> + > > > > > > >> + switch (Attr) { > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > > > > > >> + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > > > > > >> + ZeroMem (&Op->U, sizeof (Op->U)); > > > > > > >> + break; > > > > > > >> + > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > > > > > >> + Op->Attr = Attr; > > > > > > >> + Op->U.Value.A = Mp->U.Value.A; > > > > > > >> + Op->U.Value.B = Mp->U.Value.B; > > > > > > >> + Op->U.Value.C = Mp->U.Value.C; > > > > > > >> + break; > > > > > > >> + > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > > > > > >> + Op->Attr = Attr; > > > > > > >> + > > > > > > >> + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > > > > > > >> + return EFI_BAD_BUFFER_SIZE; > > > > > > >> + } > > > > > > >> + > > > > > > >> + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID > > > > > > >> + *)Mp->U.Mem.BufPtr, > > > > > > >> Mp->U.Mem.Size); > > > > > > >> + Op->U.Mem.Size = Mp->U.Mem.Size; > > > > > > >> + break; > > > > > > >> + > > > > > > >> + default: > > > > > > >> + return EFI_INVALID_PARAMETER; > > > > > > >> + } > > > > > > >> + } > > > > > > >> + > > > > > > >> + return EFI_SUCCESS; > > > > > > >> +} > > > > > > >> + > > > > > > >> +EFI_STATUS > > > > > > >> +EFIAPI > > > > > > >> +OpteeInvokeFunc ( > > > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > > > > > >> + ) > > > > > > >> +{ > > > > > > >> + EFI_STATUS Status; > > > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > > > >> + > > > > > > >> + MsgArg = NULL; > > > > > > >> + > > > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > > > >> + return EFI_NOT_STARTED; } > > > > > > >> + > > > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem > > > > > > >> + (MsgArg, > > > > > > >> sizeof > > > > > > >> + (OPTEE_MSG_ARG)); > > > > > > >> + > > > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; > MsgArg- > > > > > > >Func = > > > > > > >> + InvokeFuncArg->Func; MsgArg->Session = > > > > > > >> + InvokeFuncArg->InvokeFuncArg->Session; > > > > > > >> + > > > > > > >> + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, > > > > > > >> + InvokeFuncArg->Params); if (Status) > > > > > > >> + return Status; > > > > > > >> + > > > > > > >> + MsgArg->NumParams = MAX_PARAMS; > > > > > > >> + > > > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > > > >> + > > > > > > >> + if (OpteeFromMsgParam (InvokeFuncArg->Params, > > > > > > >> + MAX_PARAMS, > > > > > > >> MsgArg->Params)) { > > > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > > > >> + > > > > > > >> + InvokeFuncArg->Ret = MsgArg->Ret; > > > > > > >> + InvokeFuncArg->RetOrigin = > > > > > > >> + MsgArg->RetOrigin; > > > > > > >> + > > > > > > >> + return EFI_SUCCESS; > > > > > > >> +} > > > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > > >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > > >> index 5abd427379cc..e03054a7167d 100644 > > > > > > >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > > >> @@ -23,11 +23,13 @@ [Defines] > > > > > > >> > > > > > > >> [Sources] > > > > > > >> Optee.c > > > > > > >> + OpteeSmc.h > > > > > > >> > > > > > > >> [Packages] > > > > > > >> ArmPkg/ArmPkg.dec > > > > > > >> MdePkg/MdePkg.dec > > > > > > >> > > > > > > >> [LibraryClasses] > > > > > > >> + ArmMmuLib > > > > > > >> ArmSmcLib > > > > > > >> BaseLib > > > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > > >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > > >> new file mode 100644 > > > > > > >> index 000000000000..e2ea35784a0a > > > > > > >> --- /dev/null > > > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > > >> @@ -0,0 +1,43 @@ > > > > > > >> +/** @file > > > > > > >> + OP-TEE SMC header file. > > > > > > >> + > > > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > > > >> + > > > > > > >> + This program and the accompanying materials are > > > > > > >> + licensed and made available under the terms and > > > > > > >> + conditions of the BSD License which accompanies this > > > > > > >> + distribution. The full text of the license may be found > > > > > > >> + at > > > > > > >> + > > > > > > >> + > > > > > > >> > > > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2 > > > > > > F%2Fope > > > > > > >> n > > > > > > >> + source.org%2Flicenses%2Fbsd- > > > > > > >> license.php&data=02%7C01%7Cudit.kumar% > > > > > > >> + > > > > > > >> > > > > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6 > > > > > > f > > > > > > >> a92cd99 > > > > > > >> + > > > > > > >> > > > > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > > > > > >> OOKCyshbg > > > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > > > >> + > > > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON > AN "AS IS" > > > > > > >> BASIS, > > > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER > > > > > > >> EXPRESS OR IMPLIED. > > > > > > >> + > > > > > > >> +**/ > > > > > > >> + > > > > > > >> +#ifndef _OPTEE_SMC_H_ > > > > > > >> +#define _OPTEE_SMC_H_ > > > > > > >> + > > > > > > >> +/* Returned in Arg0 only from Trusted OS functions */ > > > > > > >> +#define OPTEE_SMC_RETURN_OK 0x0 > > > > > > >> + > > > > > > >> +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > > > > > > >> +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > > > > > > >> +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > > > > > > >> + > > > > > > >> +#define OPTEE_SMC_SHM_CACHED 1 > > > > > > >> + > > > > > > >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR > 0xffff0004 > > > > > > >> + > > > > > > >> +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > > > > > > >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > > > > > > >> +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > > > > > > >> + > > > > > > >> +#define OPTEE_MSG_ATTR_META 0x100 > > > > > > >> + > > > > > > >> +#define TEE_LOGIN_PUBLIC 0x0 > > > > > > >> + > > > > > > >> +typedef struct { > > > > > > >> + UINTN Base; > > > > > > >> + UINTN Size; > > > > > > >> +} OPTEE_SHARED_MEMORY_INFO; > > > > > > >> + > > > > > > >> +#endif > > > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > > > > > >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > > > >> similarity index 53% > > > > > > >> copy from ArmPkg/Include/Library/OpteeLib.h copy to > > > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > > > >> index f65d8674d9b8..14c621d89971 100644 > > > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > > > > > >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > > > >> @@ -1,34 +1,26 @@ > > > > > > >> -/** @file > > > > > > >> - OP-TEE specific header file. > > > > > > >> - > > > > > > >> - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > > > >> - > > > > > > >> - This program and the accompanying materials > > > > > > >> - are licensed and made available under the terms and > > > > > > >> conditions of the BSD License > > > > > > >> - which accompanies this distribution. The full text of > > > > > > >> the license may be found at > > > > > > >> - > > > > > > >> > > > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2 > > > > > > F%2Fope > > > > > > >> nsource.org%2Flicenses%2Fbsd- > > > > > > >> > > > > > > > license.php&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0 > > > > > > c > > > > > > >> > > > > > > > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0 > > > > > > % > > > > > > >> > > > > > > > 7C0%7C636706993250535371&sdata=pyZF9Ku3qEppOOKCyshbg9oCT4 > > > > > > >> P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > > > >> - > > > > > > >> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON > AN "AS IS" > > > > > > >> BASIS, > > > > > > >> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > > > > > > >> EITHER > > > > > > EXPRESS > > > > > > >> OR IMPLIED. > > > > > > >> - > > > > > > >> -**/ > > > > > > >> - > > > > > > >> -#ifndef _OPTEE_H_ > > > > > > >> -#define _OPTEE_H_ > > > > > > >> - > > > > > > >> -/* > > > > > > >> - * The 'Trusted OS Call UID' is supposed to return the > > > > > > >> following UUID for > > > > > > >> - * OP-TEE OS. This is a 128-bit value. > > > > > > >> - */ > > > > > > >> -#define OPTEE_OS_UID0 0x384fb3e0 > > > > > > >> -#define OPTEE_OS_UID1 0xe7f811e3 > > > > > > >> -#define OPTEE_OS_UID2 0xaf630002 > > > > > > >> -#define OPTEE_OS_UID3 0xa5d5c51b > > > > > > >> - > > > > > > >> -BOOLEAN > > > > > > >> -EFIAPI > > > > > > >> -IsOpteePresent ( > > > > > > >> - VOID > > > > > > >> - ); > > > > > > >> - > > > > > > >> -#endif > > > > > > >> +/** @file > > > > > > >> + Standardized Global Platform header file. > > > > > > >> + > > > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > > > >> + > > > > > > >> + This program and the accompanying materials are > > > > > > >> + licensed and made available under the terms and > > > > > > >> + conditions of the BSD License which accompanies this > > > > > > >> + distribution. The full text of the license may be found > > > > > > >> + at > > > > > > >> + > > > > > > >> + > > > > > > >> > > > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2 > > > > > > F%2Fope > > > > > > >> n > > > > > > >> + source.org%2Flicenses%2Fbsd- > > > > > > >> license.php&data=02%7C01%7Cudit.kumar% > > > > > > >> + > > > > > > >> > > > > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6 > > > > > > f > > > > > > >> a92cd99 > > > > > > >> + > > > > > > >> > > > > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > > > > > >> OOKCyshbg > > > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > > > >> + > > > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON > AN "AS IS" > > > > > > >> BASIS, > > > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER > > > > > > >> EXPRESS OR IMPLIED. > > > > > > >> + > > > > > > >> +**/ > > > > > > >> + > > > > > > >> +#ifndef _GLOBAL_PLATFORM_H_ #define > _GLOBAL_PLATFORM_H_ > > > > > > >> + > > > > > > >> +#define TEEC_ORIGIN_COMMS 0x00000002 > > > > > > >> + > > > > > > >> +#define TEEC_SUCCESS 0x00000000 > > > > > > >> +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > > > > > > >> +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > > > > > > >> +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > > > > > > >> + > > > > > > >> +#endif > > > > > > >> -- > > > > > > >> 2.7.4 > > > > > > >> > > > > > > >> _______________________________________________ > > > > > > >> edk2-devel mailing list > > > > > > >> edk2-devel@lists.01.org > > > > > > >> > > > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A% > > > > > > 2F%2Fli > > > > > > >> st > > > > > > >> s.01.org%2Fmailman%2Flistinfo%2Fedk2- > > > > > > >> > > > > > > > devel&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e > > > > > > >> > > > > > > > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% > > > > > > >> > > > > > > > 7C636706993250535371&sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP > > > > > > >> u%2Fhcds3j9aDPnU%3D&reserved=0 > > > > > > > _______________________________________________ > > > > > > > edk2-devel mailing list > > > > > > > edk2-devel@lists.01.org > > > > > > > > > > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A% > > > > > > 2F%2Flis > > > > > > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- > > > > > > devel&data=02%7C01%7Cudit.ku > > > > > > > > > > > > > > mar%40nxp.com%7C5311c5dc22d54095d79d08d609e7fbf5%7C686ea1d3bc2 > > > > > > b4c6fa92 > > > > > > > > > > > > > > cd99c5c301635%7C0%7C0%7C636707289305519903&sdata=dwLUq8j9f > > > > > > 9rxeb37V > > > > > > > 8fGZKoiWh1TNBnhVFqnuF5oN3g%3D&reserved=0 > > > > IMPORTANT NOTICE: The contents of this email and any attachments > are confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-28 16:34 ` Sumit Garg 2018-08-29 4:38 ` Udit Kumar @ 2018-08-29 5:41 ` Bhupesh Sharma 2018-08-29 7:44 ` Sumit Garg 1 sibling, 1 reply; 15+ messages in thread From: Bhupesh Sharma @ 2018-08-29 5:41 UTC (permalink / raw) To: Sumit Garg Cc: achin.gupta, Daniel Thompson, edk2-devel, tee-dev, Rod Dorris, nd, Jens Wiklander Hi Sumit, On Tue, Aug 28, 2018 at 10:04 PM, Sumit Garg <sumit.garg@linaro.org> wrote: > Hi Achin, > > On Tue, 28 Aug 2018 at 18:38, Achin Gupta <achin.gupta@arm.com> wrote: >> >> Hi Sumit, >> >> Apologies for not replying sooner. Some questions and thoughts inline. >> >> On Mon, Aug 27, 2018 at 03:28:52PM +0530, Sumit Garg wrote: >> > On Fri, 24 Aug 2018 at 23:33, Matteo Carlini <Matteo.Carlini@arm.com> wrote: >> > > >> > > +Achin >> > > >> > > SPD (for OP-TEE and other Trusted-OSes payloads running at S-EL1) and SPM (for Secure Partitions at S-EL0) are currently mutually exclusive into Trusted Firmware-A codebase. >> > > >> > > In other words, you cannot turn them on in parallel and execute both a S-EL1 Trusted OS AND (one or many) S-EL0 Secure Partitions in the Secure World with the current Software Architecture. >> > > >> > >> > IIUC, currently BL32 image is common in Trusted Firmware-A code-base. >> > If we turn on SPD then BL32=<trusted-os image> else if we turn on SPM >> > then BL32=<SPM S-EL0 image>, correct? >> >> Yes! BL32 is a TOS image if SPD is enabled. It is a S-EL0 Standalone MM Secure >> partition image if SPM is enabled. >> >> > >> > But I think SMC calling conventions (SMC Calling Convention [1] and >> > Management Mode Interface Specification [2]) doesn't put any such >> > restrictions as SMC function IDs are totally separate. >> >> Yes, this was an implementation choice to ensure that either a S-EL1 payload >> (Trusted OS) or a S-EL0 payload (MM SP) could be included in an Arm TF build but >> not both. >> >> > >> > > Achin and other Arm architects are trying to figure out a way for solving this problem without the need for a v8.4 Secure-EL2 Hypervisor, obviously without leveraging the isolation benefits of it (see also [1]). >> > > >> > >> > Agree we won't be having isolation benefits which provides added level >> > of Security. >> > >> > > But Ard is right: there could be use-cases to ship UEFI systems with OP-TEE and TAs on top...and this should still be currently possible using the SPD dispatcher into TF-A. I've not looked deeply into this patch, but it doesn’t seem to contradict the above Sw architecture. >> > > >> > > The question would be: would you foresee the need for running one (or many) other (UEFI/EDK2-based) Secure Services in the Secure World into a Secure Partition (using the StandaloneMmPkg) *together* with OP-TEE? >> > > >> > >> > As per following quote from Management Mode Interface Specification [2]: >> > >> > "Management Mode (MM) provides an environment for implementing OS >> > agnostic services (MM services) like RAS error handling, secure >> > variable storage, and firmware updates in system firmware. The >> > services can be invoked synchronously and asynchronously." >> > >> > It seems that MM mode is designed for more robust and platform >> > specific services whereas OP-TEE (or any trusted OS) use-cases seem to >> > be more complex like Entropy pool (RNG as in our case), DRM (could be >> > valid use-case for Android TV or Chromebook), keymaster or keystore >> > (for Edge devices) etc. >> >> It really depends upon the secure sw stack, use case and the requirements. MM >> interface specification specifies a blocking SMC (MM_COMMUNICATE) to access a >> secure service implemented in S-EL0. >> >> In the UEFI/PI/EDK2 context, MM drivers are used to satisfy a variety of use >> cases during boot through the EFI_MM_COMMUNICATION_PROTOCOL (the bad press of >> SMM aside!). MM_COMMUNICATE SMC provides a channel into the secure world to the >> backend of this protocol on Arm systems. So any service accessible through this >> protocol could be implemented on Arm systems in a MM SP. >> >> IIUC, in your case there is OP-TEE and firmware in the secure world. OP-TEE has >> a static TA that provides the random data service and you want to leverage it at >> boot time? Ditto for other services? > > Correct, actually we tried to create OP-TEE static (pseudo) TA that > provides RNG service using thermal sensor noise and secure timer > interrupts (FIQs) to fill entropy pool. Using this service via OP-TEE > library in UEFI (subset in terms of functionality as compared to > OP-TEE kernel driver) for features like KASLR etc. Commenting on this from a distribution p-o-v, we have arn64 boards available which have good entropy sources available but do not support EFI_RNG_PROTOCOL as they would not like the EFI firmware running in EL2 mode to use the secure entropy sources (which should be touched only by secure EL3 or EL1 softwares). In such cases, we are not able to support KASLR linux boot on such boards as there is basically no EFI_RNG_PROTOCOL support (see [1]). Ofcourse we can ask them to plug-in usb keys (Ard has a driver available for the Chaos Usb Key, see [2]) to help generate the random entropy for us, but it is not always possible in a production environment. Using on-board entropy sources (if available), is the best possible alternative there. We rely on using NS-EL0 user-space calls like linux's getrandom() to get entropy from the random pool if required in he linux user-space, but these implementation have their own limitations (see [3] and [4]), so may be on arm64 systems which support secure partitions/trusted-os we can had over these getrandom() calls to OPTEE-TAs which can get the entropy value from the secure sources as well. [1] https://www.spinics.net/lists/arm-kernel/msg640435.html [2] https://www.spinics.net/lists/arm-kernel/msg640437.html [3] https://www.mail-archive.com/kexec@lists.infradead.org/msg19586.html [4] https://access.redhat.com/security/cve/cve-2018-1108 Thanks, Bhupesh >> So you do not really need an MM partition >> running alongside OP-TEE? >> > >> So you do not really need an MM partition >> running alongside OP-TEE? >> > > Agree that most of secure services can be implemented as static > (pseudo) TAs. But if I think about services like RAS error handling > and firmware updates. Is Trusted OS (OP-TEE or any third party OS) an > appropriate place to implement these platform specific services? > >> In any case, what we are working on is to define a set of standard SMC >> interfaces that can be used to talk to a secure service in a payload in S-EL1 or >> S-EL0. This standard ABI will avoid the need to use payload specific SMCs in the >> normal world e.g. OP-TEE specific SMCs. >> > > It would be nice to have such standard ABI. > >> Side topic! Do you foresee a usecase for DRM through UEFI during boot? Would it >> work in the absence of RPC support in the Optee Library? IIUC, at runtime, DRM >> traffic will be routed through the OP-TEE driver in the OS instead of UEFI since >> there is no UEFI runtime service interface to do DRM? >> > > Correct, I don't foresee DRM use-case during UEFI boot. Actually by > DRM use-case I mean to say via OP-TEE driver in OS only. Earlier I was > trying to list use-cases of OP-TEE on devices using UEFI as a > boot-loader. > > Regards, > Sumit > >> > >> > So it looks like they complement each other and we will have more >> > robustness once we migrate to v8.4 Secure-EL2 Hypervisor for isolation >> > support. >> >> In a way yes! The robustness bit is not really related to the interface used to >> access as service. >> >> > >> > Please feel free to correct me if I missed something. >> >> Hope this makes sense. >> >> cheers, >> Achin >> >> > >> > Regards, >> > Sumit >> > >> > [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf >> > [2] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf >> > >> > > Thanks >> > > Matteo >> > > >> > > [1]: https://community.arm.com/processors/b/blog/posts/architecting-more-secure-world-with-isolation-and-virtualization >> > > >> > > > -----Original Message----- >> > > > From: Udit Kumar <udit.kumar@nxp.com> >> > > > Sent: 24 August 2018 18:46 >> > > > To: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Matteo Carlini >> > > > <Matteo.Carlini@arm.com> >> > > > Cc: Sumit Garg <sumit.garg@linaro.org>; edk2-devel@lists.01.org; tee- >> > > > dev@lists.linaro.org; daniel.thompson@linaro.org; jens.wiklander@linaro.org; >> > > > Rod Dorris <rod.dorris@nxp.com> >> > > > Subject: RE: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate >> > > > with OP-TEE >> > > > >> > > > Hi Ard >> > > > >> > > > > If MM mode is fundamentally incompatible with OP-TEE, then you cannot >> > > > > run both at the same time, >> > > > >> > > > Both cannot coexist unless you have v8.4 CPU >> > > > >> > > > Regards >> > > > Udit >> > > > >> > > > > >> > > > > >> > > > > >> -----Original Message----- >> > > > > >> From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of >> > > > > >> Sumit Garg >> > > > > >> Sent: Friday, August 24, 2018 2:51 PM >> > > > > >> To: edk2-devel@lists.01.org >> > > > > >> Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org; >> > > > > >> jens.wiklander@linaro.org >> > > > > >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to >> > > > > >> communicate with OP-TEE >> > > > > >> >> > > > > >> Add following APIs to communicate with OP-TEE static TA: >> > > > > >> 1. OpteeInit >> > > > > >> 2. OpteeOpenSession >> > > > > >> 3. OpteeCloseSession >> > > > > >> 4. OpteeInvokeFunc >> > > > > >> >> > > > > >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> >> > > > > >> Cc: Leif Lindholm <leif.lindholm@linaro.org> >> > > > > >> Contributed-under: TianoCore Contribution Agreement 1.1 >> > > > > >> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> >> > > > > >> --- >> > > > > >> ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ >> > > > > >> ArmPkg/Library/OpteeLib/Optee.c | 358 >> > > > > >> +++++++++++++++++++++ >> > > > > >> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + >> > > > > >> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ >> > > > > >> .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- >> > > > > >> 5 files changed, 531 insertions(+), 34 deletions(-) create mode >> > > > > >> 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h >> > > > > >> copy ArmPkg/Include/Library/OpteeLib.h => >> > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) >> > > > > >> >> > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h >> > > > > >> b/ArmPkg/Include/Library/OpteeLib.h >> > > > > >> index f65d8674d9b8..c323f49072f8 100644 >> > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h >> > > > > >> +++ b/ArmPkg/Include/Library/OpteeLib.h >> > > > > >> @@ -25,10 +25,112 @@ >> > > > > >> #define OPTEE_OS_UID2 0xaf630002 >> > > > > >> #define OPTEE_OS_UID3 0xa5d5c51b >> > > > > >> >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb >> > > > > >> + >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff >> > > > > >> + >> > > > > >> +typedef struct { >> > > > > >> + UINT64 BufPtr; >> > > > > >> + UINT64 Size; >> > > > > >> + UINT64 ShmRef; >> > > > > >> +} OPTEE_MSG_PARAM_MEM; >> > > > > >> + >> > > > > >> +typedef struct { >> > > > > >> + UINT64 A; >> > > > > >> + UINT64 B; >> > > > > >> + UINT64 C; >> > > > > >> +} OPTEE_MSG_PARAM_VALUE; >> > > > > >> + >> > > > > >> +typedef struct { >> > > > > >> + UINT64 Attr; >> > > > > >> + union { >> > > > > >> + OPTEE_MSG_PARAM_MEM Mem; >> > > > > >> + OPTEE_MSG_PARAM_VALUE Value; >> > > > > >> + } U; >> > > > > >> +} OPTEE_MSG_PARAM; >> > > > > >> + >> > > > > >> +#define MAX_PARAMS 4 >> > > > > >> + >> > > > > >> +typedef struct { >> > > > > >> + UINT32 Cmd; >> > > > > >> + UINT32 Func; >> > > > > >> + UINT32 Session; >> > > > > >> + UINT32 CancelId; >> > > > > >> + UINT32 Pad; >> > > > > >> + UINT32 Ret; >> > > > > >> + UINT32 RetOrigin; >> > > > > >> + UINT32 NumParams; >> > > > > >> + >> > > > > >> + // NumParams tells the actual number of element in Params >> > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; >> > > > > >> +} OPTEE_MSG_ARG; >> > > > > >> + >> > > > > >> +#define OPTEE_UUID_LEN 16 >> > > > > >> + >> > > > > >> +// >> > > > > >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument >> > > > > >> +// @Uuid: [in] UUID of the Trusted Application >> > > > > >> +// @Session: [out] Session id >> > > > > >> +// @Ret: [out] Return value >> > > > > >> +// @RetOrigin [out] Origin of the return value >> > > > > >> +// >> > > > > >> +typedef struct { >> > > > > >> + UINT8 Uuid[OPTEE_UUID_LEN]; >> > > > > >> + UINT32 Session; >> > > > > >> + UINT32 Ret; >> > > > > >> + UINT32 RetOrigin; >> > > > > >> +} OPTEE_OPEN_SESSION_ARG; >> > > > > >> + >> > > > > >> +// >> > > > > >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument >> > > > > >> +// @Func: [in] Trusted Application function, specific to the TA >> > > > > >> +// @Session: [in] Session id >> > > > > >> +// @Ret: [out] Return value >> > > > > >> +// @RetOrigin [out] Origin of the return value >> > > > > >> +// @Params [inout] Parameters for function to be invoked >> > > > > >> +// >> > > > > >> +typedef struct { >> > > > > >> + UINT32 Func; >> > > > > >> + UINT32 Session; >> > > > > >> + UINT32 Ret; >> > > > > >> + UINT32 RetOrigin; >> > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; >> > > > > >> +} OPTEE_INVOKE_FUNC_ARG; >> > > > > >> + >> > > > > >> BOOLEAN >> > > > > >> EFIAPI >> > > > > >> IsOpteePresent ( >> > > > > >> VOID >> > > > > >> ); >> > > > > >> >> > > > > >> +EFI_STATUS >> > > > > >> +EFIAPI >> > > > > >> +OpteeInit ( >> > > > > >> + VOID >> > > > > >> + ); >> > > > > >> + >> > > > > >> +EFI_STATUS >> > > > > >> +EFIAPI >> > > > > >> +OpteeOpenSession ( >> > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg >> > > > > >> + ); >> > > > > >> + >> > > > > >> +EFI_STATUS >> > > > > >> +EFIAPI >> > > > > >> +OpteeCloseSession ( >> > > > > >> + IN UINT32 Session >> > > > > >> + ); >> > > > > >> + >> > > > > >> +EFI_STATUS >> > > > > >> +EFIAPI >> > > > > >> +OpteeInvokeFunc ( >> > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg >> > > > > >> + ); >> > > > > >> + >> > > > > >> #endif >> > > > > >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c >> > > > > >> b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..2111022d3662 >> > > > > >> 100644 >> > > > > >> --- a/ArmPkg/Library/OpteeLib/Optee.c >> > > > > >> +++ b/ArmPkg/Library/OpteeLib/Optee.c >> > > > > >> @@ -14,11 +14,19 @@ >> > > > > >> >> > > > > >> **/ >> > > > > >> >> > > > > >> +#include <Library/ArmMmuLib.h> >> > > > > >> #include <Library/ArmSmcLib.h> >> > > > > >> +#include <Library/BaseMemoryLib.h> >> > > > > >> #include <Library/BaseLib.h> >> > > > > >> +#include <Library/DebugLib.h> >> > > > > >> #include <Library/OpteeLib.h> >> > > > > >> >> > > > > >> #include <IndustryStandard/ArmStdSmc.h> >> > > > > >> +#include <IndustryStandard/GlobalPlatform.h> >> > > > > >> +#include <OpteeSmc.h> >> > > > > >> +#include <Uefi.h> >> > > > > >> + >> > > > > >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; >> > > > > >> >> > > > > >> /** >> > > > > >> Check for OP-TEE presence. >> > > > > >> @@ -31,6 +39,7 @@ IsOpteePresent ( >> > > > > >> { >> > > > > >> ARM_SMC_ARGS ArmSmcArgs; >> > > > > >> >> > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); >> > > > > >> // Send a Trusted OS Calls UID command >> > > > > >> ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; >> > > > > >> ArmCallSmc (&ArmSmcArgs); >> > > > > >> @@ -44,3 +53,352 @@ IsOpteePresent ( >> > > > > >> return FALSE; >> > > > > >> } >> > > > > >> } >> > > > > >> + >> > > > > >> +STATIC >> > > > > >> +EFI_STATUS >> > > > > >> +OpteeShmMemRemap ( >> > > > > >> + VOID >> > > > > >> + ) >> > > > > >> +{ >> > > > > >> + ARM_SMC_ARGS ArmSmcArgs; >> > > > > >> + EFI_PHYSICAL_ADDRESS Paddr; >> > > > > >> + EFI_PHYSICAL_ADDRESS Start; >> > > > > >> + EFI_PHYSICAL_ADDRESS End; >> > > > > >> + EFI_STATUS Status; >> > > > > >> + UINTN Size; >> > > > > >> + >> > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); >> > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; >> > > > > >> + >> > > > > >> + ArmCallSmc (&ArmSmcArgs); >> > > > > >> + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); >> > > > > >> + return EFI_UNSUPPORTED; >> > > > > >> + } >> > > > > >> + >> > > > > >> + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared >> > > > > memory >> > > > > >> supported\n")); >> > > > > >> + return EFI_UNSUPPORTED; >> > > > > >> + } >> > > > > >> + >> > > > > >> + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); End >> > > > > >> + = >> > > > > >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); Paddr = >> > > > > >> + Start; Size = End - Start; >> > > > > >> + >> > > > > >> + if (Size < SIZE_4KB) { >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); >> > > > > >> + return EFI_BUFFER_TOO_SMALL; >> > > > > >> + } >> > > > > >> + >> > > > > >> + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); >> > > > > >> + if (EFI_ERROR (Status)) { >> > > > > >> + return Status; >> > > > > >> + } >> > > > > >> + >> > > > > >> + OpteeShmInfo.Base = (UINTN)Paddr; OpteeShmInfo.Size = Size; >> > > > > >> + >> > > > > >> + return EFI_SUCCESS; >> > > > > >> +} >> > > > > >> + >> > > > > >> +EFI_STATUS >> > > > > >> +EFIAPI >> > > > > >> +OpteeInit ( >> > > > > >> + VOID >> > > > > >> + ) >> > > > > >> +{ >> > > > > >> + EFI_STATUS Status; >> > > > > >> + >> > > > > >> + if (!IsOpteePresent ()) { >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); >> > > > > >> + return EFI_UNSUPPORTED; >> > > > > >> + } >> > > > > >> + >> > > > > >> + Status = OpteeShmMemRemap (); >> > > > > >> + if (EFI_ERROR (Status)) { >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); >> > > > > >> + return Status; >> > > > > >> + } >> > > > > >> + >> > > > > >> + return EFI_SUCCESS; >> > > > > >> +} >> > > > > >> + >> > > > > >> +/** >> > > > > >> + Does Standard SMC to OP-TEE in secure world. >> > > > > >> + >> > > > > >> + @param[in] Parg Physical address of message to pass to secure world >> > > > > >> + >> > > > > >> + @return 0 on success, secure world return code otherwise >> > > > > >> + >> > > > > >> +**/ >> > > > > >> +STATIC >> > > > > >> +UINT32 >> > > > > >> +OpteeCallWithArg ( >> > > > > >> + IN EFI_PHYSICAL_ADDRESS Parg >> > > > > >> + ) >> > > > > >> +{ >> > > > > >> + ARM_SMC_ARGS ArmSmcArgs; >> > > > > >> + >> > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); >> > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; >> > > > > >> + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); >> > > > > >> + ArmSmcArgs.Arg2 = (UINT32)Parg; >> > > > > >> + >> > > > > >> + while (TRUE) { >> > > > > >> + ArmCallSmc (&ArmSmcArgs); >> > > > > >> + >> > > > > >> + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { >> > > > > >> + // >> > > > > >> + // A foreign interrupt was raised while secure world was >> > > > > >> + // executing, since they are handled in UEFI a dummy RPC is >> > > > > >> + // performed to let UEFI take the interrupt through the normal >> > > > > >> + // vector. >> > > > > >> + // >> > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; >> > > > > >> + } else { >> > > > > >> + break; >> > > > > >> + } >> > > > > >> + } >> > > > > >> + >> > > > > >> + return ArmSmcArgs.Arg0; >> > > > > >> +} >> > > > > >> + >> > > > > >> +EFI_STATUS >> > > > > >> +EFIAPI >> > > > > >> +OpteeOpenSession ( >> > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg >> > > > > >> + ) >> > > > > >> +{ >> > > > > >> + OPTEE_MSG_ARG *MsgArg; >> > > > > >> + >> > > > > >> + MsgArg = NULL; >> > > > > >> + >> > > > > >> + if (OpteeShmInfo.Base == 0) { >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); >> > > > > >> + return EFI_NOT_STARTED; >> > > > > >> + } >> > > > > >> + >> > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, >> > > > > >> sizeof >> > > > > >> + (OPTEE_MSG_ARG)); >> > > > > >> + >> > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; >> > > > > >> + >> > > > > >> + // >> > > > > >> + // Initialize and add the meta parameters needed when opening a >> > > > > >> + // session. >> > > > > >> + // >> > > > > >> + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | >> > > > > >> + OPTEE_MSG_ATTR_META; >> > > > > >> + MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | >> > > > > >> + OPTEE_MSG_ATTR_META; CopyMem >> > > > > >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, >> > > > > OPTEE_UUID_LEN); >> > > > > >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); >> > > > > >> + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; >> > > > > >> + >> > > > > >> + MsgArg->NumParams = 2; >> > > > > >> + >> > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { >> > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; >> > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } >> > > > > >> + >> > > > > >> + OpenSessionArg->Session = MsgArg->Session; OpenSessionArg->Ret >> > > > > >> + = >> > > > > >> + MsgArg->Ret; OpenSessionArg->RetOrigin = MsgArg->RetOrigin; >> > > > > >> + >> > > > > >> + return EFI_SUCCESS; >> > > > > >> +} >> > > > > >> + >> > > > > >> +EFI_STATUS >> > > > > >> +EFIAPI >> > > > > >> +OpteeCloseSession ( >> > > > > >> + IN UINT32 Session >> > > > > >> + ) >> > > > > >> +{ >> > > > > >> + OPTEE_MSG_ARG *MsgArg; >> > > > > >> + >> > > > > >> + MsgArg = NULL; >> > > > > >> + >> > > > > >> + if (OpteeShmInfo.Base == 0) { >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); >> > > > > >> + return EFI_NOT_STARTED; >> > > > > >> + } >> > > > > >> + >> > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, >> > > > > >> sizeof >> > > > > >> + (OPTEE_MSG_ARG)); >> > > > > >> + >> > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; MsgArg->Session >> > > > > = >> > > > > >> + Session; >> > > > > >> + >> > > > > >> + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); >> > > > > >> + >> > > > > >> + return EFI_SUCCESS; >> > > > > >> +} >> > > > > >> + >> > > > > >> +STATIC >> > > > > >> +EFI_STATUS >> > > > > >> +OpteeToMsgParam ( >> > > > > >> + OUT OPTEE_MSG_PARAM *MsgParams, >> > > > > >> + IN UINT32 NumParams, >> > > > > >> + IN OPTEE_MSG_PARAM *InParams >> > > > > >> + ) >> > > > > >> +{ >> > > > > >> + UINT32 Idx; >> > > > > >> + UINTN ParamShmAddr; >> > > > > >> + UINTN ShmSize; >> > > > > >> + UINTN Size; >> > > > > >> + >> > > > > >> + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof >> > > > > >> + (UINT64) - 1); ParamShmAddr = OpteeShmInfo.Base + Size; ShmSize >> > > > > >> + = OpteeShmInfo.Size - Size; >> > > > > >> + >> > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { >> > > > > >> + CONST OPTEE_MSG_PARAM *Ip; >> > > > > >> + OPTEE_MSG_PARAM *Mp; >> > > > > >> + UINT32 Attr; >> > > > > >> + >> > > > > >> + Ip = InParams + Idx; >> > > > > >> + Mp = MsgParams + Idx; >> > > > > >> + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; >> > > > > >> + >> > > > > >> + switch (Attr) { >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: >> > > > > >> + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; >> > > > > >> + ZeroMem (&Mp->U, sizeof (Mp->U)); >> > > > > >> + break; >> > > > > >> + >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: >> > > > > >> + Mp->Attr = Attr; >> > > > > >> + Mp->U.Value.A = Ip->U.Value.A; >> > > > > >> + Mp->U.Value.B = Ip->U.Value.B; >> > > > > >> + Mp->U.Value.C = Ip->U.Value.C; >> > > > > >> + break; >> > > > > >> + >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: >> > > > > >> + Mp->Attr = Attr; >> > > > > >> + >> > > > > >> + if (Ip->U.Mem.Size > ShmSize) { >> > > > > >> + return EFI_OUT_OF_RESOURCES; >> > > > > >> + } >> > > > > >> + >> > > > > >> + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip- >> > > > > >> >U.Mem.Size); >> > > > > >> + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; >> > > > > >> + Mp->U.Mem.Size = Ip->U.Mem.Size; >> > > > > >> + >> > > > > >> + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); >> > > > > >> + ParamShmAddr += Size; >> > > > > >> + ShmSize -= Size; >> > > > > >> + break; >> > > > > >> + >> > > > > >> + default: >> > > > > >> + return EFI_INVALID_PARAMETER; >> > > > > >> + } >> > > > > >> + } >> > > > > >> + >> > > > > >> + return EFI_SUCCESS; >> > > > > >> +} >> > > > > >> + >> > > > > >> +STATIC >> > > > > >> +EFI_STATUS >> > > > > >> +OpteeFromMsgParam ( >> > > > > >> + OUT OPTEE_MSG_PARAM *OutParams, >> > > > > >> + IN UINT32 NumParams, >> > > > > >> + IN OPTEE_MSG_PARAM *MsgParams >> > > > > >> + ) >> > > > > >> +{ >> > > > > >> + UINT32 Idx; >> > > > > >> + >> > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { >> > > > > >> + OPTEE_MSG_PARAM *Op; >> > > > > >> + CONST OPTEE_MSG_PARAM *Mp; >> > > > > >> + UINT32 Attr; >> > > > > >> + >> > > > > >> + Op = OutParams + Idx; >> > > > > >> + Mp = MsgParams + Idx; >> > > > > >> + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; >> > > > > >> + >> > > > > >> + switch (Attr) { >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: >> > > > > >> + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; >> > > > > >> + ZeroMem (&Op->U, sizeof (Op->U)); >> > > > > >> + break; >> > > > > >> + >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: >> > > > > >> + Op->Attr = Attr; >> > > > > >> + Op->U.Value.A = Mp->U.Value.A; >> > > > > >> + Op->U.Value.B = Mp->U.Value.B; >> > > > > >> + Op->U.Value.C = Mp->U.Value.C; >> > > > > >> + break; >> > > > > >> + >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: >> > > > > >> + Op->Attr = Attr; >> > > > > >> + >> > > > > >> + if (Mp->U.Mem.Size > Op->U.Mem.Size) { >> > > > > >> + return EFI_BAD_BUFFER_SIZE; >> > > > > >> + } >> > > > > >> + >> > > > > >> + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, >> > > > > >> Mp->U.Mem.Size); >> > > > > >> + Op->U.Mem.Size = Mp->U.Mem.Size; >> > > > > >> + break; >> > > > > >> + >> > > > > >> + default: >> > > > > >> + return EFI_INVALID_PARAMETER; >> > > > > >> + } >> > > > > >> + } >> > > > > >> + >> > > > > >> + return EFI_SUCCESS; >> > > > > >> +} >> > > > > >> + >> > > > > >> +EFI_STATUS >> > > > > >> +EFIAPI >> > > > > >> +OpteeInvokeFunc ( >> > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg >> > > > > >> + ) >> > > > > >> +{ >> > > > > >> + EFI_STATUS Status; >> > > > > >> + OPTEE_MSG_ARG *MsgArg; >> > > > > >> + >> > > > > >> + MsgArg = NULL; >> > > > > >> + >> > > > > >> + if (OpteeShmInfo.Base == 0) { >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); >> > > > > >> + return EFI_NOT_STARTED; >> > > > > >> + } >> > > > > >> + >> > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, >> > > > > >> sizeof >> > > > > >> + (OPTEE_MSG_ARG)); >> > > > > >> + >> > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; MsgArg- >> > > > > >Func = >> > > > > >> + InvokeFuncArg->Func; MsgArg->Session = InvokeFuncArg->Session; >> > > > > >> + >> > > > > >> + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, >> > > > > >> + InvokeFuncArg->Params); if (Status) >> > > > > >> + return Status; >> > > > > >> + >> > > > > >> + MsgArg->NumParams = MAX_PARAMS; >> > > > > >> + >> > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { >> > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; >> > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } >> > > > > >> + >> > > > > >> + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, >> > > > > >> MsgArg->Params)) { >> > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; >> > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } >> > > > > >> + >> > > > > >> + InvokeFuncArg->Ret = MsgArg->Ret; InvokeFuncArg->RetOrigin = >> > > > > >> + MsgArg->RetOrigin; >> > > > > >> + >> > > > > >> + return EFI_SUCCESS; >> > > > > >> +} >> > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf >> > > > > >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf >> > > > > >> index 5abd427379cc..e03054a7167d 100644 >> > > > > >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf >> > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf >> > > > > >> @@ -23,11 +23,13 @@ [Defines] >> > > > > >> >> > > > > >> [Sources] >> > > > > >> Optee.c >> > > > > >> + OpteeSmc.h >> > > > > >> >> > > > > >> [Packages] >> > > > > >> ArmPkg/ArmPkg.dec >> > > > > >> MdePkg/MdePkg.dec >> > > > > >> >> > > > > >> [LibraryClasses] >> > > > > >> + ArmMmuLib >> > > > > >> ArmSmcLib >> > > > > >> BaseLib >> > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h >> > > > > >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h >> > > > > >> new file mode 100644 >> > > > > >> index 000000000000..e2ea35784a0a >> > > > > >> --- /dev/null >> > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h >> > > > > >> @@ -0,0 +1,43 @@ >> > > > > >> +/** @file >> > > > > >> + OP-TEE SMC header file. >> > > > > >> + >> > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> >> > > > > >> + >> > > > > >> + This program and the accompanying materials are licensed and >> > > > > >> + made available under the terms and conditions of the BSD License >> > > > > >> + which accompanies this distribution. The full text of the >> > > > > >> + license may be found at >> > > > > >> + >> > > > > >> + >> > > > > >> >> > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope >> > > > > >> n >> > > > > >> + source.org%2Flicenses%2Fbsd- >> > > > > >> license.php&data=02%7C01%7Cudit.kumar% >> > > > > >> + >> > > > > >> >> > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f >> > > > > >> a92cd99 >> > > > > >> + >> > > > > >> >> > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp >> > > > > >> OOKCyshbg >> > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 >> > > > > >> + >> > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >> > > > > >> BASIS, >> > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >> > > > > >> EXPRESS OR IMPLIED. >> > > > > >> + >> > > > > >> +**/ >> > > > > >> + >> > > > > >> +#ifndef _OPTEE_SMC_H_ >> > > > > >> +#define _OPTEE_SMC_H_ >> > > > > >> + >> > > > > >> +/* Returned in Arg0 only from Trusted OS functions */ >> > > > > >> +#define OPTEE_SMC_RETURN_OK 0x0 >> > > > > >> + >> > > > > >> +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 >> > > > > >> +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 >> > > > > >> +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 >> > > > > >> + >> > > > > >> +#define OPTEE_SMC_SHM_CACHED 1 >> > > > > >> + >> > > > > >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 >> > > > > >> + >> > > > > >> +#define OPTEE_MSG_CMD_OPEN_SESSION 0 >> > > > > >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 >> > > > > >> +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 >> > > > > >> + >> > > > > >> +#define OPTEE_MSG_ATTR_META 0x100 >> > > > > >> + >> > > > > >> +#define TEE_LOGIN_PUBLIC 0x0 >> > > > > >> + >> > > > > >> +typedef struct { >> > > > > >> + UINTN Base; >> > > > > >> + UINTN Size; >> > > > > >> +} OPTEE_SHARED_MEMORY_INFO; >> > > > > >> + >> > > > > >> +#endif >> > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h >> > > > > >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h >> > > > > >> similarity index 53% >> > > > > >> copy from ArmPkg/Include/Library/OpteeLib.h copy to >> > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h >> > > > > >> index f65d8674d9b8..14c621d89971 100644 >> > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h >> > > > > >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h >> > > > > >> @@ -1,34 +1,26 @@ >> > > > > >> -/** @file >> > > > > >> - OP-TEE specific header file. >> > > > > >> - >> > > > > >> - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> >> > > > > >> - >> > > > > >> - This program and the accompanying materials >> > > > > >> - are licensed and made available under the terms and conditions >> > > > > >> of the BSD License >> > > > > >> - which accompanies this distribution. The full text of the >> > > > > >> license may be found at >> > > > > >> - >> > > > > >> >> > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope >> > > > > >> nsource.org%2Flicenses%2Fbsd- >> > > > > >> >> > > > > license.php&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c >> > > > > >> >> > > > > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0% >> > > > > >> >> > > > > 7C0%7C636706993250535371&sdata=pyZF9Ku3qEppOOKCyshbg9oCT4 >> > > > > >> P6AwM2olKY3%2B2ImWs%3D&reserved=0 >> > > > > >> - >> > > > > >> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >> > > > > >> BASIS, >> > > > > >> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >> > > > > EXPRESS >> > > > > >> OR IMPLIED. >> > > > > >> - >> > > > > >> -**/ >> > > > > >> - >> > > > > >> -#ifndef _OPTEE_H_ >> > > > > >> -#define _OPTEE_H_ >> > > > > >> - >> > > > > >> -/* >> > > > > >> - * The 'Trusted OS Call UID' is supposed to return the following >> > > > > >> UUID for >> > > > > >> - * OP-TEE OS. This is a 128-bit value. >> > > > > >> - */ >> > > > > >> -#define OPTEE_OS_UID0 0x384fb3e0 >> > > > > >> -#define OPTEE_OS_UID1 0xe7f811e3 >> > > > > >> -#define OPTEE_OS_UID2 0xaf630002 >> > > > > >> -#define OPTEE_OS_UID3 0xa5d5c51b >> > > > > >> - >> > > > > >> -BOOLEAN >> > > > > >> -EFIAPI >> > > > > >> -IsOpteePresent ( >> > > > > >> - VOID >> > > > > >> - ); >> > > > > >> - >> > > > > >> -#endif >> > > > > >> +/** @file >> > > > > >> + Standardized Global Platform header file. >> > > > > >> + >> > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> >> > > > > >> + >> > > > > >> + This program and the accompanying materials are licensed and >> > > > > >> + made available under the terms and conditions of the BSD License >> > > > > >> + which accompanies this distribution. The full text of the >> > > > > >> + license may be found at >> > > > > >> + >> > > > > >> + >> > > > > >> >> > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope >> > > > > >> n >> > > > > >> + source.org%2Flicenses%2Fbsd- >> > > > > >> license.php&data=02%7C01%7Cudit.kumar% >> > > > > >> + >> > > > > >> >> > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f >> > > > > >> a92cd99 >> > > > > >> + >> > > > > >> >> > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp >> > > > > >> OOKCyshbg >> > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 >> > > > > >> + >> > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" >> > > > > >> BASIS, >> > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER >> > > > > >> EXPRESS OR IMPLIED. >> > > > > >> + >> > > > > >> +**/ >> > > > > >> + >> > > > > >> +#ifndef _GLOBAL_PLATFORM_H_ >> > > > > >> +#define _GLOBAL_PLATFORM_H_ >> > > > > >> + >> > > > > >> +#define TEEC_ORIGIN_COMMS 0x00000002 >> > > > > >> + >> > > > > >> +#define TEEC_SUCCESS 0x00000000 >> > > > > >> +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 >> > > > > >> +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E >> > > > > >> +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C >> > > > > >> + >> > > > > >> +#endif >> > > > > >> -- >> > > > > >> 2.7.4 >> > > > > >> >> > > > > >> _______________________________________________ >> > > > > >> edk2-devel mailing list >> > > > > >> edk2-devel@lists.01.org >> > > > > >> >> > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli >> > > > > >> st >> > > > > >> s.01.org%2Fmailman%2Flistinfo%2Fedk2- >> > > > > >> >> > > > > devel&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e >> > > > > >> >> > > > > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% >> > > > > >> >> > > > > 7C636706993250535371&sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP >> > > > > >> u%2Fhcds3j9aDPnU%3D&reserved=0 >> > > > > > _______________________________________________ >> > > > > > edk2-devel mailing list >> > > > > > edk2-devel@lists.01.org >> > > > > > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis >> > > > > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- >> > > > > devel&data=02%7C01%7Cudit.ku >> > > > > > >> > > > > mar%40nxp.com%7C5311c5dc22d54095d79d08d609e7fbf5%7C686ea1d3bc2 >> > > > > b4c6fa92 >> > > > > > >> > > > > cd99c5c301635%7C0%7C0%7C636707289305519903&sdata=dwLUq8j9f >> > > > > 9rxeb37V >> > > > > > 8fGZKoiWh1TNBnhVFqnuF5oN3g%3D&reserved=0 >> > > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE 2018-08-29 5:41 ` Bhupesh Sharma @ 2018-08-29 7:44 ` Sumit Garg 0 siblings, 0 replies; 15+ messages in thread From: Sumit Garg @ 2018-08-29 7:44 UTC (permalink / raw) To: bhsharma Cc: achin.gupta, Ard Biesheuvel, Daniel Thompson, edk2-devel, tee-dev, rod.dorris, nd, Jens Wiklander Hi Bhupesh, On Wed, 29 Aug 2018 at 11:11, Bhupesh Sharma <bhsharma@redhat.com> wrote: > > Hi Sumit, > > On Tue, Aug 28, 2018 at 10:04 PM, Sumit Garg <sumit.garg@linaro.org> wrote: > > Hi Achin, > > > > On Tue, 28 Aug 2018 at 18:38, Achin Gupta <achin.gupta@arm.com> wrote: > >> > >> Hi Sumit, > >> > >> Apologies for not replying sooner. Some questions and thoughts inline. > >> > >> On Mon, Aug 27, 2018 at 03:28:52PM +0530, Sumit Garg wrote: > >> > On Fri, 24 Aug 2018 at 23:33, Matteo Carlini <Matteo.Carlini@arm.com> wrote: > >> > > > >> > > +Achin > >> > > > >> > > SPD (for OP-TEE and other Trusted-OSes payloads running at S-EL1) and SPM (for Secure Partitions at S-EL0) are currently mutually exclusive into Trusted Firmware-A codebase. > >> > > > >> > > In other words, you cannot turn them on in parallel and execute both a S-EL1 Trusted OS AND (one or many) S-EL0 Secure Partitions in the Secure World with the current Software Architecture. > >> > > > >> > > >> > IIUC, currently BL32 image is common in Trusted Firmware-A code-base. > >> > If we turn on SPD then BL32=<trusted-os image> else if we turn on SPM > >> > then BL32=<SPM S-EL0 image>, correct? > >> > >> Yes! BL32 is a TOS image if SPD is enabled. It is a S-EL0 Standalone MM Secure > >> partition image if SPM is enabled. > >> > >> > > >> > But I think SMC calling conventions (SMC Calling Convention [1] and > >> > Management Mode Interface Specification [2]) doesn't put any such > >> > restrictions as SMC function IDs are totally separate. > >> > >> Yes, this was an implementation choice to ensure that either a S-EL1 payload > >> (Trusted OS) or a S-EL0 payload (MM SP) could be included in an Arm TF build but > >> not both. > >> > >> > > >> > > Achin and other Arm architects are trying to figure out a way for solving this problem without the need for a v8.4 Secure-EL2 Hypervisor, obviously without leveraging the isolation benefits of it (see also [1]). > >> > > > >> > > >> > Agree we won't be having isolation benefits which provides added level > >> > of Security. > >> > > >> > > But Ard is right: there could be use-cases to ship UEFI systems with OP-TEE and TAs on top...and this should still be currently possible using the SPD dispatcher into TF-A. I've not looked deeply into this patch, but it doesn’t seem to contradict the above Sw architecture. > >> > > > >> > > The question would be: would you foresee the need for running one (or many) other (UEFI/EDK2-based) Secure Services in the Secure World into a Secure Partition (using the StandaloneMmPkg) *together* with OP-TEE? > >> > > > >> > > >> > As per following quote from Management Mode Interface Specification [2]: > >> > > >> > "Management Mode (MM) provides an environment for implementing OS > >> > agnostic services (MM services) like RAS error handling, secure > >> > variable storage, and firmware updates in system firmware. The > >> > services can be invoked synchronously and asynchronously." > >> > > >> > It seems that MM mode is designed for more robust and platform > >> > specific services whereas OP-TEE (or any trusted OS) use-cases seem to > >> > be more complex like Entropy pool (RNG as in our case), DRM (could be > >> > valid use-case for Android TV or Chromebook), keymaster or keystore > >> > (for Edge devices) etc. > >> > >> It really depends upon the secure sw stack, use case and the requirements. MM > >> interface specification specifies a blocking SMC (MM_COMMUNICATE) to access a > >> secure service implemented in S-EL0. > >> > >> In the UEFI/PI/EDK2 context, MM drivers are used to satisfy a variety of use > >> cases during boot through the EFI_MM_COMMUNICATION_PROTOCOL (the bad press of > >> SMM aside!). MM_COMMUNICATE SMC provides a channel into the secure world to the > >> backend of this protocol on Arm systems. So any service accessible through this > >> protocol could be implemented on Arm systems in a MM SP. > >> > >> IIUC, in your case there is OP-TEE and firmware in the secure world. OP-TEE has > >> a static TA that provides the random data service and you want to leverage it at > >> boot time? Ditto for other services? > > > > Correct, actually we tried to create OP-TEE static (pseudo) TA that > > provides RNG service using thermal sensor noise and secure timer > > interrupts (FIQs) to fill entropy pool. Using this service via OP-TEE > > library in UEFI (subset in terms of functionality as compared to > > OP-TEE kernel driver) for features like KASLR etc. > > Commenting on this from a distribution p-o-v, we have arn64 boards > available which have good entropy sources available but do not support > EFI_RNG_PROTOCOL as they would not like the EFI firmware running in > EL2 mode to use the secure entropy sources (which should be touched > only by secure EL3 or EL1 softwares). > > In such cases, we are not able to support KASLR linux boot on such > boards as there is basically no EFI_RNG_PROTOCOL support (see [1]). > Ofcourse we can ask them to plug-in usb keys (Ard has a driver > available for the Chaos Usb Key, see [2]) to help generate the random > entropy for us, but it is not always possible in a production > environment. Using on-board entropy sources (if available), is the > best possible alternative there. > > We rely on using NS-EL0 user-space calls like linux's getrandom() to > get entropy from the random pool if required in he linux user-space, > but these implementation have their own limitations (see [3] and [4]), > so may be on arm64 systems which support secure partitions/trusted-os > we can had over these getrandom() calls to OPTEE-TAs which can get the > entropy value from the secure sources as well. Following is brief description regarding RNG implementation we have: 1. Boot time: Support for EFI_RNG_PROTOCOL using this OP-TEE Library to access RNG service. Using EFI_RNG_PROTOCOL to provide kaslr-seed and initial seed for kernel entropy pool. 2. Run time: In Linux we tried to emulate "hw_random" char driver (/dev/hwrng) using kernel TEE internal client interface [1] to access RNG service. Using /dev/hwrng, we added entropy to kernel entropy pools (/dev/random) which could be used by Linux user-space via getrandom() system calls. I hope above implementation suffices your use-case too. BTW, we do have a session regarding this at Linaro Connect [2]. [1] https://patchwork.kernel.org/patch/10513611/ [2] https://yvr18.pathable.com/meetings/740437 Regards, Sumit > > [1] https://www.spinics.net/lists/arm-kernel/msg640435.html > [2] https://www.spinics.net/lists/arm-kernel/msg640437.html > [3] https://www.mail-archive.com/kexec@lists.infradead.org/msg19586.html > [4] https://access.redhat.com/security/cve/cve-2018-1108 > > Thanks, > Bhupesh > > >> So you do not really need an MM partition > >> running alongside OP-TEE? > >> > > > >> So you do not really need an MM partition > >> running alongside OP-TEE? > >> > > > > Agree that most of secure services can be implemented as static > > (pseudo) TAs. But if I think about services like RAS error handling > > and firmware updates. Is Trusted OS (OP-TEE or any third party OS) an > > appropriate place to implement these platform specific services? > > > >> In any case, what we are working on is to define a set of standard SMC > >> interfaces that can be used to talk to a secure service in a payload in S-EL1 or > >> S-EL0. This standard ABI will avoid the need to use payload specific SMCs in the > >> normal world e.g. OP-TEE specific SMCs. > >> > > > > It would be nice to have such standard ABI. > > > >> Side topic! Do you foresee a usecase for DRM through UEFI during boot? Would it > >> work in the absence of RPC support in the Optee Library? IIUC, at runtime, DRM > >> traffic will be routed through the OP-TEE driver in the OS instead of UEFI since > >> there is no UEFI runtime service interface to do DRM? > >> > > > > Correct, I don't foresee DRM use-case during UEFI boot. Actually by > > DRM use-case I mean to say via OP-TEE driver in OS only. Earlier I was > > trying to list use-cases of OP-TEE on devices using UEFI as a > > boot-loader. > > > > Regards, > > Sumit > > > >> > > >> > So it looks like they complement each other and we will have more > >> > robustness once we migrate to v8.4 Secure-EL2 Hypervisor for isolation > >> > support. > >> > >> In a way yes! The robustness bit is not really related to the interface used to > >> access as service. > >> > >> > > >> > Please feel free to correct me if I missed something. > >> > >> Hope this makes sense. > >> > >> cheers, > >> Achin > >> > >> > > >> > Regards, > >> > Sumit > >> > > >> > [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf > >> > [2] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf > >> > > >> > > Thanks > >> > > Matteo > >> > > > >> > > [1]: https://community.arm.com/processors/b/blog/posts/architecting-more-secure-world-with-isolation-and-virtualization > >> > > > >> > > > -----Original Message----- > >> > > > From: Udit Kumar <udit.kumar@nxp.com> > >> > > > Sent: 24 August 2018 18:46 > >> > > > To: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Matteo Carlini > >> > > > <Matteo.Carlini@arm.com> > >> > > > Cc: Sumit Garg <sumit.garg@linaro.org>; edk2-devel@lists.01.org; tee- > >> > > > dev@lists.linaro.org; daniel.thompson@linaro.org; jens.wiklander@linaro.org; > >> > > > Rod Dorris <rod.dorris@nxp.com> > >> > > > Subject: RE: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate > >> > > > with OP-TEE > >> > > > > >> > > > Hi Ard > >> > > > > >> > > > > If MM mode is fundamentally incompatible with OP-TEE, then you cannot > >> > > > > run both at the same time, > >> > > > > >> > > > Both cannot coexist unless you have v8.4 CPU > >> > > > > >> > > > Regards > >> > > > Udit > >> > > > > >> > > > > > >> > > > > > >> > > > > >> -----Original Message----- > >> > > > > >> From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of > >> > > > > >> Sumit Garg > >> > > > > >> Sent: Friday, August 24, 2018 2:51 PM > >> > > > > >> To: edk2-devel@lists.01.org > >> > > > > >> Cc: daniel.thompson@linaro.org; tee-dev@lists.linaro.org; > >> > > > > >> jens.wiklander@linaro.org > >> > > > > >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to > >> > > > > >> communicate with OP-TEE > >> > > > > >> > >> > > > > >> Add following APIs to communicate with OP-TEE static TA: > >> > > > > >> 1. OpteeInit > >> > > > > >> 2. OpteeOpenSession > >> > > > > >> 3. OpteeCloseSession > >> > > > > >> 4. OpteeInvokeFunc > >> > > > > >> > >> > > > > >> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > >> > > > > >> Cc: Leif Lindholm <leif.lindholm@linaro.org> > >> > > > > >> Contributed-under: TianoCore Contribution Agreement 1.1 > >> > > > > >> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> > >> > > > > >> --- > >> > > > > >> ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > >> > > > > >> ArmPkg/Library/OpteeLib/Optee.c | 358 > >> > > > > >> +++++++++++++++++++++ > >> > > > > >> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > >> > > > > >> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > >> > > > > >> .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > >> > > > > >> 5 files changed, 531 insertions(+), 34 deletions(-) create mode > >> > > > > >> 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > >> > > > > >> copy ArmPkg/Include/Library/OpteeLib.h => > >> > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > >> > > > > >> > >> > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> b/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> index f65d8674d9b8..c323f49072f8 100644 > >> > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> +++ b/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> @@ -25,10 +25,112 @@ > >> > > > > >> #define OPTEE_OS_UID2 0xaf630002 > >> > > > > >> #define OPTEE_OS_UID3 0xa5d5c51b > >> > > > > >> > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > >> > > > > >> + > >> > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > >> > > > > >> + > >> > > > > >> +typedef struct { > >> > > > > >> + UINT64 BufPtr; > >> > > > > >> + UINT64 Size; > >> > > > > >> + UINT64 ShmRef; > >> > > > > >> +} OPTEE_MSG_PARAM_MEM; > >> > > > > >> + > >> > > > > >> +typedef struct { > >> > > > > >> + UINT64 A; > >> > > > > >> + UINT64 B; > >> > > > > >> + UINT64 C; > >> > > > > >> +} OPTEE_MSG_PARAM_VALUE; > >> > > > > >> + > >> > > > > >> +typedef struct { > >> > > > > >> + UINT64 Attr; > >> > > > > >> + union { > >> > > > > >> + OPTEE_MSG_PARAM_MEM Mem; > >> > > > > >> + OPTEE_MSG_PARAM_VALUE Value; > >> > > > > >> + } U; > >> > > > > >> +} OPTEE_MSG_PARAM; > >> > > > > >> + > >> > > > > >> +#define MAX_PARAMS 4 > >> > > > > >> + > >> > > > > >> +typedef struct { > >> > > > > >> + UINT32 Cmd; > >> > > > > >> + UINT32 Func; > >> > > > > >> + UINT32 Session; > >> > > > > >> + UINT32 CancelId; > >> > > > > >> + UINT32 Pad; > >> > > > > >> + UINT32 Ret; > >> > > > > >> + UINT32 RetOrigin; > >> > > > > >> + UINT32 NumParams; > >> > > > > >> + > >> > > > > >> + // NumParams tells the actual number of element in Params > >> > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > >> > > > > >> +} OPTEE_MSG_ARG; > >> > > > > >> + > >> > > > > >> +#define OPTEE_UUID_LEN 16 > >> > > > > >> + > >> > > > > >> +// > >> > > > > >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > >> > > > > >> +// @Uuid: [in] UUID of the Trusted Application > >> > > > > >> +// @Session: [out] Session id > >> > > > > >> +// @Ret: [out] Return value > >> > > > > >> +// @RetOrigin [out] Origin of the return value > >> > > > > >> +// > >> > > > > >> +typedef struct { > >> > > > > >> + UINT8 Uuid[OPTEE_UUID_LEN]; > >> > > > > >> + UINT32 Session; > >> > > > > >> + UINT32 Ret; > >> > > > > >> + UINT32 RetOrigin; > >> > > > > >> +} OPTEE_OPEN_SESSION_ARG; > >> > > > > >> + > >> > > > > >> +// > >> > > > > >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument > >> > > > > >> +// @Func: [in] Trusted Application function, specific to the TA > >> > > > > >> +// @Session: [in] Session id > >> > > > > >> +// @Ret: [out] Return value > >> > > > > >> +// @RetOrigin [out] Origin of the return value > >> > > > > >> +// @Params [inout] Parameters for function to be invoked > >> > > > > >> +// > >> > > > > >> +typedef struct { > >> > > > > >> + UINT32 Func; > >> > > > > >> + UINT32 Session; > >> > > > > >> + UINT32 Ret; > >> > > > > >> + UINT32 RetOrigin; > >> > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > >> > > > > >> +} OPTEE_INVOKE_FUNC_ARG; > >> > > > > >> + > >> > > > > >> BOOLEAN > >> > > > > >> EFIAPI > >> > > > > >> IsOpteePresent ( > >> > > > > >> VOID > >> > > > > >> ); > >> > > > > >> > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeInit ( > >> > > > > >> + VOID > >> > > > > >> + ); > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeOpenSession ( > >> > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > >> > > > > >> + ); > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeCloseSession ( > >> > > > > >> + IN UINT32 Session > >> > > > > >> + ); > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeInvokeFunc ( > >> > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > >> > > > > >> + ); > >> > > > > >> + > >> > > > > >> #endif > >> > > > > >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c > >> > > > > >> b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..2111022d3662 > >> > > > > >> 100644 > >> > > > > >> --- a/ArmPkg/Library/OpteeLib/Optee.c > >> > > > > >> +++ b/ArmPkg/Library/OpteeLib/Optee.c > >> > > > > >> @@ -14,11 +14,19 @@ > >> > > > > >> > >> > > > > >> **/ > >> > > > > >> > >> > > > > >> +#include <Library/ArmMmuLib.h> > >> > > > > >> #include <Library/ArmSmcLib.h> > >> > > > > >> +#include <Library/BaseMemoryLib.h> > >> > > > > >> #include <Library/BaseLib.h> > >> > > > > >> +#include <Library/DebugLib.h> > >> > > > > >> #include <Library/OpteeLib.h> > >> > > > > >> > >> > > > > >> #include <IndustryStandard/ArmStdSmc.h> > >> > > > > >> +#include <IndustryStandard/GlobalPlatform.h> > >> > > > > >> +#include <OpteeSmc.h> > >> > > > > >> +#include <Uefi.h> > >> > > > > >> + > >> > > > > >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; > >> > > > > >> > >> > > > > >> /** > >> > > > > >> Check for OP-TEE presence. > >> > > > > >> @@ -31,6 +39,7 @@ IsOpteePresent ( > >> > > > > >> { > >> > > > > >> ARM_SMC_ARGS ArmSmcArgs; > >> > > > > >> > >> > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > >> > > > > >> // Send a Trusted OS Calls UID command > >> > > > > >> ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; > >> > > > > >> ArmCallSmc (&ArmSmcArgs); > >> > > > > >> @@ -44,3 +53,352 @@ IsOpteePresent ( > >> > > > > >> return FALSE; > >> > > > > >> } > >> > > > > >> } > >> > > > > >> + > >> > > > > >> +STATIC > >> > > > > >> +EFI_STATUS > >> > > > > >> +OpteeShmMemRemap ( > >> > > > > >> + VOID > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > >> > > > > >> + EFI_PHYSICAL_ADDRESS Paddr; > >> > > > > >> + EFI_PHYSICAL_ADDRESS Start; > >> > > > > >> + EFI_PHYSICAL_ADDRESS End; > >> > > > > >> + EFI_STATUS Status; > >> > > > > >> + UINTN Size; > >> > > > > >> + > >> > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > >> > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; > >> > > > > >> + > >> > > > > >> + ArmCallSmc (&ArmSmcArgs); > >> > > > > >> + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); > >> > > > > >> + return EFI_UNSUPPORTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared > >> > > > > memory > >> > > > > >> supported\n")); > >> > > > > >> + return EFI_UNSUPPORTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); End > >> > > > > >> + = > >> > > > > >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); Paddr = > >> > > > > >> + Start; Size = End - Start; > >> > > > > >> + > >> > > > > >> + if (Size < SIZE_4KB) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); > >> > > > > >> + return EFI_BUFFER_TOO_SMALL; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); > >> > > > > >> + if (EFI_ERROR (Status)) { > >> > > > > >> + return Status; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + OpteeShmInfo.Base = (UINTN)Paddr; OpteeShmInfo.Size = Size; > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeInit ( > >> > > > > >> + VOID > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + EFI_STATUS Status; > >> > > > > >> + > >> > > > > >> + if (!IsOpteePresent ()) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > >> > > > > >> + return EFI_UNSUPPORTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + Status = OpteeShmMemRemap (); > >> > > > > >> + if (EFI_ERROR (Status)) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); > >> > > > > >> + return Status; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +/** > >> > > > > >> + Does Standard SMC to OP-TEE in secure world. > >> > > > > >> + > >> > > > > >> + @param[in] Parg Physical address of message to pass to secure world > >> > > > > >> + > >> > > > > >> + @return 0 on success, secure world return code otherwise > >> > > > > >> + > >> > > > > >> +**/ > >> > > > > >> +STATIC > >> > > > > >> +UINT32 > >> > > > > >> +OpteeCallWithArg ( > >> > > > > >> + IN EFI_PHYSICAL_ADDRESS Parg > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > >> > > > > >> + > >> > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > >> > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; > >> > > > > >> + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); > >> > > > > >> + ArmSmcArgs.Arg2 = (UINT32)Parg; > >> > > > > >> + > >> > > > > >> + while (TRUE) { > >> > > > > >> + ArmCallSmc (&ArmSmcArgs); > >> > > > > >> + > >> > > > > >> + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { > >> > > > > >> + // > >> > > > > >> + // A foreign interrupt was raised while secure world was > >> > > > > >> + // executing, since they are handled in UEFI a dummy RPC is > >> > > > > >> + // performed to let UEFI take the interrupt through the normal > >> > > > > >> + // vector. > >> > > > > >> + // > >> > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; > >> > > > > >> + } else { > >> > > > > >> + break; > >> > > > > >> + } > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + return ArmSmcArgs.Arg0; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeOpenSession ( > >> > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + OPTEE_MSG_ARG *MsgArg; > >> > > > > >> + > >> > > > > >> + MsgArg = NULL; > >> > > > > >> + > >> > > > > >> + if (OpteeShmInfo.Base == 0) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > >> > > > > >> + return EFI_NOT_STARTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > >> > > > > >> sizeof > >> > > > > >> + (OPTEE_MSG_ARG)); > >> > > > > >> + > >> > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; > >> > > > > >> + > >> > > > > >> + // > >> > > > > >> + // Initialize and add the meta parameters needed when opening a > >> > > > > >> + // session. > >> > > > > >> + // > >> > > > > >> + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > >> > > > > >> + OPTEE_MSG_ATTR_META; > >> > > > > >> + MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > >> > > > > >> + OPTEE_MSG_ATTR_META; CopyMem > >> > > > > >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, > >> > > > > OPTEE_UUID_LEN); > >> > > > > >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > >> > > > > >> + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; > >> > > > > >> + > >> > > > > >> + MsgArg->NumParams = 2; > >> > > > > >> + > >> > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > >> > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > >> > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > >> > > > > >> + > >> > > > > >> + OpenSessionArg->Session = MsgArg->Session; OpenSessionArg->Ret > >> > > > > >> + = > >> > > > > >> + MsgArg->Ret; OpenSessionArg->RetOrigin = MsgArg->RetOrigin; > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeCloseSession ( > >> > > > > >> + IN UINT32 Session > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + OPTEE_MSG_ARG *MsgArg; > >> > > > > >> + > >> > > > > >> + MsgArg = NULL; > >> > > > > >> + > >> > > > > >> + if (OpteeShmInfo.Base == 0) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > >> > > > > >> + return EFI_NOT_STARTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > >> > > > > >> sizeof > >> > > > > >> + (OPTEE_MSG_ARG)); > >> > > > > >> + > >> > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; MsgArg->Session > >> > > > > = > >> > > > > >> + Session; > >> > > > > >> + > >> > > > > >> + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +STATIC > >> > > > > >> +EFI_STATUS > >> > > > > >> +OpteeToMsgParam ( > >> > > > > >> + OUT OPTEE_MSG_PARAM *MsgParams, > >> > > > > >> + IN UINT32 NumParams, > >> > > > > >> + IN OPTEE_MSG_PARAM *InParams > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + UINT32 Idx; > >> > > > > >> + UINTN ParamShmAddr; > >> > > > > >> + UINTN ShmSize; > >> > > > > >> + UINTN Size; > >> > > > > >> + > >> > > > > >> + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof > >> > > > > >> + (UINT64) - 1); ParamShmAddr = OpteeShmInfo.Base + Size; ShmSize > >> > > > > >> + = OpteeShmInfo.Size - Size; > >> > > > > >> + > >> > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > >> > > > > >> + CONST OPTEE_MSG_PARAM *Ip; > >> > > > > >> + OPTEE_MSG_PARAM *Mp; > >> > > > > >> + UINT32 Attr; > >> > > > > >> + > >> > > > > >> + Ip = InParams + Idx; > >> > > > > >> + Mp = MsgParams + Idx; > >> > > > > >> + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > >> > > > > >> + > >> > > > > >> + switch (Attr) { > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > >> > > > > >> + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > >> > > > > >> + ZeroMem (&Mp->U, sizeof (Mp->U)); > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > >> > > > > >> + Mp->Attr = Attr; > >> > > > > >> + Mp->U.Value.A = Ip->U.Value.A; > >> > > > > >> + Mp->U.Value.B = Ip->U.Value.B; > >> > > > > >> + Mp->U.Value.C = Ip->U.Value.C; > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > >> > > > > >> + Mp->Attr = Attr; > >> > > > > >> + > >> > > > > >> + if (Ip->U.Mem.Size > ShmSize) { > >> > > > > >> + return EFI_OUT_OF_RESOURCES; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip- > >> > > > > >> >U.Mem.Size); > >> > > > > >> + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; > >> > > > > >> + Mp->U.Mem.Size = Ip->U.Mem.Size; > >> > > > > >> + > >> > > > > >> + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof (UINT64) - 1); > >> > > > > >> + ParamShmAddr += Size; > >> > > > > >> + ShmSize -= Size; > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + default: > >> > > > > >> + return EFI_INVALID_PARAMETER; > >> > > > > >> + } > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +STATIC > >> > > > > >> +EFI_STATUS > >> > > > > >> +OpteeFromMsgParam ( > >> > > > > >> + OUT OPTEE_MSG_PARAM *OutParams, > >> > > > > >> + IN UINT32 NumParams, > >> > > > > >> + IN OPTEE_MSG_PARAM *MsgParams > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + UINT32 Idx; > >> > > > > >> + > >> > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > >> > > > > >> + OPTEE_MSG_PARAM *Op; > >> > > > > >> + CONST OPTEE_MSG_PARAM *Mp; > >> > > > > >> + UINT32 Attr; > >> > > > > >> + > >> > > > > >> + Op = OutParams + Idx; > >> > > > > >> + Mp = MsgParams + Idx; > >> > > > > >> + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > >> > > > > >> + > >> > > > > >> + switch (Attr) { > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > >> > > > > >> + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > >> > > > > >> + ZeroMem (&Op->U, sizeof (Op->U)); > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > >> > > > > >> + Op->Attr = Attr; > >> > > > > >> + Op->U.Value.A = Mp->U.Value.A; > >> > > > > >> + Op->U.Value.B = Mp->U.Value.B; > >> > > > > >> + Op->U.Value.C = Mp->U.Value.C; > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > >> > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > >> > > > > >> + Op->Attr = Attr; > >> > > > > >> + > >> > > > > >> + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > >> > > > > >> + return EFI_BAD_BUFFER_SIZE; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, > >> > > > > >> Mp->U.Mem.Size); > >> > > > > >> + Op->U.Mem.Size = Mp->U.Mem.Size; > >> > > > > >> + break; > >> > > > > >> + > >> > > > > >> + default: > >> > > > > >> + return EFI_INVALID_PARAMETER; > >> > > > > >> + } > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> + > >> > > > > >> +EFI_STATUS > >> > > > > >> +EFIAPI > >> > > > > >> +OpteeInvokeFunc ( > >> > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > >> > > > > >> + ) > >> > > > > >> +{ > >> > > > > >> + EFI_STATUS Status; > >> > > > > >> + OPTEE_MSG_ARG *MsgArg; > >> > > > > >> + > >> > > > > >> + MsgArg = NULL; > >> > > > > >> + > >> > > > > >> + if (OpteeShmInfo.Base == 0) { > >> > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > >> > > > > >> + return EFI_NOT_STARTED; > >> > > > > >> + } > >> > > > > >> + > >> > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > >> > > > > >> sizeof > >> > > > > >> + (OPTEE_MSG_ARG)); > >> > > > > >> + > >> > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; MsgArg- > >> > > > > >Func = > >> > > > > >> + InvokeFuncArg->Func; MsgArg->Session = InvokeFuncArg->Session; > >> > > > > >> + > >> > > > > >> + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, > >> > > > > >> + InvokeFuncArg->Params); if (Status) > >> > > > > >> + return Status; > >> > > > > >> + > >> > > > > >> + MsgArg->NumParams = MAX_PARAMS; > >> > > > > >> + > >> > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > >> > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > >> > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > >> > > > > >> + > >> > > > > >> + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, > >> > > > > >> MsgArg->Params)) { > >> > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > >> > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > >> > > > > >> + > >> > > > > >> + InvokeFuncArg->Ret = MsgArg->Ret; InvokeFuncArg->RetOrigin = > >> > > > > >> + MsgArg->RetOrigin; > >> > > > > >> + > >> > > > > >> + return EFI_SUCCESS; > >> > > > > >> +} > >> > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> > > > > >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> > > > > >> index 5abd427379cc..e03054a7167d 100644 > >> > > > > >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > >> > > > > >> @@ -23,11 +23,13 @@ [Defines] > >> > > > > >> > >> > > > > >> [Sources] > >> > > > > >> Optee.c > >> > > > > >> + OpteeSmc.h > >> > > > > >> > >> > > > > >> [Packages] > >> > > > > >> ArmPkg/ArmPkg.dec > >> > > > > >> MdePkg/MdePkg.dec > >> > > > > >> > >> > > > > >> [LibraryClasses] > >> > > > > >> + ArmMmuLib > >> > > > > >> ArmSmcLib > >> > > > > >> BaseLib > >> > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h > >> > > > > >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h > >> > > > > >> new file mode 100644 > >> > > > > >> index 000000000000..e2ea35784a0a > >> > > > > >> --- /dev/null > >> > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > >> > > > > >> @@ -0,0 +1,43 @@ > >> > > > > >> +/** @file > >> > > > > >> + OP-TEE SMC header file. > >> > > > > >> + > >> > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > >> > > > > >> + > >> > > > > >> + This program and the accompanying materials are licensed and > >> > > > > >> + made available under the terms and conditions of the BSD License > >> > > > > >> + which accompanies this distribution. The full text of the > >> > > > > >> + license may be found at > >> > > > > >> + > >> > > > > >> + > >> > > > > >> > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > >> > > > > >> n > >> > > > > >> + source.org%2Flicenses%2Fbsd- > >> > > > > >> license.php&data=02%7C01%7Cudit.kumar% > >> > > > > >> + > >> > > > > >> > >> > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > >> > > > > >> a92cd99 > >> > > > > >> + > >> > > > > >> > >> > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > >> > > > > >> OOKCyshbg > >> > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > >> > > > > >> + > >> > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > >> > > > > >> BASIS, > >> > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > >> > > > > >> EXPRESS OR IMPLIED. > >> > > > > >> + > >> > > > > >> +**/ > >> > > > > >> + > >> > > > > >> +#ifndef _OPTEE_SMC_H_ > >> > > > > >> +#define _OPTEE_SMC_H_ > >> > > > > >> + > >> > > > > >> +/* Returned in Arg0 only from Trusted OS functions */ > >> > > > > >> +#define OPTEE_SMC_RETURN_OK 0x0 > >> > > > > >> + > >> > > > > >> +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > >> > > > > >> +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > >> > > > > >> +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > >> > > > > >> + > >> > > > > >> +#define OPTEE_SMC_SHM_CACHED 1 > >> > > > > >> + > >> > > > > >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 > >> > > > > >> + > >> > > > > >> +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > >> > > > > >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > >> > > > > >> +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > >> > > > > >> + > >> > > > > >> +#define OPTEE_MSG_ATTR_META 0x100 > >> > > > > >> + > >> > > > > >> +#define TEE_LOGIN_PUBLIC 0x0 > >> > > > > >> + > >> > > > > >> +typedef struct { > >> > > > > >> + UINTN Base; > >> > > > > >> + UINTN Size; > >> > > > > >> +} OPTEE_SHARED_MEMORY_INFO; > >> > > > > >> + > >> > > > > >> +#endif > >> > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > >> > > > > >> similarity index 53% > >> > > > > >> copy from ArmPkg/Include/Library/OpteeLib.h copy to > >> > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h > >> > > > > >> index f65d8674d9b8..14c621d89971 100644 > >> > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > >> > > > > >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > >> > > > > >> @@ -1,34 +1,26 @@ > >> > > > > >> -/** @file > >> > > > > >> - OP-TEE specific header file. > >> > > > > >> - > >> > > > > >> - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > >> > > > > >> - > >> > > > > >> - This program and the accompanying materials > >> > > > > >> - are licensed and made available under the terms and conditions > >> > > > > >> of the BSD License > >> > > > > >> - which accompanies this distribution. The full text of the > >> > > > > >> license may be found at > >> > > > > >> - > >> > > > > >> > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > >> > > > > >> nsource.org%2Flicenses%2Fbsd- > >> > > > > >> > >> > > > > license.php&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c > >> > > > > >> > >> > > > > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0% > >> > > > > >> > >> > > > > 7C0%7C636706993250535371&sdata=pyZF9Ku3qEppOOKCyshbg9oCT4 > >> > > > > >> P6AwM2olKY3%2B2ImWs%3D&reserved=0 > >> > > > > >> - > >> > > > > >> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > >> > > > > >> BASIS, > >> > > > > >> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > >> > > > > EXPRESS > >> > > > > >> OR IMPLIED. > >> > > > > >> - > >> > > > > >> -**/ > >> > > > > >> - > >> > > > > >> -#ifndef _OPTEE_H_ > >> > > > > >> -#define _OPTEE_H_ > >> > > > > >> - > >> > > > > >> -/* > >> > > > > >> - * The 'Trusted OS Call UID' is supposed to return the following > >> > > > > >> UUID for > >> > > > > >> - * OP-TEE OS. This is a 128-bit value. > >> > > > > >> - */ > >> > > > > >> -#define OPTEE_OS_UID0 0x384fb3e0 > >> > > > > >> -#define OPTEE_OS_UID1 0xe7f811e3 > >> > > > > >> -#define OPTEE_OS_UID2 0xaf630002 > >> > > > > >> -#define OPTEE_OS_UID3 0xa5d5c51b > >> > > > > >> - > >> > > > > >> -BOOLEAN > >> > > > > >> -EFIAPI > >> > > > > >> -IsOpteePresent ( > >> > > > > >> - VOID > >> > > > > >> - ); > >> > > > > >> - > >> > > > > >> -#endif > >> > > > > >> +/** @file > >> > > > > >> + Standardized Global Platform header file. > >> > > > > >> + > >> > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > >> > > > > >> + > >> > > > > >> + This program and the accompanying materials are licensed and > >> > > > > >> + made available under the terms and conditions of the BSD License > >> > > > > >> + which accompanies this distribution. The full text of the > >> > > > > >> + license may be found at > >> > > > > >> + > >> > > > > >> + > >> > > > > >> > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > >> > > > > >> n > >> > > > > >> + source.org%2Flicenses%2Fbsd- > >> > > > > >> license.php&data=02%7C01%7Cudit.kumar% > >> > > > > >> + > >> > > > > >> > >> > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > >> > > > > >> a92cd99 > >> > > > > >> + > >> > > > > >> > >> > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > >> > > > > >> OOKCyshbg > >> > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > >> > > > > >> + > >> > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > >> > > > > >> BASIS, > >> > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > >> > > > > >> EXPRESS OR IMPLIED. > >> > > > > >> + > >> > > > > >> +**/ > >> > > > > >> + > >> > > > > >> +#ifndef _GLOBAL_PLATFORM_H_ > >> > > > > >> +#define _GLOBAL_PLATFORM_H_ > >> > > > > >> + > >> > > > > >> +#define TEEC_ORIGIN_COMMS 0x00000002 > >> > > > > >> + > >> > > > > >> +#define TEEC_SUCCESS 0x00000000 > >> > > > > >> +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > >> > > > > >> +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > >> > > > > >> +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > >> > > > > >> + > >> > > > > >> +#endif > >> > > > > >> -- > >> > > > > >> 2.7.4 > >> > > > > >> > >> > > > > >> _______________________________________________ > >> > > > > >> edk2-devel mailing list > >> > > > > >> edk2-devel@lists.01.org > >> > > > > >> > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > >> > > > > >> st > >> > > > > >> s.01.org%2Fmailman%2Flistinfo%2Fedk2- > >> > > > > >> > >> > > > > devel&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e > >> > > > > >> > >> > > > > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% > >> > > > > >> > >> > > > > 7C636706993250535371&sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP > >> > > > > >> u%2Fhcds3j9aDPnU%3D&reserved=0 > >> > > > > > _______________________________________________ > >> > > > > > edk2-devel mailing list > >> > > > > > edk2-devel@lists.01.org > >> > > > > > > >> > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis > >> > > > > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- > >> > > > > devel&data=02%7C01%7Cudit.ku > >> > > > > > > >> > > > > mar%40nxp.com%7C5311c5dc22d54095d79d08d609e7fbf5%7C686ea1d3bc2 > >> > > > > b4c6fa92 > >> > > > > > > >> > > > > cd99c5c301635%7C0%7C0%7C636707289305519903&sdata=dwLUq8j9f > >> > > > > 9rxeb37V > >> > > > > > 8fGZKoiWh1TNBnhVFqnuF5oN3g%3D&reserved=0 > >> > > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2018-08-29 7:45 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-08-24 9:21 [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate with OP-TEE Sumit Garg
[not found] ` <f9970701-8edc-66d1-7272-a14d39e532f0@linaro.org>
2018-08-24 12:09 ` [Tee-dev] " Sumit Garg
[not found] ` <c8005328-f548-edb1-8ebc-a93452e3f229@linaro.org>
2018-08-24 12:21 ` Sumit Garg
2018-08-24 13:18 ` Ard Biesheuvel
2018-08-27 5:22 ` Sumit Garg
2018-08-24 16:20 ` Udit Kumar
2018-08-24 17:35 ` Ard Biesheuvel
2018-08-24 17:45 ` Udit Kumar
2018-08-24 18:03 ` Matteo Carlini
2018-08-27 9:58 ` Sumit Garg
2018-08-28 13:08 ` Achin Gupta
2018-08-28 16:34 ` Sumit Garg
2018-08-29 4:38 ` Udit Kumar
2018-08-29 5:41 ` Bhupesh Sharma
2018-08-29 7:44 ` Sumit Garg
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox