From patchwork Mon Sep 3 14:47:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jens Wiklander X-Patchwork-Id: 145809 Delivered-To: patches@linaro.org Received: by 2002:a2e:1648:0:0:0:0:0 with SMTP id 8-v6csp2575647ljw; Mon, 3 Sep 2018 07:47:36 -0700 (PDT) X-Received: by 2002:a19:e21b:: with SMTP id z27-v6mr18819399lfg.68.1535986056647; Mon, 03 Sep 2018 07:47:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535986056; cv=none; d=google.com; s=arc-20160816; b=lCmC6D6tcaGVGaWf1efh7hSKUKlWOaXXhofMnoSpW/K/pHXnu5oNJFmk83JvvdhQ9z 0mAtXBg/9bKpo5MhfIvkn5GIgcmHOGixbzTRVp8vMnAopxfi+tqbUH+BW3uw/X+KLjcw Xk3oP0wmx5iYivqXejAAnba1Xl/HdwBhjUHOYmQUN8+CU1qYynMrWKGeDWvKqao6yV/D K9xF0HasFfiErdx2LfTkUMHRdsthVDLCqW1cOTpXwu7DI2+FyjC9SZ1Pz/o97TZEZRy9 p7pLN2wVQbw//EgFRvSSb+GGGJcvEfVB5sYq+eN+Rx2jRTlEQfZ85q6EQi3axukILeMi OG4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=HKRdv0vIuma6DXsuxi4vmfMTcUGzLZl5eXvJIao3sRA=; b=rKDsMMR/UEOZ5QKTyJGo73qwL1FVEm+3Wu/+lCP+2DHPpVUzfFdhFVRuKHQH24wL/1 aOZq4oSjsJjGggRvBYDtfyrQXX6FJESsXG9rnMzXG2P2Dk+OznVpvQqrGXmoBjCdU99F TkUXvza/Vrh1S6HMVW9oT83vFzpVhvt+d+7UO0kGY0mZgogFnRztYT5TqpLRlcGzyEWN q++W+0zNuw42CjLNBWLw8nM809cvjNqHCCRVlCB7WVWhP32czeQV5yhALFiaS/pu91Rj 3wX1zPdKRL151C6UyqpreCw8NmJT5/yZwF4G+svMslid1nFMFnT8a6fwuG0bZPgx/LLd gpYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DZ+nR3FH; spf=pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=jens.wiklander@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id 91-v6sor5082642lfs.27.2018.09.03.07.47.36 for (Google Transport Security); Mon, 03 Sep 2018 07:47:36 -0700 (PDT) Received-SPF: pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DZ+nR3FH; spf=pass (google.com: domain of jens.wiklander@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=jens.wiklander@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=HKRdv0vIuma6DXsuxi4vmfMTcUGzLZl5eXvJIao3sRA=; b=DZ+nR3FHxgYra7PZLUeVA7i1L0ivgvmU8Kkxrv23V3cCc/FCdNuwx/xrtAm0yHfJHL 0R1IiJJVb/MvDhF/Sct/28vaHQnW4hdCNTN2ATeFsEmBnwJXuHFtnACEi9lkbKf7CWc8 IDKgAnMYAFqWkQg3i5Z/+2Wfm097dDlJP3iN8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=HKRdv0vIuma6DXsuxi4vmfMTcUGzLZl5eXvJIao3sRA=; b=lEaBHqoRL8H57AzS+ZzKox/nzlDYvsyBQC4bG12jwbbLoSJoB1uLzaY7UetepnSAdL p3/N1uNwx2Ap8QvGKqlZDB54P4xjwKqeJIbBHQSUA8s9JrJD4+zZVHqwqKISTOUphiUx vqwMohKw/cAq3vcLrv2V8w/RiJXkCY7rw3ugL2i6BtOrEXfQQkNUtf56YwG9qY5N5bMn kufbiLS+cf4uBdYX7OZs24At7UHKApGgRXsE7Kj4r4ej8PsKzBeBh7/fiAFq555J6lzv 0eAkaM+eLw2DfiYLtpnglmxvQIu3KDMs9eU+Gr4eKNbrimP5mwsvN8C4cxK5K5/ASkZ9 ++eg== X-Gm-Message-State: APzg51ApCuXTOinjks03s5nWcR7QKxI+lvrrZCT3uDyXUIMMAZgIA2Wq og5nqWWVr2sPYORWdHj3OHh4vh+2 X-Google-Smtp-Source: ANB0VdYKlaK4gOY/+uNfSrmzzpIrlwrt0MhlHuCD9uKutlxT4EfCj0qUE6Bk5C8k9HlKmEZgQ2m5fg== X-Received: by 2002:a19:655d:: with SMTP id c29-v6mr6099906lfj.138.1535986056365; Mon, 03 Sep 2018 07:47:36 -0700 (PDT) Return-Path: Received: from jax.ideon.se ([85.235.10.227]) by smtp.gmail.com with ESMTPSA id w18-v6sm3343431ljd.73.2018.09.03.07.47.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 03 Sep 2018 07:47:35 -0700 (PDT) From: Jens Wiklander To: u-boot@lists.denx.de Cc: Simon Glass , Igor Opaniuk , Tom Rini , Jaehoon Chung , Pierre Aubert , Albert Aribaud , Peter Griffin , Michal Simek , Jens Wiklander Subject: [PATCH v3 12/20] tee: optee: support AVB trusted application Date: Mon, 3 Sep 2018 16:47:03 +0200 Message-Id: <20180903144711.31585-13-jens.wiklander@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180903144711.31585-1-jens.wiklander@linaro.org> References: <20180903144711.31585-1-jens.wiklander@linaro.org> Adds configuration option OPTEE_TA_AVB and a header file describing the interface to the Android Verified Boot 2.0 (AVB) trusted application provided by OP-TEE. Tested-by: Igor Opaniuk Reviewed-by: Igor Opaniuk Signed-off-by: Jens Wiklander --- MAINTAINERS | 1 + drivers/tee/optee/Kconfig | 16 +++++++++++++ drivers/tee/tee-uclass.c | 24 +++++++++++++++++++ include/tee.h | 38 ++++++++++++++++++++++++++++++ include/tee/optee_ta_avb.h | 48 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 127 insertions(+) create mode 100644 include/tee/optee_ta_avb.h -- 2.17.1 diff --git a/MAINTAINERS b/MAINTAINERS index 7458c606ee92..cb36c45d74ea 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -576,6 +576,7 @@ M: Jens Wiklander S: Maintained F: drivers/tee/ F: include/tee.h +F: include/tee/ UBI M: Kyungmin Park diff --git a/drivers/tee/optee/Kconfig b/drivers/tee/optee/Kconfig index 7484e6fea114..dbfa7846a30f 100644 --- a/drivers/tee/optee/Kconfig +++ b/drivers/tee/optee/Kconfig @@ -9,3 +9,19 @@ config OPTEE mechanism. This driver can request services from OP-TEE, but also handle Remote Procedure Calls (RPC) from OP-TEE needed to execute a service. For more information see: https://www.op-tee.org + +if OPTEE + +menu "OP-TEE options" + +config OPTEE_TA_AVB + bool "Support AVB TA" + default y + help + Enables support for the AVB Trusted Application (TA) in OP-TEE. + The TA can support the "avb" subcommands "read_rb", "write"rb" + and "is_unlocked". + +endmenu + +endif diff --git a/drivers/tee/tee-uclass.c b/drivers/tee/tee-uclass.c index 1bee54ebf4af..abb88c0fee53 100644 --- a/drivers/tee/tee-uclass.c +++ b/drivers/tee/tee-uclass.c @@ -207,3 +207,27 @@ UCLASS_DRIVER(tee) = { .pre_probe = tee_pre_probe, .pre_remove = tee_pre_remove, }; + +void tee_optee_ta_uuid_from_octets(struct tee_optee_ta_uuid *d, + const u8 s[TEE_UUID_LEN]) +{ + d->time_low = ((u32)s[0] << 24) | ((u32)s[1] << 16) | + ((u32)s[2] << 8) | s[3], + d->time_mid = ((u32)s[4] << 8) | s[5]; + d->time_hi_and_version = ((u32)s[6] << 8) | s[7]; + memcpy(d->clock_seq_and_node, s + 8, sizeof(d->clock_seq_and_node)); +} + +void tee_optee_ta_uuid_to_octets(u8 d[TEE_UUID_LEN], + const struct tee_optee_ta_uuid *s) +{ + d[0] = s->time_low >> 24; + d[1] = s->time_low >> 16; + d[2] = s->time_low >> 8; + d[3] = s->time_low; + d[4] = s->time_mid >> 8; + d[5] = s->time_mid; + d[6] = s->time_hi_and_version >> 8; + d[7] = s->time_hi_and_version; + memcpy(d + 8, s->clock_seq_and_node, sizeof(s->clock_seq_and_node)); +} diff --git a/include/tee.h b/include/tee.h index b86dbec257b4..98b1c9cc693a 100644 --- a/include/tee.h +++ b/include/tee.h @@ -49,6 +49,22 @@ #define TEE_ORIGIN_TRUSTED_APP 0x00000004 struct udevice; + +/** + * struct tee_optee_ta_uuid - OP-TEE Trusted Application (TA) UUID format + * + * Used to identify an OP-TEE TA and define suitable to initialize structs + * of this format is distributed with the interface of the TA. The + * individual fields of this struct doesn't have any special meaning in + * OP-TEE. See RFC4122 for details on the format. + */ +struct tee_optee_ta_uuid { + u32 time_low; + u16 time_mid; + u16 time_hi_and_version; + u8 clock_seq_and_node[8]; +}; + /** * struct tee_shm - memory shared with the TEE * @dev: The TEE device @@ -333,4 +349,26 @@ int tee_close_session(struct udevice *dev, u32 session); int tee_invoke_func(struct udevice *dev, struct tee_invoke_arg *arg, uint num_param, struct tee_param *param); +/** + * tee_optee_ta_uuid_from_octets() - Converts to struct tee_optee_ta_uuid + * @d: Destination struct + * @s: Source UUID octets + * + * Conversion to a struct tee_optee_ta_uuid represantion from binary octet + * representation. + */ +void tee_optee_ta_uuid_from_octets(struct tee_optee_ta_uuid *d, + const u8 s[TEE_UUID_LEN]); + +/** + * tee_optee_ta_uuid_to_octets() - Converts from struct tee_optee_ta_uuid + * @d: Destination UUID octets + * @s: Source struct + * + * Conversion from a struct tee_optee_ta_uuid represantion to binary octet + * representation. + */ +void tee_optee_ta_uuid_to_octets(u8 d[TEE_UUID_LEN], + const struct tee_optee_ta_uuid *s); + #endif /* __TEE_H */ diff --git a/include/tee/optee_ta_avb.h b/include/tee/optee_ta_avb.h new file mode 100644 index 000000000000..074386af19a1 --- /dev/null +++ b/include/tee/optee_ta_avb.h @@ -0,0 +1,48 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +/* Copyright (c) 2018, Linaro Limited */ + +#ifndef __TA_AVB_H +#define __TA_AVB_H + +#define TA_AVB_UUID { 0x023f8f1a, 0x292a, 0x432b, \ + { 0x8f, 0xc4, 0xde, 0x84, 0x71, 0x35, 0x80, 0x67 } } + +#define TA_AVB_MAX_ROLLBACK_LOCATIONS 256 + +/* + * Gets the rollback index corresponding to the given rollback index slot. + * + * in params[0].value.a: rollback index slot + * out params[1].value.a: upper 32 bits of rollback index + * out params[1].value.b: lower 32 bits of rollback index + */ +#define TA_AVB_CMD_READ_ROLLBACK_INDEX 0 + +/* + * Updates the rollback index corresponding to the given rollback index slot. + * + * Will refuse to update a slot with a lower value. + * + * in params[0].value.a: rollback index slot + * in params[1].value.a: upper 32 bits of rollback index + * in params[1].value.b: lower 32 bits of rollback index + */ +#define TA_AVB_CMD_WRITE_ROLLBACK_INDEX 1 + +/* + * Gets the lock state of the device. + * + * out params[0].value.a: lock state + */ +#define TA_AVB_CMD_READ_LOCK_STATE 2 + +/* + * Sets the lock state of the device. + * + * If the lock state is changed all rollback slots will be reset to 0 + * + * in params[0].value.a: lock state + */ +#define TA_AVB_CMD_WRITE_LOCK_STATE 3 + +#endif /* __TA_AVB_H */