Hi Achin, On Tue, 28 Aug 2018 at 18:38, Achin Gupta <[email protected]> wrote: > > Hi Sumit, > > Apologies for not replying sooner. Some questions and thoughts inline. > > On Mon, Aug 27, 2018 at 03:28:52PM +0530, Sumit Garg wrote: > > On Fri, 24 Aug 2018 at 23:33, Matteo Carlini <[email protected]> wrote: > > > > > > +Achin > > > > > > SPD (for OP-TEE and other Trusted-OSes payloads running at S-EL1) and SPM > > > (for Secure Partitions at S-EL0) are currently mutually exclusive into > > > Trusted Firmware-A codebase. > > > > > > In other words, you cannot turn them on in parallel and execute both a > > > S-EL1 Trusted OS AND (one or many) S-EL0 Secure Partitions in the Secure > > > World with the current Software Architecture. > > > > > > > IIUC, currently BL32 image is common in Trusted Firmware-A code-base. > > If we turn on SPD then BL32=<trusted-os image> else if we turn on SPM > > then BL32=<SPM S-EL0 image>, correct? > > Yes! BL32 is a TOS image if SPD is enabled. It is a S-EL0 Standalone MM Secure > partition image if SPM is enabled. > > > > > But I think SMC calling conventions (SMC Calling Convention [1] and > > Management Mode Interface Specification [2]) doesn't put any such > > restrictions as SMC function IDs are totally separate. > > Yes, this was an implementation choice to ensure that either a S-EL1 payload > (Trusted OS) or a S-EL0 payload (MM SP) could be included in an Arm TF build > but > not both. > > > > > > Achin and other Arm architects are trying to figure out a way for solving > > > this problem without the need for a v8.4 Secure-EL2 Hypervisor, obviously > > > without leveraging the isolation benefits of it (see also [1]). > > > > > > > Agree we won't be having isolation benefits which provides added level > > of Security. > > > > > But Ard is right: there could be use-cases to ship UEFI systems with > > > OP-TEE and TAs on top...and this should still be currently possible using > > > the SPD dispatcher into TF-A. I've not looked deeply into this patch, but > > > it doesn’t seem to contradict the above Sw architecture. > > > > > > The question would be: would you foresee the need for running one (or > > > many) other (UEFI/EDK2-based) Secure Services in the Secure World into a > > > Secure Partition (using the StandaloneMmPkg) *together* with OP-TEE? > > > > > > > As per following quote from Management Mode Interface Specification [2]: > > > > "Management Mode (MM) provides an environment for implementing OS > > agnostic services (MM services) like RAS error handling, secure > > variable storage, and firmware updates in system firmware. The > > services can be invoked synchronously and asynchronously." > > > > It seems that MM mode is designed for more robust and platform > > specific services whereas OP-TEE (or any trusted OS) use-cases seem to > > be more complex like Entropy pool (RNG as in our case), DRM (could be > > valid use-case for Android TV or Chromebook), keymaster or keystore > > (for Edge devices) etc. > > It really depends upon the secure sw stack, use case and the requirements. MM > interface specification specifies a blocking SMC (MM_COMMUNICATE) to access a > secure service implemented in S-EL0. > > In the UEFI/PI/EDK2 context, MM drivers are used to satisfy a variety of use > cases during boot through the EFI_MM_COMMUNICATION_PROTOCOL (the bad press of > SMM aside!). MM_COMMUNICATE SMC provides a channel into the secure world to > the > backend of this protocol on Arm systems. So any service accessible through > this > protocol could be implemented on Arm systems in a MM SP. > > IIUC, in your case there is OP-TEE and firmware in the secure world. OP-TEE > has > a static TA that provides the random data service and you want to leverage it > at > boot time? Ditto for other services?
Correct, actually we tried to create OP-TEE static (pseudo) TA that provides RNG service using thermal sensor noise and secure timer interrupts (FIQs) to fill entropy pool. Using this service via OP-TEE library in UEFI (subset in terms of functionality as compared to OP-TEE kernel driver) for features like KASLR etc. > So you do not really need an MM partition > running alongside OP-TEE? > Agree that most of secure services can be implemented as static (pseudo) TAs. But if I think about services like RAS error handling and firmware updates. Is Trusted OS (OP-TEE or any third party OS) an appropriate place to implement these platform specific services? > In any case, what we are working on is to define a set of standard SMC > interfaces that can be used to talk to a secure service in a payload in S-EL1 > or > S-EL0. This standard ABI will avoid the need to use payload specific SMCs in > the > normal world e.g. OP-TEE specific SMCs. > It would be nice to have such standard ABI. > Side topic! Do you foresee a usecase for DRM through UEFI during boot? Would > it > work in the absence of RPC support in the Optee Library? IIUC, at runtime, DRM > traffic will be routed through the OP-TEE driver in the OS instead of UEFI > since > there is no UEFI runtime service interface to do DRM? > Correct, I don't foresee DRM use-case during UEFI boot. Actually by DRM use-case I mean to say via OP-TEE driver in OS only. Earlier I was trying to list use-cases of OP-TEE on devices using UEFI as a boot-loader. Regards, Sumit > > > > So it looks like they complement each other and we will have more > > robustness once we migrate to v8.4 Secure-EL2 Hypervisor for isolation > > support. > > In a way yes! The robustness bit is not really related to the interface used > to > access as service. > > > > > Please feel free to correct me if I missed something. > > Hope this makes sense. > > cheers, > Achin > > > > > Regards, > > Sumit > > > > [1] > > http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf > > [2] > > http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf > > > > > Thanks > > > Matteo > > > > > > [1]: > > > https://community.arm.com/processors/b/blog/posts/architecting-more-secure-world-with-isolation-and-virtualization > > > > > > > -----Original Message----- > > > > From: Udit Kumar <[email protected]> > > > > Sent: 24 August 2018 18:46 > > > > To: Ard Biesheuvel <[email protected]>; Matteo Carlini > > > > <[email protected]> > > > > Cc: Sumit Garg <[email protected]>; [email protected]; tee- > > > > [email protected]; [email protected]; > > > > [email protected]; > > > > Rod Dorris <[email protected]> > > > > Subject: RE: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to communicate > > > > with OP-TEE > > > > > > > > Hi Ard > > > > > > > > > If MM mode is fundamentally incompatible with OP-TEE, then you cannot > > > > > run both at the same time, > > > > > > > > Both cannot coexist unless you have v8.4 CPU > > > > > > > > Regards > > > > Udit > > > > > > > > > > > > > > > > > > > >> -----Original Message----- > > > > > >> From: edk2-devel <[email protected]> On Behalf Of > > > > > >> Sumit Garg > > > > > >> Sent: Friday, August 24, 2018 2:51 PM > > > > > >> To: [email protected] > > > > > >> Cc: [email protected]; [email protected]; > > > > > >> [email protected] > > > > > >> Subject: [edk2] [PATCH 1/1] ArmPkg/OpteeLib: Add APIs to > > > > > >> communicate with OP-TEE > > > > > >> > > > > > >> Add following APIs to communicate with OP-TEE static TA: > > > > > >> 1. OpteeInit > > > > > >> 2. OpteeOpenSession > > > > > >> 3. OpteeCloseSession > > > > > >> 4. OpteeInvokeFunc > > > > > >> > > > > > >> Cc: Ard Biesheuvel <[email protected]> > > > > > >> Cc: Leif Lindholm <[email protected]> > > > > > >> Contributed-under: TianoCore Contribution Agreement 1.1 > > > > > >> Signed-off-by: Sumit Garg <[email protected]> > > > > > >> --- > > > > > >> ArmPkg/Include/Library/OpteeLib.h | 102 ++++++ > > > > > >> ArmPkg/Library/OpteeLib/Optee.c | 358 > > > > > >> +++++++++++++++++++++ > > > > > >> ArmPkg/Library/OpteeLib/OpteeLib.inf | 2 + > > > > > >> ArmPkg/Library/OpteeLib/OpteeSmc.h | 43 +++ > > > > > >> .../Include/IndustryStandard/GlobalPlatform.h | 60 ++-- > > > > > >> 5 files changed, 531 insertions(+), 34 deletions(-) create mode > > > > > >> 100644 ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > >> copy ArmPkg/Include/Library/OpteeLib.h => > > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h (53%) > > > > > >> > > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > > > > >> b/ArmPkg/Include/Library/OpteeLib.h > > > > > >> index f65d8674d9b8..c323f49072f8 100644 > > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > > > > >> +++ b/ArmPkg/Include/Library/OpteeLib.h > > > > > >> @@ -25,10 +25,112 @@ > > > > > >> #define OPTEE_OS_UID2 0xaf630002 > > > > > >> #define OPTEE_OS_UID3 0xa5d5c51b > > > > > >> > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_NONE 0x0 > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INPUT 0x1 > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT 0x2 > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_VALUE_INOUT 0x3 > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INPUT 0x9 > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT 0xa > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MEM_INOUT 0xb > > > > > >> + > > > > > >> +#define OPTEE_MSG_ATTR_TYPE_MASK 0xff > > > > > >> + > > > > > >> +typedef struct { > > > > > >> + UINT64 BufPtr; > > > > > >> + UINT64 Size; > > > > > >> + UINT64 ShmRef; > > > > > >> +} OPTEE_MSG_PARAM_MEM; > > > > > >> + > > > > > >> +typedef struct { > > > > > >> + UINT64 A; > > > > > >> + UINT64 B; > > > > > >> + UINT64 C; > > > > > >> +} OPTEE_MSG_PARAM_VALUE; > > > > > >> + > > > > > >> +typedef struct { > > > > > >> + UINT64 Attr; > > > > > >> + union { > > > > > >> + OPTEE_MSG_PARAM_MEM Mem; > > > > > >> + OPTEE_MSG_PARAM_VALUE Value; > > > > > >> + } U; > > > > > >> +} OPTEE_MSG_PARAM; > > > > > >> + > > > > > >> +#define MAX_PARAMS 4 > > > > > >> + > > > > > >> +typedef struct { > > > > > >> + UINT32 Cmd; > > > > > >> + UINT32 Func; > > > > > >> + UINT32 Session; > > > > > >> + UINT32 CancelId; > > > > > >> + UINT32 Pad; > > > > > >> + UINT32 Ret; > > > > > >> + UINT32 RetOrigin; > > > > > >> + UINT32 NumParams; > > > > > >> + > > > > > >> + // NumParams tells the actual number of element in Params > > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > > > > >> +} OPTEE_MSG_ARG; > > > > > >> + > > > > > >> +#define OPTEE_UUID_LEN 16 > > > > > >> + > > > > > >> +// > > > > > >> +// struct OPTEE_OPEN_SESSION_ARG - Open session argument > > > > > >> +// @Uuid: [in] UUID of the Trusted Application > > > > > >> +// @Session: [out] Session id > > > > > >> +// @Ret: [out] Return value > > > > > >> +// @RetOrigin [out] Origin of the return value > > > > > >> +// > > > > > >> +typedef struct { > > > > > >> + UINT8 Uuid[OPTEE_UUID_LEN]; > > > > > >> + UINT32 Session; > > > > > >> + UINT32 Ret; > > > > > >> + UINT32 RetOrigin; > > > > > >> +} OPTEE_OPEN_SESSION_ARG; > > > > > >> + > > > > > >> +// > > > > > >> +// struct OPTEE_INVOKE_FUNC_ARG - Invoke function argument > > > > > >> +// @Func: [in] Trusted Application function, specific to > > > > > >> the TA > > > > > >> +// @Session: [in] Session id > > > > > >> +// @Ret: [out] Return value > > > > > >> +// @RetOrigin [out] Origin of the return value > > > > > >> +// @Params [inout] Parameters for function to be invoked > > > > > >> +// > > > > > >> +typedef struct { > > > > > >> + UINT32 Func; > > > > > >> + UINT32 Session; > > > > > >> + UINT32 Ret; > > > > > >> + UINT32 RetOrigin; > > > > > >> + OPTEE_MSG_PARAM Params[MAX_PARAMS]; > > > > > >> +} OPTEE_INVOKE_FUNC_ARG; > > > > > >> + > > > > > >> BOOLEAN > > > > > >> EFIAPI > > > > > >> IsOpteePresent ( > > > > > >> VOID > > > > > >> ); > > > > > >> > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeInit ( > > > > > >> + VOID > > > > > >> + ); > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeOpenSession ( > > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > > > > >> + ); > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeCloseSession ( > > > > > >> + IN UINT32 Session > > > > > >> + ); > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeInvokeFunc ( > > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > > > > >> + ); > > > > > >> + > > > > > >> #endif > > > > > >> diff --git a/ArmPkg/Library/OpteeLib/Optee.c > > > > > >> b/ArmPkg/Library/OpteeLib/Optee.c index 574527f8b5ea..2111022d3662 > > > > > >> 100644 > > > > > >> --- a/ArmPkg/Library/OpteeLib/Optee.c > > > > > >> +++ b/ArmPkg/Library/OpteeLib/Optee.c > > > > > >> @@ -14,11 +14,19 @@ > > > > > >> > > > > > >> **/ > > > > > >> > > > > > >> +#include <Library/ArmMmuLib.h> > > > > > >> #include <Library/ArmSmcLib.h> > > > > > >> +#include <Library/BaseMemoryLib.h> > > > > > >> #include <Library/BaseLib.h> > > > > > >> +#include <Library/DebugLib.h> > > > > > >> #include <Library/OpteeLib.h> > > > > > >> > > > > > >> #include <IndustryStandard/ArmStdSmc.h> > > > > > >> +#include <IndustryStandard/GlobalPlatform.h> > > > > > >> +#include <OpteeSmc.h> > > > > > >> +#include <Uefi.h> > > > > > >> + > > > > > >> +STATIC OPTEE_SHARED_MEMORY_INFO OpteeShmInfo = { 0 }; > > > > > >> > > > > > >> /** > > > > > >> Check for OP-TEE presence. > > > > > >> @@ -31,6 +39,7 @@ IsOpteePresent ( > > > > > >> { > > > > > >> ARM_SMC_ARGS ArmSmcArgs; > > > > > >> > > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > > >> // Send a Trusted OS Calls UID command > > > > > >> ArmSmcArgs.Arg0 = ARM_SMC_ID_TOS_UID; > > > > > >> ArmCallSmc (&ArmSmcArgs); > > > > > >> @@ -44,3 +53,352 @@ IsOpteePresent ( > > > > > >> return FALSE; > > > > > >> } > > > > > >> } > > > > > >> + > > > > > >> +STATIC > > > > > >> +EFI_STATUS > > > > > >> +OpteeShmMemRemap ( > > > > > >> + VOID > > > > > >> + ) > > > > > >> +{ > > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > > > > > >> + EFI_PHYSICAL_ADDRESS Paddr; > > > > > >> + EFI_PHYSICAL_ADDRESS Start; > > > > > >> + EFI_PHYSICAL_ADDRESS End; > > > > > >> + EFI_STATUS Status; > > > > > >> + UINTN Size; > > > > > >> + > > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_GET_SHM_CONFIG; > > > > > >> + > > > > > >> + ArmCallSmc (&ArmSmcArgs); > > > > > >> + if (ArmSmcArgs.Arg0 != OPTEE_SMC_RETURN_OK) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory not supported\n")); > > > > > >> + return EFI_UNSUPPORTED; > > > > > >> + } > > > > > >> + > > > > > >> + if (ArmSmcArgs.Arg3 != OPTEE_SMC_SHM_CACHED) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE: Only normal cached shared > > > > > memory > > > > > >> supported\n")); > > > > > >> + return EFI_UNSUPPORTED; > > > > > >> + } > > > > > >> + > > > > > >> + Start = (ArmSmcArgs.Arg1 + SIZE_4KB - 1) & ~(SIZE_4KB - 1); End > > > > > >> + = > > > > > >> + (ArmSmcArgs.Arg1 + ArmSmcArgs.Arg2) & ~(SIZE_4KB - 1); Paddr = > > > > > >> + Start; Size = End - Start; > > > > > >> + > > > > > >> + if (Size < SIZE_4KB) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory too small\n")); > > > > > >> + return EFI_BUFFER_TOO_SMALL; > > > > > >> + } > > > > > >> + > > > > > >> + Status = ArmSetMemoryAttributes (Paddr, Size, EFI_MEMORY_WB); > > > > > >> + if (EFI_ERROR (Status)) { > > > > > >> + return Status; > > > > > >> + } > > > > > >> + > > > > > >> + OpteeShmInfo.Base = (UINTN)Paddr; OpteeShmInfo.Size = Size; > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeInit ( > > > > > >> + VOID > > > > > >> + ) > > > > > >> +{ > > > > > >> + EFI_STATUS Status; > > > > > >> + > > > > > >> + if (!IsOpteePresent ()) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not present\n")); > > > > > >> + return EFI_UNSUPPORTED; > > > > > >> + } > > > > > >> + > > > > > >> + Status = OpteeShmMemRemap (); > > > > > >> + if (EFI_ERROR (Status)) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE shared memory remap failed\n")); > > > > > >> + return Status; > > > > > >> + } > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +/** > > > > > >> + Does Standard SMC to OP-TEE in secure world. > > > > > >> + > > > > > >> + @param[in] Parg Physical address of message to pass to > > > > > >> secure world > > > > > >> + > > > > > >> + @return 0 on success, secure world return code > > > > > >> otherwise > > > > > >> + > > > > > >> +**/ > > > > > >> +STATIC > > > > > >> +UINT32 > > > > > >> +OpteeCallWithArg ( > > > > > >> + IN EFI_PHYSICAL_ADDRESS Parg > > > > > >> + ) > > > > > >> +{ > > > > > >> + ARM_SMC_ARGS ArmSmcArgs; > > > > > >> + > > > > > >> + ZeroMem (&ArmSmcArgs, sizeof (ARM_SMC_ARGS)); > > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_CALL_WITH_ARG; > > > > > >> + ArmSmcArgs.Arg1 = (UINT32)(Parg >> 32); > > > > > >> + ArmSmcArgs.Arg2 = (UINT32)Parg; > > > > > >> + > > > > > >> + while (TRUE) { > > > > > >> + ArmCallSmc (&ArmSmcArgs); > > > > > >> + > > > > > >> + if (ArmSmcArgs.Arg0 == OPTEE_SMC_RETURN_RPC_FOREIGN_INTR) { > > > > > >> + // > > > > > >> + // A foreign interrupt was raised while secure world was > > > > > >> + // executing, since they are handled in UEFI a dummy RPC is > > > > > >> + // performed to let UEFI take the interrupt through the > > > > > >> normal > > > > > >> + // vector. > > > > > >> + // > > > > > >> + ArmSmcArgs.Arg0 = OPTEE_SMC_RETURN_FROM_RPC; > > > > > >> + } else { > > > > > >> + break; > > > > > >> + } > > > > > >> + } > > > > > >> + > > > > > >> + return ArmSmcArgs.Arg0; > > > > > >> +} > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeOpenSession ( > > > > > >> + IN OUT OPTEE_OPEN_SESSION_ARG *OpenSessionArg > > > > > >> + ) > > > > > >> +{ > > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > > >> + > > > > > >> + MsgArg = NULL; > > > > > >> + > > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > > >> + return EFI_NOT_STARTED; > > > > > >> + } > > > > > >> + > > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > > > >> sizeof > > > > > >> + (OPTEE_MSG_ARG)); > > > > > >> + > > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_OPEN_SESSION; > > > > > >> + > > > > > >> + // > > > > > >> + // Initialize and add the meta parameters needed when opening a > > > > > >> + // session. > > > > > >> + // > > > > > >> + MsgArg->Params[0].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > > > > >> + OPTEE_MSG_ATTR_META; > > > > > >> + MsgArg->Params[1].Attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT | > > > > > >> + OPTEE_MSG_ATTR_META; CopyMem > > > > > >> + (&MsgArg->Params[0].U.Value, OpenSessionArg->Uuid, > > > > > OPTEE_UUID_LEN); > > > > > >> + ZeroMem (&MsgArg->Params[1].U.Value, OPTEE_UUID_LEN); > > > > > >> + MsgArg->Params[1].U.Value.C = TEE_LOGIN_PUBLIC; > > > > > >> + > > > > > >> + MsgArg->NumParams = 2; > > > > > >> + > > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > > >> + > > > > > >> + OpenSessionArg->Session = MsgArg->Session; OpenSessionArg->Ret > > > > > >> + = > > > > > >> + MsgArg->Ret; OpenSessionArg->RetOrigin = MsgArg->RetOrigin; > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeCloseSession ( > > > > > >> + IN UINT32 Session > > > > > >> + ) > > > > > >> +{ > > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > > >> + > > > > > >> + MsgArg = NULL; > > > > > >> + > > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > > >> + return EFI_NOT_STARTED; > > > > > >> + } > > > > > >> + > > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > > > >> sizeof > > > > > >> + (OPTEE_MSG_ARG)); > > > > > >> + > > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_CLOSE_SESSION; MsgArg->Session > > > > > = > > > > > >> + Session; > > > > > >> + > > > > > >> + OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg); > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +STATIC > > > > > >> +EFI_STATUS > > > > > >> +OpteeToMsgParam ( > > > > > >> + OUT OPTEE_MSG_PARAM *MsgParams, > > > > > >> + IN UINT32 NumParams, > > > > > >> + IN OPTEE_MSG_PARAM *InParams > > > > > >> + ) > > > > > >> +{ > > > > > >> + UINT32 Idx; > > > > > >> + UINTN ParamShmAddr; > > > > > >> + UINTN ShmSize; > > > > > >> + UINTN Size; > > > > > >> + > > > > > >> + Size = (sizeof (OPTEE_MSG_ARG) + sizeof (UINT64) - 1) & ~(sizeof > > > > > >> + (UINT64) - 1); ParamShmAddr = OpteeShmInfo.Base + Size; ShmSize > > > > > >> + = OpteeShmInfo.Size - Size; > > > > > >> + > > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > > > > >> + CONST OPTEE_MSG_PARAM *Ip; > > > > > >> + OPTEE_MSG_PARAM *Mp; > > > > > >> + UINT32 Attr; > > > > > >> + > > > > > >> + Ip = InParams + Idx; > > > > > >> + Mp = MsgParams + Idx; > > > > > >> + Attr = Ip->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > > > > >> + > > > > > >> + switch (Attr) { > > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > > > > >> + Mp->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > > > > >> + ZeroMem (&Mp->U, sizeof (Mp->U)); > > > > > >> + break; > > > > > >> + > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > > > > >> + Mp->Attr = Attr; > > > > > >> + Mp->U.Value.A = Ip->U.Value.A; > > > > > >> + Mp->U.Value.B = Ip->U.Value.B; > > > > > >> + Mp->U.Value.C = Ip->U.Value.C; > > > > > >> + break; > > > > > >> + > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > > > > >> + Mp->Attr = Attr; > > > > > >> + > > > > > >> + if (Ip->U.Mem.Size > ShmSize) { > > > > > >> + return EFI_OUT_OF_RESOURCES; > > > > > >> + } > > > > > >> + > > > > > >> + CopyMem ((VOID *)ParamShmAddr, (VOID *)Ip->U.Mem.BufPtr, Ip- > > > > > >> >U.Mem.Size); > > > > > >> + Mp->U.Mem.BufPtr = (UINT64)ParamShmAddr; > > > > > >> + Mp->U.Mem.Size = Ip->U.Mem.Size; > > > > > >> + > > > > > >> + Size = (Ip->U.Mem.Size + sizeof (UINT64) - 1) & ~(sizeof > > > > > >> (UINT64) - 1); > > > > > >> + ParamShmAddr += Size; > > > > > >> + ShmSize -= Size; > > > > > >> + break; > > > > > >> + > > > > > >> + default: > > > > > >> + return EFI_INVALID_PARAMETER; > > > > > >> + } > > > > > >> + } > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +STATIC > > > > > >> +EFI_STATUS > > > > > >> +OpteeFromMsgParam ( > > > > > >> + OUT OPTEE_MSG_PARAM *OutParams, > > > > > >> + IN UINT32 NumParams, > > > > > >> + IN OPTEE_MSG_PARAM *MsgParams > > > > > >> + ) > > > > > >> +{ > > > > > >> + UINT32 Idx; > > > > > >> + > > > > > >> + for (Idx = 0; Idx < NumParams; Idx++) { > > > > > >> + OPTEE_MSG_PARAM *Op; > > > > > >> + CONST OPTEE_MSG_PARAM *Mp; > > > > > >> + UINT32 Attr; > > > > > >> + > > > > > >> + Op = OutParams + Idx; > > > > > >> + Mp = MsgParams + Idx; > > > > > >> + Attr = Mp->Attr & OPTEE_MSG_ATTR_TYPE_MASK; > > > > > >> + > > > > > >> + switch (Attr) { > > > > > >> + case OPTEE_MSG_ATTR_TYPE_NONE: > > > > > >> + Op->Attr = OPTEE_MSG_ATTR_TYPE_NONE; > > > > > >> + ZeroMem (&Op->U, sizeof (Op->U)); > > > > > >> + break; > > > > > >> + > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_VALUE_INOUT: > > > > > >> + Op->Attr = Attr; > > > > > >> + Op->U.Value.A = Mp->U.Value.A; > > > > > >> + Op->U.Value.B = Mp->U.Value.B; > > > > > >> + Op->U.Value.C = Mp->U.Value.C; > > > > > >> + break; > > > > > >> + > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_OUTPUT: > > > > > >> + case OPTEE_MSG_ATTR_TYPE_MEM_INOUT: > > > > > >> + Op->Attr = Attr; > > > > > >> + > > > > > >> + if (Mp->U.Mem.Size > Op->U.Mem.Size) { > > > > > >> + return EFI_BAD_BUFFER_SIZE; > > > > > >> + } > > > > > >> + > > > > > >> + CopyMem ((VOID *)Op->U.Mem.BufPtr, (VOID *)Mp->U.Mem.BufPtr, > > > > > >> Mp->U.Mem.Size); > > > > > >> + Op->U.Mem.Size = Mp->U.Mem.Size; > > > > > >> + break; > > > > > >> + > > > > > >> + default: > > > > > >> + return EFI_INVALID_PARAMETER; > > > > > >> + } > > > > > >> + } > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> + > > > > > >> +EFI_STATUS > > > > > >> +EFIAPI > > > > > >> +OpteeInvokeFunc ( > > > > > >> + IN OUT OPTEE_INVOKE_FUNC_ARG *InvokeFuncArg > > > > > >> + ) > > > > > >> +{ > > > > > >> + EFI_STATUS Status; > > > > > >> + OPTEE_MSG_ARG *MsgArg; > > > > > >> + > > > > > >> + MsgArg = NULL; > > > > > >> + > > > > > >> + if (OpteeShmInfo.Base == 0) { > > > > > >> + DEBUG ((DEBUG_WARN, "OP-TEE not initialized\n")); > > > > > >> + return EFI_NOT_STARTED; > > > > > >> + } > > > > > >> + > > > > > >> + MsgArg = (OPTEE_MSG_ARG *)OpteeShmInfo.Base; ZeroMem (MsgArg, > > > > > >> sizeof > > > > > >> + (OPTEE_MSG_ARG)); > > > > > >> + > > > > > >> + MsgArg->Cmd = OPTEE_MSG_CMD_INVOKE_COMMAND; MsgArg- > > > > > >Func = > > > > > >> + InvokeFuncArg->Func; MsgArg->Session = InvokeFuncArg->Session; > > > > > >> + > > > > > >> + Status = OpteeToMsgParam (MsgArg->Params, MAX_PARAMS, > > > > > >> + InvokeFuncArg->Params); if (Status) > > > > > >> + return Status; > > > > > >> + > > > > > >> + MsgArg->NumParams = MAX_PARAMS; > > > > > >> + > > > > > >> + if (OpteeCallWithArg ((EFI_PHYSICAL_ADDRESS)MsgArg)) { > > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > > >> + > > > > > >> + if (OpteeFromMsgParam (InvokeFuncArg->Params, MAX_PARAMS, > > > > > >> MsgArg->Params)) { > > > > > >> + MsgArg->Ret = TEEC_ERROR_COMMUNICATION; > > > > > >> + MsgArg->RetOrigin = TEEC_ORIGIN_COMMS; } > > > > > >> + > > > > > >> + InvokeFuncArg->Ret = MsgArg->Ret; InvokeFuncArg->RetOrigin = > > > > > >> + MsgArg->RetOrigin; > > > > > >> + > > > > > >> + return EFI_SUCCESS; > > > > > >> +} > > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > >> b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > >> index 5abd427379cc..e03054a7167d 100644 > > > > > >> --- a/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeLib.inf > > > > > >> @@ -23,11 +23,13 @@ [Defines] > > > > > >> > > > > > >> [Sources] > > > > > >> Optee.c > > > > > >> + OpteeSmc.h > > > > > >> > > > > > >> [Packages] > > > > > >> ArmPkg/ArmPkg.dec > > > > > >> MdePkg/MdePkg.dec > > > > > >> > > > > > >> [LibraryClasses] > > > > > >> + ArmMmuLib > > > > > >> ArmSmcLib > > > > > >> BaseLib > > > > > >> diff --git a/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > >> b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > >> new file mode 100644 > > > > > >> index 000000000000..e2ea35784a0a > > > > > >> --- /dev/null > > > > > >> +++ b/ArmPkg/Library/OpteeLib/OpteeSmc.h > > > > > >> @@ -0,0 +1,43 @@ > > > > > >> +/** @file > > > > > >> + OP-TEE SMC header file. > > > > > >> + > > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > > >> + > > > > > >> + This program and the accompanying materials are licensed and > > > > > >> + made available under the terms and conditions of the BSD License > > > > > >> + which accompanies this distribution. The full text of the > > > > > >> + license may be found at > > > > > >> + > > > > > >> + > > > > > >> > > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > > > >> n > > > > > >> + source.org%2Flicenses%2Fbsd- > > > > > >> license.php&data=02%7C01%7Cudit.kumar% > > > > > >> + > > > > > >> > > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > > > > > >> a92cd99 > > > > > >> + > > > > > >> > > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > > > > >> OOKCyshbg > > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > > >> + > > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > > > >> BASIS, > > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > > > >> EXPRESS OR IMPLIED. > > > > > >> + > > > > > >> +**/ > > > > > >> + > > > > > >> +#ifndef _OPTEE_SMC_H_ > > > > > >> +#define _OPTEE_SMC_H_ > > > > > >> + > > > > > >> +/* Returned in Arg0 only from Trusted OS functions */ > > > > > >> +#define OPTEE_SMC_RETURN_OK 0x0 > > > > > >> + > > > > > >> +#define OPTEE_SMC_RETURN_FROM_RPC 0x32000003 > > > > > >> +#define OPTEE_SMC_CALL_WITH_ARG 0x32000004 > > > > > >> +#define OPTEE_SMC_GET_SHM_CONFIG 0xb2000007 > > > > > >> + > > > > > >> +#define OPTEE_SMC_SHM_CACHED 1 > > > > > >> + > > > > > >> +#define OPTEE_SMC_RETURN_RPC_FOREIGN_INTR 0xffff0004 > > > > > >> + > > > > > >> +#define OPTEE_MSG_CMD_OPEN_SESSION 0 > > > > > >> +#define OPTEE_MSG_CMD_INVOKE_COMMAND 1 > > > > > >> +#define OPTEE_MSG_CMD_CLOSE_SESSION 2 > > > > > >> + > > > > > >> +#define OPTEE_MSG_ATTR_META 0x100 > > > > > >> + > > > > > >> +#define TEE_LOGIN_PUBLIC 0x0 > > > > > >> + > > > > > >> +typedef struct { > > > > > >> + UINTN Base; > > > > > >> + UINTN Size; > > > > > >> +} OPTEE_SHARED_MEMORY_INFO; > > > > > >> + > > > > > >> +#endif > > > > > >> diff --git a/ArmPkg/Include/Library/OpteeLib.h > > > > > >> b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > > >> similarity index 53% > > > > > >> copy from ArmPkg/Include/Library/OpteeLib.h copy to > > > > > >> MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > > >> index f65d8674d9b8..14c621d89971 100644 > > > > > >> --- a/ArmPkg/Include/Library/OpteeLib.h > > > > > >> +++ b/MdePkg/Include/IndustryStandard/GlobalPlatform.h > > > > > >> @@ -1,34 +1,26 @@ > > > > > >> -/** @file > > > > > >> - OP-TEE specific header file. > > > > > >> - > > > > > >> - Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > > >> - > > > > > >> - This program and the accompanying materials > > > > > >> - are licensed and made available under the terms and conditions > > > > > >> of the BSD License > > > > > >> - which accompanies this distribution. The full text of the > > > > > >> license may be found at > > > > > >> - > > > > > >> > > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > > > >> nsource.org%2Flicenses%2Fbsd- > > > > > >> > > > > > license.php&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c > > > > > >> > > > > > 3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0% > > > > > >> > > > > > 7C0%7C636706993250535371&sdata=pyZF9Ku3qEppOOKCyshbg9oCT4 > > > > > >> P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > > >> - > > > > > >> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > > > >> BASIS, > > > > > >> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > > > EXPRESS > > > > > >> OR IMPLIED. > > > > > >> - > > > > > >> -**/ > > > > > >> - > > > > > >> -#ifndef _OPTEE_H_ > > > > > >> -#define _OPTEE_H_ > > > > > >> - > > > > > >> -/* > > > > > >> - * The 'Trusted OS Call UID' is supposed to return the following > > > > > >> UUID for > > > > > >> - * OP-TEE OS. This is a 128-bit value. > > > > > >> - */ > > > > > >> -#define OPTEE_OS_UID0 0x384fb3e0 > > > > > >> -#define OPTEE_OS_UID1 0xe7f811e3 > > > > > >> -#define OPTEE_OS_UID2 0xaf630002 > > > > > >> -#define OPTEE_OS_UID3 0xa5d5c51b > > > > > >> - > > > > > >> -BOOLEAN > > > > > >> -EFIAPI > > > > > >> -IsOpteePresent ( > > > > > >> - VOID > > > > > >> - ); > > > > > >> - > > > > > >> -#endif > > > > > >> +/** @file > > > > > >> + Standardized Global Platform header file. > > > > > >> + > > > > > >> + Copyright (c) 2018, Linaro Ltd. All rights reserved.<BR> > > > > > >> + > > > > > >> + This program and the accompanying materials are licensed and > > > > > >> + made available under the terms and conditions of the BSD License > > > > > >> + which accompanies this distribution. The full text of the > > > > > >> + license may be found at > > > > > >> + > > > > > >> + > > > > > >> > > > > > https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > > > >> n > > > > > >> + source.org%2Flicenses%2Fbsd- > > > > > >> license.php&data=02%7C01%7Cudit.kumar% > > > > > >> + > > > > > >> > > > > > 40nxp.com%7Ce95635d0c3c74edbf79808d609a30c7b%7C686ea1d3bc2b4c6f > > > > > >> a92cd99 > > > > > >> + > > > > > >> > > > > > c5c301635%7C0%7C0%7C636706993250535371&sdata=pyZF9Ku3qEpp > > > > > >> OOKCyshbg > > > > > >> + 9oCT4P6AwM2olKY3%2B2ImWs%3D&reserved=0 > > > > > >> + > > > > > >> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > > > >> BASIS, > > > > > >> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > > > > >> EXPRESS OR IMPLIED. > > > > > >> + > > > > > >> +**/ > > > > > >> + > > > > > >> +#ifndef _GLOBAL_PLATFORM_H_ > > > > > >> +#define _GLOBAL_PLATFORM_H_ > > > > > >> + > > > > > >> +#define TEEC_ORIGIN_COMMS 0x00000002 > > > > > >> + > > > > > >> +#define TEEC_SUCCESS 0x00000000 > > > > > >> +#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 > > > > > >> +#define TEEC_ERROR_COMMUNICATION 0xFFFF000E > > > > > >> +#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C > > > > > >> + > > > > > >> +#endif > > > > > >> -- > > > > > >> 2.7.4 > > > > > >> > > > > > >> _______________________________________________ > > > > > >> edk2-devel mailing list > > > > > >> [email protected] > > > > > >> > > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > > > > > >> st > > > > > >> s.01.org%2Fmailman%2Flistinfo%2Fedk2- > > > > > >> > > > > > devel&data=02%7C01%7Cudit.kumar%40nxp.com%7Ce95635d0c3c74e > > > > > >> > > > > > dbf79808d609a30c7b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0% > > > > > >> > > > > > 7C636706993250535371&sdata=msA6jGRAkpWoQ33VsDfbWqgGcIMTP > > > > > >> u%2Fhcds3j9aDPnU%3D&reserved=0 > > > > > > _______________________________________________ > > > > > > edk2-devel mailing list > > > > > > [email protected] > > > > > > > > > > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis > > > > > > ts.01.org%2Fmailman%2Flistinfo%2Fedk2- > > > > > devel&data=02%7C01%7Cudit.ku > > > > > > > > > > > mar%40nxp.com%7C5311c5dc22d54095d79d08d609e7fbf5%7C686ea1d3bc2 > > > > > b4c6fa92 > > > > > > > > > > > cd99c5c301635%7C0%7C0%7C636707289305519903&sdata=dwLUq8j9f > > > > > 9rxeb37V > > > > > > 8fGZKoiWh1TNBnhVFqnuF5oN3g%3D&reserved=0 > > > IMPORTANT NOTICE: The contents of this email and any attachments are > > > confidential and may also be privileged. If you are not the intended > > > recipient, please notify the sender immediately and do not disclose the > > > contents to any other person, use it for any purpose, or store or copy > > > the information in any medium. Thank you. _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
