Hi Sumit, Our full OpteeClientPkg has: - Our OpteeClientAPI implementation. I was monitoring the merge progress on OpteeLib and will look into moving over now that it is available. - The fTPM and AuthVar TA binaries. In our current design, the TA binaries are loaded at runtime. We could host the binaries themselves elsewhere on the filesystem, but we do not want these binaries as early/pseudo TAs. Is there a plan for OpteeLib to support loading full TAs? - We have two client drivers: a firmware TPM TA driver and an authenticated variable TA driver. These talk through the tee-supplicant to their respective TAs.
Chris > -----Original Message----- > From: Sumit Garg <[email protected]> > Sent: Thursday, November 1, 2018 3:55 AM > To: Chris Co <[email protected]>; Leif Lindholm > <[email protected]> > Cc: [email protected]; Ard Biesheuvel <[email protected]>; > Michael D Kinney <[email protected]> > Subject: Re: [PATCH edk2-platforms 01/27] Platform/Microsoft: Add > OpteeClientPkg dec > > Hi Christopher, > > Optee Client library has recently been merged to edk2 source code. It tries to > provide a generic interface [1] to OP-TEE based trusted applications > (pseudo/early). > > AFAIK, you don't need any platform specific hook in client interface to work > with upstream OP-TEE. So instead you should use Optee library. > > [1] > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.c > om%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FArmPkg%2FInclude%2FLibrary > %2FOpteeLib.h&data=02%7C01%7CChristopher.Co%40microsoft.com%7C > c19b84ef7f8f4213424108d63fe88f66%7C72f988bf86f141af91ab2d7cd011db47 > %7C1%7C0%7C636766665404786500&sdata=m24akbKtoyCERVN77meoSU > H6E%2Bpf8W2P5MF7nvU5y7I%3D&reserved=0 > > Regards, > Sumit > > On Thu, 1 Nov 2018 at 02:13, Leif Lindholm <[email protected]> wrote: > > > > +Sumit (just to loop you two together). Is there anything Microsoft > > platform specific about what will go in here? > > > > / > > Leif > > > > On Fri, Sep 21, 2018 at 08:25:53AM +0000, Chris Co wrote: > > > On Windows IoT Core devices with ARM TrustZone capabilities, > > > EDK2 runs in normal world and we use OP-TEE to execute secure world > > > operations. The overall package will contain client-side support to > > > invoke EDK2 services implemented as OP-TEE trusted applications that > > > run in secure world. > > > > > > This commit adds the initial dec file to add some PCD settings > > > needed by other packages. > > > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > > Signed-off-by: Christopher Co <[email protected]> > > > Cc: Ard Biesheuvel <[email protected]> > > > Cc: Leif Lindholm <[email protected]> > > > Cc: Michael D Kinney <[email protected]> > > > --- > > > Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec | 49 > > > ++++++++++++++++++++ > > > 1 file changed, 49 insertions(+) > > > > > > diff --git a/Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec > > > b/Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec > > > new file mode 100644 > > > index 000000000000..4752eab39ce3 > > > --- /dev/null > > > +++ b/Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec > > > @@ -0,0 +1,49 @@ > > > +## @file > > > +# > > > +# OP-TEE client package > > > +# > > > +# OP-TEE client package contains the client-side interface to invoke OP- > TEE TAs. > > > +# Certain EDKII services are implemented in Trusted Applications > > > +running in # the secure world OP-TEE OS. > > > +# > > > +# Copyright (c) 2018 Microsoft Corporation. All rights reserved. > > > +# > > > +# This program and the accompanying materials # are licensed and > > > +made available under the terms and conditions of the BSD License # > > > +which accompanies this distribution. The full text of the license > > > +may be found at # > > > +https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fope > > > +nsource.org%2Flicenses%2Fbsd- > license.php&data=02%7C01%7CChristo > > > > +pher.Co%40microsoft.com%7Cc19b84ef7f8f4213424108d63fe88f66%7C72f988 > > > > +bf86f141af91ab2d7cd011db47%7C1%7C0%7C636766665404786500&sda > ta=1 > > > +MxFvlsMPhk19grEexBXo5VqRd0jZaCSRjxZCi87A2w%3D&reserved=0 > > > +# > > > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > > > +BASIS, # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. > > > +# > > > +## > > > + > > > +[Defines] > > > + DEC_SPECIFICATION = 0x0001001A > > > + PACKAGE_NAME = OpteeClientPkg > > > + PACKAGE_GUID = 77416fcb-10ec-4693-bdc0-1bdd74ec9595 > > > + PACKAGE_VERSION = 0.01 > > > + > > > +[Includes] > > > + > > > +[LibraryClasses] > > > + > > > +[Guids] > > > + gOpteeClientPkgTokenSpaceGuid = { 0x04ad34ca, 0xdd25, 0x4156, { > 0x90, 0xf5, 0x16, 0xf9, 0x40, 0xd0, 0x49, 0xe3 }} > > > + > > > +[PcdsFixedAtBuild] > > > + > > > > +gOpteeClientPkgTokenSpaceGuid.PcdTpm2AcpiBufferBase|0|UINT64|0x0000 > > > +0005 > > > + > > > > +gOpteeClientPkgTokenSpaceGuid.PcdTpm2AcpiBufferSize|0|UINT32|0x0000 > > > +0006 > > > + > > > + ## The base address of the Trust Zone OpTEE OS private memory > > > + region # This memory is manager privately by the OpTEE OS. > > > + > > > + > gOpteeClientPkgTokenSpaceGuid.PcdTrustZonePrivateMemoryBase|0xDEAD > > > + 1|UINT64|0x00000001 > > > + > > > + ## The size of the Trust Zone OpTEE OS private memory region > > > + > > > + > gOpteeClientPkgTokenSpaceGuid.PcdTrustZonePrivateMemorySize|55|UIN > > > + T64|0x00000002 > > > + > > > + ## The base address of the Trust Zone OpTEE OS shared memory > > > + region > > > + > > > + > gOpteeClientPkgTokenSpaceGuid.PcdTrustZoneSharedMemoryBase|0xDEAD2 > > > + |UINT64|0x00000003 > > > + > > > + ## The size of the Trust Zone OpTEE OS shared memory region > > > + > > > + > gOpteeClientPkgTokenSpaceGuid.PcdTrustZoneSharedMemorySize|0xAA|UI > > > + NT64|0x00000004 > > > -- > > > 2.16.2.gvfs.1.33.gf5370f1 > > > _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
