This change ensures both U-Boot and OP-TEE see the same content
from shared memory when OP-TEE is invoked prior U-Boot relocation.
This change is required since U-Boot may execute with data cache off
while OP-TEE always enables cache on memory shared with U-Boot.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Define LOG_CATEGORY for all uclass to allow filtering with
log command.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Right now the error messages when optee has a version mismatch or shared
memory is not configured are done with a debug().
That's not very convenient since you have to enable debugging to figure
out what's going on, although this is an actual error.
So let's switch the debug() -> dev_err() and report those explicitly.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Adds support for a working SCP03 emulation. Input parameters are
validated however the commands (enable, provision) executed by the TEE
are assumed to always succeed.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
This adds support for RPC test trusted application emulation, which
permits to test reverse RPC calls to TEE supplicant. Currently it covers
requests to the I2C bus from TEE.
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
This commit gives the secure world access to the I2C bus so it can
communicate with I2C slaves (typically those would be secure elements
like the NXP SE050).
A similar service implementation has been merged in linux:
c05210ab ("drivers: optee: allow op-tee to access devices on the i2c
bus")
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
At present ofnode is present in the device even if it is never used. With
of-platdata this field is not used, so can be removed. In preparation for
this, change the access to go through inline functions.
Signed-off-by: Simon Glass <sjg@chromium.org>
This name is far too long. Rename it to remove the 'data' bits. This makes
it consistent with the platdata->plat rename.
Signed-off-by: Simon Glass <sjg@chromium.org>
We use 'priv' for private data but often use 'platdata' for platform data.
We can't really use 'pdata' since that is ambiguous (it could mean private
or platform data).
Rename some of the latter variables to end with 'plat' for consistency.
Signed-off-by: Simon Glass <sjg@chromium.org>
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.
Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add optee based bnxt fw load driver.
bnxt is Broadcom NetXtreme controller Ethernet card.
This driver is used to load bnxt firmware binary using OpTEE.
Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Display TEE version at information level; this patch replaces
debug() call to dev_info() in print_os_revision() function.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
At present dm/device.h includes the linux-compatible features. This
requires including linux/compat.h which in turn includes a lot of headers.
One of these is malloc.h which we thus end up including in every file in
U-Boot. Apart from the inefficiency of this, it is problematic for sandbox
which needs to use the system malloc() in some files.
Move the compatibility features into a separate header file.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present devres.h is included in all files that include dm.h but few
make use of it. Also this pulls in linux/compat which adds several more
headers. Drop the automatic inclusion and require files to include devres
themselves. This provides a good indication of which files use devres.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Anatolij Gustschin <agust@denx.de>
The mmc CID value is one of the input parameters used to provision the
RPMB key. The trusted execution environment expects this value to be
specified in big endian format.
Before this fix, on little endian systems, the value returned by the
linux kernel mmc driver differed from the one returned by u-boot.
This meant that if linux provisioned the RPMB key, u-boot would not
have access to the partition (and the other way around).
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Avoid using a typedef here which is unnecessary. Add an 'env_' prefix to
both the enum and its members to make it clear that these are related to
the environment.
Add an ENV prefix to these two flags so that it is clear what they relate
to. Also move them to env.h since they are part of the public API. Use an
enum rather than a #define to tie them together.
Signed-off-by: Simon Glass <sjg@chromium.org>
U-Boot is not supposed to use typedef for structs anymore. Also this name
is the same as the ENTRY() macro used in assembler files, and 'entry'
itself is widely used in U-Boot (>8k matches).
Drop the typedef and rename the struct to env_entry to reduce confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Fix test_avb_persistent_values() pytest, which was failing because of
wrong size value provided from tee sandbox driver.
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
AVB 2.0 spec. revision 1.1 introduces support for named persistent values
that must be tamper evident and allows AVB to store arbitrary key-value
pairs [1].
Introduce implementation of two additional AVB operations
read_persistent_value()/write_persistent_value() for retrieving/storing
named persistent values.
Correspondent pull request in the OP-TEE OS project repo [2].
[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
If OP-TEE core is compiled with support of REE FS and RPMB
at the same time (CFG_RPMB_FS ?= y; CFG_RPMB_FS ?= y), and persistent
storage API is used with TEE_STORAGE_PRIVATE storage id, it will
lead to TA panic.
E/TC:? 0 TA panicked with code 0xffff0009
.....
E/TC:? 0 Call stack:
E/TC:? 0 0x000000004002f2f8 TEE_OpenPersistentObject at
lib/libutee/tee_api_objects.c:422
In this particular case TEE_ERROR_STORAGE_NOT_AVAILABLE is more suitable
than TEE_ERROR_NOT_IMPLEMENTED, as it provides to a TA a possibility
to handle this error code [1].
>From GPD TEE Internal Core specification [2]:
TEE_ERROR_STORAGE_NOT_AVAILABLE - if the persistent object is stored in a
storage area which is currently inaccessible. It may be associated with
the device but unplugged, busy, or inaccessible for some other reason.
[1]: 94db01ef44/lib/libutee/tee_api_objects.c (L419)
[2]: https://globalplatform.org/wp-content/uploads/2018/06/GPD_TEE_Internal_Core_API_Specification_v1.1.2.50_PublicReview.pdf
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds a sandbox tee driver which emulates a generic TEE with the OP-TEE
AVB TA.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Fix printf warnings in ta_avb_invoke_func, slots is uint]
Signed-off-by: Tom Rini <trini@konsulko.com>
Adds configuration option OPTEE_TA_AVB and a header file describing the
interface to the Android Verified Boot 2.0 (AVB) trusted application
provided by OP-TEE.
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Adds support in optee supplicant to route signed (MACed) RPMB frames
from OP-TEE Secure OS to MMC and vice versa to manipulate the RPMB
partition.
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Adds a OP-TEE driver.
* Targets ARM and ARM64
* Supports using any U-Boot memory as shared memory
* Probes OP-TEE version using SMCs
* Uses OPTEE message protocol version 2 to communicate with secure world
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds a uclass to interface with a TEE (Trusted Execution Environment).
A TEE driver is a driver that interfaces with a trusted OS running in
some secure environment, for example, TrustZone on ARM cpus, or a
separate secure co-processor etc.
The TEE subsystem can serve a TEE driver for a Global Platform compliant
TEE, but it's not limited to only Global Platform TEEs.
The over all design is based on the TEE subsystem in the Linux kernel,
tailored for U-Boot.
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
