Hello arm-soc maintainers,
Please pull these patches which adds support for asynchronous notifications
from OP-TEE in secure world to the OP-TEE driver.
An edge-triggered interrupt is used to notify the the driver.
These patches has been in linux-next for a few weeks already.
Thanks,
Jens
The following changes since commit fa55b7dcdc43c1aa1ba12bca9d2dd4318c2a0dbf:
Linux 5.16-rc1 (2021-11-14 13:56:52 -0800)
are available in the Git repository at:
https://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-async-notif-for-v5.17
for you to fetch changes up to b98aee466d194788bd651cb375b0e0f7e0e69865:
optee: Fix NULL but dereferenced coccicheck error (2021-11-29 22:02:25 +0100)
----------------------------------------------------------------
OP-TEE Asynchronous notifications from secure world
Adds support in the SMC based OP-TEE driver to receive asynchronous
notifications from secure world using an edge-triggered interrupt as
delivery mechanism.
----------------------------------------------------------------
Jens Wiklander (6):
docs: staging/tee.rst: add a section on OP-TEE notifications
dt-bindings: arm: optee: add interrupt property
tee: fix put order in teedev_close_context()
tee: export teedev_open() and teedev_close_context()
optee: separate notification functions
optee: add asynchronous notifications
Yang Li (1):
optee: Fix NULL but dereferenced coccicheck error
.../bindings/arm/firmware/linaro,optee-tz.yaml | 8 +
Documentation/staging/tee.rst | 30 +++
drivers/tee/optee/Makefile | 1 +
drivers/tee/optee/core.c | 2 +-
drivers/tee/optee/ffa_abi.c | 6 +-
drivers/tee/optee/notif.c | 125 +++++++++++
drivers/tee/optee/optee_msg.h | 9 +
drivers/tee/optee/optee_private.h | 28 ++-
drivers/tee/optee/optee_rpc_cmd.h | 31 +--
drivers/tee/optee/optee_smc.h | 75 ++++++-
drivers/tee/optee/rpc.c | 71 +-----
drivers/tee/optee/smc_abi.c | 237 ++++++++++++++++++---
drivers/tee/tee_core.c | 10 +-
include/linux/tee_drv.h | 14 ++
14 files changed, 523 insertions(+), 124 deletions(-)
create mode 100644 drivers/tee/optee/notif.c
Hello!
Is it possible to use any compiler-based sanitizers to harden
OP-TEE kernel and/or trustlets?
I know, there is ASAN support in the OP-TEE kernel.
But can it be used with TAs? Or some other sanitizers like UBSan?
Thank you.
Hello John,
> From: John Linn <linnj(a)xilinx.com>
> Date: Thu, Nov 18, 2021 at 10:24 PM
> Subject: Embedded DT (CFG_EMBED_DT) with dynamic shared memory (CFG_CORE_DYN_SHM) in optee-os
> To: op-teeATlists.trustedfirmware.org <op-teeATlists.trustedfirmware.org>
>
>
> It appears that dynamic shared memory does not work with an embedded DT, but I'm likely missing something. I have it working fine with an external DT.
>
> There is a bit of interaction in kernel/boot.c with the two configuration options and my testing is not seeing it work with 3.14 and master looks the same viewing it.
>
> get_external_fdt() is called which does not work with the embedded DT it appears to me.
Indeed the current implementation gets the main memory size from the
external non-secure DTB.
This memory is mainly REE memory and can tbe used as shared memory.
It looks reasonable to get the same info from the embedded DTB instead
but the point to discuss, IMO, is whether the memory nodes of OP-TEE
secure DT relate to OP-TEE "secure memory" or to system-wide (possibly
non-secure) memory. In the former case, that information could not be
used to define the "non-secure shareable address ranges".
Feel free to create a P-R in optee_os for that purpose (something like
try with embedded_dt() then fallback to externalè_dt()),
Regards,
Etienne
>
> Any hints or advice?
>
> Thanks
> John
Hello arm-soc maintainers,
Please pull this AMDTEE driver fix which takes care of a bug where
IS_ERR() was used instead of a NULL check for the return value from
__get_free_pages().
Note that this isn't a usual Arm driver update. This targets AMD instead,
but is part of the TEE subsystem.
Thanks,
Jens
The following changes since commit d58071a8a76d779eedab38033ae4c821c30295a5:
Linux 5.16-rc3 (2021-11-28 14:09:19 -0800)
are available in the Git repository at:
git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/amdtee-fix-for-v5.16
for you to fetch changes up to 9d7482771fac8d8e38e763263f2ca0ca12dd22c6:
tee: amdtee: fix an IS_ERR() vs NULL bug (2021-11-29 09:55:49 +0100)
----------------------------------------------------------------
AMD-TEE fix IS_ERR() bug
----------------------------------------------------------------
Dan Carpenter (1):
tee: amdtee: fix an IS_ERR() vs NULL bug
drivers/tee/amdtee/core.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
On Mon, Nov 29, 2021 at 04:31:51PM +0800, 994605959 wrote:
> maybe try this?
> - if (IS_ERR(*ta)) {
> - pr_err("%s: get_free_pages failed 0x%llx\n", __func__,
> - (u64)*ta);
> + if (IS_ERR(ta)) {
> + pr_err("%s: get_free_pages failed %p\n", __func__, ta);
No, what you are suggesting is totally wrong. You are checking the
wrong variable for the wrong thing.
regards,
dan carpenter
Hi,
OP-TEE Contributions (LOC) monthly meeting is planned for Thursday Nov 25
@17.00 (UTC+2).
Following topic is on the agenda:
- Walkthrough of proposal on sharing of hardware resources between multiple
secure entities - Jens Wiklander.
If you have any other topics you'd like to discuss, please let us know and
we can schedule them.
Meeting details:
---------------
Date/time: Nov 25(a)16.00 (UTC)
https://everytimezone.com/s/a43c71b2
Connection details: https://www.trustedfirmware.org/meetings/
Meeting notes: http://bit.ly/loc-notes
Regards,
Ruchika on behalf of the Linaro OP-TEE team