- OP-TEE - lists.trustedfirmware.org

by Jens Wiklander

Hello arm-soc maintainers, Please pull this patch adding tracepoints around calls to OP-TEE in secure world. Thanks, Jens The following changes since commit a38fd8748464831584a19438cbb3082b5a2dab15: Linux 5.12-rc2 (2021-03-05 17:33:41 -0800) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-tracepoints-for-v5.13 for you to fetch changes up to 0101947dbcc3204f08fb5b69a21dbd4b1535cad6: tee: optee: add invoke_fn tracepoints (2021-03-15 12:04:01 +0100) ---------------------------------------------------------------- Add tracepoints around calls to secure world ---------------------------------------------------------------- Jisheng Zhang (1): tee: optee: add invoke_fn tracepoints drivers/tee/optee/call.c | 4 +++ drivers/tee/optee/optee_trace.h | 67 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 drivers/tee/optee/optee_trace.h

4 years, 3 months

2
1
0 0

Linaro OP-TEE Contributions meeting March 2021

by Joakim Bech

Hi, LOC monthly meeting is planned to take place Thursday March 25th(a)16.00 (UTC+1). Current topics on the agenda are: - RNG in OP-TEE: This was proposed by Jorge for Foundries.io who created a couple of patches in a pull request. However he's unable to continue working with that, but no matter it's a good discussion, so I've left it on the agenda. - OCALL: Then there has been a patch set / PR: OCALL pull request, Jerome wanted to discuss what the next steps are. There is most likely room for additional topics, so feel free to suggest. Meeting details: --------------- Date/time: Thursday March 25th(a)16.00 (UTC+1) https://everytimezone.com/s/3596d6d3 Connection details: https://www.trustedfirmware.org/meetings/ Meeting notes: http://bit.ly/loc-notes Project page: https://www.linaro.org/projects/#LOC Regards, Joakim on behalf of the Linaro OP-TEE team

4 years, 3 months

1
1
0 0

Re: [TF-A] EHF + OPTEE on ARM64

by Sandeep Tripathy

Hi Peng, 1-Asynchronous preemption of SP: The long route is to make changes in the dispatcher and the corresponding SPD implementation to have synchronous preemption. ie: OP-TEE dispatcher will implement a G1NS (fiq) handler and invoke an entry of OP-TEE synchronously. OP-TEE will save the thread context and return. I did some POC but the complexity and effort to generalise was not justified by our requirement at that point especially envisioning the movement to SPMD in future. 2-Synchronous preemption of SP: ref: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/6345 I used this approach instead to unblock OP-TEE work alongside EHF. This serves the purpose without changing the routing model with a limitation that non yielding/fast SMC can not be preempted. And ofcourse OP-TEE can mask G0 interrupt in anycase. But I think this is sufficient for your purpose. Please feedback if the above patch works for you. Thanks Sandeep On Mon, Mar 22, 2021 at 2:43 PM Peng Fan via TF-A <tf-a(a)lists.trustedfirmware.org> wrote: > > Hi Achin, > > > > We are using SDEI for Jailhouse hypervisor to minimize interrupt latency, however we also wanna use OP-TEE when SDEI enabled. > > > > So I wanna how to make both work together. > > > > Thanks, > > Peng. > > > > From: Achin Gupta [mailto:Achin.Gupta@arm.com] > Sent: 2021年3月17日 17:59 > To: Peng Fan <peng.fan(a)nxp.com>; Jens Wiklander <jens.wiklander(a)linaro.org> > Cc: op-tee(a)lists.trustedfirmware.org; tf-a(a)lists.trustedfirmware.org > Subject: Re: EHF + OPTEE on ARM64 > > > > Hi Peng, > > > > +TF-A folk. > > > > My 0.02$. > > > > What is the problem you are trying to solve? Why do you need to run OP-TEE and EHF together? EHF was originally written to support a S-EL0 SP that is managed directly by TF-A in EL3 (TF-A folk can chime in). > > > > The SP could perform RAS error handling for which it needs the EHF. The EHF triages asynchronous exceptions and hands RAS errors to the SP for further handling. > > > > This is just one use case but there is no Trusted OS in these configurations. > > > > So, it would help to understand the requirement. > > > > cheers, > > Achin > > > > ________________________________ > > From: OP-TEE <op-tee-bounces(a)lists.trustedfirmware.org> on behalf of Jens Wiklander via OP-TEE <op-tee(a)lists.trustedfirmware.org> > Sent: 17 March 2021 09:23 > To: Peng Fan <peng.fan(a)nxp.com> > Cc: op-tee(a)lists.trustedfirmware.org <op-tee(a)lists.trustedfirmware.org> > Subject: Re: EHF + OPTEE on ARM64 > > > > On Wed, Mar 17, 2021 at 9:43 AM Peng Fan <peng.fan(a)nxp.com> wrote: > > > > > Subject: Re: EHF + OPTEE on ARM64 > > > > > > On Wed, Mar 17, 2021 at 9:02 AM Peng Fan <peng.fan(a)nxp.com> wrote: > > > > > > > > > Subject: Re: EHF + OPTEE on ARM64 > > > > > > > > > > On Wed, Mar 17, 2021 at 8:41 AM Peng Fan <peng.fan(a)nxp.com> wrote: > > > > > > > > > > > > > Subject: Re: EHF + OPTEE on ARM64 > > > > > > > > > > > > > > On Tue, Mar 16, 2021 at 11:08 AM Peng Fan <peng.fan(a)nxp.com> > > > wrote: > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > In bl31/ehf.c, there are following two lines, per my > > > > > > > > understanding, when cpu is in secure world, the non-secure > > > > > > > > interrupt as FIQ(GICv3) will be directly catched by EL3, not S-EL1 > > > > > > > > /* Route EL3 interrupts when in Secure and Non-secure. > > > */ > > > > > > > > set_interrupt_rm_flag(flags, NON_SECURE); > > > > > > > > set_interrupt_rm_flag(flags, SECURE); > > > > > > > > > > > > > > > > So this will conflict with OP-TEE, because OP-TEE needs catch > > > > > > > > NS-interrupt as FIQ in S-EL1 world. > > > > > > > > > > > > > > In the case of GICv3, OP-TEE is configured to receive the > > > > > > > non-secure interrupts as FIQ and secure interrupts as IRQ. See > > > CFG_ARM_GICV3. > > > > > > > > > > > > But EHF needs NS-interrupt FIQ be catched by EL3 if I understand > > > > > > correct, per " set_interrupt_rm_flag(flags, SECURE);" > > > > > > > > > > > > So currently EHF could not work together with OP-TEE, right? > > > > > > > > > > To be honest, I'm not completely sure what EHF does. From OP-TEE > > > > > point of view we expect to receive the non-secure interrupts as a > > > > > way of doing a controlled exit. This allows OP-TEE to resume > > > > > execution with a different core on re-entry. If EL3 takes the > > > > > non-secure interrupts directly it will have to make sure to only re-enter > > > OP-TEE on this core as a return from exception. > > > > > > > > Is this easy to be achieved? > > > > > > I don't know, it depends on what you intend to do with this non-secure > > > interrupt. If it's handled at EL3 and then there's a return from exception back > > > to S-EL1 there's likely no harm done. But if there's a world switch involved > > > there might be trouble, OP-TEE might not be in a suitable state for a world > > > switch. > > > > > > > > > > > Or by using opteed_sel1_interrupt_handler, could we have similar > > > > behavior to allow the other core resume execution? > > > > > > Only OP-TEE itself can make a controlled exit as there's an internal state to > > > maintain. Currently that's signalled with a non-secure interrupt. > > > > > > Per EHF, https://trustedfirmware-a.readthedocs.io/en/latest/components/exception-han… > > On GICv3 systems, when executing in S-EL1, pending Non-secure interrupts of > > sufficient priority are signalled as FIQs, and therefore will be routed to EL3. > > As a result, S-EL1 software cannot expect to handle Non-secure interrupts at S-EL1. > > Essentially, this deprecates the routing mode described as CSS=0, TEL3=0. > > > > In order for S-EL1 software to handle Non-secure interrupts while having EHF enabled, > > the dispatcher must adopt a model where Non-secure interrupts are received at EL3, > > but are then synchronously handled over to S-EL1. > > > > The issue to me here how to synchronously handled over to S-EL1 and not break optee. > > I understand. OP-TEE is masking interrupts in some critical sections, > while in such a state OP-TEE cannot handle any asynchronous interrupt. > Temporarily masking interrupts is normally a quick operation so we do > it in quite a few places. > So the crux of the problem is to make sure that OP-TEE is in a state > where it can make a controlled exit. I don't have any good ideas for > this right now. > > Cheers, > Jens > > -- > TF-A mailing list > TF-A(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-a

4 years, 3 months

2
1
0 0

[PATCH 1/1] tee: optee: do not check memref size on return from Secure World

by Jerome Forissier

When Secure World returns, it may have changed the size attribute of the memory references passed as [in/out] parameters. The GlobalPlatform TEE Internal Core API specification does not restrict the values that this size can take. In particular, Secure World may increase the value to be larger than the size of the input buffer to indicate that it needs more. Therefore, the size check in optee_from_msg_param() is incorrect and needs to be removed. This fixes a number of failed test cases in the GlobalPlatform TEE Initial Configuratiom Test Suite v2_0_0_0-2017_06_09 when OP-TEE is compiled without dynamic shared memory support (CFG_CORE_DYN_SHM=n). Suggested-by: Jens Wiklander <jens.wiklander(a)linaro.org> Signed-off-by: Jerome Forissier <jerome(a)forissier.org> --- drivers/tee/optee/core.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index 319a1e701163..ddb8f9ecf307 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -79,16 +79,6 @@ int optee_from_msg_param(struct tee_param *params, size_t num_params, return rc; p->u.memref.shm_offs = mp->u.tmem.buf_ptr - pa; p->u.memref.shm = shm; - - /* Check that the memref is covered by the shm object */ - if (p->u.memref.size) { - size_t o = p->u.memref.shm_offs + - p->u.memref.size - 1; - - rc = tee_shm_get_pa(shm, o, NULL); - if (rc) - return rc; - } break; case OPTEE_MSG_ATTR_TYPE_RMEM_INPUT: case OPTEE_MSG_ATTR_TYPE_RMEM_OUTPUT: -- 2.25.1

4 years, 3 months

1
0
0 0

Re: EHF + OPTEE on ARM64

by Achin Gupta

Hi Peng, +TF-A folk. My 0.02$. What is the problem you are trying to solve? Why do you need to run OP-TEE and EHF together? EHF was originally written to support a S-EL0 SP that is managed directly by TF-A in EL3 (TF-A folk can chime in). The SP could perform RAS error handling for which it needs the EHF. The EHF triages asynchronous exceptions and hands RAS errors to the SP for further handling. This is just one use case but there is no Trusted OS in these configurations. So, it would help to understand the requirement. cheers, Achin ________________________________ From: OP-TEE <op-tee-bounces(a)lists.trustedfirmware.org> on behalf of Jens Wiklander via OP-TEE <op-tee(a)lists.trustedfirmware.org> Sent: 17 March 2021 09:23 To: Peng Fan <peng.fan(a)nxp.com> Cc: op-tee(a)lists.trustedfirmware.org <op-tee(a)lists.trustedfirmware.org> Subject: Re: EHF + OPTEE on ARM64 On Wed, Mar 17, 2021 at 9:43 AM Peng Fan <peng.fan(a)nxp.com> wrote: > > > Subject: Re: EHF + OPTEE on ARM64 > > > > On Wed, Mar 17, 2021 at 9:02 AM Peng Fan <peng.fan(a)nxp.com> wrote: > > > > > > > Subject: Re: EHF + OPTEE on ARM64 > > > > > > > > On Wed, Mar 17, 2021 at 8:41 AM Peng Fan <peng.fan(a)nxp.com> wrote: > > > > > > > > > > > Subject: Re: EHF + OPTEE on ARM64 > > > > > > > > > > > > On Tue, Mar 16, 2021 at 11:08 AM Peng Fan <peng.fan(a)nxp.com> > > wrote: > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > In bl31/ehf.c, there are following two lines, per my > > > > > > > understanding, when cpu is in secure world, the non-secure > > > > > > > interrupt as FIQ(GICv3) will be directly catched by EL3, not S-EL1 > > > > > > > /* Route EL3 interrupts when in Secure and Non-secure. > > */ > > > > > > > set_interrupt_rm_flag(flags, NON_SECURE); > > > > > > > set_interrupt_rm_flag(flags, SECURE); > > > > > > > > > > > > > > So this will conflict with OP-TEE, because OP-TEE needs catch > > > > > > > NS-interrupt as FIQ in S-EL1 world. > > > > > > > > > > > > In the case of GICv3, OP-TEE is configured to receive the > > > > > > non-secure interrupts as FIQ and secure interrupts as IRQ. See > > CFG_ARM_GICV3. > > > > > > > > > > But EHF needs NS-interrupt FIQ be catched by EL3 if I understand > > > > > correct, per " set_interrupt_rm_flag(flags, SECURE);" > > > > > > > > > > So currently EHF could not work together with OP-TEE, right? > > > > > > > > To be honest, I'm not completely sure what EHF does. From OP-TEE > > > > point of view we expect to receive the non-secure interrupts as a > > > > way of doing a controlled exit. This allows OP-TEE to resume > > > > execution with a different core on re-entry. If EL3 takes the > > > > non-secure interrupts directly it will have to make sure to only re-enter > > OP-TEE on this core as a return from exception. > > > > > > Is this easy to be achieved? > > > > I don't know, it depends on what you intend to do with this non-secure > > interrupt. If it's handled at EL3 and then there's a return from exception back > > to S-EL1 there's likely no harm done. But if there's a world switch involved > > there might be trouble, OP-TEE might not be in a suitable state for a world > > switch. > > > > > > > > Or by using opteed_sel1_interrupt_handler, could we have similar > > > behavior to allow the other core resume execution? > > > > Only OP-TEE itself can make a controlled exit as there's an internal state to > > maintain. Currently that's signalled with a non-secure interrupt. > > > Per EHF, https://trustedfirmware-a.readthedocs.io/en/latest/components/exception-han… > On GICv3 systems, when executing in S-EL1, pending Non-secure interrupts of > sufficient priority are signalled as FIQs, and therefore will be routed to EL3. > As a result, S-EL1 software cannot expect to handle Non-secure interrupts at S-EL1. > Essentially, this deprecates the routing mode described as CSS=0, TEL3=0. > > In order for S-EL1 software to handle Non-secure interrupts while having EHF enabled, > the dispatcher must adopt a model where Non-secure interrupts are received at EL3, > but are then synchronously handled over to S-EL1. > > The issue to me here how to synchronously handled over to S-EL1 and not break optee. I understand. OP-TEE is masking interrupts in some critical sections, while in such a state OP-TEE cannot handle any asynchronous interrupt. Temporarily masking interrupts is normally a quick operation so we do it in quite a few places. So the crux of the problem is to make sure that OP-TEE is in a state where it can make a controlled exit. I don't have any good ideas for this right now. Cheers, Jens

4 years, 3 months

2
1
0 0

[PATCH] optee: enable apci support

by Ran Wang

This patch add ACPI support for optee driver. Signed-off-by: Ran Wang <ran.wang_1(a)nxp.com> --- drivers/tee/optee/core.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index cf4718c6d35d..8fb261f4b9db 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -5,6 +5,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +#include <linux/acpi.h> #include <linux/arm-smccc.h> #include <linux/errno.h> #include <linux/io.h> @@ -735,12 +736,21 @@ static const struct of_device_id optee_dt_match[] = { }; MODULE_DEVICE_TABLE(of, optee_dt_match); +#ifdef CONFIG_ACPI +static const struct acpi_device_id optee_acpi_match[] = { + { "OPTEE01",}, + { }, +}; +MODULE_DEVICE_TABLE(acpi, dwc3_acpi_match); +#endif + static struct platform_driver optee_driver = { .probe = optee_probe, .remove = optee_remove, .driver = { .name = "optee", .of_match_table = optee_dt_match, + .acpi_match_table = ACPI_PTR(optee_acpi_match), }, }; module_platform_driver(optee_driver); -- 2.25.1

4 years, 3 months

3
5
0 0

EHF + OPTEE on ARM64

by Peng Fan

Hi, In bl31/ehf.c, there are following two lines, per my understanding, when cpu is in secure world, the non-secure interrupt as FIQ(GICv3) will be directly catched by EL3, not S-EL1 /* Route EL3 interrupts when in Secure and Non-secure. */ set_interrupt_rm_flag(flags, NON_SECURE); set_interrupt_rm_flag(flags, SECURE); So this will conflict with OP-TEE, because OP-TEE needs catch NS-interrupt as FIQ in S-EL1 world. Am I understand correct? Any ideas how we could address this to make EHF + OPTEE run together? Thanks Peng.

4 years, 3 months

2
7
0 0

Re: EHF + OPTEE on ARM64

by Jelle Sels

Hi, If I am not mistaking, the fiq handler should be opteed_sel1_interrupt_handler which will forward the interrupt to S-EL1. R, Jelle ________________________________________ From: OP-TEE <op-tee-bounces(a)lists.trustedfirmware.org> on behalf of Peng Fan via OP-TEE <op-tee(a)lists.trustedfirmware.org> Sent: Tuesday, March 16, 2021 11:08 To: op-tee(a)lists.trustedfirmware.org; Jens Wiklander; Joakim Bech Subject: EHF + OPTEE on ARM64 Hi, In bl31/ehf.c, there are following two lines, per my understanding, when cpu is in secure world, the non-secure interrupt as FIQ(GICv3) will be directly catched by EL3, not S-EL1 /* Route EL3 interrupts when in Secure and Non-secure. */ set_interrupt_rm_flag(flags, NON_SECURE); set_interrupt_rm_flag(flags, SECURE); So this will conflict with OP-TEE, because OP-TEE needs catch NS-interrupt as FIQ in S-EL1 world. Am I understand correct? Any ideas how we could address this to make EHF + OPTEE run together? Thanks Peng.

4 years, 3 months

1
0
0 0

[PATCH] drivers: tee: optee: removed repeated words in comments

by Anupama K Patil

the word "the" is repeated in the file core.c so it has been removed. Likewise the word "of" is repeated in optee_smc.h and have removed it. Signed-off-by: Anupama K Patil <anupamakpatil123(a)gmail.com> --- drivers/tee/optee/core.c | 2 +- drivers/tee/optee/optee_smc.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c index cf4718c6d35d..2ccb091cd643 100644 --- a/drivers/tee/optee/core.c +++ b/drivers/tee/optee/core.c @@ -422,7 +422,7 @@ static bool optee_msg_exchange_capabilities(optee_invoke_fn *invoke_fn, /* * TODO This isn't enough to tell if it's UP system (from kernel - * point of view) or not, is_smp() returns the the information + * point of view) or not, is_smp() returns the information * needed, but can't be called directly from here. */ if (!IS_ENABLED(CONFIG_SMP) || nr_cpu_ids == 1) diff --git a/drivers/tee/optee/optee_smc.h b/drivers/tee/optee/optee_smc.h index 80eb763a8a80..49e8e027dc5b 100644 --- a/drivers/tee/optee/optee_smc.h +++ b/drivers/tee/optee/optee_smc.h @@ -162,7 +162,7 @@ struct optee_smc_call_get_os_revision_result { * Have config return register usage: * a0 OPTEE_SMC_RETURN_OK * a1 Physical address of start of SHM - * a2 Size of of SHM + * a2 Size of SHM * a3 Cache settings of memory, as defined by the * OPTEE_SMC_SHM_* values above * a4-7 Preserved -- 2.25.1

4 years, 3 months

1
0
0 0

Re: Request for support opensource optee contribution guide line

by Jens Wiklander

Hi Raghu, On Wed, Mar 3, 2021 at 8:38 AM Yejerla, VeeraraghavuluX via OP-TEE <op-tee(a)lists.trustedfirmware.org> wrote: > > Dear Sir, > > I would like to know that, if I want submit any patch for optee opensource features, could please guide me what are the guide line I have to follow it. Below are some information require . > > > 1. What is the maximum patch size shall I submit? That depends, it might be good to start with something small as a first contribution. > 2. What are the code guide line I have to follow it? https://optee.readthedocs.io/en/latest/general/coding_standards.html > 3. What are mail chain I have to include for patch review purpose? > 4. Is there any open source link for post quarry ? See https://optee.readthedocs.io/en/latest/general/contribute.html Cheers, Jens

4 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

OP-TEE