core: ABI description for dynamic protected memory

Extend the SMC and FF-A ABI to handle dynamic protected memory lending.
The capability bits OPTEE_SMC_SEC_CAP_DYNAMIC_PROTMEM and
OPTEE_FFA_SEC_CAP

core: ABI description for dynamic protected memory

Extend the SMC and FF-A ABI to handle dynamic protected memory lending.
The capability bits OPTEE_SMC_SEC_CAP_DYNAMIC_PROTMEM and
OPTEE_FFA_SEC_CAP_PROTMEM respectively tells its availability.

OPTEE_MSG_CMD_GET_PROTMEM_CONFIG tells the minimal size and required
alignment of protected memory to lend.

For the SMC ABI, OPTEE_MSG_CMD_LEND_PROTMEM lends protected memory
and OPTEE_MSG_CMD_RECLAIM_PROTMEM returns the memory to normal world use.

For the FF-A ABI, FFA_LEND framework request followed by
OPTEE_MSG_CMD_ASSIGN_PROTMEM lends protected memory and
OPTEE_FFA_RELEASE_PROTMEM followed by the FFA_RECLAIM framework
request returns the memory to normal world use.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: sync ABI description files

Syncs the ABI description files optee_ffa.h and optee_msg.h with their
counterpart in the Linux kernel driver. Small changes in comments and
introduction of uint8_t

core: sync ABI description files

Syncs the ABI description files optee_ffa.h and optee_msg.h with their
counterpart in the Linux kernel driver. Small changes in comments and
introduction of uint8_t octets[24] as an alternative to struct
optee_msg_param_value value.

No ABI changes or extensions.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: prefix header file guard names with __

Improves header files guard names consistency by using a __ prefix
where missing.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by:

core: prefix header file guard names with __

Improves header files guard names consistency by using a __ prefix
where missing.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add asynchronous notifications

Adds support for asynchronous notifications from secure world to normal
world. This allows a design with a top half and bottom half type of
driver where the top

core: add asynchronous notifications

Adds support for asynchronous notifications from secure world to normal
world. This allows a design with a top half and bottom half type of
driver where the top half runs in secure interrupt context and a
notifications tells normal world to schedule a yielding call to do the
bottom half processing.

The protocol is defined in optee_msg.h optee_rpc_cmd.h and optee_smc.h.

A notification consists of a 32-bit value which normal world can
retrieve using a fastcall into secure world. OP-TEE is currently only
supporting the value 0-63 where 0 has a special meaning. When 0 is sent
it means that normal world is supposed to make a yielding call
OPTEE_MSG_CMD_DO_BOTTOM_HALF.

The notification framework in OP-TEE defines an interface where drivers
can register a callback which is called on each yielding bottom half
call.

Notification capability is negotiated with the normal world while it
initializes its driver. If both sides supports these notifications then
they are enabled.

CFG_CORE_ASYNC_NOTIF_GIC_INTID is added to define the hardware interrupt
used to notify normal world. This is added to the DTB in case OP-TEE can
is configured with CFG_DT=y. Other cases requires the normal world DTB
to be kept in sync with this.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core/include/*.h: use U() for unsigned constants

Updates with the U() macro as described in the recently updated coding
guidelines.

Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jero

core/include/*.h: use U() for unsigned constants

Updates with the U() macro as described in the recently updated coding
guidelines.

Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: FF-A ABI updates

Updates structs and definitions to follow FF-A version 1.0.

Use the special hard coded UUID (486178e0-e7f8-11e3-bc5e-0002a5d5c51b)
for the SP OP-TEE is when compiled fo

core: spmc: FF-A ABI updates

Updates structs and definitions to follow FF-A version 1.0.

Use the special hard coded UUID (486178e0-e7f8-11e3-bc5e-0002a5d5c51b)
for the SP OP-TEE is when compiled for FF-A.

Updates the FF-A OP-TEE message ABI to make room for struct
optee_msg_arg to be used for RPC for OPTEE_FFA_YIELDING_CALL_WITH_ARG.

struct thread_ctx::rpc_arg for the current thread will always hold a
pointer to the struct optee_msg_arg to be used for RPC.

With this allocation of shared memory can be pushed up one layer and be
done via the struct optee_msg_arg so the
OPTEE_FFA_YIELDING_CALL_RETURN_ALLOC_*_SHM and
OPTEE_FFA_YIELDING_CALL_RETURN_FREE_*_SHM can be removed making the FF-A
ABI a bit less complicated.

Changes OPTEE_FFA_UNREGISTER_SHM to be a blocking call instead of a
yielding call.

Removes the unused OPTEE_FFA_YIELDING_CALL_REGISTER_SHM.

Updates the return values from yielding calls to use the TEE_Result
values instead of FF-A one to use the error code from the correct layer.

Defines OPTEE_MSG_FMEM_INVALID_GLOBAL_ID to 0xffffffffffffffffff which
is used as an invalid global id instead of 0.

This is an ABI breakage which must be done in sync with the FF-A v4
patchset in the Linux kernel.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add optee_ffa.h defining the OP-TEE ABI for FF-A

Adds optee_ffa.h which defines the OP-TEE ABI when Arm Platform Security
Architecture Firmware Framework for Arm V8-A [1] is used as transport

core: add optee_ffa.h defining the OP-TEE ABI for FF-A

Adds optee_ffa.h which defines the OP-TEE ABI when Arm Platform Security
Architecture Firmware Framework for Arm V8-A [1] is used as transport
instead of raw proprietary SMCs. This ABI where OP-TEE specific
implementation is used to fill the implementation specific gaps in the
specification is called OP-TEE FF-A, or sometimes just FF-A.

A new memref type, struct optee_msg_param_fmem, is added to carry
information needed to create new shared memory mobjs.

Link: [1] https://static.docs.arm.com/den0077/a/DEN0077A_PSA_Firmware_Framework_Arm_v8-A_1.0_EAC.pdf
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace ASM with compiler-builtin __ASSEMBLER__

The C preprocessor predefines __ASSEMBLER__ with value 1 when when
preprocessing assembly language, see [1]. Instead of using a special
defines, let's

Replace ASM with compiler-builtin __ASSEMBLER__

The C preprocessor predefines __ASSEMBLER__ with value 1 when when
preprocessing assembly language, see [1]. Instead of using a special
defines, let's use the define already provided.

Link: [1] https://gcc.gnu.org/onlinedocs/cpp/Standard-Predefined-Macros.html

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: optee_msg.h: define OPTEE_MSG_MAX_NUM_PARAMS

Defines OPTEE_MSG_MAX_NUM_PARAMS to be used with the macro
OPTEE_MSG_GET_ARG_SIZE() in order to avoid unexpected wrapping.

Fixes: "Macro for check

core: optee_msg.h: define OPTEE_MSG_MAX_NUM_PARAMS

Defines OPTEE_MSG_MAX_NUM_PARAMS to be used with the macro
OPTEE_MSG_GET_ARG_SIZE() in order to avoid unexpected wrapping.

Fixes: "Macro for checking size of parameter buffer can overflow" as
reported by Riscure.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Riscure <inforequest@riscure.com>
Reported-by: Alyssa Milburn <a.a.milburn@vu.nl>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: introduce generic optee_rpc_cmd.h

Replaces the OPTEE_MSG RPC command protocol descriptions in optee_msg.h
and optee_msg_supplicant with a generic optee_rpc_cmd.h. Defined names
are also refact

core: introduce generic optee_rpc_cmd.h

Replaces the OPTEE_MSG RPC command protocol descriptions in optee_msg.h
and optee_msg_supplicant with a generic optee_rpc_cmd.h. Defined names
are also refactored to mirror the new structure.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

optee_msg.h: remove OPTEE_MSG_ATTR_FRAGMENT

OPTEE_MSG_ATTR_FRAGMENT isn't defined. Remove it from comments and replace
with OPTEE_MSG_ATTR_NONCONTIG where applicable.

Acked-by: Jerome Forissier <je

optee_msg.h: remove OPTEE_MSG_ATTR_FRAGMENT

OPTEE_MSG_ATTR_FRAGMENT isn't defined. Remove it from comments and replace
with OPTEE_MSG_ATTR_NONCONTIG where applicable.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: support for global shared buffers

Add support of allocating SHM shared with non-secure kernel
and exported to a non-secure userspace application.

Reviewed-by: Jens Wiklander <jens.wiklander@l

core: support for global shared buffers

Add support of allocating SHM shared with non-secure kernel
and exported to a non-secure userspace application.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words. Therefore, we can safely remove the text from the
files that are owned by Linaro.

Generated by:
spdxify.py --linaro-only --strip-arr optee_os/

Link: [1] https://en.wikipedia.org/wiki/All_rights_reserved
Link: [2] https://reuse.software/practices/
Link: [3] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.p

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.py --linaro-only --strip-license-text optee_os/

Link: [1] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] wa

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.

Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

ABI change: add OPTEE_MSG_ATTR_NONCONTIG handling

This patch introduces new attribute OPTEE_MSG_ATTR_NONCONTIG to allow
Normal World pass arbitrary list of physical pages as a shared buffer.

To rea

ABI change: add OPTEE_MSG_ATTR_NONCONTIG handling

This patch introduces new attribute OPTEE_MSG_ATTR_NONCONTIG to allow
Normal World pass arbitrary list of physical pages as a shared buffer.

To read this list of page address two new functions are added:
- msg_param_extract_pages() is a helper function that read pages list
into provided array

- msg_param_mobj_from_noncontig_param() constructs mobj from provided
struct optee_msg_param parameter. This mobj then can be used in
various parts of OP-TEE

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

OP-TEE Benchmark

OP-TEE Benchmark feature provides timestamp data for the roundtrip time
from libteec to OP-TEE OS core.

Benchmark PTA handles registration/unregistration commands of timestamp
buff

OP-TEE Benchmark

OP-TEE Benchmark feature provides timestamp data for the roundtrip time
from libteec to OP-TEE OS core.

Benchmark PTA handles registration/unregistration commands of timestamp
buffer, invoked by optee_benchmark NW application, and performs
registration of timestamp buffer in the linux kernel optee driver via
RPC call.

To enable this feature set CFG_TEE_BENCHMARK compile flag to "y".

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

core: update optee_msg.h from Linux v4.12-rc1

The current Linux kernel (v4.12-rc1) has introduced a few changes in
optee_msg.h. The most important one is replacing the macro
OPTEE_MSG_GET_PARAMS() w

core: update optee_msg.h from Linux v4.12-rc1

The current Linux kernel (v4.12-rc1) has introduced a few changes in
optee_msg.h. The most important one is replacing the macro
OPTEE_MSG_GET_PARAMS() with a c99 style struct optee_msg_param params[]
member in struct optee_msg_arg.

The changes in core/arch/arm/kernel/thread.c and
core/arch/arm/tee/entry_std.c deals with that change.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move definitions from optee_msg.h to optee_msg_supplicant.h

Commands that are specific to tee-supplicant belong in their own file.
This allows optee_msg.h to remain untouched as more supplicant comm

Move definitions from optee_msg.h to optee_msg_supplicant.h

Commands that are specific to tee-supplicant belong in their own file.
This allows optee_msg.h to remain untouched as more supplicant commands
are added. With this change:
- optee_msg.h is used by the driver and OP-TEE OS (note: there are two
slightly different versions of the file adapted to each environment but
they define the same things)
- optee_msg_supplicant.h is used by OP-TEE OS and tee-supplicant

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: optee_msg.h include needed .h files

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

secure storage: add SQL filesystem

This commit adds a new container type for trusted storage: SQL FS.
Data are stored in the non-secure world, just like the REE FS
(CFG_REE_FS). But, unlike REE FS w

secure storage: add SQL filesystem

This commit adds a new container type for trusted storage: SQL FS.
Data are stored in the non-secure world, just like the REE FS
(CFG_REE_FS). But, unlike REE FS which manipulates several files for
each secure object, this implementation needs only one container in a
SQLite database per secure object. We rely on the transaction-based
nature of the database to provide atomicity.

A storage identifier is added to the TA API: TEE_STORAGE_PRIVATE_SQL.
Trusted applications can use it to select this filesystem. The value
TEE_STORAGE_PRIVATE defined by GlobalPlatform will also select the
SQL FS if all other implementations are disabled.

This feature is enabled with CFG_SQL_FS=y. It depends on SQL support
in tee-supplicant [1].

[1] https://github.com/OP-TEE/optee_client/pull/50

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

optee_msg: add OPTEE_MSG_RPC_CMD_SHM_FREE

Buffers allocated with OPTEE_MSG_RPC_CMD_SHM_ALLOC must be freed
with OPTEE_MSG_RPC_CMD_SHM_FREE to help normal world driver to
route the message correctly.

optee_msg: add OPTEE_MSG_RPC_CMD_SHM_FREE

Buffers allocated with OPTEE_MSG_RPC_CMD_SHM_ALLOC must be freed
with OPTEE_MSG_RPC_CMD_SHM_FREE to help normal world driver to
route the message correctly.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: new OPTEE_MSG interface

* Changes to a new OPTEE_MSG interface to work with the generic TEE driver.
* Removes TEESMC64_* defines as the TEESMC32_* functions are enhanced to
take 64bit values

core: new OPTEE_MSG interface

* Changes to a new OPTEE_MSG interface to work with the generic TEE driver.
* Removes TEESMC64_* defines as the TEESMC32_* functions are enhanced to
take 64bit values where required in pairs of 32bit registers instead.
* Changes open session meta information to be passed in two value
parameters instead of one memref.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, FVP)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...