From: Igor Opaniuk <igor.opaniuk@gmail.com>
To: u-boot@lists.denx.de
Subject: [PATCH v5 0/4] OP-TEE I2C trampoline and associated tests
Date: Wed, 20 Jan 2021 19:55:26 +0200 [thread overview]
Message-ID: <20210120175530.92057-1-igor.opaniuk@gmail.com> (raw)
From: Igor Opaniuk <igor.opaniuk@foundries.io>
This patchset allows OP-TEE to communicate with I2C devices; a typical
use case would be servicing U-Boot requests that require underlying
cryptographic operations implemented by an I2C chip.
On a board fitted with the NXP SE050 I2C secure element, OP-TEE can
route some of the cryptographic operations it needs to that device (ie
RSA, ECC, CTR..).
Before the REE executes, OP-TEE would use its own I2C drivers to
communicate with the device on the bus; later on, once the REE is up,
accesses to the I2C bus should be coordinated with the REE to avoid
collisions. However instead of implementing such a synchronization
mechanism, this trampoline service permits OP-TEE to route those I2C
requests back to U-boot without then having to worry about collisions.
Lets suppose that U-Boot executes the trusted application Android
Verified Boot; when OP-TEE receives the request - and before executing
the application - it uses RSA to verify it. So on the back of the TA
function invocation, OP-TEE returns to U-boot with a sequence of RPC
calls requesting I2C transfers (check carefully the implementation in
do_call_with_arg(...) implemented in drivers/tee/optee/core.c and
notice the while loop)
When using sandbox testing, RPC is called directly to validate its
actual implementation; however as succintly described above, these
calls will always be originated in OP-TEE.
Changes v5:
* [Jens Wiklander] Addressed comment about optee_alloc_and_init_page_list():
drop inline, proper return value and comment
Changes v4:
* [Simon Glass] Reduced amount ifdefs warnings and move to
if (IS_ENABLED(CONFIG_*)) where possible
* Fixed pointer-sign warnings
Changes v3:
* [Simon Glass] Added RPC I2C test coverage
Changes v2:
* [Simon Glass] Adjusted the usage of DM internal api (dev_get_parent_platdata)
* [Simon Glass] Added additional comments to functions
* [Jens Wiklander] s/tmem/rmem/g
Igor Opaniuk (3):
test: py: add pygit2 and pyelftools to requirements.txt
drivers: tee: sandbox: add rpc test ta emulation
test: dm: tee: extend with RPC test
Jorge Ramirez-Ortiz (1):
drivers: tee: i2c trampoline driver
drivers/tee/Makefile | 2 +
drivers/tee/optee/Kconfig | 9 ++
drivers/tee/optee/Makefile | 1 +
drivers/tee/optee/i2c.c | 90 ++++++++++++++
drivers/tee/optee/optee_msg.h | 21 ++++
drivers/tee/optee/optee_msg_supplicant.h | 5 +
drivers/tee/optee/optee_private.h | 17 +++
drivers/tee/optee/supplicant.c | 3 +
drivers/tee/sandbox.c | 143 ++++++++++++++++++++++-
include/tee/optee_ta_rpc_test.h | 28 +++++
test/dm/tee.c | 107 ++++++++++++++++-
test/py/requirements.txt | 2 +
12 files changed, 419 insertions(+), 9 deletions(-)
create mode 100644 drivers/tee/optee/i2c.c
create mode 100644 include/tee/optee_ta_rpc_test.h
--
2.25.1
next reply other threads:[~2021-01-20 17:55 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-20 17:55 Igor Opaniuk [this message]
2021-01-20 17:55 ` [PATCH v5 1/4] drivers: tee: i2c trampoline driver Igor Opaniuk
2021-01-20 17:55 ` [PATCH v5 2/4] test: py: add pygit2 and pyelftools to requirements.txt Igor Opaniuk
2021-01-20 17:55 ` [PATCH v5 3/4] drivers: tee: sandbox: add rpc test ta emulation Igor Opaniuk
2021-01-21 7:39 ` Etienne Carriere
2021-01-21 10:41 ` Igor Opaniuk
2021-01-22 11:54 ` Etienne Carriere
2021-01-20 17:55 ` [PATCH v5 4/4] test: dm: tee: extend with RPC test Igor Opaniuk
2021-01-21 8:00 ` Etienne Carriere
2021-01-21 10:44 ` Igor Opaniuk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210120175530.92057-1-igor.opaniuk@gmail.com \
--to=igor.opaniuk@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.