All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 0/7 v4] EFI variable support via OP-TEE
@ 2020-05-17 19:25 Ilias Apalodimas
  2020-05-17 19:25 ` [PATCH 1/7 v4] efi_loader: Add headers for EDK2 StandAloneMM communication Ilias Apalodimas
                   ` (6 more replies)
  0 siblings, 7 replies; 8+ messages in thread
From: Ilias Apalodimas @ 2020-05-17 19:25 UTC (permalink / raw)
  To: u-boot

Hi!

This is the v4 of the patchset adding EFI variable support via OP-TEE
originally posted here [1] [2] [3] 

changes since v3:
* patch 3: 
  - remove the default attributes if the user doesn't specify any
  - print the EFI error message coming from StMM in case of failure
* patch 6: 
  - Align the defconfig with the existing lx2160ardb one
* patch 7 (new patch)
  - Add an OP-TEE node on lx2160ardb dts

[1] https://lists.denx.de/pipermail/u-boot/2020-May/410772.html
[2] https://lists.denx.de/pipermail/u-boot/2020-May/411603.html
[3] https://lists.denx.de/pipermail/u-boot/2020-May/412223.html

Ilias Apalodimas (6):
  efi_loader: Implement EFI variable handling via OP-TEE
  cmd: efidebug: Add support for querying UEFI variable storage
  MAINTAINERS: Add maintainer for EFI variables via OP-TEE
  doc: uefi.rst: Add OP-TEE variable storage config options
  configs: lx2160a: Add default config for lx2160a using StMM in OP-TEE
  dts: nxp2160ardb: add op-tee node

Sughosh Ganu (1):
  efi_loader: Add headers for EDK2 StandAloneMM communication

 MAINTAINERS                           |   6 +
 arch/arm/dts/fsl-lx2160a.dtsi         |   6 +
 board/freescale/lx2160a/MAINTAINERS   |   1 +
 cmd/efidebug.c                        |  58 ++-
 configs/lx2160ardb_tfa_stmm_defconfig |  85 ++++
 doc/uefi/uefi.rst                     |  17 +
 include/mm_communication.h            | 208 ++++++++
 lib/efi_loader/Kconfig                |   9 +
 lib/efi_loader/Makefile               |   4 +
 lib/efi_loader/efi_variable_tee.c     | 662 ++++++++++++++++++++++++++
 10 files changed, 1055 insertions(+), 1 deletion(-)
 create mode 100644 configs/lx2160ardb_tfa_stmm_defconfig
 create mode 100644 include/mm_communication.h
 create mode 100644 lib/efi_loader/efi_variable_tee.c

-- 
2.26.2

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 1/7 v4] efi_loader: Add headers for EDK2 StandAloneMM communication
  2020-05-17 19:25 [PATCH 0/7 v4] EFI variable support via OP-TEE Ilias Apalodimas
@ 2020-05-17 19:25 ` Ilias Apalodimas
  2020-05-17 19:25 ` [PATCH 2/7 v4] efi_loader: Implement EFI variable handling via OP-TEE Ilias Apalodimas
                   ` (5 subsequent siblings)
  6 siblings, 0 replies; 8+ messages in thread
From: Ilias Apalodimas @ 2020-05-17 19:25 UTC (permalink / raw)
  To: u-boot

From: Sughosh Ganu <sughosh.ganu@linaro.org>

In Arm devices OP-TEE has the ability to run StandAloneMM (from EDK2)
in a separate partition and handle UEFI variables.
A following patch introduces this functionality.

Add the headers needed for OP-TEE <--> StandAloneMM communication

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 include/mm_communication.h | 208 +++++++++++++++++++++++++++++++++++++
 1 file changed, 208 insertions(+)
 create mode 100644 include/mm_communication.h

diff --git a/include/mm_communication.h b/include/mm_communication.h
new file mode 100644
index 000000000000..193c4d157874
--- /dev/null
+++ b/include/mm_communication.h
@@ -0,0 +1,208 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ *  Headers for EFI variable service via StandAloneMM, EDK2 application running
+ *  in OP-TEE
+ *
+ *  Copyright (c) 2017, Intel Corporation. All rights reserved.
+ *  Copyright (C) 2020 Linaro Ltd. <sughosh.ganu@linaro.org>
+ *  Copyright (C) 2020 Linaro Ltd. <ilias.apalodimas@linaro.org>
+ */
+
+#ifndef _MM_COMMUNICATION_H_
+#define _MM_COMMUNICATION_H_
+
+#include <part_efi.h>
+
+/*
+ * Interface to the pseudo Trusted Application (TA), which provides a
+ * communication channel with the Standalone MM (Management Mode)
+ * Secure Partition running at Secure-EL0
+ */
+
+#define PTA_STMM_CMDID_COMMUNICATE 0
+
+/* OP-TEE is using big endian GUIDs while UEFI uses little endian ones */
+#define PTA_STMM_UUID { 0xed32d533, 0x99e6, 0x4209, {\
+			0x9c, 0xc0, 0x2d, 0x72, 0xcd, 0xd9, 0x98, 0xa7 } }
+
+#define EFI_MM_VARIABLE_GUID \
+	EFI_GUID(0xed32d533, 0x99e6, 0x4209, \
+		 0x9c, 0xc0, 0x2d, 0x72, 0xcd, 0xd9, 0x98, 0xa7)
+
+/* Defined in EDK2 MdePkg/Include/Protocol/MmCommunication.h */
+
+/**
+ * struct efi_mm_communicate_header - Header used for SMM variable communication
+
+ * @header_guid:  header use for disambiguation of content
+ * @message_len:  length of the message. Does not include the size of the
+ *                header
+ * @data:         payload of the message
+ *
+ * Defined in EDK2 as EFI_MM_COMMUNICATE_HEADER.
+ * To avoid confusion in interpreting frames, the communication buffer should
+ * always begin with efi_mm_communicate_header.
+ */
+struct efi_mm_communicate_header {
+	efi_guid_t header_guid;
+	size_t     message_len;
+	u8         data[];
+};
+
+#define MM_COMMUNICATE_HEADER_SIZE \
+	(sizeof(struct efi_mm_communicate_header))
+
+/* Defined in EDK2 ArmPkg/Include/IndustryStandard/ArmStdSmc.h */
+
+/* MM return error codes */
+#define ARM_SMC_MM_RET_SUCCESS              0
+#define ARM_SMC_MM_RET_NOT_SUPPORTED       -1
+#define ARM_SMC_MM_RET_INVALID_PARAMS      -2
+#define ARM_SMC_MM_RET_DENIED              -3
+#define ARM_SMC_MM_RET_NO_MEMORY           -4
+
+/* Defined in EDK2 MdeModulePkg/Include/Guid/SmmVariableCommon.h */
+
+#define SMM_VARIABLE_FUNCTION_GET_VARIABLE  1
+/*
+ * The payload for this function is
+ * SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME.
+ */
+#define SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME  2
+/*
+ * The payload for this function is SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE.
+ */
+#define SMM_VARIABLE_FUNCTION_SET_VARIABLE  3
+/*
+ * The payload for this function is
+ * SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO.
+ */
+#define SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO  4
+/*
+ * It is a notify event, no extra payload for this function.
+ */
+#define SMM_VARIABLE_FUNCTION_READY_TO_BOOT  5
+/*
+ * It is a notify event, no extra payload for this function.
+ */
+#define SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE  6
+/*
+ * The payload for this function is VARIABLE_INFO_ENTRY.
+ * The GUID in EFI_SMM_COMMUNICATE_HEADER is gEfiSmmVariableProtocolGuid.
+ */
+#define SMM_VARIABLE_FUNCTION_GET_STATISTICS  7
+/*
+ * The payload for this function is SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE
+ */
+#define SMM_VARIABLE_FUNCTION_LOCK_VARIABLE   8
+
+#define SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET  9
+
+#define SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET  10
+
+#define SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE  11
+/*
+ * The payload for this function is
+ * SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT
+ */
+#define SMM_VARIABLE_FUNCTION_INIT_RUNTIME_VARIABLE_CACHE_CONTEXT 12
+
+#define SMM_VARIABLE_FUNCTION_SYNC_RUNTIME_CACHE  13
+/*
+ * The payload for this function is
+ * SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO
+ */
+#define SMM_VARIABLE_FUNCTION_GET_RUNTIME_CACHE_INFO  14
+
+/**
+ * struct smm_variable_communicate_header - Used for SMM variable communication
+
+ * @function:     function to call in Smm.
+ * @ret_status:   return status
+ * @data:         payload
+ *
+ * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_HEADER.
+ */
+struct smm_variable_communicate_header {
+	efi_uintn_t  function;
+	efi_status_t ret_status;
+	u8           data[];
+};
+
+#define MM_VARIABLE_COMMUNICATE_SIZE \
+	(sizeof(struct smm_variable_communicate_header))
+
+/**
+ * struct smm_variable_access - Used to communicate with StMM by
+ *                              SetVariable and GetVariable.
+
+ * @guid:         vendor GUID
+ * @data_size:    size of EFI variable data
+ * @name_size:    size of EFI name
+ * @attr:         attributes
+ * @name:         variable name
+ *
+ * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE.
+ *
+ */
+struct smm_variable_access {
+	efi_guid_t  guid;
+	efi_uintn_t data_size;
+	efi_uintn_t name_size;
+	u32         attr;
+	u16         name[];
+};
+
+#define MM_VARIABLE_ACCESS_HEADER_SIZE \
+	(sizeof(struct smm_variable_access))
+/**
+ * struct smm_variable_payload_size - Used to get the max allowed
+ *                                    payload used in StMM.
+ *
+ * @size:  size to fill in
+ *
+ * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE.
+ *
+ */
+struct smm_variable_payload_size {
+	efi_uintn_t size;
+};
+
+/**
+ * struct smm_variable_getnext - Used to communicate with StMM for
+ *                               GetNextVariableName.
+ *
+ * @guid:       vendor GUID
+ * @name_size:  size of the name of the variable
+ * @name:       variable name
+ *
+ * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME.
+ */
+struct smm_variable_getnext {
+	efi_guid_t  guid;
+	efi_uintn_t name_size;
+	u16         name[];
+};
+
+#define MM_VARIABLE_GET_NEXT_HEADER_SIZE \
+	(sizeof(struct smm_variable_getnext))
+
+/**
+ * struct smm_variable_query_info - Used to communicate with StMM for
+ *                                  QueryVariableInfo.
+ *
+ * @max_variable_storage:        max available storage
+ * @remaining_variable_storage:  remaining available storage
+ * @max_variable_size:           max variable supported size
+ * @attr:                        attributes to query storage for
+ *
+ * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO.
+ */
+struct smm_variable_query_info {
+	u64 max_variable_storage;
+	u64 remaining_variable_storage;
+	u64 max_variable_size;
+	u32 attr;
+};
+
+#endif /* _MM_COMMUNICATION_H_ */
-- 
2.26.2

^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH 2/7 v4] efi_loader: Implement EFI variable handling via OP-TEE
  2020-05-17 19:25 [PATCH 0/7 v4] EFI variable support via OP-TEE Ilias Apalodimas
  2020-05-17 19:25 ` [PATCH 1/7 v4] efi_loader: Add headers for EDK2 StandAloneMM communication Ilias Apalodimas
@ 2020-05-17 19:25 ` Ilias Apalodimas
  2020-05-17 19:25 ` [PATCH 3/7 v4] cmd: efidebug: Add support for querying UEFI variable storage Ilias Apalodimas
                   ` (4 subsequent siblings)
  6 siblings, 0 replies; 8+ messages in thread
From: Ilias Apalodimas @ 2020-05-17 19:25 UTC (permalink / raw)
  To: u-boot

In OP-TEE we can run EDK2's StandAloneMM on a secure partition.
StandAloneMM is responsible for the UEFI variable support. In
combination with OP-TEE and it's U-Boot supplicant, variables are
authenticated/validated in secure world and stored on an RPMB partition.

So let's add a new config option in U-Boot implementing the necessary
calls to OP-TEE for the variable management.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com>
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/Kconfig            |   9 +
 lib/efi_loader/Makefile           |   4 +
 lib/efi_loader/efi_variable_tee.c | 662 ++++++++++++++++++++++++++++++
 3 files changed, 675 insertions(+)
 create mode 100644 lib/efi_loader/efi_variable_tee.c

diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 1cfa24ffcf72..aad37b715505 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -164,4 +164,13 @@ config EFI_SECURE_BOOT
 	  it is signed with a trusted key. To do that, you need to install,
 	  at least, PK, KEK and db.
 
+config EFI_MM_COMM_TEE
+	bool "UEFI variables storage service via OP-TEE"
+	depends on OPTEE
+	default n
+	help
+	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI variable
+	  related operations to that. The application will verify, authenticate and
+	  store the variables on an RPMB.
+
 endif
diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile
index 84d61df55b93..57c7e66ea0e2 100644
--- a/lib/efi_loader/Makefile
+++ b/lib/efi_loader/Makefile
@@ -35,7 +35,11 @@ obj-y += efi_root_node.o
 obj-y += efi_runtime.o
 obj-y += efi_setup.o
 obj-$(CONFIG_EFI_UNICODE_COLLATION_PROTOCOL2) += efi_unicode_collation.o
+ifeq ($(CONFIG_EFI_MM_COMM_TEE),y)
+obj-y += efi_variable_tee.o
+else
 obj-y += efi_variable.o
+endif
 obj-y += efi_watchdog.o
 obj-$(CONFIG_LCD) += efi_gop.o
 obj-$(CONFIG_DM_VIDEO) += efi_gop.o
diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c
new file mode 100644
index 000000000000..cacc76e23db1
--- /dev/null
+++ b/lib/efi_loader/efi_variable_tee.c
@@ -0,0 +1,662 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ *  EFI variable service via OP-TEE
+ *
+ *  Copyright (C) 2019 Linaro Ltd. <sughosh.ganu@linaro.org>
+ *  Copyright (C) 2019 Linaro Ltd. <ilias.apalodimas@linaro.org>
+ */
+
+#include <common.h>
+#include <efi.h>
+#include <efi_api.h>
+#include <efi_loader.h>
+#include <tee.h>
+#include <malloc.h>
+#include <mm_communication.h>
+
+static efi_uintn_t max_buffer_size;	/* comm + var + func + data */
+static efi_uintn_t max_payload_size;	/* func + data */
+
+struct mm_connection {
+	struct udevice *tee;
+	u32 session;
+};
+
+/**
+ * get_connection() - Retrieve OP-TEE session for a specific UUID.
+ *
+ * @conn:   session buffer to fill
+ * Return:  status code
+ */
+static int get_connection(struct mm_connection *conn)
+{
+	static const struct tee_optee_ta_uuid uuid = PTA_STMM_UUID;
+	struct udevice *tee = NULL;
+	struct tee_open_session_arg arg;
+	int rc;
+
+	tee = tee_find_device(tee, NULL, NULL, NULL);
+	if (!tee)
+		return -ENODEV;
+
+	memset(&arg, 0, sizeof(arg));
+	tee_optee_ta_uuid_to_octets(arg.uuid, &uuid);
+	rc = tee_open_session(tee, &arg, 0, NULL);
+	if (!rc) {
+		conn->tee = tee;
+		conn->session = arg.session;
+	}
+
+	return rc;
+}
+
+/**
+ * optee_mm_communicate() - Pass a buffer to StandaloneMM running in OP-TEE
+ *
+ * @comm_buf:		locally allocted communcation buffer
+ * @dsize:		buffer size
+ * Return:		status code
+ */
+static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize)
+{
+	ulong buf_size;
+	efi_status_t ret;
+	struct efi_mm_communicate_header *mm_hdr;
+	struct mm_connection conn = { NULL, 0 };
+	struct tee_invoke_arg arg;
+	struct tee_param param[2];
+	struct tee_shm *shm = NULL;
+	int rc;
+
+	if (!comm_buf)
+		return EFI_INVALID_PARAMETER;
+
+	mm_hdr = (struct efi_mm_communicate_header *)comm_buf;
+	buf_size = mm_hdr->message_len + sizeof(efi_guid_t) + sizeof(size_t);
+
+	if (dsize != buf_size)
+		return EFI_INVALID_PARAMETER;
+
+	rc = get_connection(&conn);
+	if (rc) {
+		log_err("Unable to open OP-TEE session (err=%d)\n", rc);
+		return EFI_UNSUPPORTED;
+	}
+
+	if (tee_shm_register(conn.tee, comm_buf, buf_size, 0, &shm)) {
+		log_err("Unable to register shared memory\n");
+		return EFI_UNSUPPORTED;
+	}
+
+	memset(&arg, 0, sizeof(arg));
+	arg.func = PTA_STMM_CMDID_COMMUNICATE;
+	arg.session = conn.session;
+
+	memset(param, 0, sizeof(param));
+	param[0].attr = TEE_PARAM_ATTR_TYPE_MEMREF_INOUT;
+	param[0].u.memref.size = buf_size;
+	param[0].u.memref.shm = shm;
+	param[1].attr = TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT;
+
+	rc = tee_invoke_func(conn.tee, &arg, 2, param);
+	if (rc)
+		return EFI_INVALID_PARAMETER;
+	tee_shm_free(shm);
+	tee_close_session(conn.tee, conn.session);
+
+	switch (param[1].u.value.a) {
+	case ARM_SMC_MM_RET_SUCCESS:
+		ret = EFI_SUCCESS;
+		break;
+
+	case ARM_SMC_MM_RET_INVALID_PARAMS:
+		ret = EFI_INVALID_PARAMETER;
+		break;
+
+	case ARM_SMC_MM_RET_DENIED:
+		ret = EFI_ACCESS_DENIED;
+		break;
+
+	case ARM_SMC_MM_RET_NO_MEMORY:
+		ret = EFI_OUT_OF_RESOURCES;
+		break;
+
+	default:
+		ret = EFI_ACCESS_DENIED;
+	}
+
+	return ret;
+}
+
+/**
+ * mm_communicate() - Adjust the cmonnucation buffer to StandAlonneMM and send
+ * it to OP-TEE
+ *
+ * @comm_buf:		locally allocted communcation buffer
+ * @dsize:		buffer size
+ * Return:		status code
+ */
+static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
+{
+	efi_status_t ret;
+	struct efi_mm_communicate_header *mm_hdr;
+	struct smm_variable_communicate_header *var_hdr;
+
+	dsize += MM_COMMUNICATE_HEADER_SIZE + MM_VARIABLE_COMMUNICATE_SIZE;
+	mm_hdr = (struct efi_mm_communicate_header *)comm_buf;
+	var_hdr = (struct smm_variable_communicate_header *)mm_hdr->data;
+
+	ret = optee_mm_communicate(comm_buf, dsize);
+	if (ret != EFI_SUCCESS) {
+		log_err("%s failed!\n", __func__);
+		return ret;
+	}
+
+	return var_hdr->ret_status;
+}
+
+/**
+ * setup_mm_hdr() -	Allocate a buffer for StandAloneMM and initialize the
+ *			header data.
+ *
+ * @dptr:		pointer address of the corresponding StandAloneMM
+ *			function
+ * @payload_size:	buffer size
+ * @func:		standAloneMM function number
+ * @ret:		EFI return code
+ * Return:		buffer or NULL
+ */
+static u8 *setup_mm_hdr(void **dptr, efi_uintn_t payload_size,
+			efi_uintn_t func, efi_status_t *ret)
+{
+	const efi_guid_t mm_var_guid = EFI_MM_VARIABLE_GUID;
+	struct efi_mm_communicate_header *mm_hdr;
+	struct smm_variable_communicate_header *var_hdr;
+	u8 *comm_buf;
+
+	/* In the init function we initialize max_buffer_size with
+	 * get_max_payload(). So skip the test if max_buffer_size is initialized
+	 * StandAloneMM will perform similar checks and drop the buffer if it's
+	 * too long
+	 */
+	if (max_buffer_size && max_buffer_size <
+			(MM_COMMUNICATE_HEADER_SIZE +
+			 MM_VARIABLE_COMMUNICATE_SIZE +
+			 payload_size)) {
+		*ret = EFI_INVALID_PARAMETER;
+		return NULL;
+	}
+
+	comm_buf = calloc(1, MM_COMMUNICATE_HEADER_SIZE +
+			  MM_VARIABLE_COMMUNICATE_SIZE +
+			  payload_size);
+	if (!comm_buf) {
+		*ret = EFI_OUT_OF_RESOURCES;
+		return NULL;
+	}
+
+	mm_hdr = (struct efi_mm_communicate_header *)comm_buf;
+	guidcpy(&mm_hdr->header_guid, &mm_var_guid);
+	mm_hdr->message_len = MM_VARIABLE_COMMUNICATE_SIZE + payload_size;
+
+	var_hdr = (struct smm_variable_communicate_header *)mm_hdr->data;
+	var_hdr->function = func;
+	if (dptr)
+		*dptr = var_hdr->data;
+	*ret = EFI_SUCCESS;
+
+	return comm_buf;
+}
+
+/**
+ * get_max_payload() - Get variable payload size from StandAloneMM.
+ *
+ * @size:    size of the variable in storage
+ * Return:   status code
+ */
+efi_status_t EFIAPI get_max_payload(efi_uintn_t *size)
+{
+	struct smm_variable_payload_size *var_payload = NULL;
+	efi_uintn_t payload_size;
+	u8 *comm_buf = NULL;
+	efi_status_t ret;
+
+	if (!size) {
+		ret = EFI_INVALID_PARAMETER;
+		goto out;
+	}
+
+	payload_size = sizeof(*var_payload);
+	comm_buf = setup_mm_hdr((void **)&var_payload, payload_size,
+				SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE, &ret);
+	if (!comm_buf)
+		goto out;
+
+	ret = mm_communicate(comm_buf, payload_size);
+	if (ret != EFI_SUCCESS)
+		goto out;
+
+	*size = var_payload->size;
+
+out:
+	free(comm_buf);
+	return ret;
+}
+
+/**
+ * efi_get_variable() - retrieve value of a UEFI variable
+ *
+ * This function implements the GetVariable runtime service.
+ *
+ * See the Unified Extensible Firmware Interface (UEFI) specification for
+ * details.
+ *
+ * @name:		name of the variable
+ * @guid:		vendor GUID
+ * @attr:		attributes of the variable
+ * @data_size:		size of the buffer to which the variable value is copied
+ * @data:		buffer to which the variable value is copied
+ * Return:		status code
+ */
+efi_status_t EFIAPI efi_get_variable(u16 *name, const efi_guid_t *guid,
+				     u32 *attr, efi_uintn_t *data_size,
+				     void *data)
+{
+	struct smm_variable_access *var_acc;
+	efi_uintn_t payload_size;
+	efi_uintn_t name_size;
+	efi_uintn_t tmp_dsize;
+	u8 *comm_buf = NULL;
+	efi_status_t ret;
+
+	EFI_ENTRY("\"%ls\" %pUl %p %p %p", name, guid, attr, data_size, data);
+
+	if (!name || !guid || !data_size) {
+		ret = EFI_INVALID_PARAMETER;
+		goto out;
+	}
+
+	/* Check payload size */
+	name_size = u16_strsize(name);
+	if (name_size > max_payload_size - MM_VARIABLE_ACCESS_HEADER_SIZE) {
+		ret = EFI_INVALID_PARAMETER;
+		goto out;
+	}
+
+	/* Trim output buffer size */
+	tmp_dsize = *data_size;
+	if (name_size + tmp_dsize >
+			max_payload_size - MM_VARIABLE_ACCESS_HEADER_SIZE) {
+		tmp_dsize = max_payload_size -
+				MM_VARIABLE_ACCESS_HEADER_SIZE -
+				name_size;
+	}
+
+	/* Get communication buffer and initialize header */
+	payload_size = MM_VARIABLE_ACCESS_HEADER_SIZE + name_size + tmp_dsize;
+	comm_buf = setup_mm_hdr((void **)&var_acc, payload_size,
+				SMM_VARIABLE_FUNCTION_GET_VARIABLE, &ret);
+	if (!comm_buf)
+		goto out;
+
+	/* Fill in contents */
+	guidcpy(&var_acc->guid, guid);
+	var_acc->data_size = tmp_dsize;
+	var_acc->name_size = name_size;
+	var_acc->attr = attr ? *attr : 0;
+	memcpy(var_acc->name, name, name_size);
+
+	/* Communicate */
+	ret = mm_communicate(comm_buf, payload_size);
+	if (ret == EFI_SUCCESS || ret == EFI_BUFFER_TOO_SMALL) {
+		/* Update with reported data size for trimmed case */
+		*data_size = var_acc->data_size;
+	}
+	if (ret != EFI_SUCCESS)
+		goto out;
+
+	if (attr)
+		*attr = var_acc->attr;
+	if (data)
+		memcpy(data, (u8 *)var_acc->name + var_acc->name_size,
+		       var_acc->data_size);
+	else
+		ret = EFI_INVALID_PARAMETER;
+
+out:
+	free(comm_buf);
+	return EFI_EXIT(ret);
+}
+
+/**
+ * efi_get_next_variable_name() - enumerate the current variable names
+ *
+ * @variable_name_size:	size of variable_name buffer in bytes
+ * @variable_name:	name of uefi variable's name in u16
+ * @guid:		vendor's guid
+ *
+ * This function implements the GetNextVariableName service.
+ *
+ * See the Unified Extensible Firmware Interface (UEFI) specification for
+ * details.
+ *
+ * Return: status code
+ */
+efi_status_t EFIAPI efi_get_next_variable_name(efi_uintn_t *variable_name_size,
+					       u16 *variable_name,
+					       efi_guid_t *guid)
+{
+	struct smm_variable_getnext *var_getnext;
+	efi_uintn_t payload_size;
+	efi_uintn_t out_name_size;
+	efi_uintn_t in_name_size;
+	efi_uintn_t tmp_dsize;
+	efi_uintn_t name_size;
+	u8 *comm_buf = NULL;
+	efi_status_t ret;
+
+	EFI_ENTRY("%p \"%ls\" %pUl", variable_name_size, variable_name, guid);
+
+	if (!variable_name_size || !variable_name || !guid) {
+		ret = EFI_INVALID_PARAMETER;
+		goto out;
+	}
+
+	out_name_size = *variable_name_size;
+	in_name_size = u16_strsize(variable_name);
+
+	if (out_name_size < in_name_size) {
+		ret = EFI_INVALID_PARAMETER;
+		goto out;
+	}
+
+	name_size = u16_strsize(variable_name);
+	if (name_size > max_payload_size - MM_VARIABLE_GET_NEXT_HEADER_SIZE) {
+		ret = EFI_INVALID_PARAMETER;
+		goto out;
+	}
+
+	/* Trim output buffer size */
+	tmp_dsize = *variable_name_size;
+	if (name_size + tmp_dsize >
+			max_payload_size - MM_VARIABLE_GET_NEXT_HEADER_SIZE) {
+		tmp_dsize = max_payload_size -
+				MM_VARIABLE_GET_NEXT_HEADER_SIZE -
+				name_size;
+	}
+
+	payload_size = MM_VARIABLE_GET_NEXT_HEADER_SIZE + out_name_size;
+	comm_buf = setup_mm_hdr((void **)&var_getnext, payload_size,
+				SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME,
+				&ret);
+	if (!comm_buf)
+		goto out;
+
+	/* Fill in contents */
+	guidcpy(&var_getnext->guid, guid);
+	var_getnext->name_size = out_name_size;
+	memcpy(var_getnext->name, variable_name, in_name_size);
+	memset((u8 *)var_getnext->name + in_name_size, 0x0,
+	       out_name_size - in_name_size);
+
+	/* Communicate */
+	ret = mm_communicate(comm_buf, payload_size);
+	if (ret == EFI_SUCCESS || ret == EFI_BUFFER_TOO_SMALL) {
+		/* Update with reported data size for trimmed case */
+		*variable_name_size = var_getnext->name_size;
+	}
+	if (ret != EFI_SUCCESS)
+		goto out;
+
+	guidcpy(guid, &var_getnext->guid);
+	memcpy(variable_name, (u8 *)var_getnext->name,
+	       var_getnext->name_size);
+
+out:
+	free(comm_buf);
+	return EFI_EXIT(ret);
+}
+
+/**
+ * efi_set_variable() - set value of a UEFI variable
+ *
+ * This function implements the SetVariable runtime service.
+ *
+ * See the Unified Extensible Firmware Interface (UEFI) specification for
+ * details.
+ *
+ * @name:		name of the variable
+ * @guid:		vendor GUID
+ * @attr:		attributes of the variable
+ * @data_size:		size of the buffer with the variable value
+ * @data:		buffer with the variable value
+ * Return:		status code
+ */
+efi_status_t EFIAPI efi_set_variable(u16 *name, const efi_guid_t *guid,
+				     u32 attr, efi_uintn_t data_size,
+				     const void *data)
+{
+	struct smm_variable_access *var_acc;
+	efi_uintn_t payload_size;
+	efi_uintn_t name_size;
+	u8 *comm_buf = NULL;
+	efi_status_t ret;
+
+	EFI_ENTRY("\"%ls\" %pUl %x %zu %p", name, guid, attr, data_size, data);
+
+	if (!name || name[0] == 0 || !guid) {
+		ret = EFI_INVALID_PARAMETER;
+		goto out;
+	}
+	if (data_size > 0 && !data) {
+		ret = EFI_INVALID_PARAMETER;
+		goto out;
+	}
+
+	/* Check payload size */
+	name_size = u16_strsize(name);
+	payload_size = MM_VARIABLE_ACCESS_HEADER_SIZE + name_size + data_size;
+	if (payload_size > max_payload_size) {
+		ret = EFI_INVALID_PARAMETER;
+		goto out;
+	}
+
+	/* Get communication buffer and initialize header */
+	comm_buf = setup_mm_hdr((void **)&var_acc, payload_size,
+				SMM_VARIABLE_FUNCTION_SET_VARIABLE, &ret);
+	if (!comm_buf)
+		goto out;
+
+	/* Fill in contents */
+	guidcpy(&var_acc->guid, guid);
+	var_acc->data_size = data_size;
+	var_acc->name_size = name_size;
+	var_acc->attr = attr;
+	memcpy(var_acc->name, name, name_size);
+	memcpy((u8 *)var_acc->name + name_size, data, data_size);
+
+	/* Communicate */
+	ret = mm_communicate(comm_buf, payload_size);
+
+out:
+	free(comm_buf);
+	return EFI_EXIT(ret);
+}
+
+/**
+ * efi_query_variable_info() - get information about EFI variables
+ *
+ * This function implements the QueryVariableInfo() runtime service.
+ *
+ * See the Unified Extensible Firmware Interface (UEFI) specification for
+ * details.
+ *
+ * @attributes:				bitmask to select variables to be
+ *					queried
+ * @maximum_variable_storage_size:	maximum size of storage area for the
+ *					selected variable types
+ * @remaining_variable_storage_size:	remaining size of storage are for the
+ *					selected variable types
+ * @maximum_variable_size:		maximum size of a variable of the
+ *					selected type
+ * Returns:				status code
+ */
+efi_status_t EFIAPI __efi_runtime
+efi_query_variable_info(u32 attributes, u64 *max_variable_storage_size,
+			u64 *remain_variable_storage_size,
+			u64 *max_variable_size)
+{
+	struct smm_variable_query_info *mm_query_info;
+	efi_uintn_t payload_size;
+	efi_status_t ret;
+	u8 *comm_buf;
+
+	EFI_ENTRY("%x %p %p %p", attributes, max_variable_storage_size,
+		  remain_variable_storage_size, max_variable_size);
+
+	payload_size = sizeof(*mm_query_info);
+	comm_buf = setup_mm_hdr((void **)&mm_query_info, payload_size,
+				SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO,
+				&ret);
+	if (!comm_buf)
+		goto out;
+
+	mm_query_info->attr = attributes;
+	ret = mm_communicate(comm_buf, payload_size);
+	if (ret != EFI_SUCCESS)
+		goto out;
+	*max_variable_storage_size = mm_query_info->max_variable_storage;
+	*remain_variable_storage_size =
+			mm_query_info->remaining_variable_storage;
+	*max_variable_size = mm_query_info->max_variable_size;
+
+out:
+	free(comm_buf);
+	return EFI_EXIT(ret);
+}
+
+/**
+ * efi_get_variable_runtime() - runtime implementation of GetVariable()
+ *
+ * @variable_name:	name of the variable
+ * @guid:		vendor GUID
+ * @attributes:		attributes of the variable
+ * @data_size:		size of the buffer to which the variable value is copied
+ * @data:		buffer to which the variable value is copied
+ * Return:		status code
+ */
+static efi_status_t __efi_runtime EFIAPI
+efi_get_variable_runtime(u16 *variable_name, const efi_guid_t *guid,
+			 u32 *attributes, efi_uintn_t *data_size, void *data)
+{
+	return EFI_UNSUPPORTED;
+}
+
+/**
+ * efi_get_next_variable_name_runtime() - runtime implementation of
+ *					  GetNextVariable()
+ *
+ * @variable_name_size:	size of variable_name buffer in byte
+ * @variable_name:	name of uefi variable's name in u16
+ * @guid:		vendor's guid
+ * Return:              status code
+ */
+static efi_status_t __efi_runtime EFIAPI
+efi_get_next_variable_name_runtime(efi_uintn_t *variable_name_size,
+				   u16 *variable_name, efi_guid_t *guid)
+{
+	return EFI_UNSUPPORTED;
+}
+
+/**
+ * efi_query_variable_info() - get information about EFI variables
+ *
+ * This function implements the QueryVariableInfo() runtime service.
+ *
+ * See the Unified Extensible Firmware Interface (UEFI) specification for
+ * details.
+ *
+ * @attributes:				bitmask to select variables to be
+ *					queried
+ * @maximum_variable_storage_size:	maximum size of storage area for the
+ *					selected variable types
+ * @remaining_variable_storage_size:	remaining size of storage are for the
+ *					selected variable types
+ * @maximum_variable_size:		maximum size of a variable of the
+ *					selected type
+ * Return:				status code
+ */
+efi_status_t EFIAPI __efi_runtime
+efi_query_variable_info_runtime(u32 attributes, u64 *max_variable_storage_size,
+				u64 *remain_variable_storage_size,
+				u64 *max_variable_size)
+{
+	return EFI_UNSUPPORTED;
+}
+
+/**
+ * efi_set_variable_runtime() - runtime implementation of SetVariable()
+ *
+ * @variable_name:	name of the variable
+ * @guid:		vendor GUID
+ * @attributes:		attributes of the variable
+ * @data_size:		size of the buffer with the variable value
+ * @data:		buffer with the variable value
+ * Return:		status code
+ */
+static efi_status_t __efi_runtime EFIAPI
+efi_set_variable_runtime(u16 *variable_name, const efi_guid_t *guid,
+			 u32 attributes, efi_uintn_t data_size,
+			 const void *data)
+{
+	return EFI_UNSUPPORTED;
+}
+
+/**
+ * efi_variables_boot_exit_notify() - notify ExitBootServices() is called
+ */
+void efi_variables_boot_exit_notify(void)
+{
+	u8 *comm_buf;
+	efi_status_t ret;
+
+	comm_buf = setup_mm_hdr(NULL, 0,
+				SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE, &ret);
+	if (comm_buf)
+		ret = mm_communicate(comm_buf, 0);
+	else
+		ret = EFI_NOT_FOUND;
+
+	if (ret != EFI_SUCCESS)
+		log_err("Unable to notify StMM for ExitBootServices\n");
+	free(comm_buf);
+
+	/* Update runtime service table */
+	efi_runtime_services.query_variable_info =
+			efi_query_variable_info_runtime;
+	efi_runtime_services.get_variable = efi_get_variable_runtime;
+	efi_runtime_services.get_next_variable_name =
+			efi_get_next_variable_name_runtime;
+	efi_runtime_services.set_variable = efi_set_variable_runtime;
+	efi_update_table_header_crc32(&efi_runtime_services.hdr);
+}
+
+/**
+ * efi_init_variables() - initialize variable services
+ *
+ * Return:	status code
+ */
+efi_status_t efi_init_variables(void)
+{
+	efi_status_t ret;
+
+	ret = get_max_payload(&max_payload_size);
+	if (ret != EFI_SUCCESS)
+		return ret;
+
+	max_buffer_size = MM_COMMUNICATE_HEADER_SIZE +
+			  MM_VARIABLE_COMMUNICATE_SIZE +
+			  max_payload_size;
+
+	return EFI_SUCCESS;
+}
-- 
2.26.2

^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH 3/7 v4] cmd: efidebug: Add support for querying UEFI variable storage
  2020-05-17 19:25 [PATCH 0/7 v4] EFI variable support via OP-TEE Ilias Apalodimas
  2020-05-17 19:25 ` [PATCH 1/7 v4] efi_loader: Add headers for EDK2 StandAloneMM communication Ilias Apalodimas
  2020-05-17 19:25 ` [PATCH 2/7 v4] efi_loader: Implement EFI variable handling via OP-TEE Ilias Apalodimas
@ 2020-05-17 19:25 ` Ilias Apalodimas
  2020-05-17 19:25 ` [PATCH 4/7 v4] MAINTAINERS: Add maintainer for EFI variables via OP-TEE Ilias Apalodimas
                   ` (3 subsequent siblings)
  6 siblings, 0 replies; 8+ messages in thread
From: Ilias Apalodimas @ 2020-05-17 19:25 UTC (permalink / raw)
  To: u-boot

With the previous patches that use OP-TEE and StandAloneMM for UEFI
variable storage we've added functionality for efi_query_variable_info.
So let's add the relevant command to efidebug and retrieve information
about the container used to store UEFI variables

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
 cmd/efidebug.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/cmd/efidebug.c b/cmd/efidebug.c
index 5cc0a41af3b4..f020d95dbb79 100644
--- a/cmd/efidebug.c
+++ b/cmd/efidebug.c
@@ -1165,6 +1165,58 @@ static int do_efi_test(cmd_tbl_t *cmdtp, int flag,
 	return cp->cmd(cmdtp, flag, argc, argv);
 }
 
+/**
+ * do_efi_query_info() - QueryVariableInfo EFI service
+ *
+ * @cmdtp:	Command table
+ * @flag:	Command flag
+ * @argc:	Number of arguments
+ * @argv:	Argument array
+ * Return:	CMD_RET_SUCCESS on success,
+ *		CMD_RET_USAGE or CMD_RET_FAILURE on failure
+ *
+ * Implement efidebug "test" sub-command.
+ */
+
+static int do_efi_query_info(cmd_tbl_t *cmdtp, int flag,
+			     int argc, char * const argv[])
+{
+	efi_status_t ret;
+	u32 attr = 0;
+	u64 max_variable_storage_size;
+	u64 remain_variable_storage_size;
+	u64 max_variable_size;
+	int i;
+
+	for (i = 1; i < argc; i++) {
+		if (!strcmp(argv[i], "-bs"))
+			attr |= EFI_VARIABLE_BOOTSERVICE_ACCESS;
+		else if (!strcmp(argv[i], "-rt"))
+			attr |= EFI_VARIABLE_RUNTIME_ACCESS;
+		else if (!strcmp(argv[i], "-nv"))
+			attr |= EFI_VARIABLE_NON_VOLATILE;
+		else if (!strcmp(argv[i], "-at"))
+			attr |=
+				EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+	}
+
+	ret = EFI_CALL(efi_query_variable_info(attr,
+					       &max_variable_storage_size,
+					       &remain_variable_storage_size,
+					       &max_variable_size));
+	if (ret != EFI_SUCCESS) {
+		printf("Error: Cannot query UEFI variables, r = %lu\n",
+		       ret & ~EFI_ERROR_MASK);
+		return CMD_RET_FAILURE;
+	}
+
+	printf("Max storage size %llu\n", max_variable_storage_size);
+	printf("Remaining storage size %llu\n", remain_variable_storage_size);
+	printf("Max variable size %llu\n", max_variable_size);
+
+	return CMD_RET_SUCCESS;
+}
+
 static cmd_tbl_t cmd_efidebug_sub[] = {
 	U_BOOT_CMD_MKENT(boot, CONFIG_SYS_MAXARGS, 1, do_efi_boot_opt, "", ""),
 	U_BOOT_CMD_MKENT(devices, CONFIG_SYS_MAXARGS, 1, do_efi_show_devices,
@@ -1181,6 +1233,8 @@ static cmd_tbl_t cmd_efidebug_sub[] = {
 			 "", ""),
 	U_BOOT_CMD_MKENT(test, CONFIG_SYS_MAXARGS, 1, do_efi_test,
 			 "", ""),
+	U_BOOT_CMD_MKENT(query, CONFIG_SYS_MAXARGS, 1, do_efi_query_info,
+			 "", ""),
 };
 
 /**
@@ -1252,7 +1306,9 @@ static char efidebug_help_text[] =
 	"efidebug tables\n"
 	"  - show UEFI configuration tables\n"
 	"efidebug test bootmgr\n"
-	"  - run simple bootmgr for test\n";
+	"  - run simple bootmgr for test\n"
+	"efidebug query [-nv][-bs][-rt][-at]\n"
+	"  - show size of UEFI variables store\n";
 #endif
 
 U_BOOT_CMD(
-- 
2.26.2

^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH 4/7 v4] MAINTAINERS: Add maintainer for EFI variables via OP-TEE
  2020-05-17 19:25 [PATCH 0/7 v4] EFI variable support via OP-TEE Ilias Apalodimas
                   ` (2 preceding siblings ...)
  2020-05-17 19:25 ` [PATCH 3/7 v4] cmd: efidebug: Add support for querying UEFI variable storage Ilias Apalodimas
@ 2020-05-17 19:25 ` Ilias Apalodimas
  2020-05-17 19:25 ` [PATCH 5/7 v4] doc: uefi.rst: Add OP-TEE variable storage config options Ilias Apalodimas
                   ` (2 subsequent siblings)
  6 siblings, 0 replies; 8+ messages in thread
From: Ilias Apalodimas @ 2020-05-17 19:25 UTC (permalink / raw)
  To: u-boot

Add myself as maintainer for the OP-TEE related UEFI variable storage.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 MAINTAINERS | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index d67112479700..8add9d4c2ae9 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -635,6 +635,12 @@ F:	cmd/efidebug.c
 F:	cmd/nvedit_efi.c
 F:	tools/file2include.c
 
+EFI VARIABLES VIA OP-TEE
+M:	Ilias Apalodimas <ilias.apalodimas@linaro.org>
+S:	Maintained
+F:	lib/efi_loader/efi_variable_tee.c
+F:	include/mm_communication.h
+
 ENVIRONMENT
 M:	Joe Hershberger <joe.hershberger@ni.com>
 R:	Wolfgang Denk <wd@denx.de>
-- 
2.26.2

^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH 5/7 v4] doc: uefi.rst: Add OP-TEE variable storage config options
  2020-05-17 19:25 [PATCH 0/7 v4] EFI variable support via OP-TEE Ilias Apalodimas
                   ` (3 preceding siblings ...)
  2020-05-17 19:25 ` [PATCH 4/7 v4] MAINTAINERS: Add maintainer for EFI variables via OP-TEE Ilias Apalodimas
@ 2020-05-17 19:25 ` Ilias Apalodimas
  2020-05-17 19:25 ` [PATCH 6/7 v4] configs: lx2160a: Add default config for lx2160a using StMM in OP-TEE Ilias Apalodimas
  2020-05-17 19:25 ` [PATCH 7/7 v4] dts: nxp2160ardb: add op-tee node Ilias Apalodimas
  6 siblings, 0 replies; 8+ messages in thread
From: Ilias Apalodimas @ 2020-05-17 19:25 UTC (permalink / raw)
  To: u-boot

If OP-TEE is compiled with an EDK2 application running in secure world
it can process and store UEFI variables in an RPMB.
Add documentation for the config options enabling this.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 doc/uefi/uefi.rst | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/doc/uefi/uefi.rst b/doc/uefi/uefi.rst
index 4fda00d68721..03d6fd0c6aa8 100644
--- a/doc/uefi/uefi.rst
+++ b/doc/uefi/uefi.rst
@@ -188,6 +188,23 @@ on the sandbox
     cd <U-Boot source directory>
     pytest.py test/py/tests/test_efi_secboot/test_signed.py --bd sandbox
 
+Using OP-TEE for EFI variables
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Instead of implementing UEFI variable services inside U-Boot they can
+also be provided in the secure world by a module for OP-TEE[1]. The
+interface between U-Boot and OP-TEE for variable services is enabled by
+CONFIG_EFI_MM_COMM_TEE=y.
+
+Tianocore EDK II's standalone management mode driver for variables can
+be linked to OP-TEE for this purpose. This module uses the Replay
+Protected Memory Block (RPMB) of an eMMC device for persisting
+non-volatile variables. When calling the variable services via the
+OP-TEE API U-Boot's OP-TEE supplicant relays calls to the RPMB driver
+which has to be enabled via CONFIG_SUPPORT_EMMC_RPMB=y.
+
+[1] https://optee.readthedocs.io/ - OP-TEE documentation
+
 Executing the boot manager
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-- 
2.26.2

^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH 6/7 v4] configs: lx2160a: Add default config for lx2160a using StMM in OP-TEE
  2020-05-17 19:25 [PATCH 0/7 v4] EFI variable support via OP-TEE Ilias Apalodimas
                   ` (4 preceding siblings ...)
  2020-05-17 19:25 ` [PATCH 5/7 v4] doc: uefi.rst: Add OP-TEE variable storage config options Ilias Apalodimas
@ 2020-05-17 19:25 ` Ilias Apalodimas
  2020-05-17 19:25 ` [PATCH 7/7 v4] dts: nxp2160ardb: add op-tee node Ilias Apalodimas
  6 siblings, 0 replies; 8+ messages in thread
From: Ilias Apalodimas @ 2020-05-17 19:25 UTC (permalink / raw)
  To: u-boot

Previous patches allow UEFI secure variables to be stored in an RPMB
device using OPTEE. Add a config for the lx2160a hardware so the feature
gets at least compiled.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
 board/freescale/lx2160a/MAINTAINERS   |  1 +
 configs/lx2160ardb_tfa_stmm_defconfig | 85 +++++++++++++++++++++++++++
 2 files changed, 86 insertions(+)
 create mode 100644 configs/lx2160ardb_tfa_stmm_defconfig

diff --git a/board/freescale/lx2160a/MAINTAINERS b/board/freescale/lx2160a/MAINTAINERS
index 47ae04c91a0d..9fe79c0ef7a6 100644
--- a/board/freescale/lx2160a/MAINTAINERS
+++ b/board/freescale/lx2160a/MAINTAINERS
@@ -5,6 +5,7 @@ F:	board/freescale/lx2160a/
 F:	include/configs/lx2160a_common.h
 F:	include/configs/lx2160ardb.h
 F:	configs/lx2160ardb_tfa_defconfig
+F:	configs/lx2160ardb_tfa_stmm_defconfig
 F:	arch/arm/dts/fsl-lx2160a-rdb.dts
 
 LX2160ARDB_SECURE_BOOT BOARD
diff --git a/configs/lx2160ardb_tfa_stmm_defconfig b/configs/lx2160ardb_tfa_stmm_defconfig
new file mode 100644
index 000000000000..81a2e4696b24
--- /dev/null
+++ b/configs/lx2160ardb_tfa_stmm_defconfig
@@ -0,0 +1,85 @@
+CONFIG_ARM=y
+CONFIG_TARGET_LX2160ARDB=y
+CONFIG_TFABOOT=y
+CONFIG_SYS_TEXT_BASE=0x82000000
+CONFIG_SYS_MALLOC_F_LEN=0x6000
+CONFIG_ENV_SIZE=0x2000
+CONFIG_ENV_OFFSET=0x500000
+CONFIG_ENV_SECT_SIZE=0x20000
+CONFIG_DM_GPIO=y
+CONFIG_EMC2305=y
+CONFIG_FSPI_AHB_EN_4BYTE=y
+CONFIG_NR_DRAM_BANKS=3
+CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT=y
+CONFIG_SEC_FIRMWARE_ARMV8_PSCI=y
+CONFIG_AHCI=y
+CONFIG_FIT_VERBOSE=y
+CONFIG_OF_BOARD_SETUP=y
+CONFIG_OF_STDOUT_VIA_ALIAS=y
+CONFIG_BOOTDELAY=10
+CONFIG_USE_BOOTARGS=y
+CONFIG_BOOTARGS="console=ttyAMA0,115200 root=/dev/ram0 earlycon=pl011,mmio32,0x21c0000 ramdisk_size=0x2000000 default_hugepagesz=1024m hugepagesz=1024m hugepages=2 pci=pcie_bus_perf"
+# CONFIG_USE_BOOTCOMMAND is not set
+CONFIG_CMD_GREPENV=y
+CONFIG_CMD_NVEDIT_EFI=y
+CONFIG_CMD_EEPROM=y
+CONFIG_CMD_GPT=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_MMC=y
+CONFIG_CMD_PCI=y
+CONFIG_CMD_USB=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_EFIDEBUG=y
+CONFIG_MP=y
+CONFIG_OF_CONTROL=y
+CONFIG_OF_BOARD_FIXUP=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-lx2160a-rdb"
+CONFIG_ENV_IS_IN_MMC=y
+CONFIG_ENV_IS_IN_SPI_FLASH=y
+CONFIG_ENV_ADDR=0x20500000
+CONFIG_SYS_RELOC_GD_ENV_ADDR=y
+CONFIG_NET_RANDOM_ETHADDR=y
+CONFIG_TFTP_BLOCKSIZE=512
+CONFIG_DM=y
+CONFIG_SATA_CEVA=y
+CONFIG_FSL_CAAM=y
+CONFIG_DM_I2C=y
+CONFIG_I2C_SET_DEFAULT_BUS_NUM=y
+CONFIG_I2C_DEFAULT_BUS_NUMBER=0
+CONFIG_DM_MMC=y
+CONFIG_SUPPORT_EMMC_RPMB=y
+CONFIG_FSL_ESDHC=y
+CONFIG_MTD=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH_SPANSION=y
+CONFIG_SPI_FLASH_STMICRO=y
+# CONFIG_SPI_FLASH_USE_4K_SECTORS is not set
+CONFIG_PHYLIB=y
+CONFIG_PHY_AQUANTIA=y
+CONFIG_PHY_ATHEROS=y
+CONFIG_PHY_CORTINA=y
+CONFIG_DM_ETH=y
+CONFIG_DM_MDIO=y
+CONFIG_E1000=y
+CONFIG_FSL_LS_MDIO=y
+CONFIG_PCI=y
+CONFIG_DM_PCI=y
+CONFIG_DM_PCI_COMPAT=y
+CONFIG_PCIE_LAYERSCAPE=y
+CONFIG_PCIE_LAYERSCAPE_GEN4=y
+CONFIG_DM_RTC=y
+CONFIG_RTC_PCF2127=y
+CONFIG_DM_SCSI=y
+CONFIG_DM_SERIAL=y
+CONFIG_SPI=y
+CONFIG_DM_SPI=y
+CONFIG_NXP_FSPI=y
+CONFIG_TEE=y
+CONFIG_OPTEE=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_DWC3=y
+CONFIG_EFI_LOADER_BOUNCE_BUFFER=y
+CONFIG_EFI_MM_COMM_TEE=y
+CONFIG_OPTEE_TZDRAM_SIZE=0x00000000
-- 
2.26.2

^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH 7/7 v4] dts: nxp2160ardb: add op-tee node
  2020-05-17 19:25 [PATCH 0/7 v4] EFI variable support via OP-TEE Ilias Apalodimas
                   ` (5 preceding siblings ...)
  2020-05-17 19:25 ` [PATCH 6/7 v4] configs: lx2160a: Add default config for lx2160a using StMM in OP-TEE Ilias Apalodimas
@ 2020-05-17 19:25 ` Ilias Apalodimas
  6 siblings, 0 replies; 8+ messages in thread
From: Ilias Apalodimas @ 2020-05-17 19:25 UTC (permalink / raw)
  To: u-boot

A defconfig is added on lx2160ardb which allows UEFI variable management
via OP-TEE. Enable the the node in the relevant DTS file.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
 arch/arm/dts/fsl-lx2160a.dtsi | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/arm/dts/fsl-lx2160a.dtsi b/arch/arm/dts/fsl-lx2160a.dtsi
index 17ecdc569b37..73d04db7e402 100644
--- a/arch/arm/dts/fsl-lx2160a.dtsi
+++ b/arch/arm/dts/fsl-lx2160a.dtsi
@@ -428,4 +428,10 @@
 		#size-cells = <0>;
 		status = "disabled";
 	};
+	firmware {
+		optee {
+			compatible = "linaro,optee-tz";
+			method = "smc";
+		};
+	};
 };
-- 
2.26.2

^ permalink raw reply related	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2020-05-17 19:25 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-17 19:25 [PATCH 0/7 v4] EFI variable support via OP-TEE Ilias Apalodimas
2020-05-17 19:25 ` [PATCH 1/7 v4] efi_loader: Add headers for EDK2 StandAloneMM communication Ilias Apalodimas
2020-05-17 19:25 ` [PATCH 2/7 v4] efi_loader: Implement EFI variable handling via OP-TEE Ilias Apalodimas
2020-05-17 19:25 ` [PATCH 3/7 v4] cmd: efidebug: Add support for querying UEFI variable storage Ilias Apalodimas
2020-05-17 19:25 ` [PATCH 4/7 v4] MAINTAINERS: Add maintainer for EFI variables via OP-TEE Ilias Apalodimas
2020-05-17 19:25 ` [PATCH 5/7 v4] doc: uefi.rst: Add OP-TEE variable storage config options Ilias Apalodimas
2020-05-17 19:25 ` [PATCH 6/7 v4] configs: lx2160a: Add default config for lx2160a using StMM in OP-TEE Ilias Apalodimas
2020-05-17 19:25 ` [PATCH 7/7 v4] dts: nxp2160ardb: add op-tee node Ilias Apalodimas

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.