From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S945517AbcJaSZV (ORCPT <rfc822;w@1wt.eu>);
        Mon, 31 Oct 2016 14:25:21 -0400
Received: from arroyo.ext.ti.com ([198.47.19.12]:52009 "EHLO arroyo.ext.ti.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S943966AbcJaSZS (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 31 Oct 2016 14:25:18 -0400
Subject: Re: [PATCH v12 RESEND 0/4] generic TEE subsystem
To: Jens Wiklander <jens.wiklander@linaro.org>
References: <1477649984-16777-1-git-send-email-jens.wiklander@linaro.org>
 <1e532aeb-4944-62e4-c8c4-1e23438b92cd@ti.com> <20161029094641.GA23362@ermac>
CC: <linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>,
        <devicetree@vger.kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Al Viro <viro@ZenIV.linux.org.uk>, <valentin.manea@huawei.com>,
        <jean-michel.delorme@st.com>, <emmanuel.michel@st.com>,
        <javier@javigon.com>,
        Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
        Mark Rutland <mark.rutland@arm.com>,
        Michal Simek <michal.simek@xilinx.com>,
        Rob Herring <robh+dt@kernel.org>, Will Deacon <will.deacon@arm.com>,
        Arnd Bergmann <arnd@arndb.de>, Nishanth Menon <nm@ti.com>,
        <broonie@kernel.org>, <vlad.babchuk@gmail.com>
From: "Andrew F. Davis" <afd@ti.com>
Message-ID: <573b8fff-eeb7-3656-6f32-de69d906a966@ti.com>
Date: Mon, 31 Oct 2016 13:24:14 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <20161029094641.GA23362@ermac>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 10/29/2016 04:46 AM, Jens Wiklander wrote:
> On Fri, Oct 28, 2016 at 10:43:24AM -0500, Andrew F. Davis wrote:
>> On 10/28/2016 05:19 AM, Jens Wiklander wrote:
>>> Hi,
>>>
>>> This patch set introduces a generic TEE subsystem. The TEE subsystem will
>>> contain drivers for various TEE implementations. A TEE (Trusted Execution
>>> Environment) is a trusted OS running in some secure environment, for
>>> example, TrustZone on ARM CPUs, or a separate secure co-processor etc.
>>>
>>> Regarding use cases, TrustZone has traditionally been used for
>>> offloading secure tasks to the secure world. Examples include: 
>>> - Secure key handling where the OS may or may not have direct access to key
>>>   material.
>>> - E-commerce and payment technologies. Credentials, credit card numbers etc
>>>   could be stored in a more secure environment.
>>> - Trusted User Interface (TUI) to ensure that no-one can snoop PIN-codes
>>>   etc.
>>> - Secure boot to ensure that loaded binaries haven’t been tampered with.
>>>   It’s not strictly needed for secure boot, but you could enhance security
>>>   by leveraging a TEE during boot.
>>> - Digital Rights Management (DRM), the studios provides content with
>>>   different resolution depending on the security of the device. Higher
>>>   security means higher resolution.
>>>
>>> A TEE could also be used in existing and new technologies. For example IMA
>>> (Integrity Measurement Architecture) which has been in the kernel for quite
>>> a while. Today you can enhance security by using a TPM-chip to sign the IMA
>>> measurement list. This is something that you also could do by leveraging a
>>> TEE.
>>>
>>> Another example could be in 2-factor authentication which is becoming
>>> increasingly more important. FIDO (https://fidoalliance.org) for example
>>> are using public key cryptography in their 2-factor authentication standard
>>> (U2F). With FIDO, a private and public key pair will be generated for every
>>> site you visit and the private key should never leave the local device.
>>> This is an example where you could use secure storage in a TEE for the
>>> private key.
>>>
>>> Today you will find a quite a few different out of tree implementations of
>>> TEE drivers which tends to fragment the TEE ecosystem and development. We
>>> think it would be a good idea to have a generic TEE driver integrated in
>>> the kernel which would serve as a base for several different TEE solutions,
>>> no matter if they are on-chip like TrustZone or if they are on a separate
>>> crypto co-processor.
>>>
>>> To develop this TEE subsystem we have been using the open source TEE called
>>> OP-TEE (https://github.com/OP-TEE/optee_os) and therefore this would be the
>>> first TEE solution supported by this new subsystem. OP-TEE is a
>>> GlobalPlatform compliant TEE, however this TEE subsystem is not limited to
>>> only GlobalPlatform TEEs, instead we have tried to design it so that it
>>> should work with other TEE solutions also.
>>>
>>
>> The above is my biggest concern with this whole subsystem, to me it
>> still feels very OPTEE specific. As much as I would love to believe
>> OPTEE will be the end-all TEE, I'm sure we soon will start to see wider
>> use of vendor TEEs (like TI's own legacy Trustzone thing we are hoping
>> to depreciate with OPTEE moving forward), possibly Google's Trusty TEE,
>> and whatever Intel/AMD are cooking up for x86.
> 
> I'd rather say that it's slightly GlobalPlatform specific, but a bit
> more flexible.
> 
>>
>> As we all know when things are upstreamed we lose the ability to make
>> radical changes easily, especially to full subsystems. What happens when
>> this framework, built with only one existing TEE, built by the one
>> existing TEE's devs, is not as flexible as we need when other TEEs start
>> rolling out?
> 
> Initially the TEE subsystem was much more flexible and was criticized
> for that.
> 

That's rather strange, I haven't been following this from the start so I
will just take your word that this is where the community wants this
subsystem to go.

>>
>> Do we see this as a chicken and egg situation, or is there any harm
>> beyond the pains of supporting an out-of-tree driver for a while, to
>> wait until we have at least one other TEE to add to this subsystem
>> before merging?
> 
> This proposal is the bare minimum to have something useful. On top of
> this there's more things we'd like to add, for example an in-kernel API
> for accessing the TEE and secure buffer handling. The way we're dealing
> with shared memory need to be improved to better support multiple guests
> communicating with one TEE.
> 
> What we can do now with the subsystem now is somewhat limited by the
> fact that we're trying to upstream it and want to do that it in
> manageable increments.
> 

Fair enough.

For now this series is being used in our production SDKs so it has at
least some basic testing from us, so for the whole series:

Tested-by: Andrew F. Davis <afd@ti.com>

> Thanks,
> Jens
> 
>>
>> This may also help with the perceived lack of reviewers for this series.
>>
>> Thanks,
>> Andrew
>>
>>> "tee: generic TEE subsystem" brings in the generic TEE subsystem which
>>> helps when writing a driver for a specific TEE, for example, OP-TEE.
>>>
>>> "tee: add OP-TEE driver" is an OP-TEE driver which uses the subsystem to do
>>> its work.
>>>
>>> This patch set has been prepared in cooperation with Javier González who
>>> proposed "Generic TrustZone Driver in Linux Kernel" patches 28 Nov 2014,
>>> https://lwn.net/Articles/623380/ . We've since then changed the scope to
>>> TEE instead of TrustZone.
>>>
>>> We have discussed the design on tee-dev@lists.linaro.org (archive at
>>> https://lists.linaro.org/pipermail/tee-dev/) with people from other
>>> companies, including Valentin Manea <valentin.manea@huawei.com>,
>>> Emmanuel MICHEL <emmanuel.michel@st.com>,
>>> Jean-michel DELORME <jean-michel.delorme@st.com>,
>>> and Joakim Bech <joakim.bech@linaro.org>. Our main concern has been to
>>> agree on something that is generic enough to support many different
>>> TEEs while still keeping the interface together.
>>>
>>> v12-resend:
>>> * Rebased on v4.9-rc2
>>>
>>> v12:
>>> * Rebased on v4.8-rc5
>>> * Addressed review comments from Andrew F. Davis
>>> * Removed Acked-by: Andreas Dannenberg <dannenberg@ti.com> as the
>>>   mail bounces
>>> * Bugfix possible null dereference in error cleanup path of
>>>   optee_probe().
>>> * Bugfix optee_from_msg_param() when calculating offset of memref
>>>   into a shared memory object
>>>
>>> v11:
>>> * Rebased on v4.8-rc3
>>> * Addressed review comments from Nishanth Menon
>>> * Made the TEE framework available as a loadable module.
>>> * Reviewed-by: Javier González <javier@javigon.com>
>>> * Zeroes shared memory on allocation to avoid information leakage
>>> * Links shared memory objects to context to avoid stealing of shared memory
>>>   object from an unrelated process
>>> * Allow RPC interruption if supplicant is unavailable
>>>
>>> v10:
>>> * Rebased on v4.7-rc1
>>> * Addressed private review comments from Nishanth Menon
>>> * Optee driver only accepts one supplicant process on the privileged device
>>> * Optee driver avoids long delayed releases of shm objects
>>> * Added more comments on functions and structs
>>>
>>> v9:
>>> * Rebased on v4.6-rc1
>>> * Acked-by: Andreas Dannenberg <dannenberg@ti.com>
>>> * Addressed comments from Al Viro how file descriptors are passed to
>>>   user space
>>> * Addressed comments from Randy Dunlap on documentation
>>> * Changed license for include/uapi/linux/tee.h
>>>
>>> v8:
>>> * Rebased on v4.5-rc3
>>> * dt/bindings: add bindings for optee
>>>   Acked-by: Rob Herring <robh@kernel.org>
>>> * Fixes build error for X86
>>> * Fixes spell error in "dt/bindings: add bindings for optee"
>>>
>>> v7:
>>> * Rebased on v4.5-rc2
>>> * Moved the ARM SMC Calling Convention support into a separate patch
>>>   set, which is now merged
>>>
>>> v6:
>>> * Rebased on v4.3-rc7
>>> * Changed smccc interface to let the compiler marshal most of the
>>>   parameters
>>> * Added ARCH64 capability for smccc interface
>>> * Changed the PSCI firmware calls (both arm and arm64) to use the new
>>>   generic smccc interface instead instead of own assembly functions.
>>> * Move optee DT bindings to below arm/firmware
>>> * Defines method for OP-TEE driver to call secure world in DT, smc or hvc
>>> * Exposes implementation id of a TEE driver in sysfs
>>>   to easily spawn corresponding tee-supplicant when device is ready
>>> * Update OP-TEE Message Protocol to better cope with fragmented physical
>>>   memory
>>> * Read time directly from OP-TEE driver instead of forwarding the RPC
>>>   request to tee-supplicant
>>>
>>> v5:
>>> * Replaced kref reference counting for the device with a size_t instead as
>>>   the counter is always protected by a mutex
>>>
>>> v4:
>>> * Rebased on 4.1
>>> * Redesigned the synchronization around entry exit of normal SMC
>>> * Replaced rwsem on the driver instance with kref and completion since
>>>   rwsem wasn't intended to be used in this way
>>> * Expanded the TEE_IOCTL_PARAM_ATTR_TYPE_MASK to make room for
>>>   future additional parameter types
>>> * Documents TEE subsystem and OP-TEE driver
>>> * Replaced TEE_IOC_CMD with TEE_IOC_OPEN_SESSION, TEE_IOC_INVOKE,
>>>   TEE_IOC_CANCEL and TEE_IOC_CLOSE_SESSION
>>> * DT bindings in a separate patch
>>> * Assembly parts moved to arch/arm and arch/arm64 respectively, in a
>>>   separate patch
>>> * Redefined/clarified the meaning of OPTEE_SMC_SHM_CACHED
>>> * Removed CMA usage to limit the scope of the patch set
>>>
>>> v3:
>>> * Rebased on 4.1-rc3 (dma_buf_export() API change)
>>> * A couple of small sparse fixes
>>> * Documents bindings for OP-TEE driver
>>> * Updated MAINTAINERS
>>>
>>> v2:
>>> * Replaced the stubbed OP-TEE driver with a real OP-TEE driver
>>> * Removed most APIs not needed by OP-TEE in current state
>>> * Update Documentation/ioctl/ioctl-number.txt with correct path to tee.h
>>> * Rename tee_shm_pool_alloc_cma() to tee_shm_pool_alloc()
>>> * Moved tee.h into include/uapi/linux/
>>> * Redefined tee.h IOCTL macros to be directly based on _IOR and friends
>>> * Removed version info on the API to user space, a data blob which
>>>   can contain an UUID is left for user space to be able to tell which
>>>   protocol to use in TEE_IOC_CMD
>>> * Changed user space exposed structures to only have types with __ prefix
>>> * Dropped THIS_MODULE from tee_fops
>>> * Reworked how the driver is registered and ref counted:
>>>   - moved from using an embedded struct miscdevice to an embedded struct
>>>     device.
>>>   - uses an struct rw_semaphore as synchronization for driver detachment
>>>   - uses alloc/register pattern from TPM
>>>
>>> Thanks,
>>> Jens
>>>
>>> Jens Wiklander (4):
>>>   dt/bindings: add bindings for optee
>>>   tee: generic TEE subsystem
>>>   tee: add OP-TEE driver
>>>   Documentation: tee subsystem and op-tee driver
>>>
>>>  Documentation/00-INDEX                             |   2 +
>>>  .../bindings/arm/firmware/linaro,optee-tz.txt      |  31 +
>>>  .../devicetree/bindings/vendor-prefixes.txt        |   1 +
>>>  Documentation/ioctl/ioctl-number.txt               |   1 +
>>>  Documentation/tee.txt                              | 118 +++
>>>  MAINTAINERS                                        |  13 +
>>>  drivers/Kconfig                                    |   2 +
>>>  drivers/Makefile                                   |   1 +
>>>  drivers/tee/Kconfig                                |  18 +
>>>  drivers/tee/Makefile                               |   5 +
>>>  drivers/tee/optee/Kconfig                          |   7 +
>>>  drivers/tee/optee/Makefile                         |   5 +
>>>  drivers/tee/optee/call.c                           | 435 ++++++++++
>>>  drivers/tee/optee/core.c                           | 598 ++++++++++++++
>>>  drivers/tee/optee/optee_msg.h                      | 435 ++++++++++
>>>  drivers/tee/optee/optee_private.h                  | 185 +++++
>>>  drivers/tee/optee/optee_smc.h                      | 446 ++++++++++
>>>  drivers/tee/optee/rpc.c                            | 404 +++++++++
>>>  drivers/tee/optee/supp.c                           | 273 +++++++
>>>  drivers/tee/tee_core.c                             | 901 +++++++++++++++++++++
>>>  drivers/tee/tee_private.h                          | 129 +++
>>>  drivers/tee/tee_shm.c                              | 357 ++++++++
>>>  drivers/tee/tee_shm_pool.c                         | 158 ++++
>>>  include/linux/tee_drv.h                            | 278 +++++++
>>>  include/uapi/linux/tee.h                           | 403 +++++++++
>>>  25 files changed, 5206 insertions(+)
>>>  create mode 100644 Documentation/devicetree/bindings/arm/firmware/linaro,optee-tz.txt
>>>  create mode 100644 Documentation/tee.txt
>>>  create mode 100644 drivers/tee/Kconfig
>>>  create mode 100644 drivers/tee/Makefile
>>>  create mode 100644 drivers/tee/optee/Kconfig
>>>  create mode 100644 drivers/tee/optee/Makefile
>>>  create mode 100644 drivers/tee/optee/call.c
>>>  create mode 100644 drivers/tee/optee/core.c
>>>  create mode 100644 drivers/tee/optee/optee_msg.h
>>>  create mode 100644 drivers/tee/optee/optee_private.h
>>>  create mode 100644 drivers/tee/optee/optee_smc.h
>>>  create mode 100644 drivers/tee/optee/rpc.c
>>>  create mode 100644 drivers/tee/optee/supp.c
>>>  create mode 100644 drivers/tee/tee_core.c
>>>  create mode 100644 drivers/tee/tee_private.h
>>>  create mode 100644 drivers/tee/tee_shm.c
>>>  create mode 100644 drivers/tee/tee_shm_pool.c
>>>  create mode 100644 include/linux/tee_drv.h
>>>  create mode 100644 include/uapi/linux/tee.h
>>>

From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Andrew F. Davis" <afd@ti.com>
Subject: Re: [PATCH v12 RESEND 0/4] generic TEE subsystem
Date: Mon, 31 Oct 2016 13:24:14 -0500
Message-ID: <573b8fff-eeb7-3656-6f32-de69d906a966@ti.com>
References: <1477649984-16777-1-git-send-email-jens.wiklander@linaro.org>
 <1e532aeb-4944-62e4-c8c4-1e23438b92cd@ti.com> <20161029094641.GA23362@ermac>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <linux-arm-kernel-bounces+linux-arm-kernel=m.gmane.org@lists.infradead.org>
In-Reply-To: <20161029094641.GA23362@ermac>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=m.gmane.org@lists.infradead.org
To: Jens Wiklander <jens.wiklander@linaro.org>
Cc: valentin.manea@huawei.com, devicetree@vger.kernel.org, javier@javigon.com, emmanuel.michel@st.com, Arnd Bergmann <arnd@arndb.de>, Nishanth Menon <nm@ti.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, broonie@kernel.org, Will Deacon <will.deacon@arm.com>, linux-kernel@vger.kernel.org, jean-michel.delorme@st.com, Jason Gunthorpe <jgunthorpe@obsidianresearch.com>, vlad.babchuk@gmail.com, Rob Herring <robh+dt@kernel.org>, Al Viro <viro@ZenIV.linux.org.uk>, Mark Rutland <mark.rutland@arm.com>, Michal Simek <michal.simek@xilinx.com>, linux-arm-kernel@lists.infradead.org
List-Id: devicetree@vger.kernel.org

T24gMTAvMjkvMjAxNiAwNDo0NiBBTSwgSmVucyBXaWtsYW5kZXIgd3JvdGU6Cj4gT24gRnJpLCBP
Y3QgMjgsIDIwMTYgYXQgMTA6NDM6MjRBTSAtMDUwMCwgQW5kcmV3IEYuIERhdmlzIHdyb3RlOgo+
PiBPbiAxMC8yOC8yMDE2IDA1OjE5IEFNLCBKZW5zIFdpa2xhbmRlciB3cm90ZToKPj4+IEhpLAo+
Pj4KPj4+IFRoaXMgcGF0Y2ggc2V0IGludHJvZHVjZXMgYSBnZW5lcmljIFRFRSBzdWJzeXN0ZW0u
IFRoZSBURUUgc3Vic3lzdGVtIHdpbGwKPj4+IGNvbnRhaW4gZHJpdmVycyBmb3IgdmFyaW91cyBU
RUUgaW1wbGVtZW50YXRpb25zLiBBIFRFRSAoVHJ1c3RlZCBFeGVjdXRpb24KPj4+IEVudmlyb25t
ZW50KSBpcyBhIHRydXN0ZWQgT1MgcnVubmluZyBpbiBzb21lIHNlY3VyZSBlbnZpcm9ubWVudCwg
Zm9yCj4+PiBleGFtcGxlLCBUcnVzdFpvbmUgb24gQVJNIENQVXMsIG9yIGEgc2VwYXJhdGUgc2Vj
dXJlIGNvLXByb2Nlc3NvciBldGMuCj4+Pgo+Pj4gUmVnYXJkaW5nIHVzZSBjYXNlcywgVHJ1c3Ra
b25lIGhhcyB0cmFkaXRpb25hbGx5IGJlZW4gdXNlZCBmb3IKPj4+IG9mZmxvYWRpbmcgc2VjdXJl
IHRhc2tzIHRvIHRoZSBzZWN1cmUgd29ybGQuIEV4YW1wbGVzIGluY2x1ZGU6IAo+Pj4gLSBTZWN1
cmUga2V5IGhhbmRsaW5nIHdoZXJlIHRoZSBPUyBtYXkgb3IgbWF5IG5vdCBoYXZlIGRpcmVjdCBh
Y2Nlc3MgdG8ga2V5Cj4+PiAgIG1hdGVyaWFsLgo+Pj4gLSBFLWNvbW1lcmNlIGFuZCBwYXltZW50
IHRlY2hub2xvZ2llcy4gQ3JlZGVudGlhbHMsIGNyZWRpdCBjYXJkIG51bWJlcnMgZXRjCj4+PiAg
IGNvdWxkIGJlIHN0b3JlZCBpbiBhIG1vcmUgc2VjdXJlIGVudmlyb25tZW50Lgo+Pj4gLSBUcnVz
dGVkIFVzZXIgSW50ZXJmYWNlIChUVUkpIHRvIGVuc3VyZSB0aGF0IG5vLW9uZSBjYW4gc25vb3Ag
UElOLWNvZGVzCj4+PiAgIGV0Yy4KPj4+IC0gU2VjdXJlIGJvb3QgdG8gZW5zdXJlIHRoYXQgbG9h
ZGVkIGJpbmFyaWVzIGhhdmVu4oCZdCBiZWVuIHRhbXBlcmVkIHdpdGguCj4+PiAgIEl04oCZcyBu
b3Qgc3RyaWN0bHkgbmVlZGVkIGZvciBzZWN1cmUgYm9vdCwgYnV0IHlvdSBjb3VsZCBlbmhhbmNl
IHNlY3VyaXR5Cj4+PiAgIGJ5IGxldmVyYWdpbmcgYSBURUUgZHVyaW5nIGJvb3QuCj4+PiAtIERp
Z2l0YWwgUmlnaHRzIE1hbmFnZW1lbnQgKERSTSksIHRoZSBzdHVkaW9zIHByb3ZpZGVzIGNvbnRl
bnQgd2l0aAo+Pj4gICBkaWZmZXJlbnQgcmVzb2x1dGlvbiBkZXBlbmRpbmcgb24gdGhlIHNlY3Vy
aXR5IG9mIHRoZSBkZXZpY2UuIEhpZ2hlcgo+Pj4gICBzZWN1cml0eSBtZWFucyBoaWdoZXIgcmVz
b2x1dGlvbi4KPj4+Cj4+PiBBIFRFRSBjb3VsZCBhbHNvIGJlIHVzZWQgaW4gZXhpc3RpbmcgYW5k
IG5ldyB0ZWNobm9sb2dpZXMuIEZvciBleGFtcGxlIElNQQo+Pj4gKEludGVncml0eSBNZWFzdXJl
bWVudCBBcmNoaXRlY3R1cmUpIHdoaWNoIGhhcyBiZWVuIGluIHRoZSBrZXJuZWwgZm9yIHF1aXRl
Cj4+PiBhIHdoaWxlLiBUb2RheSB5b3UgY2FuIGVuaGFuY2Ugc2VjdXJpdHkgYnkgdXNpbmcgYSBU
UE0tY2hpcCB0byBzaWduIHRoZSBJTUEKPj4+IG1lYXN1cmVtZW50IGxpc3QuIFRoaXMgaXMgc29t
ZXRoaW5nIHRoYXQgeW91IGFsc28gY291bGQgZG8gYnkgbGV2ZXJhZ2luZyBhCj4+PiBURUUuCj4+
Pgo+Pj4gQW5vdGhlciBleGFtcGxlIGNvdWxkIGJlIGluIDItZmFjdG9yIGF1dGhlbnRpY2F0aW9u
IHdoaWNoIGlzIGJlY29taW5nCj4+PiBpbmNyZWFzaW5nbHkgbW9yZSBpbXBvcnRhbnQuIEZJRE8g
KGh0dHBzOi8vZmlkb2FsbGlhbmNlLm9yZykgZm9yIGV4YW1wbGUKPj4+IGFyZSB1c2luZyBwdWJs
aWMga2V5IGNyeXB0b2dyYXBoeSBpbiB0aGVpciAyLWZhY3RvciBhdXRoZW50aWNhdGlvbiBzdGFu
ZGFyZAo+Pj4gKFUyRikuIFdpdGggRklETywgYSBwcml2YXRlIGFuZCBwdWJsaWMga2V5IHBhaXIg
d2lsbCBiZSBnZW5lcmF0ZWQgZm9yIGV2ZXJ5Cj4+PiBzaXRlIHlvdSB2aXNpdCBhbmQgdGhlIHBy
aXZhdGUga2V5IHNob3VsZCBuZXZlciBsZWF2ZSB0aGUgbG9jYWwgZGV2aWNlLgo+Pj4gVGhpcyBp
cyBhbiBleGFtcGxlIHdoZXJlIHlvdSBjb3VsZCB1c2Ugc2VjdXJlIHN0b3JhZ2UgaW4gYSBURUUg
Zm9yIHRoZQo+Pj4gcHJpdmF0ZSBrZXkuCj4+Pgo+Pj4gVG9kYXkgeW91IHdpbGwgZmluZCBhIHF1
aXRlIGEgZmV3IGRpZmZlcmVudCBvdXQgb2YgdHJlZSBpbXBsZW1lbnRhdGlvbnMgb2YKPj4+IFRF
RSBkcml2ZXJzIHdoaWNoIHRlbmRzIHRvIGZyYWdtZW50IHRoZSBURUUgZWNvc3lzdGVtIGFuZCBk
ZXZlbG9wbWVudC4gV2UKPj4+IHRoaW5rIGl0IHdvdWxkIGJlIGEgZ29vZCBpZGVhIHRvIGhhdmUg
YSBnZW5lcmljIFRFRSBkcml2ZXIgaW50ZWdyYXRlZCBpbgo+Pj4gdGhlIGtlcm5lbCB3aGljaCB3
b3VsZCBzZXJ2ZSBhcyBhIGJhc2UgZm9yIHNldmVyYWwgZGlmZmVyZW50IFRFRSBzb2x1dGlvbnMs
Cj4+PiBubyBtYXR0ZXIgaWYgdGhleSBhcmUgb24tY2hpcCBsaWtlIFRydXN0Wm9uZSBvciBpZiB0
aGV5IGFyZSBvbiBhIHNlcGFyYXRlCj4+PiBjcnlwdG8gY28tcHJvY2Vzc29yLgo+Pj4KPj4+IFRv
IGRldmVsb3AgdGhpcyBURUUgc3Vic3lzdGVtIHdlIGhhdmUgYmVlbiB1c2luZyB0aGUgb3BlbiBz
b3VyY2UgVEVFIGNhbGxlZAo+Pj4gT1AtVEVFIChodHRwczovL2dpdGh1Yi5jb20vT1AtVEVFL29w
dGVlX29zKSBhbmQgdGhlcmVmb3JlIHRoaXMgd291bGQgYmUgdGhlCj4+PiBmaXJzdCBURUUgc29s
dXRpb24gc3VwcG9ydGVkIGJ5IHRoaXMgbmV3IHN1YnN5c3RlbS4gT1AtVEVFIGlzIGEKPj4+IEds
b2JhbFBsYXRmb3JtIGNvbXBsaWFudCBURUUsIGhvd2V2ZXIgdGhpcyBURUUgc3Vic3lzdGVtIGlz
IG5vdCBsaW1pdGVkIHRvCj4+PiBvbmx5IEdsb2JhbFBsYXRmb3JtIFRFRXMsIGluc3RlYWQgd2Ug
aGF2ZSB0cmllZCB0byBkZXNpZ24gaXQgc28gdGhhdCBpdAo+Pj4gc2hvdWxkIHdvcmsgd2l0aCBv
dGhlciBURUUgc29sdXRpb25zIGFsc28uCj4+Pgo+Pgo+PiBUaGUgYWJvdmUgaXMgbXkgYmlnZ2Vz
dCBjb25jZXJuIHdpdGggdGhpcyB3aG9sZSBzdWJzeXN0ZW0sIHRvIG1lIGl0Cj4+IHN0aWxsIGZl
ZWxzIHZlcnkgT1BURUUgc3BlY2lmaWMuIEFzIG11Y2ggYXMgSSB3b3VsZCBsb3ZlIHRvIGJlbGll
dmUKPj4gT1BURUUgd2lsbCBiZSB0aGUgZW5kLWFsbCBURUUsIEknbSBzdXJlIHdlIHNvb24gd2ls
bCBzdGFydCB0byBzZWUgd2lkZXIKPj4gdXNlIG9mIHZlbmRvciBURUVzIChsaWtlIFRJJ3Mgb3du
IGxlZ2FjeSBUcnVzdHpvbmUgdGhpbmcgd2UgYXJlIGhvcGluZwo+PiB0byBkZXByZWNpYXRlIHdp
dGggT1BURUUgbW92aW5nIGZvcndhcmQpLCBwb3NzaWJseSBHb29nbGUncyBUcnVzdHkgVEVFLAo+
PiBhbmQgd2hhdGV2ZXIgSW50ZWwvQU1EIGFyZSBjb29raW5nIHVwIGZvciB4ODYuCj4gCj4gSSdk
IHJhdGhlciBzYXkgdGhhdCBpdCdzIHNsaWdodGx5IEdsb2JhbFBsYXRmb3JtIHNwZWNpZmljLCBi
dXQgYSBiaXQKPiBtb3JlIGZsZXhpYmxlLgo+IAo+Pgo+PiBBcyB3ZSBhbGwga25vdyB3aGVuIHRo
aW5ncyBhcmUgdXBzdHJlYW1lZCB3ZSBsb3NlIHRoZSBhYmlsaXR5IHRvIG1ha2UKPj4gcmFkaWNh
bCBjaGFuZ2VzIGVhc2lseSwgZXNwZWNpYWxseSB0byBmdWxsIHN1YnN5c3RlbXMuIFdoYXQgaGFw
cGVucyB3aGVuCj4+IHRoaXMgZnJhbWV3b3JrLCBidWlsdCB3aXRoIG9ubHkgb25lIGV4aXN0aW5n
IFRFRSwgYnVpbHQgYnkgdGhlIG9uZQo+PiBleGlzdGluZyBURUUncyBkZXZzLCBpcyBub3QgYXMg
ZmxleGlibGUgYXMgd2UgbmVlZCB3aGVuIG90aGVyIFRFRXMgc3RhcnQKPj4gcm9sbGluZyBvdXQ/
Cj4gCj4gSW5pdGlhbGx5IHRoZSBURUUgc3Vic3lzdGVtIHdhcyBtdWNoIG1vcmUgZmxleGlibGUg
YW5kIHdhcyBjcml0aWNpemVkCj4gZm9yIHRoYXQuCj4gCgpUaGF0J3MgcmF0aGVyIHN0cmFuZ2Us
IEkgaGF2ZW4ndCBiZWVuIGZvbGxvd2luZyB0aGlzIGZyb20gdGhlIHN0YXJ0IHNvIEkKd2lsbCBq
dXN0IHRha2UgeW91ciB3b3JkIHRoYXQgdGhpcyBpcyB3aGVyZSB0aGUgY29tbXVuaXR5IHdhbnRz
IHRoaXMKc3Vic3lzdGVtIHRvIGdvLgoKPj4KPj4gRG8gd2Ugc2VlIHRoaXMgYXMgYSBjaGlja2Vu
IGFuZCBlZ2cgc2l0dWF0aW9uLCBvciBpcyB0aGVyZSBhbnkgaGFybQo+PiBiZXlvbmQgdGhlIHBh
aW5zIG9mIHN1cHBvcnRpbmcgYW4gb3V0LW9mLXRyZWUgZHJpdmVyIGZvciBhIHdoaWxlLCB0bwo+
PiB3YWl0IHVudGlsIHdlIGhhdmUgYXQgbGVhc3Qgb25lIG90aGVyIFRFRSB0byBhZGQgdG8gdGhp
cyBzdWJzeXN0ZW0KPj4gYmVmb3JlIG1lcmdpbmc/Cj4gCj4gVGhpcyBwcm9wb3NhbCBpcyB0aGUg
YmFyZSBtaW5pbXVtIHRvIGhhdmUgc29tZXRoaW5nIHVzZWZ1bC4gT24gdG9wIG9mCj4gdGhpcyB0
aGVyZSdzIG1vcmUgdGhpbmdzIHdlJ2QgbGlrZSB0byBhZGQsIGZvciBleGFtcGxlIGFuIGluLWtl
cm5lbCBBUEkKPiBmb3IgYWNjZXNzaW5nIHRoZSBURUUgYW5kIHNlY3VyZSBidWZmZXIgaGFuZGxp
bmcuIFRoZSB3YXkgd2UncmUgZGVhbGluZwo+IHdpdGggc2hhcmVkIG1lbW9yeSBuZWVkIHRvIGJl
IGltcHJvdmVkIHRvIGJldHRlciBzdXBwb3J0IG11bHRpcGxlIGd1ZXN0cwo+IGNvbW11bmljYXRp
bmcgd2l0aCBvbmUgVEVFLgo+IAo+IFdoYXQgd2UgY2FuIGRvIG5vdyB3aXRoIHRoZSBzdWJzeXN0
ZW0gbm93IGlzIHNvbWV3aGF0IGxpbWl0ZWQgYnkgdGhlCj4gZmFjdCB0aGF0IHdlJ3JlIHRyeWlu
ZyB0byB1cHN0cmVhbSBpdCBhbmQgd2FudCB0byBkbyB0aGF0IGl0IGluCj4gbWFuYWdlYWJsZSBp
bmNyZW1lbnRzLgo+IAoKRmFpciBlbm91Z2guCgpGb3Igbm93IHRoaXMgc2VyaWVzIGlzIGJlaW5n
IHVzZWQgaW4gb3VyIHByb2R1Y3Rpb24gU0RLcyBzbyBpdCBoYXMgYXQKbGVhc3Qgc29tZSBiYXNp
YyB0ZXN0aW5nIGZyb20gdXMsIHNvIGZvciB0aGUgd2hvbGUgc2VyaWVzOgoKVGVzdGVkLWJ5OiBB
bmRyZXcgRi4gRGF2aXMgPGFmZEB0aS5jb20+Cgo+IFRoYW5rcywKPiBKZW5zCj4gCj4+Cj4+IFRo
aXMgbWF5IGFsc28gaGVscCB3aXRoIHRoZSBwZXJjZWl2ZWQgbGFjayBvZiByZXZpZXdlcnMgZm9y
IHRoaXMgc2VyaWVzLgo+Pgo+PiBUaGFua3MsCj4+IEFuZHJldwo+Pgo+Pj4gInRlZTogZ2VuZXJp
YyBURUUgc3Vic3lzdGVtIiBicmluZ3MgaW4gdGhlIGdlbmVyaWMgVEVFIHN1YnN5c3RlbSB3aGlj
aAo+Pj4gaGVscHMgd2hlbiB3cml0aW5nIGEgZHJpdmVyIGZvciBhIHNwZWNpZmljIFRFRSwgZm9y
IGV4YW1wbGUsIE9QLVRFRS4KPj4+Cj4+PiAidGVlOiBhZGQgT1AtVEVFIGRyaXZlciIgaXMgYW4g
T1AtVEVFIGRyaXZlciB3aGljaCB1c2VzIHRoZSBzdWJzeXN0ZW0gdG8gZG8KPj4+IGl0cyB3b3Jr
Lgo+Pj4KPj4+IFRoaXMgcGF0Y2ggc2V0IGhhcyBiZWVuIHByZXBhcmVkIGluIGNvb3BlcmF0aW9u
IHdpdGggSmF2aWVyIEdvbnrDoWxleiB3aG8KPj4+IHByb3Bvc2VkICJHZW5lcmljIFRydXN0Wm9u
ZSBEcml2ZXIgaW4gTGludXggS2VybmVsIiBwYXRjaGVzIDI4IE5vdiAyMDE0LAo+Pj4gaHR0cHM6
Ly9sd24ubmV0L0FydGljbGVzLzYyMzM4MC8gLiBXZSd2ZSBzaW5jZSB0aGVuIGNoYW5nZWQgdGhl
IHNjb3BlIHRvCj4+PiBURUUgaW5zdGVhZCBvZiBUcnVzdFpvbmUuCj4+Pgo+Pj4gV2UgaGF2ZSBk
aXNjdXNzZWQgdGhlIGRlc2lnbiBvbiB0ZWUtZGV2QGxpc3RzLmxpbmFyby5vcmcgKGFyY2hpdmUg
YXQKPj4+IGh0dHBzOi8vbGlzdHMubGluYXJvLm9yZy9waXBlcm1haWwvdGVlLWRldi8pIHdpdGgg
cGVvcGxlIGZyb20gb3RoZXIKPj4+IGNvbXBhbmllcywgaW5jbHVkaW5nIFZhbGVudGluIE1hbmVh
IDx2YWxlbnRpbi5tYW5lYUBodWF3ZWkuY29tPiwKPj4+IEVtbWFudWVsIE1JQ0hFTCA8ZW1tYW51
ZWwubWljaGVsQHN0LmNvbT4sCj4+PiBKZWFuLW1pY2hlbCBERUxPUk1FIDxqZWFuLW1pY2hlbC5k
ZWxvcm1lQHN0LmNvbT4sCj4+PiBhbmQgSm9ha2ltIEJlY2ggPGpvYWtpbS5iZWNoQGxpbmFyby5v
cmc+LiBPdXIgbWFpbiBjb25jZXJuIGhhcyBiZWVuIHRvCj4+PiBhZ3JlZSBvbiBzb21ldGhpbmcg
dGhhdCBpcyBnZW5lcmljIGVub3VnaCB0byBzdXBwb3J0IG1hbnkgZGlmZmVyZW50Cj4+PiBURUVz
IHdoaWxlIHN0aWxsIGtlZXBpbmcgdGhlIGludGVyZmFjZSB0b2dldGhlci4KPj4+Cj4+PiB2MTIt
cmVzZW5kOgo+Pj4gKiBSZWJhc2VkIG9uIHY0LjktcmMyCj4+Pgo+Pj4gdjEyOgo+Pj4gKiBSZWJh
c2VkIG9uIHY0LjgtcmM1Cj4+PiAqIEFkZHJlc3NlZCByZXZpZXcgY29tbWVudHMgZnJvbSBBbmRy
ZXcgRi4gRGF2aXMKPj4+ICogUmVtb3ZlZCBBY2tlZC1ieTogQW5kcmVhcyBEYW5uZW5iZXJnIDxk
YW5uZW5iZXJnQHRpLmNvbT4gYXMgdGhlCj4+PiAgIG1haWwgYm91bmNlcwo+Pj4gKiBCdWdmaXgg
cG9zc2libGUgbnVsbCBkZXJlZmVyZW5jZSBpbiBlcnJvciBjbGVhbnVwIHBhdGggb2YKPj4+ICAg
b3B0ZWVfcHJvYmUoKS4KPj4+ICogQnVnZml4IG9wdGVlX2Zyb21fbXNnX3BhcmFtKCkgd2hlbiBj
YWxjdWxhdGluZyBvZmZzZXQgb2YgbWVtcmVmCj4+PiAgIGludG8gYSBzaGFyZWQgbWVtb3J5IG9i
amVjdAo+Pj4KPj4+IHYxMToKPj4+ICogUmViYXNlZCBvbiB2NC44LXJjMwo+Pj4gKiBBZGRyZXNz
ZWQgcmV2aWV3IGNvbW1lbnRzIGZyb20gTmlzaGFudGggTWVub24KPj4+ICogTWFkZSB0aGUgVEVF
IGZyYW1ld29yayBhdmFpbGFibGUgYXMgYSBsb2FkYWJsZSBtb2R1bGUuCj4+PiAqIFJldmlld2Vk
LWJ5OiBKYXZpZXIgR29uesOhbGV6IDxqYXZpZXJAamF2aWdvbi5jb20+Cj4+PiAqIFplcm9lcyBz
aGFyZWQgbWVtb3J5IG9uIGFsbG9jYXRpb24gdG8gYXZvaWQgaW5mb3JtYXRpb24gbGVha2FnZQo+
Pj4gKiBMaW5rcyBzaGFyZWQgbWVtb3J5IG9iamVjdHMgdG8gY29udGV4dCB0byBhdm9pZCBzdGVh
bGluZyBvZiBzaGFyZWQgbWVtb3J5Cj4+PiAgIG9iamVjdCBmcm9tIGFuIHVucmVsYXRlZCBwcm9j
ZXNzCj4+PiAqIEFsbG93IFJQQyBpbnRlcnJ1cHRpb24gaWYgc3VwcGxpY2FudCBpcyB1bmF2YWls
YWJsZQo+Pj4KPj4+IHYxMDoKPj4+ICogUmViYXNlZCBvbiB2NC43LXJjMQo+Pj4gKiBBZGRyZXNz
ZWQgcHJpdmF0ZSByZXZpZXcgY29tbWVudHMgZnJvbSBOaXNoYW50aCBNZW5vbgo+Pj4gKiBPcHRl
ZSBkcml2ZXIgb25seSBhY2NlcHRzIG9uZSBzdXBwbGljYW50IHByb2Nlc3Mgb24gdGhlIHByaXZp
bGVnZWQgZGV2aWNlCj4+PiAqIE9wdGVlIGRyaXZlciBhdm9pZHMgbG9uZyBkZWxheWVkIHJlbGVh
c2VzIG9mIHNobSBvYmplY3RzCj4+PiAqIEFkZGVkIG1vcmUgY29tbWVudHMgb24gZnVuY3Rpb25z
IGFuZCBzdHJ1Y3RzCj4+Pgo+Pj4gdjk6Cj4+PiAqIFJlYmFzZWQgb24gdjQuNi1yYzEKPj4+ICog
QWNrZWQtYnk6IEFuZHJlYXMgRGFubmVuYmVyZyA8ZGFubmVuYmVyZ0B0aS5jb20+Cj4+PiAqIEFk
ZHJlc3NlZCBjb21tZW50cyBmcm9tIEFsIFZpcm8gaG93IGZpbGUgZGVzY3JpcHRvcnMgYXJlIHBh
c3NlZCB0bwo+Pj4gICB1c2VyIHNwYWNlCj4+PiAqIEFkZHJlc3NlZCBjb21tZW50cyBmcm9tIFJh
bmR5IER1bmxhcCBvbiBkb2N1bWVudGF0aW9uCj4+PiAqIENoYW5nZWQgbGljZW5zZSBmb3IgaW5j
bHVkZS91YXBpL2xpbnV4L3RlZS5oCj4+Pgo+Pj4gdjg6Cj4+PiAqIFJlYmFzZWQgb24gdjQuNS1y
YzMKPj4+ICogZHQvYmluZGluZ3M6IGFkZCBiaW5kaW5ncyBmb3Igb3B0ZWUKPj4+ICAgQWNrZWQt
Ynk6IFJvYiBIZXJyaW5nIDxyb2JoQGtlcm5lbC5vcmc+Cj4+PiAqIEZpeGVzIGJ1aWxkIGVycm9y
IGZvciBYODYKPj4+ICogRml4ZXMgc3BlbGwgZXJyb3IgaW4gImR0L2JpbmRpbmdzOiBhZGQgYmlu
ZGluZ3MgZm9yIG9wdGVlIgo+Pj4KPj4+IHY3Ogo+Pj4gKiBSZWJhc2VkIG9uIHY0LjUtcmMyCj4+
PiAqIE1vdmVkIHRoZSBBUk0gU01DIENhbGxpbmcgQ29udmVudGlvbiBzdXBwb3J0IGludG8gYSBz
ZXBhcmF0ZSBwYXRjaAo+Pj4gICBzZXQsIHdoaWNoIGlzIG5vdyBtZXJnZWQKPj4+Cj4+PiB2NjoK
Pj4+ICogUmViYXNlZCBvbiB2NC4zLXJjNwo+Pj4gKiBDaGFuZ2VkIHNtY2NjIGludGVyZmFjZSB0
byBsZXQgdGhlIGNvbXBpbGVyIG1hcnNoYWwgbW9zdCBvZiB0aGUKPj4+ICAgcGFyYW1ldGVycwo+
Pj4gKiBBZGRlZCBBUkNINjQgY2FwYWJpbGl0eSBmb3Igc21jY2MgaW50ZXJmYWNlCj4+PiAqIENo
YW5nZWQgdGhlIFBTQ0kgZmlybXdhcmUgY2FsbHMgKGJvdGggYXJtIGFuZCBhcm02NCkgdG8gdXNl
IHRoZSBuZXcKPj4+ICAgZ2VuZXJpYyBzbWNjYyBpbnRlcmZhY2UgaW5zdGVhZCBpbnN0ZWFkIG9m
IG93biBhc3NlbWJseSBmdW5jdGlvbnMuCj4+PiAqIE1vdmUgb3B0ZWUgRFQgYmluZGluZ3MgdG8g
YmVsb3cgYXJtL2Zpcm13YXJlCj4+PiAqIERlZmluZXMgbWV0aG9kIGZvciBPUC1URUUgZHJpdmVy
IHRvIGNhbGwgc2VjdXJlIHdvcmxkIGluIERULCBzbWMgb3IgaHZjCj4+PiAqIEV4cG9zZXMgaW1w
bGVtZW50YXRpb24gaWQgb2YgYSBURUUgZHJpdmVyIGluIHN5c2ZzCj4+PiAgIHRvIGVhc2lseSBz
cGF3biBjb3JyZXNwb25kaW5nIHRlZS1zdXBwbGljYW50IHdoZW4gZGV2aWNlIGlzIHJlYWR5Cj4+
PiAqIFVwZGF0ZSBPUC1URUUgTWVzc2FnZSBQcm90b2NvbCB0byBiZXR0ZXIgY29wZSB3aXRoIGZy
YWdtZW50ZWQgcGh5c2ljYWwKPj4+ICAgbWVtb3J5Cj4+PiAqIFJlYWQgdGltZSBkaXJlY3RseSBm
cm9tIE9QLVRFRSBkcml2ZXIgaW5zdGVhZCBvZiBmb3J3YXJkaW5nIHRoZSBSUEMKPj4+ICAgcmVx
dWVzdCB0byB0ZWUtc3VwcGxpY2FudAo+Pj4KPj4+IHY1Ogo+Pj4gKiBSZXBsYWNlZCBrcmVmIHJl
ZmVyZW5jZSBjb3VudGluZyBmb3IgdGhlIGRldmljZSB3aXRoIGEgc2l6ZV90IGluc3RlYWQgYXMK
Pj4+ICAgdGhlIGNvdW50ZXIgaXMgYWx3YXlzIHByb3RlY3RlZCBieSBhIG11dGV4Cj4+Pgo+Pj4g
djQ6Cj4+PiAqIFJlYmFzZWQgb24gNC4xCj4+PiAqIFJlZGVzaWduZWQgdGhlIHN5bmNocm9uaXph
dGlvbiBhcm91bmQgZW50cnkgZXhpdCBvZiBub3JtYWwgU01DCj4+PiAqIFJlcGxhY2VkIHJ3c2Vt
IG9uIHRoZSBkcml2ZXIgaW5zdGFuY2Ugd2l0aCBrcmVmIGFuZCBjb21wbGV0aW9uIHNpbmNlCj4+
PiAgIHJ3c2VtIHdhc24ndCBpbnRlbmRlZCB0byBiZSB1c2VkIGluIHRoaXMgd2F5Cj4+PiAqIEV4
cGFuZGVkIHRoZSBURUVfSU9DVExfUEFSQU1fQVRUUl9UWVBFX01BU0sgdG8gbWFrZSByb29tIGZv
cgo+Pj4gICBmdXR1cmUgYWRkaXRpb25hbCBwYXJhbWV0ZXIgdHlwZXMKPj4+ICogRG9jdW1lbnRz
IFRFRSBzdWJzeXN0ZW0gYW5kIE9QLVRFRSBkcml2ZXIKPj4+ICogUmVwbGFjZWQgVEVFX0lPQ19D
TUQgd2l0aCBURUVfSU9DX09QRU5fU0VTU0lPTiwgVEVFX0lPQ19JTlZPS0UsCj4+PiAgIFRFRV9J
T0NfQ0FOQ0VMIGFuZCBURUVfSU9DX0NMT1NFX1NFU1NJT04KPj4+ICogRFQgYmluZGluZ3MgaW4g
YSBzZXBhcmF0ZSBwYXRjaAo+Pj4gKiBBc3NlbWJseSBwYXJ0cyBtb3ZlZCB0byBhcmNoL2FybSBh
bmQgYXJjaC9hcm02NCByZXNwZWN0aXZlbHksIGluIGEKPj4+ICAgc2VwYXJhdGUgcGF0Y2gKPj4+
ICogUmVkZWZpbmVkL2NsYXJpZmllZCB0aGUgbWVhbmluZyBvZiBPUFRFRV9TTUNfU0hNX0NBQ0hF
RAo+Pj4gKiBSZW1vdmVkIENNQSB1c2FnZSB0byBsaW1pdCB0aGUgc2NvcGUgb2YgdGhlIHBhdGNo
IHNldAo+Pj4KPj4+IHYzOgo+Pj4gKiBSZWJhc2VkIG9uIDQuMS1yYzMgKGRtYV9idWZfZXhwb3J0
KCkgQVBJIGNoYW5nZSkKPj4+ICogQSBjb3VwbGUgb2Ygc21hbGwgc3BhcnNlIGZpeGVzCj4+PiAq
IERvY3VtZW50cyBiaW5kaW5ncyBmb3IgT1AtVEVFIGRyaXZlcgo+Pj4gKiBVcGRhdGVkIE1BSU5U
QUlORVJTCj4+Pgo+Pj4gdjI6Cj4+PiAqIFJlcGxhY2VkIHRoZSBzdHViYmVkIE9QLVRFRSBkcml2
ZXIgd2l0aCBhIHJlYWwgT1AtVEVFIGRyaXZlcgo+Pj4gKiBSZW1vdmVkIG1vc3QgQVBJcyBub3Qg
bmVlZGVkIGJ5IE9QLVRFRSBpbiBjdXJyZW50IHN0YXRlCj4+PiAqIFVwZGF0ZSBEb2N1bWVudGF0
aW9uL2lvY3RsL2lvY3RsLW51bWJlci50eHQgd2l0aCBjb3JyZWN0IHBhdGggdG8gdGVlLmgKPj4+
ICogUmVuYW1lIHRlZV9zaG1fcG9vbF9hbGxvY19jbWEoKSB0byB0ZWVfc2htX3Bvb2xfYWxsb2Mo
KQo+Pj4gKiBNb3ZlZCB0ZWUuaCBpbnRvIGluY2x1ZGUvdWFwaS9saW51eC8KPj4+ICogUmVkZWZp
bmVkIHRlZS5oIElPQ1RMIG1hY3JvcyB0byBiZSBkaXJlY3RseSBiYXNlZCBvbiBfSU9SIGFuZCBm
cmllbmRzCj4+PiAqIFJlbW92ZWQgdmVyc2lvbiBpbmZvIG9uIHRoZSBBUEkgdG8gdXNlciBzcGFj
ZSwgYSBkYXRhIGJsb2Igd2hpY2gKPj4+ICAgY2FuIGNvbnRhaW4gYW4gVVVJRCBpcyBsZWZ0IGZv
ciB1c2VyIHNwYWNlIHRvIGJlIGFibGUgdG8gdGVsbCB3aGljaAo+Pj4gICBwcm90b2NvbCB0byB1
c2UgaW4gVEVFX0lPQ19DTUQKPj4+ICogQ2hhbmdlZCB1c2VyIHNwYWNlIGV4cG9zZWQgc3RydWN0
dXJlcyB0byBvbmx5IGhhdmUgdHlwZXMgd2l0aCBfXyBwcmVmaXgKPj4+ICogRHJvcHBlZCBUSElT
X01PRFVMRSBmcm9tIHRlZV9mb3BzCj4+PiAqIFJld29ya2VkIGhvdyB0aGUgZHJpdmVyIGlzIHJl
Z2lzdGVyZWQgYW5kIHJlZiBjb3VudGVkOgo+Pj4gICAtIG1vdmVkIGZyb20gdXNpbmcgYW4gZW1i
ZWRkZWQgc3RydWN0IG1pc2NkZXZpY2UgdG8gYW4gZW1iZWRkZWQgc3RydWN0Cj4+PiAgICAgZGV2
aWNlLgo+Pj4gICAtIHVzZXMgYW4gc3RydWN0IHJ3X3NlbWFwaG9yZSBhcyBzeW5jaHJvbml6YXRp
b24gZm9yIGRyaXZlciBkZXRhY2htZW50Cj4+PiAgIC0gdXNlcyBhbGxvYy9yZWdpc3RlciBwYXR0
ZXJuIGZyb20gVFBNCj4+Pgo+Pj4gVGhhbmtzLAo+Pj4gSmVucwo+Pj4KPj4+IEplbnMgV2lrbGFu
ZGVyICg0KToKPj4+ICAgZHQvYmluZGluZ3M6IGFkZCBiaW5kaW5ncyBmb3Igb3B0ZWUKPj4+ICAg
dGVlOiBnZW5lcmljIFRFRSBzdWJzeXN0ZW0KPj4+ICAgdGVlOiBhZGQgT1AtVEVFIGRyaXZlcgo+
Pj4gICBEb2N1bWVudGF0aW9uOiB0ZWUgc3Vic3lzdGVtIGFuZCBvcC10ZWUgZHJpdmVyCj4+Pgo+
Pj4gIERvY3VtZW50YXRpb24vMDAtSU5ERVggICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwg
ICAyICsKPj4+ICAuLi4vYmluZGluZ3MvYXJtL2Zpcm13YXJlL2xpbmFybyxvcHRlZS10ei50eHQg
ICAgICB8ICAzMSArCj4+PiAgLi4uL2RldmljZXRyZWUvYmluZGluZ3MvdmVuZG9yLXByZWZpeGVz
LnR4dCAgICAgICAgfCAgIDEgKwo+Pj4gIERvY3VtZW50YXRpb24vaW9jdGwvaW9jdGwtbnVtYmVy
LnR4dCAgICAgICAgICAgICAgIHwgICAxICsKPj4+ICBEb2N1bWVudGF0aW9uL3RlZS50eHQgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICB8IDExOCArKysKPj4+ICBNQUlOVEFJTkVSUyAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAxMyArCj4+PiAgZHJpdmVycy9L
Y29uZmlnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgIDIgKwo+Pj4gIGRy
aXZlcnMvTWFrZWZpbGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAxICsK
Pj4+ICBkcml2ZXJzL3RlZS9LY29uZmlnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8
ICAxOCArCj4+PiAgZHJpdmVycy90ZWUvTWFrZWZpbGUgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgfCAgIDUgKwo+Pj4gIGRyaXZlcnMvdGVlL29wdGVlL0tjb25maWcgICAgICAgICAgICAg
ICAgICAgICAgICAgIHwgICA3ICsKPj4+ICBkcml2ZXJzL3RlZS9vcHRlZS9NYWtlZmlsZSAgICAg
ICAgICAgICAgICAgICAgICAgICB8ICAgNSArCj4+PiAgZHJpdmVycy90ZWUvb3B0ZWUvY2FsbC5j
ICAgICAgICAgICAgICAgICAgICAgICAgICAgfCA0MzUgKysrKysrKysrKwo+Pj4gIGRyaXZlcnMv
dGVlL29wdGVlL2NvcmUuYyAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgNTk4ICsrKysrKysr
KysrKysrCj4+PiAgZHJpdmVycy90ZWUvb3B0ZWUvb3B0ZWVfbXNnLmggICAgICAgICAgICAgICAg
ICAgICAgfCA0MzUgKysrKysrKysrKwo+Pj4gIGRyaXZlcnMvdGVlL29wdGVlL29wdGVlX3ByaXZh
dGUuaCAgICAgICAgICAgICAgICAgIHwgMTg1ICsrKysrCj4+PiAgZHJpdmVycy90ZWUvb3B0ZWUv
b3B0ZWVfc21jLmggICAgICAgICAgICAgICAgICAgICAgfCA0NDYgKysrKysrKysrKwo+Pj4gIGRy
aXZlcnMvdGVlL29wdGVlL3JwYy5jICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgNDA0ICsr
KysrKysrKwo+Pj4gIGRyaXZlcnMvdGVlL29wdGVlL3N1cHAuYyAgICAgICAgICAgICAgICAgICAg
ICAgICAgIHwgMjczICsrKysrKysKPj4+ICBkcml2ZXJzL3RlZS90ZWVfY29yZS5jICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICB8IDkwMSArKysrKysrKysrKysrKysrKysrKysKPj4+ICBkcml2
ZXJzL3RlZS90ZWVfcHJpdmF0ZS5oICAgICAgICAgICAgICAgICAgICAgICAgICB8IDEyOSArKysK
Pj4+ICBkcml2ZXJzL3RlZS90ZWVfc2htLmMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8
IDM1NyArKysrKysrKwo+Pj4gIGRyaXZlcnMvdGVlL3RlZV9zaG1fcG9vbC5jICAgICAgICAgICAg
ICAgICAgICAgICAgIHwgMTU4ICsrKysKPj4+ICBpbmNsdWRlL2xpbnV4L3RlZV9kcnYuaCAgICAg
ICAgICAgICAgICAgICAgICAgICAgICB8IDI3OCArKysrKysrCj4+PiAgaW5jbHVkZS91YXBpL2xp
bnV4L3RlZS5oICAgICAgICAgICAgICAgICAgICAgICAgICAgfCA0MDMgKysrKysrKysrCj4+PiAg
MjUgZmlsZXMgY2hhbmdlZCwgNTIwNiBpbnNlcnRpb25zKCspCj4+PiAgY3JlYXRlIG1vZGUgMTAw
NjQ0IERvY3VtZW50YXRpb24vZGV2aWNldHJlZS9iaW5kaW5ncy9hcm0vZmlybXdhcmUvbGluYXJv
LG9wdGVlLXR6LnR4dAo+Pj4gIGNyZWF0ZSBtb2RlIDEwMDY0NCBEb2N1bWVudGF0aW9uL3RlZS50
eHQKPj4+ICBjcmVhdGUgbW9kZSAxMDA2NDQgZHJpdmVycy90ZWUvS2NvbmZpZwo+Pj4gIGNyZWF0
ZSBtb2RlIDEwMDY0NCBkcml2ZXJzL3RlZS9NYWtlZmlsZQo+Pj4gIGNyZWF0ZSBtb2RlIDEwMDY0
NCBkcml2ZXJzL3RlZS9vcHRlZS9LY29uZmlnCj4+PiAgY3JlYXRlIG1vZGUgMTAwNjQ0IGRyaXZl
cnMvdGVlL29wdGVlL01ha2VmaWxlCj4+PiAgY3JlYXRlIG1vZGUgMTAwNjQ0IGRyaXZlcnMvdGVl
L29wdGVlL2NhbGwuYwo+Pj4gIGNyZWF0ZSBtb2RlIDEwMDY0NCBkcml2ZXJzL3RlZS9vcHRlZS9j
b3JlLmMKPj4+ICBjcmVhdGUgbW9kZSAxMDA2NDQgZHJpdmVycy90ZWUvb3B0ZWUvb3B0ZWVfbXNn
LmgKPj4+ICBjcmVhdGUgbW9kZSAxMDA2NDQgZHJpdmVycy90ZWUvb3B0ZWUvb3B0ZWVfcHJpdmF0
ZS5oCj4+PiAgY3JlYXRlIG1vZGUgMTAwNjQ0IGRyaXZlcnMvdGVlL29wdGVlL29wdGVlX3NtYy5o
Cj4+PiAgY3JlYXRlIG1vZGUgMTAwNjQ0IGRyaXZlcnMvdGVlL29wdGVlL3JwYy5jCj4+PiAgY3Jl
YXRlIG1vZGUgMTAwNjQ0IGRyaXZlcnMvdGVlL29wdGVlL3N1cHAuYwo+Pj4gIGNyZWF0ZSBtb2Rl
IDEwMDY0NCBkcml2ZXJzL3RlZS90ZWVfY29yZS5jCj4+PiAgY3JlYXRlIG1vZGUgMTAwNjQ0IGRy
aXZlcnMvdGVlL3RlZV9wcml2YXRlLmgKPj4+ICBjcmVhdGUgbW9kZSAxMDA2NDQgZHJpdmVycy90
ZWUvdGVlX3NobS5jCj4+PiAgY3JlYXRlIG1vZGUgMTAwNjQ0IGRyaXZlcnMvdGVlL3RlZV9zaG1f
cG9vbC5jCj4+PiAgY3JlYXRlIG1vZGUgMTAwNjQ0IGluY2x1ZGUvbGludXgvdGVlX2Rydi5oCj4+
PiAgY3JlYXRlIG1vZGUgMTAwNjQ0IGluY2x1ZGUvdWFwaS9saW51eC90ZWUuaAo+Pj4KCl9fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmxpbnV4LWFybS1rZXJu
ZWwgbWFpbGluZyBsaXN0CmxpbnV4LWFybS1rZXJuZWxAbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRw
Oi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2xpbnV4LWFybS1rZXJuZWwK

From mboxrd@z Thu Jan  1 00:00:00 1970
From: afd@ti.com (Andrew F. Davis)
Date: Mon, 31 Oct 2016 13:24:14 -0500
Subject: [PATCH v12 RESEND 0/4] generic TEE subsystem
In-Reply-To: <20161029094641.GA23362@ermac>
References: <1477649984-16777-1-git-send-email-jens.wiklander@linaro.org>
 <1e532aeb-4944-62e4-c8c4-1e23438b92cd@ti.com> <20161029094641.GA23362@ermac>
Message-ID: <573b8fff-eeb7-3656-6f32-de69d906a966@ti.com>
To: linux-arm-kernel@lists.infradead.org
List-Id: linux-arm-kernel.lists.infradead.org

On 10/29/2016 04:46 AM, Jens Wiklander wrote:
> On Fri, Oct 28, 2016 at 10:43:24AM -0500, Andrew F. Davis wrote:
>> On 10/28/2016 05:19 AM, Jens Wiklander wrote:
>>> Hi,
>>>
>>> This patch set introduces a generic TEE subsystem. The TEE subsystem will
>>> contain drivers for various TEE implementations. A TEE (Trusted Execution
>>> Environment) is a trusted OS running in some secure environment, for
>>> example, TrustZone on ARM CPUs, or a separate secure co-processor etc.
>>>
>>> Regarding use cases, TrustZone has traditionally been used for
>>> offloading secure tasks to the secure world. Examples include: 
>>> - Secure key handling where the OS may or may not have direct access to key
>>>   material.
>>> - E-commerce and payment technologies. Credentials, credit card numbers etc
>>>   could be stored in a more secure environment.
>>> - Trusted User Interface (TUI) to ensure that no-one can snoop PIN-codes
>>>   etc.
>>> - Secure boot to ensure that loaded binaries haven?t been tampered with.
>>>   It?s not strictly needed for secure boot, but you could enhance security
>>>   by leveraging a TEE during boot.
>>> - Digital Rights Management (DRM), the studios provides content with
>>>   different resolution depending on the security of the device. Higher
>>>   security means higher resolution.
>>>
>>> A TEE could also be used in existing and new technologies. For example IMA
>>> (Integrity Measurement Architecture) which has been in the kernel for quite
>>> a while. Today you can enhance security by using a TPM-chip to sign the IMA
>>> measurement list. This is something that you also could do by leveraging a
>>> TEE.
>>>
>>> Another example could be in 2-factor authentication which is becoming
>>> increasingly more important. FIDO (https://fidoalliance.org) for example
>>> are using public key cryptography in their 2-factor authentication standard
>>> (U2F). With FIDO, a private and public key pair will be generated for every
>>> site you visit and the private key should never leave the local device.
>>> This is an example where you could use secure storage in a TEE for the
>>> private key.
>>>
>>> Today you will find a quite a few different out of tree implementations of
>>> TEE drivers which tends to fragment the TEE ecosystem and development. We
>>> think it would be a good idea to have a generic TEE driver integrated in
>>> the kernel which would serve as a base for several different TEE solutions,
>>> no matter if they are on-chip like TrustZone or if they are on a separate
>>> crypto co-processor.
>>>
>>> To develop this TEE subsystem we have been using the open source TEE called
>>> OP-TEE (https://github.com/OP-TEE/optee_os) and therefore this would be the
>>> first TEE solution supported by this new subsystem. OP-TEE is a
>>> GlobalPlatform compliant TEE, however this TEE subsystem is not limited to
>>> only GlobalPlatform TEEs, instead we have tried to design it so that it
>>> should work with other TEE solutions also.
>>>
>>
>> The above is my biggest concern with this whole subsystem, to me it
>> still feels very OPTEE specific. As much as I would love to believe
>> OPTEE will be the end-all TEE, I'm sure we soon will start to see wider
>> use of vendor TEEs (like TI's own legacy Trustzone thing we are hoping
>> to depreciate with OPTEE moving forward), possibly Google's Trusty TEE,
>> and whatever Intel/AMD are cooking up for x86.
> 
> I'd rather say that it's slightly GlobalPlatform specific, but a bit
> more flexible.
> 
>>
>> As we all know when things are upstreamed we lose the ability to make
>> radical changes easily, especially to full subsystems. What happens when
>> this framework, built with only one existing TEE, built by the one
>> existing TEE's devs, is not as flexible as we need when other TEEs start
>> rolling out?
> 
> Initially the TEE subsystem was much more flexible and was criticized
> for that.
> 

That's rather strange, I haven't been following this from the start so I
will just take your word that this is where the community wants this
subsystem to go.

>>
>> Do we see this as a chicken and egg situation, or is there any harm
>> beyond the pains of supporting an out-of-tree driver for a while, to
>> wait until we have at least one other TEE to add to this subsystem
>> before merging?
> 
> This proposal is the bare minimum to have something useful. On top of
> this there's more things we'd like to add, for example an in-kernel API
> for accessing the TEE and secure buffer handling. The way we're dealing
> with shared memory need to be improved to better support multiple guests
> communicating with one TEE.
> 
> What we can do now with the subsystem now is somewhat limited by the
> fact that we're trying to upstream it and want to do that it in
> manageable increments.
> 

Fair enough.

For now this series is being used in our production SDKs so it has at
least some basic testing from us, so for the whole series:

Tested-by: Andrew F. Davis <afd@ti.com>

> Thanks,
> Jens
> 
>>
>> This may also help with the perceived lack of reviewers for this series.
>>
>> Thanks,
>> Andrew
>>
>>> "tee: generic TEE subsystem" brings in the generic TEE subsystem which
>>> helps when writing a driver for a specific TEE, for example, OP-TEE.
>>>
>>> "tee: add OP-TEE driver" is an OP-TEE driver which uses the subsystem to do
>>> its work.
>>>
>>> This patch set has been prepared in cooperation with Javier Gonz?lez who
>>> proposed "Generic TrustZone Driver in Linux Kernel" patches 28 Nov 2014,
>>> https://lwn.net/Articles/623380/ . We've since then changed the scope to
>>> TEE instead of TrustZone.
>>>
>>> We have discussed the design on tee-dev at lists.linaro.org (archive at
>>> https://lists.linaro.org/pipermail/tee-dev/) with people from other
>>> companies, including Valentin Manea <valentin.manea@huawei.com>,
>>> Emmanuel MICHEL <emmanuel.michel@st.com>,
>>> Jean-michel DELORME <jean-michel.delorme@st.com>,
>>> and Joakim Bech <joakim.bech@linaro.org>. Our main concern has been to
>>> agree on something that is generic enough to support many different
>>> TEEs while still keeping the interface together.
>>>
>>> v12-resend:
>>> * Rebased on v4.9-rc2
>>>
>>> v12:
>>> * Rebased on v4.8-rc5
>>> * Addressed review comments from Andrew F. Davis
>>> * Removed Acked-by: Andreas Dannenberg <dannenberg@ti.com> as the
>>>   mail bounces
>>> * Bugfix possible null dereference in error cleanup path of
>>>   optee_probe().
>>> * Bugfix optee_from_msg_param() when calculating offset of memref
>>>   into a shared memory object
>>>
>>> v11:
>>> * Rebased on v4.8-rc3
>>> * Addressed review comments from Nishanth Menon
>>> * Made the TEE framework available as a loadable module.
>>> * Reviewed-by: Javier Gonz?lez <javier@javigon.com>
>>> * Zeroes shared memory on allocation to avoid information leakage
>>> * Links shared memory objects to context to avoid stealing of shared memory
>>>   object from an unrelated process
>>> * Allow RPC interruption if supplicant is unavailable
>>>
>>> v10:
>>> * Rebased on v4.7-rc1
>>> * Addressed private review comments from Nishanth Menon
>>> * Optee driver only accepts one supplicant process on the privileged device
>>> * Optee driver avoids long delayed releases of shm objects
>>> * Added more comments on functions and structs
>>>
>>> v9:
>>> * Rebased on v4.6-rc1
>>> * Acked-by: Andreas Dannenberg <dannenberg@ti.com>
>>> * Addressed comments from Al Viro how file descriptors are passed to
>>>   user space
>>> * Addressed comments from Randy Dunlap on documentation
>>> * Changed license for include/uapi/linux/tee.h
>>>
>>> v8:
>>> * Rebased on v4.5-rc3
>>> * dt/bindings: add bindings for optee
>>>   Acked-by: Rob Herring <robh@kernel.org>
>>> * Fixes build error for X86
>>> * Fixes spell error in "dt/bindings: add bindings for optee"
>>>
>>> v7:
>>> * Rebased on v4.5-rc2
>>> * Moved the ARM SMC Calling Convention support into a separate patch
>>>   set, which is now merged
>>>
>>> v6:
>>> * Rebased on v4.3-rc7
>>> * Changed smccc interface to let the compiler marshal most of the
>>>   parameters
>>> * Added ARCH64 capability for smccc interface
>>> * Changed the PSCI firmware calls (both arm and arm64) to use the new
>>>   generic smccc interface instead instead of own assembly functions.
>>> * Move optee DT bindings to below arm/firmware
>>> * Defines method for OP-TEE driver to call secure world in DT, smc or hvc
>>> * Exposes implementation id of a TEE driver in sysfs
>>>   to easily spawn corresponding tee-supplicant when device is ready
>>> * Update OP-TEE Message Protocol to better cope with fragmented physical
>>>   memory
>>> * Read time directly from OP-TEE driver instead of forwarding the RPC
>>>   request to tee-supplicant
>>>
>>> v5:
>>> * Replaced kref reference counting for the device with a size_t instead as
>>>   the counter is always protected by a mutex
>>>
>>> v4:
>>> * Rebased on 4.1
>>> * Redesigned the synchronization around entry exit of normal SMC
>>> * Replaced rwsem on the driver instance with kref and completion since
>>>   rwsem wasn't intended to be used in this way
>>> * Expanded the TEE_IOCTL_PARAM_ATTR_TYPE_MASK to make room for
>>>   future additional parameter types
>>> * Documents TEE subsystem and OP-TEE driver
>>> * Replaced TEE_IOC_CMD with TEE_IOC_OPEN_SESSION, TEE_IOC_INVOKE,
>>>   TEE_IOC_CANCEL and TEE_IOC_CLOSE_SESSION
>>> * DT bindings in a separate patch
>>> * Assembly parts moved to arch/arm and arch/arm64 respectively, in a
>>>   separate patch
>>> * Redefined/clarified the meaning of OPTEE_SMC_SHM_CACHED
>>> * Removed CMA usage to limit the scope of the patch set
>>>
>>> v3:
>>> * Rebased on 4.1-rc3 (dma_buf_export() API change)
>>> * A couple of small sparse fixes
>>> * Documents bindings for OP-TEE driver
>>> * Updated MAINTAINERS
>>>
>>> v2:
>>> * Replaced the stubbed OP-TEE driver with a real OP-TEE driver
>>> * Removed most APIs not needed by OP-TEE in current state
>>> * Update Documentation/ioctl/ioctl-number.txt with correct path to tee.h
>>> * Rename tee_shm_pool_alloc_cma() to tee_shm_pool_alloc()
>>> * Moved tee.h into include/uapi/linux/
>>> * Redefined tee.h IOCTL macros to be directly based on _IOR and friends
>>> * Removed version info on the API to user space, a data blob which
>>>   can contain an UUID is left for user space to be able to tell which
>>>   protocol to use in TEE_IOC_CMD
>>> * Changed user space exposed structures to only have types with __ prefix
>>> * Dropped THIS_MODULE from tee_fops
>>> * Reworked how the driver is registered and ref counted:
>>>   - moved from using an embedded struct miscdevice to an embedded struct
>>>     device.
>>>   - uses an struct rw_semaphore as synchronization for driver detachment
>>>   - uses alloc/register pattern from TPM
>>>
>>> Thanks,
>>> Jens
>>>
>>> Jens Wiklander (4):
>>>   dt/bindings: add bindings for optee
>>>   tee: generic TEE subsystem
>>>   tee: add OP-TEE driver
>>>   Documentation: tee subsystem and op-tee driver
>>>
>>>  Documentation/00-INDEX                             |   2 +
>>>  .../bindings/arm/firmware/linaro,optee-tz.txt      |  31 +
>>>  .../devicetree/bindings/vendor-prefixes.txt        |   1 +
>>>  Documentation/ioctl/ioctl-number.txt               |   1 +
>>>  Documentation/tee.txt                              | 118 +++
>>>  MAINTAINERS                                        |  13 +
>>>  drivers/Kconfig                                    |   2 +
>>>  drivers/Makefile                                   |   1 +
>>>  drivers/tee/Kconfig                                |  18 +
>>>  drivers/tee/Makefile                               |   5 +
>>>  drivers/tee/optee/Kconfig                          |   7 +
>>>  drivers/tee/optee/Makefile                         |   5 +
>>>  drivers/tee/optee/call.c                           | 435 ++++++++++
>>>  drivers/tee/optee/core.c                           | 598 ++++++++++++++
>>>  drivers/tee/optee/optee_msg.h                      | 435 ++++++++++
>>>  drivers/tee/optee/optee_private.h                  | 185 +++++
>>>  drivers/tee/optee/optee_smc.h                      | 446 ++++++++++
>>>  drivers/tee/optee/rpc.c                            | 404 +++++++++
>>>  drivers/tee/optee/supp.c                           | 273 +++++++
>>>  drivers/tee/tee_core.c                             | 901 +++++++++++++++++++++
>>>  drivers/tee/tee_private.h                          | 129 +++
>>>  drivers/tee/tee_shm.c                              | 357 ++++++++
>>>  drivers/tee/tee_shm_pool.c                         | 158 ++++
>>>  include/linux/tee_drv.h                            | 278 +++++++
>>>  include/uapi/linux/tee.h                           | 403 +++++++++
>>>  25 files changed, 5206 insertions(+)
>>>  create mode 100644 Documentation/devicetree/bindings/arm/firmware/linaro,optee-tz.txt
>>>  create mode 100644 Documentation/tee.txt
>>>  create mode 100644 drivers/tee/Kconfig
>>>  create mode 100644 drivers/tee/Makefile
>>>  create mode 100644 drivers/tee/optee/Kconfig
>>>  create mode 100644 drivers/tee/optee/Makefile
>>>  create mode 100644 drivers/tee/optee/call.c
>>>  create mode 100644 drivers/tee/optee/core.c
>>>  create mode 100644 drivers/tee/optee/optee_msg.h
>>>  create mode 100644 drivers/tee/optee/optee_private.h
>>>  create mode 100644 drivers/tee/optee/optee_smc.h
>>>  create mode 100644 drivers/tee/optee/rpc.c
>>>  create mode 100644 drivers/tee/optee/supp.c
>>>  create mode 100644 drivers/tee/tee_core.c
>>>  create mode 100644 drivers/tee/tee_private.h
>>>  create mode 100644 drivers/tee/tee_shm.c
>>>  create mode 100644 drivers/tee/tee_shm_pool.c
>>>  create mode 100644 include/linux/tee_drv.h
>>>  create mode 100644 include/uapi/linux/tee.h
>>>