From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0185CC43334 for ; Tue, 7 Jun 2022 09:46:52 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E501784303; Tue, 7 Jun 2022 11:46:49 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="XRqP905+"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 226A18430F; Tue, 7 Jun 2022 11:46:48 +0200 (CEST) Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B253A842EA for ; Tue, 7 Jun 2022 11:46:43 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=etienne.carriere@linaro.org Received: by mail-oi1-x234.google.com with SMTP id w16so13325516oie.5 for ; Tue, 07 Jun 2022 02:46:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=U6kGdWeRXih74QzJI2c8dXWeee85b5MQ2/W7hkNJFHQ=; b=XRqP905+kHVRCJgFbUSn73WISl5+Kejk/5Bci4OEnFoPrssANFd9ju1SiEJXq3lgOH bgtF+fxVlGaVqRk2qTy9/cgX201N7mpl2ra7gMlpBbX7r3YZ2Wqf3KL2YIAQGqgFlmVO EQw3mqQTXx+OdRUP0DAojmMkFUldmrXRF0sVKY04RS1DKbj0srSW7uQq4/u9ONoaCXFu /0YgZ1NxBUg3Ot7+AvREL11scxuO57vlsJzZ9v+rQiXNoBWCNQpEzqZdDyZqs5vNKc9u jqBTC2KVio5WJZAPAzxmAa6zK/ioR4kFeP0nrIQUvWc/Uiv/LhaDY8mbyYHnAzOCIzv2 opnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=U6kGdWeRXih74QzJI2c8dXWeee85b5MQ2/W7hkNJFHQ=; b=ohDs5ZkxcW0toe53ik0FwNl9LjBgSw6kCj2aTnAAYpuAxt8DGZNvkq1AjUQfI1Rdt7 Y0gBnmVA/X7IRdFvSY6D64OEzjtyOBonJ9N3U6ctFyAmYpjmKG3wlGVnh5mVHoemLz4x lcnl2UxGoemAvpfWWVmZRHumOVdVOUHlfEjME6SQQBc3hIb8OhiiLKiuPUe5L7PE40Cs wYI3E8MSjQyFCBoAOFDp6sQfoqujjFpBNHEli/iDacV85puKHxq4jGrbw1NIHHdNYMN/ 6CgSEdACjqCM+rwrNW3SK2Do2gGtY/VZH6BxUcP91QzFe4SLx+Kc4SklFqYnr4zyoYq+ 5BkA== X-Gm-Message-State: AOAM533fg1UXRvr6sdrYNNm9UI0va2x+d/MuuajCsyWYwA3knF7rgA9i fBTCbAlgx7qPs+jDRm5jhBfgVxNl+U31kH0DnnwYfg== X-Google-Smtp-Source: ABdhPJyZSD7EP+JBEI7HPnJWdkAvYYssG5y8LQMf3CukpvtF8PVhksBkm5Z6D4KmBlLfiBL7Gk2DuDToeEfl/A2stLg= X-Received: by 2002:aca:d9c2:0:b0:32e:4553:8c51 with SMTP id q185-20020acad9c2000000b0032e45538c51mr14458608oig.104.1654595202350; Tue, 07 Jun 2022 02:46:42 -0700 (PDT) MIME-Version: 1.0 References: <20220601082752.301602-1-etienne.carriere@linaro.org> In-Reply-To: From: Etienne Carriere Date: Tue, 7 Jun 2022 11:46:31 +0200 Message-ID: Subject: Re: [PATCH 1/2] drivers: tee: optee: discover OP-TEE services To: Ilias Apalodimas Cc: u-boot@lists.denx.de, Jens Wiklander , Patrick Delaunay Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Hi Ilias, On Mon, 6 Jun 2022 at 11:49, Ilias Apalodimas wrote: > > Hi Etienne, > > On Wed, Jun 01, 2022 at 10:27:51AM +0200, Etienne Carriere wrote: > > This change defines resources for OP-TEE service drivers to register > > themselves for being bound to when OP-TEE firmware reports the related > > service is supported. OP-TEE services are discovered during optee > > driver probe sequence. Discovery of optee services and binding to > > related U-Boot drivers is embedded upon configuration switch > > CONFIG_OPTEE_SERVICE_DISCOVERY. > > > > Cc: Jens Wiklander > > Cc: Patrick Delaunay > > Signed-off-by: Etienne Carriere > > --- > > drivers/tee/optee/Kconfig | 8 ++ > > drivers/tee/optee/core.c | 187 +++++++++++++++++++++++++++++++++++- > > include/tee/optee_service.h | 29 ++++++ > > 3 files changed, 223 insertions(+), 1 deletion(-) > > create mode 100644 include/tee/optee_service.h > > > > diff --git a/drivers/tee/optee/Kconfig b/drivers/tee/optee/Kconfig > > index d03028070b..9dc65b0501 100644 > > --- a/drivers/tee/optee/Kconfig > > +++ b/drivers/tee/optee/Kconfig > > @@ -37,6 +37,14 @@ config OPTEE_TA_SCP03 > > > > [...] > > > +static int enum_services(struct udevice *dev, struct tee_shm **shm, size_t *count, u32 tee_sess) > > +{ > > + size_t shm_size = 0; > > + int ret; > > + > > + ret = __enum_services(dev, NULL, &shm_size, tee_sess); > > + if (ret) > > + return ret; > > + > > + ret = tee_shm_alloc(dev, shm_size, 0, shm); > > + if (ret) { > > + dev_err(dev, "Failed to allocated shared memory: %d\n", ret); > > + return ret; > > + } > > + > > + ret = __enum_services(dev, *shm, &shm_size, tee_sess); > > + if (ret) > > + tee_shm_free(*shm); > > I'd prefer if we handled this a bit differently. Instead of freeing the > buffer here, just release it on bind_service_drivers() always Ok, i'll change this in patch v3. > > > + else > > + *count = shm_size / sizeof(struct tee_optee_ta_uuid); > > + > > + return ret; > > +} > > + > > + > > static int optee_probe(struct udevice *dev) > > { > > struct optee_pdata *pdata = dev_get_plat(dev); > > u32 sec_caps; > > - struct udevice *child; > > int ret; > > > > if (!is_optee_api(pdata->invoke_fn)) { > > @@ -668,15 +842,23 @@ static int optee_probe(struct udevice *dev) > > return -ENOENT; > > } > > > > + ret = bind_service_drivers(dev); > > + if (ret) > > + return ret; > > + > > +#ifndef CONFIG_OPTEE_SERVICE_DISCOVERY > > /* > > * in U-Boot, the discovery of TA on the TEE bus is not supported: > > * only bind the drivers associated to the supported OP-TEE TA > > */ > > if (IS_ENABLED(CONFIG_RNG_OPTEE)) { > > + struct udevice *child; > > + > > ret = device_bind_driver(dev, "optee-rng", "optee-rng", &child); > > The same principle applies for fTPM. Moreover the linux kernel supports > bus scanning, which creates a conflict when the fTPM is added on the .dts > (for u-boot to scan it). Do you mean you would like fTPM driver to NOT be probed upon its related DT compatible node and only probed from the fTPM TA discovery (optee so-called devices enumeration)? Another issue here is that current fTPM implementation [1] does not set flag TA_FLAG_DEVICE_ENUM [2] that makes a built-in TA (so-called early TA) to be enumerated by OP-TEE. [1] https://github.com/microsoft/ms-tpm-20-ref/blob/d638536d0fe01acd5e39ffa1bd100b3da82d92c7/Samples/ARM32-FirmwareTPM/optee_ta/fTPM/user_ta_header_defines.h#L47 [2] https://github.com/OP-TEE/optee_os/blob/3.17.0/lib/libutee/include/user_ta_header.h#L26-L32 > > Can we make this a bit more generic, even though only the rng is added on > this patch? > > something like > struct devices { > const char *drv_name; > const char *dev_name; > } tee_bus_devices = { > { > "optee-rng", > "optee-rng", > }, > } > and add an array of the 'scanable' devices? It would make adding the ftpm > and other devices trivial Assuming fTPM TA is enumerated, i don't think we need to add a device name here. fTPM service could be proved straight based on the driver name. fTPM driver in u-boot expects there is only 1 TEE firmware, hence only 1 fTPM TA instance. For info, i'll send a patch v3 without changes on fTPM. Best regards, etienne > > > if (ret) > > return ret; > > } > > +#endif > [...] > > > Thanks! > /Ilias