[PATCH 1/2] tee: define session login identifiers

[PATCH 1/2] tee: define session login identifiers

[Etienne Carriere]

TEE header file defines a clnt_login field in struct tee_open_session_arg
but does not define the values expected. This change define identifiers
for the field using a enumerated type. Back end TEE driver is expected to
convert these IDs into IDs meaningful to the TEE.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
 include/tee.h | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/include/tee.h b/include/tee.h
index 99367b258e..b8297601b4 100644
--- a/include/tee.h
+++ b/include/tee.h
@@ -31,6 +31,19 @@
 #define TEE_PARAM_ATTR_MASK			(TEE_PARAM_ATTR_TYPE_MASK | \
 						 TEE_PARAM_ATTR_META)
 
+/*
+ * Value for tee_open_session_arg::clnt_login
+ */
+enum tee_session_login {
+	TEE_SESSION_LOGIN_PUBLIC = 0,
+	TEE_SESSION_LOGIN_USER,
+	TEE_SESSION_LOGIN_GROUP,
+	TEE_SESSION_LOGIN_APPLICATION,
+	TEE_SESSION_LOGIN_APPLICATION_USER,
+	TEE_SESSION_LOGIN_APPLICATION_GROUP,
+	TEE_SESSION_LOGIN_REE_KERNEL,
+};
+
 /*
  * Some Global Platform error codes which has a meaning if the
  * TEE_GEN_CAP_GP bit is returned by the driver in
@@ -135,8 +148,8 @@ struct tee_param {
 /**
  * struct tee_open_session_arg - extra arguments for tee_open_session()
  * @uuid:	[in] UUID of the Trusted Application
- * @clnt_uuid:	[in] Normally zeroes
- * @clnt_login:	[in] Normally 0
+ * @clnt_uuid:	[in] UUID of client, zeroes for PUBLIC/REE_KERNEL
+ * @clnt_login:	[in] Class of client TEE_SESSION_LOGIN_*
  * @session:	[out] Session id
  * @ret:	[out] return value
  * @ret_origin:	[out] origin of the return value
@@ -144,7 +157,7 @@ struct tee_param {
 struct tee_open_session_arg {
 	u8 uuid[TEE_UUID_LEN];
 	u8 clnt_uuid[TEE_UUID_LEN];
-	u32 clnt_login;
+	enum tee_session_login clnt_login;
 	u32 session;
 	u32 ret;
 	u32 ret_origin;
-- 
2.17.1

[PATCH 2/2] tee: optee: support session login as REE kernel

[Etienne Carriere]

OP-TEE supports an API extension to allow client to open a TEE session
as REE kernel which OP-TEE uses to differentiate client application
services from system services that only the REE OS kernel can access.

This change allows U-Boot to invoke OP-TEE which such kernel identity
and therefore access kernel client specific services.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
 drivers/tee/optee/core.c      | 24 +++++++++++++++++++++++-
 drivers/tee/optee/optee_msg.h |  2 ++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
index 73dbb22ba0..526bf125a0 100644
--- a/drivers/tee/optee/core.c
+++ b/drivers/tee/optee/core.c
@@ -349,6 +349,28 @@ static int optee_close_session(struct udevice *dev, u32 session)
 	return 0;
 }
 
+static uint32_t optee_login_id(enum tee_session_login login)
+{
+	/* Treat invalid IDs as public login */
+	switch (login) {
+	case TEE_SESSION_LOGIN_USER:
+		return OPTEE_MSG_LOGIN_USER;
+	case TEE_SESSION_LOGIN_GROUP:
+		return OPTEE_MSG_LOGIN_GROUP;
+	case TEE_SESSION_LOGIN_APPLICATION:
+		return OPTEE_MSG_LOGIN_APPLICATION;
+	case TEE_SESSION_LOGIN_APPLICATION_USER:
+		return OPTEE_MSG_LOGIN_APPLICATION;
+	case TEE_SESSION_LOGIN_APPLICATION_GROUP:
+		return OPTEE_MSG_LOGIN_APPLICATION;
+	case TEE_SESSION_LOGIN_REE_KERNEL:
+		return OPTEE_MSG_LOGIN_REE_KERNEL;
+	case TEE_SESSION_LOGIN_PUBLIC:
+	default:
+		return OPTEE_MSG_LOGIN_PUBLIC;
+	}
+}
+
 static int optee_open_session(struct udevice *dev,
 			      struct tee_open_session_arg *arg,
 			      uint num_params, struct tee_param *params)
@@ -372,7 +394,7 @@ static int optee_open_session(struct udevice *dev,
 				  OPTEE_MSG_ATTR_META;
 	memcpy(&msg_arg->params[0].u.value, arg->uuid, sizeof(arg->uuid));
 	memcpy(&msg_arg->params[1].u.value, arg->uuid, sizeof(arg->clnt_uuid));
-	msg_arg->params[1].u.value.c = arg->clnt_login;
+	msg_arg->params[1].u.value.c = optee_login_id(arg->clnt_login);
 
 	rc = to_msg_param(msg_arg->params + 2, num_params, params);
 	if (rc)
diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h
index 8d40ce60c2..17e8d28e52 100644
--- a/drivers/tee/optee/optee_msg.h
+++ b/drivers/tee/optee/optee_msg.h
@@ -95,6 +95,8 @@
 #define OPTEE_MSG_LOGIN_APPLICATION		0x00000004
 #define OPTEE_MSG_LOGIN_APPLICATION_USER	0x00000005
 #define OPTEE_MSG_LOGIN_APPLICATION_GROUP	0x00000006
+/* OP-TEE extension: log as REE kernel */
+#define OPTEE_MSG_LOGIN_REE_KERNEL		0x80000000
 
 /*
  * Page size used in non-contiguous buffer entries
-- 
2.17.1

[PATCH 1/2] tee: define session login identifiers

[Jens Wiklander]

On Wed, May 12, 2021 at 5:06 PM Etienne Carriere
<etienne.carriere@linaro.org> wrote:
>
> TEE header file defines a clnt_login field in struct tee_open_session_arg
> but does not define the values expected. This change define identifiers
> for the field using a enumerated type. Back end TEE driver is expected to
> convert these IDs into IDs meaningful to the TEE.
>
> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> ---
>  include/tee.h | 19 ++++++++++++++++---
>  1 file changed, 16 insertions(+), 3 deletions(-)
>
> diff --git a/include/tee.h b/include/tee.h
> index 99367b258e..b8297601b4 100644
> --- a/include/tee.h
> +++ b/include/tee.h
> @@ -31,6 +31,19 @@
>  #define TEE_PARAM_ATTR_MASK                    (TEE_PARAM_ATTR_TYPE_MASK | \
>                                                  TEE_PARAM_ATTR_META)
>
> +/*
> + * Value for tee_open_session_arg::clnt_login
> + */
> +enum tee_session_login {
> +       TEE_SESSION_LOGIN_PUBLIC = 0,
> +       TEE_SESSION_LOGIN_USER,
> +       TEE_SESSION_LOGIN_GROUP,
> +       TEE_SESSION_LOGIN_APPLICATION,

This is defined as 4 in the spec.

> +       TEE_SESSION_LOGIN_APPLICATION_USER,
> +       TEE_SESSION_LOGIN_APPLICATION_GROUP,

Please make these USER_APPLICATION and GROUP_APPLICATION since that's
the order used in the spec.

> +       TEE_SESSION_LOGIN_REE_KERNEL,

The Linux kernel defines the REE kernel stuff as:
/*
 * Disallow user-space to use GP implementation specific login
 * method range (0x80000000 - 0xBFFFFFFF). This range is rather
 * being reserved for REE kernel clients or TEE implementation.
 */
#define TEE_IOCTL_LOGIN_REE_KERNEL_MIN          0x80000000
#define TEE_IOCTL_LOGIN_REE_KERNEL_MAX          0xBFFFFFFF
/* Private login method for REE kernel clients */
#define TEE_IOCTL_LOGIN_REE_KERNEL              0x80000000

We should at least try to be in the same implementation defined range.

> +};

I think that using a TEE_LOGIN_ prefix should be enough.

> +
>  /*
>   * Some Global Platform error codes which has a meaning if the
>   * TEE_GEN_CAP_GP bit is returned by the driver in
> @@ -135,8 +148,8 @@ struct tee_param {
>  /**
>   * struct tee_open_session_arg - extra arguments for tee_open_session()
>   * @uuid:      [in] UUID of the Trusted Application
> - * @clnt_uuid: [in] Normally zeroes
> - * @clnt_login:        [in] Normally 0
> + * @clnt_uuid: [in] UUID of client, zeroes for PUBLIC/REE_KERNEL
> + * @clnt_login:        [in] Class of client TEE_SESSION_LOGIN_*
>   * @session:   [out] Session id
>   * @ret:       [out] return value
>   * @ret_origin:        [out] origin of the return value
> @@ -144,7 +157,7 @@ struct tee_param {
>  struct tee_open_session_arg {
>         u8 uuid[TEE_UUID_LEN];
>         u8 clnt_uuid[TEE_UUID_LEN];
> -       u32 clnt_login;
> +       enum tee_session_login clnt_login;

Please keep this as an u32. It's part of the ABI.

Cheers,
Jens

>         u32 session;
>         u32 ret;
>         u32 ret_origin;
> --
> 2.17.1
>

[PATCH 2/2] tee: optee: support session login as REE kernel

[Jens Wiklander]

On Wed, May 12, 2021 at 5:06 PM Etienne Carriere
<etienne.carriere@linaro.org> wrote:
>
> OP-TEE supports an API extension to allow client to open a TEE session
> as REE kernel which OP-TEE uses to differentiate client application
> services from system services that only the REE OS kernel can access.
>
> This change allows U-Boot to invoke OP-TEE which such kernel identity
> and therefore access kernel client specific services.
>
> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> ---
>  drivers/tee/optee/core.c      | 24 +++++++++++++++++++++++-
>  drivers/tee/optee/optee_msg.h |  2 ++
>  2 files changed, 25 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> index 73dbb22ba0..526bf125a0 100644
> --- a/drivers/tee/optee/core.c
> +++ b/drivers/tee/optee/core.c
> @@ -349,6 +349,28 @@ static int optee_close_session(struct udevice *dev, u32 session)
>         return 0;
>  }
>
> +static uint32_t optee_login_id(enum tee_session_login login)
> +{
> +       /* Treat invalid IDs as public login */
> +       switch (login) {
> +       case TEE_SESSION_LOGIN_USER:
> +               return OPTEE_MSG_LOGIN_USER;
> +       case TEE_SESSION_LOGIN_GROUP:
> +               return OPTEE_MSG_LOGIN_GROUP;
> +       case TEE_SESSION_LOGIN_APPLICATION:
> +               return OPTEE_MSG_LOGIN_APPLICATION;
> +       case TEE_SESSION_LOGIN_APPLICATION_USER:
> +               return OPTEE_MSG_LOGIN_APPLICATION;
> +       case TEE_SESSION_LOGIN_APPLICATION_GROUP:
> +               return OPTEE_MSG_LOGIN_APPLICATION;
> +       case TEE_SESSION_LOGIN_REE_KERNEL:
> +               return OPTEE_MSG_LOGIN_REE_KERNEL;
> +       case TEE_SESSION_LOGIN_PUBLIC:
> +       default:
> +               return OPTEE_MSG_LOGIN_PUBLIC;
> +       }
> +}
> +

I don't see any point in this translation, we could just as well use
the correct values from the start.

Cheers,
Jens

>  static int optee_open_session(struct udevice *dev,
>                               struct tee_open_session_arg *arg,
>                               uint num_params, struct tee_param *params)
> @@ -372,7 +394,7 @@ static int optee_open_session(struct udevice *dev,
>                                   OPTEE_MSG_ATTR_META;
>         memcpy(&msg_arg->params[0].u.value, arg->uuid, sizeof(arg->uuid));
>         memcpy(&msg_arg->params[1].u.value, arg->uuid, sizeof(arg->clnt_uuid));
> -       msg_arg->params[1].u.value.c = arg->clnt_login;
> +       msg_arg->params[1].u.value.c = optee_login_id(arg->clnt_login);
>
>         rc = to_msg_param(msg_arg->params + 2, num_params, params);
>         if (rc)
> diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h
> index 8d40ce60c2..17e8d28e52 100644
> --- a/drivers/tee/optee/optee_msg.h
> +++ b/drivers/tee/optee/optee_msg.h
> @@ -95,6 +95,8 @@
>  #define OPTEE_MSG_LOGIN_APPLICATION            0x00000004
>  #define OPTEE_MSG_LOGIN_APPLICATION_USER       0x00000005
>  #define OPTEE_MSG_LOGIN_APPLICATION_GROUP      0x00000006
> +/* OP-TEE extension: log as REE kernel */
> +#define OPTEE_MSG_LOGIN_REE_KERNEL             0x80000000
>
>  /*
>   * Page size used in non-contiguous buffer entries
> --
> 2.17.1
>

[PATCH 2/2] tee: optee: support session login as REE kernel

[Etienne Carriere]

On Mon, 17 May 2021 at 08:08, Jens Wiklander <jens.wiklander@linaro.org> wrote:
>
> On Wed, May 12, 2021 at 5:06 PM Etienne Carriere
> <etienne.carriere@linaro.org> wrote:
> >
> > OP-TEE supports an API extension to allow client to open a TEE session
> > as REE kernel which OP-TEE uses to differentiate client application
> > services from system services that only the REE OS kernel can access.
> >
> > This change allows U-Boot to invoke OP-TEE which such kernel identity
> > and therefore access kernel client specific services.
> >
> > Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> > ---
> >  drivers/tee/optee/core.c      | 24 +++++++++++++++++++++++-
> >  drivers/tee/optee/optee_msg.h |  2 ++
> >  2 files changed, 25 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> > index 73dbb22ba0..526bf125a0 100644
> > --- a/drivers/tee/optee/core.c
> > +++ b/drivers/tee/optee/core.c
> > @@ -349,6 +349,28 @@ static int optee_close_session(struct udevice *dev, u32 session)
> >         return 0;
> >  }
> >
> > +static uint32_t optee_login_id(enum tee_session_login login)
> > +{
> > +       /* Treat invalid IDs as public login */
> > +       switch (login) {
> > +       case TEE_SESSION_LOGIN_USER:
> > +               return OPTEE_MSG_LOGIN_USER;
> > +       case TEE_SESSION_LOGIN_GROUP:
> > +               return OPTEE_MSG_LOGIN_GROUP;
> > +       case TEE_SESSION_LOGIN_APPLICATION:
> > +               return OPTEE_MSG_LOGIN_APPLICATION;
> > +       case TEE_SESSION_LOGIN_APPLICATION_USER:
> > +               return OPTEE_MSG_LOGIN_APPLICATION;
> > +       case TEE_SESSION_LOGIN_APPLICATION_GROUP:
> > +               return OPTEE_MSG_LOGIN_APPLICATION;
> > +       case TEE_SESSION_LOGIN_REE_KERNEL:
> > +               return OPTEE_MSG_LOGIN_REE_KERNEL;
> > +       case TEE_SESSION_LOGIN_PUBLIC:
> > +       default:
> > +               return OPTEE_MSG_LOGIN_PUBLIC;
> > +       }
> > +}
> > +
>
> I don't see any point in this translation, we could just as well use
> the correct values from the start.
>
> Cheers,
> Jens

Right, i'll check that.

thanks
etienne

Re: [PATCH 1/2] tee: define session login identifiers

[Patrick DELAUNAY]

Hi

On 5/12/21 5:05 PM, Etienne Carriere wrote:
> TEE header file defines a clnt_login field in struct tee_open_session_arg
> but does not define the values expected. This change define identifiers
> for the field using a enumerated type. Back end TEE driver is expected to
> convert these IDs into IDs meaningful to the TEE.
>
> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> ---
>   include/tee.h | 19 ++++++++++++++++---
>   1 file changed, 16 insertions(+), 3 deletions(-)
>

Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

Thanks
Patrick