All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2 1/2] tee: define session login identifiers
@ 2021-05-19 14:26 Etienne Carriere
  2021-05-19 14:26 ` [PATCH v2 2/2] tee: optee: support session login as REE kernel Etienne Carriere
  2021-05-20 14:49 ` [PATCH v2 1/2] tee: define session login identifiers Jens Wiklander
  0 siblings, 2 replies; 6+ messages in thread
From: Etienne Carriere @ 2021-05-19 14:26 UTC (permalink / raw)
  To: u-boot

Define identifiers for clnt_login field in struct tee_open_session_arg
based in GlobalPlatform Device TEE IDs and on the REE_KERNEL identifier
extension from OP-TEE OS.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
Changes since v1:
- Rename macros to TEE_LOGIN_* and use same inline description as made
  in Linux kernel source tree.
---
 include/tee.h | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/include/tee.h b/include/tee.h
index 99367b258e..d56530653c 100644
--- a/include/tee.h
+++ b/include/tee.h
@@ -31,6 +31,25 @@
 #define TEE_PARAM_ATTR_MASK			(TEE_PARAM_ATTR_TYPE_MASK | \
 						 TEE_PARAM_ATTR_META)
 
+/*
+ * Global Platform login identifiers for tee_open_session_arg::clnt_login
+ */
+#define TEE_LOGIN_PUBLIC                  0x00000000
+#define TEE_LOGIN_USER                    0x00000001
+#define TEE_LOGIN_GROUP                   0x00000002
+#define TEE_LOGIN_APPLICATION             0x00000004
+#define TEE_LOGIN_APPLICATION_USER        0x00000005
+#define TEE_LOGIN_APPLICATION_GROUP       0x00000006
+/*
+ * Disallow user-space to use GP implementation specific login
+ * method range (0x80000000 - 0xBFFFFFFF). This range is rather
+ * being reserved for REE kernel clients or TEE implementation.
+ */
+#define TEE_LOGIN_REE_KERNEL_MIN          0x80000000
+#define TEE_LOGIN_REE_KERNEL_MAX          0xBFFFFFFF
+/* Private login method for REE kernel clients */
+#define TEE_LOGIN_REE_KERNEL              0x80000000
+
 /*
  * Some Global Platform error codes which has a meaning if the
  * TEE_GEN_CAP_GP bit is returned by the driver in
@@ -135,8 +154,8 @@ struct tee_param {
 /**
  * struct tee_open_session_arg - extra arguments for tee_open_session()
  * @uuid:	[in] UUID of the Trusted Application
- * @clnt_uuid:	[in] Normally zeroes
- * @clnt_login:	[in] Normally 0
+ * @clnt_uuid:	[in] UUID of client, zeroes for PUBLIC/REE_KERNEL
+ * @clnt_login:	[in] Class of client TEE_LOGIN_*
  * @session:	[out] Session id
  * @ret:	[out] return value
  * @ret_origin:	[out] origin of the return value
-- 
2.17.1

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH v2 2/2] tee: optee: support session login as REE kernel
  2021-05-19 14:26 [PATCH v2 1/2] tee: define session login identifiers Etienne Carriere
@ 2021-05-19 14:26 ` Etienne Carriere
  2021-05-20 14:56   ` Jens Wiklander
  2021-05-20 14:49 ` [PATCH v2 1/2] tee: define session login identifiers Jens Wiklander
  1 sibling, 1 reply; 6+ messages in thread
From: Etienne Carriere @ 2021-05-19 14:26 UTC (permalink / raw)
  To: u-boot

Remove unused OPTEE_MSG_LOGIN_* IDs and rely on the ones introduced in
tee.h. Change optee core to treat invalid client IDs as public login.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
Changes since v1:
- Remove ID conversion. I kept the sanitation of login ID for optee.
---
 drivers/tee/optee/core.c      | 19 ++++++++++++++++++-
 drivers/tee/optee/optee_msg.h | 10 ----------
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
index 73dbb22ba0..14f9cce5f8 100644
--- a/drivers/tee/optee/core.c
+++ b/drivers/tee/optee/core.c
@@ -349,6 +349,23 @@ static int optee_close_session(struct udevice *dev, u32 session)
 	return 0;
 }
 
+static u32 optee_login_id(u32 login_id)
+{
+	/* Treat invalid IDs as public login */
+	switch (login_id) {
+	case TEE_LOGIN_USER:
+	case TEE_LOGIN_GROUP:
+	case TEE_LOGIN_APPLICATION:
+	case TEE_LOGIN_APPLICATION_USER:
+	case TEE_LOGIN_APPLICATION_GROUP:
+	case TEE_LOGIN_REE_KERNEL:
+		return login_id;
+	case TEE_LOGIN_PUBLIC:
+	default:
+		return TEE_LOGIN_PUBLIC;
+	}
+}
+
 static int optee_open_session(struct udevice *dev,
 			      struct tee_open_session_arg *arg,
 			      uint num_params, struct tee_param *params)
@@ -372,7 +389,7 @@ static int optee_open_session(struct udevice *dev,
 				  OPTEE_MSG_ATTR_META;
 	memcpy(&msg_arg->params[0].u.value, arg->uuid, sizeof(arg->uuid));
 	memcpy(&msg_arg->params[1].u.value, arg->uuid, sizeof(arg->clnt_uuid));
-	msg_arg->params[1].u.value.c = arg->clnt_login;
+	msg_arg->params[1].u.value.c = optee_login_id(arg->clnt_login);
 
 	rc = to_msg_param(msg_arg->params + 2, num_params, params);
 	if (rc)
diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h
index 8d40ce60c2..9490592a8e 100644
--- a/drivers/tee/optee/optee_msg.h
+++ b/drivers/tee/optee/optee_msg.h
@@ -86,16 +86,6 @@
 #define OPTEE_MSG_ATTR_CACHE_MASK		GENMASK(2, 0)
 #define OPTEE_MSG_ATTR_CACHE_PREDEFINED		0
 
-/*
- * Same values as TEE_LOGIN_* from TEE Internal API
- */
-#define OPTEE_MSG_LOGIN_PUBLIC			0x00000000
-#define OPTEE_MSG_LOGIN_USER			0x00000001
-#define OPTEE_MSG_LOGIN_GROUP			0x00000002
-#define OPTEE_MSG_LOGIN_APPLICATION		0x00000004
-#define OPTEE_MSG_LOGIN_APPLICATION_USER	0x00000005
-#define OPTEE_MSG_LOGIN_APPLICATION_GROUP	0x00000006
-
 /*
  * Page size used in non-contiguous buffer entries
  */
-- 
2.17.1

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH v2 1/2] tee: define session login identifiers
  2021-05-19 14:26 [PATCH v2 1/2] tee: define session login identifiers Etienne Carriere
  2021-05-19 14:26 ` [PATCH v2 2/2] tee: optee: support session login as REE kernel Etienne Carriere
@ 2021-05-20 14:49 ` Jens Wiklander
  2021-05-21 13:17   ` Etienne Carriere
  1 sibling, 1 reply; 6+ messages in thread
From: Jens Wiklander @ 2021-05-20 14:49 UTC (permalink / raw)
  To: u-boot

On Wed, May 19, 2021 at 4:27 PM Etienne Carriere
<etienne.carriere@linaro.org> wrote:
>
> Define identifiers for clnt_login field in struct tee_open_session_arg
> based in GlobalPlatform Device TEE IDs and on the REE_KERNEL identifier
> extension from OP-TEE OS.
>
> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> ---
> Changes since v1:
> - Rename macros to TEE_LOGIN_* and use same inline description as made
>   in Linux kernel source tree.
> ---
>  include/tee.h | 23 +++++++++++++++++++++--
>  1 file changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/include/tee.h b/include/tee.h
> index 99367b258e..d56530653c 100644
> --- a/include/tee.h
> +++ b/include/tee.h
> @@ -31,6 +31,25 @@
>  #define TEE_PARAM_ATTR_MASK                    (TEE_PARAM_ATTR_TYPE_MASK | \
>                                                  TEE_PARAM_ATTR_META)
>
> +/*
> + * Global Platform login identifiers for tee_open_session_arg::clnt_login
> + */
> +#define TEE_LOGIN_PUBLIC                  0x00000000
> +#define TEE_LOGIN_USER                    0x00000001
> +#define TEE_LOGIN_GROUP                   0x00000002
> +#define TEE_LOGIN_APPLICATION             0x00000004
> +#define TEE_LOGIN_APPLICATION_USER        0x00000005
> +#define TEE_LOGIN_APPLICATION_GROUP       0x00000006
> +/*
> + * Disallow user-space to use GP implementation specific login
> + * method range (0x80000000 - 0xBFFFFFFF). This range is rather
> + * being reserved for REE kernel clients or TEE implementation.
> + */
> +#define TEE_LOGIN_REE_KERNEL_MIN          0x80000000
> +#define TEE_LOGIN_REE_KERNEL_MAX          0xBFFFFFFF
> +/* Private login method for REE kernel clients */
> +#define TEE_LOGIN_REE_KERNEL              0x80000000
> +

I might be a bit odd to talk about user-space in U-Boot, but I suppose
it's still good to know how this is supposed to work later in the
kernel too.

What do others think?

Cheers,
Jens

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH v2 2/2] tee: optee: support session login as REE kernel
  2021-05-19 14:26 ` [PATCH v2 2/2] tee: optee: support session login as REE kernel Etienne Carriere
@ 2021-05-20 14:56   ` Jens Wiklander
  2021-05-21 13:13     ` Etienne Carriere
  0 siblings, 1 reply; 6+ messages in thread
From: Jens Wiklander @ 2021-05-20 14:56 UTC (permalink / raw)
  To: u-boot

On Wed, May 19, 2021 at 4:27 PM Etienne Carriere
<etienne.carriere@linaro.org> wrote:
>
> Remove unused OPTEE_MSG_LOGIN_* IDs and rely on the ones introduced in
> tee.h. Change optee core to treat invalid client IDs as public login.
>
> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> ---
> Changes since v1:
> - Remove ID conversion. I kept the sanitation of login ID for optee.
> ---
>  drivers/tee/optee/core.c      | 19 ++++++++++++++++++-
>  drivers/tee/optee/optee_msg.h | 10 ----------
>  2 files changed, 18 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> index 73dbb22ba0..14f9cce5f8 100644
> --- a/drivers/tee/optee/core.c
> +++ b/drivers/tee/optee/core.c
> @@ -349,6 +349,23 @@ static int optee_close_session(struct udevice *dev, u32 session)
>         return 0;
>  }
>
> +static u32 optee_login_id(u32 login_id)
> +{
> +       /* Treat invalid IDs as public login */
> +       switch (login_id) {
> +       case TEE_LOGIN_USER:
> +       case TEE_LOGIN_GROUP:
> +       case TEE_LOGIN_APPLICATION:
> +       case TEE_LOGIN_APPLICATION_USER:
> +       case TEE_LOGIN_APPLICATION_GROUP:
> +       case TEE_LOGIN_REE_KERNEL:
> +               return login_id;
> +       case TEE_LOGIN_PUBLIC:
> +       default:
> +               return TEE_LOGIN_PUBLIC;
> +       }
> +}
> +

What is the point with translating an unrecognized value into TEE_LOGIN_PUBLIC?
We could just as well let OP-TEE decide what to do with that.

Cheers,
Jens

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v2 2/2] tee: optee: support session login as REE kernel
  2021-05-20 14:56   ` Jens Wiklander
@ 2021-05-21 13:13     ` Etienne Carriere
  0 siblings, 0 replies; 6+ messages in thread
From: Etienne Carriere @ 2021-05-21 13:13 UTC (permalink / raw)
  To: Jens Wiklander; +Cc: U-Boot Mailing List, Simon Glass

On Thu, 20 May 2021 at 16:56, Jens Wiklander <jens.wiklander@linaro.org> wrote:
>
> On Wed, May 19, 2021 at 4:27 PM Etienne Carriere
> <etienne.carriere@linaro.org> wrote:
> >
> > Remove unused OPTEE_MSG_LOGIN_* IDs and rely on the ones introduced in
> > tee.h. Change optee core to treat invalid client IDs as public login.
> >
> > Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> > ---
> > Changes since v1:
> > - Remove ID conversion. I kept the sanitation of login ID for optee.
> > ---
> >  drivers/tee/optee/core.c      | 19 ++++++++++++++++++-
> >  drivers/tee/optee/optee_msg.h | 10 ----------
> >  2 files changed, 18 insertions(+), 11 deletions(-)
> >
> > diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> > index 73dbb22ba0..14f9cce5f8 100644
> > --- a/drivers/tee/optee/core.c
> > +++ b/drivers/tee/optee/core.c
> > @@ -349,6 +349,23 @@ static int optee_close_session(struct udevice *dev, u32 session)
> >         return 0;
> >  }
> >
> > +static u32 optee_login_id(u32 login_id)
> > +{
> > +       /* Treat invalid IDs as public login */
> > +       switch (login_id) {
> > +       case TEE_LOGIN_USER:
> > +       case TEE_LOGIN_GROUP:
> > +       case TEE_LOGIN_APPLICATION:
> > +       case TEE_LOGIN_APPLICATION_USER:
> > +       case TEE_LOGIN_APPLICATION_GROUP:
> > +       case TEE_LOGIN_REE_KERNEL:
> > +               return login_id;
> > +       case TEE_LOGIN_PUBLIC:
> > +       default:
> > +               return TEE_LOGIN_PUBLIC;
> > +       }
> > +}
> > +
>
> What is the point with translating an unrecognized value into TEE_LOGIN_PUBLIC?
> We could just as well let OP-TEE decide what to do with that.

Yes, we could simply pass the identifier, whatever it is.
i'll remove this part in the v3.

Cheers,
Etienne

>
> Cheers,
> Jens

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v2 1/2] tee: define session login identifiers
  2021-05-20 14:49 ` [PATCH v2 1/2] tee: define session login identifiers Jens Wiklander
@ 2021-05-21 13:17   ` Etienne Carriere
  0 siblings, 0 replies; 6+ messages in thread
From: Etienne Carriere @ 2021-05-21 13:17 UTC (permalink / raw)
  To: Jens Wiklander; +Cc: U-Boot Mailing List, Simon Glass

On Thu, 20 May 2021 at 16:50, Jens Wiklander <jens.wiklander@linaro.org> wrote:
>
> On Wed, May 19, 2021 at 4:27 PM Etienne Carriere
> <etienne.carriere@linaro.org> wrote:
> >
> > Define identifiers for clnt_login field in struct tee_open_session_arg
> > based in GlobalPlatform Device TEE IDs and on the REE_KERNEL identifier
> > extension from OP-TEE OS.
> >
> > Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
> > ---
> > Changes since v1:
> > - Rename macros to TEE_LOGIN_* and use same inline description as made
> >   in Linux kernel source tree.
> > ---
> >  include/tee.h | 23 +++++++++++++++++++++--
> >  1 file changed, 21 insertions(+), 2 deletions(-)
> >
> > diff --git a/include/tee.h b/include/tee.h
> > index 99367b258e..d56530653c 100644
> > --- a/include/tee.h
> > +++ b/include/tee.h
> > @@ -31,6 +31,25 @@
> >  #define TEE_PARAM_ATTR_MASK                    (TEE_PARAM_ATTR_TYPE_MASK | \
> >                                                  TEE_PARAM_ATTR_META)
> >
> > +/*
> > + * Global Platform login identifiers for tee_open_session_arg::clnt_login
> > + */
> > +#define TEE_LOGIN_PUBLIC                  0x00000000
> > +#define TEE_LOGIN_USER                    0x00000001
> > +#define TEE_LOGIN_GROUP                   0x00000002
> > +#define TEE_LOGIN_APPLICATION             0x00000004
> > +#define TEE_LOGIN_APPLICATION_USER        0x00000005
> > +#define TEE_LOGIN_APPLICATION_GROUP       0x00000006
> > +/*
> > + * Disallow user-space to use GP implementation specific login
> > + * method range (0x80000000 - 0xBFFFFFFF). This range is rather
> > + * being reserved for REE kernel clients or TEE implementation.
> > + */
> > +#define TEE_LOGIN_REE_KERNEL_MIN          0x80000000
> > +#define TEE_LOGIN_REE_KERNEL_MAX          0xBFFFFFFF
> > +/* Private login method for REE kernel clients */
> > +#define TEE_LOGIN_REE_KERNEL              0x80000000
> > +
>
> I might be a bit odd to talk about user-space in U-Boot, but I suppose
> it's still good to know how this is supposed to work later in the
> kernel too.

Okay, i'll rephrase.
/*
 * Reserve use of GP implementation specific login method range
 * (0x80000000 - 0xBFFFFFFF). This range is rather being used
 * for REE kernel clients or TEE implementation.
 */

cheers,
etienne


>
> What do others think?
>
> Cheers,
> Jens

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-05-21 13:17 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-19 14:26 [PATCH v2 1/2] tee: define session login identifiers Etienne Carriere
2021-05-19 14:26 ` [PATCH v2 2/2] tee: optee: support session login as REE kernel Etienne Carriere
2021-05-20 14:56   ` Jens Wiklander
2021-05-21 13:13     ` Etienne Carriere
2021-05-20 14:49 ` [PATCH v2 1/2] tee: define session login identifiers Jens Wiklander
2021-05-21 13:17   ` Etienne Carriere

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.