linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jens Wiklander <jens.wiklander@linaro.org>
To: linux-kernel@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org, devicetree@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	javier@javigon.com
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
	tpmdd-devel@lists.sourceforge.net, valentin.manea@huawei.com,
	jean-michel.delorme@st.com, emmanuel.michel@st.com,
	Jens Wiklander <jens.wiklander@linaro.org>
Subject: [RFC PATCH 0/2] generic TEE subsystem
Date: Fri, 17 Apr 2015 09:50:55 +0200	[thread overview]
Message-ID: <1429257057-7935-1-git-send-email-jens.wiklander@linaro.org> (raw)

Hi,

This patch set introduces a generic TEE subsystem. The TEE subssytem will be
able contain drivers for various TEE implementations. A TEE (Trusted
Execution Environment) is a trusted OS running in some secure environment,
for example, TrustZone on ARM cpus, or a separate secure co-processor etc.

Regarding use cases, TrustZone has traditionally been used for
offloading secure tasks to the secure world. Examples include banking
applications, Digital Rights Management (DRM), or specific secure
solutions.

This TEE subsystem can serve a TEE driver for a Global Platform compliant
TEE, but it's not limited to only Global Platform TEEs.  One reason why I'm
doing this to be able to get an OP-TEE (https://github.com/OP-TEE/optee_os)
driver upstream.

The first patch brings in the generic TEE subsystem which helps when
writing a driver for a specific TEE, for example, OP-TEE.

The second patch is a mostly stubbed OP-TEE driver which shows briefly how
a specific TEE driver uses the subsystem to register etc.

I've tested this with a more complete OP-TEE driver, but I don't want to
post that yet in the current shape. I will submit a complete OP-TEE driver
when it's ready. Javier is also working on a driver for another TEE so we
will soon have at least two TEE drivers under the TEE subsystem.

Questions:
* Where should we put this in the tree? I'm proposing drivers/tee and
  include/linux/tee here. Another place could be drivers/firmware/tee. I
  don't have a strong opinion on either place.

* What should we have in the .compatible field in FDT for the OP-TEE driver?
  I'm proposing "optee,optee-tz" as OP-TEE doesn't really have a vendor.
  OP-TEE isn't limited to TrustZone, it can run in other environments too so
  "optee-tz" could be a way of keeping different options apart. I need
  advice here.

* Who will maintain this? I'm willing to do it together with Javier.

This patch set has been prepared in cooperation with Javier González who
proposed "Generic TrustZone Driver in Linux Kernel" patches 28 Nov 2014,
https://lwn.net/Articles/623380/ . We've since then changed the scope to
TEE instead of TrustZone.

We have discussed the design on tee-dev@lists.linaro.org (archive at
https://lists.linaro.org/pipermail/tee-dev/) with people from other
companies, including Valentin Manea <valentin.manea@huawei.com>,
Emmanuel MICHEL <emmanuel.michel@st.com>,
Jean-michel DELORME <jean-michel.delorme@st.com>,
and Joakim Bech <joakim.bech@linaro.org>. Our main concern has been to
agree on something that is generic enough to support many different
TEEs while still keeping the interface together.

Regards,
Jens

Jens Wiklander (2):
  tee: generic TEE subsystem
  tee: add OP-TEE driver

 Documentation/ioctl/ioctl-number.txt |   1 +
 drivers/Kconfig                      |   2 +
 drivers/Makefile                     |   1 +
 drivers/tee/Kconfig                  |  18 ++
 drivers/tee/Makefile                 |   4 +
 drivers/tee/optee/Kconfig            |   7 +
 drivers/tee/optee/Makefile           |   2 +
 drivers/tee/optee/core.c             | 192 ++++++++++++++++++++
 drivers/tee/tee.c                    | 253 +++++++++++++++++++++++++++
 drivers/tee/tee_private.h            |  64 +++++++
 drivers/tee/tee_shm.c                | 330 +++++++++++++++++++++++++++++++++++
 drivers/tee/tee_shm_pool.c           | 246 ++++++++++++++++++++++++++
 include/linux/tee/tee.h              | 180 +++++++++++++++++++
 include/linux/tee/tee_drv.h          | 271 ++++++++++++++++++++++++++++
 14 files changed, 1571 insertions(+)
 create mode 100644 drivers/tee/Kconfig
 create mode 100644 drivers/tee/Makefile
 create mode 100644 drivers/tee/optee/Kconfig
 create mode 100644 drivers/tee/optee/Makefile
 create mode 100644 drivers/tee/optee/core.c
 create mode 100644 drivers/tee/tee.c
 create mode 100644 drivers/tee/tee_private.h
 create mode 100644 drivers/tee/tee_shm.c
 create mode 100644 drivers/tee/tee_shm_pool.c
 create mode 100644 include/linux/tee/tee.h
 create mode 100644 include/linux/tee/tee_drv.h

-- 
1.9.1


             reply	other threads:[~2015-04-17  7:52 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-04-17  7:50 Jens Wiklander [this message]
2015-04-17  7:50 ` [RFC PATCH 1/2] tee: generic TEE subsystem Jens Wiklander
2015-04-17 16:30   ` [tpmdd-devel] " Jason Gunthorpe
2015-04-18  9:01     ` Russell King - ARM Linux
2015-04-18 17:29       ` Jason Gunthorpe
2015-04-18 21:57         ` Russell King - ARM Linux
2015-04-20  5:08           ` Jason Gunthorpe
2015-04-20 14:54             ` Greg Kroah-Hartman
2015-04-20 15:56               ` Jason Gunthorpe
2015-04-20 16:05                 ` Greg Kroah-Hartman
2015-04-20 13:02         ` Jens Wiklander
2015-04-20 17:55           ` Jason Gunthorpe
2015-04-21  5:59             ` Jens Wiklander
2015-04-17 20:07   ` Arnd Bergmann
2015-04-18  7:20     ` Paul Bolle
2015-04-20  6:20     ` Jens Wiklander
2015-04-20 18:20       ` [tpmdd-devel] " Jason Gunthorpe
2015-04-21 10:45         ` Jens Wiklander
2015-04-18  8:55   ` Greg Kroah-Hartman
2015-04-18  8:57   ` Greg Kroah-Hartman
2015-04-18  9:04     ` Russell King - ARM Linux
2015-04-18 18:47       ` Greg Kroah-Hartman
2015-04-18 19:02         ` Russell King - ARM Linux
2015-04-18 20:37           ` Greg Kroah-Hartman
2015-04-18 20:50             ` Russell King - ARM Linux
2015-04-19  7:00               ` Greg Kroah-Hartman
2015-04-17  7:50 ` [RFC PATCH 2/2] tee: add OP-TEE driver Jens Wiklander
2015-04-18  8:57   ` Greg Kroah-Hartman
2015-04-18  9:36     ` Javier González
2015-04-18 18:49       ` Greg Kroah-Hartman
2015-04-18 19:01         ` Arnd Bergmann
2015-04-19 11:17           ` Javier González
2015-04-19 19:47             ` Arnd Bergmann
2015-04-20  7:05               ` Javier González
2015-04-20  6:42     ` Jens Wiklander

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1429257057-7935-1-git-send-email-jens.wiklander@linaro.org \
    --to=jens.wiklander@linaro.org \
    --cc=arnd@arndb.de \
    --cc=devicetree@vger.kernel.org \
    --cc=emmanuel.michel@st.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=javier@javigon.com \
    --cc=jean-michel.delorme@st.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tpmdd-devel@lists.sourceforge.net \
    --cc=valentin.manea@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).