aboutsummaryrefslogtreecommitdiff
path: root/drivers
diff options
context:
space:
mode:
authorJens Wiklander <jens.wiklander@linaro.org>2018-09-25 16:40:09 +0200
committerTom Rini <trini@konsulko.com>2018-10-07 10:47:38 -0400
commit9ff4a31175deb892cf5ea2976c213fb6c6dda080 (patch)
tree62a85a3de807d32a26da66c59b85b9e55f134234 /drivers
parent4853ad3e13e21462a86e09caee4ea27ae68e764b (diff)
downloadu-boot-9ff4a31175deb892cf5ea2976c213fb6c6dda080.zip
u-boot-9ff4a31175deb892cf5ea2976c213fb6c6dda080.tar.gz
u-boot-9ff4a31175deb892cf5ea2976c213fb6c6dda080.tar.bz2
Add UCLASS_TEE for Trusted Execution Environment
Adds a uclass to interface with a TEE (Trusted Execution Environment). A TEE driver is a driver that interfaces with a trusted OS running in some secure environment, for example, TrustZone on ARM cpus, or a separate secure co-processor etc. The TEE subsystem can serve a TEE driver for a Global Platform compliant TEE, but it's not limited to only Global Platform TEEs. The over all design is based on the TEE subsystem in the Linux kernel, tailored for U-Boot. Reviewed-by: Simon Glass <sjg@chromium.org> Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/Kconfig2
-rw-r--r--drivers/Makefile1
-rw-r--r--drivers/tee/Kconfig11
-rw-r--r--drivers/tee/Makefile3
-rw-r--r--drivers/tee/tee-uclass.c209
5 files changed, 226 insertions, 0 deletions
diff --git a/drivers/Kconfig b/drivers/Kconfig
index 11b88a1..927a2b8 100644
--- a/drivers/Kconfig
+++ b/drivers/Kconfig
@@ -100,6 +100,8 @@ source "drivers/spmi/Kconfig"
source "drivers/sysreset/Kconfig"
+source "drivers/tee/Kconfig"
+
source "drivers/thermal/Kconfig"
source "drivers/timer/Kconfig"
diff --git a/drivers/Makefile b/drivers/Makefile
index e3b9e8c..fb38b67 100644
--- a/drivers/Makefile
+++ b/drivers/Makefile
@@ -105,6 +105,7 @@ obj-y += input/
obj-y += smem/
obj-y += soc/
obj-y += thermal/
+obj-$(CONFIG_TEE) += tee/
obj-y += axi/
obj-$(CONFIG_W1) += w1/
obj-$(CONFIG_W1_EEPROM) += w1-eeprom/
diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig
new file mode 100644
index 0000000..f3fc3c2
--- /dev/null
+++ b/drivers/tee/Kconfig
@@ -0,0 +1,11 @@
+# Generic Trusted Execution Environment Configuration
+config TEE
+ bool "Trusted Execution Environment support"
+ depends on ARM && (ARM64 || CPU_V7A)
+ select ARM_SMCCC
+ help
+ This implements a generic interface towards a Trusted Execution
+ Environment (TEE). A TEE is a trusted OS running in some secure
+ environment, for example, TrustZone on ARM cpus, or a separate
+ secure co-processor etc. See also:
+ https://en.wikipedia.org/wiki/Trusted_execution_environment
diff --git a/drivers/tee/Makefile b/drivers/tee/Makefile
new file mode 100644
index 0000000..b6d8e16
--- /dev/null
+++ b/drivers/tee/Makefile
@@ -0,0 +1,3 @@
+# SPDX-License-Identifier: GPL-2.0+
+
+obj-y += tee-uclass.o
diff --git a/drivers/tee/tee-uclass.c b/drivers/tee/tee-uclass.c
new file mode 100644
index 0000000..1bee54e
--- /dev/null
+++ b/drivers/tee/tee-uclass.c
@@ -0,0 +1,209 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2018 Linaro Limited
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <dm/device-internal.h>
+#include <dm/uclass-internal.h>
+#include <tee.h>
+
+/**
+ * struct tee_uclass_priv - information of a TEE, stored by the uclass
+ *
+ * @list_shm: list of structe tee_shm representing memory blocks shared
+ * with the TEE.
+ */
+struct tee_uclass_priv {
+ struct list_head list_shm;
+};
+
+static const struct tee_driver_ops *tee_get_ops(struct udevice *dev)
+{
+ return device_get_ops(dev);
+}
+
+void tee_get_version(struct udevice *dev, struct tee_version_data *vers)
+{
+ tee_get_ops(dev)->get_version(dev, vers);
+}
+
+int tee_open_session(struct udevice *dev, struct tee_open_session_arg *arg,
+ uint num_param, struct tee_param *param)
+{
+ return tee_get_ops(dev)->open_session(dev, arg, num_param, param);
+}
+
+int tee_close_session(struct udevice *dev, u32 session)
+{
+ return tee_get_ops(dev)->close_session(dev, session);
+}
+
+int tee_invoke_func(struct udevice *dev, struct tee_invoke_arg *arg,
+ uint num_param, struct tee_param *param)
+{
+ return tee_get_ops(dev)->invoke_func(dev, arg, num_param, param);
+}
+
+int __tee_shm_add(struct udevice *dev, ulong align, void *addr, ulong size,
+ u32 flags, struct tee_shm **shmp)
+{
+ struct tee_shm *shm;
+ void *p = addr;
+ int rc;
+
+ if (flags & TEE_SHM_ALLOC) {
+ if (align)
+ p = memalign(align, size);
+ else
+ p = malloc(size);
+ }
+ if (!p)
+ return -ENOMEM;
+
+ shm = calloc(1, sizeof(*shm));
+ if (!shm) {
+ rc = -ENOMEM;
+ goto err;
+ }
+
+ shm->dev = dev;
+ shm->addr = p;
+ shm->size = size;
+ shm->flags = flags;
+
+ if (flags & TEE_SHM_SEC_REGISTER) {
+ rc = tee_get_ops(dev)->shm_register(dev, shm);
+ if (rc)
+ goto err;
+ }
+
+ if (flags & TEE_SHM_REGISTER) {
+ struct tee_uclass_priv *priv = dev_get_uclass_priv(dev);
+
+ list_add(&shm->link, &priv->list_shm);
+ }
+
+ *shmp = shm;
+
+ return 0;
+err:
+ free(shm);
+ if (flags & TEE_SHM_ALLOC)
+ free(p);
+
+ return rc;
+}
+
+int tee_shm_alloc(struct udevice *dev, ulong size, u32 flags,
+ struct tee_shm **shmp)
+{
+ u32 f = flags;
+
+ f |= TEE_SHM_SEC_REGISTER | TEE_SHM_REGISTER | TEE_SHM_ALLOC;
+
+ return __tee_shm_add(dev, 0, NULL, size, f, shmp);
+}
+
+int tee_shm_register(struct udevice *dev, void *addr, ulong size, u32 flags,
+ struct tee_shm **shmp)
+{
+ u32 f = flags & ~TEE_SHM_ALLOC;
+
+ f |= TEE_SHM_SEC_REGISTER | TEE_SHM_REGISTER;
+
+ return __tee_shm_add(dev, 0, addr, size, f, shmp);
+}
+
+void tee_shm_free(struct tee_shm *shm)
+{
+ if (!shm)
+ return;
+
+ if (shm->flags & TEE_SHM_SEC_REGISTER)
+ tee_get_ops(shm->dev)->shm_unregister(shm->dev, shm);
+
+ if (shm->flags & TEE_SHM_REGISTER)
+ list_del(&shm->link);
+
+ if (shm->flags & TEE_SHM_ALLOC)
+ free(shm->addr);
+
+ free(shm);
+}
+
+bool tee_shm_is_registered(struct tee_shm *shm, struct udevice *dev)
+{
+ struct tee_uclass_priv *priv = dev_get_uclass_priv(dev);
+ struct tee_shm *s;
+
+ list_for_each_entry(s, &priv->list_shm, link)
+ if (s == shm)
+ return true;
+
+ return false;
+}
+
+struct udevice *tee_find_device(struct udevice *start,
+ int (*match)(struct tee_version_data *vers,
+ const void *data),
+ const void *data,
+ struct tee_version_data *vers)
+{
+ struct udevice *dev = start;
+ struct tee_version_data lv;
+ struct tee_version_data *v = vers ? vers : &lv;
+
+ if (!dev)
+ uclass_find_first_device(UCLASS_TEE, &dev);
+ else
+ uclass_find_next_device(&dev);
+
+ for (; dev; uclass_find_next_device(&dev)) {
+ if (device_probe(dev))
+ continue;
+ tee_get_ops(dev)->get_version(dev, v);
+ if (!match || match(v, data))
+ return dev;
+ }
+
+ return NULL;
+}
+
+static int tee_pre_probe(struct udevice *dev)
+{
+ struct tee_uclass_priv *priv = dev_get_uclass_priv(dev);
+
+ INIT_LIST_HEAD(&priv->list_shm);
+
+ return 0;
+}
+
+static int tee_pre_remove(struct udevice *dev)
+{
+ struct tee_uclass_priv *priv = dev_get_uclass_priv(dev);
+ struct tee_shm *shm;
+
+ /*
+ * Any remaining shared memory must be unregistered now as U-Boot
+ * is about to hand over to the next stage and that memory will be
+ * reused.
+ */
+ while (!list_empty(&priv->list_shm)) {
+ shm = list_first_entry(&priv->list_shm, struct tee_shm, link);
+ debug("%s: freeing leftover shm %p (size %lu, flags %#x)\n",
+ __func__, (void *)shm, shm->size, shm->flags);
+ tee_shm_free(shm);
+ }
+
+ return 0;
+}
+
+UCLASS_DRIVER(tee) = {
+ .id = UCLASS_TEE,
+ .name = "tee",
+ .per_device_auto_alloc_size = sizeof(struct tee_uclass_priv),
+ .pre_probe = tee_pre_probe,
+ .pre_remove = tee_pre_remove,
+};