u-boot.git/drivers/tee, branch v2020.01 Unnamed repository; edit this file 'description' to name the repository. drivers: optee: rpmb: fix returning CID to TEE 2019-12-05T15:28:38+00:00 Jorge Ramirez-Ortiz jorge@foundries.io 2019-11-26T16:19:34+00:00 2464b229b5ab281d8698aa0f4d4de6d4d3fabf7d The mmc CID value is one of the input parameters used to provision the RPMB key. The trusted execution environment expects this value to be specified in big endian format. Before this fix, on little endian systems, the value returned by the linux kernel mmc driver differed from the one returned by u-boot. This meant that if linux provisioned the RPMB key, u-boot would not have access to the partition (and the other way around). Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> 
The mmc CID value is one of the input parameters used to provision the
RPMB key. The trusted execution environment expects this value to be
specified in big endian format.

Before this fix, on little endian systems, the value returned by the
linux kernel mmc driver differed from the one returned by u-boot.
This meant that if linux provisioned the RPMB key, u-boot would not
have access to the partition (and the other way around).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
env: Drop the ACTION typedef 2019-08-11T20:43:41+00:00 Simon Glass sjg@chromium.org 2019-08-01T15:47:09+00:00 3f0d6807459bb22431e5bc19e597c1786b3d1ce6 Avoid using a typedef here which is unnecessary. Add an 'env_' prefix to both the enum and its members to make it clear that these are related to the environment. Add an ENV prefix to these two flags so that it is clear what they relate to. Also move them to env.h since they are part of the public API. Use an enum rather than a #define to tie them together. Signed-off-by: Simon Glass <sjg@chromium.org> 
Avoid using a typedef here which is unnecessary. Add an 'env_' prefix to
both the enum and its members to make it clear that these are related to
the environment.

Add an ENV prefix to these two flags so that it is clear what they relate
to. Also move them to env.h since they are part of the public API. Use an
enum rather than a #define to tie them together.

Signed-off-by: Simon Glass <sjg@chromium.org>
env: Drop the ENTRY typedef 2019-08-11T20:43:41+00:00 Simon Glass sjg@chromium.org 2019-08-02T15:44:18+00:00 dd2408cac1ea0f5e9ab4b07539c6edaee57918cb U-Boot is not supposed to use typedef for structs anymore. Also this name is the same as the ENTRY() macro used in assembler files, and 'entry' itself is widely used in U-Boot (>8k matches). Drop the typedef and rename the struct to env_entry to reduce confusion. Signed-off-by: Simon Glass <sjg@chromium.org> Acked-by: Joe Hershberger <joe.hershberger@ni.com> 
U-Boot is not supposed to use typedef for structs anymore. Also this name
is the same as the ENTRY() macro used in assembler files, and 'entry'
itself is widely used in U-Boot (>8k matches).

Drop the typedef and rename the struct to env_entry to reduce confusion.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
test/py: avb: fix test_avb_persistent_values fail 2019-05-09T23:52:55+00:00 Igor Opaniuk igor.opaniuk@gmail.com 2019-05-06T09:07:31+00:00 34501d6713d2ba9d6a8e8c7a1f2942cc16ef9043 Fix test_avb_persistent_values() pytest, which was failing because of wrong size value provided from tee sandbox driver. Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com> 
Fix test_avb_persistent_values() pytest, which was failing because of
wrong size value provided from tee sandbox driver.

Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
avb: add support for named persistent values 2019-04-26T22:58:22+00:00 Igor Opaniuk igor.opaniuk@gmail.com 2019-04-09T13:38:14+00:00 fc1fe01b08cedd77a194bb82fa81af4fe1e39031 AVB 2.0 spec. revision 1.1 introduces support for named persistent values that must be tamper evident and allows AVB to store arbitrary key-value pairs [1]. Introduce implementation of two additional AVB operations read_persistent_value()/write_persistent_value() for retrieving/storing named persistent values. Correspondent pull request in the OP-TEE OS project repo [2]. [1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22 [2]: https://github.com/OP-TEE/optee_os/pull/2699 Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org> Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com> 
AVB 2.0 spec. revision 1.1 introduces support for named persistent values
that must be tamper evident and allows AVB to store arbitrary key-value
pairs [1].

Introduce implementation of two additional AVB operations
read_persistent_value()/write_persistent_value() for retrieving/storing
named persistent values.

Correspondent pull request in the OP-TEE OS project repo [2].

[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699

Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
tee: change return code for REE FS supplicant cmd 2018-12-15T16:49:19+00:00 Igor Opaniuk igor.opaniuk@linaro.org 2018-12-04T12:37:19+00:00 8b1312662b3b1748c3d5f8a30bc6f9ca72879c7a If OP-TEE core is compiled with support of REE FS and RPMB at the same time (CFG_RPMB_FS ?= y; CFG_RPMB_FS ?= y), and persistent storage API is used with TEE_STORAGE_PRIVATE storage id, it will lead to TA panic. E/TC:? 0 TA panicked with code 0xffff0009 ..... E/TC:? 0 Call stack: E/TC:? 0 0x000000004002f2f8 TEE_OpenPersistentObject at lib/libutee/tee_api_objects.c:422 In this particular case TEE_ERROR_STORAGE_NOT_AVAILABLE is more suitable than TEE_ERROR_NOT_IMPLEMENTED, as it provides to a TA a possibility to handle this error code [1]. >From GPD TEE Internal Core specification [2]: TEE_ERROR_STORAGE_NOT_AVAILABLE - if the persistent object is stored in a storage area which is currently inaccessible. It may be associated with the device but unplugged, busy, or inaccessible for some other reason. [1]: https://github.com/OP-TEE/optee_os/blob/94db01ef448d1e552161c2d861d57a5f8bda0cc0/lib/libutee/tee_api_objects.c#L419 [2]: https://globalplatform.org/wp-content/uploads/2018/06/GPD_TEE_Internal_Core_API_Specification_v1.1.2.50_PublicReview.pdf Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> 
If OP-TEE core is compiled with support of REE FS and RPMB
at the same time (CFG_RPMB_FS ?= y; CFG_RPMB_FS ?= y), and persistent
storage API is used with TEE_STORAGE_PRIVATE storage id, it will
lead to TA panic.

E/TC:? 0 TA panicked with code 0xffff0009
.....
E/TC:? 0 Call stack:
E/TC:? 0  0x000000004002f2f8 TEE_OpenPersistentObject at
lib/libutee/tee_api_objects.c:422

In this particular case TEE_ERROR_STORAGE_NOT_AVAILABLE is more suitable
than TEE_ERROR_NOT_IMPLEMENTED, as it provides to a TA a possibility
to handle this error code [1].

>From GPD TEE Internal Core specification [2]:
TEE_ERROR_STORAGE_NOT_AVAILABLE - if the persistent object is stored in a
storage area which is currently inaccessible. It may be associated with
the device but unplugged, busy, or inaccessible for some other reason.

[1]: https://github.com/OP-TEE/optee_os/blob/94db01ef448d1e552161c2d861d57a5f8bda0cc0/lib/libutee/tee_api_objects.c#L419
[2]: https://globalplatform.org/wp-content/uploads/2018/06/GPD_TEE_Internal_Core_API_Specification_v1.1.2.50_PublicReview.pdf

Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
tee: add sandbox driver 2018-10-07T15:04:01+00:00 Jens Wiklander jens.wiklander@linaro.org 2018-09-25T14:40:18+00:00 eadf26f1834666e6ad3ab8f17556d5939c88549e Adds a sandbox tee driver which emulates a generic TEE with the OP-TEE AVB TA. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> [trini: Fix printf warnings in ta_avb_invoke_func, slots is uint] Signed-off-by: Tom Rini <trini@konsulko.com> 
Adds a sandbox tee driver which emulates a generic TEE with the OP-TEE
AVB TA.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Fix printf warnings in ta_avb_invoke_func, slots is uint]
Signed-off-by: Tom Rini <trini@konsulko.com>
tee: optee: support AVB trusted application 2018-10-07T14:47:38+00:00 Jens Wiklander jens.wiklander@linaro.org 2018-09-25T14:40:15+00:00 1cc8cc4e675e32cde76487292c8bace5fa927eee Adds configuration option OPTEE_TA_AVB and a header file describing the interface to the Android Verified Boot 2.0 (AVB) trusted application provided by OP-TEE. Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org> Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> 
Adds configuration option OPTEE_TA_AVB and a header file describing the
interface to the Android Verified Boot 2.0 (AVB) trusted application
provided by OP-TEE.

Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
optee: support routing of rpmb data frames to mmc 2018-10-07T14:47:38+00:00 Jens Wiklander jens.wiklander@linaro.org 2018-09-25T14:40:14+00:00 232cfd6d9152fd2a4e7113faec51db2a9ab8c6bd Adds support in optee supplicant to route signed (MACed) RPMB frames from OP-TEE Secure OS to MMC and vice versa to manipulate the RPMB partition. Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> 
Adds support in optee supplicant to route signed (MACed) RPMB frames
from OP-TEE Secure OS to MMC and vice versa to manipulate the RPMB
partition.

Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
tee: add OP-TEE driver 2018-10-07T14:47:38+00:00 Jens Wiklander jens.wiklander@linaro.org 2018-09-25T14:40:11+00:00 d4bd3d25d8b032da8de9c79cbe103d47a3d160df Adds a OP-TEE driver. * Targets ARM and ARM64 * Supports using any U-Boot memory as shared memory * Probes OP-TEE version using SMCs * Uses OPTEE message protocol version 2 to communicate with secure world Reviewed-by: Simon Glass <sjg@chromium.org> Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
Adds a OP-TEE driver.

* Targets ARM and ARM64
* Supports using any U-Boot memory as shared memory
* Probes OP-TEE version using SMCs
* Uses OPTEE message protocol version 2 to communicate with secure world

Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>