From 1662ed0c1a464b39ff5b303950c034a352054114 Mon Sep 17 00:00:00 2001
From: Etienne Carriere <etienne.carriere@linaro.org>
Date: Tue, 9 Nov 2021 17:08:20 +0100
Subject: tee: define session login identifiers

Define identifiers for clnt_login field in struct tee_open_session_arg
based in GlobalPlatform Device TEE IDs and on the REE_KERNEL identifier
extension from OP-TEE OS.

Cc: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
 include/tee.h | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

(limited to 'include/tee.h')

diff --git a/include/tee.h b/include/tee.h
index 44e9cd4321b..30ea2ee164e 100644
--- a/include/tee.h
+++ b/include/tee.h
@@ -31,6 +31,25 @@
 #define TEE_PARAM_ATTR_MASK			(TEE_PARAM_ATTR_TYPE_MASK | \
 						 TEE_PARAM_ATTR_META)
 
+/*
+ * Global Platform login identifiers for tee_open_session_arg::clnt_login
+ */
+#define TEE_LOGIN_PUBLIC                  0x00000000
+#define TEE_LOGIN_USER                    0x00000001
+#define TEE_LOGIN_GROUP                   0x00000002
+#define TEE_LOGIN_APPLICATION             0x00000004
+#define TEE_LOGIN_APPLICATION_USER        0x00000005
+#define TEE_LOGIN_APPLICATION_GROUP       0x00000006
+/*
+ * Reserve use of GP implementation specific login method range
+ * (0x80000000 - 0xBFFFFFFF). This range is rather being used
+ * for REE kernel clients or TEE implementation.
+ */
+#define TEE_LOGIN_REE_KERNEL_MIN          0x80000000
+#define TEE_LOGIN_REE_KERNEL_MAX          0xBFFFFFFF
+/* Private login method for REE kernel/privileged clients */
+#define TEE_LOGIN_REE_KERNEL              0x80000000
+
 /*
  * Some Global Platform error codes which has a meaning if the
  * TEE_GEN_CAP_GP bit is returned by the driver in
@@ -135,8 +154,8 @@ struct tee_param {
 /**
  * struct tee_open_session_arg - extra arguments for tee_open_session()
  * @uuid:	[in] UUID of the Trusted Application
- * @clnt_uuid:	[in] Normally zeroes
- * @clnt_login:	[in] Normally 0
+ * @clnt_uuid:	[in] UUID of client, zeroes for PUBLIC/REE_KERNEL
+ * @clnt_login:	[in] Class of client TEE_LOGIN_*
  * @session:	[out] Session id
  * @ret:	[out] return value
  * @ret_origin:	[out] origin of the return value
-- 
cgit v1.2.3


From 1442e9f33070c962e91eafdc4b591331b17b5588 Mon Sep 17 00:00:00 2001
From: Etienne Carriere <etienne.carriere@linaro.org>
Date: Tue, 9 Nov 2021 17:08:22 +0100
Subject: tee: optee: define TEE error code TEE_ERROR_SHORT_BUFFER

Adds TEE_ERROR_SHORT_BUFFER as TEE error code. This error code is
commonly used by TEEs to inform caller that the buffer(s) it provided
is too small for the desired operation.

Cc: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
---
 include/tee.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include/tee.h')

diff --git a/include/tee.h b/include/tee.h
index 30ea2ee164e..50051496ae5 100644
--- a/include/tee.h
+++ b/include/tee.h
@@ -64,6 +64,7 @@
 #define TEE_ERROR_NOT_SUPPORTED		0xffff000a
 #define TEE_ERROR_COMMUNICATION		0xffff000e
 #define TEE_ERROR_SECURITY		0xffff000f
+#define TEE_ERROR_SHORT_BUFFER		0xffff0010
 #define TEE_ERROR_OUT_OF_MEMORY		0xffff000c
 #define TEE_ERROR_OVERFLOW              0xffff300f
 #define TEE_ERROR_TARGET_DEAD		0xffff3024
-- 
cgit v1.2.3


From 2707610eb7d3068dbd131401dcde65a57ddc0018 Mon Sep 17 00:00:00 2001
From: Ilias Apalodimas <apalos@gmail.com>
Date: Fri, 24 Dec 2021 10:08:41 +0200
Subject: efi_loader: Don't limit the StMM buffer size explicitly

Currently we allow and explicitly check a single shared page with
StandAloneMM.  This is dictated by OP-TEE which runs the application.
However there's no way for us dynamically discover the number of pages we
are allowed to use.  Since writing big EFI signature list variable
requires more than a page, OP-TEE has bumped the number of shared pages to
four.

Let's remove our explicit check and allow the request to reach OP-TEE even
if it's bigger than what it supports.  There's no need to sanitize the
number of pages internally.  OP-TEE will fail if we try to write more
than it's allowed. The error will just trigger later on,  during the
StMM access.

While at it add an error message to help users figure out what failed.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>

Signed-off-by: Ilias Apalodimas <apalos@gmail.com>
---
 include/tee.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include/tee.h')

diff --git a/include/tee.h b/include/tee.h
index 50051496ae5..13f6096b9a6 100644
--- a/include/tee.h
+++ b/include/tee.h
@@ -58,6 +58,7 @@
 #define TEE_SUCCESS			0x00000000
 #define TEE_ERROR_STORAGE_NOT_AVAILABLE	0xf0100003
 #define TEE_ERROR_GENERIC		0xffff0000
+#define TEE_ERROR_EXCESS_DATA		0xffff0004
 #define TEE_ERROR_BAD_PARAMETERS	0xffff0006
 #define TEE_ERROR_ITEM_NOT_FOUND	0xffff0008
 #define TEE_ERROR_NOT_IMPLEMENTED	0xffff0009
-- 
cgit v1.2.3