[PATCH v6 0/4] OP-TEE I2C trampoline and associated tests
Igor Opaniuk
igor.opaniuk at foundries.io
Fri Jan 22 12:50:48 CET 2021
From: Igor Opaniuk <igor.opaniuk at foundries.io>
This patchset allows OP-TEE to communicate with I2C devices; a typical
use case would be servicing U-Boot requests that require underlying
cryptographic operations implemented by an I2C chip.
On a board fitted with the NXP SE050 I2C secure element, OP-TEE can
route some of the cryptographic operations it needs to that device (ie
RSA, ECC, CTR..).
Before the REE executes, OP-TEE would use its own I2C drivers to
communicate with the device on the bus; later on, once the REE is up,
accesses to the I2C bus should be coordinated with the REE to avoid
collisions. However instead of implementing such a synchronization
mechanism, this trampoline service permits OP-TEE to route those I2C
requests back to U-boot without then having to worry about collisions.
Lets suppose that U-Boot executes the trusted application Android
Verified Boot; when OP-TEE receives the request - and before executing
the application - it uses RSA to verify it. So on the back of the TA
function invocation, OP-TEE returns to U-boot with a sequence of RPC
calls requesting I2C transfers (check carefully the implementation in
do_call_with_arg(...) implemented in drivers/tee/optee/core.c and
notice the while loop)
When using sandbox testing, RPC is called directly to validate its
actual implementation; however as succintly described above, these
calls will always be originated in OP-TEE.
Changes v6:
* [Etienne Carriere] fixed func return code handling
* [Etienne Carriere] tee_optee_ta_uuid passing a pointer instead of full
struct
* [Etienne Carriere] pass additionally i2c control flags in tests
* Fixed mispelling in the comments
Changes v5:
* [Jens Wiklander] Addressed comment about optee_alloc_and_init_page_list():
drop inline, proper return value and comment
Changes v4:
* [Simon Glass] Reduced amount ifdefs warnings and move to
if (IS_ENABLED(CONFIG_*)) where possible
* Fixed pointer-sign warnings
Changes v3:
* [Simon Glass] Added RPC I2C test coverage
Changes v2:
* [Simon Glass] Adjusted the usage of DM internal api (dev_get_parent_platdata)
* [Simon Glass] Added additional comments to functions
* [Jens Wiklander] s/tmem/rmem/g
Igor Opaniuk (3):
test: py: add pygit2 and pyelftools to requirements.txt
drivers: tee: sandbox: add rpc test ta emulation
test: dm: tee: extend with RPC test
Jorge Ramirez-Ortiz (1):
drivers: tee: i2c trampoline driver
drivers/tee/Makefile | 2 +
drivers/tee/optee/Kconfig | 9 ++
drivers/tee/optee/Makefile | 1 +
drivers/tee/optee/i2c.c | 90 ++++++++++++++
drivers/tee/optee/optee_msg.h | 21 ++++
drivers/tee/optee/optee_msg_supplicant.h | 5 +
drivers/tee/optee/optee_private.h | 17 +++
drivers/tee/optee/supplicant.c | 3 +
drivers/tee/sandbox.c | 142 ++++++++++++++++++++++-
include/tee/optee_ta_rpc_test.h | 28 +++++
test/dm/tee.c | 116 ++++++++++++++++--
test/py/requirements.txt | 2 +
12 files changed, 425 insertions(+), 11 deletions(-)
create mode 100644 drivers/tee/optee/i2c.c
create mode 100644 include/tee/optee_ta_rpc_test.h
--
2.25.1
More information about the U-Boot
mailing list