[PATCH 2/2] tee: optee: support session login as REE kernel

Etienne Carriere etienne.carriere at linaro.org
Wed May 12 17:05:37 CEST 2021 

OP-TEE supports an API extension to allow client to open a TEE session
as REE kernel which OP-TEE uses to differentiate client application
services from system services that only the REE OS kernel can access.

This change allows U-Boot to invoke OP-TEE which such kernel identity
and therefore access kernel client specific services.

Signed-off-by: Etienne Carriere <etienne.carriere at linaro.org>
---
 drivers/tee/optee/core.c      | 24 +++++++++++++++++++++++-
 drivers/tee/optee/optee_msg.h |  2 ++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
index 73dbb22ba0..526bf125a0 100644
--- a/drivers/tee/optee/core.c
+++ b/drivers/tee/optee/core.c
@@ -349,6 +349,28 @@ static int optee_close_session(struct udevice *dev, u32 session)
 	return 0;
 }
 
+static uint32_t optee_login_id(enum tee_session_login login)
+{
+	/* Treat invalid IDs as public login */
+	switch (login) {
+	case TEE_SESSION_LOGIN_USER:
+		return OPTEE_MSG_LOGIN_USER;
+	case TEE_SESSION_LOGIN_GROUP:
+		return OPTEE_MSG_LOGIN_GROUP;
+	case TEE_SESSION_LOGIN_APPLICATION:
+		return OPTEE_MSG_LOGIN_APPLICATION;
+	case TEE_SESSION_LOGIN_APPLICATION_USER:
+		return OPTEE_MSG_LOGIN_APPLICATION;
+	case TEE_SESSION_LOGIN_APPLICATION_GROUP:
+		return OPTEE_MSG_LOGIN_APPLICATION;
+	case TEE_SESSION_LOGIN_REE_KERNEL:
+		return OPTEE_MSG_LOGIN_REE_KERNEL;
+	case TEE_SESSION_LOGIN_PUBLIC:
+	default:
+		return OPTEE_MSG_LOGIN_PUBLIC;
+	}
+}
+
 static int optee_open_session(struct udevice *dev,
 			      struct tee_open_session_arg *arg,
 			      uint num_params, struct tee_param *params)
@@ -372,7 +394,7 @@ static int optee_open_session(struct udevice *dev,
 				  OPTEE_MSG_ATTR_META;
 	memcpy(&msg_arg->params[0].u.value, arg->uuid, sizeof(arg->uuid));
 	memcpy(&msg_arg->params[1].u.value, arg->uuid, sizeof(arg->clnt_uuid));
-	msg_arg->params[1].u.value.c = arg->clnt_login;
+	msg_arg->params[1].u.value.c = optee_login_id(arg->clnt_login);
 
 	rc = to_msg_param(msg_arg->params + 2, num_params, params);
 	if (rc)
diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h
index 8d40ce60c2..17e8d28e52 100644
--- a/drivers/tee/optee/optee_msg.h
+++ b/drivers/tee/optee/optee_msg.h
@@ -95,6 +95,8 @@
 #define OPTEE_MSG_LOGIN_APPLICATION		0x00000004
 #define OPTEE_MSG_LOGIN_APPLICATION_USER	0x00000005
 #define OPTEE_MSG_LOGIN_APPLICATION_GROUP	0x00000006
+/* OP-TEE extension: log as REE kernel */
+#define OPTEE_MSG_LOGIN_REE_KERNEL		0x80000000
 
 /*
  * Page size used in non-contiguous buffer entries
-- 
2.17.1

More information about the U-Boot mailing list