[PATCH 1/2] tee: define session login identifiers

[Jens Wiklander]

On Wed, May 12, 2021 at 5:06 PM Etienne Carriere
<etienne.carriere at linaro.org> wrote:
>
> TEE header file defines a clnt_login field in struct tee_open_session_arg
> but does not define the values expected. This change define identifiers
> for the field using a enumerated type. Back end TEE driver is expected to
> convert these IDs into IDs meaningful to the TEE.
>
> Signed-off-by: Etienne Carriere <etienne.carriere at linaro.org>
> ---
>  include/tee.h | 19 ++++++++++++++++---
>  1 file changed, 16 insertions(+), 3 deletions(-)
>
> diff --git a/include/tee.h b/include/tee.h
> index 99367b258e..b8297601b4 100644
> --- a/include/tee.h
> +++ b/include/tee.h
> @@ -31,6 +31,19 @@
>  #define TEE_PARAM_ATTR_MASK                    (TEE_PARAM_ATTR_TYPE_MASK | \
>                                                  TEE_PARAM_ATTR_META)
>
> +/*
> + * Value for tee_open_session_arg::clnt_login
> + */
> +enum tee_session_login {
> +       TEE_SESSION_LOGIN_PUBLIC = 0,
> +       TEE_SESSION_LOGIN_USER,
> +       TEE_SESSION_LOGIN_GROUP,
> +       TEE_SESSION_LOGIN_APPLICATION,

This is defined as 4 in the spec.

> +       TEE_SESSION_LOGIN_APPLICATION_USER,
> +       TEE_SESSION_LOGIN_APPLICATION_GROUP,

Please make these USER_APPLICATION and GROUP_APPLICATION since that's
the order used in the spec.

> +       TEE_SESSION_LOGIN_REE_KERNEL,

The Linux kernel defines the REE kernel stuff as:
/*
 * Disallow user-space to use GP implementation specific login
 * method range (0x80000000 - 0xBFFFFFFF). This range is rather
 * being reserved for REE kernel clients or TEE implementation.
 */
#define TEE_IOCTL_LOGIN_REE_KERNEL_MIN          0x80000000
#define TEE_IOCTL_LOGIN_REE_KERNEL_MAX          0xBFFFFFFF
/* Private login method for REE kernel clients */
#define TEE_IOCTL_LOGIN_REE_KERNEL              0x80000000

We should at least try to be in the same implementation defined range.

> +};

I think that using a TEE_LOGIN_ prefix should be enough.

> +
>  /*
>   * Some Global Platform error codes which has a meaning if the
>   * TEE_GEN_CAP_GP bit is returned by the driver in
> @@ -135,8 +148,8 @@ struct tee_param {
>  /**
>   * struct tee_open_session_arg - extra arguments for tee_open_session()
>   * @uuid:      [in] UUID of the Trusted Application
> - * @clnt_uuid: [in] Normally zeroes
> - * @clnt_login:        [in] Normally 0
> + * @clnt_uuid: [in] UUID of client, zeroes for PUBLIC/REE_KERNEL
> + * @clnt_login:        [in] Class of client TEE_SESSION_LOGIN_*
>   * @session:   [out] Session id
>   * @ret:       [out] return value
>   * @ret_origin:        [out] origin of the return value
> @@ -144,7 +157,7 @@ struct tee_param {
>  struct tee_open_session_arg {
>         u8 uuid[TEE_UUID_LEN];
>         u8 clnt_uuid[TEE_UUID_LEN];
> -       u32 clnt_login;
> +       enum tee_session_login clnt_login;

Please keep this as an u32. It's part of the ABI.

Cheers,
Jens

>         u32 session;
>         u32 ret;
>         u32 ret_origin;
> --
> 2.17.1
>