[PATCH 2/2] tee: optee: support session login as REE kernel
Jens Wiklander
jens.wiklander at linaro.org
Mon May 17 08:08:12 CEST 2021
On Wed, May 12, 2021 at 5:06 PM Etienne Carriere
<etienne.carriere at linaro.org> wrote:
>
> OP-TEE supports an API extension to allow client to open a TEE session
> as REE kernel which OP-TEE uses to differentiate client application
> services from system services that only the REE OS kernel can access.
>
> This change allows U-Boot to invoke OP-TEE which such kernel identity
> and therefore access kernel client specific services.
>
> Signed-off-by: Etienne Carriere <etienne.carriere at linaro.org>
> ---
> drivers/tee/optee/core.c | 24 +++++++++++++++++++++++-
> drivers/tee/optee/optee_msg.h | 2 ++
> 2 files changed, 25 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> index 73dbb22ba0..526bf125a0 100644
> --- a/drivers/tee/optee/core.c
> +++ b/drivers/tee/optee/core.c
> @@ -349,6 +349,28 @@ static int optee_close_session(struct udevice *dev, u32 session)
> return 0;
> }
>
> +static uint32_t optee_login_id(enum tee_session_login login)
> +{
> + /* Treat invalid IDs as public login */
> + switch (login) {
> + case TEE_SESSION_LOGIN_USER:
> + return OPTEE_MSG_LOGIN_USER;
> + case TEE_SESSION_LOGIN_GROUP:
> + return OPTEE_MSG_LOGIN_GROUP;
> + case TEE_SESSION_LOGIN_APPLICATION:
> + return OPTEE_MSG_LOGIN_APPLICATION;
> + case TEE_SESSION_LOGIN_APPLICATION_USER:
> + return OPTEE_MSG_LOGIN_APPLICATION;
> + case TEE_SESSION_LOGIN_APPLICATION_GROUP:
> + return OPTEE_MSG_LOGIN_APPLICATION;
> + case TEE_SESSION_LOGIN_REE_KERNEL:
> + return OPTEE_MSG_LOGIN_REE_KERNEL;
> + case TEE_SESSION_LOGIN_PUBLIC:
> + default:
> + return OPTEE_MSG_LOGIN_PUBLIC;
> + }
> +}
> +
I don't see any point in this translation, we could just as well use
the correct values from the start.
Cheers,
Jens
> static int optee_open_session(struct udevice *dev,
> struct tee_open_session_arg *arg,
> uint num_params, struct tee_param *params)
> @@ -372,7 +394,7 @@ static int optee_open_session(struct udevice *dev,
> OPTEE_MSG_ATTR_META;
> memcpy(&msg_arg->params[0].u.value, arg->uuid, sizeof(arg->uuid));
> memcpy(&msg_arg->params[1].u.value, arg->uuid, sizeof(arg->clnt_uuid));
> - msg_arg->params[1].u.value.c = arg->clnt_login;
> + msg_arg->params[1].u.value.c = optee_login_id(arg->clnt_login);
>
> rc = to_msg_param(msg_arg->params + 2, num_params, params);
> if (rc)
> diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h
> index 8d40ce60c2..17e8d28e52 100644
> --- a/drivers/tee/optee/optee_msg.h
> +++ b/drivers/tee/optee/optee_msg.h
> @@ -95,6 +95,8 @@
> #define OPTEE_MSG_LOGIN_APPLICATION 0x00000004
> #define OPTEE_MSG_LOGIN_APPLICATION_USER 0x00000005
> #define OPTEE_MSG_LOGIN_APPLICATION_GROUP 0x00000006
> +/* OP-TEE extension: log as REE kernel */
> +#define OPTEE_MSG_LOGIN_REE_KERNEL 0x80000000
>
> /*
> * Page size used in non-contiguous buffer entries
> --
> 2.17.1
>
More information about the U-Boot
mailing list