[PATCH 2/2] tee: optee: support session login as REE kernel

Etienne Carriere etienne.carriere at linaro.org
Mon May 17 19:22:03 CEST 2021


On Mon, 17 May 2021 at 08:08, Jens Wiklander <jens.wiklander at linaro.org> wrote:
>
> On Wed, May 12, 2021 at 5:06 PM Etienne Carriere
> <etienne.carriere at linaro.org> wrote:
> >
> > OP-TEE supports an API extension to allow client to open a TEE session
> > as REE kernel which OP-TEE uses to differentiate client application
> > services from system services that only the REE OS kernel can access.
> >
> > This change allows U-Boot to invoke OP-TEE which such kernel identity
> > and therefore access kernel client specific services.
> >
> > Signed-off-by: Etienne Carriere <etienne.carriere at linaro.org>
> > ---
> >  drivers/tee/optee/core.c      | 24 +++++++++++++++++++++++-
> >  drivers/tee/optee/optee_msg.h |  2 ++
> >  2 files changed, 25 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/tee/optee/core.c b/drivers/tee/optee/core.c
> > index 73dbb22ba0..526bf125a0 100644
> > --- a/drivers/tee/optee/core.c
> > +++ b/drivers/tee/optee/core.c
> > @@ -349,6 +349,28 @@ static int optee_close_session(struct udevice *dev, u32 session)
> >         return 0;
> >  }
> >
> > +static uint32_t optee_login_id(enum tee_session_login login)
> > +{
> > +       /* Treat invalid IDs as public login */
> > +       switch (login) {
> > +       case TEE_SESSION_LOGIN_USER:
> > +               return OPTEE_MSG_LOGIN_USER;
> > +       case TEE_SESSION_LOGIN_GROUP:
> > +               return OPTEE_MSG_LOGIN_GROUP;
> > +       case TEE_SESSION_LOGIN_APPLICATION:
> > +               return OPTEE_MSG_LOGIN_APPLICATION;
> > +       case TEE_SESSION_LOGIN_APPLICATION_USER:
> > +               return OPTEE_MSG_LOGIN_APPLICATION;
> > +       case TEE_SESSION_LOGIN_APPLICATION_GROUP:
> > +               return OPTEE_MSG_LOGIN_APPLICATION;
> > +       case TEE_SESSION_LOGIN_REE_KERNEL:
> > +               return OPTEE_MSG_LOGIN_REE_KERNEL;
> > +       case TEE_SESSION_LOGIN_PUBLIC:
> > +       default:
> > +               return OPTEE_MSG_LOGIN_PUBLIC;
> > +       }
> > +}
> > +
>
> I don't see any point in this translation, we could just as well use
> the correct values from the start.
>
> Cheers,
> Jens

Right, i'll check that.

thanks
etienne


More information about the U-Boot mailing list