[PATCH v2 1/2] cmd: Add support for optee hello world ta command

Mattijs Korpershoek mkorpershoek at baylibre.com
Fri Dec 13 13:48:44 CET 2024 

Hi Venkatesh,

Thank you for the patch.

On ven., déc. 13, 2024 at 16:30, Venkatesh Yadav Abbarapu <venkatesh.abbarapu at amd.com> wrote:

> Enable "optee hello" command which increments the value passed.
> This provides easy test for establishing a session with OP-TEE
> TA and verify.
>
> It includes following subcommands:
> optee hello
> optee hello <value>; value to increment via OP-TEE HELLO
> WORLD TA.
>
> To enable the OP-TEE side HELLO WORLD example please refer
> https://optee.readthedocs.io/en/latest/building/gits/optee_examples/optee_examples.html
>
> Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu at amd.com>
> ---
>  cmd/Kconfig                |   8 +++
>  cmd/Makefile               |   1 +
>  cmd/optee_hello_world_ta.c | 104 +++++++++++++++++++++++++++++++++++++
>  3 files changed, 113 insertions(+)
>  create mode 100644 cmd/optee_hello_world_ta.c
>
> diff --git a/cmd/Kconfig b/cmd/Kconfig
> index 1d7ddb4ed36..f1f8d1b9571 100644
> --- a/cmd/Kconfig
> +++ b/cmd/Kconfig
> @@ -1446,6 +1446,14 @@ config CMD_OPTEE_RPMB
>  	  in the Replay Protection Memory Block partition in eMMC by
>  	  using Persistent Objects in OPTEE
>  
> +config CMD_OPTEE_HELLO_WORLD

If CMD_OPTEE_HELLO_WORLD has hello as a subcommand and we plan to add
other commands, shouldn't we give this Kconfig symbol a more generic
name?

How about CMD_OPTEE or CMD_OPTEE_TEST?

Maybe others have better recommendations for the naming.

> +	bool "Enable Hello world TA"
> +	depends on OPTEE
> +	default y

Are we sure we want this enabled by default for everyone?
It seems indeed like a nice debugging tool, but maybe keep it opt-in?

> +	help
> +	 Enable the hello world ta command to test the OPTEE by passing

OPTEE -> OP-TEE

> +	 a "value" which should increment by OPTEE TA example.

Ditto

> +
>  config CMD_MTD
>  	bool "mtd"
>  	depends on MTD
> diff --git a/cmd/Makefile b/cmd/Makefile
> index d1f369deec0..049147a1442 100644
> --- a/cmd/Makefile
> +++ b/cmd/Makefile
> @@ -118,6 +118,7 @@ obj-$(CONFIG_CMD_PAUSE) += pause.o
>  obj-$(CONFIG_CMD_SLEEP) += sleep.o
>  obj-$(CONFIG_CMD_MMC) += mmc.o
>  obj-$(CONFIG_CMD_OPTEE_RPMB) += optee_rpmb.o
> +obj-$(CONFIG_CMD_OPTEE_HELLO_WORLD) += optee_hello_world_ta.o

Similar remark for the file name.

>  obj-$(CONFIG_CMD_MP) += mp.o
>  obj-$(CONFIG_CMD_MTD) += mtd.o
>  obj-$(CONFIG_CMD_MTDPARTS) += mtdparts.o
> diff --git a/cmd/optee_hello_world_ta.c b/cmd/optee_hello_world_ta.c
> new file mode 100644
> index 00000000000..7c398bcad2c
> --- /dev/null
> +++ b/cmd/optee_hello_world_ta.c
> @@ -0,0 +1,104 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * (C) Copyright 2024, Advanced Micro Devices, Inc.
> + */
> +#include <command.h>
> +#include <errno.h>
> +#include <tee.h>
> +#include <vsprintf.h>
> +
> +static struct udevice *tee;
> +static u32 session;
> +
> +#define TA_HELLO_WORLD_CMD_INC_VALUE 0
> +/* This needs to match the UUID of the Hello World TA. */
> +#define TA_HELLO_WORLD_UUID \
> +	{ 0x8aaaf200, 0x2450, 0x11e4, \
> +	{ 0xab, 0xe2, 0x00, 0x02, 0xa5, 0xd5, 0xc5, 0x1b} }
> +
> +static int hello_world_ta_open_session(void)
> +{
> +	const struct tee_optee_ta_uuid uuid = TA_HELLO_WORLD_UUID;
> +	struct tee_open_session_arg arg;
> +	int rc;
> +
> +	tee = tee_find_device(tee, NULL, NULL, NULL);
> +	if (!tee)
> +		return -ENODEV;
> +
> +	memset(&arg, 0, sizeof(arg));
> +	tee_optee_ta_uuid_to_octets(arg.uuid, &uuid);
> +	rc = tee_open_session(tee, &arg, 0, NULL);
> +	if (rc != 0)
> +		session = arg.session;
> +
> +	return 0;
> +}
> +
> +static int hello_world_ta(unsigned int value)
> +{
> +	struct tee_param param[2];
> +	struct tee_invoke_arg arg;
> +	int status = -EACCES;
> +
> +	printf("The Hello World TA is going to be called\n");
> +
> +	status = hello_world_ta_open_session();
> +	if (status) {
> +		printf("hello_world_ta_open_session failed(%d)", status);
> +		return status;
> +	}
> +
> +	arg.func = TA_HELLO_WORLD_CMD_INC_VALUE;
> +	arg.session = session;
> +
> +	param[0].attr = TEE_PARAM_ATTR_TYPE_VALUE_INOUT;
> +	param[0].u.value.a = value;
> +
> +	printf("TA value: %d\n", (int)param[0].u.value.a);
> +
> +	tee_invoke_func(tee, &arg, 1, param);
> +
> +	printf("TA value: %d\n", (int)param[0].u.value.a);
> +
> +	tee_invoke_func(tee, &arg, 1, param);
> +
> +	printf("TA value: %d\n", (int)param[0].u.value.a);
> +
> +	status = tee_close_session(tee, session);
> +
> +	return status;
> +}
> +
> +static int do_optee_hello_world_ta(struct cmd_tbl *cmdtp, int flag, int argc,
> +				   char * const argv[])
> +{
> +	int ret;
> +	int value = 0;
> +
> +	if (argc != cmdtp->maxargs && argv[1] != NULL) {
> +		debug("do_optee_hello_world_ta: incorrect parameters passed\n");
> +		return CMD_RET_USAGE;
> +	}
> +
> +	if (argv[1] != NULL)
> +		value = dectoul(argv[1], NULL);
> +
> +	ret = hello_world_ta(value);
> +	if (ret)
> +		return CMD_RET_FAILURE;
> +
> +	return CMD_RET_SUCCESS;
> +}
> +
> +U_BOOT_LONGHELP(optee,
> +		"- commands can be verified on OP-TEE\n\n"
> +		"optee hello\n"
> +		"optee hello <value>\n"
> +		"\n"
> +		"With:\n"
> +		"\t<value>: integer value\n"
> +		);
> +
> +U_BOOT_CMD_WITH_SUBCMDS(optee, "OP-TEE commands", optee_help_text,
> +			U_BOOT_SUBCMD_MKENT(hello, 2, 1, do_optee_hello_world_ta));
> -- 
> 2.34.1

More information about the U-Boot mailing list