tee: optee: support AVB trusted application

Adds configuration option OPTEE_TA_AVB and a header file describing the
interface to the Android Verified Boot 2.0 (AVB) trusted application
provided by OP-TEE.

Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Jens Wiklander 2018-09-25 16:40:15 +02:00 committed by Tom Rini
parent 232cfd6d91
commit 1cc8cc4e67
5 changed files with 127 additions and 0 deletions

View File

@ -634,6 +634,7 @@ M: Jens Wiklander <jens.wiklander@linaro.org>
S: Maintained
F: drivers/tee/
F: include/tee.h
F: include/tee/
UBI
M: Kyungmin Park <kmpark@infradead.org>

View File

@ -9,3 +9,19 @@ config OPTEE
mechanism. This driver can request services from OP-TEE, but also
handle Remote Procedure Calls (RPC) from OP-TEE needed to
execute a service. For more information see: https://www.op-tee.org
if OPTEE
menu "OP-TEE options"
config OPTEE_TA_AVB
bool "Support AVB TA"
default y
help
Enables support for the AVB Trusted Application (TA) in OP-TEE.
The TA can support the "avb" subcommands "read_rb", "write"rb"
and "is_unlocked".
endmenu
endif

View File

@ -207,3 +207,27 @@ UCLASS_DRIVER(tee) = {
.pre_probe = tee_pre_probe,
.pre_remove = tee_pre_remove,
};
void tee_optee_ta_uuid_from_octets(struct tee_optee_ta_uuid *d,
const u8 s[TEE_UUID_LEN])
{
d->time_low = ((u32)s[0] << 24) | ((u32)s[1] << 16) |
((u32)s[2] << 8) | s[3],
d->time_mid = ((u32)s[4] << 8) | s[5];
d->time_hi_and_version = ((u32)s[6] << 8) | s[7];
memcpy(d->clock_seq_and_node, s + 8, sizeof(d->clock_seq_and_node));
}
void tee_optee_ta_uuid_to_octets(u8 d[TEE_UUID_LEN],
const struct tee_optee_ta_uuid *s)
{
d[0] = s->time_low >> 24;
d[1] = s->time_low >> 16;
d[2] = s->time_low >> 8;
d[3] = s->time_low;
d[4] = s->time_mid >> 8;
d[5] = s->time_mid;
d[6] = s->time_hi_and_version >> 8;
d[7] = s->time_hi_and_version;
memcpy(d + 8, s->clock_seq_and_node, sizeof(s->clock_seq_and_node));
}

View File

@ -49,6 +49,22 @@
#define TEE_ORIGIN_TRUSTED_APP 0x00000004
struct udevice;
/**
* struct tee_optee_ta_uuid - OP-TEE Trusted Application (TA) UUID format
*
* Used to identify an OP-TEE TA and define suitable to initialize structs
* of this format is distributed with the interface of the TA. The
* individual fields of this struct doesn't have any special meaning in
* OP-TEE. See RFC4122 for details on the format.
*/
struct tee_optee_ta_uuid {
u32 time_low;
u16 time_mid;
u16 time_hi_and_version;
u8 clock_seq_and_node[8];
};
/**
* struct tee_shm - memory shared with the TEE
* @dev: The TEE device
@ -333,4 +349,26 @@ int tee_close_session(struct udevice *dev, u32 session);
int tee_invoke_func(struct udevice *dev, struct tee_invoke_arg *arg,
uint num_param, struct tee_param *param);
/**
* tee_optee_ta_uuid_from_octets() - Converts to struct tee_optee_ta_uuid
* @d: Destination struct
* @s: Source UUID octets
*
* Conversion to a struct tee_optee_ta_uuid represantion from binary octet
* representation.
*/
void tee_optee_ta_uuid_from_octets(struct tee_optee_ta_uuid *d,
const u8 s[TEE_UUID_LEN]);
/**
* tee_optee_ta_uuid_to_octets() - Converts from struct tee_optee_ta_uuid
* @d: Destination UUID octets
* @s: Source struct
*
* Conversion from a struct tee_optee_ta_uuid represantion to binary octet
* representation.
*/
void tee_optee_ta_uuid_to_octets(u8 d[TEE_UUID_LEN],
const struct tee_optee_ta_uuid *s);
#endif /* __TEE_H */

View File

@ -0,0 +1,48 @@
/* SPDX-License-Identifier: BSD-2-Clause */
/* Copyright (c) 2018, Linaro Limited */
#ifndef __TA_AVB_H
#define __TA_AVB_H
#define TA_AVB_UUID { 0x023f8f1a, 0x292a, 0x432b, \
{ 0x8f, 0xc4, 0xde, 0x84, 0x71, 0x35, 0x80, 0x67 } }
#define TA_AVB_MAX_ROLLBACK_LOCATIONS 256
/*
* Gets the rollback index corresponding to the given rollback index slot.
*
* in params[0].value.a: rollback index slot
* out params[1].value.a: upper 32 bits of rollback index
* out params[1].value.b: lower 32 bits of rollback index
*/
#define TA_AVB_CMD_READ_ROLLBACK_INDEX 0
/*
* Updates the rollback index corresponding to the given rollback index slot.
*
* Will refuse to update a slot with a lower value.
*
* in params[0].value.a: rollback index slot
* in params[1].value.a: upper 32 bits of rollback index
* in params[1].value.b: lower 32 bits of rollback index
*/
#define TA_AVB_CMD_WRITE_ROLLBACK_INDEX 1
/*
* Gets the lock state of the device.
*
* out params[0].value.a: lock state
*/
#define TA_AVB_CMD_READ_LOCK_STATE 2
/*
* Sets the lock state of the device.
*
* If the lock state is changed all rollback slots will be reset to 0
*
* in params[0].value.a: lock state
*/
#define TA_AVB_CMD_WRITE_LOCK_STATE 3
#endif /* __TA_AVB_H */