gpoulios opened a new pull request, #16309:
URL: https://github.com/apache/nuttx/pull/16309
## Summary
So far NuttX has supported OP-TEE interfacing over local and RPMsg sockets.
This PR introduces support for direct invocation of OP-TEE through arm64 SMCs.
The code is largely inspired by U-Boot's OP-TEE driver. SMC64 support is
enabled through `CONFIG_DEV_OPTEE_SMC64`.
The IOCTL interface remains the same except for the addition of
`TEE_IOC_SHM_REGISTER`, only for the newly introduced SMC driver. The added
ioctl enables the registration of dynamically allocated shared memory to the
driver (for automatic cleanup) and to OP-TEE (for use in invocations).
The PR introduces also ioctl argument memory checks to prevent the user from
specifying virtual addresses not belonging to the caller user task. The checks
are performed on all OP-TEE drivers implemented in NuttX, not just SMC.
## Impact
For users with no `CONFIG_DEV_OPTEE_*` configuration:
- No impact / no related changes
For users of `CONFIG_DEV_OPTEE_{LOCAL, RPMSG}`:
- No impact / same interface / with related changes
- Under the hood, the following changes (not affecting the interfacing):
- OP-TEE message arguments are now allocated on the kernel heap instead
of the stack (see `get_msg_arg()`) to the same effect.
- Memory used for IOCTL arguments provided by the user task is checked
for sanity. User tasks in builds with `CONFIG_ARCH_ADDRENV` are not allowed to
specify memory they don't own. Kernel thread invocations of the IOCTL interface
are not affected.
- Minor changes to the code that should not alter functionality in any
way. E.g.:
- Wrapping of the driver's socket reference into a new private data
struct (`optee_priv_data`).
- Wrapping of the call to `optee_send_recv()` into a new function
`optee_do_call_with_arg()`.
- `ret` codes checked against negative value instead of non-zero for
calls that are only expected to return negative error codes such as
`optee_send_recv()` and `optee_recv()`.
For users of `CONFIG_DEV_OPTEE_SMC64` on arm64 platforms running OP-TEE OS
Secure World:
- Ability to use native SMCs to directly invoke OP-TEE TAs.
## Testing
This has been tested on NXP i.MX93 EVK running:
- TF-A: version v2.10.0, tag `lf-6.6.52_2.2.0`
- OP-TEE OS: revision 4.4 (60beb308810f9561), tag `lf-6.6.52_2.2.0`
- NuttX configs `imx93-evk:nsh` and `imx93-evk:knsh` with the following
additional configuration:
- ```
CONFIG_ALLOW_BSD_COMPONENTS=y
CONFIG_ARCH_VMA_MAPPING=y (only on knsh)
CONFIG_ARCH_SHM_NPAGES=4096
CONFIG_ARCH_SHM_VBASE=0xFF000000
CONFIG_DEV_OPTEE_SMC64=y
CONFIG_DEV_OPTEE_SMC64_TEST=y
CONFIG_FS_SHMFS=y
CONFIG_LIBC_MEMFD_SHMFS=y
CONFIG_EXAMPLES_OPTEE=y
```
- and this app: https://github.com/apache/nuttx-apps/pull/3069
Driver logs with OP-TEE debug build (NuttX side prefixed with `OP-TEE`):
```
OP-TEE: revision 4.4 (60beb308810f9561)
I/TC: Reserved shared memory is enabled
I/TC: Dynamic shared memory is enabled
I/TC: Normal World virtualization support is disabled
I/TC: Asynchronous notifications are disabled
OP-TEE: compatibility check complete
D/TC:0 0 core_mmu_xlat_table_alloc:528 xlat tables used 6 / 8
D/TC:? 0 tee_ta_init_pseudo_ta_session:303 Lookup pseudo TA
7011a688-ddde-4053-a5a9-7b3c4ddf13b8
D/TC:? 0 tee_ta_init_pseudo_ta_session:315 Open device.pta
D/TC:? 0 tee_ta_init_pseudo_ta_session:330 device.pta :
7011a688-ddde-4053-a5a9-7b3c4ddf13b8
F/TC:? 0 plat_prng_add_jitter_entropy:68 0x81D8
OP-TEE: optee_ioctl_open_session(pta_device): 0, session: 1
OP-TEE: optee_ioctl_invoke(PTA_CMD_GET_DEVICES, NULL): 0, size needed: 32
OP-TEE: optee_shm_alloc(32): 0
OP-TEE: optee_ioctl_invoke(PTA_CMD_GET_DEVICES, 0x80364878): 0, size: 32
OP-TEE: TA: d96a5b40-c3e5-21e3-8794-1002a5d5c61b
OP-TEE: TA: f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c
D/TC:? 0 tee_ta_close_session:460 csess 0x68a98f50 id 1
D/TC:? 0 tee_ta_close_session:479 Destroy session
OP-TEE: optee_ioctl_close_session(pta_device): 0
```
Example NuttX app (`CONFIG_EXAMPLES_OPTEE`) logs with OP-TEE debug build:
```
impl id: 1, impl caps: 1, gen caps: 9
D/TC:? 0 tee_ta_init_session_with_context:557 Re-open trusted service
7011a688-ddde-4053-a5a9-7b3c4ddf13b8
D/TC:? 0 tee_ta_close_session:460 csess 0x68a98da0 id 1
D/TC:? 0 tee_ta_close_session:479 Destroy session
Available devices:
d96a5b40-c3e5-21e3-8794-1002a5d5c61b
f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c
```
Unfortunately, I don't have a suitable device/setup to test back
`CONFIG_DEV_OPTEE_{LOCAL, RPMSG}` but I would be happy to make amendments if
someone can spot an issue. I have tested they both build fine and work up to
the call to `psock_connect(..)`. I have done my best to leave the code of
`CONFIG_DEV_OPTEE_{LOCAL, RPMSG}` the same, and by some careful review, it
should be equivalent to the previous version (in the few places that it's
changed).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
