Re: [PATCH v9 2/7] remoteproc: Add TEE support
On Fri, Aug 30, 2024 at 11:51:42AM +0200, Arnaud Pouliquen wrote: > Add a remoteproc TEE (Trusted Execution Environment) driver > that will be probed by the TEE bus. If the associated Trusted > application is supported on secure part this driver offers a client > interface to load a firmware by the secure part. > This firmware could be authenticated by the secure trusted application. > > Signed-off-by: Arnaud Pouliquen > --- > Updates vs previous version: > - add TA_RPROC_CMD_RELEASE_FW TEE command support to release firmware > resources, > - add tee_rproc_release_fw() API that will be called by the remoteproc core, > - release the firmware resources in case of error in tee_rproc_parse_fw() > function > --- > drivers/remoteproc/Kconfig | 10 + > drivers/remoteproc/Makefile | 1 + > drivers/remoteproc/remoteproc_tee.c | 486 > include/linux/remoteproc.h | 4 + > include/linux/remoteproc_tee.h | 109 +++ > 5 files changed, 610 insertions(+) > create mode 100644 drivers/remoteproc/remoteproc_tee.c > create mode 100644 include/linux/remoteproc_tee.h > > diff --git a/drivers/remoteproc/Kconfig b/drivers/remoteproc/Kconfig > index dda2ada215b7..93c3de7727bb 100644 > --- a/drivers/remoteproc/Kconfig > +++ b/drivers/remoteproc/Kconfig > @@ -366,6 +366,16 @@ config XLNX_R5_REMOTEPROC > > It's safe to say N if not interested in using RPU r5f cores. > > + > +config REMOTEPROC_TEE > + tristate "Remoteproc support by a TEE application" > + depends on OPTEE > + help > + Support a remote processor with a TEE application. The Trusted > + Execution Context is responsible for loading the trusted firmware > + image and managing the remote processor's lifecycle. > + This can be either built-in or a loadable module. > + > endif # REMOTEPROC > > endmenu > diff --git a/drivers/remoteproc/Makefile b/drivers/remoteproc/Makefile > index 91314a9b43ce..b4eb37177005 100644 > --- a/drivers/remoteproc/Makefile > +++ b/drivers/remoteproc/Makefile > @@ -36,6 +36,7 @@ obj-$(CONFIG_RCAR_REMOTEPROC) += rcar_rproc.o > obj-$(CONFIG_ST_REMOTEPROC) += st_remoteproc.o > obj-$(CONFIG_ST_SLIM_REMOTEPROC) += st_slim_rproc.o > obj-$(CONFIG_STM32_RPROC)+= stm32_rproc.o > +obj-$(CONFIG_REMOTEPROC_TEE) += remoteproc_tee.o > obj-$(CONFIG_TI_K3_DSP_REMOTEPROC) += ti_k3_dsp_remoteproc.o > obj-$(CONFIG_TI_K3_R5_REMOTEPROC)+= ti_k3_r5_remoteproc.o > obj-$(CONFIG_XLNX_R5_REMOTEPROC) += xlnx_r5_remoteproc.o > diff --git a/drivers/remoteproc/remoteproc_tee.c > b/drivers/remoteproc/remoteproc_tee.c > new file mode 100644 > index ..d4a10c99f6e1 > --- /dev/null > +++ b/drivers/remoteproc/remoteproc_tee.c > @@ -0,0 +1,486 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +/* > + * Copyright (C) STMicroelectronics 2024 > + * Author: Arnaud Pouliquen > + */ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#define MAX_TEE_PARAM_ARRY_MEMBER4 > + > +/* > + * Authentication of the firmware and load in the remote processor memory > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + * [in] params[1].memref: buffer containing the image of the > buffer > + */ > +#define TA_RPROC_FW_CMD_LOAD_FW 1 > + > +/* > + * Start the remote processor > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + */ > +#define TA_RPROC_FW_CMD_START_FW 2 > + > +/* > + * Stop the remote processor > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + */ > +#define TA_RPROC_FW_CMD_STOP_FW 3 > + > +/* > + * Return the address of the resource table, or 0 if not found > + * No check is done to verify that the address returned is accessible by > + * the non secure context. If the resource table is loaded in a protected > + * memory the access by the non secure context will lead to a data abort. > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + * [out] params[1].value.a: 32bit LSB resource table memory address > + * [out] params[1].value.b: 32bit MSB resource table memory address > + * [out] params[2].value.a: 32bit LSB resource table memory size > + * [out] params[2].value.b: 32bit MSB resource table memory size > + */ > +#define TA_RPROC_FW_CMD_GET_RSC_TABLE4 > + > +/* > + * Return the address of the core dump > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + * [out] params[1].memref: address of the core dump image if exist, > + * else return Null > + */ > +#define TA_RPROC_FW_CMD_GET_COREDUMP 5 > + > +/* > + * Release remote processor firmware images and associated resources. > + * This command should be used in case an error occurs between the loading of > + * the firmware im
Re: [PATCH v9 2/7] remoteproc: Add TEE support
On Fri, Aug 30, 2024 at 11:51:42AM +0200, Arnaud Pouliquen wrote: > Add a remoteproc TEE (Trusted Execution Environment) driver > that will be probed by the TEE bus. If the associated Trusted > application is supported on secure part this driver offers a client > interface to load a firmware by the secure part. > This firmware could be authenticated by the secure trusted application. > > Signed-off-by: Arnaud Pouliquen > --- > Updates vs previous version: > - add TA_RPROC_CMD_RELEASE_FW TEE command support to release firmware > resources, > - add tee_rproc_release_fw() API that will be called by the remoteproc core, > - release the firmware resources in case of error in tee_rproc_parse_fw() > function > --- > drivers/remoteproc/Kconfig | 10 + > drivers/remoteproc/Makefile | 1 + > drivers/remoteproc/remoteproc_tee.c | 486 > include/linux/remoteproc.h | 4 + > include/linux/remoteproc_tee.h | 109 +++ > 5 files changed, 610 insertions(+) > create mode 100644 drivers/remoteproc/remoteproc_tee.c > create mode 100644 include/linux/remoteproc_tee.h > > diff --git a/drivers/remoteproc/Kconfig b/drivers/remoteproc/Kconfig > index dda2ada215b7..93c3de7727bb 100644 > --- a/drivers/remoteproc/Kconfig > +++ b/drivers/remoteproc/Kconfig > @@ -366,6 +366,16 @@ config XLNX_R5_REMOTEPROC > > It's safe to say N if not interested in using RPU r5f cores. > > + > +config REMOTEPROC_TEE > + tristate "Remoteproc support by a TEE application" > + depends on OPTEE > + help > + Support a remote processor with a TEE application. The Trusted > + Execution Context is responsible for loading the trusted firmware > + image and managing the remote processor's lifecycle. > + This can be either built-in or a loadable module. > + > endif # REMOTEPROC > > endmenu > diff --git a/drivers/remoteproc/Makefile b/drivers/remoteproc/Makefile > index 91314a9b43ce..b4eb37177005 100644 > --- a/drivers/remoteproc/Makefile > +++ b/drivers/remoteproc/Makefile > @@ -36,6 +36,7 @@ obj-$(CONFIG_RCAR_REMOTEPROC) += rcar_rproc.o > obj-$(CONFIG_ST_REMOTEPROC) += st_remoteproc.o > obj-$(CONFIG_ST_SLIM_REMOTEPROC) += st_slim_rproc.o > obj-$(CONFIG_STM32_RPROC)+= stm32_rproc.o > +obj-$(CONFIG_REMOTEPROC_TEE) += remoteproc_tee.o Please move this up to be with the other core remoteproc files, just after CONFIG_REMOTEPROC_CDEV should be fine. > obj-$(CONFIG_TI_K3_DSP_REMOTEPROC) += ti_k3_dsp_remoteproc.o > obj-$(CONFIG_TI_K3_R5_REMOTEPROC)+= ti_k3_r5_remoteproc.o > obj-$(CONFIG_XLNX_R5_REMOTEPROC) += xlnx_r5_remoteproc.o > diff --git a/drivers/remoteproc/remoteproc_tee.c > b/drivers/remoteproc/remoteproc_tee.c > new file mode 100644 > index ..d4a10c99f6e1 > --- /dev/null > +++ b/drivers/remoteproc/remoteproc_tee.c > @@ -0,0 +1,486 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +/* > + * Copyright (C) STMicroelectronics 2024 > + * Author: Arnaud Pouliquen > + */ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#define MAX_TEE_PARAM_ARRY_MEMBER4 > + > +/* > + * Authentication of the firmware and load in the remote processor memory > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + * [in] params[1].memref: buffer containing the image of the > buffer > + */ > +#define TA_RPROC_FW_CMD_LOAD_FW 1 > + > +/* > + * Start the remote processor > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + */ > +#define TA_RPROC_FW_CMD_START_FW 2 > + > +/* > + * Stop the remote processor > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + */ > +#define TA_RPROC_FW_CMD_STOP_FW 3 > + > +/* > + * Return the address of the resource table, or 0 if not found > + * No check is done to verify that the address returned is accessible by > + * the non secure context. If the resource table is loaded in a protected > + * memory the access by the non secure context will lead to a data abort. > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + * [out] params[1].value.a: 32bit LSB resource table memory address > + * [out] params[1].value.b: 32bit MSB resource table memory address > + * [out] params[2].value.a: 32bit LSB resource table memory size > + * [out] params[2].value.b: 32bit MSB resource table memory size > + */ > +#define TA_RPROC_FW_CMD_GET_RSC_TABLE4 > + > +/* > + * Return the address of the core dump > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + * [out] params[1].memref: address of the core dump image if exist, > + * else return Null > + */ > +#define TA_RPROC_FW_CMD_GET_COREDUMP 5 > + > +/* > + * Release remote processor firmware images and associat
Re: [PATCH v9 2/7] remoteproc: Add TEE support
On Fri, Aug 30, 2024 at 11:51:42AM +0200, Arnaud Pouliquen wrote: > Add a remoteproc TEE (Trusted Execution Environment) driver > that will be probed by the TEE bus. If the associated Trusted > application is supported on secure part this driver offers a client > interface to load a firmware by the secure part. > This firmware could be authenticated by the secure trusted application. > > Signed-off-by: Arnaud Pouliquen > --- > Updates vs previous version: > - add TA_RPROC_CMD_RELEASE_FW TEE command support to release firmware > resources, > - add tee_rproc_release_fw() API that will be called by the remoteproc core, > - release the firmware resources in case of error in tee_rproc_parse_fw() > function > --- > drivers/remoteproc/Kconfig | 10 + > drivers/remoteproc/Makefile | 1 + > drivers/remoteproc/remoteproc_tee.c | 486 > include/linux/remoteproc.h | 4 + > include/linux/remoteproc_tee.h | 109 +++ > 5 files changed, 610 insertions(+) > create mode 100644 drivers/remoteproc/remoteproc_tee.c > create mode 100644 include/linux/remoteproc_tee.h > > diff --git a/drivers/remoteproc/Kconfig b/drivers/remoteproc/Kconfig > index dda2ada215b7..93c3de7727bb 100644 > --- a/drivers/remoteproc/Kconfig > +++ b/drivers/remoteproc/Kconfig > @@ -366,6 +366,16 @@ config XLNX_R5_REMOTEPROC > > It's safe to say N if not interested in using RPU r5f cores. > > + > +config REMOTEPROC_TEE > + tristate "Remoteproc support by a TEE application" > + depends on OPTEE > + help > + Support a remote processor with a TEE application. The Trusted > + Execution Context is responsible for loading the trusted firmware > + image and managing the remote processor's lifecycle. > + This can be either built-in or a loadable module. > + > endif # REMOTEPROC > > endmenu > diff --git a/drivers/remoteproc/Makefile b/drivers/remoteproc/Makefile > index 91314a9b43ce..b4eb37177005 100644 > --- a/drivers/remoteproc/Makefile > +++ b/drivers/remoteproc/Makefile > @@ -36,6 +36,7 @@ obj-$(CONFIG_RCAR_REMOTEPROC) += rcar_rproc.o > obj-$(CONFIG_ST_REMOTEPROC) += st_remoteproc.o > obj-$(CONFIG_ST_SLIM_REMOTEPROC) += st_slim_rproc.o > obj-$(CONFIG_STM32_RPROC)+= stm32_rproc.o > +obj-$(CONFIG_REMOTEPROC_TEE) += remoteproc_tee.o > obj-$(CONFIG_TI_K3_DSP_REMOTEPROC) += ti_k3_dsp_remoteproc.o > obj-$(CONFIG_TI_K3_R5_REMOTEPROC)+= ti_k3_r5_remoteproc.o > obj-$(CONFIG_XLNX_R5_REMOTEPROC) += xlnx_r5_remoteproc.o > diff --git a/drivers/remoteproc/remoteproc_tee.c > b/drivers/remoteproc/remoteproc_tee.c > new file mode 100644 > index ..d4a10c99f6e1 > --- /dev/null > +++ b/drivers/remoteproc/remoteproc_tee.c > @@ -0,0 +1,486 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +/* > + * Copyright (C) STMicroelectronics 2024 > + * Author: Arnaud Pouliquen > + */ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#define MAX_TEE_PARAM_ARRY_MEMBER4 s/MAX_TEE_PARAM_ARRY_MEMBER/MAX_TEE_PARAM_ARRAY_MEMBER Comments for this patchset will be staggered over several days. I will let you know when I am done. > + > +/* > + * Authentication of the firmware and load in the remote processor memory > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + * [in] params[1].memref: buffer containing the image of the > buffer > + */ > +#define TA_RPROC_FW_CMD_LOAD_FW 1 > + > +/* > + * Start the remote processor > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + */ > +#define TA_RPROC_FW_CMD_START_FW 2 > + > +/* > + * Stop the remote processor > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + */ > +#define TA_RPROC_FW_CMD_STOP_FW 3 > + > +/* > + * Return the address of the resource table, or 0 if not found > + * No check is done to verify that the address returned is accessible by > + * the non secure context. If the resource table is loaded in a protected > + * memory the access by the non secure context will lead to a data abort. > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + * [out] params[1].value.a: 32bit LSB resource table memory address > + * [out] params[1].value.b: 32bit MSB resource table memory address > + * [out] params[2].value.a: 32bit LSB resource table memory size > + * [out] params[2].value.b: 32bit MSB resource table memory size > + */ > +#define TA_RPROC_FW_CMD_GET_RSC_TABLE4 > + > +/* > + * Return the address of the core dump > + * > + * [in] params[0].value.a: unique 32bit identifier of the remote processor > + * [out] params[1].memref: address of the core dump image if exist, > + * else return Null > + */ > +#define TA_RPROC_FW_CMD_GET_COREDUMP 5 > + > +/* > + * Release re
[PATCH v9 2/7] remoteproc: Add TEE support
Add a remoteproc TEE (Trusted Execution Environment) driver that will be probed by the TEE bus. If the associated Trusted application is supported on secure part this driver offers a client interface to load a firmware by the secure part. This firmware could be authenticated by the secure trusted application. Signed-off-by: Arnaud Pouliquen --- Updates vs previous version: - add TA_RPROC_CMD_RELEASE_FW TEE command support to release firmware resources, - add tee_rproc_release_fw() API that will be called by the remoteproc core, - release the firmware resources in case of error in tee_rproc_parse_fw() function --- drivers/remoteproc/Kconfig | 10 + drivers/remoteproc/Makefile | 1 + drivers/remoteproc/remoteproc_tee.c | 486 include/linux/remoteproc.h | 4 + include/linux/remoteproc_tee.h | 109 +++ 5 files changed, 610 insertions(+) create mode 100644 drivers/remoteproc/remoteproc_tee.c create mode 100644 include/linux/remoteproc_tee.h diff --git a/drivers/remoteproc/Kconfig b/drivers/remoteproc/Kconfig index dda2ada215b7..93c3de7727bb 100644 --- a/drivers/remoteproc/Kconfig +++ b/drivers/remoteproc/Kconfig @@ -366,6 +366,16 @@ config XLNX_R5_REMOTEPROC It's safe to say N if not interested in using RPU r5f cores. + +config REMOTEPROC_TEE + tristate "Remoteproc support by a TEE application" + depends on OPTEE + help + Support a remote processor with a TEE application. The Trusted + Execution Context is responsible for loading the trusted firmware + image and managing the remote processor's lifecycle. + This can be either built-in or a loadable module. + endif # REMOTEPROC endmenu diff --git a/drivers/remoteproc/Makefile b/drivers/remoteproc/Makefile index 91314a9b43ce..b4eb37177005 100644 --- a/drivers/remoteproc/Makefile +++ b/drivers/remoteproc/Makefile @@ -36,6 +36,7 @@ obj-$(CONFIG_RCAR_REMOTEPROC) += rcar_rproc.o obj-$(CONFIG_ST_REMOTEPROC)+= st_remoteproc.o obj-$(CONFIG_ST_SLIM_REMOTEPROC) += st_slim_rproc.o obj-$(CONFIG_STM32_RPROC) += stm32_rproc.o +obj-$(CONFIG_REMOTEPROC_TEE) += remoteproc_tee.o obj-$(CONFIG_TI_K3_DSP_REMOTEPROC) += ti_k3_dsp_remoteproc.o obj-$(CONFIG_TI_K3_R5_REMOTEPROC) += ti_k3_r5_remoteproc.o obj-$(CONFIG_XLNX_R5_REMOTEPROC) += xlnx_r5_remoteproc.o diff --git a/drivers/remoteproc/remoteproc_tee.c b/drivers/remoteproc/remoteproc_tee.c new file mode 100644 index ..d4a10c99f6e1 --- /dev/null +++ b/drivers/remoteproc/remoteproc_tee.c @@ -0,0 +1,486 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) STMicroelectronics 2024 + * Author: Arnaud Pouliquen + */ + +#include +#include +#include +#include +#include +#include +#include + +#define MAX_TEE_PARAM_ARRY_MEMBER 4 + +/* + * Authentication of the firmware and load in the remote processor memory + * + * [in] params[0].value.a:unique 32bit identifier of the remote processor + * [in] params[1].memref: buffer containing the image of the buffer + */ +#define TA_RPROC_FW_CMD_LOAD_FW1 + +/* + * Start the remote processor + * + * [in] params[0].value.a:unique 32bit identifier of the remote processor + */ +#define TA_RPROC_FW_CMD_START_FW 2 + +/* + * Stop the remote processor + * + * [in] params[0].value.a:unique 32bit identifier of the remote processor + */ +#define TA_RPROC_FW_CMD_STOP_FW3 + +/* + * Return the address of the resource table, or 0 if not found + * No check is done to verify that the address returned is accessible by + * the non secure context. If the resource table is loaded in a protected + * memory the access by the non secure context will lead to a data abort. + * + * [in] params[0].value.a:unique 32bit identifier of the remote processor + * [out] params[1].value.a: 32bit LSB resource table memory address + * [out] params[1].value.b: 32bit MSB resource table memory address + * [out] params[2].value.a: 32bit LSB resource table memory size + * [out] params[2].value.b: 32bit MSB resource table memory size + */ +#define TA_RPROC_FW_CMD_GET_RSC_TABLE 4 + +/* + * Return the address of the core dump + * + * [in] params[0].value.a:unique 32bit identifier of the remote processor + * [out] params[1].memref: address of the core dump image if exist, + * else return Null + */ +#define TA_RPROC_FW_CMD_GET_COREDUMP 5 + +/* + * Release remote processor firmware images and associated resources. + * This command should be used in case an error occurs between the loading of + * the firmware images (A_RPROC_CMD_LOAD_FW) and the starting of the remote + * processor (TA_RPROC_CMD_START_FW) or after stopping the remote processor + * to release associated resources (TA_RPROC_CMD_STOP_FW). + * + * [in] params[0].value.a: Unique 32-bit remote processor identifier + */
