Re: [Tee-dev] [PATCH v2] drivers: optee: allow op-tee to access devices on the i2c bus - Jorge Ramirez-Ortiz, Foundries

From: "Jorge Ramirez-Ortiz, Foundries" <jorge@foundries.io>
To: Jens Wiklander <jens.wiklander@linaro.org>
Cc: "Jorge Ramirez-Ortiz, Foundries" <jorge@foundries.io>,
	Sumit Garg <sumit.garg@linaro.org>,
	"tee-dev @ lists . linaro . org" <tee-dev@lists.linaro.org>,
	ricardo@foundries.io, mike@foundries.io,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [Tee-dev] [PATCH v2] drivers: optee: allow op-tee to access devices on the i2c bus
Date: Mon, 8 Jun 2020 10:25:09 +0200	[thread overview]
Message-ID: <20200608082509.GA21803@trex> (raw)
In-Reply-To: <20200608064904.GA1187395@jade>

On 08/06/20, Jens Wiklander wrote:
> On Mon, Jun 01, 2020 at 09:24:46AM +0200, Jorge Ramirez-Ortiz, Foundries wrote:
> > On 01/06/20, Sumit Garg wrote:
> > > Hi Jorge,
> > 
> > hey
> > 
> > > 
> > > On Mon, 1 Jun 2020 at 04:41, Jorge Ramirez-Ortiz <jorge@foundries.io> wrote:
> > > >
> > > > Some secure elements like NXP's SE050 sit on I2C buses. For OP-TEE to
> > > > control this type of cryptographic devices it needs coordinated access
> > > > to the bus, so collisions and RUNTIME_PM dont get in the way.
> > > >
> > > > This trampoline driver allow OP-TEE to access them.
> > > >
> > > 
> > > This sounds like an interesting use-case but I would like to
> > > understand how secure is this communication interface with the secure
> > > element? Like in the case of RPMB, secure world data is encrypted
> > > which flows via tee-supplicant to RPMB device.
> > 
> > right, the data in the buffer should be encrypted in both directions
> > (in the case of the SE050 [1] we have the option to operate with or
> > without encryption which is what I am doing during development
> > [2]).
> > 
> > But ultimately -before any product can be shipped- all comms must be
> > encrypted: this means that when OP-TEE uses the SE050 for crypto, it
> > must encrypt the data on write and decrypt what is comming from the
> > SE050 on read. I am now looking into how to enable this.
> > 
> > [1] https://www.nxp.com/docs/en/data-sheet/SE050-DATASHEET.pdf
> > [2] https://github.com/ldts/optee_os/commits/se050
> This link doesn't work.

apologies, I updated the SDK release to 2.14 (latest)

please use the following:
https://github.com/ldts/optee_os/commits/se050.2.14


> 
> > 
> > > 
> > > -Sumit
> > > 
> > > > Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
> > > > ---
> > > >  drivers/tee/optee/optee_msg.h | 18 +++++++++++
> > > >  drivers/tee/optee/rpc.c       | 57 +++++++++++++++++++++++++++++++++++
> > > >  2 files changed, 75 insertions(+)
> > > >
> > > > diff --git a/drivers/tee/optee/optee_msg.h b/drivers/tee/optee/optee_msg.h
> > > > index 795bc19ae17a..b6cc964fdeea 100644
> > > > --- a/drivers/tee/optee/optee_msg.h
> > > > +++ b/drivers/tee/optee/optee_msg.h
> > > > @@ -419,4 +419,22 @@ struct optee_msg_arg {
> > > >   */
> > > >  #define OPTEE_MSG_RPC_CMD_SHM_FREE     7
> > > >
> > > > +/*
> > > > + * Access a device on an i2c bus
> > > > + *
> > > > + * [in]  param[0].u.value.a            mode: RD(0), WR(1)
> > > > + * [in]  param[0].u.value.b            i2c adapter
> > > > + * [in]  param[0].u.value.c            i2c chip
> > > > + *
> > > > + * [io]  param[1].u.tmem.buf_ptr       physical address
> > > > + * [io]  param[1].u.tmem.size          transfer size in bytes
> > > > + * [io]  param[1].u.tmem.shm_ref       shared memory reference
> 
> This should be "[in/out] memref[1]" instead to be able to use
> all kinds of memory references.
> 
> > > > + *
> > > > + * [out]  param[0].u.value.a           bytes transferred
> > > > + *
> > > > + */
> > > > +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER 8
> > > > +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER_RD 0
> > > > +#define OPTEE_MSG_RPC_CMD_I2C_TRANSFER_WR 1
> > > > +
> > > >  #endif /* _OPTEE_MSG_H */
> > > > diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c
> > > > index b4ade54d1f28..21d452805c6f 100644
> > > > --- a/drivers/tee/optee/rpc.c
> > > > +++ b/drivers/tee/optee/rpc.c
> > > > @@ -9,6 +9,7 @@
> > > >  #include <linux/device.h>
> > > >  #include <linux/slab.h>
> > > >  #include <linux/tee_drv.h>
> > > > +#include <linux/i2c.h>
> > > >  #include "optee_private.h"
> > > >  #include "optee_smc.h"
> > > >
> > > > @@ -48,6 +49,59 @@ static void handle_rpc_func_cmd_get_time(struct optee_msg_arg *arg)
> > > >  bad:
> > > >         arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > >  }
> > > > +static void handle_rpc_func_cmd_i2c_transfer(struct tee_context *ctx,
> > > > +                                            struct optee_msg_arg *arg)
> > > > +{
> > > > +       struct i2c_client client;
> > > > +       struct tee_shm *shm;
> > > > +       int i, ret;
> > > > +       char *buf;
> > > > +       uint32_t attr[] = {
> > > > +               OPTEE_MSG_ATTR_TYPE_VALUE_INPUT,
> > > > +               OPTEE_MSG_ATTR_TYPE_TMEM_INOUT,
> > > > +               OPTEE_MSG_ATTR_TYPE_VALUE_OUTPUT,
> > > > +       };
> > > > +
> > > > +       if (arg->num_params != ARRAY_SIZE(attr))
> > > > +               goto bad;
> 
> Use optee_from_msg_param() to translate this into a struct tee_param,
> that way you cover all kinds of memory references. Before returning it
> nees to be translated back with optee_to_msg_param().
> 
> Cheers,
> Jens
> 
> > > > +
> > > > +       for (i = 0; i < ARRAY_SIZE(attr); i++)
> > > > +               if ((arg->params[i].attr & OPTEE_MSG_ATTR_TYPE_MASK) != attr[i])
> > > > +                       goto bad;
> > > > +
> > > > +       shm = (struct tee_shm *)(unsigned long)arg->params[1].u.tmem.shm_ref;
> > > > +       buf = (char *)shm->kaddr;
> > > > +
> > > > +       client.addr = arg->params[0].u.value.c;
> > > > +       client.adapter = i2c_get_adapter(arg->params[0].u.value.b);
> > > > +       if (!client.adapter)
> > > > +               goto bad;
> > > > +
> > > > +       snprintf(client.name, I2C_NAME_SIZE, "i2c%d", client.adapter->nr);
> > > > +
> > > > +       switch (arg->params[0].u.value.a) {
> > > > +       case OPTEE_MSG_RPC_CMD_I2C_TRANSFER_RD:
> > > > +               ret = i2c_master_recv(&client, buf, arg->params[1].u.tmem.size);
> > > > +               break;
> > > > +       case OPTEE_MSG_RPC_CMD_I2C_TRANSFER_WR:
> > > > +               ret = i2c_master_send(&client, buf, arg->params[1].u.tmem.size);
> > > > +               break;
> > > > +       default:
> > > > +               i2c_put_adapter(client.adapter);
> > > > +               goto bad;
> > > > +       }
> > > > +
> > > > +       if (ret >= 0) {
> > > > +               arg->params[2].u.value.a = ret;
> > > > +               arg->ret = TEEC_SUCCESS;
> > > > +       } else
> > > > +               arg->ret = TEEC_ERROR_COMMUNICATION;
> > > > +
> > > > +       i2c_put_adapter(client.adapter);
> > > > +       return;
> > > > +bad:
> > > > +       arg->ret = TEEC_ERROR_BAD_PARAMETERS;
> > > > +}
> > > >
> > > >  static struct wq_entry *wq_entry_get(struct optee_wait_queue *wq, u32 key)
> > > >  {
> > > > @@ -382,6 +436,9 @@ static void handle_rpc_func_cmd(struct tee_context *ctx, struct optee *optee,
> > > >         case OPTEE_MSG_RPC_CMD_SHM_FREE:
> > > >                 handle_rpc_func_cmd_shm_free(ctx, arg);
> > > >                 break;
> > > > +       case OPTEE_MSG_RPC_CMD_I2C_TRANSFER:
> > > > +               handle_rpc_func_cmd_i2c_transfer(ctx, arg);
> > > > +               break;
> > > >         default:
> > > >                 handle_rpc_supp_cmd(ctx, arg);
> > > >         }
> > > > --
> > > > 2.17.1
> > > >
> > > > _______________________________________________
> > > > Tee-dev mailing list
> > > > Tee-dev@lists.linaro.org
> > > > https://lists.linaro.org/mailman/listinfo/tee-dev