From: Jorge Ramirez-Ortiz <jorge@foundries.io>
To: u-boot@lists.denx.de
Subject: [PATCH] drivers: tee: sandbox: secure channel protocol control
Date: Sun, 7 Feb 2021 00:05:02 +0100 [thread overview]
Message-ID: <20210206230504.1958-2-jorge@foundries.io> (raw)
In-Reply-To: <20210206230504.1958-1-jorge@foundries.io>
Adds support for SCP03 emulation.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
---
drivers/tee/optee/Kconfig | 6 ++++
drivers/tee/sandbox.c | 59 +++++++++++++++++++++++++++++++++++++--
2 files changed, 63 insertions(+), 2 deletions(-)
diff --git a/drivers/tee/optee/Kconfig b/drivers/tee/optee/Kconfig
index d489834df9..b7f704a5e6 100644
--- a/drivers/tee/optee/Kconfig
+++ b/drivers/tee/optee/Kconfig
@@ -22,6 +22,12 @@ config OPTEE_TA_AVB
The TA can support the "avb" subcommands "read_rb", "write"rb"
and "is_unlocked".
+config OPTEE_TA_SCP03
+ bool "Support SCP03 TA"
+ default y
+ help
+ Enables support for the SCP03 Trusted Application (TA) in OP-TEE.
+
endmenu
endif
diff --git a/drivers/tee/sandbox.c b/drivers/tee/sandbox.c
index e1ba027fd6..5ad5ddf588 100644
--- a/drivers/tee/sandbox.c
+++ b/drivers/tee/sandbox.c
@@ -7,6 +7,7 @@
#include <sandboxtee.h>
#include <tee.h>
#include <tee/optee_ta_avb.h>
+#include <tee/optee_ta_scp03.h>
/*
* The sandbox tee driver tries to emulate a generic Trusted Exectution
@@ -32,7 +33,7 @@ struct ta_entry {
struct tee_param *params);
};
-#ifdef CONFIG_OPTEE_TA_AVB
+#if defined(CONFIG_OPTEE_TA_SCP03) || defined(CONFIG_OPTEE_TA_AVB)
static u32 get_attr(uint n, uint num_params, struct tee_param *params)
{
if (n >= num_params)
@@ -44,7 +45,7 @@ static u32 get_attr(uint n, uint num_params, struct tee_param *params)
static u32 check_params(u8 p0, u8 p1, u8 p2, u8 p3, uint num_params,
struct tee_param *params)
{
- u8 p[] = { p0, p1, p2, p3};
+ u8 p[] = { p0, p1, p2, p3 };
uint n;
for (n = 0; n < ARRAY_SIZE(p); n++)
@@ -62,6 +63,54 @@ bad_params:
return TEE_ERROR_BAD_PARAMETERS;
}
+#endif
+
+#ifdef CONFIG_OPTEE_TA_SCP03
+static u32 pta_scp03_open_session(struct udevice *dev, uint num_params,
+ struct tee_param *params)
+{
+ /*
+ * We don't expect additional parameters when opening a session to
+ * this TA.
+ */
+ return check_params(TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE,
+ TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE,
+ num_params, params);
+}
+
+static u32 pta_scp03_invoke_func(struct udevice *dev, u32 func, uint num_params,
+ struct tee_param *params)
+{
+ u32 res;
+ static bool enabled;
+
+ switch (func) {
+ case PTA_CMD_ENABLE_SCP03:
+ res = check_params(TEE_PARAM_ATTR_TYPE_VALUE_INPUT,
+ TEE_PARAM_ATTR_TYPE_NONE,
+ TEE_PARAM_ATTR_TYPE_NONE,
+ TEE_PARAM_ATTR_TYPE_NONE,
+ num_params, params);
+ if (res)
+ return res;
+
+ if (!enabled) {
+ printf("SCP03 enabled\n");
+ enabled = true;
+ } else
+ printf("SCP03 already enabled, no action\n");
+
+ if (params[0].u.value.a)
+ printk("SCP03 keys rotated\n");
+
+ return TEE_SUCCESS;
+ default:
+ return TEE_ERROR_NOT_SUPPORTED;
+ }
+}
+#endif
+
+#ifdef CONFIG_OPTEE_TA_AVB
static u32 ta_avb_open_session(struct udevice *dev, uint num_params,
struct tee_param *params)
@@ -223,6 +272,12 @@ static const struct ta_entry ta_entries[] = {
.invoke_func = ta_avb_invoke_func,
},
#endif
+#ifdef CONFIG_OPTEE_TA_SCP03
+ { .uuid = PTA_SCP03_UUID,
+ .open_session = pta_scp03_open_session,
+ .invoke_func = pta_scp03_invoke_func,
+ },
+#endif
};
static void sandbox_tee_get_version(struct udevice *dev,
--
2.30.0
next prev parent reply other threads:[~2021-02-06 23:05 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-06 23:05 [PATCH 1/3] common: SCP03 control (enable and provision of keys) Jorge Ramirez-Ortiz
2021-02-06 23:05 ` Jorge Ramirez-Ortiz [this message]
2021-02-06 23:05 ` [PATCH 2/3] cmd: SCP03: enable and provision command Jorge Ramirez-Ortiz
2021-02-07 14:37 ` Simon Glass
2021-02-07 18:11 ` Jorge
2021-02-08 17:08 ` Simon Glass
2021-02-08 20:18 ` Jorge
2021-02-06 23:05 ` [PATCH 3/3] drivers: tee: sandbox: secure channel protocol control Jorge Ramirez-Ortiz
2021-02-07 14:37 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210206230504.1958-2-jorge@foundries.io \
--to=jorge@foundries.io \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox