Eric Lee / smarc-uboot

16 Dec, 2018

1 commit

  • 8b1312662   tee: change return code for REE FS supplicant cmd ... Browse Code »

    If OP-TEE core is compiled with support of REE FS and RPMB
    at the same time (CFG_RPMB_FS ?= y; CFG_RPMB_FS ?= y), and persistent
    storage API is used with TEE_STORAGE_PRIVATE storage id, it will
    lead to TA panic.

    E/TC:? 0 TA panicked with code 0xffff0009
    .....
    E/TC:? 0 Call stack:
    E/TC:? 0 0x000000004002f2f8 TEE_OpenPersistentObject at
    lib/libutee/tee_api_objects.c:422

    In this particular case TEE_ERROR_STORAGE_NOT_AVAILABLE is more suitable
    than TEE_ERROR_NOT_IMPLEMENTED, as it provides to a TA a possibility
    to handle this error code [1].

    >From GPD TEE Internal Core specification [2]:
    TEE_ERROR_STORAGE_NOT_AVAILABLE - if the persistent object is stored in a
    storage area which is currently inaccessible. It may be associated with
    the device but unplugged, busy, or inaccessible for some other reason.

    [1]: https://github.com/OP-TEE/optee_os/blob/94db01ef448d1e552161c2d861d57a5f8bda0cc0/lib/libutee/tee_api_objects.c#L419
    [2]: https://globalplatform.org/wp-content/uploads/2018/06/GPD_TEE_Internal_Core_API_Specification_v1.1.2.50_PublicReview.pdf

    Signed-off-by: Igor Opaniuk
    Reviewed-by: Jens Wiklander

    Igor Opaniuk
     

07 Oct, 2018

5 commits

  • eadf26f18   tee: add sandbox driver ... Browse Code »

    Adds a sandbox tee driver which emulates a generic TEE with the OP-TEE
    AVB TA.

    Reviewed-by: Simon Glass
    Signed-off-by: Jens Wiklander
    Reviewed-by: Simon Glass
    [trini: Fix printf warnings in ta_avb_invoke_func, slots is uint]
    Signed-off-by: Tom Rini

    Jens Wiklander
     
  • 1cc8cc4e6   tee: optee: support AVB trusted application ... Browse Code »

    Adds configuration option OPTEE_TA_AVB and a header file describing the
    interface to the Android Verified Boot 2.0 (AVB) trusted application
    provided by OP-TEE.

    Tested-by: Igor Opaniuk
    Reviewed-by: Igor Opaniuk
    Signed-off-by: Jens Wiklander
    Reviewed-by: Simon Glass

    Jens Wiklander
     
  • 232cfd6d9   optee: support routing of rpmb data frames to mmc ... Browse Code »

    Adds support in optee supplicant to route signed (MACed) RPMB frames
    from OP-TEE Secure OS to MMC and vice versa to manipulate the RPMB
    partition.

    Tested-by: Igor Opaniuk
    Signed-off-by: Jens Wiklander
    Reviewed-by: Simon Glass

    Jens Wiklander
     
  • d4bd3d25d   tee: add OP-TEE driver ... Browse Code »

    Adds a OP-TEE driver.

    * Targets ARM and ARM64
    * Supports using any U-Boot memory as shared memory
    * Probes OP-TEE version using SMCs
    * Uses OPTEE message protocol version 2 to communicate with secure world

    Reviewed-by: Simon Glass
    Tested-by: Igor Opaniuk
    Signed-off-by: Jens Wiklander

    Jens Wiklander
     
  • 9ff4a3117   Add UCLASS_TEE for Trusted Execution Environment ... Browse Code »

    Adds a uclass to interface with a TEE (Trusted Execution Environment).

    A TEE driver is a driver that interfaces with a trusted OS running in
    some secure environment, for example, TrustZone on ARM cpus, or a
    separate secure co-processor etc.

    The TEE subsystem can serve a TEE driver for a Global Platform compliant
    TEE, but it's not limited to only Global Platform TEEs.

    The over all design is based on the TEE subsystem in the Linux kernel,
    tailored for U-Boot.

    Reviewed-by: Simon Glass
    Tested-by: Igor Opaniuk
    Signed-off-by: Jens Wiklander

    Jens Wiklander