| Message ID | 20241202-qcom-tee-using-tee-ss-without-mem-obj-v1-0-f502ef01e016@quicinc.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE) | expand |
On 12/2/2024 8:19 PM, Amirreza Zarrabi wrote: > This patch series introduces a Trusted Execution Environment (TEE) > driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) > and services to run securely. It uses an object-based interface, where > each service is an object with sets of operations. Clients can invoke > these operations on objects, which can generate results, including other > objects. For example, an object can load a TA and return another object > that represents the loaded TA, allowing access to its services. The first patch series was RFC and now you had removed the RFC. Can you please provide the reasons? https://lwn.net/ml/all/20240702-qcom-tee-object-and-ioctls-v1-0-633c3ddf57ee@quicinc.com/ I understand that you have now changed to tee framework but I want to check if we should continue with the version and increment here or start from [00]?
Based on our discussions, we implemented significant changes. We essentially rewrote most of the files and altered the overall direction, except for a couple of files. The changelog entry would have been extensive. - Amir On 12/3/2024 5:06 PM, Trilok Soni wrote: > On 12/2/2024 8:19 PM, Amirreza Zarrabi wrote: >> This patch series introduces a Trusted Execution Environment (TEE) >> driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) >> and services to run securely. It uses an object-based interface, where >> each service is an object with sets of operations. Clients can invoke >> these operations on objects, which can generate results, including other >> objects. For example, an object can load a TA and return another object >> that represents the loaded TA, allowing access to its services. > > The first patch series was RFC and now you had removed the RFC. Can you please > provide the reasons? > > https://lwn.net/ml/all/20240702-qcom-tee-object-and-ioctls-v1-0-633c3ddf57ee@quicinc.com/ > > I understand that you have now changed to tee framework but I want to check > if we should continue with the version and increment here or start from [00]? >
On Wed, Dec 04, 2024 at 09:13:43AM +1100, Amirreza Zarrabi wrote: > Based on our discussions, we implemented significant changes. We essentially > rewrote most of the files and altered the overall direction, except for a > couple of files. The changelog entry would have been extensive. At least some changelog should be provided, even if tells "reworked to use TEE framework, made it jump over the head and tie the shoelaces". Also please don't top-post, this style is frowned upon in the mailing list discussions, it breaks the logic of reading. > > - Amir > > On 12/3/2024 5:06 PM, Trilok Soni wrote: > > On 12/2/2024 8:19 PM, Amirreza Zarrabi wrote: > >> This patch series introduces a Trusted Execution Environment (TEE) > >> driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) > >> and services to run securely. It uses an object-based interface, where > >> each service is an object with sets of operations. Clients can invoke > >> these operations on objects, which can generate results, including other > >> objects. For example, an object can load a TA and return another object > >> that represents the loaded TA, allowing access to its services. > > > > The first patch series was RFC and now you had removed the RFC. Can you please > > provide the reasons? > > > > https://lwn.net/ml/all/20240702-qcom-tee-object-and-ioctls-v1-0-633c3ddf57ee@quicinc.com/ > > > > I understand that you have now changed to tee framework but I want to check > > if we should continue with the version and increment here or start from [00]? > >
On 12/4/2024 10:43 AM, Dmitry Baryshkov wrote: > On Wed, Dec 04, 2024 at 09:13:43AM +1100, Amirreza Zarrabi wrote: >> Based on our discussions, we implemented significant changes. We essentially >> rewrote most of the files and altered the overall direction, except for a >> couple of files. The changelog entry would have been extensive. > > At least some changelog should be provided, even if tells "reworked to > use TEE framework, made it jump over the head and tie the shoelaces". > Sure, I'll provide some changelog. > Also please don't top-post, this style is frowned upon in the mailing > list discussions, it breaks the logic of reading. > ;) Oops, that shouldn't have been sent out like this. My apologies. I'll ensure it doesn't happen again.. - Amir >> >> - Amir >> >> On 12/3/2024 5:06 PM, Trilok Soni wrote: >>> On 12/2/2024 8:19 PM, Amirreza Zarrabi wrote: >>>> This patch series introduces a Trusted Execution Environment (TEE) >>>> driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) >>>> and services to run securely. It uses an object-based interface, where >>>> each service is an object with sets of operations. Clients can invoke >>>> these operations on objects, which can generate results, including other >>>> objects. For example, an object can load a TA and return another object >>>> that represents the loaded TA, allowing access to its services. >>> >>> The first patch series was RFC and now you had removed the RFC. Can you please >>> provide the reasons? >>> >>> https://lwn.net/ml/all/20240702-qcom-tee-object-and-ioctls-v1-0-633c3ddf57ee@quicinc.com/ >>> >>> I understand that you have now changed to tee framework but I want to check >>> if we should continue with the version and increment here or start from [00]? >>> >
Hi Amirreza, On Tue, 3 Dec 2024 at 09:50, Amirreza Zarrabi <quic_azarrabi@quicinc.com> wrote: > > This patch series introduces a Trusted Execution Environment (TEE) > driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) > and services to run securely. It uses an object-based interface, where > each service is an object with sets of operations. Clients can invoke > these operations on objects, which can generate results, including other > objects. For example, an object can load a TA and return another object > that represents the loaded TA, allowing access to its services. > > Kernel and userspace services are also available to QTEE through a > similar approach. QTEE makes callback requests that are converted into > object invocations. These objects can represent services within the > kernel or userspace process. > > Note: This patch series focuses on QTEE objects and userspace services. > > Linux already provides a TEE subsystem, which is described in [1]. The > tee subsystem provides a generic ioctl interface, TEE_IOC_INVOKE, which > can be used by userspace to talk to a TEE backend driver. We extend the > Linux TEE subsystem to understand object parameters and an ioctl call so > client can invoke objects in QTEE: > > - TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_* > - TEE_IOC_OBJECT_INVOKE > Thanks for proposing to extend the TEE subsystem. However, I couldn't see any user-space library or test application(s) to test this new IOCTL. Say for example how will someone with a board based on sm8650 will be able to test the QTEE interface? IIRC, last time we agreed off list that you will be pushing that alongside this patch-set. -Sumit > The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are > used for invoking services in the userspace process by QTEE. > > The TEE backend driver uses the QTEE Transport Message to communicate > with QTEE. Interactions through the object INVOKE interface are > translated into QTEE messages. Likewise, object invocations from QTEE > for userspace objects are converted into SEND/RECV ioctl calls to > supplicants. > > The details of QTEE Transport Message to communicate with QTEE is > available in [PATCH 10/10] Documentation: tee: Add Qualcomm TEE driver. > > This patch series has been tested for basic QTEE object invocations and > callback requests, including loading a TA and requesting services form > the TA. However, the test platform is currently being prepared for > upstream availability and will soon be accessible to the community for > further validation. I will share updates as the platform become > available. > > [1] https://www.kernel.org/doc/Documentation/tee.txt > > Signed-off-by: Amirreza Zarrabi <quic_azarrabi@quicinc.com> > --- > Amirreza Zarrabi (10): > tee: allow a driver to allocate a tee_device without a pool > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_MEMBUF > tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF > firmware: qcom: scm: add support for object invocation > qcomtee: implement object invoke support > qcomtee: add primordial object > dt-bindings: arm: qcomtee: add QTEE driver devicetree binding for TEE subsystem > tee: add Qualcomm TEE driver > arm64: dts: qcom: sm8650: add support for QTEE > Documentation: tee: Add Qualcomm TEE driver > > .../devicetree/bindings/arm/firmware/qcom,tee.yaml | 34 + > Documentation/tee/index.rst | 1 + > Documentation/tee/qtee.rst | 143 ++++ > arch/arm64/boot/dts/qcom/sm8650.dtsi | 4 + > drivers/firmware/qcom/qcom_scm.c | 60 ++ > drivers/firmware/qcom/qcom_scm.h | 7 + > drivers/tee/Kconfig | 1 + > drivers/tee/Makefile | 1 + > drivers/tee/qcomtee/Kconfig | 10 + > drivers/tee/qcomtee/Makefile | 9 + > drivers/tee/qcomtee/async.c | 153 ++++ > drivers/tee/qcomtee/call.c | 707 ++++++++++++++++ > drivers/tee/qcomtee/core.c | 942 +++++++++++++++++++++ > drivers/tee/qcomtee/primordial_obj.c | 63 ++ > drivers/tee/qcomtee/qcom_scm.c | 36 + > drivers/tee/qcomtee/qcomtee_msg.h | 217 +++++ > drivers/tee/qcomtee/qcomtee_private.h | 218 +++++ > drivers/tee/qcomtee/release.c | 66 ++ > drivers/tee/qcomtee/user_obj.c | 625 ++++++++++++++ > drivers/tee/tee_core.c | 113 ++- > include/linux/firmware/qcom/qcom_scm.h | 9 + > include/linux/firmware/qcom/qcom_tee.h | 284 +++++++ > include/linux/tee_core.h | 4 + > include/linux/tee_drv.h | 12 + > include/uapi/linux/tee.h | 54 +- > 25 files changed, 3765 insertions(+), 8 deletions(-) > --- > base-commit: f486c8aa16b8172f63bddc70116a0c897a7f3f02 > change-id: 20241202-qcom-tee-using-tee-ss-without-mem-obj-362c66340527 > > Best regards, > -- > Amirreza Zarrabi <quic_azarrabi@quicinc.com> >
Hi Sumit, On 12/19/2024 1:25 AM, Sumit Garg wrote: > Hi Amirreza, > > On Tue, 3 Dec 2024 at 09:50, Amirreza Zarrabi <quic_azarrabi@quicinc.com> wrote: >> >> This patch series introduces a Trusted Execution Environment (TEE) >> driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) >> and services to run securely. It uses an object-based interface, where >> each service is an object with sets of operations. Clients can invoke >> these operations on objects, which can generate results, including other >> objects. For example, an object can load a TA and return another object >> that represents the loaded TA, allowing access to its services. >> >> Kernel and userspace services are also available to QTEE through a >> similar approach. QTEE makes callback requests that are converted into >> object invocations. These objects can represent services within the >> kernel or userspace process. >> >> Note: This patch series focuses on QTEE objects and userspace services. >> >> Linux already provides a TEE subsystem, which is described in [1]. The >> tee subsystem provides a generic ioctl interface, TEE_IOC_INVOKE, which >> can be used by userspace to talk to a TEE backend driver. We extend the >> Linux TEE subsystem to understand object parameters and an ioctl call so >> client can invoke objects in QTEE: >> >> - TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_* >> - TEE_IOC_OBJECT_INVOKE >> > > Thanks for proposing to extend the TEE subsystem. However, I couldn't > see any user-space library or test application(s) to test this new > IOCTL. Say for example how will someone with a board based on sm8650 > will be able to test the QTEE interface? IIRC, last time we agreed off > list that you will be pushing that alongside this patch-set. > :) Indeed. The upcoming version of this patch series will include a library and a test application. Best Regards, Amir > -Sumit > >> The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are >> used for invoking services in the userspace process by QTEE. >> >> The TEE backend driver uses the QTEE Transport Message to communicate >> with QTEE. Interactions through the object INVOKE interface are >> translated into QTEE messages. Likewise, object invocations from QTEE >> for userspace objects are converted into SEND/RECV ioctl calls to >> supplicants. >> >> The details of QTEE Transport Message to communicate with QTEE is >> available in [PATCH 10/10] Documentation: tee: Add Qualcomm TEE driver. >> >> This patch series has been tested for basic QTEE object invocations and >> callback requests, including loading a TA and requesting services form >> the TA. However, the test platform is currently being prepared for >> upstream availability and will soon be accessible to the community for >> further validation. I will share updates as the platform become >> available. >> >> [1] https://www.kernel.org/doc/Documentation/tee.txt >> >> Signed-off-by: Amirreza Zarrabi <quic_azarrabi@quicinc.com> >> --- >> Amirreza Zarrabi (10): >> tee: allow a driver to allocate a tee_device without a pool >> tee: add TEE_IOCTL_PARAM_ATTR_TYPE_MEMBUF >> tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF >> firmware: qcom: scm: add support for object invocation >> qcomtee: implement object invoke support >> qcomtee: add primordial object >> dt-bindings: arm: qcomtee: add QTEE driver devicetree binding for TEE subsystem >> tee: add Qualcomm TEE driver >> arm64: dts: qcom: sm8650: add support for QTEE >> Documentation: tee: Add Qualcomm TEE driver >> >> .../devicetree/bindings/arm/firmware/qcom,tee.yaml | 34 + >> Documentation/tee/index.rst | 1 + >> Documentation/tee/qtee.rst | 143 ++++ >> arch/arm64/boot/dts/qcom/sm8650.dtsi | 4 + >> drivers/firmware/qcom/qcom_scm.c | 60 ++ >> drivers/firmware/qcom/qcom_scm.h | 7 + >> drivers/tee/Kconfig | 1 + >> drivers/tee/Makefile | 1 + >> drivers/tee/qcomtee/Kconfig | 10 + >> drivers/tee/qcomtee/Makefile | 9 + >> drivers/tee/qcomtee/async.c | 153 ++++ >> drivers/tee/qcomtee/call.c | 707 ++++++++++++++++ >> drivers/tee/qcomtee/core.c | 942 +++++++++++++++++++++ >> drivers/tee/qcomtee/primordial_obj.c | 63 ++ >> drivers/tee/qcomtee/qcom_scm.c | 36 + >> drivers/tee/qcomtee/qcomtee_msg.h | 217 +++++ >> drivers/tee/qcomtee/qcomtee_private.h | 218 +++++ >> drivers/tee/qcomtee/release.c | 66 ++ >> drivers/tee/qcomtee/user_obj.c | 625 ++++++++++++++ >> drivers/tee/tee_core.c | 113 ++- >> include/linux/firmware/qcom/qcom_scm.h | 9 + >> include/linux/firmware/qcom/qcom_tee.h | 284 +++++++ >> include/linux/tee_core.h | 4 + >> include/linux/tee_drv.h | 12 + >> include/uapi/linux/tee.h | 54 +- >> 25 files changed, 3765 insertions(+), 8 deletions(-) >> --- >> base-commit: f486c8aa16b8172f63bddc70116a0c897a7f3f02 >> change-id: 20241202-qcom-tee-using-tee-ss-without-mem-obj-362c66340527 >> >> Best regards, >> -- >> Amirreza Zarrabi <quic_azarrabi@quicinc.com> >>
This patch series introduces a Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) and services to run securely. It uses an object-based interface, where each service is an object with sets of operations. Clients can invoke these operations on objects, which can generate results, including other objects. For example, an object can load a TA and return another object that represents the loaded TA, allowing access to its services. Kernel and userspace services are also available to QTEE through a similar approach. QTEE makes callback requests that are converted into object invocations. These objects can represent services within the kernel or userspace process. Note: This patch series focuses on QTEE objects and userspace services. Linux already provides a TEE subsystem, which is described in [1]. The tee subsystem provides a generic ioctl interface, TEE_IOC_INVOKE, which can be used by userspace to talk to a TEE backend driver. We extend the Linux TEE subsystem to understand object parameters and an ioctl call so client can invoke objects in QTEE: - TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_* - TEE_IOC_OBJECT_INVOKE The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are used for invoking services in the userspace process by QTEE. The TEE backend driver uses the QTEE Transport Message to communicate with QTEE. Interactions through the object INVOKE interface are translated into QTEE messages. Likewise, object invocations from QTEE for userspace objects are converted into SEND/RECV ioctl calls to supplicants. The details of QTEE Transport Message to communicate with QTEE is available in [PATCH 10/10] Documentation: tee: Add Qualcomm TEE driver. This patch series has been tested for basic QTEE object invocations and callback requests, including loading a TA and requesting services form the TA. However, the test platform is currently being prepared for upstream availability and will soon be accessible to the community for further validation. I will share updates as the platform become available. [1] https://www.kernel.org/doc/Documentation/tee.txt Signed-off-by: Amirreza Zarrabi <quic_azarrabi@quicinc.com> --- Amirreza Zarrabi (10): tee: allow a driver to allocate a tee_device without a pool tee: add TEE_IOCTL_PARAM_ATTR_TYPE_MEMBUF tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF firmware: qcom: scm: add support for object invocation qcomtee: implement object invoke support qcomtee: add primordial object dt-bindings: arm: qcomtee: add QTEE driver devicetree binding for TEE subsystem tee: add Qualcomm TEE driver arm64: dts: qcom: sm8650: add support for QTEE Documentation: tee: Add Qualcomm TEE driver .../devicetree/bindings/arm/firmware/qcom,tee.yaml | 34 + Documentation/tee/index.rst | 1 + Documentation/tee/qtee.rst | 143 ++++ arch/arm64/boot/dts/qcom/sm8650.dtsi | 4 + drivers/firmware/qcom/qcom_scm.c | 60 ++ drivers/firmware/qcom/qcom_scm.h | 7 + drivers/tee/Kconfig | 1 + drivers/tee/Makefile | 1 + drivers/tee/qcomtee/Kconfig | 10 + drivers/tee/qcomtee/Makefile | 9 + drivers/tee/qcomtee/async.c | 153 ++++ drivers/tee/qcomtee/call.c | 707 ++++++++++++++++ drivers/tee/qcomtee/core.c | 942 +++++++++++++++++++++ drivers/tee/qcomtee/primordial_obj.c | 63 ++ drivers/tee/qcomtee/qcom_scm.c | 36 + drivers/tee/qcomtee/qcomtee_msg.h | 217 +++++ drivers/tee/qcomtee/qcomtee_private.h | 218 +++++ drivers/tee/qcomtee/release.c | 66 ++ drivers/tee/qcomtee/user_obj.c | 625 ++++++++++++++ drivers/tee/tee_core.c | 113 ++- include/linux/firmware/qcom/qcom_scm.h | 9 + include/linux/firmware/qcom/qcom_tee.h | 284 +++++++ include/linux/tee_core.h | 4 + include/linux/tee_drv.h | 12 + include/uapi/linux/tee.h | 54 +- 25 files changed, 3765 insertions(+), 8 deletions(-) --- base-commit: f486c8aa16b8172f63bddc70116a0c897a7f3f02 change-id: 20241202-qcom-tee-using-tee-ss-without-mem-obj-362c66340527 Best regards,