From patchwork Wed Oct 11 19:01:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 10000365 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id AD657602BF for ; Wed, 11 Oct 2017 19:04:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8DAFC2899E for ; Wed, 11 Oct 2017 19:04:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8262828A0A; Wed, 11 Oct 2017 19:04:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAD_ENC_HEADER,BAYES_00, DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7EF5A2899E for ; Wed, 11 Oct 2017 19:04:17 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e2MGT-0000Rm-HC; Wed, 11 Oct 2017 19:01:57 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e2MGS-0000RQ-8Z for xen-devel@lists.xen.org; Wed, 11 Oct 2017 19:01:56 +0000 Received: from [193.109.254.147] by server-1.bemta-6.messagelabs.com id C9/5B-31121-3AA6ED95; Wed, 11 Oct 2017 19:01:55 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA1WSfUgTYRzHfW67edouzpn4c2jQ6EWymYmUGUn 4T64SjPpHMfK0011tN7lbMhHCNDRNyTCopqVlWfQiZpaiSSppGfiSLuhNzUpSMUskCyfW3W5a 3V/f5z7f7+/3feAhFJpFXEswNivDc7RJp/JWGjejBP21o8MJYd0OXeT1mWrlLhTb2eLE4lEiz nIpFlsybrS35GEZtbStv7oYz0Gv9xUhb0JJnVRAzccuRRHyIhCVBPUNhUgCGuosBs++N6okoK FSoe3WAi5pFRUBtZV9npJeRVngXFMNJmkFFQ7NbZUuvy8VBXM/HUjSSmodvH034cqS1B64c2H BtQyo1fCmt9Clvai9YO95ism79kDnoz6V7PeB7kuflfJ8gPbxcXd2DXxo73cVBaoCQfXcPJLD G6DVOeU2BUFnT4VS1nGwWFqFy4EqBK/bWxXyIc8T6krsYpoQD5vg/ICP/L/ME4by61Ry2gB93 3JxWWdARckZ9+p+HEZaLiMZBMLszYduUI7D4+kBd6dkmP7txGTQqIavZfNuV6EntHUP4qVog/ 2f29r/uW0Vwm6jYIHhMxleHx4WmsKz6UarmWZN+i1hW0PNjCDQ6YyJThFCUy3meiS+BQ/xa0L zNfEdKIDAdH7kaNJwgmZliuVIlpEWjIf54yZG6ECBBKED8j4rMh+eSWdsaaxJfFBLGAi1bhV5 UcKkkEGbBTZdRi+Qnjj9ZmgB0yg5C8do/cl6yURJJuNxbnnE0rMcQEFaXxKJpTTqDIY3s9b/+ STyJ5DOl1wrTVGznHV506RYAhNL+KW9l0pY6b9Im4Og7HnotmPDY7GlMdtnHBix/tLmgqyXhw pG9f4Ga3bmipgTgWlJHq332OYe3x27v7yq/wEHDdFc5C9nRM5Ubm8pf8VPWz6Y6BMcIsRe88i 1cFGxcdEPLjqLHasNDTcGm6Oy/U+FcAFVzN2xT9GzmqtPdo6Mdxk69e/2k7ZXEwfydUrBSG/Z qOAF+g+2Hmb7kQMAAA== X-Env-Sender: Volodymyr_Babchuk@epam.com X-Msg-Ref: server-6.tower-27.messagelabs.com!1507748514!111416509!1 X-Originating-IP: [104.47.1.89] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 19326 invoked from network); 11 Oct 2017 19:01:54 -0000 Received: from mail-ve1eur01on0089.outbound.protection.outlook.com (HELO EUR01-VE1-obe.outbound.protection.outlook.com) (104.47.1.89) by server-6.tower-27.messagelabs.com with AES256-SHA256 encrypted SMTP; 11 Oct 2017 19:01:54 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=EPAM.onmicrosoft.com; s=selector1-epam-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UJGwtAocx2F4fj3lwqujVev1RNUeUvAgOEjGC86+6Ds=; b=kawbzi0oZbwqaoF8jW+LFh21CxRgyYwAztJS9wzTcn2/5VTkYdVeTqA+66TvamKXY/gDiDtVEem714UYVmn3f069NBLoYG5waXKQUACESxTu1dFeyoqcaIwQkec2OluQIdKWayO6gws3yTWEhcVElAR/oEQg9Nnc26wPr3xGRjg= Received: from EPUAKYIW2556.kyiv.epam.com (85.223.209.56) by VI1PR0301MB2141.eurprd03.prod.outlook.com (2603:10a6:800:26::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Wed, 11 Oct 2017 19:01:50 +0000 Received: by EPUAKYIW2556.kyiv.epam.com (sSMTP sendmail emulation); Wed, 11 Oct 2017 22:01:46 +0300 From: Volodymyr Babchuk To: Stefano Stabellini , Julien Grall , xen-devel@lists.xen.org Date: Wed, 11 Oct 2017 22:01:22 +0300 Message-Id: <1507748484-16871-3-git-send-email-volodymyr_babchuk@epam.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1507748484-16871-1-git-send-email-volodymyr_babchuk@epam.com> References: <1507748484-16871-1-git-send-email-volodymyr_babchuk@epam.com> MIME-Version: 1.0 X-Originating-IP: [85.223.209.56] X-ClientProxiedBy: HE1PR0102CA0063.eurprd01.prod.exchangelabs.com (2603:10a6:7:7d::40) To VI1PR0301MB2141.eurprd03.prod.outlook.com (2603:10a6:800:26::14) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9ac70172-f151-4a32-dc28-08d510da880e X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:VI1PR0301MB2141; X-Microsoft-Exchange-Diagnostics: 1; VI1PR0301MB2141; 3:kIY1gimoAoXoTyAZpBd//1w0YGXq2o6BaIqAxTH3TB+avzYoabKbw9xSUSqEct9hmMlLJPHvXjHeUCV4cXjLGquPtvkjXjP/9mZFXwoFaHbhE436YX9I0y1BTbh5/OBpaGURPTrVEn2G7QWKy/lsxxnOUwksNXdfTlHZrWb67uTEIIyRAyaxTU2iQeChGL63Jg/CYMrbaHCdLqfR6t3r3jGUlIKCMwtQWAuezXqnt2/l9hKKi0BHEdWJnQsaG+ei; 25:YkduOJVN6j1raS6xMRO05+8qPRGOXrwJ2FeKuE3lhd0/Pg+jtKQXl3FkCUmc+FbKMDLlCJwdJDxw6qunmIiNn4+QtQMVpNHMkx1piFRm5wglVsTeDK0SDGLUT7KI0Vb0ASgialZPEIPK89aiNo4RQaFUiakLhv+tso1mmKUps3/yJ8EFZv2dL7OC+6BhS4mGNQDFcnmbNyxL23WWyrhcOXIlYqLWYknFto5J7e29LqvYP+QA9knGA0mKicCTryD54kGOEO2OAetTK9djgYvnhIbuhTps43khKAiL7Rrrnq/j4+k9hSBrM1sh9OLxJoU4H3SRARJjLBGTrxxzrBWKFQ==; 31:MhE391e7/MY0RrbwG4XpO3R4uNnP7HKCLBl9PfP9/ALYh303Qo0pheDIQ88jZaqQmxaIcVdPurmTjaSxO13hNv1vgkQakayz9vyhYlwGLRAtUQbViOe8qYdiqda/I68/pMPQgEc5nWlHBOPo8/lVaKaCt45Yr0iPyhW7s/TlWaYR2W7cTpI7leXqNxVo3+/J3K8+zYteIX1kuWI/J/pr+zDDrb0pnzYWLhvnvuhw79Y= X-MS-TrafficTypeDiagnostic: VI1PR0301MB2141: X-Microsoft-Exchange-Diagnostics: 1; VI1PR0301MB2141; 20:CxmQUCBLPu1CUyFVHXTVn8ip9gNSsVhbITdOG2g4qhorV2xtJfsNBrxdouMSrnQayx+QA4sR9DM6Mq7EN43K10gLvePQi8OZV0JrfU6AAAfmN7HakqwBkPdkwSPGwk0Q1vmcjOXszcL7XwrMA5CjrkGFklRD+KOmswiaWbbsDpA7Oa/eeBuv/dKt652+7gJVJUY/O632+2G1l6ZlqOtQSlqrkg+OSZdV3cl2XsxZC82r3CC9UP9aKA3wURvj6N9yUUDKnJsQrhNsnTpgC7tXbnlpPNJ45k/iI6cKOuSHCKMyYk82KculWmx02Hfw+woEGAGXDj0rhLxsq9E8vMIO6XZz3vzDya3odif3mvZFr4w/mc59UXVtAX9aRi7zo25vQNziFpDwMYApfToIOn3sGGIQxHHYfQDNssE0HRRtOc452DdH4wFG7vS99+glmDrVS81vwHmIzvRAzW4X//hZXr0UcN9ggSw0UKGCnOOafyImZc9QtQmv/TbhqzGSEdR1; 4:2UbpVL7JY1dl68Ia88i4Lg2yHPcXf8VGrPuJKRmO7f57vaGdq/X8F3lktTHOXwoLPcd1NI3L0bmOJ1RXIraE28wh+1jhUCM35EZMefaOaANBOG3bFCLsEpzVJCmZuSWp8xg1upSQ4Wsjm6GHCGXhnthBFJo421h2lIwsXOQoI+IsuugsS13U6WpnkyIrWHC0yN2oEBGwtVfvwhSzHTZQ3AgvhzkIGPlqJ/KkG76YHF32AMDT5pkdHQexyMc/4DHsZ6fd9xXeRlUeCUlaZCdZ2/RuPRi59Sewc4PWGMLB0vW8zttJglwIno0NjBD6RGhzAZvDFH5JDUqahRMmk2NeKQ== X-Exchange-Antispam-Report-Test: UriScan:(4114951738403)(70601490899591); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(6041248)(20161123558100)(20161123564025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR0301MB2141; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR0301MB2141; X-Forefront-PRVS: 0457F11EAF X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(189002)(199003)(48376002)(189998001)(6666003)(5003940100001)(72206003)(5660300001)(2906002)(68736007)(316002)(97736004)(7736002)(110136005)(36756003)(42186006)(575784001)(80792005)(86362001)(16586007)(122856001)(106356001)(8936002)(81166006)(101416001)(6116002)(4326008)(53936002)(50986999)(305945005)(33646002)(107886003)(76176999)(3846002)(8676002)(81156014)(50466002)(478600001)(50226002)(2950100002)(66066001)(47776003)(105586002)(41533002)(2004002)(6606295002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0301MB2141; H:EPUAKYIW2556.kyiv.epam.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: epam.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; VI1PR0301MB2141; 23:qEOjwzztv8IEX7X1fUIm60cKQEw71EyAdY6Rf7P?= =?us-ascii?Q?jp70jRb9ZfzI3WM/XQQ8oF6V2soPxTSBqnhhcs/SabMikSpO8NbXqo/ty27G?= =?us-ascii?Q?XNI7vHEXXYp/WMqC5fINCZSdYR13w37oGjS88mBEcP7mcjBPfmuBL5igEis1?= =?us-ascii?Q?Qw3Em+tw3fvFPi40vE+fEHG/ne76O5+enztTSKImGF6NzCCpWX7CLQxBfM3u?= =?us-ascii?Q?outhAWW4wkDeTGbShmBu2GqlQOloFsZjHXR9H/0GKrkho2HJ2Y+UiomnOTZG?= =?us-ascii?Q?gsChgm5qLIsOuazTJrmKKzD3vEU7ETxV7pfc4bvH5yDnpY2ZugdgJj4EUQ6g?= =?us-ascii?Q?/TAP+3kJonPkeJZlSEBaIIsuXQH6cGgXCRKmGeLbT3ZuC99weFTSAgRmnjeA?= =?us-ascii?Q?nR7Q6DB4ZCt3mnwXi2vucCLbFaNpWbCNbK7hrhuEZFulDsYdJnEzxY3VA4/M?= =?us-ascii?Q?cz+sQSBrIrGJecztXhCt0nEzCEKegdxxmVhNsb2XN+P9HlQg11WiL6qXqGxX?= =?us-ascii?Q?vZr9y+pUil9f9xNy2YctQRy6XRfu3jK1PdY5xr9vhdDcXCcwKgCahoVVhINN?= =?us-ascii?Q?k0trjvskhnvksK2xk0NwHhEPEZnwYv1niUtsrgBr4pIwFIbtg6WIO8D7qoe+?= =?us-ascii?Q?+nqJD3yELf8UZLsgisntcz2c/ChKgrXJ4MayKx2iBJRjXRPi9MsDdwO1TOz2?= =?us-ascii?Q?unYUt0hPIR/GMc9eVN/q3uEizTvthKLfVSA7AdTHbcxxgPZy1hQymDWM+Qbm?= =?us-ascii?Q?rJXF+hz18pQVeEXyRpyNGgWCPn+vn0VP0221f+SsKyqopOSrpcqx93Y4wnAr?= =?us-ascii?Q?IsCuX/ck8MQCRT0ojrd95vQxhGbl8hujURuHzOz4GncpwjNjF3iqQ538prtL?= =?us-ascii?Q?OoIcKhD88QYhUN4Dsi7DNu8lVBiLWJltSbQtivIgMHFKZ6ReeNScPy9WCJPi?= =?us-ascii?Q?ntUGQnxias5bxZ2y6Iz/YxmrLxZPGkzLuASs3Paq0BIbnKuQChxAc6fZn895?= =?us-ascii?Q?Kk2bU/bBh5P5bc95phTmJoZlzlGEWk5xBXaL09aRGXitcn1MjbTQVVfSAapZ?= =?us-ascii?Q?vAE8gqSmcqv+cGBq2uvufFj8kxaZEi+ClTPFFFb0gloSKbdKObwcESXnN3kW?= =?us-ascii?Q?EsLV7X5C5zfblisMZGAP0sBeSBamDrvz9KPMpAUMh6qaU+P0p9fVt4Q=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; VI1PR0301MB2141; 6:OZcPBYG1CAOpAm4i6qpeSE/Cd14B5qpMb18+Pp98BBvmh4GL5uLJeKsihXNQ9C+r+1hwnyyGEDePzQf2dILeyFX7dzt2Jt23aSxmjrsyESZT7GwcU73IZoF6jsIhAHNV7k+Zw0wIxSNLmvg59RC2TddKFjf/PSs3EKVQZlM7toFvvFsKCqUuQeSFFXHmJcbA9wEcFPKnAZ1WOVQSeLU3Sub9jUUvg8yxWZ/tPBLUlk/lP1YGuRueznp6iEa9d4B+P0LMTg+ZGSRj48Dt6wC81GfaWFbwzIEIZi4v6yCYG6OaSkgSTCIoAGjV6Rdy8v9PMwntRELBFlZEwHykOtvEQQ==; 5:hc1NkMCCFD7aklEC7psofEz8ED/NX8pK+qIc2nCjoODzPVD8F9fl5lBG7BmH1LYfQoa426iq0O7tplKbE72x32zc4xLYQEnkeLD3fEtgQiub6SIKIJSkg1BZmHbD4pwzxhajZymyybbuXjN0NhLqYQ==; 24:VKTS0ZJLqkdoHvVXwL7j5I4if1yn9uJb96MZwO9SPHzHkioJDQWmm5L5SkB2HOUaW1RXbDl9KgGoWaX9G9thcsBJrWl7hsIj6a+8fkMQoPQ=; 7:kBMlCHYEF05K/Q/g3LVFNYDT/2bnEdh244tshr2jD5AqWd1ySRQTO6/PIzUwVovRG2MVcQKHnaScsJE9dkXZoNLREtcNA3HeW+eULVH4sjBADqW66mcXoKOpNnqSpV8/D3JdZizf9hY53eyJBiLF9XWn6GOAAjKJMxCT8QEwbgPBExA6mPbMLU6MFbp2LQpBDMzwLgV3rbdyffvjwrFvPUoliio6LFF+xOzib8VcxYw= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Oct 2017 19:01:50.8135 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0301MB2141 Cc: Volodymyr Babchuk Subject: [Xen-devel] [RFC 2/4] arm: add generic TEE mediator framework X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP This patch adds basic framework for TEE mediators. Guests can't talk to TEE directly, we need some entity that will intercept request and decide what to do with them. "TEE mediaor" is a such entity. This is how it works: user can build XEN with multiple TEE mediators (see the next patches, where OP-TEE mediator is introduced). TEE mediator register self with REGISTER_TEE_MEDIATOR() macro in the same way, as device drivers use DT_DEVICE_START()/DT_DEVICE_END() macros. In runtime, during initialization, XEN issues standard SMC to read TEE UID. Using this UID it selects and initializes one of built-in mediators. Then generic vSMC handler will call selected mediator when it intercept SMC that belongs to TEE OS or TEE application. Also, there are hooks for domain construction and destruction, so TEE mediator can inform TEE about VM lifecycle. Signed-off-by: Volodymyr Babchuk --- MAINTAINERS | 5 ++ xen/arch/arm/Kconfig | 10 ++++ xen/arch/arm/Makefile | 1 + xen/arch/arm/domain.c | 7 +++ xen/arch/arm/setup.c | 4 ++ xen/arch/arm/tee/Kconfig | 0 xen/arch/arm/tee/Makefile | 1 + xen/arch/arm/tee/tee.c | 134 ++++++++++++++++++++++++++++++++++++++++++++++ xen/arch/arm/vsmc.c | 5 ++ xen/arch/arm/xen.lds.S | 7 +++ xen/include/asm-arm/tee.h | 79 +++++++++++++++++++++++++++ 11 files changed, 253 insertions(+) create mode 100644 xen/arch/arm/tee/Kconfig create mode 100644 xen/arch/arm/tee/Makefile create mode 100644 xen/arch/arm/tee/tee.c create mode 100644 xen/include/asm-arm/tee.h diff --git a/MAINTAINERS b/MAINTAINERS index 77b1e11..ede00c5 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -357,6 +357,11 @@ F: config/Stubdom.mk.in F: m4/stubdom.m4 F: stubdom/ +TEE MEDIATORS +M: Volodymyr Babchuk +S: Supported +F: xen/arch/arm/tee/* + TOOLSTACK M: Ian Jackson M: Wei Liu diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig index d46b98c..e1f112a 100644 --- a/xen/arch/arm/Kconfig +++ b/xen/arch/arm/Kconfig @@ -50,6 +50,14 @@ config HAS_ITS prompt "GICv3 ITS MSI controller support" if EXPERT = "y" depends on HAS_GICV3 +config ARM_TEE + bool "Enable TEE mediators support" + default n + depends on ARM + help + This option enables generic TEE mediators support. It allows guests + to access real TEE via one of TEE mediators implemented in XEN + endmenu menu "ARM errata workaround via the alternative framework" @@ -167,3 +175,5 @@ endmenu source "common/Kconfig" source "drivers/Kconfig" + +source "arch/arm/tee/Kconfig" diff --git a/xen/arch/arm/Makefile b/xen/arch/arm/Makefile index ede21fd..2710e0e 100644 --- a/xen/arch/arm/Makefile +++ b/xen/arch/arm/Makefile @@ -3,6 +3,7 @@ subdir-$(CONFIG_ARM_64) += arm64 subdir-y += platforms subdir-$(CONFIG_ARM_64) += efi subdir-$(CONFIG_ACPI) += acpi +subdir-$(CONFIG_ARM_TEE) += tee obj-$(CONFIG_HAS_ALTERNATIVE) += alternative.o obj-y += bootfdt.init.o diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 784ae39..3290d39 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -673,6 +674,9 @@ int arch_domain_create(struct domain *d, unsigned int domcr_flags, if ( is_hardware_domain(d) && (rc = domain_vuart_init(d)) ) goto fail; + /* Notify TEE that new domain was created */ + tee_domain_create(d); + return 0; fail: @@ -684,6 +688,9 @@ fail: void arch_domain_destroy(struct domain *d) { + /* Notify TEE that domain is being destroyed */ + tee_domain_destroy(d); + /* IOMMU page table is shared with P2M, always call * iommu_domain_destroy() before p2m_teardown(). */ diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 92f173b..8a4fcd8 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -47,6 +47,7 @@ #include #include #include +#include #include #include @@ -846,6 +847,9 @@ void __init start_xen(unsigned long boot_phys_offset, */ apply_alternatives_all(); + /* Initialize TEE mediator */ + tee_init(); + /* Create initial domain 0. */ /* The vGIC for DOM0 is exactly emulating the hardware GIC */ config.gic_version = XEN_DOMCTL_CONFIG_GIC_NATIVE; diff --git a/xen/arch/arm/tee/Kconfig b/xen/arch/arm/tee/Kconfig new file mode 100644 index 0000000..e69de29 diff --git a/xen/arch/arm/tee/Makefile b/xen/arch/arm/tee/Makefile new file mode 100644 index 0000000..c54d479 --- /dev/null +++ b/xen/arch/arm/tee/Makefile @@ -0,0 +1 @@ +obj-y += tee.o diff --git a/xen/arch/arm/tee/tee.c b/xen/arch/arm/tee/tee.c new file mode 100644 index 0000000..7f7a846 --- /dev/null +++ b/xen/arch/arm/tee/tee.c @@ -0,0 +1,134 @@ +/* + * xen/arch/arm/tee/tee.c + * + * Generic part of TEE mediator subsystem + * + * Volodymyr Babchuk + * Copyright (c) 2017 EPAM Systems. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include +#include +#include + +/* + * According to ARM SMCCC (ARM DEN 0028B, page 17), service owner + * for generic TEE queries is 63. + */ +#define TRUSTED_OS_GENERIC_API_OWNER 63 + +#define ARM_SMCCC_FUNC_GET_TEE_UID \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_CONV_32, \ + TRUSTED_OS_GENERIC_API_OWNER, \ + ARM_SMCCC_FUNC_CALL_UID) + +extern const struct tee_mediator_desc _steemediator[], _eteemediator[]; +static const struct tee_mediator_ops *mediator_ops; + +/* Helper function to read UID returned by SMC */ +static void parse_uid(const register_t regs[4], xen_uuid_t *uid) +{ + uint8_t *bytes = uid->a; + int n; + + /* + * UID is returned in registers r0..r3, four bytes per register, + * first byte is stored in low-order bits of a register. + * (ARM DEN 0028B page 14) + */ + for (n = 0; n < 16; n++) + bytes[n] = (uint8_t)(regs[n/4] >> ((n & 3) * 8)); + +} + +void tee_init(void) +{ + const struct tee_mediator_desc *desc; + register_t resp[4]; + xen_uuid_t tee_uid; + int ret; + + /* Read UUID to determine which TEE is running */ + call_smccc_smc(ARM_SMCCC_FUNC_GET_TEE_UID, 0, 0, 0, 0, 0, 0, 0, resp); + if ( resp[0] == 0xFFFFFFFF ) { + printk("No TEE found\n"); + return; + } + + parse_uid(resp, &tee_uid); + + printk("TEE UID: %02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n", + tee_uid.a[0 ], tee_uid.a[1 ], tee_uid.a[2 ], tee_uid.a[3 ], + tee_uid.a[4 ], tee_uid.a[5 ], tee_uid.a[6 ], tee_uid.a[7 ], + tee_uid.a[8 ], tee_uid.a[9 ], tee_uid.a[10], tee_uid.a[11], + tee_uid.a[12], tee_uid.a[13], tee_uid.a[14], tee_uid.a[15]); + + for ( desc = _steemediator; desc != _eteemediator; desc++ ) + if ( memcmp(&desc->uid, &tee_uid, sizeof(xen_uuid_t)) == 0 ) + { + printk("Using TEE mediator for %sp\n", desc->name); + mediator_ops = desc->ops; + break; + } + + if ( !mediator_ops ) + return; + + ret = mediator_ops->init(); + if ( ret ) + { + printk("TEE mediator failed to initialize :%d\n", ret); + mediator_ops = NULL; + } +} + +bool tee_handle_smc(struct cpu_user_regs *regs) +{ + if ( !mediator_ops ) + return false; + + return mediator_ops->handle_smc(regs); +} + +void tee_domain_create(struct domain *d) +{ + if ( !mediator_ops ) + return; + + return mediator_ops->domain_create(d); +} + +void tee_domain_destroy(struct domain *d) +{ + if ( !mediator_ops ) + return; + + return mediator_ops->domain_destroy(d); +} + +void tee_remove(void) +{ + if ( !mediator_ops ) + return; + + return mediator_ops->remove(); +} + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ diff --git a/xen/arch/arm/vsmc.c b/xen/arch/arm/vsmc.c index 7bd6008..186e34b 100644 --- a/xen/arch/arm/vsmc.c +++ b/xen/arch/arm/vsmc.c @@ -22,6 +22,7 @@ #include #include #include +#include #include /* Number of functions currently supported by Hypervisor Service. */ @@ -288,6 +289,10 @@ static bool vsmccc_handle_call(struct cpu_user_regs *regs) case ARM_SMCCC_OWNER_STANDARD: handled = handle_sssc(regs); break; + case ARM_SMCCC_OWNER_TRUSTED_APP ... ARM_SMCCC_OWNER_TRUSTED_APP_END: + case ARM_SMCCC_OWNER_TRUSTED_OS ... ARM_SMCCC_OWNER_TRUSTED_OS_END: + handled = tee_handle_smc(regs); + break; } } diff --git a/xen/arch/arm/xen.lds.S b/xen/arch/arm/xen.lds.S index c9b9546..b78b7f1 100644 --- a/xen/arch/arm/xen.lds.S +++ b/xen/arch/arm/xen.lds.S @@ -126,6 +126,13 @@ SECTIONS _aedevice = .; } :text + . = ALIGN(8); + .teemediator.info : { + _steemediator = .; + *(.teemediator.info) + _eteemediator = .; + } :text + . = ALIGN(PAGE_SIZE); /* Init code and data */ __init_begin = .; .init.text : { diff --git a/xen/include/asm-arm/tee.h b/xen/include/asm-arm/tee.h new file mode 100644 index 0000000..7f500ac --- /dev/null +++ b/xen/include/asm-arm/tee.h @@ -0,0 +1,79 @@ +/* + * xen/include/asm-arm/tee.h + * + * Generic part of TEE mediator subsystem + * + * Volodymyr Babchuk + * Copyright (c) 2017 EPAM Systems. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef __ARCH_ARM_TEE_TEE_H__ +#define __ARCH_ARM_TEE_TEE_H__ + +#include +#include +#include + +#ifdef CONFIG_ARM_TEE + +struct tee_mediator_ops { + int (*init)(void); + void (*domain_create)(struct domain *d); + void (*domain_destroy)(struct domain *d); + bool (*handle_smc)(struct cpu_user_regs *regs); + void (*remove)(void); +}; + +struct tee_mediator_desc { + const char *name; + const xen_uuid_t uid; + const struct tee_mediator_ops *ops; +}; + +void tee_init(void); +bool tee_handle_smc(struct cpu_user_regs *regs); +void tee_domain_create(struct domain *d); +void tee_domain_destroy(struct domain *d); +void tee_remove(void); + +#define REGISTER_TEE_MEDIATOR(_name, _namestr, _uid, _ops) \ +static const struct tee_mediator_desc __tee_desc_##_name __used \ +__section(".teemediator.info") = { \ + .name = _namestr, \ + .uid = _uid, \ + .ops = _ops \ +} + +#else + +static inline void tee_init(void) {} +static inline bool tee_handle_smc(struct cpu_user_regs *regs) +{ + return false; +} +static inline void tee_domain_create(struct domain *d) {} +static inline tee_domain_destroy(struct domain *d) {} +static inline tee_remove(void) {} + +#endif /* CONFIG_ARM_TEE */ + +#endif /* __ARCH_ARM_TEE_TEE_H__ */ + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */