bcm63xx/u-boot/drivers/tee, branch master

test/py: avb: fix test_avb_persistent_values fail

2019-05-09T23:52:55Z

Fix test_avb_persistent_values() pytest, which was failing because of wrong size value provided from tee sandbox driver. Reported-by: Heinrich Schuchardt Signed-off-by: Igor Opaniuk

avb: add support for named persistent values

2019-04-26T22:58:22Z

AVB 2.0 spec. revision 1.1 introduces support for named persistent values that must be tamper evident and allows AVB to store arbitrary key-value pairs [1]. Introduce implementation of two additional AVB operations read_persistent_value()/write_persistent_value() for retrieving/storing named persistent values. Correspondent pull request in the OP-TEE OS project repo [2]. [1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22 [2]: https://github.com/OP-TEE/optee_os/pull/2699 Reviewed-by: Simon Glass Reviewed-by: Sam Protsenko Signed-off-by: Igor Opaniuk

tee: change return code for REE FS supplicant cmd

2018-12-15T16:49:19Z

If OP-TEE core is compiled with support of REE FS and RPMB at the same time (CFG_RPMB_FS ?= y; CFG_RPMB_FS ?= y), and persistent storage API is used with TEE_STORAGE_PRIVATE storage id, it will lead to TA panic. E/TC:? 0 TA panicked with code 0xffff0009 ..... E/TC:? 0 Call stack: E/TC:? 0 0x000000004002f2f8 TEE_OpenPersistentObject at lib/libutee/tee_api_objects.c:422 In this particular case TEE_ERROR_STORAGE_NOT_AVAILABLE is more suitable than TEE_ERROR_NOT_IMPLEMENTED, as it provides to a TA a possibility to handle this error code [1]. >From GPD TEE Internal Core specification [2]: TEE_ERROR_STORAGE_NOT_AVAILABLE - if the persistent object is stored in a storage area which is currently inaccessible. It may be associated with the device but unplugged, busy, or inaccessible for some other reason. [1]: https://github.com/OP-TEE/optee_os/blob/94db01ef448d1e552161c2d861d57a5f8bda0cc0/lib/libutee/tee_api_objects.c#L419 [2]: https://globalplatform.org/wp-content/uploads/2018/06/GPD_TEE_Internal_Core_API_Specification_v1.1.2.50_PublicReview.pdf Signed-off-by: Igor Opaniuk Reviewed-by: Jens Wiklander

tee: add sandbox driver

2018-10-07T15:04:01Z

Adds a sandbox tee driver which emulates a generic TEE with the OP-TEE AVB TA. Reviewed-by: Simon Glass Signed-off-by: Jens Wiklander Reviewed-by: Simon Glass [trini: Fix printf warnings in ta_avb_invoke_func, slots is uint] Signed-off-by: Tom Rini

tee: optee: support AVB trusted application

2018-10-07T14:47:38Z

Adds configuration option OPTEE_TA_AVB and a header file describing the interface to the Android Verified Boot 2.0 (AVB) trusted application provided by OP-TEE. Tested-by: Igor Opaniuk Reviewed-by: Igor Opaniuk Signed-off-by: Jens Wiklander Reviewed-by: Simon Glass

optee: support routing of rpmb data frames to mmc

2018-10-07T14:47:38Z

Adds support in optee supplicant to route signed (MACed) RPMB frames from OP-TEE Secure OS to MMC and vice versa to manipulate the RPMB partition. Tested-by: Igor Opaniuk Signed-off-by: Jens Wiklander Reviewed-by: Simon Glass

tee: add OP-TEE driver

2018-10-07T14:47:38Z

Adds a OP-TEE driver. * Targets ARM and ARM64 * Supports using any U-Boot memory as shared memory * Probes OP-TEE version using SMCs * Uses OPTEE message protocol version 2 to communicate with secure world Reviewed-by: Simon Glass Tested-by: Igor Opaniuk Signed-off-by: Jens Wiklander

Add UCLASS_TEE for Trusted Execution Environment

2018-10-07T14:47:38Z

Adds a uclass to interface with a TEE (Trusted Execution Environment). A TEE driver is a driver that interfaces with a trusted OS running in some secure environment, for example, TrustZone on ARM cpus, or a separate secure co-processor etc. The TEE subsystem can serve a TEE driver for a Global Platform compliant TEE, but it's not limited to only Global Platform TEEs. The over all design is based on the TEE subsystem in the Linux kernel, tailored for U-Boot. Reviewed-by: Simon Glass Tested-by: Igor Opaniuk Signed-off-by: Jens Wiklander