summaryrefslogtreecommitdiff
path: root/include/tee.h
blob: 99367b258e2970c1c581670bee1e24a420742e4c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
/* SPDX-License-Identifier: GPL-2.0+ */
/*
 * Copyright (c) 2018 Linaro Limited
 */

#ifndef __TEE_H
#define __TEE_H

#include <linux/bitops.h>
#include <linux/list.h>

#define TEE_UUID_LEN		16

#define TEE_GEN_CAP_GP          BIT(0)	/* GlobalPlatform compliant TEE */
#define TEE_GEN_CAP_REG_MEM     BIT(1)	/* Supports registering shared memory */

#define TEE_SHM_REGISTER	BIT(0)	/* In list of shared memory */
#define TEE_SHM_SEC_REGISTER	BIT(1)	/* TEE notified of this memory */
#define TEE_SHM_ALLOC		BIT(2)	/* The memory is malloced() and must */
					/* be freed() */

#define TEE_PARAM_ATTR_TYPE_NONE		0	/* parameter not used */
#define TEE_PARAM_ATTR_TYPE_VALUE_INPUT		1
#define TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT	2
#define TEE_PARAM_ATTR_TYPE_VALUE_INOUT		3	/* input and output */
#define TEE_PARAM_ATTR_TYPE_MEMREF_INPUT	5
#define TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT	6
#define TEE_PARAM_ATTR_TYPE_MEMREF_INOUT	7	/* input and output */
#define TEE_PARAM_ATTR_TYPE_MASK		0xff
#define TEE_PARAM_ATTR_META			0x100
#define TEE_PARAM_ATTR_MASK			(TEE_PARAM_ATTR_TYPE_MASK | \
						 TEE_PARAM_ATTR_META)

/*
 * Some Global Platform error codes which has a meaning if the
 * TEE_GEN_CAP_GP bit is returned by the driver in
 * struct tee_version_data::gen_caps
 */
#define TEE_SUCCESS			0x00000000
#define TEE_ERROR_STORAGE_NOT_AVAILABLE	0xf0100003
#define TEE_ERROR_GENERIC		0xffff0000
#define TEE_ERROR_BAD_PARAMETERS	0xffff0006
#define TEE_ERROR_ITEM_NOT_FOUND	0xffff0008
#define TEE_ERROR_NOT_IMPLEMENTED	0xffff0009
#define TEE_ERROR_NOT_SUPPORTED		0xffff000a
#define TEE_ERROR_COMMUNICATION		0xffff000e
#define TEE_ERROR_SECURITY		0xffff000f
#define TEE_ERROR_OUT_OF_MEMORY		0xffff000c
#define TEE_ERROR_OVERFLOW              0xffff300f
#define TEE_ERROR_TARGET_DEAD		0xffff3024
#define TEE_ERROR_STORAGE_NO_SPACE      0xffff3041

#define TEE_ORIGIN_COMMS		0x00000002
#define TEE_ORIGIN_TEE			0x00000003
#define TEE_ORIGIN_TRUSTED_APP		0x00000004

struct udevice;

/**
 * struct tee_optee_ta_uuid - OP-TEE Trusted Application (TA) UUID format
 *
 * Used to identify an OP-TEE TA and define suitable to initialize structs
 * of this format is distributed with the interface of the TA. The
 * individual fields of this struct doesn't have any special meaning in
 * OP-TEE. See RFC4122 for details on the format.
 */
struct tee_optee_ta_uuid {
	u32 time_low;
	u16 time_mid;
	u16 time_hi_and_version;
	u8 clock_seq_and_node[8];
};

/**
 * struct tee_shm - memory shared with the TEE
 * @dev:	The TEE device
 * @link:	List node in the list in struct struct tee_uclass_priv
 * @addr:	Pointer to the shared memory
 * @size:	Size of the the shared memory
 * @flags:	TEE_SHM_* above
 */
struct tee_shm {
	struct udevice *dev;
	struct list_head link;
	void *addr;
	ulong size;
	u32 flags;
};

/**
 * struct tee_param_memref - memory reference for a Trusted Application
 * @shm_offs:	Offset in bytes into the shared memory object @shm
 * @size:	Size in bytes of the memory reference
 * @shm:	Pointer to a shared memory object for the buffer
 *
 * Used as a part of struct tee_param, see that for more information.
 */
struct tee_param_memref {
	ulong shm_offs;
	ulong size;
	struct tee_shm *shm;
};

/**
 * struct tee_param_value - value parameter for a Trusted Application
 * @a, @b, @c:	Parameters passed by value
 *
 * Used as a part of struct tee_param, see that for more information.
 */
struct tee_param_value {
	u64 a;
	u64 b;
	u64 c;
};

/**
 * struct tee_param - invoke parameter for a Trusted Application
 * @attr:	Attributes
 * @u.memref:	Memref parameter if (@attr & TEE_PARAM_ATTR_MASK) is one of
 *		TEE_PARAM_ATTR_TYPE_MEMREF_* above
 * @u.value:	Value parameter if (@attr & TEE_PARAM_ATTR_MASK) is one of
 *		TEE_PARAM_ATTR_TYPE_VALUE_* above
 *
 * Parameters to TA are passed using an array of this struct, for
 * flexibility both value parameters and memory refereces can be used.
 */
struct tee_param {
	u64 attr;
	union {
		struct tee_param_memref memref;
		struct tee_param_value value;
	} u;
};

/**
 * struct tee_open_session_arg - extra arguments for tee_open_session()
 * @uuid:	[in] UUID of the Trusted Application
 * @clnt_uuid:	[in] Normally zeroes
 * @clnt_login:	[in] Normally 0
 * @session:	[out] Session id
 * @ret:	[out] return value
 * @ret_origin:	[out] origin of the return value
 */
struct tee_open_session_arg {
	u8 uuid[TEE_UUID_LEN];
	u8 clnt_uuid[TEE_UUID_LEN];
	u32 clnt_login;
	u32 session;
	u32 ret;
	u32 ret_origin;
};

/**
 * struct tee_invoke_arg - extra arguments for tee_invoke_func()
 * @func:	[in] Trusted Application function, specific to the TA
 * @session:	[in] Session id, from open session
 * @ret:	[out] return value
 * @ret_origin:	[out] origin of the return value
 */
struct tee_invoke_arg {
	u32 func;
	u32 session;
	u32 ret;
	u32 ret_origin;
};

/**
 * struct tee_version_data - description of TEE
 * @gen_caps:	Generic capabilities, TEE_GEN_CAP_* above
 */
struct tee_version_data {
	u32 gen_caps;
};

/**
 * struct tee_driver_ops - TEE driver operations
 * @get_version:	Query capabilities of TEE device,
 * @open_session:	Opens a session to a Trusted Application in the TEE,
 * @close_session:	Closes a session to Trusted Application,
 * @invoke_func:	Invokes a function in a Trusted Application,
 * @shm_register:	Registers memory shared with the TEE
 * @shm_unregister:	Unregisters memory shared with the TEE
 */
struct tee_driver_ops {
	/**
	 * get_version() - Query capabilities of TEE device
	 * @dev:	The TEE device
	 * @vers:	Pointer to version data
	 */
	void (*get_version)(struct udevice *dev, struct tee_version_data *vers);
	/**
	 * open_session() - Open a session to a Trusted Application
	 * @dev:	The TEE device
	 * @arg:	Open session arguments
	 * @num_param:	Number of elements in @param
	 * @param:	Parameters for Trusted Application
	 *
	 * Returns < 0 on error else see @arg->ret for result. If @arg->ret is
	 * TEE_SUCCESS the session identifier is available in @arg->session.
	 */
	int (*open_session)(struct udevice *dev,
			    struct tee_open_session_arg *arg, uint num_param,
			    struct tee_param *param);
	/**
	 * close_session() - Close a session to a Trusted Application
	 * @dev:	The TEE device
	 * @session:	Session id
	 *
	 * Return < 0 on error else 0, regardless the session will not be valid
	 * after this function has returned.
	 */
	int (*close_session)(struct udevice *dev, u32 session);
	/**
	 * tee_invoke_func() - Invoke a function in a Trusted Application
	 * @dev:	The TEE device
	 * @arg:	Invoke arguments
	 * @num_param:	Number of elements in @param
	 * @param:	Parameters for Trusted Application
	 *
	 * Returns < 0 on error else see @arg->ret for result.
	 */
	int (*invoke_func)(struct udevice *dev, struct tee_invoke_arg *arg,
			   uint num_param, struct tee_param *param);
	/**
	 * shm_register() - Registers memory shared with the TEE
	 * @dev:	The TEE device
	 * @shm:	Pointer to a shared memory object
	 * Returns 0 on success or < 0 on failure.
	 */
	int (*shm_register)(struct udevice *dev, struct tee_shm *shm);
	/**
	 * shm_unregister() - Unregisters memory shared with the TEE
	 * @dev:	The TEE device
	 * @shm:	Pointer to a shared memory object
	 * Returns 0 on success or < 0 on failure.
	 */
	int (*shm_unregister)(struct udevice *dev, struct tee_shm *shm);
};

/**
 * __tee_shm_add() - Internal helper function to register shared memory
 * @dev:	The TEE device
 * @align:	Required alignment of allocated memory block if
 *		(@flags & TEE_SHM_ALLOC)
 * @addr:	Address of memory block, ignored if (@flags & TEE_SHM_ALLOC)
 * @size:	Size of memory block
 * @flags:	TEE_SHM_* above
 * @shmp:	If the function return 0, this holds the allocated
 *		struct tee_shm
 *
 * returns 0 on success or < 0 on failure.
 */
int __tee_shm_add(struct udevice *dev, ulong align, void *addr, ulong size,
		  u32 flags, struct tee_shm **shmp);

/**
 * tee_shm_alloc() - Allocate shared memory
 * @dev:	The TEE device
 * @size:	Size of memory block
 * @flags:	TEE_SHM_* above
 * @shmp:	If the function return 0, this holds the allocated
 *		struct tee_shm
 *
 * returns 0 on success or < 0 on failure.
 */
int tee_shm_alloc(struct udevice *dev, ulong size, u32 flags,
		  struct tee_shm **shmp);

/**
 * tee_shm_register() - Registers shared memory
 * @dev:	The TEE device
 * @addr:	Address of memory block
 * @size:	Size of memory block
 * @flags:	TEE_SHM_* above
 * @shmp:	If the function return 0, this holds the allocated
 *		struct tee_shm
 *
 * returns 0 on success or < 0 on failure.
 */
int tee_shm_register(struct udevice *dev, void *addr, ulong size, u32 flags,
		     struct tee_shm **shmp);

/**
 * tee_shm_free() - Frees shared memory
 * @shm:	Shared memory object
 */
void tee_shm_free(struct tee_shm *shm);

/**
 * tee_shm_is_registered() - Check register status of shared memory object
 * @shm:	Pointer to shared memory object
 * @dev:	The TEE device
 *
 * Returns true if the shared memory object is registered for the supplied
 * TEE device
 */
bool tee_shm_is_registered(struct tee_shm *shm, struct udevice *dev);

/**
 * tee_find_device() - Look up a TEE device
 * @start:	if not NULL, continue search after this device
 * @match:	function to check TEE device, returns != 0 if the device
 *		matches
 * @data:	data for match function
 * @vers:	if not NULL, version data of TEE device of the device returned
 *
 * Returns a probed TEE device of the first TEE device matched by the
 * match() callback or NULL.
 */
struct udevice *tee_find_device(struct udevice *start,
				int (*match)(struct tee_version_data *vers,
					     const void *data),
				const void *data,
				struct tee_version_data *vers);

/**
 * tee_get_version() - Query capabilities of TEE device
 * @dev:	The TEE device
 * @vers:	Pointer to version data
 */
void tee_get_version(struct udevice *dev, struct tee_version_data *vers);

/**
 * tee_open_session() - Open a session to a Trusted Application
 * @dev:	The TEE device
 * @arg:	Open session arguments
 * @num_param:	Number of elements in @param
 * @param:	Parameters for Trusted Application
 *
 * Returns < 0 on error else see @arg->ret for result. If @arg->ret is
 * TEE_SUCCESS the session identifier is available in @arg->session.
 */
int tee_open_session(struct udevice *dev, struct tee_open_session_arg *arg,
		     uint num_param, struct tee_param *param);

/**
 * tee_close_session() - Close a session to a Trusted Application
 * @dev:	The TEE device
 * @session:	Session id
 *
 * Return < 0 on error else 0, regardless the session will not be valid
 * after this function has returned.
 */
int tee_close_session(struct udevice *dev, u32 session);

/**
 * tee_invoke_func() - Invoke a function in a Trusted Application
 * @dev:	The TEE device
 * @arg:	Invoke arguments
 * @num_param:	Number of elements in @param
 * @param:	Parameters for Trusted Application
 *
 * Returns < 0 on error else see @arg->ret for result.
 */
int tee_invoke_func(struct udevice *dev, struct tee_invoke_arg *arg,
		    uint num_param, struct tee_param *param);

/**
 * tee_optee_ta_uuid_from_octets() - Converts to struct tee_optee_ta_uuid
 * @d:	Destination struct
 * @s:	Source UUID octets
 *
 * Conversion to a struct tee_optee_ta_uuid represantion from binary octet
 * representation.
 */
void tee_optee_ta_uuid_from_octets(struct tee_optee_ta_uuid *d,
				   const u8 s[TEE_UUID_LEN]);

/**
 * tee_optee_ta_uuid_to_octets() - Converts from struct tee_optee_ta_uuid
 * @d:	Destination UUID octets
 * @s:	Source struct
 *
 * Conversion from a struct tee_optee_ta_uuid represantion to binary octet
 * representation.
 */
void tee_optee_ta_uuid_to_octets(u8 d[TEE_UUID_LEN],
				 const struct tee_optee_ta_uuid *s);

#endif /* __TEE_H */