| Message ID | 20250428-qcom-tee-using-tee-ss-without-mem-obj-v4-5-6a143640a6cb@oss.qualcomm.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE) | expand |
Hi Amir, On Mon, Apr 28, 2025 at 11:06:26PM -0700, Amirreza Zarrabi wrote: > Qualcomm TEE (QTEE) hosts Trusted Applications (TAs) and services in > the secure world, accessed via objects. A QTEE client can invoke these > objects to request services. Similarly, QTEE can request services from > the nonsecure world using objects exported to the secure world. > > Add low-level primitives to facilitate the invocation of objects hosted > in QTEE, as well as those hosted in the nonsecure world. > > If support for object invocation is available, the qcom_scm allocates > a dedicated child platform device. The driver for this device communicates > with QTEE using low-level primitives. > > Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com> > --- > drivers/firmware/qcom/qcom_scm.c | 128 +++++++++++++++++++++++++++++++++ > drivers/firmware/qcom/qcom_scm.h | 7 ++ > include/linux/firmware/qcom/qcom_scm.h | 27 +++++++ > 3 files changed, 162 insertions(+) > > diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c > index fc4d67e4c4a6..bff1b0d3306e 100644 > --- a/drivers/firmware/qcom/qcom_scm.c > +++ b/drivers/firmware/qcom/qcom_scm.c > @@ -2084,6 +2084,124 @@ static int qcom_scm_qseecom_init(struct qcom_scm *scm) > > #endif /* CONFIG_QCOM_QSEECOM */ > > +#ifdef CONFIG_QCOMTEE > + > +/** > + * qcom_scm_qtee_invoke_smc() - Invoke a QTEE object. > + * @inbuf: start address of memory area used for inbound buffer. > + * @inbuf_size: size of the memory area used for inbound buffer. > + * @outbuf: start address of memory area used for outbound buffer. > + * @outbuf_size: size of the memory area used for outbound buffer. > + * @result: result of QTEE object invocation. > + * @response_type: response type returned by QTEE. > + * > + * @response_type determines how the contents of @inbuf and @outbuf > + * should be processed. > + * > + * Return: On success, return 0 or <0 on failure. > + */ > +int qcom_scm_qtee_invoke_smc(phys_addr_t inbuf, size_t inbuf_size, > + phys_addr_t outbuf, size_t outbuf_size, > + u64 *result, u64 *response_type) > +{ > + struct qcom_scm_desc desc = { > + .svc = QCOM_SCM_SVC_SMCINVOKE, > + .cmd = QCOM_SCM_SMCINVOKE_INVOKE, > + .owner = ARM_SMCCC_OWNER_TRUSTED_OS, > + .args[0] = inbuf, > + .args[1] = inbuf_size, > + .args[2] = outbuf, > + .args[3] = outbuf_size, > + .arginfo = QCOM_SCM_ARGS(4, QCOM_SCM_RW, QCOM_SCM_VAL, > + QCOM_SCM_RW, QCOM_SCM_VAL), > + }; > + struct qcom_scm_res res; > + int ret; > + > + ret = qcom_scm_call(__scm->dev, &desc, &res); > + if (ret) > + return ret; > + > + *response_type = res.result[0]; > + *result = res.result[1]; > + > + return 0; > +} > +EXPORT_SYMBOL(qcom_scm_qtee_invoke_smc); > + > +/** > + * qcom_scm_qtee_callback_response() - Submit response for callback request. > + * @buf: start address of memory area used for outbound buffer. > + * @buf_size: size of the memory area used for outbound buffer. > + * @result: Result of QTEE object invocation. > + * @response_type: Response type returned by QTEE. > + * > + * @response_type determines how the contents of @buf should be processed. > + * > + * Return: On success, return 0 or <0 on failure. > + */ > +int qcom_scm_qtee_callback_response(phys_addr_t buf, size_t buf_size, > + u64 *result, u64 *response_type) > +{ > + struct qcom_scm_desc desc = { > + .svc = QCOM_SCM_SVC_SMCINVOKE, > + .cmd = QCOM_SCM_SMCINVOKE_CB_RSP, > + .owner = ARM_SMCCC_OWNER_TRUSTED_OS, > + .args[0] = buf, > + .args[1] = buf_size, > + .arginfo = QCOM_SCM_ARGS(2, QCOM_SCM_RW, QCOM_SCM_VAL), > + }; > + struct qcom_scm_res res; > + int ret; > + > + ret = qcom_scm_call(__scm->dev, &desc, &res); > + if (ret) > + return ret; > + > + *response_type = res.result[0]; > + *result = res.result[1]; > + > + return 0; > +} > +EXPORT_SYMBOL(qcom_scm_qtee_callback_response); > + > +static void qcom_scm_qtee_free(void *data) > +{ > + struct platform_device *qtee_dev = data; > + > + platform_device_unregister(qtee_dev); > +} > + > +static int qcom_scm_qtee_init(struct qcom_scm *scm) > +{ > + struct platform_device *qtee_dev; > + int ret; > + I am still unable to get the QCOMTEE driver to work on db845c. As I can see machine: "qcom,sdm845" is not supported for tzmem based on SHM brigde here: drivers/firmware/qcom/qcom_tzmem.c +81. I am still seeing following logs from userspace: # /mnt/unittest -d [test_print_diagnostics_info][31] test_get_client_env_object. [test_supplicant_release][65] test_supplicant_worker killed. I think you should first check here for SHM bridge support. If available then only add a QTEE platform device. -Sumit > + /* Setup QTEE interface device. */ > + qtee_dev = platform_device_alloc("qcomtee", -1); > + if (!qtee_dev) > + return -ENOMEM; > + > + qtee_dev->dev.parent = scm->dev; > + > + ret = platform_device_add(qtee_dev); > + if (ret) { > + platform_device_put(qtee_dev); > + return ret; > + } > + > + return devm_add_action_or_reset(scm->dev, qcom_scm_qtee_free, qtee_dev); > +} > + > +#else > + > +static int qcom_scm_qtee_init(struct qcom_scm *scm) > +{ > + return 0; > +} > + > +#endif /* CONFIG_QCOMTEE */ > + > /** > * qcom_scm_is_available() - Checks if SCM is available > */ > @@ -2319,6 +2437,16 @@ static int qcom_scm_probe(struct platform_device *pdev) > ret = qcom_scm_qseecom_init(scm); > WARN(ret < 0, "failed to initialize qseecom: %d\n", ret); > > + /* > + * Initialize the QTEE object interface. > + * > + * This only represents the availability for QTEE object invocation > + * and callback support. On failure, ignore the result. Any subsystem > + * depending on it may fail if it tries to access this interface. > + */ > + ret = qcom_scm_qtee_init(scm); > + WARN(ret < 0, "failed to initialize qcomtee: %d\n", ret); > + > return 0; > > err: > diff --git a/drivers/firmware/qcom/qcom_scm.h b/drivers/firmware/qcom/qcom_scm.h > index 097369d38b84..a25202e99f7c 100644 > --- a/drivers/firmware/qcom/qcom_scm.h > +++ b/drivers/firmware/qcom/qcom_scm.h > @@ -152,6 +152,13 @@ struct qcom_tzmem_pool *qcom_scm_get_tzmem_pool(void); > #define QCOM_SCM_SVC_GPU 0x28 > #define QCOM_SCM_SVC_GPU_INIT_REGS 0x01 > > +/* ARM_SMCCC_OWNER_TRUSTED_OS calls */ > + > +#define QCOM_SCM_SVC_SMCINVOKE 0x06 > +#define QCOM_SCM_SMCINVOKE_INVOKE_LEGACY 0x00 > +#define QCOM_SCM_SMCINVOKE_CB_RSP 0x01 > +#define QCOM_SCM_SMCINVOKE_INVOKE 0x02 > + > /* common error codes */ > #define QCOM_SCM_V2_EBUSY -12 > #define QCOM_SCM_ENOMEM -5 > diff --git a/include/linux/firmware/qcom/qcom_scm.h b/include/linux/firmware/qcom/qcom_scm.h > index 983e1591bbba..bf5e64f6deba 100644 > --- a/include/linux/firmware/qcom/qcom_scm.h > +++ b/include/linux/firmware/qcom/qcom_scm.h > @@ -176,4 +176,31 @@ static inline int qcom_scm_qseecom_app_send(u32 app_id, > > #endif /* CONFIG_QCOM_QSEECOM */ > > +#ifdef CONFIG_QCOMTEE > + > +int qcom_scm_qtee_invoke_smc(phys_addr_t inbuf, size_t inbuf_size, > + phys_addr_t outbuf, size_t outbuf_size, > + u64 *result, u64 *response_type); > +int qcom_scm_qtee_callback_response(phys_addr_t buf, size_t buf_size, > + u64 *result, u64 *response_type); > + > +#else /* CONFIG_QCOMTEE */ > + > +static inline int qcom_scm_qtee_invoke_smc(phys_addr_t inbuf, size_t inbuf_size, > + phys_addr_t outbuf, > + size_t outbuf_size, u64 *result, > + u64 *response_type) > +{ > + return -EINVAL; > +} > + > +static inline int qcom_scm_qtee_callback_response(phys_addr_t buf, > + size_t buf_size, u64 *result, > + u64 *response_type) > +{ > + return -EINVAL; > +} > + > +#endif /* CONFIG_QCOMTEE */ > + > #endif > > -- > 2.34.1 > >
On Wed, 14 May 2025 at 11:37, Sumit Garg <sumit.garg@kernel.org> wrote: > > Hi Amir, > > I am still unable to get the QCOMTEE driver to work on db845c. As I can > see machine: "qcom,sdm845" is not supported for tzmem based on SHM > brigde here: drivers/firmware/qcom/qcom_tzmem.c +81. I am still seeing > following logs from userspace: > > # /mnt/unittest -d > [test_print_diagnostics_info][31] test_get_client_env_object. > [test_supplicant_release][65] test_supplicant_worker killed. > > I think you should first check here for SHM bridge support. If available > then only add a QTEE platform device. > On platforms not supporting SHM Bridge, the module should fall back to non-SHM mode. Isn't it the case? Bart
On Wed, May 14, 2025 at 05:27:44PM +0200, Bartosz Golaszewski wrote: > On Wed, 14 May 2025 at 11:37, Sumit Garg <sumit.garg@kernel.org> wrote: > > > > Hi Amir, > > > > I am still unable to get the QCOMTEE driver to work on db845c. As I can > > see machine: "qcom,sdm845" is not supported for tzmem based on SHM > > brigde here: drivers/firmware/qcom/qcom_tzmem.c +81. I am still seeing > > following logs from userspace: > > > > # /mnt/unittest -d > > [test_print_diagnostics_info][31] test_get_client_env_object. > > [test_supplicant_release][65] test_supplicant_worker killed. > > > > I think you should first check here for SHM bridge support. If available > > then only add a QTEE platform device. > > > > On platforms not supporting SHM Bridge, the module should fall back to > non-SHM mode. Isn't it the case? Okay, I see. Amir clarified offline how the non-SHM mode works. IIUC, the memory registration with QTEE is not required and instead QTEE can directly work with memory references being passed as part of object invocation. So it looks like the user space app not working on db845c is another issue with QTEE which needs to be fixed. -Sumit
diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c index fc4d67e4c4a6..bff1b0d3306e 100644 --- a/drivers/firmware/qcom/qcom_scm.c +++ b/drivers/firmware/qcom/qcom_scm.c @@ -2084,6 +2084,124 @@ static int qcom_scm_qseecom_init(struct qcom_scm *scm) #endif /* CONFIG_QCOM_QSEECOM */ +#ifdef CONFIG_QCOMTEE + +/** + * qcom_scm_qtee_invoke_smc() - Invoke a QTEE object. + * @inbuf: start address of memory area used for inbound buffer. + * @inbuf_size: size of the memory area used for inbound buffer. + * @outbuf: start address of memory area used for outbound buffer. + * @outbuf_size: size of the memory area used for outbound buffer. + * @result: result of QTEE object invocation. + * @response_type: response type returned by QTEE. + * + * @response_type determines how the contents of @inbuf and @outbuf + * should be processed. + * + * Return: On success, return 0 or <0 on failure. + */ +int qcom_scm_qtee_invoke_smc(phys_addr_t inbuf, size_t inbuf_size, + phys_addr_t outbuf, size_t outbuf_size, + u64 *result, u64 *response_type) +{ + struct qcom_scm_desc desc = { + .svc = QCOM_SCM_SVC_SMCINVOKE, + .cmd = QCOM_SCM_SMCINVOKE_INVOKE, + .owner = ARM_SMCCC_OWNER_TRUSTED_OS, + .args[0] = inbuf, + .args[1] = inbuf_size, + .args[2] = outbuf, + .args[3] = outbuf_size, + .arginfo = QCOM_SCM_ARGS(4, QCOM_SCM_RW, QCOM_SCM_VAL, + QCOM_SCM_RW, QCOM_SCM_VAL), + }; + struct qcom_scm_res res; + int ret; + + ret = qcom_scm_call(__scm->dev, &desc, &res); + if (ret) + return ret; + + *response_type = res.result[0]; + *result = res.result[1]; + + return 0; +} +EXPORT_SYMBOL(qcom_scm_qtee_invoke_smc); + +/** + * qcom_scm_qtee_callback_response() - Submit response for callback request. + * @buf: start address of memory area used for outbound buffer. + * @buf_size: size of the memory area used for outbound buffer. + * @result: Result of QTEE object invocation. + * @response_type: Response type returned by QTEE. + * + * @response_type determines how the contents of @buf should be processed. + * + * Return: On success, return 0 or <0 on failure. + */ +int qcom_scm_qtee_callback_response(phys_addr_t buf, size_t buf_size, + u64 *result, u64 *response_type) +{ + struct qcom_scm_desc desc = { + .svc = QCOM_SCM_SVC_SMCINVOKE, + .cmd = QCOM_SCM_SMCINVOKE_CB_RSP, + .owner = ARM_SMCCC_OWNER_TRUSTED_OS, + .args[0] = buf, + .args[1] = buf_size, + .arginfo = QCOM_SCM_ARGS(2, QCOM_SCM_RW, QCOM_SCM_VAL), + }; + struct qcom_scm_res res; + int ret; + + ret = qcom_scm_call(__scm->dev, &desc, &res); + if (ret) + return ret; + + *response_type = res.result[0]; + *result = res.result[1]; + + return 0; +} +EXPORT_SYMBOL(qcom_scm_qtee_callback_response); + +static void qcom_scm_qtee_free(void *data) +{ + struct platform_device *qtee_dev = data; + + platform_device_unregister(qtee_dev); +} + +static int qcom_scm_qtee_init(struct qcom_scm *scm) +{ + struct platform_device *qtee_dev; + int ret; + + /* Setup QTEE interface device. */ + qtee_dev = platform_device_alloc("qcomtee", -1); + if (!qtee_dev) + return -ENOMEM; + + qtee_dev->dev.parent = scm->dev; + + ret = platform_device_add(qtee_dev); + if (ret) { + platform_device_put(qtee_dev); + return ret; + } + + return devm_add_action_or_reset(scm->dev, qcom_scm_qtee_free, qtee_dev); +} + +#else + +static int qcom_scm_qtee_init(struct qcom_scm *scm) +{ + return 0; +} + +#endif /* CONFIG_QCOMTEE */ + /** * qcom_scm_is_available() - Checks if SCM is available */ @@ -2319,6 +2437,16 @@ static int qcom_scm_probe(struct platform_device *pdev) ret = qcom_scm_qseecom_init(scm); WARN(ret < 0, "failed to initialize qseecom: %d\n", ret); + /* + * Initialize the QTEE object interface. + * + * This only represents the availability for QTEE object invocation + * and callback support. On failure, ignore the result. Any subsystem + * depending on it may fail if it tries to access this interface. + */ + ret = qcom_scm_qtee_init(scm); + WARN(ret < 0, "failed to initialize qcomtee: %d\n", ret); + return 0; err: diff --git a/drivers/firmware/qcom/qcom_scm.h b/drivers/firmware/qcom/qcom_scm.h index 097369d38b84..a25202e99f7c 100644 --- a/drivers/firmware/qcom/qcom_scm.h +++ b/drivers/firmware/qcom/qcom_scm.h @@ -152,6 +152,13 @@ struct qcom_tzmem_pool *qcom_scm_get_tzmem_pool(void); #define QCOM_SCM_SVC_GPU 0x28 #define QCOM_SCM_SVC_GPU_INIT_REGS 0x01 +/* ARM_SMCCC_OWNER_TRUSTED_OS calls */ + +#define QCOM_SCM_SVC_SMCINVOKE 0x06 +#define QCOM_SCM_SMCINVOKE_INVOKE_LEGACY 0x00 +#define QCOM_SCM_SMCINVOKE_CB_RSP 0x01 +#define QCOM_SCM_SMCINVOKE_INVOKE 0x02 + /* common error codes */ #define QCOM_SCM_V2_EBUSY -12 #define QCOM_SCM_ENOMEM -5 diff --git a/include/linux/firmware/qcom/qcom_scm.h b/include/linux/firmware/qcom/qcom_scm.h index 983e1591bbba..bf5e64f6deba 100644 --- a/include/linux/firmware/qcom/qcom_scm.h +++ b/include/linux/firmware/qcom/qcom_scm.h @@ -176,4 +176,31 @@ static inline int qcom_scm_qseecom_app_send(u32 app_id, #endif /* CONFIG_QCOM_QSEECOM */ +#ifdef CONFIG_QCOMTEE + +int qcom_scm_qtee_invoke_smc(phys_addr_t inbuf, size_t inbuf_size, + phys_addr_t outbuf, size_t outbuf_size, + u64 *result, u64 *response_type); +int qcom_scm_qtee_callback_response(phys_addr_t buf, size_t buf_size, + u64 *result, u64 *response_type); + +#else /* CONFIG_QCOMTEE */ + +static inline int qcom_scm_qtee_invoke_smc(phys_addr_t inbuf, size_t inbuf_size, + phys_addr_t outbuf, + size_t outbuf_size, u64 *result, + u64 *response_type) +{ + return -EINVAL; +} + +static inline int qcom_scm_qtee_callback_response(phys_addr_t buf, + size_t buf_size, u64 *result, + u64 *response_type) +{ + return -EINVAL; +} + +#endif /* CONFIG_QCOMTEE */ + #endif
Qualcomm TEE (QTEE) hosts Trusted Applications (TAs) and services in the secure world, accessed via objects. A QTEE client can invoke these objects to request services. Similarly, QTEE can request services from the nonsecure world using objects exported to the secure world. Add low-level primitives to facilitate the invocation of objects hosted in QTEE, as well as those hosted in the nonsecure world. If support for object invocation is available, the qcom_scm allocates a dedicated child platform device. The driver for this device communicates with QTEE using low-level primitives. Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com> --- drivers/firmware/qcom/qcom_scm.c | 128 +++++++++++++++++++++++++++++++++ drivers/firmware/qcom/qcom_scm.h | 7 ++ include/linux/firmware/qcom/qcom_scm.h | 27 +++++++ 3 files changed, 162 insertions(+)