/linux/Documentation/tee/ |
H A D | op-tee.rst | 1 .. SPDX-License-Identifier: GPL-2.0 4 OP-TEE (Open Portable Trusted Execution Environment) 7 The OP-TEE driver handles OP-TEE [1] based TEEs. Currently it is only the ARM 8 TrustZone based OP-TEE solution that is supported. 10 Lowest level of communication with OP-TEE builds on ARM SMC Calling 11 Convention (SMCCC) [2], which is the foundation for OP-TEE's SMC interface 12 [3] used internally by the driver. Stacked on top of that is OP-TEE Message 15 OP-TEE SMC interface provides the basic functions required by SMCCC and some 16 additional functions specific for OP-TEE. The most interesting functions are: 18 - OPTEE_SMC_FUNCID_CALLS_UID (part of SMCCC) returns the version information [all …]
|
H A D | index.rst | 1 .. SPDX-License-Identifier: GPL-2.0 4 TEE Subsystem 10 tee 11 op-tee 12 amd-tee 13 ts-tee
|
/linux/Documentation/ABI/testing/ |
H A D | sysfs-bus-optee-devices | 1 What: /sys/bus/tee/devices/optee-ta-<uuid>/ 4 Contact: op-tee@lists.trustedfirmware.org 6 OP-TEE bus provides reference to registered drivers under this directory. The <uuid> 8 are free to create needed API under optee-ta-<uuid> directory. 10 What: /sys/bus/tee/devices/optee-ta-<uuid>/need_supplicant 13 Contact: op-tee@lists.trustedfirmware.org 15 Allows to distinguish whether an OP-TEE based TA/device requires user-space 16 tee-supplicant to function properly or not. This attribute will be present for 17 devices which depend on tee-supplicant to be running.
|
/linux/drivers/firmware/arm_scmi/ |
H A D | optee.c |
|
H A D | Kconfig | 1 # SPDX-License-Identifier: GPL-2.0-only 9 set of operating system-independent software interfaces that are 11 interfaces for: Discovery and self-description of the interfaces 13 a given device or domain into the various power-saving states that
|
/linux/drivers/nvmem/ |
H A D | stm32-bsec-optee-ta.h | 1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 3 * OP-TEE STM32MP BSEC PTA interface, used by STM32 ROMEM driver 5 * Copyright (C) 2022, STMicroelectronics - All Rights Reserved 10 * stm32_bsec_optee_ta_open() - initialize the STM32 BSEC TA 11 * @ctx: the OP-TEE context on success 14 * On success, 0. On failure, -errno. 19 * stm32_bsec_optee_ta_close() - release the STM32 BSEC TA 20 * @ctx: the OP-TEE context 22 * This function used to clean the OP-TEE resources initialized in 29 * stm32_bsec_optee_ta_read() - nvmem read access using TA client driver [all …]
|
H A D | stm32-bsec-optee-ta.c | 1 // SPDX-License-Identifier: GPL-2.0-or-later 3 * OP-TEE STM32MP BSEC PTA interface, used by STM32 ROMEM driver 5 * Copyright (C) 2022, STMicroelectronics - All Rights Reserved 10 #include "stm32-bsec-optee-ta.h" 21 * TEE_SUCCESS - Invoke command success 22 * TEE_ERROR_BAD_PARAMETERS - Incorrect input param 23 * TEE_ERROR_ACCESS_DENIED - OTP not accessible by caller 36 * TEE_SUCCESS - Invoke command success 37 * TEE_ERROR_BAD_PARAMETERS - Incorrect input param 38 * TEE_ERROR_ACCESS_DENIED - OTP not accessible by caller [all …]
|
H A D | stm32-romem.c | 1 // SPDX-License-Identifier: GPL-2.0 3 * STM32 Factory-programmed memory read access driver 5 * Copyright (C) 2017, STMicroelectronics - All Rights Reserved 9 #include <linux/arm-smccc.h> 12 #include <linux/nvmem-provider.h> 18 #include "stm32-bsec-optee-ta.h" 20 /* BSEC secure service access from non-secure */ 51 *buf8++ = readb_relaxed(priv->base + i); in stm32_romem_read() 56 static int stm32_bsec_smc(u8 op, u32 otp, u32 data, u32 *result) in stm32_bsec_smc() argument 61 arm_smccc_smc(STM32_SMC_BSEC, op, otp, data, 0, 0, 0, 0, &res); in stm32_bsec_smc() [all …]
|
/linux/arch/arm/mach-at91/ |
H A D | sam_secure.c | 1 // SPDX-License-Identifier: GPL-2.0-or-later 6 #include <linux/arm-smccc.h> 19 struct arm_smccc_res res = {.a0 = -1}; in sam_smccc_call() 41 * We only check that the OP-TEE node is present and available. The in sam_secure_init() 42 * OP-TEE kernel driver is not needed for the type of interaction made in sam_secure_init() 43 * with OP-TEE here so the driver's status is not checked. in sam_secure_init() 51 pr_info("Running under OP-TEE firmware\n"); in sam_secure_init()
|
H A D | sama5.c | 1 // SPDX-License-Identifier: GPL-2.0-or-later 12 #include <asm/hardware/cache-l2x0.h> 23 /* OP-TEE configures the L2 cache and does not allow modifying it yet */ in sama5_l2c310_write_sec()
|
/linux/drivers/firmware/broadcom/ |
H A D | tee_bnxt_fw.c | 1 // SPDX-License-Identifier: GPL-2.0 21 * TA_CMD_BNXT_FASTBOOT - boot bnxt device by copying f/w into sram 29 * TEE_SUCCESS - Invoke command success 30 * TEE_ERROR_ITEM_NOT_FOUND - Corrupt f/w image found on memory 35 * TA_CMD_BNXT_COPY_COREDUMP - copy the core dump into shm 37 * param[0] (inout memref) - Coredump buffer memory reference 38 * param[1] (in value) - value.a: offset, data to be copied from 44 * TEE_SUCCESS - Invoke command success 45 * TEE_ERROR_BAD_PARAMETERS - Incorrect input param 46 * TEE_ERROR_ITEM_NOT_FOUND - Corrupt core dump [all …]
|
/linux/drivers/tee/amdtee/ |
H A D | amdtee_if.h | 1 /* SPDX-License-Identifier: MIT */ 8 * This file has definitions related to Host and AMD-TEE Trusted OS interface. 9 * These definitions must match the definitions on the TEE side. 18 ** TEE Param 23 * struct memref - memory reference structure 52 /* Must be same as in GP TEE specification */ 67 ** TEE Commands 72 * non-contiguous. Below structures are meant to describe a shared memory region 77 * struct tee_sg_desc - sg descriptor for a physically contiguous buffer 89 * struct tee_sg_list - structure describing a scatter/gather list [all …]
|
H A D | call.c | 1 // SPDX-License-Identifier: MIT 7 #include <linux/tee.h> 9 #include <linux/psp-tee.h> 15 static int tee_params_to_amd_params(struct tee_param *tee, u32 count, in tee_params_to_amd_params() argument 24 if (!tee || !amd || count > TEE_MAX_PARAMS) in tee_params_to_amd_params() 25 return -EINVAL; in tee_params_to_amd_params() 27 amd->param_types = 0; in tee_params_to_amd_params() 29 /* AMD TEE does not support meta parameter */ in tee_params_to_amd_params() 30 if (tee[i].attr > TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT) in tee_params_to_amd_params() 31 return -EINVAL; in tee_params_to_amd_params() [all …]
|
/linux/Documentation/devicetree/bindings/arm/firmware/ |
H A D | linaro,optee-tz.yaml | 1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause) 3 --- 4 $id: http://devicetree.org/schemas/arm/firmware/linaro,optee-tz.yaml# 5 $schema: http://devicetree.org/meta-schemas/core.yaml# 7 title: OP-TEE 10 - Jens Wiklander <jens.wiklander@linaro.org> 13 OP-TEE is a piece of software using hardware features to provide a Trusted 25 const: linaro,optee-tz 31 software is expected to be either a per-cpu interrupt or an 32 edge-triggered peripheral interrupt. [all …]
|
/linux/drivers/char/hw_random/ |
H A D | optee-rng.c | 1 // SPDX-License-Identifier: GPL-2.0 3 * Copyright (C) 2018-2019 Linaro Ltd. 15 #define DRIVER_NAME "optee-rng" 20 * TA_CMD_GET_ENTROPY - Get Entropy from RNG 22 * param[0] (inout memref) - Entropy buffer memory reference 28 * TEE_SUCCESS - Invoke command success 29 * TEE_ERROR_BAD_PARAMETERS - Incorrect input param 30 * TEE_ERROR_NOT_SUPPORTED - Requested entropy size greater than size of pool 31 * TEE_ERROR_HEALTH_TEST_FAIL - Continuous health testing failed 36 * TA_CMD_GET_RNG_INFO - Get RNG information [all …]
|
H A D | Kconfig | 1 # SPDX-License-Identifier: GPL-2.0-only 13 module will be called rng-core. This provides a device 28 This driver provides kernel-side support for a generic Random 31 the default FPGA bitstream on the TS-7800 has such functionality. 34 module will be called timeriomem-rng. 43 This driver provides kernel-side support for the Random Number 44 Generator hardware found on Intel i8xx-based motherboards. 47 module will be called intel-rng. 57 This driver provides kernel-side support for the Random Number 58 Generator hardware found on AMD 76x-based motherboards. [all …]
|
/linux/drivers/rtc/ |
H A D | rtc-optee.c | 1 // SPDX-License-Identifier: GPL-2.0 40 * struct optee_rtc - OP-TEE RTC private data 41 * @dev: OP-TEE based RTC device. 42 * @ctx: OP-TEE context handler. 64 inv_arg.session = priv->session_id; in optee_rtc_readtime() 69 param[0].u.memref.shm = priv->shm; in optee_rtc_readtime() 72 ret = tee_client_invoke_func(priv->ctx, &inv_arg, param); in optee_rtc_readtime() 74 return ret ? ret : -EPROTO; in optee_rtc_readtime() 76 optee_tm = tee_shm_get_va(priv->shm, 0); in optee_rtc_readtime() 81 return -EPROTO; in optee_rtc_readtime() [all …]
|
/linux/arch/arm/mach-omap2/ |
H A D | omap-secure.c | 1 // SPDX-License-Identifier: GPL-2.0-only 11 #include <linux/arm-smccc.h> 23 #include "omap-secure.h" 39 * We only check that the OP-TEE node is present and available. The in omap_optee_init_check() 40 * OP-TEE kernel driver is not needed for the type of interaction made in omap_optee_init_check() 41 * with OP-TEE here so the driver's status is not checked. in omap_optee_init_check() 50 * omap_secure_dispatcher - Routine to dispatch low power secure 57 * Return the non-zero error value on failure. 101 * If this platform has OP-TEE installed we use ARM SMC calls in omap_smc1() 150 * Return the non-zero error value on failure. [all …]
|
H A D | pm33xx-core.c | 1 // SPDX-License-Identifier: GPL-2.0 5 * Copyright (C) 2016-2018 Texas Instruments Incorporated - https://www.ti.com/ 18 #include <linux/platform_data/gpio-omap.h> 33 #include "omap-secure.h" 52 return -ENOMEM; in am43xx_map_scu() 60 pr_warn("WARNING: This platform does not support off-mode, entering DeepSleep suspend.\n"); in am33xx_check_off_mode_enable() 69 * Check for am437x-gp-evm which has the right Hardware design to in am43xx_check_off_mode_enable() 72 if (of_machine_is_compatible("ti,am437x-gp-evm") && enable_off_mode) in am43xx_check_off_mode_enable() 75 pr_warn("WARNING: This platform does not support off-mode, entering DeepSleep suspend.\n"); in am43xx_check_off_mode_enable() 87 return -ENODEV; in amx3_common_init() [all …]
|
/linux/drivers/tee/optee/ |
H A D | optee_msg.h | 1 /* SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause) */ 3 * Copyright (c) 2015-2021, Linaro Limited 12 * This file defines the OP-TEE message protocol (ABI) used to communicate 13 * with an instance of OP-TEE running in secure world. 21 * Part 1 - formatting of messages 49 * Pointer to a list of pages used to register user-defined SHM buffer. 52 * list of page addresses. OP-TEE core can reconstruct contiguous buffer from 64 * uint64_t pages_array[OPTEE_MSG_NONCONTIG_PAGE_SIZE/sizeof(uint64_t) - 1]; 88 * Same values as TEE_LOGIN_* from TEE Internal API 98 * Page size used in non-contiguous buffer entries [all …]
|
/linux/drivers/firmware/efi/stmm/ |
H A D | mm_communication.h | 1 /* SPDX-License-Identifier: GPL-2.0+ */ 4 * in OP-TEE. Most of the structs and defines resemble the EDK2 naming. 16 * Secure Partition running at Secure-EL0 22 * Defined in OP-TEE, this UUID is used to identify the pseudo-TA. 23 * OP-TEE is using big endian GUIDs while UEFI uses little endian ones 34 * struct efi_mm_communicate_header - Header used for SMM variable communication 56 #define ARM_SVC_SPM_RET_NOT_SUPPORTED -1 57 #define ARM_SVC_SPM_RET_INVALID_PARAMS -2 58 #define ARM_SVC_SPM_RET_DENIED -3 59 #define ARM_SVC_SPM_RET_NO_MEMORY -5 [all …]
|
H A D | tee_stmm_efi.c | 1 // SPDX-License-Identifier: GPL-2.0+ 3 * EFI variable service via TEE 11 #include <linux/tee.h> 38 /* currently only OP-TEE is supported as a communication path */ in tee_ctx_match() 39 if (ver->impl_id == TEE_IMPL_ID_OPTEE) in tee_ctx_match() 46 * tee_mm_communicate() - Pass a buffer to StandaloneMM running in TEE 65 buf_size = mm_hdr->message_len + sizeof(efi_guid_t) + sizeof(size_t); in tee_mm_communicate() 117 * mm_communicate() - Adjust the communication buffer to StandAlonneMM and send 118 * it to TEE 135 var_hdr = (struct smm_variable_communicate_header *)mm_hdr->data; in mm_communicate() [all …]
|
/linux/Documentation/security/keys/ |
H A D | trusted-encrypted.rst | 33 (2) TEE (Trusted Execution Environment: OP-TEE based on Arm TrustZone) 35 Rooted to Hardware Unique Key (HUK) which is generally burnt in on-chip 36 fuses and is accessible to TEE only. 41 mode, trust is rooted to the OTPMK, a never-disclosed 256-bit key 45 (4) DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs) 47 Rooted to a one-time programmable key (OTP) that is generally burnt 48 in the on-chip fuses and is accessible to the DCP encryption engine only. 59 (2) TEE 86 (2) TEE 89 be extended with TEE based measured boot process. [all …]
|
/linux/include/uapi/linux/ |
H A D | tee.h | 2 * Copyright (c) 2015-2016, Linaro Limited 35 * This file describes the API provided by a TEE driver to user space. 37 * Each TEE driver defines a TEE specific protocol which is used for the 47 #define TEE_GEN_CAP_GP (1 << 0)/* GlobalPlatform compliant TEE */ 52 #define TEE_MEMREF_NULL (__u64)(-1) /* NULL MemRef Buffer */ 55 * TEE Implementation ID 62 * OP-TEE specific capabilities 67 * struct tee_ioctl_version_data - TEE version 68 * @impl_id: [out] TEE implementation id 72 * Identifies the TEE implementation, @impl_id is one of TEE_IMPL_ID_* above. [all …]
|
/linux/drivers/crypto/caam/ |
H A D | intern.h | 1 /* SPDX-License-Identifier: GPL-2.0 */ 6 * Copyright 2008-2011 Freescale Semiconductor, Inc. 16 /* Currently comes from Kconfig param as a ^2 (driver-required) */ 20 * Maximum size for crypto-engine software queue based on Job Ring 21 * size (JOBR_DEPTH) and a THRESHOLD (reserved for the non-crypto-API 22 * requests that are not passed through crypto-engine) 25 #define CRYPTO_ENGINE_MAX_QLEN (JOBR_DEPTH - THRESHOLD) 39 * Storage for tracking each in-process entry moving across a ring 60 /* Private sub-storage for a single JobR */ 80 * DMA-safe */ [all …]
|