Unverified Commit ff0bebab authored by Arnd Bergmann's avatar Arnd Bergmann
Browse files

Merge tag 'tee-qcomtee-for-v6.18' of... 

Merge tag 'tee-qcomtee-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers

Add Qualcomm TEE driver (QTEE)

This introduces a Trusted Execution Environment (TEE) driver for
Qualcomm TEE (QTEE).

QTEE enables Trusted Applications (TAs) and services to run securely. It
uses an object-based interface, where each service is an object with
sets of operations.

Kernel and userspace services are also available to QTEE through a
similar approach. QTEE makes callback requests that are converted into
object invocations. These objects can represent services within the
kernel or userspace process.

We extend the TEE subsystem to understand object parameters and an ioctl
call so client can invoke objects in QTEE:
  - TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_*
  - TEE_IOC_OBJECT_INVOKE

The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are
used for invoking services in the userspace process by QTEE.

The TEE backend driver uses the QTEE Transport Message to communicate
with QTEE. Interactions through the object INVOKE interface are
translated into QTEE messages. Likewise, object invocations from QTEE
for userspace objects are converted into SEND/RECV ioctl calls to
supplicants.

* tag 'tee-qcomtee-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee:
  Documentation: tee: Add Qualcomm TEE driver
  tee: qcom: enable TEE_IOC_SHM_ALLOC ioctl
  tee: qcom: add primordial object
  tee: add Qualcomm TEE driver
  tee: increase TEE_MAX_ARG_SIZE to 4096
  tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF
  tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF
  tee: add close_context to TEE driver operation
  tee: allow a driver to allocate a tee_device without a pool

Link: https://lore.kernel.org/r/20250915174957.GA2040478@rayden


Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
parents ebc5eb9e dcc7a571

Documentation/tee/index.rst

+1 −0
Original line number Diff line number Diff line
@@ -11,6 +11,7 @@ TEE Subsystem 
   op-tee

   amd-tee

   ts-tee

   qtee



.. only::  subproject and html

Documentation/tee/qtee.rst

0 → 100644
+96 −0
Original line number Diff line number Diff line 
.. SPDX-License-Identifier: GPL-2.0



=============================================

QTEE (Qualcomm Trusted Execution Environment)

=============================================



The QTEE driver handles communication with Qualcomm TEE [1].



The lowest level of communication with QTEE builds on the ARM SMC Calling

Convention (SMCCC) [2], which is the foundation for QTEE's Secure Channel

Manager (SCM) [3] used internally by the driver.



In a QTEE-based system, services are represented as objects with a series of

operations that can be called to produce results, including other objects.



When an object is hosted within QTEE, executing its operations is referred

to as "direct invocation". QTEE can also invoke objects hosted in the non-secure

world using a method known as "callback request".



The SCM provides two functions to support direct invocation and callback requests:



- QCOM_SCM_SMCINVOKE_INVOKE: Used for direct invocation. It can return either

  a result or initiate a callback request.

- QCOM_SCM_SMCINVOKE_CB_RSP: Used to submit a response to a callback request

  triggered by a previous direct invocation.



The QTEE Transport Message [4] is stacked on top of the SCM driver functions.



A message consists of two buffers shared with QTEE: inbound and outbound

buffers. The inbound buffer is used for direct invocation, and the outbound

buffer is used to make callback requests. This picture shows the contents of

a QTEE transport message::



                                      +---------------------+

                                      |                     v

    +-----------------+-------+-------+------+--------------------------+

    | qcomtee_msg_    |object | buffer       |                          |

    |  object_invoke  |  id   | offset, size |                          | (inbound buffer)

    +-----------------+-------+--------------+--------------------------+

    <---- header -----><---- arguments ------><- in/out buffer payload ->



                                      +-----------+

                                      |           v

    +-----------------+-------+-------+------+----------------------+

    | qcomtee_msg_    |object | buffer       |                      |

    |  callback       |  id   | offset, size |                      | (outbound buffer)

    +-----------------+-------+--------------+----------------------+



Each buffer is started with a header and array of arguments.



QTEE Transport Message supports four types of arguments:



- Input Object (IO) is an object parameter to the current invocation

  or callback request.

- Output Object (OO) is an object parameter from the current invocation

  or callback request.

- Input Buffer (IB) is (offset, size) pair to the inbound or outbound region

  to store parameter to the current invocation or callback request.

- Output Buffer (OB) is (offset, size) pair to the inbound or outbound region

  to store parameter from the current invocation or callback request.



Picture of the relationship between the different components in the QTEE

architecture::



         User space               Kernel                     Secure world

         ~~~~~~~~~~               ~~~~~~                     ~~~~~~~~~~~~

   +--------+   +----------+                                +--------------+

   | Client |   |callback  |                                | Trusted      |

   +--------+   |server    |                                | Application  |

      /\        +----------+                                +--------------+

      ||  +----------+ /\                                          /\

      ||  |callback  | ||                                          ||

      ||  |server    | ||                                          \/

      ||  +----------+ ||                                   +--------------+

      ||       /\      ||                                   | TEE Internal |

      ||       ||      ||                                   | API          |

      \/       \/      \/   +--------+--------+             +--------------+

   +---------------------+  | TEE    | QTEE   |             | QTEE         |

   |   libqcomtee [5]    |  | subsys | driver |             | Trusted OS   |

   +-------+-------------+--+----+-------+----+-------------+--------------+

   |      Generic TEE API        |       |   QTEE MSG                      |

   |      IOCTL (TEE_IOC_*)      |       |   SMCCC (QCOM_SCM_SMCINVOKE_*)  |

   +-----------------------------+       +---------------------------------+



References

==========



[1] https://docs.qualcomm.com/bundle/publicresource/topics/80-70015-11/qualcomm-trusted-execution-environment.html



[2] http://infocenter.arm.com/help/topic/com.arm.doc.den0028a/index.html



[3] drivers/firmware/qcom/qcom_scm.c



[4] drivers/tee/qcomtee/qcomtee_msg.h



[5] https://github.com/quic/quic-teec

MAINTAINERS

+7 −0
Original line number Diff line number Diff line
@@ -20885,6 +20885,13 @@ F: Documentation/networking/device_drivers/cellular/qualcomm/rmnet.rst 
F:	drivers/net/ethernet/qualcomm/rmnet/

F:	include/linux/if_rmnet.h









QUALCOMM TEE (QCOMTEE) DRIVER









M:	Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com>









L:	linux-arm-msm@vger.kernel.org









S:	Maintained









F:	Documentation/tee/qtee.rst









F:	drivers/tee/qcomtee/

















QUALCOMM TRUST ZONE MEMORY ALLOCATOR









M:	Bartosz Golaszewski <bartosz.golaszewski@linaro.org>









L:	linux-arm-msm@vger.kernel.org

























drivers/tee/Kconfig



+1
−0






























Original line number
Diff line number
Diff line







@@ -20,5 +20,6 @@ config TEE_DMABUF_HEAPS







source "drivers/tee/optee/Kconfig"









source "drivers/tee/amdtee/Kconfig"









source "drivers/tee/tstee/Kconfig"









source "drivers/tee/qcomtee/Kconfig"



















endif
























drivers/tee/Makefile



+1
−0






























Original line number
Diff line number
Diff line







@@ -7,3 +7,4 @@ tee-objs += tee_shm_pool.o







obj-$(CONFIG_OPTEE) += optee/









obj-$(CONFIG_AMDTEE) += amdtee/









obj-$(CONFIG_ARM_TSTEE) += tstee/









obj-$(CONFIG_QCOMTEE) += qcomtee/