Re: [PATCH v3 0/7] Introduction of a remoteproc tee to load signed firmware

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/14/2024 10:51 PM, Arnaud Pouliquen wrote:
Updates from the previous version [1]:

This version proposes another approach based on an alternate load and boot
of the coprocessor. Therefore, the constraint introduced by tee_remoteproc
is that the firmware has to be authenticated and loaded before the resource
table can be obtained.

The existing boot sequence is: >
   1) Get the resource table and store it in a cache,
      calling rproc->ops->parse_fw().
   2) Parse the resource table and handle resources,
      calling rproc_handle_resources.
   3) Load the firmware, calling rproc->ops->load().
   4) Start the firmware, calling rproc->ops->start().
=> Steps 1 and 2 are executed in rproc_fw_boot(), while steps 3 and 4 are
    executed in rproc_start().
=> the use of rproc->ops->load() ops is mandatory

The boot sequence needed for TEE boot is:

   1) Load the firmware.
   2) Get the loaded resource, no cache.
   3) Parse the resource table and handle resources.
   4) Start the firmware.

Hi,
What problem are we really addressing here by reordering load, parse of
FW resources?
Basically, what are the limitations of the current design you are referring to?
I understood that TEE is designed that way.


Then the crash recovery also has to be managed.For recovery, the cache is
used to temporarily save the resource table and then reapply it on
restart:
   1) Stop the remote processor, calling rproc->ops->stop().
   2) Load the firmware, calling rproc->ops->load().
   3) Copy cached resource table.
   4) Start the remote processor, calling rproc->ops->start().

=> This sequence is also needed when TEE manages the boot of the remote
    processor.
=> The rproc->ops->load() is also used in recovery sequence.

Based on the sequences described above, the proposal is to:

- Rework tee_rproc API to better match the rproc_ops structure.
   This allows to simply map the function to implement the load ops, which
   is not optional. The tee_rproc_load_fw() is updated in consequence.
- Remove the call of rproc_load_segments from rproc_start() to dissociate
   the load and the start. This is necessary to implement the boot sequence
   requested for the TEE remote proc support.
- Introduce an rproc_alt_fw_boot() function that is an alternative boot
   sequence, which implements the sequence requested for the TEE remoteproc
   support.


[1] https://lore.kernel.org/lkml/20240118100433.3984196-1-arnaud.pouliquen@xxxxxxxxxxx/T/


Description of the feature:

This series proposes the implementation of a remoteproc tee driver to
communicate with a TEE trusted application responsible for authenticating and
loading the remoteproc firmware image in an Arm secure context.

1) Principle:

The remoteproc tee driver provides services to communicate with the OP-TEE
trusted application running on the Trusted Execution Context (TEE).

s/Context/Environment?

The trusted application in TEE manages the remote processor lifecycle:

- authenticating and loading firmware images,
- isolating and securing the remote processor memories,
- supporting multi-firmware (e.g., TF-M + Zephyr on a Cortex-M33),
- managing the start and stop of the firmware by the TEE.


Regards,
Naman Jain





[Index of Archives]     [Device Tree Compilter]     [Device Tree Spec]     [Linux Driver Backports]     [Video for Linux]     [Linux USB Devel]     [Linux PCI Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Yosemite Backpacking]


  Powered by Linux