[PATCH v7 0/5] Introduction of a remoteproc tee to load signed firmware

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Main updates from version V6:
------------------------------------------

- Fix kernel robot build report on in tee_rproc_find_loaded_rsc_table() inline
  default definition.

Main updates from version V5[1][2]:
------------------------------------------

1) Rework resource table management
  - Rework tee_rproc_parse_fw to temporary map the resource table address
    to create a cached_table (similar to what is done in
    rproc_elf_load_rsc_table()).
  - Rename tee_rproc_get_loaded_rsc_table to tee_rproc_find_loaded_rsc_table
  - Introduce rproc_pa_to_va() allowing to translate the resource table
    physical address to virtual address based on remoteproc carveouts.

2) Merge the 2 "st,stm32-rproc.yaml" bindings patch in one
   As the st,rproc-id" is linked to the introduction of the
   "st,stm32mp1-m4-tee" compatible, merge following patches to address
   Krzysztof concern.
   - [PATCH v5 2/7] dt-bindings: remoteproc: Add compatibility for TEE support
   - [PATCH v5 3/7] dt-bindings: remoteproc: Add processor identifier property

More details on updates are listed in commits messages.

[1] https://lore.kernel.org/lkml/Zlil4YSjHxb0FRgf@p14s/T/
[2] https://lore.kernel.org/lkml/20240521122458.3517054-1-arnaud.pouliquen@xxxxxxxxxxx/

base-commit: 1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0

Description of the feature:
--------------------------
This series proposes the implementation of a remoteproc tee driver to
communicate with a TEE trusted application responsible for authenticating
and loading the remoteproc firmware image in an Arm secure context.

1) Principle:

The remoteproc tee driver provides services to communicate with the OP-TEE
trusted application running on the Trusted Execution Context (TEE).
The trusted application in TEE manages the remote processor lifecycle:

- authenticating and loading firmware images,
- isolating and securing the remote processor memories,
- supporting multi-firmware (e.g., TF-M + Zephyr on a Cortex-M33),
- managing the start and stop of the firmware by the TEE.

2) Format of the signed image:

Refer to:
https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/src/remoteproc_core.c#L18-L57

3) OP-TEE trusted application API:

Refer to:
https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/include/ta_remoteproc.h

4) OP-TEE signature script

Refer to:
https://github.com/OP-TEE/optee_os/blob/master/scripts/sign_rproc_fw.py

Example of usage:
sign_rproc_fw.py --in <fw1.elf> --in <fw2.elf> --out <signed_fw.sign> --key ${OP-TEE_PATH}/keys/default.pem


5) Impact on User space Application

No sysfs impact.the user only needs to provide the signed firmware image
instead of the ELF image.


For more information about the implementation, a presentation is available here
(note that the format of the signed image has evolved between the presentation
and the integration in OP-TEE).

https://resources.linaro.org/en/resource/6c5bGvZwUAjX56fvxthxds

Arnaud Pouliquen (5):
  remoteproc: core: Introduce rproc_pa_to_va helper
  remoteproc: Add TEE support
  dt-bindings: remoteproc: Add compatibility for TEE support
  remoteproc: stm32: Create sub-functions to request shutdown and
    release
  remoteproc: stm32: Add support of an OP-TEE TA to load the firmware

 .../bindings/remoteproc/st,stm32-rproc.yaml   |  58 ++-
 drivers/remoteproc/Kconfig                    |  10 +
 drivers/remoteproc/Makefile                   |   1 +
 drivers/remoteproc/remoteproc_core.c          |  74 ++-
 drivers/remoteproc/stm32_rproc.c              | 147 ++++--
 drivers/remoteproc/tee_remoteproc.c           | 451 ++++++++++++++++++
 include/linux/remoteproc.h                    |   7 +
 include/linux/tee_remoteproc.h                | 100 ++++
 8 files changed, 802 insertions(+), 46 deletions(-)
 create mode 100644 drivers/remoteproc/tee_remoteproc.c
 create mode 100644 include/linux/tee_remoteproc.h


base-commit: 1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0
-- 
2.25.1





[Index of Archives]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [Kernel]     [Photo Sharing]     [Gimp]     [Yosemite News]     [Linux Media]

  Powered by Linux