[PATCH v1 0/3] add optee support for broadcom NS3 soc
This is fourth patch set series prepared on top of third patch set ("add FIT image support for broadcom NS3 soc").
This patch adds optee support.
Vikas Gupta (3): board: ns3: add optee based bnxt fw load driver configs: ns3: enable tee and optee driver arm: dts: ns3: add optee node
arch/arm/dts/ns3.dtsi | 7 ++ board/broadcom/bcmns3/Kconfig | 5 + board/broadcom/bcmns3/Makefile | 1 + board/broadcom/bcmns3/chimp_optee.c | 154 ++++++++++++++++++++++++++++ configs/bcm_ns3_defconfig | 5 +- include/brcm/chimp.h | 40 ++++++++ 6 files changed, 211 insertions(+), 1 deletion(-) create mode 100644 board/broadcom/bcmns3/chimp_optee.c create mode 100644 include/brcm/chimp.h
From: Vikas Gupta vikas.gupta@broadcom.com
Add optee based bnxt fw load driver.
Signed-off-by: Vikas Gupta vikas.gupta@broadcom.com Signed-off-by: Rayagonda Kokatanur rayagonda.kokatanur@broadcom.com --- board/broadcom/bcmns3/Kconfig | 5 + board/broadcom/bcmns3/Makefile | 1 + board/broadcom/bcmns3/chimp_optee.c | 154 ++++++++++++++++++++++++++++ include/brcm/chimp.h | 40 ++++++++ 4 files changed, 200 insertions(+) create mode 100644 board/broadcom/bcmns3/chimp_optee.c create mode 100644 include/brcm/chimp.h
diff --git a/board/broadcom/bcmns3/Kconfig b/board/broadcom/bcmns3/Kconfig index 8ce21f980d..84daad9415 100644 --- a/board/broadcom/bcmns3/Kconfig +++ b/board/broadcom/bcmns3/Kconfig @@ -12,4 +12,9 @@ config SYS_SOC config SYS_CONFIG_NAME default "bcm_ns3"
+config CHIMP_OPTEE + bool "Enable secure ChiMP firmware loading" + depends on OPTEE + default y + endif diff --git a/board/broadcom/bcmns3/Makefile b/board/broadcom/bcmns3/Makefile index 3404260148..08e1d7203b 100644 --- a/board/broadcom/bcmns3/Makefile +++ b/board/broadcom/bcmns3/Makefile @@ -3,3 +3,4 @@ # Copyright 2020 Broadcom.
obj-y := ns3.o +obj-$(CONFIG_CHIMP_OPTEE) += chimp_optee.o diff --git a/board/broadcom/bcmns3/chimp_optee.c b/board/broadcom/bcmns3/chimp_optee.c new file mode 100644 index 0000000000..edbb7afd91 --- /dev/null +++ b/board/broadcom/bcmns3/chimp_optee.c @@ -0,0 +1,154 @@ +// SPDX-License-Identifier: BSD-2-Clause +/* + * Copyright 2020 Broadcom. + */ + +#include <brcm/chimp.h> +#include <common.h> +#include <tee.h> + +#define CHMIP_BOOT_UUID { 0x6272636D, 0x2019, 0x0716, \ + { 0x42, 0x43, 0x4D, 0x5F, 0x53, 0x43, 0x48, 0x49 } } + +enum { + TEE_CHIMP_FASTBOOT = 0, + TEE_CHIMP_HEALTH_STATUS, + TEE_CHIMP_HANDSHAKE_STATUS, +} tee_chmip_cmd; + +struct bcm_chimp_data { + struct udevice *tee; + u32 session; +} chimp_data; + +static int get_open_session(struct bcm_chimp_data *b_data) +{ + struct udevice *tee = NULL; + + while (!b_data->tee) { + const struct tee_optee_ta_uuid uuid = CHMIP_BOOT_UUID; + struct tee_open_session_arg arg; + int rc; + + tee = tee_find_device(tee, NULL, NULL, NULL); + if (!tee) + return -ENODEV; + + memset(&arg, 0, sizeof(arg)); + tee_optee_ta_uuid_to_octets(arg.uuid, &uuid); + rc = tee_open_session(tee, &arg, 0, NULL); + if (!rc) { + b_data->tee = tee; + b_data->session = arg.session; + } + } + + return 0; +} + +int chimp_handshake_status_optee(u32 timeout, u32 *hs) +{ + struct tee_invoke_arg arg; + struct tee_param param[1]; + int ret; + + if (get_open_session(&chimp_data)) + return BCM_CHIMP_FAILURE; + + memset(&arg, 0, sizeof(arg)); + arg.func = TEE_CHIMP_HANDSHAKE_STATUS; + arg.session = chimp_data.session; + + param[0].attr = TEE_PARAM_ATTR_TYPE_VALUE_INOUT; + param[0].u.value.a = timeout; + + if (tee_invoke_func(chimp_data.tee, &arg, + ARRAY_SIZE(param), param)) { + printf("Handshake status command failed\n"); + ret = BCM_CHIMP_FAILURE; + goto out; + } + switch (arg.ret) { + case TEE_SUCCESS: + *hs = param[0].u.value.a; + ret = BCM_CHIMP_SUCCESS; + break; + default: + ret = BCM_CHIMP_FAILURE; + break; + } +out: + tee_close_session(chimp_data.tee, chimp_data.session); + chimp_data.tee = NULL; + + return ret; +} + +int chimp_health_status_optee(u32 *health) +{ + struct tee_invoke_arg arg; + struct tee_param param[1]; + int ret; + + if (get_open_session(&chimp_data)) + return BCM_CHIMP_FAILURE; + + memset(&arg, 0, sizeof(arg)); + arg.func = TEE_CHIMP_HEALTH_STATUS; + arg.session = chimp_data.session; + + param[0].attr = TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT; + + if (tee_invoke_func(chimp_data.tee, &arg, + ARRAY_SIZE(param), param)) { + printf("Helath status command failed\n"); + ret = BCM_CHIMP_FAILURE; + goto out; + } + switch (arg.ret) { + case TEE_SUCCESS: + *health = param[0].u.value.a; + ret = BCM_CHIMP_SUCCESS; + break; + default: + ret = BCM_CHIMP_FAILURE; + break; + } +out: + tee_close_session(chimp_data.tee, chimp_data.session); + chimp_data.tee = NULL; + + return ret; +} + +int chimp_fastboot_optee(void) +{ + struct tee_invoke_arg arg; + int ret; + + if (get_open_session(&chimp_data)) + return BCM_CHIMP_FAILURE; + + memset(&arg, 0, sizeof(arg)); + arg.func = TEE_CHIMP_FASTBOOT; + arg.session = chimp_data.session; + + if (tee_invoke_func(chimp_data.tee, &arg, 0, NULL)) { + printf("Chimp boot_fail\n"); + ret = BCM_CHIMP_FAILURE; + goto out; + } + switch (arg.ret) { + case TEE_SUCCESS: + ret = BCM_CHIMP_SUCCESS; + break; + default: + ret = BCM_CHIMP_FAILURE; + break; + } +out: + tee_close_session(chimp_data.tee, chimp_data.session); + chimp_data.tee = NULL; + + return ret; +} diff --git a/include/brcm/chimp.h b/include/brcm/chimp.h new file mode 100644 index 0000000000..c3d4594c4b --- /dev/null +++ b/include/brcm/chimp.h @@ -0,0 +1,40 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright 2020 Broadcom. + * + */ + +#ifndef __CHIMP_H__ +#define __CHIMP_H__ + +#include <common.h> +#include <linux/compiler.h> + +#define BCM_CHIMP_SUCCESS 0 +#define BCM_CHIMP_FAILURE (!BCM_CHIMP_SUCCESS) + +#ifdef CONFIG_CHIMP_OPTEE +int chimp_fastboot_optee(void); +int chimp_health_status_optee(u32 *status); +int chimp_handshake_status_optee(u32 timeout, u32 *hstatus); +#else +static inline int chimp_handshake_status_optee(u32 timeout, u32 *status) +{ + printf("ChiMP handshake status fail (OPTEE not enabled)\n"); + return BCM_CHIMP_FAILURE; +} + +static inline int chimp_health_status_optee(u32 *status) +{ + printf("ChiMP health status fail (OPTEE not enabled)\n"); + return BCM_CHIMP_FAILURE; +} + +static inline int chimp_fastboot_optee(void) +{ + printf("ChiMP secure boot fail (OPTEE not enabled)\n"); + return BCM_CHIMP_FAILURE; +} +#endif + +#endif
Hi Rayagonda and Vikas,
Rayagonda Kokatanur rayagonda.kokatanur@broadcom.com writes:
From: Vikas Gupta vikas.gupta@broadcom.com
Add optee based bnxt fw load driver.
What is "bnxt"? Maybe you could add a comment explaining what it is, or at least expanding it if it's an acronym?
Thanks, Thomas
Hi,
On Tue, 19 May 2020 at 20:15, Thomas Fitzsimmons fitzsim@fitzsim.org wrote:
Hi Rayagonda and Vikas,
Rayagonda Kokatanur rayagonda.kokatanur@broadcom.com writes:
From: Vikas Gupta vikas.gupta@broadcom.com
Add optee based bnxt fw load driver.
What is "bnxt"? Maybe you could add a comment explaining what it is, or at least expanding it if it's an acronym?
Also how about putting it in drivers/ ?
Also are there docs somewhere on how an image is put together?
- Simon
Hi Simon,
On Fri, May 22, 2020 at 12:51 AM Simon Glass sjg@chromium.org wrote:
Hi,
On Tue, 19 May 2020 at 20:15, Thomas Fitzsimmons fitzsim@fitzsim.org wrote:
Hi Rayagonda and Vikas,
Rayagonda Kokatanur rayagonda.kokatanur@broadcom.com writes:
From: Vikas Gupta vikas.gupta@broadcom.com
Add optee based bnxt fw load driver.
What is "bnxt"? Maybe you could add a comment explaining what it is, or at least expanding it if it's an acronym?
Also how about putting it in drivers/ ?
Okay, I will move the driver file to drivers/tee/broadcom and header file to include/broadcom/.
Also are there docs somewhere on how an image is put together?
We do not have any docs on how the bnxt( Broadcom NetXtreme controller) binary is created. We receive it as a binary and using OpTEE we load the binary to bnxt.
- Simon
On Wed, May 20, 2020 at 7:45 AM Thomas Fitzsimmons fitzsim@fitzsim.org wrote:
Hi Rayagonda and Vikas,
Rayagonda Kokatanur rayagonda.kokatanur@broadcom.com writes:
From: Vikas Gupta vikas.gupta@broadcom.com
Add optee based bnxt fw load driver.
What is "bnxt"? Maybe you could add a comment explaining what it is, or at least expanding it if it's an acronym?
bnxt is Broadcom NetXtreme controller ethernet cards. I will expand it in the commit message.
Thanks, Thomas
From: Vikas Gupta vikas.gupta@broadcom.com
Enable tee and optee drivers.
Signed-off-by: Vikas Gupta vikas.gupta@broadcom.com Signed-off-by: Rayagonda Kokatanur rayagonda.kokatanur@broadcom.com --- configs/bcm_ns3_defconfig | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/configs/bcm_ns3_defconfig b/configs/bcm_ns3_defconfig index b52c6d7d93..13fe9d439e 100644 --- a/configs/bcm_ns3_defconfig +++ b/configs/bcm_ns3_defconfig @@ -4,12 +4,12 @@ CONFIG_TARGET_BCMNS3=y CONFIG_SYS_TEXT_BASE=0xFF000000 CONFIG_ENV_SIZE=0x80000 CONFIG_NR_DRAM_BANKS=2 -CONFIG_OF_BOARD_SETUP=y CONFIG_FIT=y CONFIG_FIT_SIGNATURE=y CONFIG_FIT_SIGNATURE_MAX_SIZE=0x20000000 CONFIG_FIT_VERBOSE=y CONFIG_LEGACY_IMAGE_FORMAT=y +CONFIG_OF_BOARD_SETUP=y CONFIG_LOGLEVEL=7 CONFIG_SILENT_CONSOLE=y CONFIG_SILENT_U_BOOT_ONLY=y @@ -42,6 +42,9 @@ CONFIG_PINCTRL=y CONFIG_PINCTRL_SINGLE=y CONFIG_DM_SERIAL=y CONFIG_SYS_NS16550=y +CONFIG_TEE=y +CONFIG_OPTEE=y +# CONFIG_OPTEE_TA_AVB is not set # CONFIG_WATCHDOG is not set CONFIG_WDT=y CONFIG_WDT_SP805=y
On Sun, 17 May 2020 at 02:28, Rayagonda Kokatanur rayagonda.kokatanur@broadcom.com wrote:
From: Vikas Gupta vikas.gupta@broadcom.com
Enable tee and optee drivers.
Signed-off-by: Vikas Gupta vikas.gupta@broadcom.com Signed-off-by: Rayagonda Kokatanur rayagonda.kokatanur@broadcom.com
configs/bcm_ns3_defconfig | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
Reviewed-by: Simon Glass sjg@chromium.org
From: Vikas Gupta vikas.gupta@broadcom.com
Add support for optee
Signed-off-by: Vikas Gupta vikas.gupta@broadcom.com Signed-off-by: Rayagonda Kokatanur rayagonda.kokatanur@broadcom.com --- arch/arm/dts/ns3.dtsi | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/arch/arm/dts/ns3.dtsi b/arch/arm/dts/ns3.dtsi index 6962e658d3..509818e23e 100644 --- a/arch/arm/dts/ns3.dtsi +++ b/arch/arm/dts/ns3.dtsi @@ -21,6 +21,13 @@ <0x8 0x80000000 0x1 0x80000000>; };
+ firmware { + optee { + compatible = "linaro,optee-tz"; + method = "smc"; + }; + }; + hsls { compatible = "simple-bus"; dma-ranges;
On Sun, 17 May 2020 at 02:28, Rayagonda Kokatanur rayagonda.kokatanur@broadcom.com wrote:
From: Vikas Gupta vikas.gupta@broadcom.com
Add support for optee
Signed-off-by: Vikas Gupta vikas.gupta@broadcom.com Signed-off-by: Rayagonda Kokatanur rayagonda.kokatanur@broadcom.com
arch/arm/dts/ns3.dtsi | 7 +++++++ 1 file changed, 7 insertions(+)
Reviewed-by: Simon Glass sjg@chromium.org
participants (3)
-
Rayagonda Kokatanur -
Simon Glass -
Thomas Fitzsimmons