From: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com> To: Bjorn Andersson <andersson@kernel.org>, Mathieu Poirier <mathieu.poirier@linaro.org>, Jens Wiklander <jens.wiklander@linaro.org>, "Rob Herring" <robh+dt@kernel.org>, Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>, Conor Dooley <conor+dt@kernel.org> Cc: <linux-stm32@st-md-mailman.stormreply.com>, <linux-arm-kernel@lists.infradead.org>, <linux-remoteproc@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <op-tee@lists.trustedfirmware.org>, <devicetree@vger.kernel.org>, Arnaud Pouliquen <arnaud.pouliquen@foss.st.com> Subject: [PATCH v4 0/4] Introduction of a remoteproc tee to load signed firmware Date: Fri, 8 Mar 2024 15:47:04 +0100 [thread overview] Message-ID: <20240308144708.62362-1-arnaud.pouliquen@foss.st.com> (raw) Main updates from the previous version [1]: - Remove the alternate boot sequence: rproc_alt_fw_boot() - Introduce tee_rproc_parse_fw function - create a cached table as done inrproc_elf_load_rsc_table[2], - PR sent to OP-TEE to allow TA_RPROC_FW_CMD_LOAD_FW service re-entrance[3]. - Rework TEE_REMOTEPROC description in Kconfig - Introduce proc::tee_interface Patch commit messages list updates with more details base-commit: 62210f7509e13a2caa7b080722a45229b8f17a0a [1] https://lore.kernel.org/linux-arm-kernel/Zdjl6Z2ktTwi+oWp@p14s/T/#m53f994237dc984c5dbbe3c75d2c30fcfff8548a0 [2] https://elixir.bootlin.com/linux/latest/source/drivers/remoteproc/remoteproc_elf_loader.c#L326 [3] https://github.com/OP-TEE/optee_os/pull/6743 Description of the feature: This series proposes the implementation of a remoteproc tee driver to communicate with a TEE trusted application responsible for authenticating and loading the remoteproc firmware image in an Arm secure context. 1) Principle: The remoteproc tee driver provides services to communicate with the OP-TEE trusted application running on the Trusted Execution Context (TEE). The trusted application in TEE manages the remote processor lifecycle: - authenticating and loading firmware images, - isolating and securing the remote processor memories, - supporting multi-firmware (e.g., TF-M + Zephyr on a Cortex-M33), - managing the start and stop of the firmware by the TEE. 2) Format of the signed image: Refer to: https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/src/remoteproc_core.c#L18-L57 3) OP-TEE trusted application API: Refer to: https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/include/ta_remoteproc.h 4) OP-TEE signature script Refer to: https://github.com/OP-TEE/optee_os/blob/master/scripts/sign_rproc_fw.py Example of usage: sign_rproc_fw.py --in <fw1.elf> --in <fw2.elf> --out <signed_fw.sign> --key ${OP-TEE_PATH}/keys/default.pem 5) Impact on User space Application No sysfs impact.the user only needs to provide the signed firmware image instead of the ELF image. For more information about the implementation, a presentation is available here (note that the format of the signed image has evolved between the presentation and the integration in OP-TEE). https://resources.linaro.org/en/resource/6c5bGvZwUAjX56fvxthxds Arnaud Pouliquen (4): remoteproc: Add TEE support dt-bindings: remoteproc: Add compatibility for TEE support remoteproc: stm32: Create sub-functions to request shutdown and release remoteproc: stm32: Add support of an OP-TEE TA to load the firmware .../bindings/remoteproc/st,stm32-rproc.yaml | 51 +- drivers/remoteproc/Kconfig | 10 + drivers/remoteproc/Makefile | 1 + drivers/remoteproc/stm32_rproc.c | 144 ++++-- drivers/remoteproc/tee_remoteproc.c | 434 ++++++++++++++++++ include/linux/remoteproc.h | 4 + include/linux/tee_remoteproc.h | 112 +++++ 7 files changed, 711 insertions(+), 45 deletions(-) create mode 100644 drivers/remoteproc/tee_remoteproc.c create mode 100644 include/linux/tee_remoteproc.h base-commit: 62210f7509e13a2caa7b080722a45229b8f17a0a -- 2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com> To: Bjorn Andersson <andersson@kernel.org>, Mathieu Poirier <mathieu.poirier@linaro.org>, Jens Wiklander <jens.wiklander@linaro.org>, "Rob Herring" <robh+dt@kernel.org>, Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>, Conor Dooley <conor+dt@kernel.org> Cc: <linux-stm32@st-md-mailman.stormreply.com>, <linux-arm-kernel@lists.infradead.org>, <linux-remoteproc@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <op-tee@lists.trustedfirmware.org>, <devicetree@vger.kernel.org>, Arnaud Pouliquen <arnaud.pouliquen@foss.st.com> Subject: [PATCH v4 0/4] Introduction of a remoteproc tee to load signed firmware Date: Fri, 8 Mar 2024 15:47:04 +0100 [thread overview] Message-ID: <20240308144708.62362-1-arnaud.pouliquen@foss.st.com> (raw) Main updates from the previous version [1]: - Remove the alternate boot sequence: rproc_alt_fw_boot() - Introduce tee_rproc_parse_fw function - create a cached table as done inrproc_elf_load_rsc_table[2], - PR sent to OP-TEE to allow TA_RPROC_FW_CMD_LOAD_FW service re-entrance[3]. - Rework TEE_REMOTEPROC description in Kconfig - Introduce proc::tee_interface Patch commit messages list updates with more details base-commit: 62210f7509e13a2caa7b080722a45229b8f17a0a [1] https://lore.kernel.org/linux-arm-kernel/Zdjl6Z2ktTwi+oWp@p14s/T/#m53f994237dc984c5dbbe3c75d2c30fcfff8548a0 [2] https://elixir.bootlin.com/linux/latest/source/drivers/remoteproc/remoteproc_elf_loader.c#L326 [3] https://github.com/OP-TEE/optee_os/pull/6743 Description of the feature: This series proposes the implementation of a remoteproc tee driver to communicate with a TEE trusted application responsible for authenticating and loading the remoteproc firmware image in an Arm secure context. 1) Principle: The remoteproc tee driver provides services to communicate with the OP-TEE trusted application running on the Trusted Execution Context (TEE). The trusted application in TEE manages the remote processor lifecycle: - authenticating and loading firmware images, - isolating and securing the remote processor memories, - supporting multi-firmware (e.g., TF-M + Zephyr on a Cortex-M33), - managing the start and stop of the firmware by the TEE. 2) Format of the signed image: Refer to: https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/src/remoteproc_core.c#L18-L57 3) OP-TEE trusted application API: Refer to: https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/include/ta_remoteproc.h 4) OP-TEE signature script Refer to: https://github.com/OP-TEE/optee_os/blob/master/scripts/sign_rproc_fw.py Example of usage: sign_rproc_fw.py --in <fw1.elf> --in <fw2.elf> --out <signed_fw.sign> --key ${OP-TEE_PATH}/keys/default.pem 5) Impact on User space Application No sysfs impact.the user only needs to provide the signed firmware image instead of the ELF image. For more information about the implementation, a presentation is available here (note that the format of the signed image has evolved between the presentation and the integration in OP-TEE). https://resources.linaro.org/en/resource/6c5bGvZwUAjX56fvxthxds Arnaud Pouliquen (4): remoteproc: Add TEE support dt-bindings: remoteproc: Add compatibility for TEE support remoteproc: stm32: Create sub-functions to request shutdown and release remoteproc: stm32: Add support of an OP-TEE TA to load the firmware .../bindings/remoteproc/st,stm32-rproc.yaml | 51 +- drivers/remoteproc/Kconfig | 10 + drivers/remoteproc/Makefile | 1 + drivers/remoteproc/stm32_rproc.c | 144 ++++-- drivers/remoteproc/tee_remoteproc.c | 434 ++++++++++++++++++ include/linux/remoteproc.h | 4 + include/linux/tee_remoteproc.h | 112 +++++ 7 files changed, 711 insertions(+), 45 deletions(-) create mode 100644 drivers/remoteproc/tee_remoteproc.c create mode 100644 include/linux/tee_remoteproc.h base-commit: 62210f7509e13a2caa7b080722a45229b8f17a0a -- 2.25.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2024-03-08 14:48 UTC|newest] Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top 2024-03-08 14:47 Arnaud Pouliquen [this message] 2024-03-08 14:47 ` [PATCH v4 0/4] Introduction of a remoteproc tee to load signed firmware Arnaud Pouliquen 2024-03-08 14:47 ` [PATCH v4 1/4] remoteproc: Add TEE support Arnaud Pouliquen 2024-03-08 14:47 ` Arnaud Pouliquen 2024-03-10 3:18 ` kernel test robot 2024-03-10 3:18 ` kernel test robot 2024-03-25 16:46 ` Mathieu Poirier 2024-03-25 16:46 ` Mathieu Poirier 2024-03-26 19:18 ` Arnaud POULIQUEN 2024-03-26 19:18 ` Arnaud POULIQUEN 2024-03-27 17:07 ` Mathieu Poirier 2024-03-27 17:07 ` Mathieu Poirier 2024-03-29 8:58 ` Arnaud POULIQUEN 2024-03-29 8:58 ` Arnaud POULIQUEN 2024-04-01 15:54 ` Mathieu Poirier 2024-04-01 15:54 ` Mathieu Poirier 2024-03-08 14:47 ` [PATCH v4 2/4] dt-bindings: remoteproc: Add compatibility for " Arnaud Pouliquen 2024-03-08 14:47 ` Arnaud Pouliquen 2024-03-08 14:47 ` [PATCH v4 3/4] remoteproc: stm32: Create sub-functions to request shutdown and release Arnaud Pouliquen 2024-03-08 14:47 ` Arnaud Pouliquen 2024-03-25 16:48 ` Mathieu Poirier 2024-03-25 16:48 ` Mathieu Poirier 2024-03-08 14:47 ` [PATCH v4 4/4] remoteproc: stm32: Add support of an OP-TEE TA to load the firmware Arnaud Pouliquen 2024-03-08 14:47 ` Arnaud Pouliquen 2024-03-25 16:51 ` Mathieu Poirier 2024-03-25 16:51 ` Mathieu Poirier 2024-03-26 19:31 ` Arnaud POULIQUEN 2024-03-26 19:31 ` Arnaud POULIQUEN 2024-03-27 17:14 ` Mathieu Poirier 2024-03-27 17:14 ` Mathieu Poirier 2024-03-29 10:57 ` Arnaud POULIQUEN 2024-03-29 10:57 ` Arnaud POULIQUEN 2024-04-01 15:46 ` Mathieu Poirier 2024-04-01 15:46 ` Mathieu Poirier 2024-04-03 7:04 ` Arnaud POULIQUEN 2024-04-03 7:04 ` Arnaud POULIQUEN
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20240308144708.62362-1-arnaud.pouliquen@foss.st.com \ --to=arnaud.pouliquen@foss.st.com \ --cc=andersson@kernel.org \ --cc=conor+dt@kernel.org \ --cc=devicetree@vger.kernel.org \ --cc=jens.wiklander@linaro.org \ --cc=krzysztof.kozlowski+dt@linaro.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-remoteproc@vger.kernel.org \ --cc=linux-stm32@st-md-mailman.stormreply.com \ --cc=mathieu.poirier@linaro.org \ --cc=op-tee@lists.trustedfirmware.org \ --cc=robh+dt@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.