gpoulios opened a new pull request, #16356:
URL: https://github.com/apache/nuttx/pull/16356
## Summary
This PR addresses 2 major issues with the existing implementation of the
OP-TEE driver in NuttX:
1. Fixes compatibility with the GlobalPlatform client API
([optee_client](https://github.com/OP-TEE/optee_client/)) when registering
shared memory
- SHM register IOCTL now allocates an anonymous file to satisfy
expectations of libteec and support its calls to `close()`. The memory is
de-registered upon `close()`.
- SHM allocate and register IOCTLs now return non-negative IDs, as
expected by libteec. In order to facilitate efficient ID allocation and
retrieval, the shm linked list is now replaced by an IDR (based on RB trees).
- SHM allocate IOCTL now adds shm entries to the IDR as well. This is
necessary to enable a common retrieval and referencing interface. Entries
coming from SHM allocate IOCTL are distinguished through the lack of a
`TEE_SHM_REGISTER` flag.
- User is prohibited the use of any `TEE_SHM_*` flags during shm
registration, and the driver manages those instead (just as expected by
libteec).
2. Fixes compatibility with [upstream OP-TEE
OS](https://github.com/OP-TEE/optee_os/) when using temporary memory
- Previous implementation of temporary (i.e. non-registered) memory
would use registered memory references (`*_RMEM_*`) instead of temporary
(`*_TMEM_*`) when communicating with the trusted OS. This was to support the
open-vela framework which runs a customised OP-TEE OS to this end (see
[here](https://github.com/open-vela/external_optee_optee_os/blob/1a29df42707226a8b879bec42cfad1e23a43bf3c/core/tee/entry_std.c#L160)
and
[here](https://github.com/open-vela/frameworks_security_optee_vela/blob/54b377d5c1ad2b0f0a9fb45460b23d666666efa9/compat/mobj_dyn_shm.c#L25)).
This made the previous implementation incompatible with any other instance of
OP-TEE OS including upstream. That behaviour is now wrapped around
`CONFIG_OPTEE_OPENVELA_COMPAT` which is enabled by default for socket
transports (expected users of open-vela), retaining existing behaviour.
`CONFIG_OPTEE_OPENVELA_COMPAT` is not enabled by default for the SMC transport,
in which case normal handling of temporary memory refer
ences is implemented.
The PR addresses also the following 2 minor issues:
3. Aligns all error codes returned by `optee_is_valid_range()` failures to
`-EFAULT` (Bad Address).
4. Introduces whitelisted items to nxstyle to support contributions using
the GlobalPlatform API which uses mixed-case names in many occurences. This is
also required for the GP API example \<APPS_PR_LINK_HERE\> PR to pass the CI
checks.
## Impact
[Previous SMC implementation](https://github.com/apache/nuttx/pull/16309)
(which introduced registered shared memory support) is fairly recent, so it is
safe to assume no-one is really affected.
For new users, this PR introduces compatibility and support for the
all-familiar GlobalPlatform client API, enabling users to write client apps
easier, and possibly to port others into NuttX as well. Support for the client
library (libteec) is introduced with \<APPS_PR_LINK_HERE\>.
## Testing
Tested on a NXP i.MX93 EVK running:
- TF-A: version v2.10.0, tag `lf-6.6.52_2.2.0`
- OP-TEE OS: revision 4.4 (60beb308810f9561), tag `lf-6.6.52_2.2.0`
- NuttX-Apps PR \<APPS_PR_LINK_HERE\>
- NuttX configs `imx93-evk:nsh` and `imx93-evk:knsh` with additional config:
```
CONFIG_ALLOW_BSD_COMPONENTS=y
CONFIG_ARCH_VMA_MAPPING=y
CONFIG_ARCH_SHM_NPAGES=4096
CONFIG_ARCH_SHM_VBASE=0xFF000000
CONFIG_DEV_OPTEE_SMC=y
CONFIG_EXAMPLES_OPTEE=y
CONFIG_EXAMPLES_OPTEE_GP=y
CONFIG_FS_SHMFS=y
CONFIG_LIBC_MEMFD_SHMFS=y
CONFIG_LIBTEEC=y
```
- Logs
```
[...]
OP-TEE: OS revision 4.4 (60beb308810f9561)
NuttShell (NSH)
nsh> optee
impl id: 1, impl caps: 1, gen caps: 13
Available devices:
d96a5b40-c3e5-21e3-8794-1002a5d5c61b
f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c
nsh> optee_gp
INF [6] TEEC:optee_gp_main:159: Available devices:
INF [6] TEEC:optee_gp_main:169: d96a5b40-c3e5-21e3-8794-1002a5d5c61b
INF [6] TEEC:optee_gp_main:169: f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c
```
```
[...]
OP-TEE: OS revision 4.4 (60beb308810f9561)
NuttShell (NSH)
knsh> optee
impl id: 1, impl caps: 1, gen caps: 13
Available devices:
d96a5b40-c3e5-21e3-8794-1002a5d5c61b
f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c
knsh> optee_gp
INF [6] TEEC:main:159: Available devices:
INF [6] TEEC:main:169: d96a5b40-c3e5-21e3-8794-1002a5d5c61b
INF [6] TEEC:main:169: f04a0fe7-1f5d-4b9b-abf7-619b85b4ce8c
```
Once again, I do not own a suitable setup to test the socket transports, but
the functionality should be equivalent.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
