From: Sascha Hauer <s.hauer@pengutronix.de>
To: Barebox List <barebox@lists.infradead.org>
Subject: [PATCH] tee: optee: use RPMB probe capability to select enumeration path
Date: Thu, 5 Mar 2026 07:54:52 +0100 [thread overview]
Message-ID: <20260305065452.3417093-1-s.hauer@pengutronix.de> (raw)
OP-TEE TAs can be used adhoc when barebox needs them (which is what we
do with the AVB TA) or be registered as devices (which is what we do
with the OP-TEE RNG). For the latter to work with TAs that need
the RPMB we have to announce to OP-TEE when the RPMB is available.
OP-TEE enumerates the TAs in three different stages. With
PTA_CMD_GET_DEVICES all TAs without dependencies are enumerated.
With PTA_CMD_GET_DEVICES_SUPP all TAs are enumerated that need a
supplicant and with PTA_CMD_GET_DEVICES_RPMB all TAs that need a
RPMB.
In barebox we have a supplicant, but it's only used for accessing the
RPMB, so for us PTA_CMD_GET_DEVICES_SUPP and PTA_CMD_GET_DEVICES_RPMB
are equivalent and we can call them together.
This adds a hook from the MCI core to call OP-TEE on the appearance of
a RPMB and when both OP-TEE and a RPMB are available we call into
OP-TEE to enumarate the TAs that need the RPMB.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
drivers/mci/mci-core.c | 4 ++++
drivers/tee/optee/device.c | 31 ++++++++++++++++++++++++++++++-
drivers/tee/optee/optee_private.h | 5 ++++-
drivers/tee/optee/optee_smc.h | 2 ++
drivers/tee/optee/smc_abi.c | 2 --
include/tee/optee.h | 6 ++++++
6 files changed, 46 insertions(+), 4 deletions(-)
diff --git a/drivers/mci/mci-core.c b/drivers/mci/mci-core.c
index 37d864b3d0..2e72fe7ab5 100644
--- a/drivers/mci/mci-core.c
+++ b/drivers/mci/mci-core.c
@@ -23,6 +23,7 @@
#include <linux/log2.h>
#include <linux/sizes.h>
#include <dma.h>
+#include <tee/optee.h>
#define MAX_BUFFER_NUMBER 0xffffffff
@@ -3106,6 +3107,9 @@ int mci_register(struct mci_host *host)
class_add_device(&mmc_class, &mci->dev);
+ if (mci->rpmb_part)
+ optee_rpmb_detected();
+
return 0;
err_free:
diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c
index 5176989a50..f5e03630b1 100644
--- a/drivers/tee/optee/device.c
+++ b/drivers/tee/optee/device.c
@@ -155,9 +155,38 @@ static int __optee_enumerate_devices(u32 func)
return rc;
}
+static bool optee_ready;
+static bool rpmb_available;
+
+static void optee_scan_bus_rpmb(void)
+{
+ if (!optee_ready)
+ return;
+ if (!rpmb_available)
+ return;
+
+ __optee_enumerate_devices(PTA_CMD_GET_DEVICES_SUPP);
+ __optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB);
+}
+
int optee_enumerate_devices(u32 func)
{
- return __optee_enumerate_devices(func);
+ int ret;
+
+ ret = __optee_enumerate_devices(func);
+ if (ret)
+ return ret;
+
+ optee_ready = true;
+ optee_scan_bus_rpmb();
+
+ return 0;
+}
+
+void optee_rpmb_detected(void)
+{
+ rpmb_available = true;
+ optee_scan_bus_rpmb();
}
static int __optee_unregister_device(struct device *dev, void *data)
diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h
index bb9ac1b068..9752e0ea93 100644
--- a/drivers/tee/optee/optee_private.h
+++ b/drivers/tee/optee/optee_private.h
@@ -123,9 +123,12 @@ int optee_invoke_func(struct tee_context *ctx, struct tee_ioctl_invoke_arg *arg,
struct tee_param *param);
#define PTA_CMD_GET_DEVICES 0x0
-#define PTA_CMD_GET_DEVICES_SUPP 0x1
+#define PTA_CMD_GET_DEVICES_SUPP 0x1
+#define PTA_CMD_GET_DEVICES_RPMB 0x2
int optee_enumerate_devices(u32 func);
void optee_unregister_devices(void);
+void optee_set_ready(void);
+void optee_rpmb_detected(void);
int optee_open(struct tee_context *ctx, bool cap_memref_null);
void optee_release(struct tee_context *ctx);
diff --git a/drivers/tee/optee/optee_smc.h b/drivers/tee/optee/optee_smc.h
index b8e886b7e3..a1478e91e9 100644
--- a/drivers/tee/optee/optee_smc.h
+++ b/drivers/tee/optee/optee_smc.h
@@ -215,6 +215,8 @@ struct optee_smc_get_shm_config_result {
#define OPTEE_SMC_SEC_CAP_DYNAMIC_SHM BIT(2)
/* Secure world supports Shared Memory with a NULL reference */
#define OPTEE_SMC_SEC_CAP_MEMREF_NULL BIT(4)
+/* Secure world supports RPMB probing via RPC */
+#define OPTEE_SMC_SEC_CAP_RPMB_PROBE BIT(7)
#define OPTEE_SMC_FUNCID_EXCHANGE_CAPABILITIES 9
#define OPTEE_SMC_EXCHANGE_CAPABILITIES \
diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c
index 56af3b1b2b..5bbf29c720 100644
--- a/drivers/tee/optee/smc_abi.c
+++ b/drivers/tee/optee/smc_abi.c
@@ -720,8 +720,6 @@ static int optee_probe(struct device *dev)
goto err_close_ctx;
rc = optee_enumerate_devices(PTA_CMD_GET_DEVICES);
- if (!rc)
- rc = optee_enumerate_devices(PTA_CMD_GET_DEVICES_SUPP);
if (rc)
goto err_optee_unregister_devices;
diff --git a/include/tee/optee.h b/include/tee/optee.h
index c25a9922e3..b7c1d65f84 100644
--- a/include/tee/optee.h
+++ b/include/tee/optee.h
@@ -104,4 +104,10 @@ static inline int of_optee_fixup(struct device_node *root, void *fixup_data)
#endif
+#ifdef CONFIG_OPTEE
+void optee_rpmb_detected(void);
+#else
+static inline void optee_rpmb_detected(void) {}
+#endif
+
#endif /* _OPTEE_H */
--
2.47.3
reply other threads:[~2026-03-05 6:55 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260305065452.3417093-1-s.hauer@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox