mail archive of the barebox mailing list
 help / color / mirror / Atom feed
* [PATCH] tee: optee: use RPMB probe capability to select enumeration path
@ 2026-03-05  6:54 Sascha Hauer
  0 siblings, 0 replies; only message in thread
From: Sascha Hauer @ 2026-03-05  6:54 UTC (permalink / raw)
  To: Barebox List

OP-TEE TAs can be used adhoc when barebox needs them (which is what we
do with the AVB TA) or be registered as devices (which is what we do
with the OP-TEE RNG). For the latter to work with TAs that need
the RPMB we have to announce to OP-TEE when the RPMB is available.

OP-TEE enumerates the TAs in three different stages. With
PTA_CMD_GET_DEVICES all TAs without dependencies are enumerated.
With PTA_CMD_GET_DEVICES_SUPP all TAs are enumerated that need a
supplicant and with PTA_CMD_GET_DEVICES_RPMB all TAs that need a
RPMB.

In barebox we have a supplicant, but it's only used for accessing the
RPMB, so for us PTA_CMD_GET_DEVICES_SUPP and PTA_CMD_GET_DEVICES_RPMB
are equivalent and we can call them together.

This adds a hook from the MCI core to call OP-TEE on the appearance of
a RPMB and when both OP-TEE and a RPMB are available we call into
OP-TEE to enumarate the TAs that need the RPMB.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 drivers/mci/mci-core.c            |  4 ++++
 drivers/tee/optee/device.c        | 31 ++++++++++++++++++++++++++++++-
 drivers/tee/optee/optee_private.h |  5 ++++-
 drivers/tee/optee/optee_smc.h     |  2 ++
 drivers/tee/optee/smc_abi.c       |  2 --
 include/tee/optee.h               |  6 ++++++
 6 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/drivers/mci/mci-core.c b/drivers/mci/mci-core.c
index 37d864b3d0..2e72fe7ab5 100644
--- a/drivers/mci/mci-core.c
+++ b/drivers/mci/mci-core.c
@@ -23,6 +23,7 @@
 #include <linux/log2.h>
 #include <linux/sizes.h>
 #include <dma.h>
+#include <tee/optee.h>
 
 #define MAX_BUFFER_NUMBER 0xffffffff
 
@@ -3106,6 +3107,9 @@ int mci_register(struct mci_host *host)
 
 	class_add_device(&mmc_class, &mci->dev);
 
+	if (mci->rpmb_part)
+		optee_rpmb_detected();
+
 	return 0;
 
 err_free:
diff --git a/drivers/tee/optee/device.c b/drivers/tee/optee/device.c
index 5176989a50..f5e03630b1 100644
--- a/drivers/tee/optee/device.c
+++ b/drivers/tee/optee/device.c
@@ -155,9 +155,38 @@ static int __optee_enumerate_devices(u32 func)
 	return rc;
 }
 
+static bool optee_ready;
+static bool rpmb_available;
+
+static void optee_scan_bus_rpmb(void)
+{
+	if (!optee_ready)
+		return;
+	if (!rpmb_available)
+		return;
+
+	__optee_enumerate_devices(PTA_CMD_GET_DEVICES_SUPP);
+	__optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB);
+}
+
 int optee_enumerate_devices(u32 func)
 {
-	return  __optee_enumerate_devices(func);
+	int ret;
+
+	ret = __optee_enumerate_devices(func);
+	if (ret)
+		return ret;
+
+	optee_ready = true;
+	optee_scan_bus_rpmb();
+
+	return 0;
+}
+
+void optee_rpmb_detected(void)
+{
+	rpmb_available = true;
+	optee_scan_bus_rpmb();
 }
 
 static int __optee_unregister_device(struct device *dev, void *data)
diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h
index bb9ac1b068..9752e0ea93 100644
--- a/drivers/tee/optee/optee_private.h
+++ b/drivers/tee/optee/optee_private.h
@@ -123,9 +123,12 @@ int optee_invoke_func(struct tee_context *ctx, struct tee_ioctl_invoke_arg *arg,
 		      struct tee_param *param);
 
 #define PTA_CMD_GET_DEVICES		0x0
-#define PTA_CMD_GET_DEVICES_SUPP	0x1
+#define PTA_CMD_GET_DEVICES_SUPP 0x1
+#define PTA_CMD_GET_DEVICES_RPMB	0x2
 int optee_enumerate_devices(u32 func);
 void optee_unregister_devices(void);
+void optee_set_ready(void);
+void optee_rpmb_detected(void);
 
 int optee_open(struct tee_context *ctx, bool cap_memref_null);
 void optee_release(struct tee_context *ctx);
diff --git a/drivers/tee/optee/optee_smc.h b/drivers/tee/optee/optee_smc.h
index b8e886b7e3..a1478e91e9 100644
--- a/drivers/tee/optee/optee_smc.h
+++ b/drivers/tee/optee/optee_smc.h
@@ -215,6 +215,8 @@ struct optee_smc_get_shm_config_result {
 #define OPTEE_SMC_SEC_CAP_DYNAMIC_SHM		BIT(2)
 /* Secure world supports Shared Memory with a NULL reference */
 #define OPTEE_SMC_SEC_CAP_MEMREF_NULL		BIT(4)
+/* Secure world supports RPMB probing via RPC */
+#define OPTEE_SMC_SEC_CAP_RPMB_PROBE		BIT(7)
 
 #define OPTEE_SMC_FUNCID_EXCHANGE_CAPABILITIES	9
 #define OPTEE_SMC_EXCHANGE_CAPABILITIES \
diff --git a/drivers/tee/optee/smc_abi.c b/drivers/tee/optee/smc_abi.c
index 56af3b1b2b..5bbf29c720 100644
--- a/drivers/tee/optee/smc_abi.c
+++ b/drivers/tee/optee/smc_abi.c
@@ -720,8 +720,6 @@ static int optee_probe(struct device *dev)
 		goto err_close_ctx;
 
 	rc = optee_enumerate_devices(PTA_CMD_GET_DEVICES);
-	if (!rc)
-		rc = optee_enumerate_devices(PTA_CMD_GET_DEVICES_SUPP);
 	if (rc)
 		goto err_optee_unregister_devices;
 
diff --git a/include/tee/optee.h b/include/tee/optee.h
index c25a9922e3..b7c1d65f84 100644
--- a/include/tee/optee.h
+++ b/include/tee/optee.h
@@ -104,4 +104,10 @@ static inline int of_optee_fixup(struct device_node *root, void *fixup_data)
 #endif
 
 
+#ifdef CONFIG_OPTEE
+void optee_rpmb_detected(void);
+#else
+static inline void optee_rpmb_detected(void) {}
+#endif
+
 #endif /* _OPTEE_H */
-- 
2.47.3




^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2026-03-05  6:55 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-03-05  6:54 [PATCH] tee: optee: use RPMB probe capability to select enumeration path Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox