linux-headers (unknown)
1 /*
2 * Copyright (c) 2015-2016, Linaro Limited
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25 * POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #ifndef __TEE_H
29 #define __TEE_H
30
31 #include <linux/ioctl.h>
32 #include <linux/types.h>
33
34 /*
35 * This file describes the API provided by a TEE driver to user space.
36 *
37 * Each TEE driver defines a TEE specific protocol which is used for the
38 * data passed back and forth using TEE_IOC_CMD.
39 */
40
41 /* Helpers to make the ioctl defines */
42 #define TEE_IOC_MAGIC 0xa4
43 #define TEE_IOC_BASE 0
44
45 #define TEE_MAX_ARG_SIZE 1024
46
47 #define TEE_GEN_CAP_GP (1 << 0)/* GlobalPlatform compliant TEE */
48 #define TEE_GEN_CAP_PRIVILEGED (1 << 1)/* Privileged device (for supplicant) */
49 #define TEE_GEN_CAP_REG_MEM (1 << 2)/* Supports registering shared memory */
50 #define TEE_GEN_CAP_MEMREF_NULL (1 << 3)/* NULL MemRef support */
51
52 #define TEE_MEMREF_NULL (__u64)(-1) /* NULL MemRef Buffer */
53
54 /*
55 * TEE Implementation ID
56 */
57 #define TEE_IMPL_ID_OPTEE 1
58 #define TEE_IMPL_ID_AMDTEE 2
59
60 /*
61 * OP-TEE specific capabilities
62 */
63 #define TEE_OPTEE_CAP_TZ (1 << 0)
64
65 /**
66 * struct tee_ioctl_version_data - TEE version
67 * @impl_id: [out] TEE implementation id
68 * @impl_caps: [out] Implementation specific capabilities
69 * @gen_caps: [out] Generic capabilities, defined by TEE_GEN_CAPS_* above
70 *
71 * Identifies the TEE implementation, @impl_id is one of TEE_IMPL_ID_* above.
72 * @impl_caps is implementation specific, for example TEE_OPTEE_CAP_*
73 * is valid when @impl_id == TEE_IMPL_ID_OPTEE.
74 */
75 struct tee_ioctl_version_data {
76 __u32 impl_id;
77 __u32 impl_caps;
78 __u32 gen_caps;
79 };
80
81 /**
82 * TEE_IOC_VERSION - query version of TEE
83 *
84 * Takes a tee_ioctl_version_data struct and returns with the TEE version
85 * data filled in.
86 */
87 #define TEE_IOC_VERSION _IOR(TEE_IOC_MAGIC, TEE_IOC_BASE + 0, \
88 struct tee_ioctl_version_data)
89
90 /**
91 * struct tee_ioctl_shm_alloc_data - Shared memory allocate argument
92 * @size: [in/out] Size of shared memory to allocate
93 * @flags: [in/out] Flags to/from allocation.
94 * @id: [out] Identifier of the shared memory
95 *
96 * The flags field should currently be zero as input. Updated by the call
97 * with actual flags as defined by TEE_IOCTL_SHM_* above.
98 * This structure is used as argument for TEE_IOC_SHM_ALLOC below.
99 */
100 struct tee_ioctl_shm_alloc_data {
101 __u64 size;
102 __u32 flags;
103 __s32 id;
104 };
105
106 /**
107 * TEE_IOC_SHM_ALLOC - allocate shared memory
108 *
109 * Allocates shared memory between the user space process and secure OS.
110 *
111 * Returns a file descriptor on success or < 0 on failure
112 *
113 * The returned file descriptor is used to map the shared memory into user
114 * space. The shared memory is freed when the descriptor is closed and the
115 * memory is unmapped.
116 */
117 #define TEE_IOC_SHM_ALLOC _IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 1, \
118 struct tee_ioctl_shm_alloc_data)
119
120 /**
121 * struct tee_ioctl_buf_data - Variable sized buffer
122 * @buf_ptr: [in] A pointer to a buffer
123 * @buf_len: [in] Length of the buffer above
124 *
125 * Used as argument for TEE_IOC_OPEN_SESSION, TEE_IOC_INVOKE,
126 * TEE_IOC_SUPPL_RECV, and TEE_IOC_SUPPL_SEND below.
127 */
128 struct tee_ioctl_buf_data {
129 __u64 buf_ptr;
130 __u64 buf_len;
131 };
132
133 /*
134 * Attributes for struct tee_ioctl_param, selects field in the union
135 */
136 #define TEE_IOCTL_PARAM_ATTR_TYPE_NONE 0 /* parameter not used */
137
138 /*
139 * These defines value parameters (struct tee_ioctl_param_value)
140 */
141 #define TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INPUT 1
142 #define TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_OUTPUT 2
143 #define TEE_IOCTL_PARAM_ATTR_TYPE_VALUE_INOUT 3 /* input and output */
144
145 /*
146 * These defines shared memory reference parameters (struct
147 * tee_ioctl_param_memref)
148 */
149 #define TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT 5
150 #define TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT 6
151 #define TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INOUT 7 /* input and output */
152
153 /*
154 * Mask for the type part of the attribute, leaves room for more types
155 */
156 #define TEE_IOCTL_PARAM_ATTR_TYPE_MASK 0xff
157
158 /* Meta parameter carrying extra information about the message. */
159 #define TEE_IOCTL_PARAM_ATTR_META 0x100
160
161 /* Mask of all known attr bits */
162 #define TEE_IOCTL_PARAM_ATTR_MASK \
163 (TEE_IOCTL_PARAM_ATTR_TYPE_MASK | TEE_IOCTL_PARAM_ATTR_META)
164
165 /*
166 * Matches TEEC_LOGIN_* in GP TEE Client API
167 * Are only defined for GP compliant TEEs
168 */
169 #define TEE_IOCTL_LOGIN_PUBLIC 0
170 #define TEE_IOCTL_LOGIN_USER 1
171 #define TEE_IOCTL_LOGIN_GROUP 2
172 #define TEE_IOCTL_LOGIN_APPLICATION 4
173 #define TEE_IOCTL_LOGIN_USER_APPLICATION 5
174 #define TEE_IOCTL_LOGIN_GROUP_APPLICATION 6
175 /*
176 * Disallow user-space to use GP implementation specific login
177 * method range (0x80000000 - 0xBFFFFFFF). This range is rather
178 * being reserved for REE kernel clients or TEE implementation.
179 */
180 #define TEE_IOCTL_LOGIN_REE_KERNEL_MIN 0x80000000
181 #define TEE_IOCTL_LOGIN_REE_KERNEL_MAX 0xBFFFFFFF
182 /* Private login method for REE kernel clients */
183 #define TEE_IOCTL_LOGIN_REE_KERNEL 0x80000000
184
185 /**
186 * struct tee_ioctl_param - parameter
187 * @attr: attributes
188 * @a: if a memref, offset into the shared memory object, else a value parameter
189 * @b: if a memref, size of the buffer, else a value parameter
190 * @c: if a memref, shared memory identifier, else a value parameter
191 *
192 * @attr & TEE_PARAM_ATTR_TYPE_MASK indicates if memref or value is used in
193 * the union. TEE_PARAM_ATTR_TYPE_VALUE_* indicates value and
194 * TEE_PARAM_ATTR_TYPE_MEMREF_* indicates memref. TEE_PARAM_ATTR_TYPE_NONE
195 * indicates that none of the members are used.
196 *
197 * Shared memory is allocated with TEE_IOC_SHM_ALLOC which returns an
198 * identifier representing the shared memory object. A memref can reference
199 * a part of a shared memory by specifying an offset (@a) and size (@b) of
200 * the object. To supply the entire shared memory object set the offset
201 * (@a) to 0 and size (@b) to the previously returned size of the object.
202 *
203 * A client may need to present a NULL pointer in the argument
204 * passed to a trusted application in the TEE.
205 * This is also a requirement in GlobalPlatform Client API v1.0c
206 * (section 3.2.5 memory references), which can be found at
207 * http://www.globalplatform.org/specificationsdevice.asp
208 *
209 * If a NULL pointer is passed to a TA in the TEE, the (@c)
210 * IOCTL parameters value must be set to TEE_MEMREF_NULL indicating a NULL
211 * memory reference.
212 */
213 struct tee_ioctl_param {
214 __u64 attr;
215 __u64 a;
216 __u64 b;
217 __u64 c;
218 };
219
220 #define TEE_IOCTL_UUID_LEN 16
221
222 /**
223 * struct tee_ioctl_open_session_arg - Open session argument
224 * @uuid: [in] UUID of the Trusted Application
225 * @clnt_uuid: [in] UUID of client
226 * @clnt_login: [in] Login class of client, TEE_IOCTL_LOGIN_* above
227 * @cancel_id: [in] Cancellation id, a unique value to identify this request
228 * @session: [out] Session id
229 * @ret: [out] return value
230 * @ret_origin [out] origin of the return value
231 * @num_params [in] number of parameters following this struct
232 */
233 struct tee_ioctl_open_session_arg {
234 __u8 uuid[TEE_IOCTL_UUID_LEN];
235 __u8 clnt_uuid[TEE_IOCTL_UUID_LEN];
236 __u32 clnt_login;
237 __u32 cancel_id;
238 __u32 session;
239 __u32 ret;
240 __u32 ret_origin;
241 __u32 num_params;
242 /* num_params tells the actual number of element in params */
243 struct tee_ioctl_param params[];
244 };
245
246 /**
247 * TEE_IOC_OPEN_SESSION - opens a session to a Trusted Application
248 *
249 * Takes a struct tee_ioctl_buf_data which contains a struct
250 * tee_ioctl_open_session_arg followed by any array of struct
251 * tee_ioctl_param
252 */
253 #define TEE_IOC_OPEN_SESSION _IOR(TEE_IOC_MAGIC, TEE_IOC_BASE + 2, \
254 struct tee_ioctl_buf_data)
255
256 /**
257 * struct tee_ioctl_invoke_func_arg - Invokes a function in a Trusted
258 * Application
259 * @func: [in] Trusted Application function, specific to the TA
260 * @session: [in] Session id
261 * @cancel_id: [in] Cancellation id, a unique value to identify this request
262 * @ret: [out] return value
263 * @ret_origin [out] origin of the return value
264 * @num_params [in] number of parameters following this struct
265 */
266 struct tee_ioctl_invoke_arg {
267 __u32 func;
268 __u32 session;
269 __u32 cancel_id;
270 __u32 ret;
271 __u32 ret_origin;
272 __u32 num_params;
273 /* num_params tells the actual number of element in params */
274 struct tee_ioctl_param params[];
275 };
276
277 /**
278 * TEE_IOC_INVOKE - Invokes a function in a Trusted Application
279 *
280 * Takes a struct tee_ioctl_buf_data which contains a struct
281 * tee_invoke_func_arg followed by any array of struct tee_param
282 */
283 #define TEE_IOC_INVOKE _IOR(TEE_IOC_MAGIC, TEE_IOC_BASE + 3, \
284 struct tee_ioctl_buf_data)
285
286 /**
287 * struct tee_ioctl_cancel_arg - Cancels an open session or invoke ioctl
288 * @cancel_id: [in] Cancellation id, a unique value to identify this request
289 * @session: [in] Session id, if the session is opened, else set to 0
290 */
291 struct tee_ioctl_cancel_arg {
292 __u32 cancel_id;
293 __u32 session;
294 };
295
296 /**
297 * TEE_IOC_CANCEL - Cancels an open session or invoke
298 */
299 #define TEE_IOC_CANCEL _IOR(TEE_IOC_MAGIC, TEE_IOC_BASE + 4, \
300 struct tee_ioctl_cancel_arg)
301
302 /**
303 * struct tee_ioctl_close_session_arg - Closes an open session
304 * @session: [in] Session id
305 */
306 struct tee_ioctl_close_session_arg {
307 __u32 session;
308 };
309
310 /**
311 * TEE_IOC_CLOSE_SESSION - Closes a session
312 */
313 #define TEE_IOC_CLOSE_SESSION _IOR(TEE_IOC_MAGIC, TEE_IOC_BASE + 5, \
314 struct tee_ioctl_close_session_arg)
315
316 /**
317 * struct tee_iocl_supp_recv_arg - Receive a request for a supplicant function
318 * @func: [in] supplicant function
319 * @num_params [in/out] number of parameters following this struct
320 *
321 * @num_params is the number of params that tee-supplicant has room to
322 * receive when input, @num_params is the number of actual params
323 * tee-supplicant receives when output.
324 */
325 struct tee_iocl_supp_recv_arg {
326 __u32 func;
327 __u32 num_params;
328 /* num_params tells the actual number of element in params */
329 struct tee_ioctl_param params[];
330 };
331
332 /**
333 * TEE_IOC_SUPPL_RECV - Receive a request for a supplicant function
334 *
335 * Takes a struct tee_ioctl_buf_data which contains a struct
336 * tee_iocl_supp_recv_arg followed by any array of struct tee_param
337 */
338 #define TEE_IOC_SUPPL_RECV _IOR(TEE_IOC_MAGIC, TEE_IOC_BASE + 6, \
339 struct tee_ioctl_buf_data)
340
341 /**
342 * struct tee_iocl_supp_send_arg - Send a response to a received request
343 * @ret: [out] return value
344 * @num_params [in] number of parameters following this struct
345 */
346 struct tee_iocl_supp_send_arg {
347 __u32 ret;
348 __u32 num_params;
349 /* num_params tells the actual number of element in params */
350 struct tee_ioctl_param params[];
351 };
352
353 /**
354 * TEE_IOC_SUPPL_SEND - Send a response to a received request
355 *
356 * Takes a struct tee_ioctl_buf_data which contains a struct
357 * tee_iocl_supp_send_arg followed by any array of struct tee_param
358 */
359 #define TEE_IOC_SUPPL_SEND _IOR(TEE_IOC_MAGIC, TEE_IOC_BASE + 7, \
360 struct tee_ioctl_buf_data)
361
362 /**
363 * struct tee_ioctl_shm_register_data - Shared memory register argument
364 * @addr: [in] Start address of shared memory to register
365 * @length: [in/out] Length of shared memory to register
366 * @flags: [in/out] Flags to/from registration.
367 * @id: [out] Identifier of the shared memory
368 *
369 * The flags field should currently be zero as input. Updated by the call
370 * with actual flags as defined by TEE_IOCTL_SHM_* above.
371 * This structure is used as argument for TEE_IOC_SHM_REGISTER below.
372 */
373 struct tee_ioctl_shm_register_data {
374 __u64 addr;
375 __u64 length;
376 __u32 flags;
377 __s32 id;
378 };
379
380 /**
381 * TEE_IOC_SHM_REGISTER - Register shared memory argument
382 *
383 * Registers shared memory between the user space process and secure OS.
384 *
385 * Returns a file descriptor on success or < 0 on failure
386 *
387 * The shared memory is unregisterred when the descriptor is closed.
388 */
389 #define TEE_IOC_SHM_REGISTER _IOWR(TEE_IOC_MAGIC, TEE_IOC_BASE + 9, \
390 struct tee_ioctl_shm_register_data)
391 /*
392 * Five syscalls are used when communicating with the TEE driver.
393 * open(): opens the device associated with the driver
394 * ioctl(): as described above operating on the file descriptor from open()
395 * close(): two cases
396 * - closes the device file descriptor
397 * - closes a file descriptor connected to allocated shared memory
398 * mmap(): maps shared memory into user space using information from struct
399 * tee_ioctl_shm_alloc_data
400 * munmap(): unmaps previously shared memory
401 */
402
403 #endif /*__TEE_H*/
Browse
Usage
Versions