Skip to content

Commit c7a87fa

Browse files
author
liushiwei
committed
Added TEE SBI Extension description
To support secure service running, cpu running environments are divided into Trusted execution environment (TEE) and Rich Execution Environment (REE). This section describes how to switch between REE and TEE and how to start TEE. Signed-off-by: liushiwei <[email protected]>
1 parent 804ec74 commit c7a87fa

File tree

3 files changed

+72
-0
lines changed

3 files changed

+72
-0
lines changed

riscv-sbi-tee1.png

73.6 KB
Loading

riscv-sbi-tee2.png

29.5 KB
Loading

riscv-sbi.adoc

Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1682,3 +1682,75 @@ Low bits from `mvendorid`.
16821682
Low bits is SBI implementation ID. The firmware specific SBI extensions are
16831683
for SBI implementations. It provides firmware specific SBI functions which
16841684
are defined in the external firmware specification.
1685+
1686+
== Trusted Execution Environment SBI Extension Space (EID #0x544545 "TEE")
1687+
The Trusted Execution Environment Unit Extension divides cpu Execution
1688+
Environment into two parts: REE (Rich Execution Environment) and TEE
1689+
(Trusted execution environment), As shown in the picture below <<fig_tee1>>.
1690+
To enable some applications to perform security-related services,
1691+
which are placed in TEE.
1692+
1693+
[#fig_tee1]
1694+
.SBI TEE extensions runtimes
1695+
image::riscv-sbi-tee1.png[width=1007,height=464]
1696+
1697+
Well, one option is REE runs linux, TEE runs optee-os.
1698+
When starting a security service, REE needs to convey 8 parameters
1699+
to TEE according to optee-os standard,
1700+
and TEE needs to return 4 parameters to REE when TEE is finished.
1701+
So linux needs to pass 10 parameters to opensbi. I use the a0-a7,
1702+
t0, t1 register. the newly added correlation parameters,
1703+
one conveying 0x544545 indicating that this is a TEE extension,
1704+
and the other conveying the caller status indicating
1705+
it is from REE or from TEE. Unlike other SBI extensions contexts saved,
1706+
In the tee process, not only sbi_trap_regs but also CSRs of S mode
1707+
should be saved including all calls from REE and some calls from TEE.
1708+
1709+
I added a new structure sbi_save_context, It contains sbi_trap_regs
1710+
structure and the csr registers that TEE OS uses in S mode.
1711+
[source, C]
1712+
----
1713+
struct sbi_save_context {
1714+
struct sbi_trap_regs regs;
1715+
unsigned long sepc;
1716+
unsigned long satp;
1717+
unsigned long sstatus;
1718+
unsigned long sie;
1719+
unsigned long stvec;
1720+
unsigned long sscratch;
1721+
unsigned long scounteren;
1722+
unsigned long scause;
1723+
unsigned long stval;
1724+
unsigned long sip;
1725+
};
1726+
----
1727+
The design needs to define context-saved arrays based on the number of cores.
1728+
[source, C]
1729+
----
1730+
struct sbi_save_context nsec_cpu_context[OPTEED_CORE_COUNT];
1731+
struct sbi_save_context sec_cpu_context[OPTEED_CORE_COUNT];
1732+
----
1733+
nsec_cpu_context holds the context of REE and sec_cpu_context holds the context of TEE.
1734+
When REE is called to TEE, opensbi needs to populate the corresponding
1735+
nsec_cpu_context structure based on the register value, It then fills registers
1736+
according to the sec_cpu_context structure value and enters optee os via the mret instruction.
1737+
The optee os calls the ecall instruction to access opensbi after completing its own job.
1738+
When TEE is called to REE, opensbi needs to restore the linux context with
1739+
the value of the nsec_cpu_context structure. In this case, there is no need
1740+
to save the optee os context, which is saved when the startup phase returns.
1741+
1742+
1743+
REE S mode CSRs is derived from linux, and TEE S mode CSRs is derived
1744+
from optee os initialization. Upon startup, opensbi will add
1745+
a tee_os_init function before sbi_hart_switch_mode.
1746+
tee_os_init will jump to optee os for initialization.
1747+
The startup address of optee os is configured using configuration items.
1748+
After the initialization is complete, it returns to opensbi.
1749+
The return parameter holds the optee os entry address of the runtime,
1750+
and it gets TEE S mode CSRs. Then go back to the previous execution process
1751+
to start linux. The same function is used to boot the secondary hart.
1752+
The following figure(<<fig_tee2>>) shows the startup process.
1753+
1754+
[#fig_tee2]
1755+
.SBI TEE extensions boot flow
1756+
image::riscv-sbi-tee2.png[width=975,height=527]

0 commit comments

Comments
 (0)