.../bindings/remoteproc/st,stm32-rproc.yaml | 58 +- drivers/remoteproc/Kconfig | 10 + drivers/remoteproc/Makefile | 1 + drivers/remoteproc/remoteproc_core.c | 52 ++ drivers/remoteproc/remoteproc_internal.h | 6 + drivers/remoteproc/remoteproc_tee.c | 619 ++++++++++++++++++ drivers/remoteproc/stm32_rproc.c | 139 +++- include/linux/remoteproc.h | 4 + include/linux/remoteproc_tee.h | 90 +++ 9 files changed, 935 insertions(+), 44 deletions(-) create mode 100644 drivers/remoteproc/remoteproc_tee.c create mode 100644 include/linux/remoteproc_tee.h
Hello Bjorn and Mathieu,
I am resending this series after waiting for over two months for Bjorn's
feedback, despite a prior reminder.
Please could you coordinate between yourselves to determine who will continue
reviewing this series? It would be greatly appreciated if the review could
proceed within a more reasonable timeframe.
Thanks in advance and best regards,
Arnaud
Main updates from version V15[1]:
- Removed the rproc_ops:load_fw() operation introduced in the previous version.
- Returned to managing the remoteproc firmware loading in rproc_tee_parse_fw to
load and authenticate the firmware before getting the resource table.
- Added spinlock and dev_link mechanisms in remoteproc TEE to better manage
bind/unbind.
More details are available in each patch commit message.
[1] https://lore.kernel.org/linux-remoteproc/20241128084219.2159197-7-arnaud.pouliquen@foss.st.com/T/
Tested-on: commit 0ff41df1cb26 ("Linux 6.15")
Description of the feature:
--------------------------
This series proposes the implementation of a remoteproc tee driver to
communicate with a TEE trusted application responsible for authenticating
and loading the remoteproc firmware image in an Arm secure context.
1) Principle:
The remoteproc tee driver provides services to communicate with the OP-TEE
trusted application running on the Trusted Execution Context (TEE).
The trusted application in TEE manages the remote processor lifecycle:
- authenticating and loading firmware images,
- isolating and securing the remote processor memories,
- supporting multi-firmware (e.g., TF-M + Zephyr on a Cortex-M33),
- managing the start and stop of the firmware by the TEE.
2) Format of the signed image:
Refer to:
https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/src/remoteproc_core.c#L18-L57
3) OP-TEE trusted application API:
Refer to:
https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/include/ta_remoteproc.h
4) OP-TEE signature script
Refer to:
https://github.com/OP-TEE/optee_os/blob/master/scripts/sign_rproc_fw.py
Example of usage:
sign_rproc_fw.py --in <fw1.elf> --in <fw2.elf> --out <signed_fw.sign> --key ${OP-TEE_PATH}/keys/default.pem
5) Impact on User space Application
No sysfs impact. The user only needs to provide the signed firmware image
instead of the ELF image.
For more information about the implementation, a presentation is available here
(note that the format of the signed image has evolved between the presentation
and the integration in OP-TEE).
https://resources.linaro.org/en/resource/6c5bGvZwUAjX56fvxthxds
Arnaud Pouliquen (6):
remoteproc: core: Introduce rproc_pa_to_va helper
remoteproc: Add TEE support
remoteproc: Introduce release_fw optional operation
dt-bindings: remoteproc: Add compatibility for TEE support
remoteproc: stm32: Create sub-functions to request shutdown and
release
remoteproc: stm32: Add support of an OP-TEE TA to load the firmware
.../bindings/remoteproc/st,stm32-rproc.yaml | 58 +-
drivers/remoteproc/Kconfig | 10 +
drivers/remoteproc/Makefile | 1 +
drivers/remoteproc/remoteproc_core.c | 52 ++
drivers/remoteproc/remoteproc_internal.h | 6 +
drivers/remoteproc/remoteproc_tee.c | 619 ++++++++++++++++++
drivers/remoteproc/stm32_rproc.c | 139 +++-
include/linux/remoteproc.h | 4 +
include/linux/remoteproc_tee.h | 90 +++
9 files changed, 935 insertions(+), 44 deletions(-)
create mode 100644 drivers/remoteproc/remoteproc_tee.c
create mode 100644 include/linux/remoteproc_tee.h
base-commit: 0ff41df1cb268fc69e703a08a57ee14ae967d0ca
--
2.25.1
On Tue, Jun 03, 2025 at 12:08:02PM +0200, Arnaud Pouliquen wrote:
> Hello Bjorn and Mathieu,
>
> I am resending this series after waiting for over two months for Bjorn's
> feedback, despite a prior reminder.
>
> Please could you coordinate between yourselves to determine who will continue
> reviewing this series? It would be greatly appreciated if the review could
> proceed within a more reasonable timeframe.
>
> Thanks in advance and best regards,
> Arnaud
>
>
> Main updates from version V15[1]:
> - Removed the rproc_ops:load_fw() operation introduced in the previous version.
> - Returned to managing the remoteproc firmware loading in rproc_tee_parse_fw to
> load and authenticate the firmware before getting the resource table.
> - Added spinlock and dev_link mechanisms in remoteproc TEE to better manage
> bind/unbind.
>
Have all pending issues been resolved or is there still questions about some
aspects of the design?
> More details are available in each patch commit message.
>
> [1] https://lore.kernel.org/linux-remoteproc/20241128084219.2159197-7-arnaud.pouliquen@foss.st.com/T/
>
> Tested-on: commit 0ff41df1cb26 ("Linux 6.15")
>
> Description of the feature:
> --------------------------
> This series proposes the implementation of a remoteproc tee driver to
> communicate with a TEE trusted application responsible for authenticating
> and loading the remoteproc firmware image in an Arm secure context.
>
> 1) Principle:
>
> The remoteproc tee driver provides services to communicate with the OP-TEE
> trusted application running on the Trusted Execution Context (TEE).
> The trusted application in TEE manages the remote processor lifecycle:
>
> - authenticating and loading firmware images,
> - isolating and securing the remote processor memories,
> - supporting multi-firmware (e.g., TF-M + Zephyr on a Cortex-M33),
> - managing the start and stop of the firmware by the TEE.
>
> 2) Format of the signed image:
>
> Refer to:
> https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/src/remoteproc_core.c#L18-L57
>
> 3) OP-TEE trusted application API:
>
> Refer to:
> https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/include/ta_remoteproc.h
>
> 4) OP-TEE signature script
>
> Refer to:
> https://github.com/OP-TEE/optee_os/blob/master/scripts/sign_rproc_fw.py
>
> Example of usage:
> sign_rproc_fw.py --in <fw1.elf> --in <fw2.elf> --out <signed_fw.sign> --key ${OP-TEE_PATH}/keys/default.pem
>
>
> 5) Impact on User space Application
>
> No sysfs impact. The user only needs to provide the signed firmware image
> instead of the ELF image.
>
>
> For more information about the implementation, a presentation is available here
> (note that the format of the signed image has evolved between the presentation
> and the integration in OP-TEE).
>
> https://resources.linaro.org/en/resource/6c5bGvZwUAjX56fvxthxds
>
> Arnaud Pouliquen (6):
> remoteproc: core: Introduce rproc_pa_to_va helper
> remoteproc: Add TEE support
> remoteproc: Introduce release_fw optional operation
> dt-bindings: remoteproc: Add compatibility for TEE support
> remoteproc: stm32: Create sub-functions to request shutdown and
> release
> remoteproc: stm32: Add support of an OP-TEE TA to load the firmware
>
> .../bindings/remoteproc/st,stm32-rproc.yaml | 58 +-
> drivers/remoteproc/Kconfig | 10 +
> drivers/remoteproc/Makefile | 1 +
> drivers/remoteproc/remoteproc_core.c | 52 ++
> drivers/remoteproc/remoteproc_internal.h | 6 +
> drivers/remoteproc/remoteproc_tee.c | 619 ++++++++++++++++++
> drivers/remoteproc/stm32_rproc.c | 139 +++-
> include/linux/remoteproc.h | 4 +
> include/linux/remoteproc_tee.h | 90 +++
> 9 files changed, 935 insertions(+), 44 deletions(-)
> create mode 100644 drivers/remoteproc/remoteproc_tee.c
> create mode 100644 include/linux/remoteproc_tee.h
>
>
> base-commit: 0ff41df1cb268fc69e703a08a57ee14ae967d0ca
> --
> 2.25.1
>
Hello Mathieu,
On 6/9/25 17:23, Mathieu Poirier wrote:
> On Tue, Jun 03, 2025 at 12:08:02PM +0200, Arnaud Pouliquen wrote:
>> Hello Bjorn and Mathieu,
>>
>> I am resending this series after waiting for over two months for Bjorn's
>> feedback, despite a prior reminder.
>>
>> Please could you coordinate between yourselves to determine who will continue
>> reviewing this series? It would be greatly appreciated if the review could
>> proceed within a more reasonable timeframe.
>>
>> Thanks in advance and best regards,
>> Arnaud
>>
>>
>> Main updates from version V15[1]:
>> - Removed the rproc_ops:load_fw() operation introduced in the previous version.
>> - Returned to managing the remoteproc firmware loading in rproc_tee_parse_fw to
>> load and authenticate the firmware before getting the resource table.
>> - Added spinlock and dev_link mechanisms in remoteproc TEE to better manage
>> bind/unbind.
>>
>
> Have all pending issues been resolved or is there still questions about some
> aspects of the design?
>
No pending issues on my side.
In terms of design, I resend an equivalent of the V13 design incorporating
Bjorn's comments on V15.
The pending questions are:
- is that V13/V16 is aligned with Bjorn's expectations[1].
- are you also aligned on this design even if you proposed an alternative that
implemented in V14 and V15
Few details on the V13/V16 design:
The main point of discussion is the rproc_tee_parse_fw() implementation.
In V13, this function loaded the firmware and then parses the resource table.
You proposed an alternative, to add a new rproc->load ops
in the remoteproc core instead (implemented in V14 and V15).
Bjorn expressed concerns about this and proposed a solution that, from my
understanding, is equivalent to the V13 implementation.
Thanks,
Arnaud
[1] https://lkml.org/lkml/2025/3/5/906
>> More details are available in each patch commit message.
>>
>> [1] https://lore.kernel.org/linux-remoteproc/20241128084219.2159197-7-arnaud.pouliquen@foss.st.com/T/
>>
>> Tested-on: commit 0ff41df1cb26 ("Linux 6.15")
>>
>> Description of the feature:
>> --------------------------
>> This series proposes the implementation of a remoteproc tee driver to
>> communicate with a TEE trusted application responsible for authenticating
>> and loading the remoteproc firmware image in an Arm secure context.
>>
>> 1) Principle:
>>
>> The remoteproc tee driver provides services to communicate with the OP-TEE
>> trusted application running on the Trusted Execution Context (TEE).
>> The trusted application in TEE manages the remote processor lifecycle:
>>
>> - authenticating and loading firmware images,
>> - isolating and securing the remote processor memories,
>> - supporting multi-firmware (e.g., TF-M + Zephyr on a Cortex-M33),
>> - managing the start and stop of the firmware by the TEE.
>>
>> 2) Format of the signed image:
>>
>> Refer to:
>> https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/src/remoteproc_core.c#L18-L57
>>
>> 3) OP-TEE trusted application API:
>>
>> Refer to:
>> https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/include/ta_remoteproc.h
>>
>> 4) OP-TEE signature script
>>
>> Refer to:
>> https://github.com/OP-TEE/optee_os/blob/master/scripts/sign_rproc_fw.py
>>
>> Example of usage:
>> sign_rproc_fw.py --in <fw1.elf> --in <fw2.elf> --out <signed_fw.sign> --key ${OP-TEE_PATH}/keys/default.pem
>>
>>
>> 5) Impact on User space Application
>>
>> No sysfs impact. The user only needs to provide the signed firmware image
>> instead of the ELF image.
>>
>>
>> For more information about the implementation, a presentation is available here
>> (note that the format of the signed image has evolved between the presentation
>> and the integration in OP-TEE).
>>
>> https://resources.linaro.org/en/resource/6c5bGvZwUAjX56fvxthxds
>>
>> Arnaud Pouliquen (6):
>> remoteproc: core: Introduce rproc_pa_to_va helper
>> remoteproc: Add TEE support
>> remoteproc: Introduce release_fw optional operation
>> dt-bindings: remoteproc: Add compatibility for TEE support
>> remoteproc: stm32: Create sub-functions to request shutdown and
>> release
>> remoteproc: stm32: Add support of an OP-TEE TA to load the firmware
>>
>> .../bindings/remoteproc/st,stm32-rproc.yaml | 58 +-
>> drivers/remoteproc/Kconfig | 10 +
>> drivers/remoteproc/Makefile | 1 +
>> drivers/remoteproc/remoteproc_core.c | 52 ++
>> drivers/remoteproc/remoteproc_internal.h | 6 +
>> drivers/remoteproc/remoteproc_tee.c | 619 ++++++++++++++++++
>> drivers/remoteproc/stm32_rproc.c | 139 +++-
>> include/linux/remoteproc.h | 4 +
>> include/linux/remoteproc_tee.h | 90 +++
>> 9 files changed, 935 insertions(+), 44 deletions(-)
>> create mode 100644 drivers/remoteproc/remoteproc_tee.c
>> create mode 100644 include/linux/remoteproc_tee.h
>>
>>
>> base-commit: 0ff41df1cb268fc69e703a08a57ee14ae967d0ca
>> --
>> 2.25.1
>>
On Mon, 9 Jun 2025 at 10:33, Arnaud POULIQUEN
<arnaud.pouliquen@foss.st.com> wrote:
>
> Hello Mathieu,
>
> On 6/9/25 17:23, Mathieu Poirier wrote:
> > On Tue, Jun 03, 2025 at 12:08:02PM +0200, Arnaud Pouliquen wrote:
> >> Hello Bjorn and Mathieu,
> >>
> >> I am resending this series after waiting for over two months for Bjorn's
> >> feedback, despite a prior reminder.
> >>
> >> Please could you coordinate between yourselves to determine who will continue
> >> reviewing this series? It would be greatly appreciated if the review could
> >> proceed within a more reasonable timeframe.
> >>
> >> Thanks in advance and best regards,
> >> Arnaud
> >>
> >>
> >> Main updates from version V15[1]:
> >> - Removed the rproc_ops:load_fw() operation introduced in the previous version.
> >> - Returned to managing the remoteproc firmware loading in rproc_tee_parse_fw to
> >> load and authenticate the firmware before getting the resource table.
> >> - Added spinlock and dev_link mechanisms in remoteproc TEE to better manage
> >> bind/unbind.
> >>
> >
> > Have all pending issues been resolved or is there still questions about some
> > aspects of the design?
> >
>
> No pending issues on my side.
>
> In terms of design, I resend an equivalent of the V13 design incorporating
> Bjorn's comments on V15.
> The pending questions are:
> - is that V13/V16 is aligned with Bjorn's expectations[1].
> - are you also aligned on this design even if you proposed an alternative that
> implemented in V14 and V15
> Few details on the V13/V16 design:
>
> The main point of discussion is the rproc_tee_parse_fw() implementation.
> In V13, this function loaded the firmware and then parses the resource table.
>
> You proposed an alternative, to add a new rproc->load ops
> in the remoteproc core instead (implemented in V14 and V15).
> Bjorn expressed concerns about this and proposed a solution that, from my
> understanding, is equivalent to the V13 implementation.
>
As far as I can tell, the only difference in this revision is the
loading of the firmware as part of rproc_tee_parse_fw(). I haven't
followed the thread but I am sure Bjorn had a good reason for that and
I am in agreement with this approach.
> Thanks,
> Arnaud
>
>
> [1] https://lkml.org/lkml/2025/3/5/906
>
> >> More details are available in each patch commit message.
> >>
> >> [1] https://lore.kernel.org/linux-remoteproc/20241128084219.2159197-7-arnaud.pouliquen@foss.st.com/T/
> >>
> >> Tested-on: commit 0ff41df1cb26 ("Linux 6.15")
> >>
> >> Description of the feature:
> >> --------------------------
> >> This series proposes the implementation of a remoteproc tee driver to
> >> communicate with a TEE trusted application responsible for authenticating
> >> and loading the remoteproc firmware image in an Arm secure context.
> >>
> >> 1) Principle:
> >>
> >> The remoteproc tee driver provides services to communicate with the OP-TEE
> >> trusted application running on the Trusted Execution Context (TEE).
> >> The trusted application in TEE manages the remote processor lifecycle:
> >>
> >> - authenticating and loading firmware images,
> >> - isolating and securing the remote processor memories,
> >> - supporting multi-firmware (e.g., TF-M + Zephyr on a Cortex-M33),
> >> - managing the start and stop of the firmware by the TEE.
> >>
> >> 2) Format of the signed image:
> >>
> >> Refer to:
> >> https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/src/remoteproc_core.c#L18-L57
> >>
> >> 3) OP-TEE trusted application API:
> >>
> >> Refer to:
> >> https://github.com/OP-TEE/optee_os/blob/master/ta/remoteproc/include/ta_remoteproc.h
> >>
> >> 4) OP-TEE signature script
> >>
> >> Refer to:
> >> https://github.com/OP-TEE/optee_os/blob/master/scripts/sign_rproc_fw.py
> >>
> >> Example of usage:
> >> sign_rproc_fw.py --in <fw1.elf> --in <fw2.elf> --out <signed_fw.sign> --key ${OP-TEE_PATH}/keys/default.pem
> >>
> >>
> >> 5) Impact on User space Application
> >>
> >> No sysfs impact. The user only needs to provide the signed firmware image
> >> instead of the ELF image.
> >>
> >>
> >> For more information about the implementation, a presentation is available here
> >> (note that the format of the signed image has evolved between the presentation
> >> and the integration in OP-TEE).
> >>
> >> https://resources.linaro.org/en/resource/6c5bGvZwUAjX56fvxthxds
> >>
> >> Arnaud Pouliquen (6):
> >> remoteproc: core: Introduce rproc_pa_to_va helper
> >> remoteproc: Add TEE support
> >> remoteproc: Introduce release_fw optional operation
> >> dt-bindings: remoteproc: Add compatibility for TEE support
> >> remoteproc: stm32: Create sub-functions to request shutdown and
> >> release
> >> remoteproc: stm32: Add support of an OP-TEE TA to load the firmware
> >>
> >> .../bindings/remoteproc/st,stm32-rproc.yaml | 58 +-
> >> drivers/remoteproc/Kconfig | 10 +
> >> drivers/remoteproc/Makefile | 1 +
> >> drivers/remoteproc/remoteproc_core.c | 52 ++
> >> drivers/remoteproc/remoteproc_internal.h | 6 +
> >> drivers/remoteproc/remoteproc_tee.c | 619 ++++++++++++++++++
> >> drivers/remoteproc/stm32_rproc.c | 139 +++-
> >> include/linux/remoteproc.h | 4 +
> >> include/linux/remoteproc_tee.h | 90 +++
> >> 9 files changed, 935 insertions(+), 44 deletions(-)
> >> create mode 100644 drivers/remoteproc/remoteproc_tee.c
> >> create mode 100644 include/linux/remoteproc_tee.h
> >>
> >>
> >> base-commit: 0ff41df1cb268fc69e703a08a57ee14ae967d0ca
> >> --
> >> 2.25.1
> >>
© 2016 - 2025 Red Hat, Inc.