Pull TEE driver infrastructure and OP-TEE drivers from Arnd Bergmann:
"This introduces a generic TEE framework in the kernel, to handle
trusted environemtns (security coprocessor or software implementations
such as OP-TEE/TrustZone). I'm sending it separately from the other
arm-soc driver changes to give it a little more visibility, once the
subsystem is merged, we will likely keep this in the arm₋soc drivers
branch or have the maintainers submit pull requests directly,
depending on the patch volume.
I have reviewed earlier versions in the past, and have reviewed the
latest version in person during Linaro Connect BUD17.
Here is my overall assessment of the subsystem:
- There is clearly demand for this, both for the generic
infrastructure and the specific OP-TEE implementation.
- The code has gone through a large number of reviews, and the review
comments have all been addressed, but the reviews were not coming
up with serious issues any more and nobody volunteered to vouch for
- The user space ioctl interface is sufficient to work with the
OP-TEE driver, and it should in principle work with other TEE
implementations that follow the GlobalPlatform standards, but it
might need to be extended in minor ways depending on specific
requirements of future TEE implementations
- The main downside of the API to me is how the user space is tied to
the TEE implementation in hardware or firmware, but uses a generic
way to communicate with it. This seems to be an inherent problem
with what it is trying to do, and I could not come up with any
better solution than what is implemented here.
For a detailed history of the patch series, see
* tag 'armsoc-tee' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
arm64: dt: hikey: Add optee node
Documentation: tee subsystem and op-tee driver
tee: add OP-TEE driver
tee: generic TEE subsystem
dt/bindings: add bindings for optee