Add Widevine related device tree options support

[qazwsxedcrfvtg14]

On the new ChromeOS mediatek platform, we will use the device tree to pass hardware unique key and the parameters for widevine TA.

BTW, should we also put the device tree binding document in the OP-TEE repo?
Because the Linux upstream says the OP-TEE only DT bindings don't belong in the kernel.
https://lore.kernel.org/all/20230918194235.GA1548023-robh@kernel.org/

[jbech-linaro]

As a generic comment I think we'd like to change this to transfer lists, transfer elements in the future. But until that is in place DT works.

[qazwsxedcrfvtg14]

Added a new commit to resolve comments.

[jbech-linaro]

I think this is good now, please add my tag, rebase it and squash the patches accordingly so we merge it. Thanks!

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

[qazwsxedcrfvtg14]

Rebased and squashed the patches.
Thanks!

[jforissier]

@qazwsxedcrfvtg14 please address the checkpatch issues (CI / Code style job). You may use the sentence you put in this PR ("On the new ChromeOS mediatek platform, we will use the device tree to pass hardware unique key and the parameters for widevine TA.").
Thanks.

[etienne-lms]

Are these DT bindings (DT node pathes as /options/ and property names) generic? Are they OP-TEE specific (e.g optee-hardware-unique-key) ? If these are to be deprecated once Firmware Handoff Transfer List is merged, is it worth merging this change now?

The commit message lacks a description, see CI Code Style result that also reports another issue).

[qazwsxedcrfvtg14]

Resolved the comments.

BTW, I'm not sure about the status of "Firmware Handoff Transfer List"...
@Narflex do we have any plans for that?

[Narflex]

Resolved the comments.

BTW, I'm not sure about the status of "Firmware Handoff Transfer List"... @Narflex do we have any plans for that?

I'm not sure about our future plans for that, but it's not in the timeline for this change, so please proceed with this change as-is.

[etienne-lms]

so please proceed with this change as-is.

Please check first that such /options/ DT node paths and new DT property are not a open door to messy DT bindings.
DT bindings is a spec. It should remain somewhat consistent. Thanks for #6418, that helps discussion on a real proposal. Is it clear who is in charge of maintaining these bindings evolution and consistency. It seems the pointed discussion thread did not lead to a definitive consensus. Unless I missed something in which case I apologies for being noisy.

[Narflex]

so please proceed with this change as-is.

Please check first that such /options/ DT node paths and new DT property are not a open door to messy DT bindings. DT bindings is a spec. It should remain somewhat consistent. Thanks for #6418, that helps discussion on a real proposal. Is it clear who is in charge of maintaining these bindings evolution and consistency. It seems the pointed discussion thread did not lead to a definitive consensus. Unless I missed something in which case I apologies for being noisy.

The DT bindings being added here are being documented in OP-TEE as you pointed out, so I would figure OP-TEE maintainers would be the ones maintaining the evolution/consistency of that if anything else gets added there in the future. Originally we tried to get these documented in the linux kernel, but got pushback on that which is why they ended up in OP-TEE....and I think that stance will continue to be taken where DT bindings should get added to kernel documentation unless there is pushback on that end, in which case they'd end up in OP-TEE.

[qazwsxedcrfvtg14]

Rebased and resolved the conflicts with master branch.

[qazwsxedcrfvtg14]

Resolved the comments.

[etienne-lms]

I would rather wait the DT bindings are acked before merging this change.

I still find curious that Widevine mandates the whole OP-TEE to rely on a HUK provided by DT "/options/op-tee/widevine" node without other strict constraints on how this HUK is derived. I also think it puts some restrictions on integration of other TAs when the Widevine TA is to be supported, which maybe makes sense.

[jbech-linaro]

I'm adding the "enhancement" tag, so this won't be closed automatically and since I want this to be merged in one or another way at some point. I do believe this will take some time to sort out. We've just this week had a first call between stakeholders interested in this and we concluded that we have to start with working out the Linux kernel side of things. The secure side, will be a topic in the future when the Linux kernel side of story seems to fall in place. For more information (and a recording of the meeting), please see the topics discussed here.

[qazwsxedcrfvtg14]

The device tree binding is merged in the optee_docs:
OP-TEE/optee_docs#230

And rebased the PR.

[jbech-linaro]

@jforissier @jenswi-linaro anything else you'd like to add?

[jenswi-linaro]

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

[jforissier]

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

[Narflex]

Can we get this PR merged now?

[jforissier]

@Narflex yes, sorry for the delay.