From: Jens Wiklander <jens.wiklander@linaro.org>
To: op-tee@lists.trustedfirmware.org
Subject: Re: [op-tee] [PATCH v2 0/3] tee: add support for session's client UUID generation
Date: Tue, 12 May 2020 12:56:09 +0200 [thread overview]
Message-ID: <20200512105608.GA6646@jade> (raw)
In-Reply-To: <20200430123711.20083-1-vesa.jaaskelainen@vaisala.com>
[-- Attachment #1: Type: text/plain, Size: 2385 bytes --]
On Thu, Apr 30, 2020 at 03:37:08PM +0300, Vesa Jääskeläinen wrote:
> TEE Client API defines that from user space only information needed for
> specified login operations is group identifier for group based logins.
>
> REE kernel is expected to formulate trustworthy client UUID and pass that
> to TEE environment. REE kernel is required to verify that provided group
> identifier for group based logins matches calling processes group
> memberships.
>
> TEE specification only defines that the information passed from REE
> environment to TEE environment is encoded into on UUID.
>
> In order to guarantee trustworthiness of client UUID user space is not
> allowed to freely pass client UUID.
>
> Vesa Jääskeläinen (3):
> tee: add support for session's client UUID generation
> tee: optee: Add support for session login client UUID generation
I'm picking up these two patches.
> [RFC] tee: add support for app id for client UUID generation
I'm waiting with this patch until we've reached some conclusion.
Thanks,
Jens
>
> drivers/tee/Kconfig | 1 +
> drivers/tee/optee/call.c | 6 +-
> drivers/tee/tee_core.c | 211 +++++++++++++++++++++++++++++++++++++++
> include/linux/tee_drv.h | 16 +++
> 4 files changed, 233 insertions(+), 1 deletion(-)
>
> --
> 2.17.1
>
> Changes v1->v2:
>
> * Changed goto labels to be more logical
> * Capture error if formatted string for UUIDv5 does not fit into buffer
>
> Notes:
>
> This patcheset has been designed so that it can be iteratively intergrated
> meaning that the application ID (RFC patch) part can be left for later when
> there is agreed solution for that.
>
> TEE specification leaves Linux behavior undefined. It does not define any
> UUID value for name space. UUID in here is randomly generated with uuidgen
> tool.
>
> I have also include amdtee people as this method probably should also be
> applied in there.
>
> Using op-tee(a)lists.trustedfirmware.org instead of tee-dev(a)lists.linaro.org as
> latter is deprecated old list.
>
> Original issue in OP-TEE OS tracker:
> https://github.com/OP-TEE/optee_os/issues/3642
>
> Related reviews and demonstration for the concept:
> https://github.com/linaro-swg/linux/pull/74
> https://github.com/OP-TEE/optee_client/pull/195
> https://github.com/OP-TEE/optee_test/pull/406
WARNING: multiple messages have this Message-ID (diff)
From: Jens Wiklander <jens.wiklander@linaro.org>
To: "Vesa Jääskeläinen" <vesa.jaaskelainen@vaisala.com>
Cc: op-tee@lists.trustedfirmware.org,
Rijo Thomas <Rijo-john.Thomas@amd.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Dan Carpenter <dan.carpenter@oracle.com>,
Devaraj Rangasamy <Devaraj.Rangasamy@amd.com>,
Hongbo Yao <yaohongbo@huawei.com>,
Colin Ian King <colin.king@canonical.com>,
linux-kernel@vger.kernel.org, tee-dev@lists.linaro.org
Subject: Re: [PATCH v2 0/3] tee: add support for session's client UUID generation
Date: Tue, 12 May 2020 12:56:09 +0200 [thread overview]
Message-ID: <20200512105608.GA6646@jade> (raw)
In-Reply-To: <20200430123711.20083-1-vesa.jaaskelainen@vaisala.com>
On Thu, Apr 30, 2020 at 03:37:08PM +0300, Vesa Jääskeläinen wrote:
> TEE Client API defines that from user space only information needed for
> specified login operations is group identifier for group based logins.
>
> REE kernel is expected to formulate trustworthy client UUID and pass that
> to TEE environment. REE kernel is required to verify that provided group
> identifier for group based logins matches calling processes group
> memberships.
>
> TEE specification only defines that the information passed from REE
> environment to TEE environment is encoded into on UUID.
>
> In order to guarantee trustworthiness of client UUID user space is not
> allowed to freely pass client UUID.
>
> Vesa Jääskeläinen (3):
> tee: add support for session's client UUID generation
> tee: optee: Add support for session login client UUID generation
I'm picking up these two patches.
> [RFC] tee: add support for app id for client UUID generation
I'm waiting with this patch until we've reached some conclusion.
Thanks,
Jens
>
> drivers/tee/Kconfig | 1 +
> drivers/tee/optee/call.c | 6 +-
> drivers/tee/tee_core.c | 211 +++++++++++++++++++++++++++++++++++++++
> include/linux/tee_drv.h | 16 +++
> 4 files changed, 233 insertions(+), 1 deletion(-)
>
> --
> 2.17.1
>
> Changes v1->v2:
>
> * Changed goto labels to be more logical
> * Capture error if formatted string for UUIDv5 does not fit into buffer
>
> Notes:
>
> This patcheset has been designed so that it can be iteratively intergrated
> meaning that the application ID (RFC patch) part can be left for later when
> there is agreed solution for that.
>
> TEE specification leaves Linux behavior undefined. It does not define any
> UUID value for name space. UUID in here is randomly generated with uuidgen
> tool.
>
> I have also include amdtee people as this method probably should also be
> applied in there.
>
> Using op-tee@lists.trustedfirmware.org instead of tee-dev@lists.linaro.org as
> latter is deprecated old list.
>
> Original issue in OP-TEE OS tracker:
> https://github.com/OP-TEE/optee_os/issues/3642
>
> Related reviews and demonstration for the concept:
> https://github.com/linaro-swg/linux/pull/74
> https://github.com/OP-TEE/optee_client/pull/195
> https://github.com/OP-TEE/optee_test/pull/406
next prev parent reply other threads:[~2020-05-12 10:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-30 12:37 [op-tee] [PATCH v2 0/3] tee: add support for session's client UUID generation Vesa Jääskeläinen
2020-04-30 12:37 ` Vesa Jääskeläinen
2020-04-30 12:37 ` [op-tee] [PATCH v2 1/3] " Vesa Jääskeläinen
2020-04-30 12:37 ` Vesa Jääskeläinen
2020-04-30 12:37 ` [op-tee] [PATCH v2 2/3] tee: optee: Add support for session login " Vesa Jääskeläinen
2020-04-30 12:37 ` Vesa Jääskeläinen
2020-04-30 12:37 ` [op-tee] [PATCH v2 3/3] [RFC] tee: add support for app id for " Vesa Jääskeläinen
2020-04-30 12:37 ` Vesa Jääskeläinen
2020-05-12 10:56 ` Jens Wiklander [this message]
2020-05-12 10:56 ` [PATCH v2 0/3] tee: add support for session's " Jens Wiklander
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200512105608.GA6646@jade \
--to=jens.wiklander@linaro.org \
--cc=op-tee@lists.trustedfirmware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.