From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB1B9C00A89 for ; Thu, 5 Nov 2020 05:14:45 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6BCF92083B for ; Thu, 5 Nov 2020 05:14:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ZR55soFk"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="MycmoIql" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6BCF92083B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=S9TzWHsQhpgWwqdCQr6+rXauXnGNNq4Kmy4d0a+s4Io=; b=ZR55soFkjsKmpAYDezLwMtBJi BXMGZ+tciS2WHRcKZYSuLbBzJjVO5uy+MQsFou3Ao2Stib1WKnEXT2F96GgrbECiJ77yPL3L/NPLf G1ZrMU1VZx2ySqTN8hK4S7l3svnUw89kHnRy8hRn3iHHfIrgmcpXNvqimepLPpCwFVBVN44E3YWA9 lXnFsmFKBbTHurS0BXsc5Vdr2dKyLhqoToDlcPO+F+feRW8BLZFGbj6QnRhwgSAAg9kq6cGh3W/6e G3+5CR6j/P37416b8dT14OLRuj7QQ76RcCfsCZ51tMgB9tE9dl5oRgx8A1YmerSordSaCryyfciGG I96YzzRrg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kaXap-0008Rq-Qr; Thu, 05 Nov 2020 05:13:51 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kaXUx-0005vP-HR for linux-arm-kernel@lists.infradead.org; Thu, 05 Nov 2020 05:08:14 +0000 Received: from kernel.org (83-245-197-237.elisa-laajakaista.fi [83.245.197.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4B0532151B; Thu, 5 Nov 2020 05:07:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604552864; bh=nk1WdBkWqE96DNUgpPnEgglR9AlimFCtq6FRxMGc7xE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=MycmoIqlkHNfLdg/4eGDLGTmTVseEVmjDsa9Y+lDCzshvrSFnTMbODg/YOsr8jpvp bt3wEVqbRwnfEdZ1sVqbgB2ur0kJqMOeax8TzItcBA907CqmsfE2TIGpctankw3exh yiE528psxV5h9SfQ3XD2GJfPmeipD8HjJcN770T4= Date: Thu, 5 Nov 2020 07:07:36 +0200 From: Jarkko Sakkinen To: Sumit Garg Subject: Re: [PATCH v8 0/4] Introduce TEE based Trusted Keys support Message-ID: <20201105050736.GA702944@kernel.org> References: <1604419306-26105-1-git-send-email-sumit.garg@linaro.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1604419306-26105-1-git-send-email-sumit.garg@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201105_000747_832569_C3F24DED X-CRM114-Status: GOOD ( 22.85 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-security-module@vger.kernel.org, daniel.thompson@linaro.org, op-tee@lists.trustedfirmware.org, corbet@lwn.net, jejb@linux.ibm.com, janne.karhunen@gmail.com, linux-doc@vger.kernel.org, jmorris@namei.org, zohar@linux.ibm.com, linux-kernel@vger.kernel.org, dhowells@redhat.com, lhinds@redhat.com, keyrings@vger.kernel.org, jarkko.sakkinen@linux.intel.com, Markus.Wamser@mixed-mode.de, casey@schaufler-ca.com, linux-integrity@vger.kernel.org, jens.wiklander@linaro.org, linux-arm-kernel@lists.infradead.org, serge@hallyn.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Nov 03, 2020 at 09:31:42PM +0530, Sumit Garg wrote: > Add support for TEE based trusted keys where TEE provides the functionality > to seal and unseal trusted keys using hardware unique key. Also, this is > an alternative in case platform doesn't possess a TPM device. > > This patch-set has been tested with OP-TEE based early TA which is already > merged in upstream [1]. Is the new RPI400 computer a platform that can be used for testing patch sets like this? I've been looking for a while something ARM64 based with similar convenience as Intel NUC's, and on the surface this new RPI product looks great for kernel testing purposes. /Jarkko > > [1] https://github.com/OP-TEE/optee_os/commit/f86ab8e7e0de869dfa25ca05a37ee070d7e5b86b > > Changes in v8: > 1. Added static calls support instead of indirect calls. > 2. Documented trusted keys source module parameter. > 3. Refined patch #1 commit message discription. > 4. Addressed misc. comments on patch #2. > 5. Added myself as Trusted Keys co-maintainer instead. > 6. Rebased to latest tpmdd master. > > Changes in v7: > 1. Added a trusted.source module parameter in order to enforce user's > choice in case a particular platform posses both TPM and TEE. > 2. Refine commit description for patch #1. > > Changes in v6: > 1. Revert back to dynamic detection of trust source. > 2. Drop author mention from trusted_core.c and trusted_tpm1.c files. > 3. Rebased to latest tpmdd/master. > > Changes in v5: > 1. Drop dynamic detection of trust source and use compile time flags > instead. > 2. Rename trusted_common.c -> trusted_core.c. > 3. Rename callback: cleanup() -> exit(). > 4. Drop "tk" acronym. > 5. Other misc. comments. > 6. Added review tags for patch #3 and #4. > > Changes in v4: > 1. Pushed independent TEE features separately: > - Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062 > 2. Updated trusted-encrypted doc with TEE as a new trust source. > 3. Rebased onto latest tpmdd/master. > > Changes in v3: > 1. Update patch #2 to support registration of multiple kernel pages. > 2. Incoporate dependency patch #4 in this patch-set: > https://patchwork.kernel.org/patch/11091435/ > > Changes in v2: > 1. Add reviewed-by tags for patch #1 and #2. > 2. Incorporate comments from Jens for patch #3. > 3. Switch to use generic trusted keys framework. > > Sumit Garg (4): > KEYS: trusted: Add generic trusted keys framework > KEYS: trusted: Introduce TEE based Trusted Keys > doc: trusted-encrypted: updates with TEE as a new trust source > MAINTAINERS: Add myself as Trusted Keys co-maintainer > > Documentation/admin-guide/kernel-parameters.txt | 12 + > Documentation/security/keys/trusted-encrypted.rst | 203 +++++++++++-- > MAINTAINERS | 2 + > include/keys/trusted-type.h | 47 +++ > include/keys/trusted_tee.h | 55 ++++ > include/keys/trusted_tpm.h | 17 +- > security/keys/trusted-keys/Makefile | 2 + > security/keys/trusted-keys/trusted_core.c | 354 ++++++++++++++++++++++ > security/keys/trusted-keys/trusted_tee.c | 278 +++++++++++++++++ > security/keys/trusted-keys/trusted_tpm1.c | 336 ++++---------------- > 10 files changed, 979 insertions(+), 327 deletions(-) > create mode 100644 include/keys/trusted_tee.h > create mode 100644 security/keys/trusted-keys/trusted_core.c > create mode 100644 security/keys/trusted-keys/trusted_tee.c > > -- > 2.7.4 > > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel