From: Mikko Rapeli <mikko.rapeli@linaro.org>
To: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Manuel Traut <manut@mecka.net>,
linux-kernel@vger.kernel.org, linux-mmc@vger.kernel.org,
op-tee@lists.trustedfirmware.org,
Shyam Saini <shyamsaini@linux.microsoft.com>,
Ulf Hansson <ulf.hansson@linaro.org>,
Linus Walleij <linus.walleij@linaro.org>,
Jerome Forissier <jerome.forissier@linaro.org>,
Sumit Garg <sumit.garg@linaro.org>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Bart Van Assche <bvanassche@acm.org>,
Randy Dunlap <rdunlap@infradead.org>,
Ard Biesheuvel <ardb@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH v7 4/4] optee: probe RPMB device using RPMB subsystem
Date: Tue, 11 Jun 2024 12:02:12 +0900 [thread overview]
Message-ID: <Zme-NMa3Bvp2h7aL@nuoska> (raw)
In-Reply-To: <CAHUa44GAiUf9+PxqhXOwGfOuc250YDyJ7uzGe2B1bGmBw2iegg@mail.gmail.com>
Hi,
On Mon, Jun 10, 2024 at 02:52:31PM +0200, Jens Wiklander wrote:
> Hi Manuel,
>
> On Mon, Jun 3, 2024 at 11:10 AM Manuel Traut <manut@mecka.net> wrote:
> >
> > On 14:13 Mon 27 May , Jens Wiklander wrote:
> > > --- a/drivers/tee/optee/ffa_abi.c
> > > +++ b/drivers/tee/optee/ffa_abi.c
> > > @@ -7,6 +7,7 @@
> > >
> > > #include <linux/arm_ffa.h>
> > > #include <linux/errno.h>
> > > +#include <linux/rpmb.h>
> > > #include <linux/scatterlist.h>
> > > #include <linux/sched.h>
> > > #include <linux/slab.h>
> > > @@ -903,6 +904,10 @@ static int optee_ffa_probe(struct ffa_device *ffa_dev)
> > > optee->ffa.bottom_half_value = U32_MAX;
> > > optee->rpc_param_count = rpc_param_count;
> > >
> > > + if (IS_REACHABLE(CONFIG_RPMB) &&
> > > + (sec_caps & OPTEE_FFA_SEC_CAP_RPMB_PROBE))
> > > + optee->in_kernel_rpmb_routing = true;
> >
> > The SEC_CAP_RPMB_PROBE flag seems to be missing in optee_os at the moment.
> > If I remove this check here, the series works for me.
>
> You're right, I missed pushing those flags to optee_os. I've pushed them now.
Thanks! Tested with optee 4.1 and your patches from
https://github.com/jenswi-linaro/optee_os/commits/rpmb_probe_v7/
in Trusted Substrate uefi firmware
( https://gitlab.com/Linaro/trustedsubstrate/meta-ts/ )
and this series and a bunch of dependencies backported to
our Trusted Reference Stack
( https://trs.readthedocs.io/en/latest/ )
6.6.29 kernel on rockpi4b (rk3399 ARM64 SoC) with secure boot and
the optee side fTPM TA device used to create an encrypted rootfs with
systemd. Kernel side RPMB routing is in use and works for the TPM use cases.
Full boot and test log (with unrelated test failures)
https://ledge.validation.linaro.org/scheduler/job/88692
root@trs-qemuarm64:~# cat /sys/class/tee/tee0/rpmb_routing_model
...
kernel
Tested-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Cheers,
-Mikko
next prev parent reply other threads:[~2024-06-11 3:02 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-27 12:13 [PATCH v7 0/4] Replay Protected Memory Block (RPMB) subsystem Jens Wiklander
2024-05-27 12:13 ` [PATCH v7 1/4] rpmb: add " Jens Wiklander
2024-05-27 12:13 ` [PATCH v7 2/4] mmc: block: register RPMB partition with the RPMB subsystem Jens Wiklander
2024-05-29 7:39 ` Linus Walleij
2024-05-27 12:13 ` [PATCH v7 3/4] tee: add tee_device_set_dev_groups() Jens Wiklander
2024-05-27 12:13 ` [PATCH v7 4/4] optee: probe RPMB device using RPMB subsystem Jens Wiklander
2024-05-27 13:00 ` Jerome Forissier
2024-05-27 13:24 ` Jens Wiklander
2024-05-28 9:30 ` Mikko Rapeli
2024-05-29 5:26 ` Sumit Garg
2024-05-29 7:09 ` Mikko Rapeli
2024-05-29 8:06 ` Sumit Garg
2024-05-29 8:18 ` Sumit Garg
2024-05-29 9:38 ` Manuel Traut
2024-05-29 14:26 ` Mikko Rapeli
2024-05-30 7:35 ` Manuel Traut
2024-05-30 8:29 ` Mikko Rapeli
2024-05-30 14:22 ` Manuel Traut
2024-05-27 14:38 ` Sumit Garg
2024-05-28 9:08 ` Jens Wiklander
2024-05-29 5:04 ` Sumit Garg
2024-06-03 9:10 ` Manuel Traut
2024-06-10 12:52 ` Jens Wiklander
2024-06-11 3:02 ` Mikko Rapeli [this message]
2024-06-11 10:43 ` Sumit Garg
2024-06-12 1:14 ` Mikko Rapeli
2024-06-12 6:56 ` Jens Wiklander
2024-05-30 14:38 ` [PATCH v7 0/4] Replay Protected Memory Block (RPMB) subsystem Manuel Traut
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zme-NMa3Bvp2h7aL@nuoska \
--to=mikko.rapeli@linaro.org \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bvanassche@acm.org \
--cc=gregkh@linuxfoundation.org \
--cc=ilias.apalodimas@linaro.org \
--cc=jens.wiklander@linaro.org \
--cc=jerome.forissier@linaro.org \
--cc=linus.walleij@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mmc@vger.kernel.org \
--cc=manut@mecka.net \
--cc=op-tee@lists.trustedfirmware.org \
--cc=rdunlap@infradead.org \
--cc=shyamsaini@linux.microsoft.com \
--cc=sumit.garg@linaro.org \
--cc=ulf.hansson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox