lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 29 Nov 2014 13:18:53 -0500
From:	Jason Cooper <jason@...edaemon.net>
To:	Javier González <javier@...igon.com>
Cc:	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, gregkh@...uxfoundation.org,
	joshc@...eaurora.org, johannes.thumshirn@....de,
	kheitke@...eaurora.org, laurent.pinchart+renesas@...asonboard.com,
	geert+renesas@...der.be, horms+renesas@...ge.net.au,
	damm@...nsource.se, tomi.valkeinen@...com, mbohan@...eaurora.org,
	michal.simek@...inx.com, pawel.moll@....com, Andrew.Thoelke@....com
Subject: Re: [RFC PATCH 0/3] Generic TrustZone Driver in Linux Kernel

Javier,

On Fri, Nov 28, 2014 at 04:03:33PM +0100, Javier González wrote:
> Hi all,
> 
> This set of patches is a first iteration to introduce a generic
> TrustZone driver to the Linux Kernel. Since there is no place to add
> drivers related to secure processors, a new subsystem for secure
> hardware in general (drivers/sechw) is also introduced. TPM is a good
> candidate to me moved here if this change is accepted.
> 
> Today, TrustZone solutions are implementation specific. In user space,
> mobile devices are normally compliant with Global Platform's API
> <http://www.globalplatform.org>. However, there is no common TrustZone
> interface for kernel space, as it exists for Trusted Computing Module
> (TPM). As a result, different TrustZone frameworks use different kernel
> loadable modules to provide the context to communicate with the Trusted
> Execution Environment leveraged by TrustZone's secure world.
> 
> Regarding use cases, TrustZone has traditionally been used for
> offloading secure tasks to the secure world. Examples include banking
> applications, Digital Rights Management (DRM), or specific secure
> solutions. As more and more frameworks enabling TrustZone appear, new
> use cases are starting to emerge: key management, encryption, integrity
> checking, etc. Extreme cases today involve running a RTOS in the secure
> world, or using the secure world toimplement usage control policies
> governing the normal world. The advent of ARMv8 will only expand this
> list.
> 
> This set of patches introduce a generic TrustZone driver for kernel
> space. The first design goal is to be flexible enough as to NOT
> introduce policy regarding the TrustZone interface. In this way, we
> introduce a session-based open/close read/write interface where
> several TrustZone drivers can potentially be used. The design is
> simple and it consist on an interface that different TrustZone drivers
> can implement to communicate with the specific frameworks.
> 
> Major TODO's:
>  * Patch has TODOs, FIXMEs and XXXs that need to be cleaned.
>  * Refactor part of Open Virtualization's driver. Some part are complex
>  * and can be simplified.
>  * Add support for different boards. At the moment only zynq-7000 ZC702
>  is supported. A sepparate patch containing the patch for ZC702 will be
>  sent sepparately - rebasing from 3.8 to 3.17 at the moment.
> 
> Development is taking place at:
> 	https://github.com/TrustZoneGenericDriver/linux-xlnx tz_driver
> At 14.5_trd_tz_driver_generic it can be found the same driver together
> with TEE support for Zynq ZC702 in 3.8
> 
> Since all testing is being done in the Xilinx ZC702 board, using
> Xilinx's Linux tree is convenient. Once the board rebasing to 3.17 is
> completed, development will move to:
> 	https://github.com/TrustZoneGenericDriver/linux
> 
> Feedback regarding the code, the interface, or its placement in
> drivers/sechw is more than welcome. The idea is to refine ths TrustZone
> driver while working on supporting more targets.

Please add me to the Cc: on future revisions.

You don't mention a mailinglist.  Is there one for this project?  Also,
TrustZone is a specious marketing name.  For those of us not actively
working with it, wtf is it in engineering terms?  Apparently it can do
virtualization w/o virtualization extensions?

Wouldn't a lot of the trustworthiness depend on the lack of
vulnerabilities in this API or other communications interfaces?  Can end
users choose to load a different binary (say, OpenVZ) than the DRM that
came with the phone?  How is that handled?  How does this fit into a
trusted boot sequence?

And as GregKH mentioned, this definitely needs some cleanup before
expecting others to spend time reviewing.  If this code is working for
your usecase, perhaps the staging tree might be a better place to
start.

thx,

Jason.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists