| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5B8DA87D05A7694D9FA63FD143655C1B542EB180@hasmsx108.ger.corp.intel.com>
Date: Mon, 19 Sep 2016 12:17:48 +0000
From: "Winkler, Tomas" <tomas.winkler@...el.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Ulf Hansson <ulf.hansson@...aro.org>,
"Hunter, Adrian" <adrian.hunter@...el.com>,
"James Bottomley" <James.Bottomley@...senPartnership.com>,
"Martin K . Petersen" <martin.petersen@...cle.com>,
Vinayak Holikatti <vinholikatti@...il.com>,
Andy Lutomirski <luto@...nel.org>,
Arve Hj?nnev?g <arve@...roid.com>,
"Michael Ryleev" <gmar@...gle.com>,
Joao Pinto <Joao.Pinto@...opsys.com>,
"Christoph Hellwig" <hch@....de>,
Yaniv Gardi <ygardi@...eaurora.org>
CC: Avri Altman <avri.altman@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-mmc@...r.kernel.org" <linux-mmc@...r.kernel.org>,
"linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>
Subject: RE: [PATCH v6 0/9] Replay Protected Memory Block (RPMB) subsystem
\
> Subject: [PATCH v6 0/9] Replay Protected Memory Block (RPMB) subsystem
>
>
> Few storage technologies such is EMMC, UFS, and NVMe support RPMB
> hardware partition with common protocol and frame layout.
> The RPMB partition cannot be accessed via standard block layer, but by a set
> of specific commands: WRITE, READ, GET_WRITE_COUNTER, and
> PROGRAM_KEY.
> Such a partition provides authenticated and replay protected access, hence
> suitable as a secure storage.
>
> The RPMB layer aims to provide in-kernel API for Trusted Execution
> Environment (TEE) devices that are capable to securely compute block frame
> signature. In case a TEE device wish to store a replay protected data, it
> creates an RPMB frame with requested data and computes HMAC of the
> frame, then it requests the storage device via RPMB layer to store the data.
>
> The layer provides two APIs, for rpmb_req_cmd() for issuing one of RPMB
> specific commands and rpmb_seq_cmd() for issuing of raw RPMB protocol
> frames, which is close to the functionality provided by emmc multi ioctl
> interface.
>
> A TEE driver can claim the RPMB interface, for example, via
> class_interface_register ().
>
> A storage device registers its RPMB hardware (eMMC) partition or RPMB W-
> LUN (UFS) with the RPMB layer providing an implementation for
> rpmb_seq_cmd() handler. The interface enables sending sequence of RPMB
> standard frames.
>
> A parallel user space API is provided via /dev/rpmbX character device with
> two IOCTL commands.
> Simplified one, RPMB_IOC_REQ_CMD, were read result cycles is performed
> by the framework on behalf the user and second, RPMB_IOC_SEQ_CMD
> where the whole RPMB sequence, including RESULT_READ is supplied by the
> caller.
> The latter is intended for easier adjusting of the applications that use
> MMC_IOC_MULTI_CMD ioctl, such as
> https://android.googlesource.com/trusty/app/storage/
>
> There is a also sample tool under tools/rpmb/ directory that exercises these
> interfaces and a simulation device that implements the device part.
>
> The code is also available from:
>
> https://github.com/tomasbw/linux-mei.git rpmb
>
Greg, can you please check if this series has addressed all your comments.
Are there are any more items that preventing it from merging?
Thanks
Tomas
Powered by blists - more mailing lists