| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 May 2020 14:50:42 +0530
From: Sumit Garg <sumit.garg@...aro.org>
To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
Mimi Zohar <zohar@...ux.ibm.com>,
James Bottomley <jejb@...ux.ibm.com>
Cc: dhowells@...hat.com, Jens Wiklander <jens.wiklander@...aro.org>,
Jonathan Corbet <corbet@....net>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Casey Schaufler <casey@...aufler-ca.com>,
Janne Karhunen <janne.karhunen@...il.com>,
Daniel Thompson <daniel.thompson@...aro.org>,
Markus Wamser <Markus.Wamser@...ed-mode.de>,
"open list:ASYMMETRIC KEYS" <keyrings@...r.kernel.org>,
linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
Linux Doc Mailing List <linux-doc@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
op-tee@...ts.trustedfirmware.org,
"tee-dev @ lists . linaro . org" <tee-dev@...ts.linaro.org>
Subject: Re: [PATCH v4 0/4] Introduce TEE based Trusted Keys support
On Wed, 6 May 2020 at 15:10, Sumit Garg <sumit.garg@...aro.org> wrote:
>
> Add support for TEE based trusted keys where TEE provides the functionality
> to seal and unseal trusted keys using hardware unique key. Also, this is
> an alternative in case platform doesn't possess a TPM device.
>
> This patch-set has been tested with OP-TEE based early TA which can be
> found here [1].
>
> [1] https://github.com/OP-TEE/optee_os/pull/3838
Fyi, this PR has been merged in OP-TEE OS as commit [1]. Looking
forward to any further comments/feedback on this patch-set.
[1] https://github.com/OP-TEE/optee_os/commit/f86ab8e7e0de869dfa25ca05a37ee070d7e5b86b
-Sumit
>
> Changes in v4:
> 1. Pushed independent TEE features separately:
> - Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062
> 2. Updated trusted-encrypted doc with TEE as a new trust source.
> 3. Rebased onto latest tpmdd/master.
>
> Changes in v3:
> 1. Update patch #2 to support registration of multiple kernel pages.
> 2. Incoporate dependency patch #4 in this patch-set:
> https://patchwork.kernel.org/patch/11091435/
>
> Changes in v2:
> 1. Add reviewed-by tags for patch #1 and #2.
> 2. Incorporate comments from Jens for patch #3.
> 3. Switch to use generic trusted keys framework.
>
> Sumit Garg (4):
> KEYS: trusted: Add generic trusted keys framework
> KEYS: trusted: Introduce TEE based Trusted Keys
> doc: trusted-encrypted: updates with TEE as a new trust source
> MAINTAINERS: Add entry for TEE based Trusted Keys
>
> Documentation/security/keys/trusted-encrypted.rst | 203 ++++++++++---
> MAINTAINERS | 8 +
> include/keys/trusted-type.h | 48 ++++
> include/keys/trusted_tee.h | 66 +++++
> include/keys/trusted_tpm.h | 15 -
> security/keys/Kconfig | 3 +
> security/keys/trusted-keys/Makefile | 2 +
> security/keys/trusted-keys/trusted_common.c | 336 ++++++++++++++++++++++
> security/keys/trusted-keys/trusted_tee.c | 282 ++++++++++++++++++
> security/keys/trusted-keys/trusted_tpm1.c | 335 ++++-----------------
> 10 files changed, 974 insertions(+), 324 deletions(-)
> create mode 100644 include/keys/trusted_tee.h
> create mode 100644 security/keys/trusted-keys/trusted_common.c
> create mode 100644 security/keys/trusted-keys/trusted_tee.c
>
> --
> 2.7.4
>
Powered by blists - more mailing lists