lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20200512105608.GA6646@jade>
Date:   Tue, 12 May 2020 12:56:09 +0200
From:   Jens Wiklander <jens.wiklander@...aro.org>
To:     Vesa Jääskeläinen 
        <vesa.jaaskelainen@...sala.com>
Cc:     op-tee@...ts.trustedfirmware.org,
        Rijo Thomas <Rijo-john.Thomas@....com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        Devaraj Rangasamy <Devaraj.Rangasamy@....com>,
        Hongbo Yao <yaohongbo@...wei.com>,
        Colin Ian King <colin.king@...onical.com>,
        linux-kernel@...r.kernel.org, tee-dev@...ts.linaro.org
Subject: Re: [PATCH v2 0/3] tee: add support for session's client UUID
 generation

On Thu, Apr 30, 2020 at 03:37:08PM +0300, Vesa Jääskeläinen wrote:
> TEE Client API defines that from user space only information needed for
> specified login operations is group identifier for group based logins.
> 
> REE kernel is expected to formulate trustworthy client UUID and pass that
> to TEE environment. REE kernel is required to verify that provided group
> identifier for group based logins matches calling processes group
> memberships.
> 
> TEE specification only defines that the information passed from REE
> environment to TEE environment is encoded into on UUID.
> 
> In order to guarantee trustworthiness of client UUID user space is not
> allowed to freely pass client UUID.
> 
> Vesa Jääskeläinen (3):
>   tee: add support for session's client UUID generation
>   tee: optee: Add support for session login client UUID generation

I'm picking up these two patches.

>   [RFC] tee: add support for app id for client UUID generation

I'm waiting with this patch until we've reached some conclusion.

Thanks,
Jens

> 
>  drivers/tee/Kconfig      |   1 +
>  drivers/tee/optee/call.c |   6 +-
>  drivers/tee/tee_core.c   | 211 +++++++++++++++++++++++++++++++++++++++
>  include/linux/tee_drv.h  |  16 +++
>  4 files changed, 233 insertions(+), 1 deletion(-)
> 
> -- 
> 2.17.1
> 
> Changes v1->v2:
> 
> * Changed goto labels to be more logical
> * Capture error if formatted string for UUIDv5 does not fit into buffer
> 
> Notes:
> 
> This patcheset has been designed so that it can be iteratively intergrated
> meaning that the application ID (RFC patch) part can be left for later when
> there is agreed solution for that.
> 
> TEE specification leaves Linux behavior undefined. It does not define any
> UUID value for name space. UUID in here is randomly generated with uuidgen
> tool.
> 
> I have also include amdtee people as this method probably should also be
> applied in there.
> 
> Using op-tee@...ts.trustedfirmware.org instead of tee-dev@...ts.linaro.org as
> latter is deprecated old list.
> 
> Original issue in OP-TEE OS tracker:
> https://github.com/OP-TEE/optee_os/issues/3642
> 
> Related reviews and demonstration for the concept:
> https://github.com/linaro-swg/linux/pull/74
> https://github.com/OP-TEE/optee_client/pull/195
> https://github.com/OP-TEE/optee_test/pull/406

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ