[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20200512105608.GA6646@jade>
Date: Tue, 12 May 2020 12:56:09 +0200
From: Jens Wiklander <jens.wiklander@...aro.org>
To: Vesa Jääskeläinen
<vesa.jaaskelainen@...sala.com>
Cc: op-tee@...ts.trustedfirmware.org,
Rijo Thomas <Rijo-john.Thomas@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Dan Carpenter <dan.carpenter@...cle.com>,
Devaraj Rangasamy <Devaraj.Rangasamy@....com>,
Hongbo Yao <yaohongbo@...wei.com>,
Colin Ian King <colin.king@...onical.com>,
linux-kernel@...r.kernel.org, tee-dev@...ts.linaro.org
Subject: Re: [PATCH v2 0/3] tee: add support for session's client UUID
generation
On Thu, Apr 30, 2020 at 03:37:08PM +0300, Vesa Jääskeläinen wrote:
> TEE Client API defines that from user space only information needed for
> specified login operations is group identifier for group based logins.
>
> REE kernel is expected to formulate trustworthy client UUID and pass that
> to TEE environment. REE kernel is required to verify that provided group
> identifier for group based logins matches calling processes group
> memberships.
>
> TEE specification only defines that the information passed from REE
> environment to TEE environment is encoded into on UUID.
>
> In order to guarantee trustworthiness of client UUID user space is not
> allowed to freely pass client UUID.
>
> Vesa Jääskeläinen (3):
> tee: add support for session's client UUID generation
> tee: optee: Add support for session login client UUID generation
I'm picking up these two patches.
> [RFC] tee: add support for app id for client UUID generation
I'm waiting with this patch until we've reached some conclusion.
Thanks,
Jens
>
> drivers/tee/Kconfig | 1 +
> drivers/tee/optee/call.c | 6 +-
> drivers/tee/tee_core.c | 211 +++++++++++++++++++++++++++++++++++++++
> include/linux/tee_drv.h | 16 +++
> 4 files changed, 233 insertions(+), 1 deletion(-)
>
> --
> 2.17.1
>
> Changes v1->v2:
>
> * Changed goto labels to be more logical
> * Capture error if formatted string for UUIDv5 does not fit into buffer
>
> Notes:
>
> This patcheset has been designed so that it can be iteratively intergrated
> meaning that the application ID (RFC patch) part can be left for later when
> there is agreed solution for that.
>
> TEE specification leaves Linux behavior undefined. It does not define any
> UUID value for name space. UUID in here is randomly generated with uuidgen
> tool.
>
> I have also include amdtee people as this method probably should also be
> applied in there.
>
> Using op-tee@...ts.trustedfirmware.org instead of tee-dev@...ts.linaro.org as
> latter is deprecated old list.
>
> Original issue in OP-TEE OS tracker:
> https://github.com/OP-TEE/optee_os/issues/3642
>
> Related reviews and demonstration for the concept:
> https://github.com/linaro-swg/linux/pull/74
> https://github.com/OP-TEE/optee_client/pull/195
> https://github.com/OP-TEE/optee_test/pull/406
Powered by blists - more mailing lists