lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 29 Jul 2022 17:11:04 +0200
From:   Maximilian Luz <luzmaximilian@...il.com>
To:     Sudeep Holla <sudeep.holla@....com>
Cc:     Ilias Apalodimas <ilias.apalodimas@...aro.org>,
        Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
        Andy Gross <agross@...nel.org>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Ard Biesheuvel <ardb@...nel.org>,
        Konrad Dybcio <konrad.dybcio@...ainline.org>,
        Rob Herring <robh+dt@...nel.org>,
        Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>,
        Steev Klimaszewski <steev@...i.org>,
        Shawn Guo <shawn.guo@...aro.org>,
        Cristian Marussi <cristian.marussi@....com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-arm-msm@...r.kernel.org, linux-efi@...r.kernel.org,
        devicetree@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4/4] dt-bindings: firmware: Add Qualcomm UEFI Secure
 Application client

On 7/29/22 10:52, Sudeep Holla wrote:
> On Thu, Jul 28, 2022 at 07:27:19PM +0200, Maximilian Luz wrote:
> 
> [...]
> 
>> My current suggestion (already sent to Sudeep earlier) is (roughly)
>> this: Add one compatible for the TrEE / TrustZone interface.
> 
> Still I don't understand why you need extra compatible if you know
> this laptop(with a unique compatible to identify it) always runs this
> TrEE interface.

First of all, to recap: I suggest adding a device and driver for the TrEE
interface, with a compatible for that. That then (based on platform)
instantiates devices and drivers for the applications running in TrEE. The
compatible I'm talking about is for that general TrEE interface. Not any
specific application.

a) Because this better reflects the ACPI tables on those devices. As I've said,
    there is a HID specifically for the TrEE interface. You were concerned
    earlier that we should try to add support for that, and now you want to
    create a purely artificial divide between ACPI and DT? Ideally, we can have
    the driver load via both the DT compatible and the ACPI HID depending on
    whether we use one or the other without many other changes.

    Would you equally suggest that we not load the driver by its ACPI HID and
    instead do DMI matching?

b) Qualcomm also has a DT compatible for this (qcom,qseecom), see e.g. [1].
    Note: they seem to have changed the name from Secure Execution Environment
    to Trusted Execution Environment, at least in their Windows driver. This is
    why I used "tee" instead of "see" (also their naming of things is somewhat
    confusing and seems to change randomly). Fundamentally, this is the same
    interface (they just implement a lot more things in their driver, the couple
    of functions I proposed here handle the absolute minimum required for
    uefisecapp, it can always be extended later when needed).

c) Given their naming of the DT compatible, this interface itself is pretty
    much guaranteed to be stable. It's definitely not going away with some
    firmware update. So your earlier concerns about having to update the DT in
    case of firmware changes do simply not apply here. It is a core component of
    these platforms. As far as I can see, your "let's load the TrEE driver via
    the platform compatible" suggestion is now exactly the same as a "let's load
    some PCIe controller via the platform/SoC compatible". It's an interface
    that is either present or not present, depending on the device. We're not
    encoding any firmware specifics (ie. what's running inside the TrEE) in the
    DT, we just say that it's there (the rest is decided by the driver, e.g. via
    platform compatibles or DMI matching).

d) By specifying it in the DT, we can properly link it up via a phandle to the
    SCM and properly model the supplier/client relation between them. While we
    can't do that with ACPI, I think it's still a good idea to handle this
    properly in times we can.

Regards,
Max

[1]: https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/blob/auto-kernel.lnx.4.14.c34/drivers/misc/qseecom.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ