lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 8 Nov 2022 19:09:17 +0000
From:   Avri Altman <Avri.Altman@....com>
To:     Bean Huo <beanhuo@...pp.de>,
        "alim.akhtar@...sung.com" <alim.akhtar@...sung.com>,
        "jejb@...ux.ibm.com" <jejb@...ux.ibm.com>,
        "martin.petersen@...cle.com" <martin.petersen@...cle.com>,
        "stanley.chu@...iatek.com" <stanley.chu@...iatek.com>,
        "beanhuo@...ron.com" <beanhuo@...ron.com>,
        "bvanassche@....org" <bvanassche@....org>,
        "tomas.winkler@...el.com" <tomas.winkler@...el.com>,
        "daejun7.park@...sung.com" <daejun7.park@...sung.com>,
        "quic_cang@...cinc.com" <quic_cang@...cinc.com>,
        "quic_nguyenb@...cinc.com" <quic_nguyenb@...cinc.com>,
        "quic_xiaosenh@...cinc.com" <quic_xiaosenh@...cinc.com>,
        "quic_richardp@...cinc.com" <quic_richardp@...cinc.com>,
        "quic_asutoshd@...cinc.com" <quic_asutoshd@...cinc.com>,
        "hare@...e.de" <hare@...e.de>
CC:     "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [RFC PATCH v1 2/2] ufs: core: Add advanced RPMB support in
 ufs_bsg

> 
> Add advanced RPMB support in ufs_bsg. For these reasons, we try to
> implement Advanced RPMB in ufs_bsg:
> 
> 1. According to the UFS specification, only one RPMB operation can be
> performed at any time. We can ensure this by using reserved slot and its
> dev_cmd sync operation protection mechanism.
Regardless of its technical convenience, this approach unfortunately breaks the spec.
The spec say (please note the line numbers):
".....
5197 12.4.5.1 Advanced RPMB Message
5198 An Advanced RPMB Message is composed of an Advanced RPMB Meta Information and a MAC/KEY in
5199 the EHS field in *COMMAND UPIU* and *RESPONSE UPIU*. Advanced RPMB Data is delivered through
....."
Moreover, in the examples that are provided, it is still expected to be carried via SECURITY PROTOCOL IN and SECURITY PROTOCOL OUT,
See e.g. Figure 12.15 — Authenticated Data Write Flow (in Advanced RPMB Mode).

Therefore, wrapping the rpmb packets in a query-request upiu and query-response upiu is not allowed.

Still, I agree that the approach you suggested, namely to rely on the ufs-bsg driver, is the cleanest way to handle the advance rpmb access.
However, IMHO, you need to do it is by adding command UPIU to the ufs-bsg driver.

Thanks,
Avri

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ