lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230127184650.756795-1-luzmaximilian@gmail.com>
Date:   Fri, 27 Jan 2023 19:46:46 +0100
From:   Maximilian Luz <luzmaximilian@...il.com>
To:     Bjorn Andersson <andersson@...nel.org>
Cc:     Maximilian Luz <luzmaximilian@...il.com>,
        Andy Gross <agross@...nel.org>,
        Konrad Dybcio <konrad.dybcio@...aro.org>,
        Ard Biesheuvel <ardb@...nel.org>,
        Rob Herring <robh+dt@...nel.org>,
        Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>,
        Johan Hovold <johan@...nel.org>,
        Sudeep Holla <sudeep.holla@....com>,
        Ilias Apalodimas <ilias.apalodimas@...aro.org>,
        Srinivas Kandagatla <srinivas.kandagatla@...aro.org>,
        Sumit Garg <sumit.garg@...aro.org>,
        Steev Klimaszewski <steev@...i.org>,
        linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH v2 0/4] firmware: Add support for Qualcomm UEFI Secure Application

This series adds basic support for the QSEECOM interface used to
communicate with secure applications running in the TrustZone on certain
Qualcomm devices. In addition to that, it also provides a driver for
"uefisecapp", the secure application managing access to UEFI variables
on such platforms.

For a more detailed description, see the blurb of v1, which can be found
at https://lore.kernel.org/lkml/20220723224949.1089973-1-luzmaximilian@gmail.com/.


This series depends on the following series:

 - "efi: efivars: drop kobject from efivars_register()"
   (https://lore.kernel.org/lkml/20230117124310.16594-1-johan+linaro@kernel.org/)

 - "efi: verify that variable services are supported"
   (https://lore.kernel.org/lkml/20230119164255.28091-1-johan+linaro@kernel.org/)

   with subsequent fix

   "efivarfs: fix NULL-deref on mount when no efivars"
   (https://lore.kernel.org/lkml/20230126112129.4602-1-johan+linaro@kernel.org/)

which have all been included in the "next" branch of

  https://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git


Changes in v2:

 - Bind the qseecom interface to a device.

 - Establish a device link between the new qseecom device and the SCM
   device to ensure proper PM and remove ordering.

 - Remove the compatible for uefisecapp. Instead, introduce a compatible
   for the qseecom device. This directly reflects ACPI tables and the
   QCOM0476 device described therein, which is responsible for the
   secure app / qseecom interface (i.e., the same purpose).

   Client devices representing apps handled by the kernel (such as
   uefisecapp) are now directly instantiated by the qseecom driver,
   based on the respective platform-specific compatible.

 - Rename the base name (qctree -> qseecom) to allow differentiation
   between old (qseecom) and new (smcinvoke) interfaces to the trusted
   execution environment. This directly reflects downstream naming by
   Qualcomm.


Maximilian Luz (4):
  firmware: qcom_scm: Export SCM call functions
  firmware: Add support for Qualcomm Secure Execution Environment SCM
    interface
  dt-bindings: firmware: Add Qualcomm QSEECOM interface
  firmware: Add support for Qualcomm UEFI Secure Application

 .../bindings/firmware/qcom,qseecom.yaml       |  49 ++
 MAINTAINERS                                   |  14 +
 drivers/firmware/Kconfig                      |  31 +
 drivers/firmware/Makefile                     |   2 +
 drivers/firmware/qcom_qseecom.c               | 323 ++++++++
 drivers/firmware/qcom_qseecom_uefisecapp.c    | 746 ++++++++++++++++++
 drivers/firmware/qcom_scm.c                   | 118 ++-
 drivers/firmware/qcom_scm.h                   |  47 --
 include/linux/qcom_qseecom.h                  | 190 +++++
 include/linux/qcom_scm.h                      |  49 ++
 10 files changed, 1483 insertions(+), 86 deletions(-)
 create mode 100644 Documentation/devicetree/bindings/firmware/qcom,qseecom.yaml
 create mode 100644 drivers/firmware/qcom_qseecom.c
 create mode 100644 drivers/firmware/qcom_qseecom_uefisecapp.c
 create mode 100644 include/linux/qcom_qseecom.h

-- 
2.39.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ