[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <65d010fa-c801-eb4f-352f-8bfb52a67c85@siemens.com>
Date: Thu, 22 Jun 2023 20:32:44 +0200
From: Jan Kiszka <jan.kiszka@...mens.com>
To: Ilias Apalodimas <ilias.apalodimas@...aro.org>
Cc: Masahisa Kojima <masahisa.kojima@...aro.org>,
Ard Biesheuvel <ardb@...nel.org>,
Jens Wiklander <jens.wiklander@...aro.org>,
Sumit Garg <sumit.garg@...aro.org>,
linux-kernel@...r.kernel.org, op-tee@...ts.trustedfirmware.org,
Johan Hovold <johan+linaro@...nel.org>
Subject: Re: [PATCH v6 0/4] introduce tee-based EFI Runtime Variable Service
On 22.06.23 17:04, Ilias Apalodimas wrote:
> Hi Jan,
>
> On Thu, 22 Jun 2023 at 17:56, Jan Kiszka <jan.kiszka@...mens.com> wrote:
>>
>> On 22.06.23 10:51, Masahisa Kojima wrote:
>>> This series introduces the tee based EFI Runtime Variable Service.
>>>
>>> The eMMC device is typically owned by the non-secure world(linux in
>>> this case). There is an existing solution utilizing eMMC RPMB partition
>>> for EFI Variables, it is implemented by interacting with
>>> OP-TEE, StandaloneMM(as EFI Variable Service Pseudo TA), eMMC driver
>>> and tee-supplicant. The last piece is the tee-based variable access
>>> driver to interact with OP-TEE and StandaloneMM.
>>>
>>> Changelog:
>>> v5 -> v6
>>> - new patch #4 is added in this series, #1-#3 patches are unchanged.
>>> automatically update super block flag when the efivarops support
>>> SetVariable runtime service, so that user does not need to manually
>>> remount the efivarfs as RW.
>>
>> But that is not yet resolving the architectural problem with that
>> userspace daemon dependency. What are the next steps for that now?
>
> We are trying to find some cycles to work on that, however, I don't
> have a time estimate on that. But the question is different here.
> Since this addresses the problems distros have wrt to SetVariableRT
> (even for a limited set of platforms) are we ok pulling this in? I
> can't think of a technical reason we shouldn't. The supplicant
> limitations are known and the firrmwareTPM has a similar set of
> problems.
It will not change we have to do on the distro side because we have to
deal not only with the startup issue and StMM but also with fTPM and
with shutdown. Only an in-kernel supplicant for RPMB would resolve that
according to my understanding.
But the question is fair if we can evolve from this stage here to an
in-kernel approach without causing breakages or other headache to
distros adopting it (too early). That's why I asked for the roadmap.
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
Powered by blists - more mailing lists