lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Feb 2024 17:56:41 +0100
From: Balint Dobszay <balint.dobszay@....com>
To: Randy Dunlap <rdunlap@...radead.org>
Cc: op-tee@...ts.trustedfirmware.org, linux-doc@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
 jens.wiklander@...aro.org, sumit.garg@...aro.org, corbet@....net,
 sudeep.holla@....com, gyorgy.szing@....com
Subject: Re: [PATCH 3/3] Documentation: tee: Add TS-TEE driver

Hi Randy,

On 13 Feb 2024, at 22:44, Randy Dunlap wrote:

> Hi--
>
> On 2/13/24 06:52, Balint Dobszay wrote:
>> Add documentation for the Trusted Services TEE driver.
>>
>> Signed-off-by: Balint Dobszay <balint.dobszay@....com>
>> ---
>>  Documentation/tee/index.rst  |  1 +
>>  Documentation/tee/ts-tee.rst | 70 ++++++++++++++++++++++++++++++++++++
>>  2 files changed, 71 insertions(+)
>>  create mode 100644 Documentation/tee/ts-tee.rst
>>
>
>> diff --git a/Documentation/tee/ts-tee.rst b/Documentation/tee/ts-tee.rst
>> new file mode 100644
>> index 000000000000..e121ebbbfab7
>> --- /dev/null
>> +++ b/Documentation/tee/ts-tee.rst
>> @@ -0,0 +1,70 @@
>> +.. SPDX-License-Identifier: GPL-2.0
>> +
>> +=================================
>> +TS-TEE (Trusted Services project)
>> +=================================
>> +
>> +This driver provides access to secure services implemented by Trusted Services.
>> +
>> +Trusted Services [1] is a TrustedFirmware.org project that provides a framework
>> +for developing and deploying device Root of Trust services in FF-A [2] S-EL0
>> +Secure Partitions. The project hosts the reference implementation of the Arm
>> +Platform Security Architecture [3] for Arm A-profile devices.
>> +
>> +The FF-A Secure Partitions (SP) are accessible through the FF-A driver [4] which
>> +provides the low level communication for this driver. On top of that the Trusted
>> +Services RPC protocol is used [5]. To use the driver from user space a reference
>> +implementation is provided at [6], which is part of the Trusted Services client
>> +library called libts [7].
>> +
>
> Fix run-on sentences:
>
>> +All Trusted Services (TS) SPs have the same FF-A UUID, it identifies the TS RPC
>
>                                                     UUID. It
> or
>                                                     UUIT; it
>
>> +protocol. A TS SP can host one or more services (e.g. PSA Crypto, PSA ITS, etc).
>> +A service is identified by its service UUID, the same type of service cannot be
>
>                                           UUID;
>
>> +present twice in the same SP. During SP boot each service in the SP is assigned
>> +an "interface ID", this is just a short ID to simplify message addressing.
>
>       "interface ID." This
>
>> +
>> +The generic TEE design is to share memory at once with the TEE implementation,
>> +which can then be reused to communicate with multiple TAs. However, in case of
>
> "TA" is not defined.
>
>> +FF-A, memory sharing works on an endpoint level, i.e. memory is shared with a
>> +specific SP. User space has to be able to separately share memory with each SP
>> +based on its endpoint ID, therefore a separate TEE device is registered for each
>
>                          ID; therefore
>
>> +discovered TS SP. Opening the SP corresponds to opening the TEE device and
>> +creating a TEE context. A TS SP hosts one or more services, opening a service
>
>                                                      services. Opening

Thanks for the comments, I'll address them in the next version.

Regards,
Balint

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ