| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <06f8113c-8e83-411a-a4bf-bfadc2560882@linaro.org> Date: Wed, 3 Jul 2024 14:48:29 +0200 From: neil.armstrong@...aro.org To: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>, Amirreza Zarrabi <quic_azarrabi@...cinc.com> Cc: Bjorn Andersson <andersson@...nel.org>, Konrad Dybcio <konrad.dybcio@...aro.org>, Sumit Semwal <sumit.semwal@...aro.org>, Christian König <christian.koenig@....com>, srinivas.kandagatla@...aro.org, bartosz.golaszewski@...aro.org, linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org, dri-devel@...ts.freedesktop.org, linaro-mm-sig@...ts.linaro.org Subject: Re: [PATCH RFC 0/3] Implement Qualcomm TEE IPC and ioctl calls On 03/07/2024 13:36, Dmitry Baryshkov wrote: > On Tue, Jul 02, 2024 at 10:57:35PM GMT, Amirreza Zarrabi wrote: <snip> > >> >> Can we use TEE subsystem? >> ------------------------- >> There are workarounds for some of the issues above. The question is if we >> should define our own UAPI or try to use a hack-y way of fitting into >> the TEE subsystem. I am using word hack-y, as most of the workaround >> involves: >> >> - "diverging from the definition". For instance, ignoring the session >> open and close ioctl calls or use file descriptors for all remote >> resources (as, fd is the closet to capability) which undermines the >> isolation provided by the contexts, >> >> - "overloading the variables". For instance, passing object ID as file >> descriptors in a place of session ID, or >> >> - "bypass TEE subsystem". For instance, extensively rely on meta >> parameters or push everything (e.g. kernel services) to the back-end >> driver, which means leaving almost all TEE subsystem unused. Why can't you extend the TEE subsystem with those features ? >> >> We cannot take the full benefits of TEE subsystem and may need to >> implement most of the requirements in the back-end driver. Also, as >> discussed above, the UAPI is not suitable for capability-based use cases. >> We proposed a new set of ioctl calls for SMC-Invoke driver. >> >> In this series we posted three patches. We implemented a transport >> driver that provides qcom_tee_object. Any object on secure side is >> represented with an instance of qcom_tee_object and any struct exposed >> to TEE should embed an instance of qcom_tee_object. Any, support for new >> services, e.g. memory object, RPMB, userspace clients or supplicants are >> implemented independently from the driver. >> >> We have a simple memory object and a user driver that uses >> qcom_tee_object. > > Could you please point out any user for the uAPI? I'd like to understand > how does it from from the userspace point of view. <snip>
Powered by blists - more mailing lists