| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250915214614.179313-1-beanhuo@iokpp.de> Date: Mon, 15 Sep 2025 23:46:12 +0200 From: Bean Huo <beanhuo@...pp.de> To: avri.altman@....com, bvanassche@....org, alim.akhtar@...sung.com, jejb@...ux.ibm.com, martin.petersen@...cle.com, can.guo@....qualcomm.com, ulf.hansson@...aro.org, jens.wiklander@...aro.org Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org, mikebi@...ron.com, lporzio@...ron.com, Bean Huo <beanhuo@...pp.de> Subject: [RFC PATCH v1 0/2] Add OP-TEE based RPMB driver for UFS devices This patch series introduces OP-TEE based RPMB (Replay Protected Memory Block) support for UFS devices, extending the kernel-level secure storage capabilities that are currently available for eMMC devices. Background: Previously, OP-TEE required a userspace supplicant to access RPMB partitions, which created complex dependencies and reliability issues, especially during early boot scenarios. Recent work by Linaro has moved core supplicant functionality directly into the Linux kernel for eMMC devices, eliminating userspace dependencies and enabling immediate secure storage access. This series extends that same approach to UFS devices, which are becoming increasingly common in enterprise and mobile applications that require secure storage capabilities. Benefits: - Eliminates dependency on userspace supplicant for UFS RPMB access - Enables early boot secure storage access (e.g., fTPM, secure UEFI variables) - Provides kernel-level RPMB access as soon as UFS driver is initialized - Removes complex initramfs dependencies and boot ordering requirements - Ensures reliable and deterministic secure storage operations - Supports both built-in and modular fTPM configurations The implementation follows the same pattern as the existing eMMC RPMB driver and currently supports RPMB region0 only. Support for additional UFS RPMB regions will be added in future versions after updating optee core structure. Bean Huo (2): rpmb: move rpmb_frame struct and constants to common header scsi: ufs: core: Add OP-TEE based RPMB driver for UFS devices drivers/misc/Kconfig | 2 +- drivers/mmc/core/block.c | 42 -------- drivers/ufs/core/Makefile | 1 + drivers/ufs/core/ufs-rpmb.c | 174 +++++++++++++++++++++++++++++++++ drivers/ufs/core/ufshcd-priv.h | 13 +++ drivers/ufs/core/ufshcd.c | 34 +++++-- include/linux/rpmb.h | 42 ++++++++ include/ufs/ufs.h | 4 + include/ufs/ufshcd.h | 1 + 9 files changed, 264 insertions(+), 49 deletions(-) create mode 100644 drivers/ufs/core/ufs-rpmb.c -- 2.34.1
Powered by blists - more mailing lists