| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251008201920.89575-1-beanhuo@iokpp.de>
Date: Wed, 8 Oct 2025 22:19:17 +0200
From: Bean Huo <beanhuo@...pp.de>
To: avri.altman@....com,
avri.altman@...disk.com,
bvanassche@....org,
alim.akhtar@...sung.com,
jejb@...ux.ibm.com,
martin.petersen@...cle.com,
can.guo@....qualcomm.com,
ulf.hansson@...aro.org,
beanhuo@...ron.com,
jens.wiklander@...aro.org
Cc: linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org,
Bean Huo <beanhuo@...pp.de>
Subject: [PATCH v4 0/3] Add OP-TEE based RPMB driver for UFS devices
This patch series introduces OP-TEE based RPMB (Replay Protected Memory Block)
support for UFS devices, extending the kernel-level secure storage capabilities
that are currently available for eMMC devices.
Previously, OP-TEE required a userspace supplicant to access RPMB partitions,
which created complex dependencies and reliability issues, especially during
early boot scenarios. Recent work by Linaro has moved core supplicant
functionality directly into the Linux kernel for eMMC devices, eliminating
userspace dependencies and enabling immediate secure storage access. This series
extends the same approach to UFS devices, which are used in enterprise and mobile
applications that require secure storage capabilities.
Benefits:
- Eliminates dependency on userspace supplicant for UFS RPMB access
- Enables early boot secure storage access (e.g., fTPM, secure UEFI variables)
- Provides kernel-level RPMB access as soon as UFS driver is initialized
- Removes complex initramfs dependencies and boot ordering requirements
- Ensures reliable and deterministic secure storage operations
- Supports both built-in and modular fTPM configurations.
v3 -- v4:
1. Replaced patch "scsi: ufs: core: Remove duplicate macro definitions" with
"scsi: ufs: core: Convert string descriptor format macros to enum" based on
feedback from Bart Van Assche
2. Converted SD_ASCII_STD and SD_RAW from boolean macros to enum type for
improved code readability
3. Moved ufshcd_read_string_desc() declaration from include/ufs/ufshcd.h to
drivers/ufs/core/ufshcd-priv.h since it's not exported
v2 -- v3:
1. Removed patch "rpmb: move rpmb_frame struct and constants to common header". since it
has been queued in mmc tree, and added a new patch:
"scsi: ufs: core: Remove duplicate macro definitions"
2. Incorporated suggestions from Jens
3. Added check if Advanced RPMB is enabled, if enabled we will not register UFS OP-TEE RPMB.
v1 -- v2:
1. Added fix tag for patch [2/3]
2. Incorporated feedback and suggestions from Bart
RFC v1 -- v1:
1. Added support for all UFS RPMB regions based on https://github.com/OP-TEE/optee_os/issues/7532
2. Incorporated feedback and suggestions from Bart
Bean Huo (3):
scsi: ufs: core: Convert string descriptor format macros to enum
scsi: ufs: core: fix incorrect buffer duplication in
ufshcd_read_string_desc()
scsi: ufs: core: Add OP-TEE based RPMB driver for UFS devices
drivers/misc/Kconfig | 2 +-
drivers/ufs/core/Makefile | 1 +
drivers/ufs/core/ufs-rpmb.c | 249 +++++++++++++++++++++++++++++++++
drivers/ufs/core/ufshcd-priv.h | 27 +++-
drivers/ufs/core/ufshcd.c | 40 ++++--
include/ufs/ufs.h | 4 +
include/ufs/ufshcd.h | 12 +-
7 files changed, 314 insertions(+), 21 deletions(-)
create mode 100644 drivers/ufs/core/ufs-rpmb.c
--
2.34.1
Powered by blists - more mailing lists