| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251008145854.68510-1-beanhuo@iokpp.de>
Date: Wed, 8 Oct 2025 16:58:51 +0200
From: Bean Huo <beanhuo@...pp.de>
To: avri.altman@....com,
avri.altman@...disk.com,
bvanassche@....org,
alim.akhtar@...sung.com,
jejb@...ux.ibm.com,
martin.petersen@...cle.com,
can.guo@....qualcomm.com,
ulf.hansson@...aro.org,
beanhuo@...ron.com,
jens.wiklander@...aro.org
Cc: linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v3 0/3] Add OP-TEE based RPMB driver for UFS devices
From: Bean Huo <beanhuo@...ron.com>
This patch series introduces OP-TEE based RPMB (Replay Protected Memory Block)
support for UFS devices, extending the kernel-level secure storage capabilities
that are currently available for eMMC devices.
Previously, OP-TEE required a userspace supplicant to access RPMB partitions,
which created complex dependencies and reliability issues, especially during
early boot scenarios. Recent work by Linaro has moved core supplicant
functionality directly into the Linux kernel for eMMC devices, eliminating
userspace dependencies and enabling immediate secure storage access. This series
extends the same approach to UFS devices, which are used in enterprise and mobile
applications that require secure storage capabilities.
Benefits:
- Eliminates dependency on userspace supplicant for UFS RPMB access
- Enables early boot secure storage access (e.g., fTPM, secure UEFI variables)
- Provides kernel-level RPMB access as soon as UFS driver is initialized
- Removes complex initramfs dependencies and boot ordering requirements
- Ensures reliable and deterministic secure storage operations
- Supports both built-in and modular fTPM configurations.
v2 -- v3:
1. Removed patch "rpmb: move rpmb_frame struct and constants to common header". since it
has been queued in mmc tree, and add anew patch:
"scsi: ufs: core: Remove duplicate macro definitions"
2. Incorporated suggestions from Jens
3. Added check if Advanced RPMB is enabled, if enabled we will not register UFS OP-TEE RPMB.
v1 -- v2:
1. Added fix tag for patch [2/3]
2. Incorporated feedback and suggestions from Bart
RFC v1 -- v1:
1. Added support for all UFS RPMB regions based on https://github.com/OP-TEE/optee_os/issues/7532
2. Incorporated feedback and suggestions from Bart
Bean Huo (3):
scsi: ufs: core: Remove duplicate macro definitions
scsi: ufs: core: fix incorrect buffer duplication in
ufshcd_read_string_desc()
scsi: ufs: core: Add OP-TEE based RPMB driver for UFS devices
drivers/misc/Kconfig | 2 +-
drivers/ufs/core/Makefile | 1 +
drivers/ufs/core/ufs-rpmb.c | 249 +++++++++++++++++++++++++++++++++
drivers/ufs/core/ufshcd-priv.h | 16 ++-
drivers/ufs/core/ufshcd.c | 32 ++++-
include/ufs/ufs.h | 4 +
include/ufs/ufshcd.h | 8 +-
7 files changed, 301 insertions(+), 11 deletions(-)
create mode 100644 drivers/ufs/core/ufs-rpmb.c
--
2.34.1
Powered by blists - more mailing lists