| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251021124254.1120214-1-beanhuo@iokpp.de>
Date: Tue, 21 Oct 2025 14:42:51 +0200
From: Bean Huo <beanhuo@...pp.de>
To: avri.altman@....com,
avri.altman@...disk.com,
bvanassche@....org,
alim.akhtar@...sung.com,
jejb@...ux.ibm.com,
martin.petersen@...cle.com,
can.guo@....qualcomm.com,
ulf.hansson@...aro.org,
beanhuo@...ron.com,
jens.wiklander@...aro.org
Cc: linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org,
Bean Huo <beanhuo@...pp.de>
Subject: [PATCH v5 0/3] Add OP-TEE based RPMB driver for UFS devices
This patch series introduces OP-TEE based RPMB (Replay Protected Memory Block)
support for UFS devices, extending the kernel-level secure storage capabilities
that are currently available for eMMC devices.
Previously, OP-TEE required a userspace supplicant to access RPMB partitions,
which created complex dependencies and reliability issues, especially during
early boot scenarios. Recent work by Linaro has moved core supplicant
functionality directly into the Linux kernel for eMMC devices, eliminating
userspace dependencies and enabling immediate secure storage access. This series
extends the same approach to UFS devices, which are used in enterprise and mobile
applications that require secure storage capabilities.
Benefits:
- Eliminates dependency on userspace supplicant for UFS RPMB access
- Enables early boot secure storage access (e.g., fTPM, secure UEFI variables)
- Provides kernel-level RPMB access as soon as UFS driver is initialized
- Removes complex initramfs dependencies and boot ordering requirements
- Ensures reliable and deterministic secure storage operations
- Supports both built-in and modular fTPM configurations.
v4 -- v5:
1. Added helper function ufshcd_create_device_id() to generate unique device
identifier by combining manufacturer ID, specification version, model name,
serial number (as hex), device version, and manufacture date.
2. Added device_id field to struct ufs_dev_info for storing allocated unique device
identifier string.
3. Modified UFS RPMB driver to use device_id instead of just serial_number for creating
unique RPMB device identifiers
v3 -- v4:
1. Replaced patch "scsi: ufs: core: Remove duplicate macro definitions" with
"scsi: ufs: core: Convert string descriptor format macros to enum" based on
feedback from Bart Van Assche
2. Converted SD_ASCII_STD and SD_RAW from boolean macros to enum type for
improved code readability
3. Moved ufshcd_read_string_desc() declaration from include/ufs/ufshcd.h to
drivers/ufs/core/ufshcd-priv.h since it's not exported
v2 -- v3:
1. Removed patch "rpmb: move rpmb_frame struct and constants to common header". since it
has been queued in mmc tree, and added a new patch:
"scsi: ufs: core: Remove duplicate macro definitions"
2. Incorporated suggestions from Jens
3. Added check if Advanced RPMB is enabled, if enabled we will not register UFS OP-TEE RPMB.
v1 -- v2:
1. Added fix tag for patch [2/3]
2. Incorporated feedback and suggestions from Bart
RFC v1 -- v1:
1. Added support for all UFS RPMB regions based on https://github.com/OP-TEE/optee_os/issues/7532
2. Incorporated feedback and suggestions from Bart
Bean Huo (3):
scsi: ufs: core: Convert string descriptor format macros to enum
scsi: ufs: core: fix incorrect buffer duplication in
ufshcd_read_string_desc()
scsi: ufs: core: Add OP-TEE based RPMB driver for UFS devices
drivers/misc/Kconfig | 2 +-
drivers/ufs/core/Makefile | 1 +
drivers/ufs/core/ufs-rpmb.c | 254 +++++++++++++++++++++++++++++++++
drivers/ufs/core/ufshcd-priv.h | 27 +++-
drivers/ufs/core/ufshcd.c | 92 ++++++++++--
include/ufs/ufs.h | 5 +
include/ufs/ufshcd.h | 12 +-
7 files changed, 372 insertions(+), 21 deletions(-)
create mode 100644 drivers/ufs/core/ufs-rpmb.c
--
2.34.1
Powered by blists - more mailing lists