Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp325820ybi; Thu, 13 Jun 2019 17:04:20 -0700 (PDT) X-Google-Smtp-Source: APXvYqx7XbO33SEk2nBu6itgCpF+DJNiHNVfa+RKnRzbAj/70sPTwKstgtJuQabEP0BAmjvAHTBh X-Received: by 2002:a17:902:aa0a:: with SMTP id be10mr88048672plb.293.1560470659970; Thu, 13 Jun 2019 17:04:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560470659; cv=none; d=google.com; s=arc-20160816; b=0qGgdgqkrPxVXOvsEGfFpuahRvF3nUqocpaMe9KEGlN7yagYf9BdTJYnSkNDXgzke0 UE7682u//dUmE9GyX/VmvJ+2p+RTm7r0OXjnjCcENEbDsr+KBZS/WEnYQ9Yq/0W3SVW+ GBHz7qLaM5t1E7PMwaYDNsZxzkRwr6NPAiR65sw+W7GLUh2Ai7EivttfuXOrkWCNAkld RChrg740kxN03EemI+EMIyzi2JyNVHuCnB8td7bhSixYfzb+BAFDm/nm18eeqUuRixjV hLxB87/rb27oC0FKFkWwTF3P39ZQyuTGY61WthuG/W1+D7Q+g2xOWFW544IU+wFf8ggG ag/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject; bh=Zr7EyAQMG2t+xktiZJi41Sjn+Q8eX2yzpDatGeVeDGg=; b=pwuxNtG45GzzfO67NoosC5HRmIJmLL5s/rjHzMpjsfUd4YkHIeloLWdffl1kZYtM4a JlPbNSl2FQh96MocvwhZDH50+jXtyrYB9KtqhHn9fuJm9T69/FDse90dttdu6ml259SZ Sf3GTWGS9K5gbAq5oR+MQxUBheZ/LaDMRkYAYdyyT3XgwnVKtFM/N72aAvWZAO58Pr2e 7AvbUGd75cwSe0vjcWyhYV59YaS+dZ5ezPNNVTfi1fNS6u/khtx9pcpz5zVD2ARZ5DJ0 acb8F7hL5Nln1kwGuCkLr/21ctZfU1sRgFNziOTfqIql/xfmRsd/5CFbUXT9UV4QFeoy gEdw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 199si951587pgh.302.2019.06.13.17.04.04; Thu, 13 Jun 2019 17:04:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727345AbfFNADg (ORCPT + 99 others); Thu, 13 Jun 2019 20:03:36 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:46706 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727248AbfFNADg (ORCPT ); Thu, 13 Jun 2019 20:03:36 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x5E01nKX063458 for ; Thu, 13 Jun 2019 20:03:35 -0400 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 2t3ywmsdch-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 13 Jun 2019 20:03:35 -0400 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 14 Jun 2019 01:03:32 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Fri, 14 Jun 2019 01:03:27 +0100 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x5E03QVC33095874 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 14 Jun 2019 00:03:26 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 79607A405F; Fri, 14 Jun 2019 00:03:26 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 986BBA4062; Fri, 14 Jun 2019 00:03:24 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.81.91]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 14 Jun 2019 00:03:24 +0000 (GMT) Subject: Re: [RFC 0/7] Introduce TEE based Trusted Keys support From: Mimi Zohar To: Casey Schaufler , Sumit Garg , keyrings@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Cc: jens.wiklander@linaro.org, corbet@lwn.net, dhowells@redhat.com, jejb@linux.ibm.com, jarkko.sakkinen@linux.intel.com, jmorris@namei.org, serge@hallyn.com, ard.biesheuvel@linaro.org, daniel.thompson@linaro.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, tee-dev@lists.linaro.org Date: Thu, 13 Jun 2019 20:03:13 -0400 In-Reply-To: References: <1560421833-27414-1-git-send-email-sumit.garg@linaro.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19061400-0028-0000-0000-0000037A2047 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19061400-0029-0000-0000-0000243A1AE4 Message-Id: <1560470593.4805.109.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-06-13_14:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906130179 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2019-06-13 at 09:40 -0700, Casey Schaufler wrote: > On 6/13/2019 3:30 AM, Sumit Garg wrote: > > Add support for TEE based trusted keys where TEE provides the functionality > > to seal and unseal trusted keys using hardware unique key. Also, this is > > an alternative in case platform doesn't possess a TPM device. > > > > This series also adds some TEE features like: > > Please expand the acronym TEE on first use. That will > help people who don't work with it on a daily basis > understand what you're going on about. Thanks, Casey. "[6/7] doc: keys: Document usage of TEE based Trusted Keys" refers to the kernel tee documentation, but that documentation is limited to userspace interaction with the tee. A trusted key is a random number generated and sealed(encrypted) by the TPM, so that only the TPM may unseal it.  The sealing key never leaves the TPM.  The sealed, trusted key may be exported to userspace.  In the tee case, can the "sealing" key ever leave the tee?  Can the sealed, trusted key, exported to userspace, be unsealed by the tee?  Are the tee security protections similar to those of the TPM?  How do they compare? Mimi > > > > > Patch #1, #2 enables support for registered kernel shared memory with TEE. > > > > Patch #3 enables support for private kernel login method required for > > cases like trusted keys where we don't wan't user-space to directly access > > TEE service to retrieve trusted key contents. > > > > Rest of the patches from #4 to #7 adds support for TEE based trusted keys. > > > > This patch-set has been tested with OP-TEE based pseudo TA which can be > > found here [1]. > > > > Looking forward to your valuable feedback/suggestions.