Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp675749ybi; Fri, 14 Jun 2019 01:17:52 -0700 (PDT) X-Google-Smtp-Source: APXvYqxRIt1cyRanXgsx/wyS9FuIRIUpYfSDVxlh9DFB6JSvVB8zKRAubYZG7RTG//zeQZjZPmoI X-Received: by 2002:a62:386:: with SMTP id 128mr99986932pfd.10.1560500272117; Fri, 14 Jun 2019 01:17:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560500272; cv=none; d=google.com; s=arc-20160816; b=iKFwxoLTz3jVn2b/Zo6CHjzVuCZbp4KGk64r8wZSk4N6Ra85duYXMZr7js4LuRdh6l vDceJCvQHqAvF8HtjxLFXx9KFEVTPOjLLmmJn/+TwfWbFZ9jriXbfwcvDQqT24OgmIPi KI2uOZd4tg/U9WPA2t1pqQn+7t5iDZGS5Us8x26qlcOh2IpwaldUQyPHW2LOz0UfuCs2 LAKOSra+jkBNWq3OWEoQnuObvUk6f6cM/GG4vLfJ9tbplpzaLHv8cKncNErQgaAl2Vt9 RWuVKusK6MXhFoi8E2rXSjxzDjkN83PMZsW98HPIAcy+5zCF0Dec+yfbWepfFQOkxrM4 bQRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=sYZceYw/PBvRSxvmCoPk9kiBr948sZ4CFzmxWCPNjiY=; b=qE83oJZ1QGyyQF2L5aKtjhH5mIDiZq436aSwKDAiJvvxv9mzwdMzKtxzNkIJg6f08f LMnzu8yWgtLyXIF6/LOT4PIlu7/gDQoAkr+abI1S/dDEXY0QjaYAeZUBuaZ4BUIoXqDb gSYI6j70jY1k9JeUNa/qVKtgE1SgnuWJgJ2+gil4kZhtusgVWMqKU1eXeRf0LwQjJYN3 jNlJJ+84NRgFkIiX6DgUsMZJWQvEbcotfV0uxIw3XkkrT8Ed4Iy0c8nAWGVLDcXUd3OW 0lH4KmDz2GYpNmRYXeLO9pODW6WpVa3pKwKSAGqX+5INy5NlBDTBip6MZ9F8Rmhgl/RN 0xsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="RLrsNPT/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q129si828228pfq.43.2019.06.14.01.17.36; Fri, 14 Jun 2019 01:17:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="RLrsNPT/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726442AbfFNIRb (ORCPT + 99 others); Fri, 14 Jun 2019 04:17:31 -0400 Received: from mail-lf1-f67.google.com ([209.85.167.67]:44538 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726358AbfFNIRa (ORCPT ); Fri, 14 Jun 2019 04:17:30 -0400 Received: by mail-lf1-f67.google.com with SMTP id r15so1082149lfm.11 for ; Fri, 14 Jun 2019 01:17:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sYZceYw/PBvRSxvmCoPk9kiBr948sZ4CFzmxWCPNjiY=; b=RLrsNPT/uaaAfFbVFaeqZ6JSPheqCUq74WDZJocy/VXfonejDDi21W3KH/jUcNDYit uFjYoUzJhvbyvDe6ImPVkmAIf0sWV0aajwDBxm1DxLInFjAvbcMbi5RidfsPjVZrMffs Zg+N5N/SfwdpXzQeNbaoZttXLU3LyrWuOVWSUD/HN+icQi3UAq7i4EQoY2e7fRWAKS2G DTsOw5eHbsCdluVPpPOXyDWc9Cz/smTVsS+OkRpIHcajmkoMv6Zwg3xxiKhhxMbLvAUE ADOPKegxUfDNG+Bdd3FC2qU8XzWIx16DnlzPqgQA9ybWXYaKidIR61Rwg9y4sX2RXm2T 7/AQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sYZceYw/PBvRSxvmCoPk9kiBr948sZ4CFzmxWCPNjiY=; b=UlkA0nfYeiQE9eUDCJPnMZZvtZZpN+5gMcKf5FMxEaop8RyJcqxAreXt9RhTpfJt6e j3NR3j7/71VUVL+BAM/wCZVbZVMCGDEuu5V1KDBLOFp2Sxt/ICK8UgmyyZmN2M0bPRfu qVxE9wmqVjlKgezIV3p2rECKUHPbcohdT0HySFv2Ip08h8OoAuS5bFlrJ8lR681d/r2R YNMl87H0Z/iAK9AcEUar5/L/5SiGJ4TT/YMfMf86BvfIDb+UIEQ1G6rk7vWChWSrk0K+ GNFFXzoBMmqRu2FwFDZwdUZz4xLnPtjZxPhNnVqP7RqQmhuS9QG82rxOaIJiKb1ylCUH EpoQ== X-Gm-Message-State: APjAAAWTUAXVs8ljonyNdc5CwjvagUgu3Zn+B2o3w8oq7StzpjxLnAC3 9cDFWBWgQCf08PhHJnBly4m+nOOWEfelY9NVUkPkBw== X-Received: by 2002:ac2:50c4:: with SMTP id h4mr34300421lfm.61.1560500248037; Fri, 14 Jun 2019 01:17:28 -0700 (PDT) MIME-Version: 1.0 References: <1560421833-27414-1-git-send-email-sumit.garg@linaro.org> <1560470593.4805.109.camel@linux.ibm.com> In-Reply-To: <1560470593.4805.109.camel@linux.ibm.com> From: Sumit Garg Date: Fri, 14 Jun 2019 13:47:16 +0530 Message-ID: Subject: Re: [RFC 0/7] Introduce TEE based Trusted Keys support To: Mimi Zohar Cc: Casey Schaufler , keyrings@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, Jens Wiklander , corbet@lwn.net, dhowells@redhat.com, jejb@linux.ibm.com, Jarkko Sakkinen , jmorris@namei.org, serge@hallyn.com, Ard Biesheuvel , Daniel Thompson , linux-doc@vger.kernel.org, Linux Kernel Mailing List , tee-dev@lists.linaro.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Thanks Mimi for your comments. On Fri, 14 Jun 2019 at 05:33, Mimi Zohar wrote: > > On Thu, 2019-06-13 at 09:40 -0700, Casey Schaufler wrote: > > On 6/13/2019 3:30 AM, Sumit Garg wrote: > > > Add support for TEE based trusted keys where TEE provides the functionality > > > to seal and unseal trusted keys using hardware unique key. Also, this is > > > an alternative in case platform doesn't possess a TPM device. > > > > > > This series also adds some TEE features like: > > > > Please expand the acronym TEE on first use. That will > > help people who don't work with it on a daily basis > > understand what you're going on about. > > Thanks, Casey. > > "[6/7] doc: keys: Document usage of TEE based Trusted Keys" refers to > the kernel tee documentation, but that documentation is limited to > userspace interaction with the tee. > Thanks for pointing this out. I will update documentation to include TEE bus approach and communication apis for kernel clients. BTW, the interface is similar as with user-space. Only difference is instead of IOCTL's from user-space, there are wrapper apis to communicate with TEE. Also, in case someone is interested to learn about TEE technology, this webinar [1] could be one of starting points. > A trusted key is a random number generated and sealed(encrypted) by > the TPM, so that only the TPM may unseal it. The sealing key never > leaves the TPM. The sealed, trusted key may be exported to userspace. Understood. > In the tee case, can the "sealing" key ever leave the tee? No, the "sealing" key never leaves TEE. Its basically a Hardware Unique Key (HUK) tied to a particular SoC. > Can the > sealed, trusted key, exported to userspace, be unsealed by the tee? You mean using user-space interface to TEE? If yes, then answer is "no" as user-space can't communicate with this TEE service as its accessible to kernel clients only (see patch [2]). In case you meant loading exported trusted key blob via "keyctl", then "yes" this driver can unseal the trusted key. Have a look at examples I have listed in documentation patch [3]. Also, this approach works well across power cycles too. > Are the tee security protections similar to those of the TPM? How do > they compare? > Let me try to compare both environments. Regarding TEE, I will refer to OP-TEE [4] as one of its implementation. TPM: 1. External hardware. 2. Sealing key resides inside TPM. 3. Communicates via SPI, I2C etc. OP-TEE: 1. On chip, trusted execution environment enforced via ARM TrustZone. 2. Sealing key is unique to a particular SoC provided by secure fuses, secure crypto engine etc. 3. Communicates via Secure Monitor Calls (SMCs [5]). [1] https://globalplatform.org/resource-publication/webinar-an-introduction-to-tee-technology/ [2] [RFC 3/7] tee: add private login method for kernel clients [3] [RFC 6/7] doc: keys: Document usage of TEE based Trusted Keys [4] https://optee.readthedocs.io/general/about.html [5] http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf -Sumit > Mimi > > > > > > > > > Patch #1, #2 enables support for registered kernel shared memory with TEE. > > > > > > Patch #3 enables support for private kernel login method required for > > > cases like trusted keys where we don't wan't user-space to directly access > > > TEE service to retrieve trusted key contents. > > > > > > Rest of the patches from #4 to #7 adds support for TEE based trusted keys. > > > > > > This patch-set has been tested with OP-TEE based pseudo TA which can be > > > found here [1]. > > > > > > Looking forward to your valuable feedback/suggestions. >