Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1789654ybz; Thu, 30 Apr 2020 05:39:17 -0700 (PDT) X-Google-Smtp-Source: APiQypLue8hdcXL2w1bzGCnn8IzkoctR+/U/H+2FuvSMVK7wIluEpBNPFswkjnsXCy8gQFS3Gan4 X-Received: by 2002:a17:906:1393:: with SMTP id f19mr2450152ejc.26.1588250357254; Thu, 30 Apr 2020 05:39:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588250357; cv=none; d=google.com; s=arc-20160816; b=rtNOqzuCpvcj11UPV1nWzcl3hoCE/lP2nnHztU9BrI+FLgksZea9Afd6dHM3IfHa6R 7XKDNpjqxYbwaLaH7j2RBz9QzKH+lToihm/FOMVaaWBKHQJZaByMSvoCpYsmopzcGlGh UkKt3fzDfYa+1mxpl92EoR1y6uaUuGAJEaQRPHu8Y1bOEvBeR0LYBKy28li7nuwFOvKF KmUnu9UXCdGn0xW9PFTJBt+uvSxNBelXtrRNSFLYwb5nQ9Va3L9HzTIrYGLo+4husHkJ 56GUIfu/7DvHopial2Eht1tBy8i57k9Dgb+Zr2ALqoEfmpvFNGoHVIJLMsfvv1FuliUH lRSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:ironport-sdr; bh=HbLPL4MtSjV6T+yEjL94q/f9HeSAK/UCLjxKHPVxEJc=; b=0VN9UHO/p5WOVFAOWkwLH8NmCKygMlE3+aHm5s+v+9/GMOlB8xhsTE0oBxOXpniAlm ngnVGUOiodt0Th9boB02jmpdc+S9gZWKEJjKQ6HVIiQbrAX/ojhuCeBuQOB9kF1c4HDl guj7fHqXfGR8gPhIaVGjficxTgCHQE4RPIZOa5StioC78VOGNS+rEk6uAWfJWlEvzjDb AqINvolyAbvo38gdxkqWS61wyed8rfHKdcas8JxQ+RW6G1M7BgJIV4STVivYkHKD7qiu EkpRsihk+Wfo1jE8j+J94Hw7SPsBwE5POGY7Mwg3LkLvwqf88Y4CL96nSUADhRZpt+V+ yTtQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m13si5765672ejc.7.2020.04.30.05.38.53; Thu, 30 Apr 2020 05:39:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726809AbgD3Mh1 (ORCPT + 99 others); Thu, 30 Apr 2020 08:37:27 -0400 Received: from hel-mailgw-01.vaisala.com ([193.143.230.17]:46709 "EHLO hel-mailgw-01.vaisala.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726053AbgD3Mh1 (ORCPT ); Thu, 30 Apr 2020 08:37:27 -0400 IronPort-SDR: JC1LwE3cJwpU6xP9VrNk1kP5CTP+pP+eCCEY5S7xOLATcakplyjkbc9by7EjKUYA9pFc6eoG43 L1i6ZbakbzpTxAt6UqnILATpiwUFNWcjMCPMXYF2++Mw5xecXJe5OQIW0hlqkm67GCSJHg7pgl Oi4ill4athke/C4Ying52PV07s+ZIbY2NMGJ78klKph1XaKlNMw4qyU6kCDuhjEvHM1ptm+PA7 VA0IAo5+HZwNouAfpemVqnTZ7U583qoL67Wv8Mwl5vy1NQdJIC9MdozOw+umeCzmwy1SJu1Q0Z chs= X-IronPort-AV: E=Sophos;i="5.73,334,1583186400"; d="scan'208";a="278151906" From: =?UTF-8?q?Vesa=20J=C3=A4=C3=A4skel=C3=A4inen?= To: op-tee@lists.trustedfirmware.org, Jens Wiklander Cc: Rijo Thomas , Herbert Xu , Dan Carpenter , Devaraj Rangasamy , Hongbo Yao , Colin Ian King , linux-kernel@vger.kernel.org, =?UTF-8?q?Vesa=20J=C3=A4=C3=A4skel=C3=A4inen?= Subject: [PATCH v2 0/3] tee: add support for session's client UUID generation Date: Thu, 30 Apr 2020 15:37:08 +0300 Message-Id: <20200430123711.20083-1-vesa.jaaskelainen@vaisala.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 30 Apr 2020 12:37:21.0114 (UTC) FILETIME=[179ABBA0:01D61EEC] Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org TEE Client API defines that from user space only information needed for specified login operations is group identifier for group based logins. REE kernel is expected to formulate trustworthy client UUID and pass that to TEE environment. REE kernel is required to verify that provided group identifier for group based logins matches calling processes group memberships. TEE specification only defines that the information passed from REE environment to TEE environment is encoded into on UUID. In order to guarantee trustworthiness of client UUID user space is not allowed to freely pass client UUID. Vesa Jääskeläinen (3): tee: add support for session's client UUID generation tee: optee: Add support for session login client UUID generation [RFC] tee: add support for app id for client UUID generation drivers/tee/Kconfig | 1 + drivers/tee/optee/call.c | 6 +- drivers/tee/tee_core.c | 211 +++++++++++++++++++++++++++++++++++++++ include/linux/tee_drv.h | 16 +++ 4 files changed, 233 insertions(+), 1 deletion(-) -- 2.17.1 Changes v1->v2: * Changed goto labels to be more logical * Capture error if formatted string for UUIDv5 does not fit into buffer Notes: This patcheset has been designed so that it can be iteratively intergrated meaning that the application ID (RFC patch) part can be left for later when there is agreed solution for that. TEE specification leaves Linux behavior undefined. It does not define any UUID value for name space. UUID in here is randomly generated with uuidgen tool. I have also include amdtee people as this method probably should also be applied in there. Using op-tee@lists.trustedfirmware.org instead of tee-dev@lists.linaro.org as latter is deprecated old list. Original issue in OP-TEE OS tracker: https://github.com/OP-TEE/optee_os/issues/3642 Related reviews and demonstration for the concept: https://github.com/linaro-swg/linux/pull/74 https://github.com/OP-TEE/optee_client/pull/195 https://github.com/OP-TEE/optee_test/pull/406