Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1819536pxb; Thu, 4 Mar 2021 23:54:27 -0800 (PST) X-Google-Smtp-Source: ABdhPJxLbx7sK6h/lXGUzQZBIvxPjF4E2L/yUWhQI7YX+Ag7/RqWWTLRVW3ma6q+Sm55Brx0vc5e X-Received: by 2002:a50:9dc9:: with SMTP id l9mr7947734edk.377.1614930867208; Thu, 04 Mar 2021 23:54:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614930867; cv=none; d=google.com; s=arc-20160816; b=x9eAEwso7Nu8wXgGeOZJMlQCkDxo5HHzZj0Bavjt9e+9iJhdVTPzcAAA/4AdYYTKH4 JVPhEXr5SiMuaxhXRSHTTJmIDZITDOkuKSX1NCqfdQE6+vG1PF/hdMYK7EtvVmzCCXtS P+VPnnZ+ytdMcuWD6kfQ4q0uOT9VCj5o8pgPDGe5fLPqdEqWP6pkez7YpOSur3EMQVg9 zwXTweCQ63PGnl/VJGDVqnDIOxjvLHNc0fvchPsLyUXPuumMXyZZhqcH6Z1Azh0Oo2aQ 4jkZt0HPYXU08h169X0j/yKgD/QFW/j//qE9aHpyOWdC5lkZmj3vmo0nAj6ylLPevvN+ Ye3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=cKVGTa6ju/LsREjFD7gnw/RP1YjlyJ1xmIXcDe5uO2Q=; b=0lkAXkSigLVAAMqMGJ9oeXemkEG6zf038UtYdyG77vASdrgVJloBmDwYKh6+tXWHq5 Zy/uFK7Aiu2Sr2OyxeFJt4MZImWsQiP5koplKUz76jfFGyBWJQ4O3ZieCrzf69Jewu13 7+vlxHHDvKC+/bYWYCIP/mHr1mNZH++6d7qBxXg7C441DHeF0c4sTseHbtzHvX9fHzxX 9JlDqKdpxSkq8jUrW2+e80saypbBqumPCcwlgR/TR3394PFXImolGiYmMBmlkfufKxvt yYBWivL5xTHAa4t+gckfyBh2sMMAvSpn8tnFOzc0A7brVAzS+GNdjmv5KYWlu9vbLz7Z vKgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Zh06eYHc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y14si1124389edw.480.2021.03.04.23.54.05; Thu, 04 Mar 2021 23:54:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Zh06eYHc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229494AbhCEHvh (ORCPT + 99 others); Fri, 5 Mar 2021 02:51:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33674 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229469AbhCEHvh (ORCPT ); Fri, 5 Mar 2021 02:51:37 -0500 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6610FC061756 for ; Thu, 4 Mar 2021 23:51:35 -0800 (PST) Received: by mail-ej1-x62e.google.com with SMTP id hs11so1646935ejc.1 for ; Thu, 04 Mar 2021 23:51:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=cKVGTa6ju/LsREjFD7gnw/RP1YjlyJ1xmIXcDe5uO2Q=; b=Zh06eYHcY8hTJFgnQm43ngFpY1VdFU7XH/rX9h9CDzvHCJDt78jMLLhoB4pYSKr35m OpJKt6P+BL+8/Iz+9LeT4jx8oYAi8tdd0u5jDQFswMWxsob7Ko1AkxoYsdcCH4XdNAKu ujcTLn0DF/oTurrWkf52u0TFGu2nZia+eqTZNpp3FB/uZpjq4fpA8gi9BRdXM7v7N1A5 rrADZKzB7t3bb3bxFnE1kOIuBCZ2Vn61Pp4hDI44+/qDl/weOCkQVskqugNDR+7REKBW M1fggiwWZAatHscXciMBsjt6C53L2tLZMIgUgfJvQQWJ2CELTGmvswHaEopVfTo2wXFY 7FXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=cKVGTa6ju/LsREjFD7gnw/RP1YjlyJ1xmIXcDe5uO2Q=; b=q5guYTr7Hy1lUwbuGarv1QUCT7NnA0G5zHoZM7mnxMVgI1siA3YOrKr4KHkzZcm6Sg mZcR0P119iOHmZm/bTKZuIoa1JN9tqFdU4KedG2W9cXaZYqy+74pmGPWxFkcNAEMTmrH I5Ug1/Byvws4uZD8NKyDDsXjXJgMjeTQwxhJHYJzSKRwZ/2+DVuFBW/NctM3T3dmjJDz OOe14LrPvTBqGPFMxD95ROwTWAnrUEfp8LgIrPRSf7uiWcgLR2Q6VwX8aPgrHZTWvLeC cqjXJxJHEhx8LYL1IYQIOd/47WMhJCDM7dkfNdI/J+fGpydG1GgA8/dVb5AJkfZ/NYoJ 2lZw== X-Gm-Message-State: AOAM532m3IDGP2HoQR3+2IUUeaDGQokRcO5qKQ9/BFYzkdDFgrYv0X/L en0BIx9u4nUl7vDt+JamvnjHyA== X-Received: by 2002:a17:906:7e12:: with SMTP id e18mr1273626ejr.316.1614930694041; Thu, 04 Mar 2021 23:51:34 -0800 (PST) Received: from goby (81-231-61-187-no276.tbcn.telia.com. [81.231.61.187]) by smtp.gmail.com with ESMTPSA id de17sm1031396ejc.16.2021.03.04.23.51.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Mar 2021 23:51:33 -0800 (PST) Date: Fri, 5 Mar 2021 08:51:31 +0100 From: Joakim Bech To: Arnd Bergmann Cc: Alex =?utf-8?Q?Benn=C3=A9e?= , "linux-kernel@vger.kernel.org" , Maxim Uvarov , Ilias Apalodimas , ruchika.gupta@linaro.org, "Winkler, Tomas" , yang.huang@intel.com, bing.zhu@intel.com, Matti.Moell@opensynergy.com, hmo@opensynergy.com, linux-mmc , linux-scsi , linux-nvme@vger.kernel.org, Ulf Hansson , Linus Walleij , Arnd Bergmann Subject: Re: [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem Message-ID: <20210305075131.GA15940@goby> References: <20210303135500.24673-1-alex.bennee@linaro.org> <20210303135500.24673-2-alex.bennee@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 04, 2021 at 09:56:24PM +0100, Arnd Bergmann wrote: > On Wed, Mar 3, 2021 at 2:54 PM Alex Bennée wrote: > > > > A number of storage technologies support a specialised hardware > > partition designed to be resistant to replay attacks. The underlying > > HW protocols differ but the operations are common. The RPMB partition > > cannot be accessed via standard block layer, but by a set of specific > > commands: WRITE, READ, GET_WRITE_COUNTER, and PROGRAM_KEY. Such a > > partition provides authenticated and replay protected access, hence > > suitable as a secure storage. > > > > The RPMB layer aims to provide in-kernel API for Trusted Execution > > Environment (TEE) devices that are capable to securely compute block > > frame signature. In case a TEE device wishes to store a replay > > protected data, requests the storage device via RPMB layer to store > > the data. > > > > A TEE device driver can claim the RPMB interface, for example, via > > class_interface_register(). The RPMB layer provides a series of > > operations for interacting with the device. > > > > * program_key - a one time operation for setting up a new device > > * get_capacity - introspect the device capacity > > * get_write_count - check the write counter > > * write_blocks - write a series of blocks to the RPMB device > > * read_blocks - read a series of blocks from the RPMB device > > Based on the discussion we had today in a meeting, it seems the > main change that is needed is to get back to the original model > of passing the encrypted data to the kernel instead of cleartext > data, as the main use case we know of is to have the key inside of > the TEE device and not available to the kernel or user space. > Yes, for OP-TEE we have to encrypt all data going to RPMB, since the information goes via non-secure world. We get the integrity by applying the HMAC with the key that is being discussed in this thread. The TEE owns and is responsible for programming the key (and that should be something that is achieved as part of the manufacturing process). > This is also required to be able to forward the encrypted data > through the same interface on a KVM host, when the guest > uses virtio-rpmb, and the host forwards the data into an mmc or > ufs device. > > That said, I can also imagine use cases where we do want to > store the key in the kernel's keyring, so maybe we end up needing > both. > The concern I have in those cases is that you need to share the RPMB key in some way if you need to access the RPMB device from secure side as well as from the non-secure side. Technically doable I guess, but in practice and in terms of security it doesn't seem like a good approach. In a shared environment like that you also have the problem that you need to agree on how to actually store files on the RPMB device. OP-TEE has it's own "FAT-look-a-like" implementation when using RPMB. But if you need mutual access, then you need to get into agreement on where to actually store the files in the RPMB. However, if secure side for some reason doesn't use RPMB at all, then kernel could of course take control of it and use it. I would probably not spend too much time on taking that use case into account until we actually see a real need for it. > > The detailed operation of implementing the access is left to the TEE > > device driver itself. > > > > [This is based-on Thomas Winkler's proposed API from: > > > > https://lore.kernel.org/linux-mmc/1478548394-8184-2-git-send-email-tomas.winkler@intel.com/ > > > > The principle difference is the framing details and HW specific > > bits (JDEC vs NVME frames) are left to the lower level TEE driver to > > worry about. The eventual userspace ioctl interface will aim to be > > similarly generic. This is an RFC to follow up on: > > > > Subject: RPMB user space ABI > > Date: Thu, 11 Feb 2021 14:07:00 +0000 > > Message-ID: <87mtwashi4.fsf@linaro.org>] > > > > Signed-off-by: Alex Bennée > > Cc: Tomas Winkler > > Cc: Ulf Hansson > > Cc: Linus Walleij > > Cc: Arnd Bergmann > > Cc: Ilias Apalodimas > > --- > > MAINTAINERS | 7 + > > drivers/char/Kconfig | 2 + > > drivers/char/Makefile | 1 + > > drivers/char/rpmb/Kconfig | 11 + > > drivers/char/rpmb/Makefile | 7 + > > drivers/char/rpmb/core.c | 429 +++++++++++++++++++++++++++++++++++++ > > include/linux/rpmb.h | 163 ++++++++++++++ > > > My feeling is that it should be a top-level subsystem, in drivers/rpmb > rather than drivers/char/rpmb, as you implement an abstraction layer > that other drivers can plug into, rather than a simple driver. > > Arnd -- Regards, Joakim