Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1848624pxb; Fri, 5 Mar 2021 00:46:18 -0800 (PST) X-Google-Smtp-Source: ABdhPJzJnY9oLVpKun/p/8/x0rtng4PXbXZ6SNvPCXvtTgHKSUZJlmF3zwqPqeXOJJrSa58ZnLkq X-Received: by 2002:a92:db08:: with SMTP id b8mr8112591iln.172.1614933978562; Fri, 05 Mar 2021 00:46:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614933978; cv=none; d=google.com; s=arc-20160816; b=kvXeP2ELUDPj3xiSoWzbqmuL4hRtf7VOnpCSpT5ERhQInSyoXkYK8Xl0wJ+TgVF1CI QCzqk0zPk9CaUg3Pbww4iDI1r/FDsDgJ7gr+nD8snSCrdADprjm+47jb1oVMUt2+JnlA 5eidhpO/AT/YhxDam3E425Owp97qVvGNWMhDJWRvNTF71x2Sapkv7yXVygzyqNwFd64v sy84NKUxHDDqXWGfkmNApH/f8glS+mQ3jp8mJrFCbCn7eD8c6jpsgEGMj77dHRoZVM9H hh6gvGkA7C8hD5e3drbkVD9J8kKwE1MxUq0HbKP//Fn4NZWtS3BaekqMZGSr6q8MH0VP vm7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=KB08yorhtcB6bwnYQdEUiilQWgj+qvMuWqAWFcX/SDg=; b=Ax9jqI+pKk4zToIVvcmOg+WIXpkqh5EfAdeyotKvkE0kU4JtvnZTJp8m4szsLKue6V T2mNm3pMl8VXxop+yqwQGCuQ6tkMJ3YRmnzLJz8apbycejJvmIbuUw/dWF9ynkvZ/I7g 4Dzpy9r3rkP52oheY4Wz8NWp2IGDrfHefZToubiQwysQDWBdyqXWz509ld2LZRlfzl9a om7r0+5+D6IJS+5vWIleWeRHI0MZkDHfADBHaRke0CZs+5525b3GQfecJrIljqxoNSF3 cxs0PsyJ05vWeNy6kpzI9SysTk4TnkLY4WV/jBEKv53j7LfeRIchRmJF7WuWpMlu7Y/v 1txQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZxLlJnE2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e8si1811407ilc.89.2021.03.05.00.46.03; Fri, 05 Mar 2021 00:46:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZxLlJnE2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229489AbhCEIpR (ORCPT + 99 others); Fri, 5 Mar 2021 03:45:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45088 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229469AbhCEIos (ORCPT ); Fri, 5 Mar 2021 03:44:48 -0500 Received: from mail-oi1-x235.google.com (mail-oi1-x235.google.com [IPv6:2607:f8b0:4864:20::235]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79989C061760 for ; Fri, 5 Mar 2021 00:44:46 -0800 (PST) Received: by mail-oi1-x235.google.com with SMTP id l133so1701016oib.4 for ; Fri, 05 Mar 2021 00:44:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=KB08yorhtcB6bwnYQdEUiilQWgj+qvMuWqAWFcX/SDg=; b=ZxLlJnE23vDFkH/RI149rtpJ6Rb1DuzsbCYGBoepoSLkhoigkzcZQUrThOEJZMZwXg g1v7bO3IE1yzgG9XgDolnIsjLiFud25gSY/WXkSrUQ33M9yrvaC+DmEwk9uROs2DEDYZ UeOvLWSeWGxxNp8UchPjXELvxDG+jSq+E/C9Z8SMTDaDbNjhI98yvEQ5EqBlK3Ac87vk NSlDPFWK49JH8UMthr1MOgrwDRFUjDlDss3egSdIyPYv1PPdvhoq7JyduB4XShz7Lwso 6/33LAwukxq1jS0D82bC9rlW937dDemOUMjOVCjpBBHS2XaVb4B7qqTdOJU7Kbe3tA6L fTXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=KB08yorhtcB6bwnYQdEUiilQWgj+qvMuWqAWFcX/SDg=; b=F3CjttnI+taEkHfW8s8S2DbR6zYxB4GrLfyyxM/pTZHCQiWmXjsBl2jNB2OKYjNRHi vCfOCbjB7e9KTwytEtVhduOln271FhIMtqvCRXoNprqiCbu4zcJQi7zTFmfwbTSbaGun SQUEvscW1otEZ1VAfWY15cesoYW8bhqjHzYm3jG2XoXxaZ4vYfteKBwvbzaMuqi7Hq0K 0CR3xYXeD9aqPiDB1Bi71x7qejhtz8X1a1JT/1DmlUuLTYKmQI1ZezbpjX3Hmk3gsd8Z NEjfrrDIhYq6LIi6ICFyBBK+cx6vI3LHFtSBL6oMW5zzull6ZKlzP4wG4HWidt8COEeA Qk4A== X-Gm-Message-State: AOAM533mPxy9p01jT2TCI8/bWDD2J3ThXraUgguWoUjpalIoJeIlYFeb sxqw9WWSNCA9QD/IepBIRayvl7R6bGNweKhY1wM= X-Received: by 2002:aca:4d8f:: with SMTP id a137mr1610818oib.132.1614933885443; Fri, 05 Mar 2021 00:44:45 -0800 (PST) Received: from mail-ot1-f46.google.com (mail-ot1-f46.google.com. [209.85.210.46]) by smtp.gmail.com with ESMTPSA id g6sm432421ooh.29.2021.03.05.00.44.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 05 Mar 2021 00:44:44 -0800 (PST) Received: by mail-ot1-f46.google.com with SMTP id d9so1044401ote.12; Fri, 05 Mar 2021 00:44:44 -0800 (PST) X-Received: by 2002:a9d:12e1:: with SMTP id g88mr3706815otg.305.1614933884478; Fri, 05 Mar 2021 00:44:44 -0800 (PST) MIME-Version: 1.0 References: <20210303135500.24673-1-alex.bennee@linaro.org> <20210303135500.24673-2-alex.bennee@linaro.org> <20210305075131.GA15940@goby> In-Reply-To: <20210305075131.GA15940@goby> From: Arnd Bergmann Date: Fri, 5 Mar 2021 09:44:28 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem To: Joakim Bech Cc: =?UTF-8?B?QWxleCBCZW5uw6ll?= , "linux-kernel@vger.kernel.org" , Maxim Uvarov , Ilias Apalodimas , ruchika.gupta@linaro.org, "Winkler, Tomas" , yang.huang@intel.com, bing.zhu@intel.com, Matti.Moell@opensynergy.com, hmo@opensynergy.com, linux-mmc , linux-scsi , linux-nvme@vger.kernel.org, Ulf Hansson , Linus Walleij , Arnd Bergmann Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 5, 2021 at 8:52 AM Joakim Bech wrote: > On Thu, Mar 04, 2021 at 09:56:24PM +0100, Arnd Bergmann wrote: > > On Wed, Mar 3, 2021 at 2:54 PM Alex Benn=C3=A9e wrote: > > That said, I can also imagine use cases where we do want to > > store the key in the kernel's keyring, so maybe we end up needing > > both. > > > The concern I have in those cases is that you need to share the RPMB key > in some way if you need to access the RPMB device from secure side as > well as from the non-secure side. Technically doable I guess, but in > practice and in terms of security it doesn't seem like a good approach. > > In a shared environment like that you also have the problem that you > need to agree on how to actually store files on the RPMB device. OP-TEE > has it's own "FAT-look-a-like" implementation when using RPMB. But if > you need mutual access, then you need to get into agreement on where to > actually store the files in the RPMB. > > However, if secure side for some reason doesn't use RPMB at all, then > kernel could of course take control of it and use it. > > I would probably not spend too much time on taking that use case into > account until we actually see a real need for it. I think the scenario for the 'nvme-rpmb' tool that does the signing in user space does not involve any TEE at the moment, because PCs usually don't have one. I agree that sharing the RPMB is not a great idea, so if you have a TEE in the system that requires an RPMB for storage, it won't be usable by anything else. However, you can have multiple RPMB partitions with separate keys on an NVMe drive, and you can easily have multiple emulated virtio-rpmb devices in a guest and use them for purposes other than the TEE. Arnd