Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1509017rwd; Tue, 13 Jun 2023 10:02:22 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6ZgTY5aHK0X4210+y6uF0heD9XQAyW3CvDt5lnIn1B0Ti25kQhlfL0Nyf4T0iua/swIxAB X-Received: by 2002:a2e:84d7:0:b0:2a7:a393:a438 with SMTP id q23-20020a2e84d7000000b002a7a393a438mr4546605ljh.24.1686675741745; Tue, 13 Jun 2023 10:02:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686675741; cv=none; d=google.com; s=arc-20160816; b=BSnWQRAHnd/xDAEgw9s2ODzr7U/jvOanKUkAZgFAnSFydAIvEwEZ88564Qzk07S5KX xmf2n9xKP2zkSdklzVoPccxD7bE+tf5hjVyVoOXvffb4+0wVcpG8UtWnRxJ16xjkWOEk hWvsMraBITE/Y7ZHsLn56odc7q3hzutOHzgkk2dFU4MZcfnSc7Ar0/gAu5ZGvVL3u8GV cOGsNvq8b1IFw4sfLKAcUAK8TyqTdg+rdSXJoB2RcW8wJruSkwxzd8UolHLXkKEIGsVi E58r+EwalgoeoX5HVcVfeKbyP4WOhr4ThrecM4Q3O9aeLiIL/d9fVvZd1z6H02LaCjUf 02Yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date:dkim-signature:dkim-filter; bh=+iEeguyuJXlRkQExInBQoHnknosojavZvT0L/jXtsK8=; b=aKoJvxqcOqeKLuHpiR/tnjByIX4o6mnEKM3xeDuqAhlLPWt/U1FRu8g/e6orQao/Sr 356tT0u6D/2bYjHuIjpLrno0SbLhOSGqZsM7XHQO06I/75u95x/HjOEbYQt1fkhsfeMV l3cpk9EuUyWomqf/83ltpr+rlSuclWQbCZGcx1iLGHfRpl/1CaPlOVb1wIz98unbChG4 aJ2uvleyku18Mzc6whut2DJv/c0gDHyewrGptX7vjrWpPax0u89lzq1N3FxZy62FuzSb zuinCqlbXQoUIh4P7AT6itOMBwJ0awRlcdaVoO86xCO3lm7bzHC2G56IIspDdOnqjCfM N+sg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=nbWg7k0e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q3-20020a056402032300b005187233611esi1388339edw.506.2023.06.13.10.01.56; Tue, 13 Jun 2023 10:02:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=nbWg7k0e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233925AbjFMQrs (ORCPT + 99 others); Tue, 13 Jun 2023 12:47:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233441AbjFMQrq (ORCPT ); Tue, 13 Jun 2023 12:47:46 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 7C18219BC; Tue, 13 Jun 2023 09:47:44 -0700 (PDT) Received: by linux.microsoft.com (Postfix, from userid 1152) id E94B720FE6E9; Tue, 13 Jun 2023 09:47:43 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com E94B720FE6E9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1686674863; bh=+iEeguyuJXlRkQExInBQoHnknosojavZvT0L/jXtsK8=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=nbWg7k0es9g6uyWIXPbwVTVmxCFAbr+YJ8FFRgAk2NWCqeZbo1IPKlsy5zotIOxrh Nse1nuyT4dDPmP3OSYW2EwEiLLpNHjm2m/R0lsZwZmUJZz2KHbG5UhTFbu3RS2y8kJ PUSZfnpB7ZXTdrArVD6nAf2ecJpOeCijnR3kb7DY= Received: from localhost (localhost [127.0.0.1]) by linux.microsoft.com (Postfix) with ESMTP id E6305307057C; Tue, 13 Jun 2023 09:47:43 -0700 (PDT) Date: Tue, 13 Jun 2023 09:47:43 -0700 (PDT) From: Shyam Saini To: "Zhu, Bing" cc: "alex.bennee@linaro.org" , "code@tyhicks.com" , "Matti.Moell@opensynergy.com" , "arnd@linaro.org" , "hmo@opensynergy.com" , "ilias.apalodimas@linaro.org" , "joakim.bech@linaro.org" , "linux-kernel@vger.kernel.org" , "linux-mmc@vger.kernel.org" , "linux-scsi@vger.kernel.org" , "maxim.uvarov@linaro.org" , "ruchika.gupta@linaro.org" , "Winkler, Tomas" , "ulf.hansson@linaro.org" , "Huang, Yang" , "sumit.garg@linaro.org" , "jens.wiklander@linaro.org" , "op-tee@lists.trustedfirmware.org" Subject: RE: [PATCH v2 0/4] rpmb subsystem, uapi and virtio-rpmb driver In-Reply-To: Message-ID: <1ee57e46-6e86-eff0-ba9e-b7526fa865c0@linux.microsoft.com> References: <20220405093759.1126835-1-alex.bennee@linaro.org> <20230531191007.13460-1-shyamsaini@linux.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-19.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Bing, Other than PCRs we also want to store Non volatile ftpm data (NVData), storing these in volatile DDR shared memory will be a spec violation. Best Regards, Shyam > As an alternative, Is it possible to change ftpm design not to depend on RPMB access at the earlier/boot stage? Because to my understanding, typically PCRs don't require persistent/NV storage (for example, before RPMB or tee-supplicant is ready, use TEE memory instead as temporary storage) > > Bing > > IPAS Security Brown Belt (https://www.credly.com/badges/69ea809f-3a96-4bc7-bb2f-442c1b17af26) > System Software Engineering > Software and Advanced Technology Group > Zizhu Science Park, Shanghai, China > > -----Original Message----- > From: Shyam Saini > Sent: Thursday, June 1, 2023 3:10 AM > To: alex.bennee@linaro.org > Cc: code@tyhicks.com; Matti.Moell@opensynergy.com; arnd@linaro.org; Zhu, Bing ; hmo@opensynergy.com; ilias.apalodimas@linaro.org; joakim.bech@linaro.org; linux-kernel@vger.kernel.org; linux-mmc@vger.kernel.org; linux-scsi@vger.kernel.org; maxim.uvarov@linaro.org; ruchika.gupta@linaro.org; Winkler, Tomas ; ulf.hansson@linaro.org; Huang, Yang ; sumit.garg@linaro.org; jens.wiklander@linaro.org; op-tee@lists.trustedfirmware.org > Subject: [PATCH v2 0/4] rpmb subsystem, uapi and virtio-rpmb driver > > Hi Alex, > > [ Resending, Sorry for the noise ] > > Are you still working on it or planning to resubmit it ? > > [1] The current optee tee kernel driver implementation doesn't work when IMA is used with optee implemented ftpm. > > The ftpm has dependency on tee-supplicant which comes once the user space is up and running and IMA attestation happens at boot time and it requires to extend ftpm PCRs. > > But IMA can't use PCRs if ftpm use secure emmc RPMB partition. As optee can only access RPMB via tee-supplicant(user space). So, there should be a fast path to allow optee os to access the RPMB parititon without waiting for user-space tee supplicant. > > To achieve this fast path linux optee driver and mmc driver needs some work and finally it will need RPMB driver which you posted. > > Please let me know what's your plan on this. > > [1] https://optee.readthedocs.io/en/latest/architecture/secure_storage.html > > Best Regards, > Shyam >