Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp228012rdh; Tue, 13 Feb 2024 15:17:54 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVedyrL2rNC8IRhBHtn7hdjEHo+xlf8GeKbr12PLBLbkAzipLPI4H3uQzfZ21YXPxGqoWN9MDWlWUS8eDtkLNwRPd3uBIaHmyJDVyy7cg== X-Google-Smtp-Source: AGHT+IENt2KWmnR0B2878sjMDrITh4Dkh1kzKj0DHsgULG4LbTUp/oK1EKZR9LimAOD1iVWP54a6 X-Received: by 2002:a0c:c983:0:b0:68c:c909:85da with SMTP id b3-20020a0cc983000000b0068cc90985damr892310qvk.32.1707866274059; Tue, 13 Feb 2024 15:17:54 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707866274; cv=pass; d=google.com; s=arc-20160816; b=VMgRRn3dweVjBmu4VlGoFEhMP7EdJaCczBWig0wYkQgKLFX5JD4FuFBCMLJELBwWqu gj0VJ/6YszjFVOc2wYB+TD4uAMarb33TUzs6vKyezPkKz/IBSitxyD1tw3IMIml26tdd 4MT7BRp3doMUYpM+939A6seHigFK5HXw76T/+cVv7lAB3hQ5J5s0YcPkrYo4WW80w/xa JEX08LuaiOi7F17+1qf5HAcWIhr5jH8808BGnQ+/gmXAblo8340yVYT2QiZjwbo0ZLf9 PoU2n/Or61ZfFQN5RqjVE10hs66Eva29KrbFJ9BVOrSInomQ7TTdAqZuHiflkxyCneV/ qZvw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=rogsonCUUROhfNG0WfLmpI4i3Hmd54Nf1t6VPyqZI78=; fh=sCqs3kQbJTQToJVUqyQ+4s5ao+wp2Z/u0HM8m2I8yWo=; b=dHkprW/sKmOM5U8ih6/MkWRu/3zmrFVD1FOKhZum6SWW1Oj/tc8+QJ6TrTdx7a0mGt fSKnsCgCJQAWCfQTQ3KtiZOe8Qshv13HHGsRV7+rT+tjS6bS6hdRhuBC80Y6IXKfxAY3 gNVtHBmkRLB08ZZuR59UwU3rFMsr2DGzKid0Bef1qOH/nC0ZJkBqB9JlBC8gUCFoDdvU JrMKmCymb4qSR4rLgms/dCcIpH5yU/yvl8O340HN2vweBYcLZxqO3rofEmhAGfRNNj9d NIht3RCcAZ2016usbBzzYHxfGfdn7u/3e7zU67fW8DAM5ELC+MklTRkVuYt40MmugYOq FECA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Kys4IbvQ; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-64527-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-64527-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org X-Forwarded-Encrypted: i=2; AJvYcCUfedlutvFF9kiwfoGNKnCM9SwajJj44MHnJ86Y2xNEFJNWrdOR6zMfkvqbz3O9zQjiXV3KgheZyiZHfFa7EWW4+TaD1EAJFBb9zyWk7A== Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id jp9-20020ad45f89000000b0068cb7b24a38si2586022qvb.339.2024.02.13.15.17.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 15:17:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-64527-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Kys4IbvQ; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-64527-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-64527-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 699211C282C9 for ; Tue, 13 Feb 2024 23:17:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 741F463136; Tue, 13 Feb 2024 23:16:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="Kys4IbvQ" Received: from mail-yw1-f173.google.com (mail-yw1-f173.google.com [209.85.128.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B91D06310E for ; Tue, 13 Feb 2024 23:16:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.173 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707866204; cv=none; b=hJiswsigNa1YFS3AmThqpG/0eIBpi31Y/aHtQdD0OmBWAuk8cSA5eyNafSPrmXnHIXryYyCY2gK/aXfCy/+oRnKc2+H3Sv9z5pmTDSRzYnCWzfpbiB+o0JD7tPJD7Y+eG/MwBcwn5fbOv3c0NK2LXfTNtkZ0DnTR1HlzSlVB5q0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707866204; c=relaxed/simple; bh=rogsonCUUROhfNG0WfLmpI4i3Hmd54Nf1t6VPyqZI78=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=TOePqO3MscgXxtsoXxs3maGhS9JTf0aK3Nc1v+EaV0Fs32uShDgx0fKn0dsx0ibBSbkrOi6ysB1fqVxznTDSsIqQrc2KQq/O2F/BsedwJm7Nowe7y8epWxyx72aLagWJP+hDRA/naTnnqjzq6gVt+WbUa3OG9VM3lcwfPraPLqY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=Kys4IbvQ; arc=none smtp.client-ip=209.85.128.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-yw1-f173.google.com with SMTP id 00721157ae682-60778cd55caso16829997b3.1 for ; Tue, 13 Feb 2024 15:16:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1707866201; x=1708471001; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=rogsonCUUROhfNG0WfLmpI4i3Hmd54Nf1t6VPyqZI78=; b=Kys4IbvQ9Cj0dY2PpINAhwhV6Bn5wlFoCX2uZDIs3qDQGqtJWlB6wTes5jALxCBj2s zKxI9zcuHOfW9M7oGb/bdWa6AFPIrzUj4T/os1HcNXju/R/BliUHXkpuhga1hA0W0RcC bth3OU63sJ1eXQIQKg3SNxw7eVwZdw3xTSgBgilsFpQK/CR3cn81ifzZ33qhoXGOakKh 9CTL7g3JQiQ0mzx9Lg4sYwRxvkR4SRnjQbYY466aZ0VG800gWkTXhmQaD70T6nYiq2rH N3/RaD5IJlI4/TeU8D5ENKJ515U37Qvjsi5UYlgVPIIWl+cq54+6qoFFScQJgydkuXBg cVVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707866201; x=1708471001; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rogsonCUUROhfNG0WfLmpI4i3Hmd54Nf1t6VPyqZI78=; b=nhQoYUkVlAenlXEMH6HX5a8suvEskwSq7lrQWjAHpL0tPEvDHnrfHBRp3m2lnvY5gE u4oUO4IW+pkEyBXF8qF/E/VuqkfWUWXA8GtAdB8GzLBcCCuVgfflC9AcDkTpbohKq/zm WpBlJ8BPTYueap7AcQ33qDtFHOtIUxJpIZc68iqJZNsdtleFc0pU9iFci++4Jjo44+1j pvCIBD8uoUBVhTugP/jFBuPfEJpQzWAGFL6d1TgTW/tK4tJMm0AVfMndarNmZKyb9XCy x37AYjlbpUAyEltisEff9L6WxdeeriFptUGJElSbmyEVeMflPSdeG5xJphBs0YasIytE h0PA== X-Gm-Message-State: AOJu0YyoXJvlLS2iSf0uqaQ099YKuqFhyHypZaInJGRo5L3z+kZu46ad edR0e43a3THe7Lx/1L6mM9ZzYVfOJLDWi6U9fYCCsv7gcBjnHQP2EzHsgLDW4JzoCsjQBgwdFYc wdS5tiSdniu5XijQ8wX4SRZjQE3c9CJUezAnP0g== X-Received: by 2002:a0d:eb83:0:b0:5f8:c3a:6989 with SMTP id u125-20020a0deb83000000b005f80c3a6989mr850068ywe.34.1707866201624; Tue, 13 Feb 2024 15:16:41 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240131174347.510961-1-jens.wiklander@linaro.org> <20240131174347.510961-2-jens.wiklander@linaro.org> In-Reply-To: From: Ulf Hansson Date: Wed, 14 Feb 2024 00:16:05 +0100 Message-ID: Subject: Re: [PATCH v2 1/3] rpmb: add Replay Protected Memory Block (RPMB) subsystem To: Jens Wiklander Cc: linux-kernel@vger.kernel.org, linux-mmc@vger.kernel.org, op-tee@lists.trustedfirmware.org, Shyam Saini , Jerome Forissier , Sumit Garg , Ilias Apalodimas , Bart Van Assche , Randy Dunlap , Ard Biesheuvel , Arnd Bergmann , Greg Kroah-Hartman , Tomas Winkler , =?UTF-8?B?QWxleCBCZW5uw6ll?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 7 Feb 2024 at 09:06, Jens Wiklander wro= te: > > On Tue, Feb 6, 2024 at 1:34=E2=80=AFPM Ulf Hansson wrote: > > > > On Wed, 31 Jan 2024 at 18:44, Jens Wiklander wrote: > > > > > > A number of storage technologies support a specialised hardware > > > partition designed to be resistant to replay attacks. The underlying > > > HW protocols differ but the operations are common. The RPMB partition > > > cannot be accessed via standard block layer, but by a set of specific > > > RPMB commands: WRITE, READ, GET_WRITE_COUNTER, and PROGRAM_KEY. Such = a > > > partition provides authenticated and replay protected access, hence > > > suitable as a secure storage. > > > > > > The initial aim of this patch is to provide a simple RPMB Driver whic= h > > > can be accessed by the optee driver to facilitate early RPMB access t= o > > > OP-TEE OS (secure OS) during the boot time. > > > > How early do we expect OP-TEE to need RPMB access? > > > > The way things work for mmc today, is that the eMMC card gets > > discovered/probed via a workqueue. The work is punted by the mmc host > > driver (typically a module-platform-driver), when it has probed > > successfully. > > > > The point is, it looks like we need some kind of probe deferral > > mechanism too. Whether we want the OP-TEE driver to manage this itself > > or whether we should let rpmb_dev_find_device() deal with it, I don't > > know. > > As I wrote in another reply. I'd like to probe the OP-TEE driver > without touching RPMB first, and then as the devices start to appear > we discover the one to use. In this patchset I'm relying on the OP-TEE > client to wait until the RPMB device is available. That's probably > good enough for user space client, but I guess not for kernel clients > (drivers). Right, I understand. Obviously we don't need to solve all problems (use-cases) at once, but it sure sounds like we at least need to make some additional thinking around this part. > > > > > > > > > A TEE device driver can claim the RPMB interface, for example, via > > > class_interface_register() or rpmb_dev_find_device(). The RPMB driver > > > provides a callback to route RPMB frames to the RPMB device accessibl= e > > > via rpmb_route_frames(). > > > > By looking at the design of the interface, I do like it. It's simple > > and straightforward. > > > > However, I wonder if you considered avoiding using a class-device > > altogether? Even if it helps with lifecycle problems and the > > ops-lookup, we really don't need another struct device with a sysfs > > node, etc. > > Yes, the class-device might be more of a leftover from earlier > versions with a user space interface too. Let's try to do this without > a class-device. I was considering using class_interface_register() for > the optee driver to get notified of an eventual RPMB device, but if we > don't have an RPMB class device we'll need some other mechanism for > that. Perhaps a rpmb_interface_register() with similar callbacks as > class_interface_register(). Okay, sounds like you want to make it a try. I am happy to look at the code, ofcourse. Although, honestly - I don't know what's the preferred option here. > > > > > To deal with the lifecycle issue, we could probably just add reference > > counting for the corresponding struct device that we already have at > > hand, which represents the eMMC/UFS/NVME card. That together with a > > simple list that contains the registered rpmb ops. But I may be > > overlooking something, so perhaps it's more complicated than that? > > I could try to call mmc_blk_get() in mmc_blk_alloc_rpmb_part() when > storing the md pointer in the newly created struct mmc_rpmb_data. If > that works as I hope, then I can get rid of the two get_resources() > and put_resources() callbacks. We should probably update > mmc_rpmb_chrdev_open() and mmc_rpmb_chrdev_release() to match this. Something like that. But I need to have a closer look at this (probably easier to review another version of the patchseries), to really tell what works best. Do note that mmc/sd cards are hot-pluggable (removable) from the mmc block device point of view. [...] Kind regards Uffe