Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp458968lqb; Wed, 29 May 2024 00:10:14 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVazDtVE3Rmv47JLsUb1L1mDFY8IomZ5L/992XvaQttgcqaMFj7G27eUEBA8ShLb8lcjyYy408UbGH6DgV2rcSceUNu6Cye8D6k2HolIA== X-Google-Smtp-Source: AGHT+IHURvNsCPmorKaUHgmwvWCUhg/7AC2d7LzYZcJMLXyeOigzUxj8whADstVL123E3Los8K8U X-Received: by 2002:a17:906:a14c:b0:a5a:7a4e:7e80 with SMTP id a640c23a62f3a-a6265011257mr1023299666b.72.1716966614167; Wed, 29 May 2024 00:10:14 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716966614; cv=pass; d=google.com; s=arc-20160816; b=OLMREB0AbH9v4CyCPEvDnXeCoFcbwDUgc613OeT39PpAWWCzUjLSGwRsp2DiOfsNEr fH4jqmwlCaVVaXmX+gKrbAtCs9rYmxJT8bMXI9SdLp2PjYTxSd3WPZXCwPWsyav2kBik 31LrSaQC9WWXos2fI0xx1nC9RHy0ORyYoTOxIGoc8WCD1vCaRQKeoI47v4Ag6WWoThr9 ynqSxitmjpo4Gr5DSLQHrQRn7IZLiwaYsbsKD2cqJWDeerdG16GjrxoB3cye0r6rAxPr aLcyxfeMRMbHGaQF7d1VlH/axa0uHa+WiwwdWW7TB9pdxGbFjexJknUvBQkDWh3l9aH0 bl3g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=ppWh6NKQYdWs0IByPlxTYWyYUwCJ5vCPvljvtNRXhi8=; fh=ccrZq1Vwdzk4S5A280VYZtvTfzYZqAuWhiQietf78zI=; b=BzYuhmMLYzQFaeKyyBo420HYr2DwBr14xAGVQwoqCrgAIzBLHSX3zn0IgHQlKVnMnU BQM5Fi2rJbTgvKs/JtOU/5cFtQIhzXN6gy0YOzWvQsPdonyYu8vGmdCg1/MUib6FbqVp 1EN3OjqJtOVX2lfdGMC3PQT63CuYwYCNtfDskQTCJ9U8NeV6AnGuVnwlL5AR9YxX5+vJ 7APg3/ChVvuH9dkq1ZRYMVG7ui05pXmAMRkqg0kMNvRkO5KhdkNtQ6vRJM7bCOtLozKc UtOrIpIJWwl0pr05mNpnqZ6ECpuEdFl/kA5CpxTzbUi6bkVAlDLI/7Z2ZWchn2TfhqoE smlg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=nqA3SE9g; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-193563-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-193563-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a626cc37471si567048566b.339.2024.05.29.00.10.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 May 2024 00:10:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-193563-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=nqA3SE9g; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-193563-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-193563-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id B843C1F26E13 for ; Wed, 29 May 2024 07:10:13 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3FBE7167269; Wed, 29 May 2024 07:10:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="nqA3SE9g" Received: from mail-lf1-f50.google.com (mail-lf1-f50.google.com [209.85.167.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D5B415B142 for ; Wed, 29 May 2024 07:09:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.50 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716966599; cv=none; b=IQzAds4Hzp4NBRaLq8WKg1YHiUsX6+Kkt6rD9xco1lnmZfF4SJK2QfoP6c+h+cB+0rLfSV1nAweNZ/p9+gQiJRachV4rYgsT4iewTQGzSi3jidcur2t3OY2cnIUckkqJVC2tdWIPXXqTYrm7+lZN9TaAIOjyyRlvPAwAK4Jww24= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716966599; c=relaxed/simple; bh=IR+RvCK+/4xLwGVx3D0HTnj+/AXe+O8Ox+ve92jpdXw=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=B1ffYPs9t1Q0/9shAoLS/8kyzVoU2TlIp0YPXvLvM2fgVpjZNSuI4c88nSOtzUzpcRyXyhKBkPPKlEmvrqV5PValfHE1T+tGgnrxJf+qjWBk4xMSsVElgy8FtuQGBNte62KL1x7GwNwaj9n9n+ZZhJYZ/istfYtGul7v2JZq+rI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=nqA3SE9g; arc=none smtp.client-ip=209.85.167.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-lf1-f50.google.com with SMTP id 2adb3069b0e04-52ac99930c6so544873e87.0 for ; Wed, 29 May 2024 00:09:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1716966595; x=1717571395; darn=vger.kernel.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=ppWh6NKQYdWs0IByPlxTYWyYUwCJ5vCPvljvtNRXhi8=; b=nqA3SE9gaRmf3ztoNBRaHHts8MyafMP7sr6aMMi8mq36h6WNlF6x9+ixvIxrFw7UlZ IAuO7b4pwpE8r++FXzjgJNjcL0dosM2cM6FeXHipn0HeFmrK8bYRZkp03q0RTdjcsxvC xB/9EfCxdyHAaDnOQpYvl8w/exn1fm84Eh75/8y/mm9JzJYxH5UVo6FASHxiile/15y7 vdALEimC27EzFoG8PZs4vASaLS/fY/26d8dP3pguwA+fau6mqxnirGvXMFtOEJcJ1bE4 /S+LeysSuOhCB9MGFG7FnHBZA+GPJbjdFzfbQ92FN5RdeVE+PkM1ZX6DKcdp60ZHShNx zShA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716966595; x=1717571395; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ppWh6NKQYdWs0IByPlxTYWyYUwCJ5vCPvljvtNRXhi8=; b=L2N02layryeS82/mVDLTZEs+NVfby6jsIlPklsZ831/C+tGsP3mF6wJ8KQtDP69Zs8 rE/llilRRcHRXpJ567a9R/WnbNjq0rVAKOWxpPyq/0jaTrNFiqTL9ypB5M80ILMO+o/o B0eSCQe0fpFvct6W90EDFePqR+cysrX7bzHAASAF9qKhDhep1cSUfI02szQxADUW2TSE mCl9SEmqdnHjz+Gx0WlvkjKV3AZEcKLR8zf5kqEhWUgMgeBdB7s+J1nMKY4cOrruAuh1 KlYAv0ulcJZfHzcN65gCl5SYdweDOH+xY/gyB0jYmvvhxsiwf3mmw6Snxi38iK8DR97T r9mg== X-Forwarded-Encrypted: i=1; AJvYcCVS6qEXYMxLZwQhZTKPKT6mekk9Wz1TtrhleKidGbtJsQbTIsKkl2/s3/QIdb6B7a/OVNBOqkiCVmIIy8y3zbMWqFx3VNh1Otn48KZR X-Gm-Message-State: AOJu0YxxY5lnIYN+nLsfsDOH5y0cR8YiTdeeY967IIwL/AcpKp3S/LQ2 bob2Bz03FvAAl1eGp27L6KD9RikRPEmN+Oxf7HthDWJ4BVh6sJ2KNAXuOEtvJ44= X-Received: by 2002:a19:4319:0:b0:523:b261:3dde with SMTP id 2adb3069b0e04-52965199475mr8481737e87.41.1716966595081; Wed, 29 May 2024 00:09:55 -0700 (PDT) Received: from nuoska (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-5296ee4a8f2sm1169381e87.87.2024.05.29.00.09.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 May 2024 00:09:54 -0700 (PDT) Date: Wed, 29 May 2024 10:09:52 +0300 From: Mikko Rapeli To: Sumit Garg Cc: Jens Wiklander , Jerome Forissier , linux-kernel@vger.kernel.org, linux-mmc@vger.kernel.org, op-tee@lists.trustedfirmware.org, Shyam Saini , Ulf Hansson , Linus Walleij , Ilias Apalodimas , Bart Van Assche , Randy Dunlap , Ard Biesheuvel , Arnd Bergmann , Greg Kroah-Hartman , Manuel Traut Subject: Re: [PATCH v7 4/4] optee: probe RPMB device using RPMB subsystem Message-ID: References: <20240527121340.3931987-1-jens.wiklander@linaro.org> <20240527121340.3931987-5-jens.wiklander@linaro.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Hi, On Wed, May 29, 2024 at 10:56:04AM +0530, Sumit Garg wrote: > Hi Mikko, > > On Tue, 28 May 2024 at 15:00, Mikko Rapeli wrote: > > > > Hi, > > > > On Mon, May 27, 2024 at 03:24:01PM +0200, Jens Wiklander wrote: > > > On Mon, May 27, 2024 at 3:00 PM Jerome Forissier > > > wrote: > > > > > > > > On 5/27/24 14:13, Jens Wiklander wrote: > > > > > Adds support in the OP-TEE drivers (both SMC and FF-A ABIs) to probe and > > > > > use an RPMB device via the RPMB subsystem instead of passing the RPMB > > > > > frames via tee-supplicant in user space. A fallback mechanism is kept to > > > > > route RPMB frames via tee-supplicant if the RPMB subsystem isn't > > > > > available. > > > > > > > > > > The OP-TEE RPC ABI is extended to support iterating over all RPMB > > > > > devices until one is found with the expected RPMB key already > > > > > programmed. > > > > > > > > > > Signed-off-by: Jens Wiklander > > > > > Tested-by: Manuel Traut > > > > > --- > > > > > Documentation/ABI/testing/sysfs-class-tee | 15 ++ > > > > > MAINTAINERS | 1 + > > > > > drivers/tee/optee/core.c | 96 +++++++++++- > > > > > drivers/tee/optee/device.c | 7 + > > > > > drivers/tee/optee/ffa_abi.c | 14 ++ > > > > > drivers/tee/optee/optee_ffa.h | 2 + > > > > > drivers/tee/optee/optee_private.h | 26 +++- > > > > > drivers/tee/optee/optee_rpc_cmd.h | 35 +++++ > > > > > drivers/tee/optee/optee_smc.h | 2 + > > > > > drivers/tee/optee/rpc.c | 177 ++++++++++++++++++++++ > > > > > drivers/tee/optee/smc_abi.c | 14 ++ > > > > > 11 files changed, 387 insertions(+), 2 deletions(-) > > > > > create mode 100644 Documentation/ABI/testing/sysfs-class-tee > > > > > > > > > > diff --git a/Documentation/ABI/testing/sysfs-class-tee b/Documentation/ABI/testing/sysfs-class-tee > > > > > new file mode 100644 > > > > > index 000000000000..c9144d16003e > > > > > --- /dev/null > > > > > +++ b/Documentation/ABI/testing/sysfs-class-tee > > > > > @@ -0,0 +1,15 @@ > > > > > +What: /sys/class/tee/tee{,priv}X/rpmb_routing_model > > > > > > > > Wouldn't /sys/class/tee/teeX/rpmb_routing_model be good enough? > > > > > > Doesn't the routing model concern tee-supplicant more than a TEE > > > client? Then it might make more sense to have > > > /sys/class/tee/teeprivX/rpmb_routing_model only. Keeping it for both > > > devices representing the same internal struct optee makes it easier to > > > find. Anyway, I don't mind removing one. Mikko, what do you prefer? > > > > As simple as possible. A single sysfs file is enough. Even the existence of the sysfs file > > could be the needed indicator for userspace to queue tee-supplicant startup. > > > > Outside of these patches, I think the optee RPC setup with fTPM TA is one area which > > currently requires tee-supplicant to be started. Detecting the existence of TPM before > > kernel drivers are loaded is possible via the exported EFI logs from firmware to kernel > > or ACPI TPM2 table entry, and detecting optee and thus starting tee-supplicant in userspace too. > > One thing I am trying to find an answer about is why do we need to > defer tee-supplicant launch if it's bundled into initrd? Once you > detect OP-TEE then tee-supplicant should be launched unconditionally. > As per your example below, the motivation here seems to be the TPM2 > device dependent on RPMB backend but what if other future systemd > services come up and depend on other services offered by > tee-supplicant? There is an annoying depedency between firmware side optee and TAs, and kernel optee driver, tee-supplicant in userspace and kernel TA drivers like fTPM. Kernel fTPM driver and fTPM TA require tee-supplicant in userspace for RPMB, RPC etc. This patch series is adding kernel side support for RPMB handling so that the dependency to tee-supplicant in userspace can be removed. For fTPM use case, there is still the optee RPC buffer setup which currently requires tee-supplicant in userspace or fTPM TA will panic. So yes, currently, tee-supplicant must be started. But it would be great if kernel drivers and firmware optee trusted applications would not depend on tee-supplicant running in userspace. The startup sequence is really tricky to get right. My fTPM use case is using the TPM device to encrypt rootfs and thus all SW components including tee-supplicant need to run early in initramfs. Currently also switch from initramfs to main rootfs requires unloading fTPM kernel driver and stopping tee-supplicant in initrd, and then starting tee-supplicant and loading fTPM kernel driver from main rootfs. udev and automatic module loading for fTPM can not be used due to the tee-supplicant userspace dependency. As an example, here is v6 of this series on rockpi4b using fTPM TA with systemd based initrd without tee-supplicant and fTPM TA panics because the RPC setup is missing: https://ledge.validation.linaro.org/scheduler/job/87488 [[0;32m OK [0m] Finished [0;1;39mFile System Check on /dev/mapper/usr[0m. E/TC:? 0 get_rpc_alloc_res:645 RPC allocation failed. Non-secure world result: ret=0xffff000c ret_origin=0x2 E/TC:? 0 E/TC:? 0 TA panicked with code 0xffff000c E/LD: Status of TA bc50d971-d4c9-42c4-82cb-343fb7f37896 E/LD: arch: aarch64 E/LD: region 0: va 0x40005000 pa 0x3061b000 size 0x002000 flags rw-s (ldelf) E/LD: region 1: va 0x40007000 pa 0x3061d000 size 0x008000 flags r-xs (ldelf) E/LD: region 2: va 0x4000f000 pa 0x30625000 size 0x001000 flags rw-s (ldelf) E/LD: region 3: va 0x40010000 pa 0x30626000 size 0x004000 flags rw-s (ldelf) E/LD: region 4: va 0x40014000 pa 0x3062a000 size 0x001000 flags r--s E/LD: region 5: va 0x40015000 pa 0x306b2000 size 0x011000 flags rw-s (stack) E/LD: region 6: va 0x40026000 pa 0xe50ce000 size 0x002000 flags rw-- (param) E/LD: region 7: va 0x40062000 pa 0x00001000 size 0x068000 flags r-xs [0] E/LD: region 8: va 0x400ca000 pa 0x00069000 size 0x01f000 flags rw-s [0] E/LD: [0] bc50d971-d4c9-42c4-82cb-343fb7f37896 @ 0x40062000 E/LD: Call stack: E/LD: 0x400a00c0 E/LD: 0x40062b40 E/LD: 0x400631b8 E/LD: 0x40081f44 E/LD: 0x4009b060 E/LD: 0x40063a2c E/LD: 0x400a6298 E/LD: 0x4009b214 [ 7.212584] tpm tpm0: ftpm_tee_tpm_op_send: SUBMIT_COMMAND invoke error: 0xffff3024 [ 7.213281] tpm tpm0: tpm_try_transmit: send(): error -53212 [ 7.213820] tpm tpm0: ftpm_tee_tpm_op_send: SUBMIT_COMMAND invoke error: 0xffff3024 [ 7.214493] tpm tpm0: tpm_try_transmit: send(): error -53212 [ 7.214996] optee-ftpm optee-ta-bc50d971-d4c9-42c4-82cb-343fb7f37896: ftpm_tee_probe: tpm_chip_register failed with rc=-53212 Mounting [0;1;39m/sysusr/usr[0m... This series adds the RPMB support in kernel, if HW supports it, but some HW doesn't and the tee-supplicant is emulating it as fall back. Userspace needs to know if tee-supplicant start is needed. Thus to me, exporting the RPMB routing details is useful for userspace. It's one thing to have a full control of HW and SW and force a policy, like always waiting for a specific TPM device to appear, but then again distros should be able to have automatic detection of TPM devices if firmware used them too and then start the needed bits in userspace, which depend on the firmware and HW configuration, like which SW components are needed for RPMB storage, kernel or tee-supplicant in userspace. These could possibly be just bugs in fTPM kernel driver and fTPM TA in optee world, which should be able to handle missing RPC and RPMB too and retry later on. Right now without tee-supplicant they panic early in boot and become unusable for the rest of the power cycle. Cheers, -Mikko