From: Sumit Garg <sumit.garg@linaro.org>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Mimi Zohar <zohar@linux.ibm.com>,
James Bottomley <jejb@linux.ibm.com>
Cc: "tee-dev @ lists . linaro . org" <tee-dev@lists.linaro.org>,
Daniel Thompson <daniel.thompson@linaro.org>,
op-tee@lists.trustedfirmware.org,
Jonathan Corbet <corbet@lwn.net>,
Janne Karhunen <janne.karhunen@gmail.com>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
James Morris <jmorris@namei.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
dhowells@redhat.com, linux-security-module@vger.kernel.org,
"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
Markus Wamser <Markus.Wamser@mixed-mode.de>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-integrity@vger.kernel.org,
Jens Wiklander <jens.wiklander@linaro.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH v4 0/4] Introduce TEE based Trusted Keys support
Date: Tue, 12 May 2020 09:32:42 +0000 [thread overview]
Message-ID: <CAFA6WYNgBQDBY+670fG38Yrg8tMg6U74TW12WON=9dVvsT0t6w@mail.gmail.com> (raw)
In-Reply-To: <1588758017-30426-1-git-send-email-sumit.garg@linaro.org>
On Wed, 6 May 2020 at 15:10, Sumit Garg <sumit.garg@linaro.org> wrote:
>
> Add support for TEE based trusted keys where TEE provides the functionality
> to seal and unseal trusted keys using hardware unique key. Also, this is
> an alternative in case platform doesn't possess a TPM device.
>
> This patch-set has been tested with OP-TEE based early TA which can be
> found here [1].
>
> [1] https://github.com/OP-TEE/optee_os/pull/3838
Fyi, this PR has been merged in OP-TEE OS as commit [1]. Looking
forward to any further comments/feedback on this patch-set.
[1] https://github.com/OP-TEE/optee_os/commit/f86ab8e7e0de869dfa25ca05a37ee070d7e5b86b
-Sumit
>
> Changes in v4:
> 1. Pushed independent TEE features separately:
> - Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062
> 2. Updated trusted-encrypted doc with TEE as a new trust source.
> 3. Rebased onto latest tpmdd/master.
>
> Changes in v3:
> 1. Update patch #2 to support registration of multiple kernel pages.
> 2. Incoporate dependency patch #4 in this patch-set:
> https://patchwork.kernel.org/patch/11091435/
>
> Changes in v2:
> 1. Add reviewed-by tags for patch #1 and #2.
> 2. Incorporate comments from Jens for patch #3.
> 3. Switch to use generic trusted keys framework.
>
> Sumit Garg (4):
> KEYS: trusted: Add generic trusted keys framework
> KEYS: trusted: Introduce TEE based Trusted Keys
> doc: trusted-encrypted: updates with TEE as a new trust source
> MAINTAINERS: Add entry for TEE based Trusted Keys
>
> Documentation/security/keys/trusted-encrypted.rst | 203 ++++++++++---
> MAINTAINERS | 8 +
> include/keys/trusted-type.h | 48 ++++
> include/keys/trusted_tee.h | 66 +++++
> include/keys/trusted_tpm.h | 15 -
> security/keys/Kconfig | 3 +
> security/keys/trusted-keys/Makefile | 2 +
> security/keys/trusted-keys/trusted_common.c | 336 ++++++++++++++++++++++
> security/keys/trusted-keys/trusted_tee.c | 282 ++++++++++++++++++
> security/keys/trusted-keys/trusted_tpm1.c | 335 ++++-----------------
> 10 files changed, 974 insertions(+), 324 deletions(-)
> create mode 100644 include/keys/trusted_tee.h
> create mode 100644 security/keys/trusted-keys/trusted_common.c
> create mode 100644 security/keys/trusted-keys/trusted_tee.c
>
> --
> 2.7.4
>
WARNING: multiple messages have this Message-ID (diff)
From: Sumit Garg <sumit.garg@linaro.org>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Mimi Zohar <zohar@linux.ibm.com>,
James Bottomley <jejb@linux.ibm.com>
Cc: dhowells@redhat.com, Jens Wiklander <jens.wiklander@linaro.org>,
Jonathan Corbet <corbet@lwn.net>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Janne Karhunen <janne.karhunen@gmail.com>,
Daniel Thompson <daniel.thompson@linaro.org>,
Markus Wamser <Markus.Wamser@mixed-mode.de>,
"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
op-tee@lists.trustedfirmware.org,
"tee-dev @ lists . linaro . org" <tee-dev@lists.linaro.org>
Subject: Re: [PATCH v4 0/4] Introduce TEE based Trusted Keys support
Date: Tue, 12 May 2020 14:50:42 +0530 [thread overview]
Message-ID: <CAFA6WYNgBQDBY+670fG38Yrg8tMg6U74TW12WON=9dVvsT0t6w@mail.gmail.com> (raw)
In-Reply-To: <1588758017-30426-1-git-send-email-sumit.garg@linaro.org>
On Wed, 6 May 2020 at 15:10, Sumit Garg <sumit.garg@linaro.org> wrote:
>
> Add support for TEE based trusted keys where TEE provides the functionality
> to seal and unseal trusted keys using hardware unique key. Also, this is
> an alternative in case platform doesn't possess a TPM device.
>
> This patch-set has been tested with OP-TEE based early TA which can be
> found here [1].
>
> [1] https://github.com/OP-TEE/optee_os/pull/3838
Fyi, this PR has been merged in OP-TEE OS as commit [1]. Looking
forward to any further comments/feedback on this patch-set.
[1] https://github.com/OP-TEE/optee_os/commit/f86ab8e7e0de869dfa25ca05a37ee070d7e5b86b
-Sumit
>
> Changes in v4:
> 1. Pushed independent TEE features separately:
> - Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062
> 2. Updated trusted-encrypted doc with TEE as a new trust source.
> 3. Rebased onto latest tpmdd/master.
>
> Changes in v3:
> 1. Update patch #2 to support registration of multiple kernel pages.
> 2. Incoporate dependency patch #4 in this patch-set:
> https://patchwork.kernel.org/patch/11091435/
>
> Changes in v2:
> 1. Add reviewed-by tags for patch #1 and #2.
> 2. Incorporate comments from Jens for patch #3.
> 3. Switch to use generic trusted keys framework.
>
> Sumit Garg (4):
> KEYS: trusted: Add generic trusted keys framework
> KEYS: trusted: Introduce TEE based Trusted Keys
> doc: trusted-encrypted: updates with TEE as a new trust source
> MAINTAINERS: Add entry for TEE based Trusted Keys
>
> Documentation/security/keys/trusted-encrypted.rst | 203 ++++++++++---
> MAINTAINERS | 8 +
> include/keys/trusted-type.h | 48 ++++
> include/keys/trusted_tee.h | 66 +++++
> include/keys/trusted_tpm.h | 15 -
> security/keys/Kconfig | 3 +
> security/keys/trusted-keys/Makefile | 2 +
> security/keys/trusted-keys/trusted_common.c | 336 ++++++++++++++++++++++
> security/keys/trusted-keys/trusted_tee.c | 282 ++++++++++++++++++
> security/keys/trusted-keys/trusted_tpm1.c | 335 ++++-----------------
> 10 files changed, 974 insertions(+), 324 deletions(-)
> create mode 100644 include/keys/trusted_tee.h
> create mode 100644 security/keys/trusted-keys/trusted_common.c
> create mode 100644 security/keys/trusted-keys/trusted_tee.c
>
> --
> 2.7.4
>
WARNING: multiple messages have this Message-ID (diff)
From: Sumit Garg <sumit.garg@linaro.org>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Mimi Zohar <zohar@linux.ibm.com>,
James Bottomley <jejb@linux.ibm.com>
Cc: "tee-dev @ lists . linaro . org" <tee-dev@lists.linaro.org>,
Daniel Thompson <daniel.thompson@linaro.org>,
op-tee@lists.trustedfirmware.org,
Jonathan Corbet <corbet@lwn.net>,
Janne Karhunen <janne.karhunen@gmail.com>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
James Morris <jmorris@namei.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
dhowells@redhat.com, linux-security-module@vger.kernel.org,
"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
Markus Wamser <Markus.Wamser@mixed-mode.de>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-integrity@vger.kernel.org,
Jens Wiklander <jens.wiklander@linaro.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH v4 0/4] Introduce TEE based Trusted Keys support
Date: Tue, 12 May 2020 14:50:42 +0530 [thread overview]
Message-ID: <CAFA6WYNgBQDBY+670fG38Yrg8tMg6U74TW12WON=9dVvsT0t6w@mail.gmail.com> (raw)
In-Reply-To: <1588758017-30426-1-git-send-email-sumit.garg@linaro.org>
On Wed, 6 May 2020 at 15:10, Sumit Garg <sumit.garg@linaro.org> wrote:
>
> Add support for TEE based trusted keys where TEE provides the functionality
> to seal and unseal trusted keys using hardware unique key. Also, this is
> an alternative in case platform doesn't possess a TPM device.
>
> This patch-set has been tested with OP-TEE based early TA which can be
> found here [1].
>
> [1] https://github.com/OP-TEE/optee_os/pull/3838
Fyi, this PR has been merged in OP-TEE OS as commit [1]. Looking
forward to any further comments/feedback on this patch-set.
[1] https://github.com/OP-TEE/optee_os/commit/f86ab8e7e0de869dfa25ca05a37ee070d7e5b86b
-Sumit
>
> Changes in v4:
> 1. Pushed independent TEE features separately:
> - Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062
> 2. Updated trusted-encrypted doc with TEE as a new trust source.
> 3. Rebased onto latest tpmdd/master.
>
> Changes in v3:
> 1. Update patch #2 to support registration of multiple kernel pages.
> 2. Incoporate dependency patch #4 in this patch-set:
> https://patchwork.kernel.org/patch/11091435/
>
> Changes in v2:
> 1. Add reviewed-by tags for patch #1 and #2.
> 2. Incorporate comments from Jens for patch #3.
> 3. Switch to use generic trusted keys framework.
>
> Sumit Garg (4):
> KEYS: trusted: Add generic trusted keys framework
> KEYS: trusted: Introduce TEE based Trusted Keys
> doc: trusted-encrypted: updates with TEE as a new trust source
> MAINTAINERS: Add entry for TEE based Trusted Keys
>
> Documentation/security/keys/trusted-encrypted.rst | 203 ++++++++++---
> MAINTAINERS | 8 +
> include/keys/trusted-type.h | 48 ++++
> include/keys/trusted_tee.h | 66 +++++
> include/keys/trusted_tpm.h | 15 -
> security/keys/Kconfig | 3 +
> security/keys/trusted-keys/Makefile | 2 +
> security/keys/trusted-keys/trusted_common.c | 336 ++++++++++++++++++++++
> security/keys/trusted-keys/trusted_tee.c | 282 ++++++++++++++++++
> security/keys/trusted-keys/trusted_tpm1.c | 335 ++++-----------------
> 10 files changed, 974 insertions(+), 324 deletions(-)
> create mode 100644 include/keys/trusted_tee.h
> create mode 100644 security/keys/trusted-keys/trusted_common.c
> create mode 100644 security/keys/trusted-keys/trusted_tee.c
>
> --
> 2.7.4
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-05-12 9:32 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-06 9:40 [PATCH v4 0/4] Introduce TEE based Trusted Keys support Sumit Garg
2020-05-06 9:52 ` Sumit Garg
2020-05-06 9:40 ` Sumit Garg
2020-05-06 9:40 ` [PATCH v4 1/4] KEYS: trusted: Add generic trusted keys framework Sumit Garg
2020-05-06 9:52 ` Sumit Garg
2020-05-06 9:40 ` Sumit Garg
2020-05-14 0:25 ` Jarkko Sakkinen
2020-05-14 0:25 ` Jarkko Sakkinen
2020-05-14 0:25 ` Jarkko Sakkinen
2020-05-14 11:23 ` Sumit Garg
2020-05-14 11:35 ` Sumit Garg
2020-05-14 11:23 ` Sumit Garg
2020-05-15 0:00 ` Jarkko Sakkinen
2020-05-15 0:00 ` Jarkko Sakkinen
2020-05-15 0:00 ` Jarkko Sakkinen
2020-06-01 2:00 ` Jarkko Sakkinen
2020-06-01 2:00 ` Jarkko Sakkinen
2020-06-01 2:00 ` Jarkko Sakkinen
2020-06-01 8:50 ` Sumit Garg
2020-06-01 8:50 ` Sumit Garg
2020-06-01 8:50 ` Sumit Garg
2020-06-02 7:08 ` Jarkko Sakkinen
2020-06-02 7:08 ` Jarkko Sakkinen
2020-06-02 7:08 ` Jarkko Sakkinen
2020-06-01 2:11 ` Jarkko Sakkinen
2020-06-01 2:11 ` Jarkko Sakkinen
2020-06-01 2:11 ` Jarkko Sakkinen
2020-06-01 9:11 ` Sumit Garg
2020-06-01 9:23 ` Sumit Garg
2020-06-01 9:11 ` Sumit Garg
2020-06-02 7:14 ` Jarkko Sakkinen
2020-06-02 7:14 ` Jarkko Sakkinen
2020-06-02 7:14 ` Jarkko Sakkinen
2020-06-02 8:40 ` Sumit Garg
2020-06-02 8:52 ` Sumit Garg
2020-06-02 8:40 ` Sumit Garg
2020-05-06 9:40 ` [PATCH v4 2/4] KEYS: trusted: Introduce TEE based Trusted Keys Sumit Garg
2020-05-06 9:52 ` Sumit Garg
2020-05-06 9:40 ` Sumit Garg
2020-05-14 0:28 ` Jarkko Sakkinen
2020-05-14 0:28 ` Jarkko Sakkinen
2020-05-14 0:28 ` Jarkko Sakkinen
2020-05-14 7:27 ` Sumit Garg
2020-05-14 7:39 ` Sumit Garg
2020-05-14 7:27 ` Sumit Garg
2020-05-14 23:43 ` Jarkko Sakkinen
2020-05-14 23:43 ` Jarkko Sakkinen
2020-05-14 23:43 ` Jarkko Sakkinen
2020-05-06 9:40 ` [PATCH v4 3/4] doc: trusted-encrypted: updates with TEE as a new trust source Sumit Garg
2020-05-06 9:52 ` Sumit Garg
2020-05-06 9:40 ` Sumit Garg
2020-05-14 0:29 ` Jarkko Sakkinen
2020-05-14 0:29 ` Jarkko Sakkinen
2020-05-14 0:29 ` Jarkko Sakkinen
2020-05-06 9:40 ` [PATCH v4 4/4] MAINTAINERS: Add entry for TEE based Trusted Keys Sumit Garg
2020-05-06 9:52 ` Sumit Garg
2020-05-06 9:40 ` Sumit Garg
2020-05-14 0:35 ` Jarkko Sakkinen
2020-05-14 0:35 ` Jarkko Sakkinen
2020-05-14 0:35 ` Jarkko Sakkinen
2020-05-12 9:20 ` Sumit Garg [this message]
2020-05-12 9:32 ` [PATCH v4 0/4] Introduce TEE based Trusted Keys support Sumit Garg
2020-05-12 9:20 ` Sumit Garg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFA6WYNgBQDBY+670fG38Yrg8tMg6U74TW12WON=9dVvsT0t6w@mail.gmail.com' \
--to=sumit.garg@linaro.org \
--cc=Markus.Wamser@mixed-mode.de \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=daniel.thompson@linaro.org \
--cc=dhowells@redhat.com \
--cc=janne.karhunen@gmail.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jejb@linux.ibm.com \
--cc=jens.wiklander@linaro.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=op-tee@lists.trustedfirmware.org \
--cc=serge@hallyn.com \
--cc=tee-dev@lists.linaro.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.