From: Sumit Garg <sumit.garg@linaro.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
James Bottomley <jejb@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
Jens Wiklander <jens.wiklander@linaro.org>,
Jonathan Corbet <corbet@lwn.net>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Janne Karhunen <janne.karhunen@gmail.com>,
Daniel Thompson <daniel.thompson@linaro.org>,
Markus Wamser <Markus.Wamser@mixed-mode.de>,
Luke Hinds <lhinds@redhat.com>,
"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
op-tee@lists.trustedfirmware.org
Subject: Re: [PATCH v7 1/4] KEYS: trusted: Add generic trusted keys framework
Date: Wed, 21 Oct 2020 11:16:33 +0530 [thread overview]
Message-ID: <CAFA6WYM7aJwP9j_ayGvbJPu-cyv87rsm9N4Wj2OCOMnmfDx+Rw@mail.gmail.com> (raw)
In-Reply-To: <8e07f9401c9f7e18fb1453b7b290472c0049c6e6.camel@linux.ibm.com>
Thanks Mimi for your comments.
On Wed, 21 Oct 2020 at 08:51, Mimi Zohar <zohar@linux.ibm.com> wrote:
>
> On Wed, 2020-10-07 at 15:37 +0530, Sumit Garg wrote:
>
> > +/*
> > + * trusted_destroy - clear and free the key's payload
> > + */
> > +static void trusted_destroy(struct key *key)
> > +{
> > + kfree_sensitive(key->payload.data[0]);
> > +}
> > +
> > +struct key_type key_type_trusted = {
> > + .name = "trusted",
> > + .instantiate = trusted_instantiate,
> > + .update = trusted_update,
> > + .destroy = trusted_destroy,
> > + .describe = user_describe,
> > + .read = trusted_read,
> > +};
> > +EXPORT_SYMBOL_GPL(key_type_trusted);
> > +
> > +static int __init init_trusted(void)
> > +{
> > + int i, ret = 0;
> > +
> > + for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) {
> > + if (trusted_key_source &&
> > + strncmp(trusted_key_source, trusted_key_sources[i].name,
> > + strlen(trusted_key_sources[i].name)))
> > + continue;
> > +
> > + trusted_key_ops = trusted_key_sources[i].ops;
> > +
> > + ret = trusted_key_ops->init();
> > + if (!ret)
> > + break;
> > + }
>
> In the case when the module paramater isn't specified and both TPM and
> TEE are enabled, trusted_key_ops is set to the last source initialized.
I guess there is some misunderstanding. Here it's only a single trust
source (TPM *or* TEE) is initialized and only that trust source would
be active at runtime. And trusted_key_ops would be initialized to the
first trust source whose initialization is successful (see check: "if
(!ret)").
> After patch 2/4, the last trusted source initialized is TEE. If the
> intention is to limit it to either TPM or TEE, then trusted_key_ops
> should have a default value, which could be overwritten at runtime.
> That would address Luke Hind's concerns of making the decision at
> compile time.
I think traversing the trust source list with the initial value being
TPM would be default value.
>
> trusted_key_ops should be defined as __ro_after_init, like is currently
> done for other LSM structures.
Sure, will do.
>
> > +
> > + /*
> > + * encrypted_keys.ko depends on successful load of this module even if
> > + * trusted key implementation is not found.
> > + */
> > + if (ret == -ENODEV)
> > + return 0;
> > +
> > + return ret;
> > +}
> > +
> > +static void __exit cleanup_trusted(void)
> > +{
> > + trusted_key_ops->exit();
>
> If the intention is really to support both TPM and TEE trusted keys at
> the same time, as James suggested, then the same "for" loop as in
> init_trusted() is needed here and probably elsewhere.
Current intention is to only support a single trust source (TPM or
TEE) at runtime. But in future if there are use-cases then framework
can be extended to support multiple trust sources at runtime as well.
-Sumit
>
> thanks,
>
> Mimi
>
WARNING: multiple messages have this Message-ID (diff)
From: Sumit Garg <sumit.garg@linaro.org>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: linux-security-module@vger.kernel.org,
Daniel Thompson <daniel.thompson@linaro.org>,
op-tee@lists.trustedfirmware.org,
Jonathan Corbet <corbet@lwn.net>,
James Bottomley <jejb@linux.ibm.com>,
Janne Karhunen <janne.karhunen@gmail.com>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
James Morris <jmorris@namei.org>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
Luke Hinds <lhinds@redhat.com>,
"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
Markus Wamser <Markus.Wamser@mixed-mode.de>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-integrity@vger.kernel.org,
Jens Wiklander <jens.wiklander@linaro.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH v7 1/4] KEYS: trusted: Add generic trusted keys framework
Date: Wed, 21 Oct 2020 11:16:33 +0530 [thread overview]
Message-ID: <CAFA6WYM7aJwP9j_ayGvbJPu-cyv87rsm9N4Wj2OCOMnmfDx+Rw@mail.gmail.com> (raw)
In-Reply-To: <8e07f9401c9f7e18fb1453b7b290472c0049c6e6.camel@linux.ibm.com>
Thanks Mimi for your comments.
On Wed, 21 Oct 2020 at 08:51, Mimi Zohar <zohar@linux.ibm.com> wrote:
>
> On Wed, 2020-10-07 at 15:37 +0530, Sumit Garg wrote:
>
> > +/*
> > + * trusted_destroy - clear and free the key's payload
> > + */
> > +static void trusted_destroy(struct key *key)
> > +{
> > + kfree_sensitive(key->payload.data[0]);
> > +}
> > +
> > +struct key_type key_type_trusted = {
> > + .name = "trusted",
> > + .instantiate = trusted_instantiate,
> > + .update = trusted_update,
> > + .destroy = trusted_destroy,
> > + .describe = user_describe,
> > + .read = trusted_read,
> > +};
> > +EXPORT_SYMBOL_GPL(key_type_trusted);
> > +
> > +static int __init init_trusted(void)
> > +{
> > + int i, ret = 0;
> > +
> > + for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) {
> > + if (trusted_key_source &&
> > + strncmp(trusted_key_source, trusted_key_sources[i].name,
> > + strlen(trusted_key_sources[i].name)))
> > + continue;
> > +
> > + trusted_key_ops = trusted_key_sources[i].ops;
> > +
> > + ret = trusted_key_ops->init();
> > + if (!ret)
> > + break;
> > + }
>
> In the case when the module paramater isn't specified and both TPM and
> TEE are enabled, trusted_key_ops is set to the last source initialized.
I guess there is some misunderstanding. Here it's only a single trust
source (TPM *or* TEE) is initialized and only that trust source would
be active at runtime. And trusted_key_ops would be initialized to the
first trust source whose initialization is successful (see check: "if
(!ret)").
> After patch 2/4, the last trusted source initialized is TEE. If the
> intention is to limit it to either TPM or TEE, then trusted_key_ops
> should have a default value, which could be overwritten at runtime.
> That would address Luke Hind's concerns of making the decision at
> compile time.
I think traversing the trust source list with the initial value being
TPM would be default value.
>
> trusted_key_ops should be defined as __ro_after_init, like is currently
> done for other LSM structures.
Sure, will do.
>
> > +
> > + /*
> > + * encrypted_keys.ko depends on successful load of this module even if
> > + * trusted key implementation is not found.
> > + */
> > + if (ret == -ENODEV)
> > + return 0;
> > +
> > + return ret;
> > +}
> > +
> > +static void __exit cleanup_trusted(void)
> > +{
> > + trusted_key_ops->exit();
>
> If the intention is really to support both TPM and TEE trusted keys at
> the same time, as James suggested, then the same "for" loop as in
> init_trusted() is needed here and probably elsewhere.
Current intention is to only support a single trust source (TPM or
TEE) at runtime. But in future if there are use-cases then framework
can be extended to support multiple trust sources at runtime as well.
-Sumit
>
> thanks,
>
> Mimi
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-10-21 5:46 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-07 10:07 [PATCH v7 0/4] Introduce TEE based Trusted Keys support Sumit Garg
2020-10-07 10:19 ` Sumit Garg
2020-10-07 10:07 ` Sumit Garg
2020-10-07 10:07 ` [PATCH v7 1/4] KEYS: trusted: Add generic trusted keys framework Sumit Garg
2020-10-07 10:19 ` Sumit Garg
2020-10-07 10:07 ` Sumit Garg
2020-10-13 1:43 ` Jarkko Sakkinen
2020-10-13 1:43 ` Jarkko Sakkinen
2020-10-13 1:43 ` Jarkko Sakkinen
2020-10-13 10:53 ` Sumit Garg
2020-10-13 10:53 ` Sumit Garg
2020-10-13 10:53 ` Sumit Garg
2020-10-13 11:59 ` Jarkko Sakkinen
2020-10-13 11:59 ` Jarkko Sakkinen
2020-10-13 11:59 ` Jarkko Sakkinen
2020-10-14 5:04 ` Sumit Garg
2020-10-14 5:16 ` Sumit Garg
2020-10-14 5:04 ` Sumit Garg
2020-10-21 3:21 ` Mimi Zohar
2020-10-21 3:21 ` Mimi Zohar
2020-10-21 5:46 ` Sumit Garg [this message]
2020-10-21 5:46 ` Sumit Garg
2020-10-21 12:25 ` Mimi Zohar
2020-10-21 12:25 ` Mimi Zohar
2020-10-22 11:40 ` Sumit Garg
2020-10-22 11:40 ` Sumit Garg
2020-10-07 10:07 ` [PATCH v7 2/4] KEYS: trusted: Introduce TEE based Trusted Keys Sumit Garg
2020-10-07 10:19 ` Sumit Garg
2020-10-07 10:07 ` Sumit Garg
2020-10-13 1:52 ` Jarkko Sakkinen
2020-10-13 1:52 ` Jarkko Sakkinen
2020-10-13 1:52 ` Jarkko Sakkinen
2020-10-13 11:01 ` Sumit Garg
2020-10-13 11:13 ` Sumit Garg
2020-10-13 11:01 ` Sumit Garg
2020-10-07 10:07 ` [PATCH v7 3/4] doc: trusted-encrypted: updates with TEE as a new trust source Sumit Garg
2020-10-07 10:19 ` Sumit Garg
2020-10-07 10:07 ` Sumit Garg
2020-10-07 10:07 ` [PATCH v7 4/4] MAINTAINERS: Add entry for TEE based Trusted Keys Sumit Garg
2020-10-07 10:19 ` Sumit Garg
2020-10-07 10:07 ` Sumit Garg
2020-10-13 2:21 ` Jarkko Sakkinen
2020-10-13 2:21 ` Jarkko Sakkinen
2020-10-13 2:21 ` Jarkko Sakkinen
2020-10-13 11:28 ` Sumit Garg
2020-10-13 11:40 ` Sumit Garg
2020-10-13 11:28 ` Sumit Garg
2020-10-13 13:40 ` Jarkko Sakkinen
2020-10-13 13:40 ` Jarkko Sakkinen
2020-10-13 13:40 ` Jarkko Sakkinen
2020-10-14 5:06 ` Sumit Garg
2020-10-14 5:18 ` Sumit Garg
2020-10-14 5:06 ` Sumit Garg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFA6WYM7aJwP9j_ayGvbJPu-cyv87rsm9N4Wj2OCOMnmfDx+Rw@mail.gmail.com \
--to=sumit.garg@linaro.org \
--cc=Markus.Wamser@mixed-mode.de \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=daniel.thompson@linaro.org \
--cc=dhowells@redhat.com \
--cc=janne.karhunen@gmail.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jejb@linux.ibm.com \
--cc=jens.wiklander@linaro.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=lhinds@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=op-tee@lists.trustedfirmware.org \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.