From: Rob Herring <robh@kernel.org>
To: Yi Chou <yich@chromium.org>
Cc: krzysztof.kozlowski+dt@linaro.org, devicetree@vger.kernel.org,
devicetree-spec@vger.kernel.org, yich@google.com,
jens.wiklander@linaro.org, chenyian@google.com,
jkardatzke@google.com, jwerner@chromium.org, sjg@chromium.org
Subject: Re: [PATCH] dt-bindings: Add Google Widevine initialization parameters
Date: Mon, 18 Sep 2023 14:42:35 -0500 [thread overview]
Message-ID: <20230918194235.GA1548023-robh@kernel.org> (raw)
In-Reply-To: <20230908101539.2622864-1-yich@google.com>
On Fri, Sep 08, 2023 at 06:15:39PM +0800, Yi Chou wrote:
> The necessary fields to initialize the widevine related functions in
> OP-TEE.
>
> Signed-off-by: Yi Chou <yich@google.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>
> ---
> .../bindings/options/google,widevine.yaml | 124 ++++++++++++++++++
> 1 file changed, 124 insertions(+)
> create mode 100644 Documentation/devicetree/bindings/options/google,widevine.yaml
I don't think this belongs in the kernel. Weren't earlier versions
targeting dtschema? I'm okay with taking some stuff there, but if this
is the beginning of a bunch of things for OP-TEE, then they should go in
OP-TEE repo.
>
> diff --git a/Documentation/devicetree/bindings/options/google,widevine.yaml b/Documentation/devicetree/bindings/options/google,widevine.yaml
> new file mode 100644
> index 0000000000000..bf2b834cb1454
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/options/google,widevine.yaml
> @@ -0,0 +1,124 @@
> +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
> +%YAML 1.2
> +---
> +$id: http://devicetree.org/schemas/options/google,widevine.yaml#
> +$schema: http://devicetree.org/meta-schemas/core.yaml#
> +
> +title: Google Widevine initialization parameters.
> +
> +maintainers:
> + - Jeffrey Kardatzke <jkardatzke@chromium.org>
> + - Yi Chou <yich@chromium.org>
> +
> +description:
> + The necessary fields to initialize the widevine related functions in
> + OP-TEE. This node does not represent a real device, but serves as a
> + place for passing data between firmware and OP-TEE.
> + The public fields (e.g. tpm-auth-public-key & root-of-trust-cert) can
> + be ignored because it's safe to pass the public information with the
> + other methods(e.g. userland OP-TEE plugins).
> +
> +properties:
> + compatible:
> + const: google,widevine
> +
> + hardware-unique-key:
These all need a 'google,' prefix (or whoever they are specific too).
Unless we're saying, for example, 'root-of-trust-cert' will always
(globally) be an X.509 cert and in the same form.
> + $ref: /schemas/types.yaml#/definitions/uint8-array
maxItems: 32
> + description: |
> + The hardware-unique key of the Widevine OP-TEE. It will be used
> + to derive the secure storage key. The length should be 32 bytes.
And drop the text defining the length.
> + For more information, please reference:
> + https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html#hardware-unique-key
> +
> + tpm-auth-public-key:
'tcg,' prefix here since this is defined by TCG.
> + $ref: /schemas/types.yaml#/definitions/uint8-array
> + description: |
> + The TPM auth public key. Used to communicate the TPM from OP-TEE.
> + The format of data should be TPM2B_PUBLIC.
> + For more information, please reference the 12.2.5 section:
> + https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part2_Structures_pub.pdf
maxItems: 65537
(Maybe something less, but since the size field is uint16, it can't be
more than that)
> +
> + root-of-trust:
> + $ref: /schemas/types.yaml#/definitions/uint8-array
> + description: |
> + The Widevine root of trust secret. Used to sign the widevine
> + request in OP-TEE. The length should be 32 bytes. The value
maxItems: 32
> + is an ECC NIST P-256 scalar.
> + For more information, please reference the G.1.2 section:
> + https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-186.pdf
> +
> + root-of-trust-cert:
> + $ref: /schemas/types.yaml#/definitions/uint8-array
> + description: |
> + The X.509 certificate of the Widevine root of trust on this
> + device. Used to provision the device status with the Widevine
> + server in OP-TEE.
> + For more information, please reference:
> + https://www.itu.int/rec/T-REC-X.509
Size?
> +
> +required:
> + - compatible
> + - hardware-unique-key
> + - root-of-trust
> +
> +additionalProperties: false
> +
> +examples:
> + - |+
> + options {
> + widevine {
> + compatible = "google,widevine";
> + hardware-unique-key = [
> + 12 f7 98 d2 0e d2 85 92 a5 82 bf 98 b8 99 2b c0
> + c6 6f 19 85 79 86 65 18 55 eb ff 9b 6c c0 ac 27
> + ];
> + tpm-auth-public-key = [
> + 00 76 00 23 00 0b 00 02 04 b2 00 20 e1 47 bf 27
> + e1 74 30 c8 16 ab 72 4d 5c 77 e1 5c 61 2d 56 81
> + b3 35 cd 9d eb 67 41 37 69 f0 32 41 00 10 00 10
> + 00 03 00 10 00 20 70 9a df 50 f9 0f d5 f4 40 e0
> + ea 2c e8 f2 26 9f 0e 5c 02 70 16 c3 6c c1 83 03
> + 2d 04 10 bd 85 7a 00 20 83 03 c2 66 6e 01 32 34
> + 5c 5e 80 22 c7 48 24 3c 70 6b b8 e4 24 42 74 a9
> + cf fc ab f8 30 e9 de 51
> + ];
> + root-of-trust = [
> + ac 0d 86 c3 d7 b5 b7 a2 6f c3 d9 93 f7 de bc bb
> + d5 c4 25 9b 21 5f 36 af b5 dd 6d 29 9d 08 c0 10
> + ];
> + root-of-trust-cert = [
> + 30 82 01 f4 30 82 01 9b a0 03 02 01 02 02 10 11
> + 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 30
> + 0a 06 08 2a 86 48 ce 3d 04 03 02 30 0f 31 0d 30
> + 0b 06 03 55 04 03 0c 04 54 69 35 30 30 22 18 0f
> + 32 30 30 30 30 31 30 31 30 30 30 30 30 30 5a 18
> + 0f 32 30 39 39 31 32 33 31 32 33 35 39 35 39 5a
> + 30 0f 31 0d 30 0b 06 03 55 04 03 0c 04 54 69 35
> + 30 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 08
> + 2a 86 48 ce 3d 03 01 07 03 42 00 04 ec ef cb 0c
> + 68 7e 30 f4 d5 8f 2c 88 16 f4 7f b5 8b 5b 06 77
> + d7 47 fe 1e 91 4c a3 c5 a1 54 f5 40 9c f8 a5 4e
> + 85 a0 fa 05 1a 01 98 da e4 b1 e5 ff 95 0d cf 8f
> + d9 c1 ce 28 0f 91 75 ca 06 e4 91 3b a3 81 d4 30
> + 81 d1 30 1a 06 0a 2b 06 01 04 01 d6 79 02 01 21
> + 04 0c 5a 53 5a 56 a5 ac a5 a9 7f 7f 00 00 30 0f
> + 06 0a 2b 06 01 04 01 d6 79 02 01 22 04 01 21 30
> + 2e 06 0a 2b 06 01 04 01 d6 79 02 01 23 04 20 23
> + e1 4d d9 bb 51 a5 0e 16 91 1f 7e 11 df 1e 1a af
> + 0b 17 13 4d c7 39 c5 65 36 07 a1 ec 8d d3 7a 30
> + 2e 06 0a 2b 06 01 04 01 d6 79 02 01 24 04 20 00
> + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30
> + 2e 06 0a 2b 06 01 04 01 d6 79 02 01 25 04 20 00
> + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30
> + 12 06 0a 2b 06 01 04 01 d6 79 02 01 26 04 04 00
> + 00 00 00 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03
> + 47 00 30 44 02 20 62 a8 d3 23 db 1e 9c 64 91 49
> + 45 5e b3 49 8d cc 1a ae 76 70 e3 12 d2 25 65 69
> + df f1 7e bc 4b d8 02 20 25 99 7c 36 cb b3 fd ce
> + 6e 84 ee d7 ea eb 05 cf 69 cf 72 75 20 f3 ba 7f
> + 8b 9f 06 f3 e4 11 bc cd
> + ];
> + };
> + };
> --
> 2.42.0.283.g2d96d420d3-goog
>
WARNING: multiple messages have this Message-ID (diff)
From: Rob Herring <robh-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
To: Yi Chou <yich-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
Cc: krzysztof.kozlowski+dt-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org,
devicetree-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
devicetree-spec-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
yich-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org,
jens.wiklander-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org,
chenyian-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org,
jkardatzke-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org,
jwerner-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org,
sjg-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org
Subject: Re: [PATCH] dt-bindings: Add Google Widevine initialization parameters
Date: Mon, 18 Sep 2023 14:42:35 -0500 [thread overview]
Message-ID: <20230918194235.GA1548023-robh@kernel.org> (raw)
In-Reply-To: <20230908101539.2622864-1-yich-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
On Fri, Sep 08, 2023 at 06:15:39PM +0800, Yi Chou wrote:
> The necessary fields to initialize the widevine related functions in
> OP-TEE.
>
> Signed-off-by: Yi Chou <yich-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
> Reviewed-by: Simon Glass <sjg-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
> ---
> .../bindings/options/google,widevine.yaml | 124 ++++++++++++++++++
> 1 file changed, 124 insertions(+)
> create mode 100644 Documentation/devicetree/bindings/options/google,widevine.yaml
I don't think this belongs in the kernel. Weren't earlier versions
targeting dtschema? I'm okay with taking some stuff there, but if this
is the beginning of a bunch of things for OP-TEE, then they should go in
OP-TEE repo.
>
> diff --git a/Documentation/devicetree/bindings/options/google,widevine.yaml b/Documentation/devicetree/bindings/options/google,widevine.yaml
> new file mode 100644
> index 0000000000000..bf2b834cb1454
> --- /dev/null
> +++ b/Documentation/devicetree/bindings/options/google,widevine.yaml
> @@ -0,0 +1,124 @@
> +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
> +%YAML 1.2
> +---
> +$id: http://devicetree.org/schemas/options/google,widevine.yaml#
> +$schema: http://devicetree.org/meta-schemas/core.yaml#
> +
> +title: Google Widevine initialization parameters.
> +
> +maintainers:
> + - Jeffrey Kardatzke <jkardatzke-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
> + - Yi Chou <yich-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
> +
> +description:
> + The necessary fields to initialize the widevine related functions in
> + OP-TEE. This node does not represent a real device, but serves as a
> + place for passing data between firmware and OP-TEE.
> + The public fields (e.g. tpm-auth-public-key & root-of-trust-cert) can
> + be ignored because it's safe to pass the public information with the
> + other methods(e.g. userland OP-TEE plugins).
> +
> +properties:
> + compatible:
> + const: google,widevine
> +
> + hardware-unique-key:
These all need a 'google,' prefix (or whoever they are specific too).
Unless we're saying, for example, 'root-of-trust-cert' will always
(globally) be an X.509 cert and in the same form.
> + $ref: /schemas/types.yaml#/definitions/uint8-array
maxItems: 32
> + description: |
> + The hardware-unique key of the Widevine OP-TEE. It will be used
> + to derive the secure storage key. The length should be 32 bytes.
And drop the text defining the length.
> + For more information, please reference:
> + https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html#hardware-unique-key
> +
> + tpm-auth-public-key:
'tcg,' prefix here since this is defined by TCG.
> + $ref: /schemas/types.yaml#/definitions/uint8-array
> + description: |
> + The TPM auth public key. Used to communicate the TPM from OP-TEE.
> + The format of data should be TPM2B_PUBLIC.
> + For more information, please reference the 12.2.5 section:
> + https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part2_Structures_pub.pdf
maxItems: 65537
(Maybe something less, but since the size field is uint16, it can't be
more than that)
> +
> + root-of-trust:
> + $ref: /schemas/types.yaml#/definitions/uint8-array
> + description: |
> + The Widevine root of trust secret. Used to sign the widevine
> + request in OP-TEE. The length should be 32 bytes. The value
maxItems: 32
> + is an ECC NIST P-256 scalar.
> + For more information, please reference the G.1.2 section:
> + https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-186.pdf
> +
> + root-of-trust-cert:
> + $ref: /schemas/types.yaml#/definitions/uint8-array
> + description: |
> + The X.509 certificate of the Widevine root of trust on this
> + device. Used to provision the device status with the Widevine
> + server in OP-TEE.
> + For more information, please reference:
> + https://www.itu.int/rec/T-REC-X.509
Size?
> +
> +required:
> + - compatible
> + - hardware-unique-key
> + - root-of-trust
> +
> +additionalProperties: false
> +
> +examples:
> + - |+
> + options {
> + widevine {
> + compatible = "google,widevine";
> + hardware-unique-key = [
> + 12 f7 98 d2 0e d2 85 92 a5 82 bf 98 b8 99 2b c0
> + c6 6f 19 85 79 86 65 18 55 eb ff 9b 6c c0 ac 27
> + ];
> + tpm-auth-public-key = [
> + 00 76 00 23 00 0b 00 02 04 b2 00 20 e1 47 bf 27
> + e1 74 30 c8 16 ab 72 4d 5c 77 e1 5c 61 2d 56 81
> + b3 35 cd 9d eb 67 41 37 69 f0 32 41 00 10 00 10
> + 00 03 00 10 00 20 70 9a df 50 f9 0f d5 f4 40 e0
> + ea 2c e8 f2 26 9f 0e 5c 02 70 16 c3 6c c1 83 03
> + 2d 04 10 bd 85 7a 00 20 83 03 c2 66 6e 01 32 34
> + 5c 5e 80 22 c7 48 24 3c 70 6b b8 e4 24 42 74 a9
> + cf fc ab f8 30 e9 de 51
> + ];
> + root-of-trust = [
> + ac 0d 86 c3 d7 b5 b7 a2 6f c3 d9 93 f7 de bc bb
> + d5 c4 25 9b 21 5f 36 af b5 dd 6d 29 9d 08 c0 10
> + ];
> + root-of-trust-cert = [
> + 30 82 01 f4 30 82 01 9b a0 03 02 01 02 02 10 11
> + 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 30
> + 0a 06 08 2a 86 48 ce 3d 04 03 02 30 0f 31 0d 30
> + 0b 06 03 55 04 03 0c 04 54 69 35 30 30 22 18 0f
> + 32 30 30 30 30 31 30 31 30 30 30 30 30 30 5a 18
> + 0f 32 30 39 39 31 32 33 31 32 33 35 39 35 39 5a
> + 30 0f 31 0d 30 0b 06 03 55 04 03 0c 04 54 69 35
> + 30 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 08
> + 2a 86 48 ce 3d 03 01 07 03 42 00 04 ec ef cb 0c
> + 68 7e 30 f4 d5 8f 2c 88 16 f4 7f b5 8b 5b 06 77
> + d7 47 fe 1e 91 4c a3 c5 a1 54 f5 40 9c f8 a5 4e
> + 85 a0 fa 05 1a 01 98 da e4 b1 e5 ff 95 0d cf 8f
> + d9 c1 ce 28 0f 91 75 ca 06 e4 91 3b a3 81 d4 30
> + 81 d1 30 1a 06 0a 2b 06 01 04 01 d6 79 02 01 21
> + 04 0c 5a 53 5a 56 a5 ac a5 a9 7f 7f 00 00 30 0f
> + 06 0a 2b 06 01 04 01 d6 79 02 01 22 04 01 21 30
> + 2e 06 0a 2b 06 01 04 01 d6 79 02 01 23 04 20 23
> + e1 4d d9 bb 51 a5 0e 16 91 1f 7e 11 df 1e 1a af
> + 0b 17 13 4d c7 39 c5 65 36 07 a1 ec 8d d3 7a 30
> + 2e 06 0a 2b 06 01 04 01 d6 79 02 01 24 04 20 00
> + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30
> + 2e 06 0a 2b 06 01 04 01 d6 79 02 01 25 04 20 00
> + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30
> + 12 06 0a 2b 06 01 04 01 d6 79 02 01 26 04 04 00
> + 00 00 00 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03
> + 47 00 30 44 02 20 62 a8 d3 23 db 1e 9c 64 91 49
> + 45 5e b3 49 8d cc 1a ae 76 70 e3 12 d2 25 65 69
> + df f1 7e bc 4b d8 02 20 25 99 7c 36 cb b3 fd ce
> + 6e 84 ee d7 ea eb 05 cf 69 cf 72 75 20 f3 ba 7f
> + 8b 9f 06 f3 e4 11 bc cd
> + ];
> + };
> + };
> --
> 2.42.0.283.g2d96d420d3-goog
>
next prev parent reply other threads:[~2023-09-18 19:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-08 10:15 [PATCH] dt-bindings: Add Google Widevine initialization parameters Yi Chou
2023-09-08 10:15 ` Yi Chou
2023-09-17 8:40 ` Krzysztof Kozlowski
2023-09-17 8:40 ` Krzysztof Kozlowski
2023-09-18 4:20 ` Yi Chou
2023-09-18 4:20 ` Yi Chou
2023-09-18 12:03 ` Krzysztof Kozlowski
2023-09-18 12:03 ` Krzysztof Kozlowski
2023-09-18 19:42 ` Rob Herring [this message]
2023-09-18 19:42 ` Rob Herring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230918194235.GA1548023-robh@kernel.org \
--to=robh@kernel.org \
--cc=chenyian@google.com \
--cc=devicetree-spec@vger.kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=jens.wiklander@linaro.org \
--cc=jkardatzke@google.com \
--cc=jwerner@chromium.org \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=sjg@chromium.org \
--cc=yich@chromium.org \
--cc=yich@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.