All of lore.kernel.org
 help / color / mirror / Atom feed
From: Simon Glass <sjg@chromium.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 00/10] AVB using OP-TEE
Date: Thu, 23 Aug 2018 10:31:51 -0600	[thread overview]
Message-ID: <CAPnjgZ0DakH26_2gEcsYLKfaEZnNwF0jeWjrBaK58nDvGJnu+g@mail.gmail.com> (raw)
In-Reply-To: <CAHUa44H2D5i-06TE_Va2fm_4Z9SRvC=3=-nt1iiz0bGqdTaKqg@mail.gmail.com>

Hi Jens,

On 23 August 2018 at 05:23, Jens Wiklander <jens.wiklander@linaro.org> wrote:
> Hi Simon,
>
> On Thu, Aug 23, 2018 at 12:45 PM, Simon Glass <sjg@chromium.org> wrote:
>> Hi Jens,
>>
>> On 13 August 2018 at 09:53, Jens Wiklander <jens.wiklander@linaro.org> wrote:
>>> Hi,
>>>
>>> This adds support for storing AVB rollback indexes in the RPMB partition.
>>> The RPMB partition (content and key) is managed by OP-TEE
>>> (https://www.op-tee.org/) which is a secure OS leveraging ARM TrustZone.
>>>
>>> The Linux kernel can already support OP-TEE with reading and updating
>>> rollback indexes in the RPMB partition, the catch is that this is needed
>>> before the kernel has booted.
>>>
>>> The design here is the same as what is in the Linux kernel, with the
>>> exception that the user space daemon tee-supplicant is integrated in the
>>> OP-TEE driver here (drivers/tee/optee/supplicant.c) instead. A new uclass
>>> (UCLASS_TEE) is introduced to provide an abstraction for interfacing with a
>>> Trusted Execution Environment (TEE). There's also the OP-TEE driver using
>>> UCLASS_TEE for registration.
>>>
>>> A Trusted Application (TA) interface is added to be used by the AVB verify
>>> functions which are updated accordingly. The TA is managed by OP-TEE and is
>>> executed in a secure TrustZone protected environment.
>>>
>>> The header files drivers/tee/optee/optee_{msg,msg_supplicant,smc}.h and
>>> include/tee/optee_ta_avb.h are copied from
>>> https://github.com/OP-TEE/optee_os/tree/master more or less unmodified.
>>> They may need to be updated from time to time in order to support new
>>> features.
>>>
>>> In MMC there's a new function, mmc_rpmb_route_frames(), which as the name
>>> suggests is used to route RPMB frames to/from the MMC. This saves OP-TEE
>>> from implementing an MMC driver which would need to share resources with
>>> its counterpart here in U-boot.
>>>
>>> This was tested on a Hikey (Kirin 620) board.
>>>
>>> I've added myself as maintainer of the TEE stuff.
>>>
>>> Thanks,
>>> Jens
>>>
>>> Jens Wiklander (10):
>>>   dm: fdt: scan for devices under /firmware too
>>>   cmd: avb read_rb: print rb_idx in hexadecimal
>>>   mmc: rpmb: add mmc_rpmb_route_frames()
>>>   Add UCLASS_TEE for Trusted Execution Environment
>>>   dt/bindings: add bindings for optee
>>>   tee: add OP-TEE driver
>>>   arm: dt: hikey: Add optee node
>>>   optee: support routing of rpmb data frames to mmc
>>>   tee: optee: support AVB trusted application
>>>   avb_verify: support using OP-TEE TA AVB
>>>
>>>  MAINTAINERS                                   |   7 +
>>>  arch/arm/dts/hi6220-hikey.dts                 |   7 +
>>>  cmd/avb.c                                     |   2 +-
>>>  common/avb_verify.c                           | 132 +++-
>>>  .../firmware/linaro,optee-tz.txt              |  31 +
>>>  drivers/Kconfig                               |   2 +
>>>  drivers/Makefile                              |   1 +
>>>  drivers/core/root.c                           |  15 +-
>>>  drivers/mmc/rpmb.c                            | 160 +++++
>>>  drivers/tee/Kconfig                           |  18 +
>>>  drivers/tee/Makefile                          |   4 +
>>>  drivers/tee/optee/Kconfig                     |  23 +
>>>  drivers/tee/optee/Makefile                    |   5 +
>>>  drivers/tee/optee/core.c                      | 622 ++++++++++++++++++
>>>  drivers/tee/optee/optee_msg.h                 | 423 ++++++++++++
>>>  drivers/tee/optee/optee_msg_supplicant.h      | 234 +++++++
>>>  drivers/tee/optee/optee_private.h             |  41 ++
>>>  drivers/tee/optee/optee_smc.h                 | 444 +++++++++++++
>>>  drivers/tee/optee/rpmb.c                      | 184 ++++++
>>>  drivers/tee/optee/supplicant.c                |  92 +++
>>>  drivers/tee/tee-uclass.c                      | 180 +++++
>>>  include/avb_verify.h                          |   4 +
>>>  include/dm/uclass-id.h                        |   1 +
>>>  include/mmc.h                                 |   2 +
>>>  include/tee.h                                 | 141 ++++
>>>  include/tee/optee_ta_avb.h                    |  48 ++
>>>  26 files changed, 2816 insertions(+), 7 deletions(-)
>>>  create mode 100644 doc/device-tree-bindings/firmware/linaro,optee-tz.txt
>>>  create mode 100644 drivers/tee/Kconfig
>>>  create mode 100644 drivers/tee/Makefile
>>>  create mode 100644 drivers/tee/optee/Kconfig
>>>  create mode 100644 drivers/tee/optee/Makefile
>>>  create mode 100644 drivers/tee/optee/core.c
>>>  create mode 100644 drivers/tee/optee/optee_msg.h
>>>  create mode 100644 drivers/tee/optee/optee_msg_supplicant.h
>>>  create mode 100644 drivers/tee/optee/optee_private.h
>>>  create mode 100644 drivers/tee/optee/optee_smc.h
>>>  create mode 100644 drivers/tee/optee/rpmb.c
>>>  create mode 100644 drivers/tee/optee/supplicant.c
>>>  create mode 100644 drivers/tee/tee-uclass.c
>>>  create mode 100644 include/tee.h
>>>  create mode 100644 include/tee/optee_ta_avb.h
>>>
>>> --
>>> 2.17.1
>>>
>>
>> I missed the Android Verified Boot stuff going in. I did see the v1
>> patch but not the v2.
>>
>> Was there discussion of coding style for lib/libavb?
>
> I don't know. It was Igor who posted that.
>
>>
>> Also, how is this stuff tested in U-Boot? I don't see any tests.
>
> This depends on OP-TEE running in secure world.
> The tests are a bit destructive since we're writing in RPMB and also
> need to have a specific key programmed.
>
> Before posting the V2 patch set I did some final manual testing:
>
> => avb init 1
> => avb read_rb 0
> I/TC:  Dynamic shared memory is enabled
> Rollback index: 0
> => avb read_rb 1
> Rollback index: 0
> => avb read_rb 3
> Rollback index: 0
> => avb read_rb 4
> Rollback index: 0
> => avb read_rb 5
> Rollback index: 34
> => avb write_rb 5 3
> Failed to write rollback index
> => avb write_rb 5 35
> => avb write_rb 5 3
> Failed to write rollback index
> => avb read_rb 5
> Rollback index: 35

OK, I wonder if that can be converted into a simple test in test/py?

Better would be to have a fake sandbox OP-TEE implementation that we
can use to write a test of all the code. Does that sound feasible?

>
>
>>
>> For the uclass, please add a sandbox driver and test even if there are
>> no other tests.
>
> I've added that in the V2 patch set.

OK great.

Regards,
Simon

  parent reply	other threads:[~2018-08-23 16:31 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-13 15:53 [U-Boot] [PATCH 00/10] AVB using OP-TEE Jens Wiklander
2018-08-13 15:53 ` [U-Boot] [PATCH 01/10] dm: fdt: scan for devices under /firmware too Jens Wiklander
2018-08-15 14:17   ` Tom Rini
2018-08-15 14:30     ` Michal Simek
2018-08-15 14:34       ` Tom Rini
2018-08-15 14:50         ` Michal Simek
2018-08-15 14:50           ` Michal Simek
2018-08-15 15:31           ` [U-Boot] " Rob Herring
2018-08-15 15:31             ` Rob Herring
2018-08-15 15:43             ` [U-Boot] " Tom Rini
2018-08-15 15:43               ` Tom Rini
2018-08-13 15:53 ` [U-Boot] [PATCH 02/10] cmd: avb read_rb: print rb_idx in hexadecimal Jens Wiklander
2018-08-14 11:34   ` Igor Opaniuk
2018-08-13 15:53 ` [U-Boot] [PATCH 03/10] mmc: rpmb: add mmc_rpmb_route_frames() Jens Wiklander
2018-08-16 12:13   ` Igor Opaniuk
2018-08-22 13:52     ` Jens Wiklander
2018-08-13 15:53 ` [U-Boot] [PATCH 04/10] Add UCLASS_TEE for Trusted Execution Environment Jens Wiklander
2018-08-16 12:14   ` Igor Opaniuk
2018-08-17 12:48   ` Simon Glass
2018-08-21  9:20     ` Jens Wiklander
2018-08-23 10:45   ` Simon Glass
2018-08-23 11:11     ` Jens Wiklander
2018-08-23 16:31       ` Simon Glass
2018-08-13 15:53 ` [U-Boot] [PATCH 05/10] dt/bindings: add bindings for optee Jens Wiklander
2018-08-13 15:53 ` [U-Boot] [PATCH 06/10] tee: add OP-TEE driver Jens Wiklander
2018-08-16 12:17   ` Igor Opaniuk
2018-08-13 15:53 ` [U-Boot] [PATCH 07/10] arm: dt: hikey: Add optee node Jens Wiklander
2018-08-13 15:53 ` [U-Boot] [PATCH 08/10] optee: support routing of rpmb data frames to mmc Jens Wiklander
2018-08-16 12:23   ` Igor Opaniuk
2018-08-13 15:53 ` [U-Boot] [PATCH 09/10] tee: optee: support AVB trusted application Jens Wiklander
2018-08-16 12:22   ` Igor Opaniuk
2018-08-19 12:42     ` Igor Opaniuk
2018-08-13 15:53 ` [U-Boot] [PATCH 10/10] avb_verify: support using OP-TEE TA AVB Jens Wiklander
2018-08-14 11:20   ` Igor Opaniuk
2018-08-16 12:17     ` Igor Opaniuk
2018-08-23 10:45 ` [U-Boot] [PATCH 00/10] AVB using OP-TEE Simon Glass
2018-08-23 11:23   ` Jens Wiklander
2018-08-23 12:15     ` Igor Opaniuk
2018-08-23 16:31     ` Simon Glass [this message]
2018-08-28  6:11       ` Jens Wiklander

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAPnjgZ0DakH26_2gEcsYLKfaEZnNwF0jeWjrBaK58nDvGJnu+g@mail.gmail.com \
    --to=sjg@chromium.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.