From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9C64C43332 for ; Wed, 13 Jan 2021 11:18:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7A3F5233F9 for ; Wed, 13 Jan 2021 11:18:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728167AbhAMLRy (ORCPT ); Wed, 13 Jan 2021 06:17:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52222 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728276AbhAMLRx (ORCPT ); Wed, 13 Jan 2021 06:17:53 -0500 Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F2AD2C06179F for ; Wed, 13 Jan 2021 03:17:12 -0800 (PST) Received: by mail-lf1-x12c.google.com with SMTP id o19so2221778lfo.1 for ; Wed, 13 Jan 2021 03:17:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TAxh0QRvG+U9nWMtk6yUVRJ8OL/Nsz5USXDEEU+kuLw=; b=hjKQy54pj428UdfskrcDqwX2PEoAuGx3i2g7PycDem6NXMGRHHmGGyHmVKwWLb2K3J GuCbG2pSWNT9EckrACedFivAg7m266Bek8bObR0AWPoaMYAIxLF4kyEoFgxdxCys/z2O 1M2sH3NJT6oCtEB49yIGbpWyB9hsme9sBdr9hxRICtZApQMPPnUjWWzc2M1Zd4hFsvgG uji2fNoa/rsQcIj+hu18ZBNFHEL92k4D5/8f5dYZvaqKQELkydytmCDEthvAlm+xp2CH jawETw48NCp3uaDciJagmM/I2m4mDeIiV0WqM9x++VNbLXd50mJ2oGlO07uAiYEAkZlM TxiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TAxh0QRvG+U9nWMtk6yUVRJ8OL/Nsz5USXDEEU+kuLw=; b=K+RWQHrgKpkGK5MwunXyLFpmLYlDpKWUhGWXdCPs/kfudZzpvWbp16u7xarM46amhO yc46dwK73lNpTCghb/OG4jKVwDlGHkJTKqRYBOthXSIfkp2ugmlcbz3xNQ5U3PzdHK8r 0xrzjbTjGZS8mffLBcOlmjT+NrEpr6xf09lHeQ8jOh5xoRhCrv+zgl18pfCnavDQHBx4 FRVMKnQTMI5bsMRCZz1PlU5WfY5Wpi73CRHzRnCqfWn+1sUPJWi3rhlhceIktxxN1FRa G4+ULHKBJudiKtAV+GljMtKKl8JuUO+yPxRIss+CpSPwP1qz4ZZeM3XKJa2N1vUeCDEL gSlw== X-Gm-Message-State: AOAM530MdMj+ppg+JQdWluoyWRiH4FoF1DqwpM6DJEUwURBgttXUXypW nzqjRRkHBlpKJNE+t6iEY7QSSi5dRRaHiDdMe8/eAg== X-Google-Smtp-Source: ABdhPJweF4+YKogH4cN92gRs6BUwNLlYpSWHBGR0Ptdw8KYpzPSd0hSF3S5iZRq39IC4We8OFJ8+kD0bPFuTv8QjcXc= X-Received: by 2002:a19:c211:: with SMTP id l17mr671408lfc.194.1610536631374; Wed, 13 Jan 2021 03:17:11 -0800 (PST) MIME-Version: 1.0 References: <1604419306-26105-1-git-send-email-sumit.garg@linaro.org> <1604419306-26105-3-git-send-email-sumit.garg@linaro.org> In-Reply-To: From: Sumit Garg Date: Wed, 13 Jan 2021 16:47:00 +0530 Message-ID: Subject: Re: [PATCH v8 2/4] KEYS: trusted: Introduce TEE based Trusted Keys To: Jarkko Sakkinen Cc: Jarkko Sakkinen , Mimi Zohar , James Bottomley , David Howells , Jens Wiklander , Jonathan Corbet , James Morris , "Serge E. Hallyn" , Casey Schaufler , Janne Karhunen , Daniel Thompson , Markus Wamser , Luke Hinds , "open list:ASYMMETRIC KEYS" , linux-integrity@vger.kernel.org, "open list:SECURITY SUBSYSTEM" , Linux Doc Mailing List , Linux Kernel Mailing List , linux-arm-kernel , op-tee@lists.trustedfirmware.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Hi Jarkko, On Mon, 11 Jan 2021 at 22:05, Jarkko Sakkinen wrote: > > On Tue, Nov 03, 2020 at 09:31:44PM +0530, Sumit Garg wrote: > > Add support for TEE based trusted keys where TEE provides the functionality > > to seal and unseal trusted keys using hardware unique key. > > > > Refer to Documentation/tee.txt for detailed information about TEE. > > > > Signed-off-by: Sumit Garg > > I haven't yet got QEMU environment working with aarch64, this produces > just a blank screen: > > ./output/host/usr/bin/qemu-system-aarch64 -M virt -cpu cortex-a53 -smp 1 -kernel output/images/Image -initrd output/images/rootfs.cpio -serial stdio > > My BuildRoot fork for TPM and keyring testing is located over here: > > https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/buildroot-tpmdd.git/ > > The "ARM version" is at this point in aarch64 branch. Over time I will > define tpmdd-x86_64 and tpmdd-aarch64 boards and everything will be then > in the master branch. > > To create identical images you just need to > > $ make tpmdd_defconfig && make > > Can you check if you see anything obviously wrong? I'm eager to test this > patch set, and in bigger picture I really need to have ready to run > aarch64 environment available. I would rather suggest you to follow steps listed here [1] as to test this feature on Qemu aarch64 we need to build firmwares such as TF-A, OP-TEE, UEFI etc. which are all integrated into OP-TEE Qemu build system [2]. And then it would be easier to migrate them to your buildroot environment as well. [1] https://lists.trustedfirmware.org/pipermail/op-tee/2020-May/000027.html [2] https://optee.readthedocs.io/en/latest/building/devices/qemu.html#qemu-v8 -Sumit > > /Jarkko