From: Sumit Garg <sumit.garg@linaro.org>
To: jens.wiklander@linaro.org, jarkko.sakkinen@linux.intel.com,
dhowells@redhat.com
Cc: corbet@lwn.net, jejb@linux.ibm.com, zohar@linux.ibm.com,
jmorris@namei.org, serge@hallyn.com, casey@schaufler-ca.com,
ard.biesheuvel@linaro.org, daniel.thompson@linaro.org,
stuart.yoder@arm.com, janne.karhunen@gmail.com,
keyrings@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, tee-dev@lists.linaro.org,
Sumit Garg <sumit.garg@linaro.org>
Subject: [Patch v3 0/7] Introduce TEE based Trusted Keys support
Date: Thu, 31 Oct 2019 19:28:36 +0530 [thread overview]
Message-ID: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> (raw)
Add support for TEE based trusted keys where TEE provides the functionality
to seal and unseal trusted keys using hardware unique key. Also, this is
an alternative in case platform doesn't possess a TPM device.
This series also adds some TEE features like:
Patch #1, #2 enables support for registered kernel shared memory with TEE.
Patch #3 enables support for private kernel login method required for
cases like trusted keys where we don't wan't user-space to directly access
TEE service to retrieve trusted key contents.
Rest of the patches from #4 to #7 adds support for TEE based trusted keys.
This patch-set has been tested with OP-TEE based pseudo TA which can be
found here [1].
[1] https://github.com/OP-TEE/optee_os/pull/3082
Changes in v3:
1. Update patch #2 to support registration of multiple kernel pages.
2. Incoporate dependency patch #4 in this patch-set:
https://patchwork.kernel.org/patch/11091435/
3. Rebased to latest tpmdd-master.
Changes in v2:
1. Add reviewed-by tags for patch #1 and #2.
2. Incorporate comments from Jens for patch #3.
3. Switch to use generic trusted keys framework.
Sumit Garg (7):
tee: optee: allow kernel pages to register as shm
tee: enable support to register kernel memory
tee: add private login method for kernel clients
KEYS: trusted: Add generic trusted keys framework
KEYS: trusted: Introduce TEE based Trusted Keys
doc: keys: Document usage of TEE based Trusted Keys
MAINTAINERS: Add entry for TEE based Trusted Keys
Documentation/security/keys/index.rst | 1 +
Documentation/security/keys/tee-trusted.rst | 93 ++++++++
MAINTAINERS | 9 +
drivers/tee/optee/call.c | 7 +
drivers/tee/tee_core.c | 6 +
drivers/tee/tee_shm.c | 26 ++-
include/keys/trusted-type.h | 48 ++++
include/keys/trusted_tee.h | 66 ++++++
include/keys/trusted_tpm.h | 15 --
include/linux/tee_drv.h | 1 +
include/uapi/linux/tee.h | 8 +
security/keys/Kconfig | 3 +
security/keys/trusted-keys/Makefile | 2 +
security/keys/trusted-keys/trusted_common.c | 346 ++++++++++++++++++++++++++++
security/keys/trusted-keys/trusted_tee.c | 282 +++++++++++++++++++++++
security/keys/trusted-keys/trusted_tpm1.c | 345 +++++----------------------
16 files changed, 954 insertions(+), 304 deletions(-)
create mode 100644 Documentation/security/keys/tee-trusted.rst
create mode 100644 include/keys/trusted_tee.h
create mode 100644 security/keys/trusted-keys/trusted_common.c
create mode 100644 security/keys/trusted-keys/trusted_tee.c
--
2.7.4
next reply other threads:[~2019-10-31 13:59 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-31 13:58 Sumit Garg [this message]
2019-10-31 13:58 ` [Patch v3 1/7] tee: optee: allow kernel pages to register as shm Sumit Garg
2019-10-31 13:58 ` [Patch v3 2/7] tee: enable support to register kernel memory Sumit Garg
2019-10-31 13:58 ` [Patch v3 3/7] tee: add private login method for kernel clients Sumit Garg
2019-10-31 13:58 ` [Patch v3 4/7] KEYS: trusted: Add generic trusted keys framework Sumit Garg
2019-10-31 13:58 ` [Patch v3 5/7] KEYS: trusted: Introduce TEE based Trusted Keys Sumit Garg
2019-10-31 13:58 ` [Patch v3 6/7] doc: keys: Document usage of " Sumit Garg
2019-10-31 21:47 ` Jarkko Sakkinen
2019-11-01 9:34 ` Sumit Garg
2019-11-01 20:19 ` Jarkko Sakkinen
2019-11-04 6:58 ` Sumit Garg
2019-11-04 20:55 ` Jarkko Sakkinen
2019-10-31 13:58 ` [Patch v3 7/7] MAINTAINERS: Add entry for " Sumit Garg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1572530323-14802-1-git-send-email-sumit.garg@linaro.org \
--to=sumit.garg@linaro.org \
--cc=ard.biesheuvel@linaro.org \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=daniel.thompson@linaro.org \
--cc=dhowells@redhat.com \
--cc=janne.karhunen@gmail.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jejb@linux.ibm.com \
--cc=jens.wiklander@linaro.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stuart.yoder@arm.com \
--cc=tee-dev@lists.linaro.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).