From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1422970AbcHEUGO (ORCPT <rfc822;w@1wt.eu>);
	Fri, 5 Aug 2016 16:06:14 -0400
Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:56154 "EHLO
	atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1761340AbcHEUGG (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 5 Aug 2016 16:06:06 -0400
Date: Fri, 5 Aug 2016 22:06:01 +0200
From: Pavel Machek <pavel@ucw.cz>
To: Tomas Winkler <tomas.winkler@intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Ulf Hansson <ulf.hansson@linaro.org>,
        Adrian Hunter <adrian.hunter@intel.com>,
        James Bottomley <James.Bottomley@HansenPartnership.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        Vinayak Holikatti <vinholikatti@gmail.com>,
        Andy Lutomirski <luto@kernel.org>,
        Arve =?iso-8859-1?B?SGr4bm5lduVn?= <arve@android.com>,
        Michael Ryleev <gmar@google.com>, Joao Pinto <Joao.Pinto@synopsys.com>,
        Christoph Hellwig <hch@lst.de>, Yaniv Gardi <ygardi@codeaurora.org>,
        linux-kernel@vger.kernel.org, linux-mmc@vger.kernel.org,
        linux-scsi@vger.kernel.org
Subject: Re: [PATCH v5 0/8] Replay Protected Memory Block (RPMB) subsystem
Message-ID: <20160805200601.GA7999@amd>
References: <1468873673-21776-1-git-send-email-tomas.winkler@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1468873673-21776-1-git-send-email-tomas.winkler@intel.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi!

> Few storage technologies such is EMMC, UFS, and NVMe support RPMB
> hardware partition with common protocol and frame layout.
> The RPMB partition cannot be accessed via standard block layer, but by a
> set of specific commands: WRITE, READ, GET_WRITE_COUNTER, and
> PROGRAM_KEY.
> Such a partition provides authenticated and replay protected access,
> hence suitable as a secure storage.

...and that is suitable from locking devices from their owners, as
Nokia N9 (aka brick, because Microsoft turned off support servers)
teached me recently.

So I have to ask -- what are non-evil uses for this?

There were "secure extensions" mentioned before, but my understanding
is that it currently has severe limitations making it unsuitable for
mainline kernel. (IOW you can't event test the functionality if you
are not Intel).
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html