linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Linus Walleij <linus.walleij@linaro.org>
To: Arnd Bergmann <arnd@linaro.org>,
	keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>,
	Jarkko Sakkinen <jarkko@kernel.org>
Cc: "Joakim Bech" <joakim.bech@linaro.org>,
	"Alex Bennée" <alex.bennee@linaro.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"Maxim Uvarov" <maxim.uvarov@linaro.org>,
	"Ilias Apalodimas" <ilias.apalodimas@linaro.org>,
	ruchika.gupta@linaro.org, "Winkler,
	Tomas" <tomas.winkler@intel.com>,
	yang.huang@intel.com, bing.zhu@intel.com,
	Matti.Moell@opensynergy.com, hmo@opensynergy.com,
	linux-mmc <linux-mmc@vger.kernel.org>,
	linux-scsi <linux-scsi@vger.kernel.org>,
	linux-nvme@vger.kernel.org,
	"Ulf Hansson" <ulf.hansson@linaro.org>,
	"Arnd Bergmann" <arnd.bergmann@linaro.org>,
	"Hector Martin" <marcan@marcan.st>
Subject: Re: [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem
Date: Mon, 8 Mar 2021 17:20:08 +0100	[thread overview]
Message-ID: <CACRpkdb4RkQvDBgTMW_+7yYBsHNRyJZiT5bn04uQJgk7tKGDOA@mail.gmail.com> (raw)
In-Reply-To: <CAK8P3a0qtByN4Fnutr1yetdVZkPJn87yK+w+_DAUXOMif-13aA@mail.gmail.com>

On Fri, Mar 5, 2021 at 9:44 AM Arnd Bergmann <arnd@linaro.org> wrote:

> I think the scenario for the 'nvme-rpmb' tool that does the signing in user
> space does not involve any TEE at the moment, because PCs usually
> don't have one.

Isn't that because (Windows-)PC:s prefer to use TPMs which
include their own key storage?

Apple has their "secure enclave" (separate security chip) and as illustrated
by Marcan it did not make use of RPMB as of 2016:
https://marcan.st/2016/03/untangling-ios-pin-code-security/
Maybe they have since started to use it? (They should.)

AFAICT the use case for RPMB is:
1. Used by Android with some TEE, and if you're not running
    Android and some TEE then
2. Use it for whatever you like

As it seems neither Microsoft nor Apple is paying it much attention
(+/- new facts) it will be up to the community to define use cases
for RPMB. I don't know what would make most sense, but the
kernel keyring seems to make a bit of sense as it is a well maintained
keyring project.

So the proposal is to (as some goal) bridge the keyring subsystem
to the proposed RPMB subsystem with an kernel-internal API.

What do the keyring people think of this? Added David & Jarkko to the
thread to get some input.

I suppose it would be a bit brutal if the kernel would just go in and
appropriate any empty RPMB it finds, but I suspect it is the right way
to make use of this facility given that so many of them are just sitting
there unused. Noone will run $CUSTOM_UTILITY any more than they
run the current RPMB tools in mmc-tools.

Agreeing with OP-TEE on the format and management of
any one RPMB partition seems like a good idea, if for nothing else
then for sharing documentation.

> I agree that sharing the RPMB is not a great idea, so if you have a TEE
> in the system that requires an RPMB for storage, it won't be usable by
> anything else. However, you can have multiple RPMB partitions with separate
> keys on an NVMe drive, and you can easily have multiple emulated
> virtio-rpmb devices  in a guest and use them for purposes other than the
> TEE.

The eMMC RPMB code even handles multiple RPMB partitions on an
eMMC. But I don't think I have ever seen a device with more than
one RPMB.

Yours,
Linus Walleij

  reply	other threads:[~2021-03-08 16:20 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-03 13:54 [RFC PATCH 0/5] RPMB internal and user-space API + WIP virtio-rpmb frontend Alex Bennée
2021-03-03 13:54 ` [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem Alex Bennée
2021-03-03 15:28   ` Ulf Hansson
2021-03-03 19:37     ` Alex Bennée
2021-03-04 20:56   ` Arnd Bergmann
2021-03-05  7:51     ` Joakim Bech
2021-03-05  8:44       ` Arnd Bergmann
2021-03-08 16:20         ` Linus Walleij [this message]
2021-03-09 21:09           ` Hector Martin
2021-03-10  5:14             ` Sumit Garg
2021-03-10  8:47               ` Hector Martin
2021-03-10  9:48                 ` Linus Walleij
2021-03-10 13:52                   ` Hector Martin
2021-03-11  0:36                     ` Linus Walleij
2021-03-11  9:22                       ` Hector Martin
2021-03-11 14:06                         ` Linus Walleij
2021-03-11 20:02                           ` Hector Martin
2021-03-12  9:22                             ` Linus Walleij
2021-03-10 10:29                 ` Sumit Garg
2021-03-11  0:49                   ` Linus Walleij
2021-03-11  1:07                     ` James Bottomley
2021-03-11  9:45                     ` Hector Martin
2021-03-11 14:31                       ` Linus Walleij
2021-03-11 20:29                         ` Hector Martin
2021-03-11 20:57                           ` Alex Bennée
2021-03-12 10:00                             ` Linus Walleij
2021-03-12  9:47                           ` Linus Walleij
2021-03-12 11:59                           ` Sumit Garg
2021-03-12 12:08                             ` Ilias Apalodimas
2021-03-09 17:12         ` David Howells
2021-03-10  4:54           ` Sumit Garg
2021-03-10  9:33           ` Linus Walleij
2021-03-03 13:54 ` [RFC PATCH 2/5] char: rpmb: provide a user space interface Alex Bennée
2021-03-04  7:01   ` Winkler, Tomas
2021-03-04 10:19     ` Alex Bennée
2021-03-04 10:34       ` Winkler, Tomas
2021-03-04 17:52         ` Alex Bennée
2021-03-04 19:54           ` Winkler, Tomas
2021-03-04 21:43             ` Arnd Bergmann
2021-03-05  6:31               ` Winkler, Tomas
2021-03-04 21:08   ` Arnd Bergmann
2021-03-03 13:54 ` [RFC PATCH 3/5] tools rpmb: add RPBM access tool Alex Bennée
2021-03-03 13:54 ` [RFC PATCH 4/5] rpmb: create virtio rpmb frontend driver [WIP] Alex Bennée
2021-03-03 13:55 ` [RFC PATCH 5/5] tools/rpmb: simple test sequence Alex Bennée
2021-03-09 13:27 ` [RFC PATCH 0/5] RPMB internal and user-space API + WIP virtio-rpmb frontend Avri Altman
2021-03-10 14:29   ` Alex Bennée
2021-03-11 13:45     ` Avri Altman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CACRpkdb4RkQvDBgTMW_+7yYBsHNRyJZiT5bn04uQJgk7tKGDOA@mail.gmail.com \
    --to=linus.walleij@linaro.org \
    --cc=Matti.Moell@opensynergy.com \
    --cc=alex.bennee@linaro.org \
    --cc=arnd.bergmann@linaro.org \
    --cc=arnd@linaro.org \
    --cc=bing.zhu@intel.com \
    --cc=dhowells@redhat.com \
    --cc=hmo@opensynergy.com \
    --cc=ilias.apalodimas@linaro.org \
    --cc=jarkko@kernel.org \
    --cc=joakim.bech@linaro.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mmc@vger.kernel.org \
    --cc=linux-nvme@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=marcan@marcan.st \
    --cc=maxim.uvarov@linaro.org \
    --cc=ruchika.gupta@linaro.org \
    --cc=tomas.winkler@intel.com \
    --cc=ulf.hansson@linaro.org \
    --cc=yang.huang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).