From: Janne Karhunen <janne.karhunen@gmail.com>
To: Sumit Garg <sumit.garg@linaro.org>
Cc: keyrings@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
Jens Wiklander <jens.wiklander@linaro.org>,
Jonathan Corbet <corbet@lwn.net>,
dhowells@redhat.com, jejb@linux.ibm.com,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Mimi Zohar <zohar@linux.ibm.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Daniel Thompson <daniel.thompson@linaro.org>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"tee-dev @ lists . linaro . org" <tee-dev@lists.linaro.org>
Subject: Re: [RFC v2 0/6] Introduce TEE based Trusted Keys support
Date: Thu, 1 Aug 2019 10:59:51 +0300 [thread overview]
Message-ID: <CAE=Ncrae6pM+WBDu9eJ7Fw2Fkvf3_YqH5tj9Tt938D4RtWcdSQ@mail.gmail.com> (raw)
In-Reply-To: <CAFA6WYMOXQbL5OeheFUFpTr8gte8XHHr-71-h8+qX0+R_sekDQ@mail.gmail.com>
On Thu, Aug 1, 2019 at 10:40 AM Sumit Garg <sumit.garg@linaro.org> wrote:
> > I chose the userspace plugin due to this, you can use userspace aids
> > to provide any type of service. Use the crypto library you desire to
> > do the magic you want.
>
> Here TEE isn't similar to a user-space crypto library. In our case TEE
> is based on ARM TrustZone which only allows TEE communications to be
> initiated from privileged mode. So why would you like to route
> communications via user-mode (which is less secure) when we have
> standardised TEE interface available in kernel?
The physical access guards for reading/writing the involved critical
memory are identical as far as I know? Layered security is generally a
good thing, and the userspace pass actually adds a layer, so not sure
which is really safer?
In my case the rerouting was to done generalize it. Any type of trust
source, anywhere.
> > > Isn't actual purpose to have trusted keys is to protect user-space
> > > from access to kernel keys in plain format? Doesn't user mode helper
> > > defeat that purpose in one way or another?
> >
> > Not really. CPU is in the user mode while running the code, but the
> > code or the secure keydata being is not available to the 'normal'
> > userspace. It's like microkernel service/driver this way. The usermode
> > driver is part of the kernel image and it runs on top of a invisible
> > rootfs.
>
> Can you elaborate here with an example regarding how this user-mode
> helper will securely communicate with a hardware based trust source
> with other user-space processes denied access to that trust source?
The other user mode processes will never see the device node to open.
There is none in existence for them; it only exists in the ramfs based
root for the user mode helper.
--
Janne
next prev parent reply other threads:[~2019-08-01 8:00 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-30 12:23 [RFC v2 0/6] Introduce TEE based Trusted Keys support Sumit Garg
2019-07-30 12:23 ` [RFC v2 1/6] tee: optee: allow kernel pages to register as shm Sumit Garg
2019-07-30 12:23 ` [RFC v2 2/6] tee: enable support to register kernel memory Sumit Garg
2019-08-08 22:26 ` [Tee-dev] " Stuart Yoder
2019-08-09 5:36 ` Sumit Garg
2019-07-30 12:23 ` [RFC v2 3/6] tee: add private login method for kernel clients Sumit Garg
2019-07-30 12:23 ` [RFC v2 4/6] KEYS: trusted: Introduce TEE based Trusted Keys Sumit Garg
2019-07-30 12:23 ` [RFC v2 5/6] doc: keys: Document usage of " Sumit Garg
2019-07-30 12:23 ` [RFC v2 6/6] MAINTAINERS: Add entry for " Sumit Garg
2019-07-31 7:11 ` [RFC v2 0/6] Introduce TEE based Trusted Keys support Janne Karhunen
2019-07-31 10:21 ` Janne Karhunen
2019-07-31 13:58 ` Sumit Garg
2019-08-01 6:21 ` Janne Karhunen
2019-08-01 7:40 ` Sumit Garg
2019-08-01 7:59 ` Janne Karhunen [this message]
2019-08-01 10:00 ` Sumit Garg
2019-08-01 10:40 ` Janne Karhunen
2019-07-31 10:26 ` Sumit Garg
2019-07-31 11:02 ` Janne Karhunen
2019-07-31 14:23 ` Sumit Garg
2019-08-01 6:36 ` Janne Karhunen
2019-08-01 6:50 ` [Tee-dev] " Rouven Czerwinski
2019-08-01 7:30 ` Janne Karhunen
2019-08-01 7:58 ` Sumit Garg
2019-08-01 8:30 ` Janne Karhunen
2019-08-01 10:27 ` Sumit Garg
2019-08-04 20:48 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAE=Ncrae6pM+WBDu9eJ7Fw2Fkvf3_YqH5tj9Tt938D4RtWcdSQ@mail.gmail.com' \
--to=janne.karhunen@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=daniel.thompson@linaro.org \
--cc=dhowells@redhat.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jejb@linux.ibm.com \
--cc=jens.wiklander@linaro.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=tee-dev@lists.linaro.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).