From: Sumit Garg <sumit.garg@linaro.org>
To: Janne Karhunen <janne.karhunen@gmail.com>
Cc: Rouven Czerwinski <r.czerwinski@pengutronix.de>,
"tee-dev @ lists . linaro . org" <tee-dev@lists.linaro.org>,
Daniel Thompson <daniel.thompson@linaro.org>,
Jonathan Corbet <corbet@lwn.net>,
jejb@linux.ibm.com, Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
dhowells@redhat.com, linux-security-module@vger.kernel.org,
keyrings@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-integrity@vger.kernel.org,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [Tee-dev] [RFC v2 0/6] Introduce TEE based Trusted Keys support
Date: Thu, 1 Aug 2019 13:28:32 +0530 [thread overview]
Message-ID: <CAFA6WYPt4q+jaJbaoauXKr2qKgBHvtQ663s4t=W3nuPJPe2xpw@mail.gmail.com> (raw)
In-Reply-To: <CAE=NcraqD9FNM0Gk9UGhPGi3heVzZrAKGc1gNZxoe1OnDaQ=pA@mail.gmail.com>
On Thu, 1 Aug 2019 at 13:00, Janne Karhunen <janne.karhunen@gmail.com> wrote:
>
> On Thu, Aug 1, 2019 at 9:50 AM Rouven Czerwinski
> <r.czerwinski@pengutronix.de> wrote:
>
> > > I'm aware of it - I have implemented a large part of the GP TEE APIs
> > > earlier (primarily the crypto functions). Does the TEE you work with
> > > actually support GP properly? Can I take a look at the code?
> >
> > AFAIK Sumit is working with the OP-TEE implementation, which can be
> > found on github: https://github.com/op-tee/optee_os
>
> Thanks, I will take a look.
For documentation, refer to: https://optee.readthedocs.io/
> The fundamental problem with these things
> is that there are infinite amount of ways how TEEs and ROTs can be
> done in terms of the hardware and software. I really doubt there are 2
> implementations in existence that are even remotely compatible in real
> life.
I agree with you regarding implementation specific nature of TEE but
having a standardized client interface does solves the problem.
> As such, all things TEE/ROT would logically really belong in the
> userland and thanks to the bpfilter folks now the umh logic really
> makes that possible ... I think. The key implementation I did was just
> an RFC on the concept, what if we start to move the stuff that really
> belongs in the userspace to this pseudo-userland. It's not kernel, but
> it's not commonly accessible userland either. The shared memory would
> also work without any modifications between the umh based TEE/ROT
> driver and the userland if needed.
>
> Anyway, just my .02c. I guess having any new support in the kernel for
> new trust sources is good and improvement from the current state. I
> can certainly make my stuff work with your setup as well, what ever
> people think is the best.
Yes your implementation can very well fit under trusted keys
abstraction framework without creating a new keytype: "ext-trusted".
-Sumit
>
>
> --
> Janne
next prev parent reply other threads:[~2019-08-01 7:58 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-30 12:23 [RFC v2 0/6] Introduce TEE based Trusted Keys support Sumit Garg
2019-07-30 12:23 ` [RFC v2 1/6] tee: optee: allow kernel pages to register as shm Sumit Garg
2019-07-30 12:23 ` [RFC v2 2/6] tee: enable support to register kernel memory Sumit Garg
2019-08-08 22:26 ` [Tee-dev] " Stuart Yoder
2019-08-09 5:36 ` Sumit Garg
2019-07-30 12:23 ` [RFC v2 3/6] tee: add private login method for kernel clients Sumit Garg
2019-07-30 12:23 ` [RFC v2 4/6] KEYS: trusted: Introduce TEE based Trusted Keys Sumit Garg
2019-07-30 12:23 ` [RFC v2 5/6] doc: keys: Document usage of " Sumit Garg
2019-07-30 12:23 ` [RFC v2 6/6] MAINTAINERS: Add entry for " Sumit Garg
2019-07-31 7:11 ` [RFC v2 0/6] Introduce TEE based Trusted Keys support Janne Karhunen
2019-07-31 10:21 ` Janne Karhunen
2019-07-31 13:58 ` Sumit Garg
2019-08-01 6:21 ` Janne Karhunen
2019-08-01 7:40 ` Sumit Garg
2019-08-01 7:59 ` Janne Karhunen
2019-08-01 10:00 ` Sumit Garg
2019-08-01 10:40 ` Janne Karhunen
2019-07-31 10:26 ` Sumit Garg
2019-07-31 11:02 ` Janne Karhunen
2019-07-31 14:23 ` Sumit Garg
2019-08-01 6:36 ` Janne Karhunen
2019-08-01 6:50 ` [Tee-dev] " Rouven Czerwinski
2019-08-01 7:30 ` Janne Karhunen
2019-08-01 7:58 ` Sumit Garg [this message]
2019-08-01 8:30 ` Janne Karhunen
2019-08-01 10:27 ` Sumit Garg
2019-08-04 20:48 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFA6WYPt4q+jaJbaoauXKr2qKgBHvtQ663s4t=W3nuPJPe2xpw@mail.gmail.com' \
--to=sumit.garg@linaro.org \
--cc=ard.biesheuvel@linaro.org \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=daniel.thompson@linaro.org \
--cc=dhowells@redhat.com \
--cc=janne.karhunen@gmail.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jejb@linux.ibm.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=r.czerwinski@pengutronix.de \
--cc=serge@hallyn.com \
--cc=tee-dev@lists.linaro.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).