Add support for TEE based trusted keys where TEE provides the functionality
to seal and unseal trusted keys using hardware unique key. Also, this is
an alternative in case platform doesn't possess a TPM device.
This patch-set has been tested with OP-TEE based early TA which is already
merged in upstream [1].
[1] https://github.com/OP-TEE/optee_os/commit/f86ab8e7e0de869dfa25ca05a37ee070d…
Changes in v7:
1. Added a trusted.source module parameter in order to enforce user's
choice in case a particular platform posses both TPM and TEE.
2. Refine commit description for patch #1.
Changes in v6:
1. Revert back to dynamic detection of trust source.
2. Drop author mention from trusted_core.c and trusted_tpm1.c files.
3. Rebased to latest tpmdd/master.
Changes in v5:
1. Drop dynamic detection of trust source and use compile time flags
instead.
2. Rename trusted_common.c -> trusted_core.c.
3. Rename callback: cleanup() -> exit().
4. Drop "tk" acronym.
5. Other misc. comments.
6. Added review tags for patch #3 and #4.
Changes in v4:
1. Pushed independent TEE features separately:
- Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062
2. Updated trusted-encrypted doc with TEE as a new trust source.
3. Rebased onto latest tpmdd/master.
Changes in v3:
1. Update patch #2 to support registration of multiple kernel pages.
2. Incoporate dependency patch #4 in this patch-set:
https://patchwork.kernel.org/patch/11091435/
Changes in v2:
1. Add reviewed-by tags for patch #1 and #2.
2. Incorporate comments from Jens for patch #3.
3. Switch to use generic trusted keys framework.
Sumit Garg (4):
KEYS: trusted: Add generic trusted keys framework
KEYS: trusted: Introduce TEE based Trusted Keys
doc: trusted-encrypted: updates with TEE as a new trust source
MAINTAINERS: Add entry for TEE based Trusted Keys
Documentation/security/keys/trusted-encrypted.rst | 203 ++++++++++---
MAINTAINERS | 8 +
include/keys/trusted-type.h | 47 +++
include/keys/trusted_tee.h | 55 ++++
include/keys/trusted_tpm.h | 17 +-
security/keys/trusted-keys/Makefile | 2 +
security/keys/trusted-keys/trusted_core.c | 334 +++++++++++++++++++++
security/keys/trusted-keys/trusted_tee.c | 278 ++++++++++++++++++
security/keys/trusted-keys/trusted_tpm1.c | 336 ++++------------------
9 files changed, 953 insertions(+), 327 deletions(-)
create mode 100644 include/keys/trusted_tee.h
create mode 100644 security/keys/trusted-keys/trusted_core.c
create mode 100644 security/keys/trusted-keys/trusted_tee.c
--
2.7.4
Hello arm-soc maintainers,
Please pull this small fix which reenables the kernel login method in the
kernel internal TEE client API. This fixes a problem introduced in v5.8.
Thanks,
Jens
The following changes since commit 9123e3a74ec7b934a4a099e98af6a61c2f80bbf5:
Linux 5.9-rc1 (2020-08-16 13:04:57 -0700)
are available in the Git repository at:
git://git.linaro.org:/people/jens.wiklander/linux-tee.git tags/tee-fix-for-v5.10
for you to fetch changes up to 722939528a37aa0cb22d441e2045c0cf53e78fb0:
tee: client UUID: Skip REE kernel login method as well (2020-10-13 08:42:11 +0200)
----------------------------------------------------------------
Reenable kernel login method for kernel TEE client API
The kernel TEE login method was accidentally disabled previously when
enabling a few other login methods, so fix that here.
----------------------------------------------------------------
Sumit Garg (1):
tee: client UUID: Skip REE kernel login method as well
drivers/tee/tee_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Hi All,
Trustedfirmware.org community project would like to invite you to the Mbed TLS Virtual Workshop on November 3rd (Tuesday) from 2pm to 6pm GMT.
The purpose of the workshop is to bring together the Mbed TLS community including maintainers, contributors and users to discuss
* The future direction of the project and
* Ways to improve community collaboration
The workshop will be hosted in Zoom open to all. The invitation with the zoom link will be send in the Mbed TLS, PSA Crypto* mailing lists in the coming days.
Here are some of the proposed agenda topics. Please reply if there is anything else you would like us or you to present during the workshop that will be interesting to the community
* Constant-time code
* How to be an effective Mbed TLS reviewer
* Processes - how does work get scheduled?
* Roadmap, Mbed TLS3.0
* PSA Crypto APIs
* How Do I contribute my first review.
Thanks,
Shebu
(TrustedFirmware.org Co-Chair,
Mbed TLS Technology Manager)
* https://lists.trustedfirmware.org/mailman/listinfo/mbed-tlshttps://lists.trustedfirmware.org/mailman/listinfo/psa-crypto
[BCC all OP-TEE maintainers]
Hi OP-TEE maintainers & contributors,
OP-TEE 3.11.0 is scheduled to be released on Friday, October 16th. So,
now is a good time to start testing the master branch on the various
platforms and report/fix any bugs.
The GitHub pull request for collecting Tested-by tags or any other
comment is https://github.com/OP-TEE/optee_os/pull/4101.
As usual, I will create a release candidate tag one week before the
release date for final testing.
Thanks!
Regards,
--
Jerome
Hi Joakim,
On Tue, Sep 29, 2020 at 12:00 PM Joakim Bech via OP-TEE <
op-tee(a)lists.trustedfirmware.org> wrote:
> Hi Jorge,
>
> On Tue, 29 Sep 2020 at 11:49, Jorge Ramirez <jorge(a)foundries.io> wrote:
>
> > Hi Joakim
> >
> > Shall we discuss how we want to extend the criptodriver API were
> different
> > algorithms can be taken from different ciphers?
> > And maybe also how to communicate other than using the github frontend? I
> > think this is useful in the case of relatively complex PR.
> >
> Sounds good to me, I'm adding that to the agenda. This concludes that there
> _will_ be a LOC meeting tomorrow Wednesday 30th Sept @ 16.00 (UTC+2).
>
> Again, connection details etc can be found in the meeting notes document:
> http://bit.ly/loc-notes
Apologies for not joining, I had a calendar issue (my fault!).
Since the date for the next release is confirmed and coming soon, I will
create the release PR and send the notification email shortly.
Thanks,
--
Jerome