OP-TEE

op-tee@lists.trustedfirmware.org

6 participants
554 discussions

by Jens Wiklander

[BCC all OP-TEE maintainers] Hi OP-TEE maintainers & contributors, We're about to make another OP-TEE release, namely: 3.9.0. Target is Friday, May 22th which leaves us almost 3 weeks to finalize the release. Please start testing your favorite platform(s) and report any issue in this pull request [1]. I will create a release candidate tag one week before the release date, at which point we will do some more testing and I will collect Tested-by tags in the same pull request. [1] https://github.com/OP-TEE/optee_os/pull/3833 Thanks! Regards, Jens

4 years

[op-tee] [PATCH v2 0/3] tee: add support for session's client UUID generation

by Vesa Jääskeläinen

TEE Client API defines that from user space only information needed for specified login operations is group identifier for group based logins. REE kernel is expected to formulate trustworthy client UUID and pass that to TEE environment. REE kernel is required to verify that provided group identifier for group based logins matches calling processes group memberships. TEE specification only defines that the information passed from REE environment to TEE environment is encoded into on UUID. In order to guarantee trustworthiness of client UUID user space is not allowed to freely pass client UUID. Vesa Jääskeläinen (3): tee: add support for session's client UUID generation tee: optee: Add support for session login client UUID generation [RFC] tee: add support for app id for client UUID generation drivers/tee/Kconfig | 1 + drivers/tee/optee/call.c | 6 +- drivers/tee/tee_core.c | 211 +++++++++++++++++++++++++++++++++++++++ include/linux/tee_drv.h | 16 +++ 4 files changed, 233 insertions(+), 1 deletion(-) -- 2.17.1 Changes v1->v2: * Changed goto labels to be more logical * Capture error if formatted string for UUIDv5 does not fit into buffer Notes: This patcheset has been designed so that it can be iteratively intergrated meaning that the application ID (RFC patch) part can be left for later when there is agreed solution for that. TEE specification leaves Linux behavior undefined. It does not define any UUID value for name space. UUID in here is randomly generated with uuidgen tool. I have also include amdtee people as this method probably should also be applied in there. Using op-tee(a)lists.trustedfirmware.org instead of tee-dev(a)lists.linaro.org as latter is deprecated old list. Original issue in OP-TEE OS tracker: https://github.com/OP-TEE/optee_os/issues/3642 Related reviews and demonstration for the concept: https://github.com/linaro-swg/linux/pull/74 https://github.com/OP-TEE/optee_client/pull/195 https://github.com/OP-TEE/optee_test/pull/406

4 years

[op-tee] [PATCH 0/3] tee: add support for session's client UUID generation

by Vesa Jääskeläinen

TEE Client API defines that from user space only information needed for specified login operations is group identifier for group based logins. REE kernel is expected to formulate trustworthy client UUID and pass that to TEE environment. REE kernel is required to verify that provided group identifier for group based logins matches calling processes group memberships. TEE specification only defines that the information passed from REE environment to TEE environment is encoded into on UUID. In order to guarantee trustworthiness of client UUID user space is not allowed to freely pass client UUID. Vesa Jääskeläinen (3): tee: add support for session's client UUID generation tee: optee: Add support for session login client UUID generation [RFC] tee: add support for app id for client UUID generation drivers/tee/Kconfig | 1 + drivers/tee/optee/call.c | 6 +- drivers/tee/tee_core.c | 188 +++++++++++++++++++++++++++++++++++++++ include/linux/tee_drv.h | 16 ++++ 4 files changed, 210 insertions(+), 1 deletion(-) -- 2.17.1 Notes: This patcheset has been designed so that it can be iteratively intergrated meaning that the application ID (RFC patch) part can be left for later when there is agreed solution for that. TEE specification leaves Linux behavior undefined. It does not define any UUID value for name space. UUID in here is randomly generated with uuidgen tool. I have also include amdtee people as this method probably should also be applied in there. Using op-tee(a)lists.trustedfirmware.org instead of tee-dev(a)lists.linaro.org as latter is deprecated old list. Original issue in OP-TEE OS tracker: https://github.com/OP-TEE/optee_os/issues/3642 Related reviews and demonstration for the concept: https://github.com/linaro-swg/linux/pull/74 https://github.com/OP-TEE/optee_client/pull/195 https://github.com/OP-TEE/optee_test/pull/406

4 years

[op-tee] [PATCH v2 0/2] hw/arm/virt: dt: add kaslr-seed property

by Jerome Forissier

This patchset creates the DT property /chosen/kaslr-seed which is used by the OS for Address Space Layout Randomization. If the machine is secure, a similar property is created under /secure-chosen. Changes since v1: - Move creation of /secure-chosen to create_fdt() - Use qemu_guest_getrandom() instead of qcrypto_random_bytes() - Create kaslr-seed for the non-secure OS too Jerome Forissier (2): hw/arm/virt: dt: move creation of /secure-chosen to create_fdt() hw/arm/virt: dt: add kaslr-seed property hw/arm/virt.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) -- 2.20.1

4 years

Jump to page:

2024

2023

2022

2021

2020

OP-TEE