Hi,
LOC monthly meeting is planned to take place Sept 30 @ 16.00 (UTC+2).
Connection details can be found in the meeting notes document (link below).
This email is a request to gather topics to discuss. If there are no
suggestions, then there will be no meeting (announced in this email thread,
if that's the case). To suggest a topic, either reply to this email thread
or add your topic directly into the meeting notes (or do both).
Meeting details:
---------------
Date/time: Wednesday Sept 30th(a)16.00 (UTC+2)
https://everytimezone.com/s/92bd296e
Invitation/connection details: In the meeting notes
Meeting notes: http://bit.ly/loc-notes
Project page: https://www.linaro.org/projects/#LOC
Regards,
Joakim on behalf of the Linaro OP-TEE team
sizeof() when applied to a pointer typed expression should gives the
size of the pointed data, even if the data is a pointer.
Signed-off-by: Liu Shixin <liushixin2(a)huawei.com>
---
drivers/tee/optee/shm_pool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tee/optee/shm_pool.c b/drivers/tee/optee/shm_pool.c
index d767eebf30bd..9fdc667b5df0 100644
--- a/drivers/tee/optee/shm_pool.c
+++ b/drivers/tee/optee/shm_pool.c
@@ -31,7 +31,7 @@ static int pool_op_alloc(struct tee_shm_pool_mgr *poolm,
unsigned int nr_pages = 1 << order, i;
struct page **pages;
- pages = kcalloc(nr_pages, sizeof(pages), GFP_KERNEL);
+ pages = kcalloc(nr_pages, sizeof(*pages), GFP_KERNEL);
if (!pages)
return -ENOMEM;
--
2.25.1
Hi Nikita,
On Wed, Sep 23, 2020 at 11:24:23AM +0000, Nikita Snetkov via OP-TEE wrote:
> Hello!
>
> Currently, I became interested in TEE research and development. After small
> investigation, I found out your product: OP-TEE. After reading about it,
> there is a thing that still bothers me: is it possible to create an
> application which uses OP-TEE and distribute in via Google Play?
>
For OP-TEE you typically create a pair of binaries, one binary running
on non-secure side (plain Linux environment) and one binary (Trusted
Application) running on the secure side.
Google Play hosts applications running in non-secure world, so I'd
believe that distributing the non-secure side of your feature using
Google Play is something you can do. But for the secure side, it's not
that easy, since it's usually the OEM that decide what to install and is
allowed to run on the secure side on their devices.
> --
> Yours faithfully,
> Nikita Snetkov
--
Regards,
Joakim
Hello!
Currently, I became interested in TEE research and development. After
small investigation, I found out your product: OP-TEE. After reading
about it, there is a thing that still bothers me: is it possible to
create an application which uses OP-TEE and distribute in via Google
Play?
--
Yours faithfully,
Nikita Snetkov
Hello arm-soc maintainers,
Please pull this small cleanup in tee driver registration. There are no
changes in behaviour, just a reduction in number of lines due to
improved usage of the device driver framework.
Thanks,
Jens
The following changes since commit 9123e3a74ec7b934a4a099e98af6a61c2f80bbf5:
Linux 5.9-rc1 (2020-08-16 13:04:57 -0700)
are available in the Git repository at:
git://git.linaro.org:/people/jens.wiklander/linux-tee.git tags/tee-dev-cleanup-for-v5.10
for you to fetch changes up to 8c05f50fe8452f9d3220efad77bef42c7b498193:
tee: avoid explicit sysfs_create/delete_group by initialising dev->groups (2020-09-18 10:44:45 +0200)
----------------------------------------------------------------
Simplify tee_device_register() and friends
Uses cdev_device_add() instead of the cdev_add() device_add()
combination.
Initializes dev->groups instead of direct calls to sysfs_create_group()
and friends.
----------------------------------------------------------------
Sudeep Holla (2):
tee: replace cdev_add + device_add with cdev_device_add
tee: avoid explicit sysfs_create/delete_group by initialising dev->groups
drivers/tee/tee_core.c | 40 +++++++---------------------------------
1 file changed, 7 insertions(+), 33 deletions(-)
Add support for TEE based trusted keys where TEE provides the functionality
to seal and unseal trusted keys using hardware unique key. Also, this is
an alternative in case platform doesn't possess a TPM device.
This patch-set has been tested with OP-TEE based early TA which is already
merged in upstream [1].
[1] https://github.com/OP-TEE/optee_os/commit/f86ab8e7e0de869dfa25ca05a37ee070d…
Changes in v6:
1. Revert back to dynamic detection of trust source.
2. Drop author mention from trusted_core.c and trusted_tpm1.c files.
3. Rebased to latest tpmdd/master.
Changes in v5:
1. Drop dynamic detection of trust source and use compile time flags
instead.
2. Rename trusted_common.c -> trusted_core.c.
3. Rename callback: cleanup() -> exit().
4. Drop "tk" acronym.
5. Other misc. comments.
6. Added review tags for patch #3 and #4.
Changes in v4:
1. Pushed independent TEE features separately:
- Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062
2. Updated trusted-encrypted doc with TEE as a new trust source.
3. Rebased onto latest tpmdd/master.
Changes in v3:
1. Update patch #2 to support registration of multiple kernel pages.
2. Incoporate dependency patch #4 in this patch-set:
https://patchwork.kernel.org/patch/11091435/
Changes in v2:
1. Add reviewed-by tags for patch #1 and #2.
2. Incorporate comments from Jens for patch #3.
3. Switch to use generic trusted keys framework.
Sumit Garg (4):
KEYS: trusted: Add generic trusted keys framework
KEYS: trusted: Introduce TEE based Trusted Keys
doc: trusted-encrypted: updates with TEE as a new trust source
MAINTAINERS: Add entry for TEE based Trusted Keys
Documentation/security/keys/trusted-encrypted.rst | 203 ++++++++++---
MAINTAINERS | 8 +
include/keys/trusted-type.h | 42 +++
include/keys/trusted_tee.h | 55 ++++
include/keys/trusted_tpm.h | 17 +-
security/keys/trusted-keys/Makefile | 2 +
security/keys/trusted-keys/trusted_core.c | 325 +++++++++++++++++++++
security/keys/trusted-keys/trusted_tee.c | 278 ++++++++++++++++++
security/keys/trusted-keys/trusted_tpm1.c | 336 ++++------------------
9 files changed, 939 insertions(+), 327 deletions(-)
create mode 100644 include/keys/trusted_tee.h
create mode 100644 security/keys/trusted-keys/trusted_core.c
create mode 100644 security/keys/trusted-keys/trusted_tee.c
--
2.7.4