- OP-TEE - lists.trustedfirmware.org

by Jerome Forissier

[BCC all OP-TEE maintainers] Hi OP-TEE maintainers & contributors, OP-TEE 3.11.0 is scheduled to be released on Friday, October 16th. So, now is a good time to start testing the master branch on the various platforms and report/fix any bugs. The GitHub pull request for collecting Tested-by tags or any other comment is https://github.com/OP-TEE/optee_os/pull/4101. As usual, I will create a release candidate tag one week before the release date for final testing. Thanks! Regards, -- Jerome

4 years, 8 months

2
1
0 0

[PATCH v3] tee: add support for application-based session login methods

by Elvira Khabirova

GP TEE Client API in addition to login methods already supported in the kernel also defines several application-based methods: TEEC_LOGIN_APPLICATION, TEEC_LOGIN_USER_APPLICATION, and TEEC_LOGIN_GROUP_APPLICATION. It specifies credentials generated for TEEC_LOGIN_APPLICATION as only depending on the identity of the program, being persistent within one implementation, across multiple invocations of the application and across power cycles, enabling them to be used to disambiguate persistent storage. The exact nature is REE-specific. As the exact method of generating application identifier strings may vary between vendors, setups and installations, add two suggested methods and an exact framework for vendors to extend upon. Signed-off-by: Elvira Khabirova <e.khabirova(a)omprussia.ru> --- Jens, do you have any advice on finding more reviewers for this? Changes in v3: - Remove free_app_id() and replace it with calls to kfree(). Changes in v2: - Rename some functions and variables to make them shorter. - Include linux/security.h unconditionally. - Restructure error handling in tee_session_calc_client_uuid(). drivers/tee/Kconfig | 29 ++++++++++ drivers/tee/tee_core.c | 126 ++++++++++++++++++++++++++++++++++++++--- 2 files changed, 147 insertions(+), 8 deletions(-) diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig index e99d840c2511..4cd6e0d2aad5 100644 --- a/drivers/tee/Kconfig +++ b/drivers/tee/Kconfig @@ -11,6 +11,35 @@ config TEE This implements a generic interface towards a Trusted Execution Environment (TEE). +choice + prompt "Application ID for client UUID" + depends on TEE + default TEE_APPID_PATH + help + This option allows to choose which method will be used to generate + application identifiers for client UUID generation when login methods + TEE_LOGIN_APPLICATION, TEE_LOGIN_USER_APPLICATION + and TEE_LOGIN_GROUP_APPLICATION are used. + Please be mindful of the security of each method in your particular + installation. + + config TEE_APPID_PATH + bool "Path-based application ID" + help + Use the executable's path as an application ID. + + config TEE_APPID_SECURITY + bool "Security extended attribute based application ID" + help + Use the executable's security extended attribute as an application ID. +endchoice + +config TEE_APPID_SECURITY_XATTR + string "Security extended attribute to use for application ID" + depends on TEE_APPID_SECURITY + help + Attribute to be used as an application ID (with the security prefix removed). + if TEE menu "TEE drivers" diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 64637e09a095..3626ce0d9bd7 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -7,9 +7,12 @@ #include <linux/cdev.h> #include <linux/cred.h> +#include <linux/file.h> #include <linux/fs.h> #include <linux/idr.h> +#include <linux/mm.h> #include <linux/module.h> +#include <linux/security.h> #include <linux/slab.h> #include <linux/tee_drv.h> #include <linux/uaccess.h> @@ -21,7 +24,7 @@ #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x)) -#define TEE_UUID_NS_NAME_SIZE 128 +#define TEE_UUID_NS_NAME_SIZE PATH_MAX /* * TEE Client UUID name space identifier (UUIDv4) @@ -125,6 +128,65 @@ static int tee_release(struct inode *inode, struct file *filp) return 0; } +#ifdef CONFIG_TEE_APPID_SECURITY +static const char *get_app_id(void **data) +{ + struct file *exe_file; + const char *name = CONFIG_TEE_APPID_SECURITY_XATTR; + int len; + + exe_file = get_mm_exe_file(current->mm); + if (!exe_file) + return ERR_PTR(-ENOENT); + + if (!exe_file->f_inode) { + fput(exe_file); + return ERR_PTR(-ENOENT); + } + + /* + * An identifier string for the binary. Depends on the implementation. + * Could be, for example, a string containing the application vendor ID, + * or the binary's signature, or its hash and a timestamp. + */ + len = security_inode_getsecurity(exe_file->f_inode, name, data, true); + if (len < 0) + return ERR_PTR(len); + + fput(exe_file); + + return *data; +} +#endif /* CONFIG_TEE_APPID_SECURITY */ + +#ifdef CONFIG_TEE_APPID_PATH +static const char *get_app_id(void **data) +{ + struct file *exe_file; + char *path; + + *data = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL); + if (!*data) + return ERR_PTR(-ENOMEM); + + exe_file = get_mm_exe_file(current->mm); + if (!exe_file) { + kfree(*data); + return ERR_PTR(-ENOENT); + } + + path = file_path(exe_file, *data, TEE_UUID_NS_NAME_SIZE); + if (IS_ERR(path)) { + kfree(*data); + return path; + } + + fput(exe_file); + + return path; +} +#endif /* CONFIG_TEE_APPID_PATH */ + /** * uuid_v5() - Calculate UUIDv5 * @uuid: Resulting UUID @@ -197,6 +259,8 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, gid_t ns_grp = (gid_t)-1; kgid_t grp = INVALID_GID; char *name = NULL; + void *app_id_data = NULL; + const char *app_id = NULL; int name_len; int rc; @@ -217,6 +281,14 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, * For TEEC_LOGIN_GROUP: * gid=<gid> * + * For TEEC_LOGIN_APPLICATION: + * app=<application id> + * + * For TEEC_LOGIN_USER_APPLICATION: + * uid=<uid>:app=<application id> + * + * For TEEC_LOGIN_GROUP_APPLICATION: + * gid=<gid>:app=<application id> */ name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL); @@ -227,10 +299,6 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, case TEE_IOCTL_LOGIN_USER: name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x", current_euid().val); - if (name_len >= TEE_UUID_NS_NAME_SIZE) { - rc = -E2BIG; - goto out_free_name; - } break; case TEE_IOCTL_LOGIN_GROUP: @@ -243,10 +311,49 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x", grp.val); - if (name_len >= TEE_UUID_NS_NAME_SIZE) { - rc = -E2BIG; + break; + + case TEE_IOCTL_LOGIN_APPLICATION: + app_id = get_app_id(&app_id_data); + if (IS_ERR(app_id)) { + rc = PTR_ERR(app_id); + goto out_free_name; + } + + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "app=%s", + app_id); + kfree(app_id_data); + break; + + case TEE_IOCTL_LOGIN_USER_APPLICATION: + app_id = get_app_id(&app_id_data); + if (IS_ERR(app_id)) { + rc = PTR_ERR(app_id); goto out_free_name; } + + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x:app=%s", + current_euid().val, app_id); + kfree(app_id_data); + break; + + case TEE_IOCTL_LOGIN_GROUP_APPLICATION: + memcpy(&ns_grp, connection_data, sizeof(gid_t)); + grp = make_kgid(current_user_ns(), ns_grp); + if (!gid_valid(grp) || !in_egroup_p(grp)) { + rc = -EPERM; + goto out_free_name; + } + + app_id = get_app_id(&app_id_data); + if (IS_ERR(app_id)) { + rc = PTR_ERR(app_id); + goto out_free_name; + } + + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x:app=%s", + grp.val, app_id); + kfree(app_id_data); break; default: @@ -254,7 +361,10 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, goto out_free_name; } - rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len); + if (name_len < TEE_UUID_NS_NAME_SIZE) + rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len); + else + rc = -E2BIG; out_free_name: kfree(name); -- 2.28.0

4 years, 8 months

1
0
0 0

[PATCH] tee: optee: replace might_sleep with cond_resched

by Rouven Czerwinski

On Kernels with CONFIG_PREEMPT_NONE might_sleep() is not enough to force rescheduling, replace it with a resched check and cond_resched. Fixes the following stall: [ 572.945146] rcu: INFO: rcu_sched self-detected stall on CPU [ 572.949275] rcu: 0-....: (2099 ticks this GP) idle=572/1/0x40000002 softirq=7412/7412 fqs=974 [ 572.957964] (t=2100 jiffies g=10393 q=21) [ 572.962054] NMI backtrace for cpu 0 [ 572.965540] CPU: 0 PID: 165 Comm: xtest Not tainted 5.8.7 #1 [ 572.971188] Hardware name: STM32 (Device Tree Support) [ 572.976354] [<c011163c>] (unwind_backtrace) from [<c010b7f8>] (show_stack+0x10/0x14) [ 572.984080] [<c010b7f8>] (show_stack) from [<c0511e4c>] (dump_stack+0xc4/0xd8) [ 572.991300] [<c0511e4c>] (dump_stack) from [<c0519abc>] (nmi_cpu_backtrace+0x90/0xc4) [ 572.999130] [<c0519abc>] (nmi_cpu_backtrace) from [<c0519bdc>] (nmi_trigger_cpumask_backtrace+0xec/0x130) [ 573.008706] [<c0519bdc>] (nmi_trigger_cpumask_backtrace) from [<c01a5184>] (rcu_dump_cpu_stacks+0xe8/0x110) [ 573.018453] [<c01a5184>] (rcu_dump_cpu_stacks) from [<c01a4234>] (rcu_sched_clock_irq+0x7fc/0xa88) [ 573.027416] [<c01a4234>] (rcu_sched_clock_irq) from [<c01acdd0>] (update_process_times+0x30/0x8c) [ 573.036291] [<c01acdd0>] (update_process_times) from [<c01bfb90>] (tick_sched_timer+0x4c/0xa8) [ 573.044905] [<c01bfb90>] (tick_sched_timer) from [<c01adcc8>] (__hrtimer_run_queues+0x174/0x358) [ 573.053696] [<c01adcc8>] (__hrtimer_run_queues) from [<c01aea2c>] (hrtimer_interrupt+0x118/0x2bc) [ 573.062573] [<c01aea2c>] (hrtimer_interrupt) from [<c09ad664>] (arch_timer_handler_virt+0x28/0x30) [ 573.071536] [<c09ad664>] (arch_timer_handler_virt) from [<c0190f50>] (handle_percpu_devid_irq+0x8c/0x240) [ 573.081109] [<c0190f50>] (handle_percpu_devid_irq) from [<c018ab8c>] (generic_handle_irq+0x34/0x44) [ 573.090156] [<c018ab8c>] (generic_handle_irq) from [<c018b194>] (__handle_domain_irq+0x5c/0xb0) [ 573.098857] [<c018b194>] (__handle_domain_irq) from [<c052ac50>] (gic_handle_irq+0x4c/0x90) [ 573.107209] [<c052ac50>] (gic_handle_irq) from [<c0100b0c>] (__irq_svc+0x6c/0x90) [ 573.114682] Exception stack(0xd90dfcf8 to 0xd90dfd40) [ 573.119732] fce0: ffff0004 00000000 [ 573.127917] fd00: 00000000 00000000 00000000 00000000 00000000 00000000 d93493cc ffff0000 [ 573.136098] fd20: d2bc39c0 be926998 d90dfd58 d90dfd48 c09f3384 c01151f0 400d0013 ffffffff [ 573.144281] [<c0100b0c>] (__irq_svc) from [<c01151f0>] (__arm_smccc_smc+0x10/0x20) [ 573.151854] [<c01151f0>] (__arm_smccc_smc) from [<c09f3384>] (optee_smccc_smc+0x3c/0x44) [ 573.159948] [<c09f3384>] (optee_smccc_smc) from [<c09f4170>] (optee_do_call_with_arg+0xb8/0x154) [ 573.168735] [<c09f4170>] (optee_do_call_with_arg) from [<c09f4638>] (optee_invoke_func+0x110/0x190) [ 573.177786] [<c09f4638>] (optee_invoke_func) from [<c09f1ebc>] (tee_ioctl+0x10b8/0x11c0) [ 573.185879] [<c09f1ebc>] (tee_ioctl) from [<c029f62c>] (ksys_ioctl+0xe0/0xa4c) [ 573.193101] [<c029f62c>] (ksys_ioctl) from [<c0100060>] (ret_fast_syscall+0x0/0x54) [ 573.200750] Exception stack(0xd90dffa8 to 0xd90dfff0) [ 573.205803] ffa0: be926bf4 be926a78 00000003 8010a403 be926908 004e3cf8 [ 573.213987] ffc0: be926bf4 be926a78 00000000 00000036 be926908 be926918 be9269b0 bffdf0f8 [ 573.222162] ffe0: b6d76fb0 be9268fc b6d66621 b6c7e0d8 seen on STM32 DK2. Signed-off-by: Rouven Czerwinski <r.czerwinski(a)pengutronix.de> --- drivers/tee/optee/call.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/tee/optee/call.c b/drivers/tee/optee/call.c index 20b6fd7383c5..83b73b1d52f0 100644 --- a/drivers/tee/optee/call.c +++ b/drivers/tee/optee/call.c @@ -8,6 +8,7 @@ #include <linux/errno.h> #include <linux/mm.h> #include <linux/slab.h> +#include <linux/sched.h> #include <linux/tee_drv.h> #include <linux/types.h> #include <linux/uaccess.h> @@ -148,7 +149,8 @@ u32 optee_do_call_with_arg(struct tee_context *ctx, phys_addr_t parg) */ optee_cq_wait_for_completion(&optee->call_queue, &w); } else if (OPTEE_SMC_RETURN_IS_RPC(res.a0)) { - might_sleep(); + if(need_resched()) + cond_resched(); param.a0 = res.a0; param.a1 = res.a1; param.a2 = res.a2; -- 2.28.0

4 years, 9 months

3
2
0 0

[PATCH v2] tee: add support for application-based session login methods

by Elvira Khabirova

GP TEE Client API in addition to login methods already supported in the kernel also defines several application-based methods: TEEC_LOGIN_APPLICATION, TEEC_LOGIN_USER_APPLICATION, and TEEC_LOGIN_GROUP_APPLICATION. It specifies credentials generated for TEEC_LOGIN_APPLICATION as only depending on the identity of the program, being persistent within one implementation, across multiple invocations of the application and across power cycles, enabling them to be used to disambiguate persistent storage. The exact nature is REE-specific. As the exact method of generating application identifier strings may vary between vendors, setups and installations, add two suggested methods and an exact framework for vendors to extend upon. Signed-off-by: Elvira Khabirova <e.khabirova(a)omprussia.ru> --- drivers/tee/Kconfig | 29 +++++++++ drivers/tee/tee_core.c | 133 ++++++++++++++++++++++++++++++++++++++--- 2 files changed, 154 insertions(+), 8 deletions(-) diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig index 6488b66d69dd..cd8f02a3d488 100644 --- a/drivers/tee/Kconfig +++ b/drivers/tee/Kconfig @@ -10,6 +10,35 @@ config TEE This implements a generic interface towards a Trusted Execution Environment (TEE). +choice + prompt "Application ID for client UUID" + depends on TEE + default TEE_APPID_PATH + help + This option allows to choose which method will be used to generate + application identifiers for client UUID generation when login methods + TEE_LOGIN_APPLICATION, TEE_LOGIN_USER_APPLICATION + and TEE_LOGIN_GROUP_APPLICATION are used. + Please be mindful of the security of each method in your particular + installation. + + config TEE_APPID_PATH + bool "Path-based application ID" + help + Use the executable's path as an application ID. + + config TEE_APPID_SECURITY + bool "Security extended attribute based application ID" + help + Use the executable's security extended attribute as an application ID. +endchoice + +config TEE_APPID_SECURITY_XATTR + string "Security extended attribute to use for application ID" + depends on TEE_APPID_SECURITY + help + Attribute to be used as an application ID (with the security prefix removed). + if TEE menu "TEE drivers" diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 67186d00a52f..31fb244b59ed 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -16,9 +16,12 @@ #include <linux/cdev.h> #include <linux/cred.h> +#include <linux/file.h> #include <linux/fs.h> #include <linux/idr.h> +#include <linux/mm.h> #include <linux/module.h> +#include <linux/security.h> #include <linux/slab.h> #include <linux/tee_drv.h> #include <linux/uaccess.h> @@ -31,7 +34,7 @@ #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x)) -#define TEE_UUID_NS_NAME_SIZE 128 +#define TEE_UUID_NS_NAME_SIZE PATH_MAX /* * TEE Client UUID name space identifier (UUIDv4) @@ -136,6 +139,72 @@ static int tee_release(struct inode *inode, struct file *filp) return 0; } +#ifdef CONFIG_TEE_APPID_SECURITY +static const char *get_app_id(void **data) +{ + struct file *exe_file; + const char *name = CONFIG_TEE_APPID_SECURITY_XATTR; + int len; + + exe_file = get_mm_exe_file(current->mm); + if (!exe_file) + return ERR_PTR(-ENOENT); + + if (!exe_file->f_inode) { + fput(exe_file); + return ERR_PTR(-ENOENT); + } + + /* + * An identifier string for the binary. Depends on the implementation. + * Could be, for example, a string containing the application vendor ID, + * or the binary's signature, or its hash and a timestamp. + */ + len = security_inode_getsecurity(exe_file->f_inode, name, data, true); + if (len < 0) + return ERR_PTR(len); + + fput(exe_file); + + return *data; +} +#endif /* CONFIG_TEE_APPID_SECURITY */ + +#ifdef CONFIG_TEE_APPID_PATH +static const char *get_app_id(void **data) +{ + struct file *exe_file; + char *path; + + *data = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL); + if (!*data) + return ERR_PTR(-ENOMEM); + + exe_file = get_mm_exe_file(current->mm); + if (!exe_file) { + kfree(*data); + return ERR_PTR(-ENOENT); + } + + path = file_path(exe_file, *data, TEE_UUID_NS_NAME_SIZE); + if (IS_ERR(path)) { + kfree(*data); + return path; + } + + fput(exe_file); + + return path; +} +#endif /* CONFIG_TEE_APPID_PATH */ + +#if defined(CONFIG_TEE_APPID_PATH) || defined(CONFIG_TEE_APPID_SECURITY) +static void free_app_id(void *data) +{ + kfree(data); +} +#endif /* CONFIG_TEE_APPID_PATH || CONFIG_TEE_APPID_SECURITY */ + /** * uuid_v5() - Calculate UUIDv5 * @uuid: Resulting UUID @@ -208,6 +277,8 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, gid_t ns_grp = (gid_t)-1; kgid_t grp = INVALID_GID; char *name = NULL; + void *app_id_data = NULL; + const char *app_id = NULL; int name_len; int rc; @@ -228,6 +299,14 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, * For TEEC_LOGIN_GROUP: * gid=<gid> * + * For TEEC_LOGIN_APPLICATION: + * app=<application id> + * + * For TEEC_LOGIN_USER_APPLICATION: + * uid=<uid>:app=<application id> + * + * For TEEC_LOGIN_GROUP_APPLICATION: + * gid=<gid>:app=<application id> */ name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL); @@ -238,10 +317,6 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, case TEE_IOCTL_LOGIN_USER: name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x", current_euid().val); - if (name_len >= TEE_UUID_NS_NAME_SIZE) { - rc = -E2BIG; - goto out_free_name; - } break; case TEE_IOCTL_LOGIN_GROUP: @@ -254,10 +329,49 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x", grp.val); - if (name_len >= TEE_UUID_NS_NAME_SIZE) { - rc = -E2BIG; + break; + + case TEE_IOCTL_LOGIN_APPLICATION: + app_id = get_app_id(&app_id_data); + if (IS_ERR(app_id)) { + rc = PTR_ERR(app_id); + goto out_free_name; + } + + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "app=%s", + app_id); + free_app_id(app_id_data); + break; + + case TEE_IOCTL_LOGIN_USER_APPLICATION: + app_id = get_app_id(&app_id_data); + if (IS_ERR(app_id)) { + rc = PTR_ERR(app_id); + goto out_free_name; + } + + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x:app=%s", + current_euid().val, app_id); + free_app_id(app_id_data); + break; + + case TEE_IOCTL_LOGIN_GROUP_APPLICATION: + memcpy(&ns_grp, connection_data, sizeof(gid_t)); + grp = make_kgid(current_user_ns(), ns_grp); + if (!gid_valid(grp) || !in_egroup_p(grp)) { + rc = -EPERM; + goto out_free_name; + } + + app_id = get_app_id(&app_id_data); + if (IS_ERR(app_id)) { + rc = PTR_ERR(app_id); goto out_free_name; } + + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x:app=%s", + grp.val, app_id); + free_app_id(app_id_data); break; default: @@ -265,7 +379,10 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, goto out_free_name; } - rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len); + if (name_len < TEE_UUID_NS_NAME_SIZE) + rc = uuid_v5(uuid, &tee_client_uuid_ns, name, name_len); + else + rc = -E2BIG; out_free_name: kfree(name); -- 2.17.1

4 years, 9 months

2
2
0 0

Re: Linaro OP-TEE Contributions meeting Sept 2020

by Jérôme Forissier

Hi Joakim, On Tue, Sep 29, 2020 at 12:00 PM Joakim Bech via OP-TEE < op-tee(a)lists.trustedfirmware.org> wrote: > Hi Jorge, > > On Tue, 29 Sep 2020 at 11:49, Jorge Ramirez <jorge(a)foundries.io> wrote: > > > Hi Joakim > > > > Shall we discuss how we want to extend the criptodriver API were > different > > algorithms can be taken from different ciphers? > > And maybe also how to communicate other than using the github frontend? I > > think this is useful in the case of relatively complex PR. > > > Sounds good to me, I'm adding that to the agenda. This concludes that there > _will_ be a LOC meeting tomorrow Wednesday 30th Sept @ 16.00 (UTC+2). > > Again, connection details etc can be found in the meeting notes document: > http://bit.ly/loc-notes Apologies for not joining, I had a calendar issue (my fault!). Since the date for the next release is confirmed and coming soon, I will create the release PR and send the notification email shortly. Thanks, -- Jerome

4 years, 9 months

1
0
0 0

[RFC PATCH] tee: add support for application-based session login methods

by Elvira Khabirova

GP TEE Client API in addition to login methods already supported in the kernel also defines several application-based methods: TEEC_LOGIN_APPLICATION, TEEC_LOGIN_USER_APPLICATION, and TEEC_LOGIN_GROUP_APPLICATION. It specifies credentials generated for TEEC_LOGIN_APPLICATION as only depending on the identity of the program, being persistent within one implementation, across multiple invocations of the application and across power cycles, enabling them to be used to disambiguate persistent storage. The exact nature is REE-specific. As the exact method of generating application identifier strings may vary between vendors, setups and installations, add two suggested methods and an exact framework for vendors to extend upon. Signed-off-by: Elvira Khabirova <e.khabirova(a)omprussia.ru> --- drivers/tee/Kconfig | 29 +++++++++ drivers/tee/tee_core.c | 136 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 164 insertions(+), 1 deletion(-) diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig index e99d840c2511..4cd6e0d2aad5 100644 --- a/drivers/tee/Kconfig +++ b/drivers/tee/Kconfig @@ -11,6 +11,35 @@ config TEE This implements a generic interface towards a Trusted Execution Environment (TEE). +choice + prompt "Application ID for client UUID" + depends on TEE + default TEE_APPID_PATH + help + This option allows to choose which method will be used to generate + application identifiers for client UUID generation when login methods + TEE_LOGIN_APPLICATION, TEE_LOGIN_USER_APPLICATION + and TEE_LOGIN_GROUP_APPLICATION are used. + Please be mindful of the security of each method in your particular + installation. + + config TEE_APPID_PATH + bool "Path-based application ID" + help + Use the executable's path as an application ID. + + config TEE_APPID_SECURITY + bool "Security extended attribute based application ID" + help + Use the executable's security extended attribute as an application ID. +endchoice + +config TEE_APPID_SECURITY_XATTR + string "Security extended attribute to use for application ID" + depends on TEE_APPID_SECURITY + help + Attribute to be used as an application ID (with the security prefix removed). + if TEE menu "TEE drivers" diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 64637e09a095..19c965dd212b 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -7,8 +7,10 @@ #include <linux/cdev.h> #include <linux/cred.h> +#include <linux/file.h> #include <linux/fs.h> #include <linux/idr.h> +#include <linux/mm.h> #include <linux/module.h> #include <linux/slab.h> #include <linux/tee_drv.h> @@ -17,11 +19,15 @@ #include <crypto/sha.h> #include "tee_private.h" +#ifdef CONFIG_TEE_APPID_SECURITY +#include <linux/security.h> +#endif + #define TEE_NUM_DEVICES 32 #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x)) -#define TEE_UUID_NS_NAME_SIZE 128 +#define TEE_UUID_NS_NAME_SIZE PATH_MAX /* * TEE Client UUID name space identifier (UUIDv4) @@ -125,6 +131,67 @@ static int tee_release(struct inode *inode, struct file *filp) return 0; } +#ifdef CONFIG_TEE_APPID_SECURITY +static const char *tee_session_get_application_id(void **data) +{ + struct file *exe_file; + const char *name = CONFIG_TEE_APPID_SECURITY_XATTR; + int len; + + exe_file = get_mm_exe_file(current->mm); + if (!exe_file) + return ERR_PTR(-ENOENT); + + if (!exe_file->f_inode) { + fput(exe_file); + return ERR_PTR(-ENOENT); + } + + len = security_inode_getsecurity(exe_file->f_inode, name, data, true); + if (len < 0) + return ERR_PTR(len); + + fput(exe_file); + + return *data; +} +#endif /* CONFIG_TEE_APPID_SECURITY */ + +#ifdef CONFIG_TEE_APPID_PATH +static const char *tee_session_get_application_id(void **data) +{ + struct file *exe_file; + char *path; + + *data = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL); + if (!*data) + return ERR_PTR(-ENOMEM); + + exe_file = get_mm_exe_file(current->mm); + if (!exe_file) { + kfree(*data); + return ERR_PTR(-ENOENT); + } + + path = file_path(exe_file, *data, TEE_UUID_NS_NAME_SIZE); + if (IS_ERR(path)) { + kfree(*data); + return path; + } + + fput(exe_file); + + return path; +} +#endif /* CONFIG_TEE_APPID_PATH */ + +#if defined(CONFIG_TEE_APPID_PATH) || defined(CONFIG_TEE_APPID_SECURITY) +static void tee_session_free_application_id(void *data) +{ + kfree(data); +} +#endif /* CONFIG_TEE_APPID_PATH || CONFIG_TEE_APPID_SECURITY */ + /** * uuid_v5() - Calculate UUIDv5 * @uuid: Resulting UUID @@ -197,6 +264,8 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, gid_t ns_grp = (gid_t)-1; kgid_t grp = INVALID_GID; char *name = NULL; + void *application_id_data = NULL; + const char *application_id = NULL; int name_len; int rc; @@ -217,6 +286,14 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, * For TEEC_LOGIN_GROUP: * gid=<gid> * + * For TEEC_LOGIN_APPLICATION: + * app=<application id> + * + * For TEEC_LOGIN_USER_APPLICATION: + * uid=<uid>:app=<application id> + * + * For TEEC_LOGIN_GROUP_APPLICATION: + * gid=<gid>:app=<application id> */ name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL); @@ -249,6 +326,63 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, } break; + case TEE_IOCTL_LOGIN_APPLICATION: + application_id = tee_session_get_application_id(&application_id_data); + if (IS_ERR(application_id)) { + rc = PTR_ERR(application_id); + goto out_free_name; + } + + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "app=%s", + application_id); + tee_session_free_application_id(application_id_data); + + if (name_len >= TEE_UUID_NS_NAME_SIZE) { + rc = -E2BIG; + goto out_free_name; + } + break; + + case TEE_IOCTL_LOGIN_USER_APPLICATION: + application_id = tee_session_get_application_id(&application_id_data); + if (IS_ERR(application_id)) { + rc = PTR_ERR(application_id); + goto out_free_name; + } + + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x:app=%s", + current_euid().val, application_id); + tee_session_free_application_id(application_id_data); + + if (name_len >= TEE_UUID_NS_NAME_SIZE) { + rc = -E2BIG; + goto out_free_name; + } + break; + + case TEE_IOCTL_LOGIN_GROUP_APPLICATION: + memcpy(&ns_grp, connection_data, sizeof(gid_t)); + grp = make_kgid(current_user_ns(), ns_grp); + if (!gid_valid(grp) || !in_egroup_p(grp)) { + rc = -EPERM; + goto out_free_name; + } + + application_id = tee_session_get_application_id(&application_id_data); + if (IS_ERR(application_id)) { + rc = PTR_ERR(application_id); + goto out_free_name; + } + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x:app=%s", + grp.val, application_id); + tee_session_free_application_id(application_id_data); + + if (name_len >= TEE_UUID_NS_NAME_SIZE) { + rc = -E2BIG; + goto out_free_name; + } + break; + default: rc = -EINVAL; goto out_free_name; -- 2.28.0

4 years, 9 months

2
3
0 0

Re: Linaro OP-TEE Contributions meeting Sept 2020

by Jorge Ramirez

Hi Joakim Shall we discuss how we want to extend the criptodriver API were different algorithms can be taken from different ciphers? And maybe also how to communicate other than using the github frontend? I think this is useful in the case of relatively complex PR. thanks Jorge On Mon, Sep 28, 2020 at 1:08 PM Joakim Bech via OP-TEE < op-tee(a)lists.trustedfirmware.org> wrote: > Hi, > > Just a reminder, I have seen no suggestions for topics and if I hear > nothing until noon tomorrow 29/9 (UTC), then I'll cancel the September > meeting. > > Regards, > Joakim > > > On Thu, 17 Sep 2020 at 11:19, Joakim Bech <joakim.bech(a)linaro.org> wrote: > > > Hi, > > > > LOC monthly meeting is planned to take place Sept 30 @ 16.00 (UTC+2). > > Connection details can be found in the meeting notes document (link > below). > > > > This email is a request to gather topics to discuss. If there are no > > suggestions, then there will be no meeting (announced in this email > thread, > > if that's the case). To suggest a topic, either reply to this email > thread > > or add your topic directly into the meeting notes (or do both). > > > > Meeting details: > > --------------- > > Date/time: Wednesday Sept 30th(a)16.00 (UTC+2) > > https://everytimezone.com/s/92bd296e > > Invitation/connection details: In the meeting notes > > Meeting notes: http://bit.ly/loc-notes > > Project page: https://www.linaro.org/projects/#LOC > > > > Regards, > > Joakim on behalf of the Linaro OP-TEE team > > >

4 years, 9 months

2
1
0 0

Linaro OP-TEE Contributions meeting Sept 2020

by Joakim Bech

Hi, LOC monthly meeting is planned to take place Sept 30 @ 16.00 (UTC+2). Connection details can be found in the meeting notes document (link below). This email is a request to gather topics to discuss. If there are no suggestions, then there will be no meeting (announced in this email thread, if that's the case). To suggest a topic, either reply to this email thread or add your topic directly into the meeting notes (or do both). Meeting details: --------------- Date/time: Wednesday Sept 30th(a)16.00 (UTC+2) https://everytimezone.com/s/92bd296e Invitation/connection details: In the meeting notes Meeting notes: http://bit.ly/loc-notes Project page: https://www.linaro.org/projects/#LOC Regards, Joakim on behalf of the Linaro OP-TEE team

4 years, 9 months

1
1
0 0

Re: [RFC PATCH] tee: add support for application-based session login methods

by Elvira Khabirova

Hello, On Thu, 17 Sep 2020 15:46:07 +0000 Elvira Khabirova via OP-TEE <op-tee(a)lists.trustedfirmware.org> wrote: > GP TEE Client API in addition to login methods already supported > in the kernel also defines several application-based methods: > TEEC_LOGIN_APPLICATION, TEEC_LOGIN_USER_APPLICATION, and > TEEC_LOGIN_GROUP_APPLICATION. > > It specifies credentials generated for TEEC_LOGIN_APPLICATION as only > depending on the identity of the program, being persistent within one > implementation, across multiple invocations of the application > and across power cycles, enabling them to be used to disambiguate > persistent storage. The exact nature is REE-specific. > > As the exact method of generating application identifier strings may > vary between vendors, setups and installations, add two suggested > methods and an exact framework for vendors to extend upon. If there are no comments on this, I will resend this and drop [RFC] from the subject. > Signed-off-by: Elvira Khabirova <e.khabirova(a)omprussia.ru> > --- > drivers/tee/Kconfig | 29 +++++++++ > drivers/tee/tee_core.c | 136 ++++++++++++++++++++++++++++++++++++++++- > 2 files changed, 164 insertions(+), 1 deletion(-) > > diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig > index e99d840c2511..4cd6e0d2aad5 100644 > --- a/drivers/tee/Kconfig > +++ b/drivers/tee/Kconfig > @@ -11,6 +11,35 @@ config TEE > This implements a generic interface towards a Trusted Execution > Environment (TEE). > > +choice > + prompt "Application ID for client UUID" > + depends on TEE > + default TEE_APPID_PATH > + help > + This option allows to choose which method will be used to generate > + application identifiers for client UUID generation when login methods > + TEE_LOGIN_APPLICATION, TEE_LOGIN_USER_APPLICATION > + and TEE_LOGIN_GROUP_APPLICATION are used. > + Please be mindful of the security of each method in your particular > + installation. > + > + config TEE_APPID_PATH > + bool "Path-based application ID" > + help > + Use the executable's path as an application ID. > + > + config TEE_APPID_SECURITY > + bool "Security extended attribute based application ID" > + help > + Use the executable's security extended attribute as an application ID. > +endchoice > + > +config TEE_APPID_SECURITY_XATTR > + string "Security extended attribute to use for application ID" > + depends on TEE_APPID_SECURITY > + help > + Attribute to be used as an application ID (with the security prefix removed). > + > if TEE > > menu "TEE drivers" > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c > index 64637e09a095..19c965dd212b 100644 > --- a/drivers/tee/tee_core.c > +++ b/drivers/tee/tee_core.c > @@ -7,8 +7,10 @@ > > #include <linux/cdev.h> > #include <linux/cred.h> > +#include <linux/file.h> > #include <linux/fs.h> > #include <linux/idr.h> > +#include <linux/mm.h> > #include <linux/module.h> > #include <linux/slab.h> > #include <linux/tee_drv.h> > @@ -17,11 +19,15 @@ > #include <crypto/sha.h> > #include "tee_private.h" > > +#ifdef CONFIG_TEE_APPID_SECURITY > +#include <linux/security.h> > +#endif > + > #define TEE_NUM_DEVICES 32 > > #define TEE_IOCTL_PARAM_SIZE(x) (sizeof(struct tee_param) * (x)) > > -#define TEE_UUID_NS_NAME_SIZE 128 > +#define TEE_UUID_NS_NAME_SIZE PATH_MAX > > /* > * TEE Client UUID name space identifier (UUIDv4) > @@ -125,6 +131,67 @@ static int tee_release(struct inode *inode, struct file *filp) > return 0; > } > > +#ifdef CONFIG_TEE_APPID_SECURITY > +static const char *tee_session_get_application_id(void **data) > +{ > + struct file *exe_file; > + const char *name = CONFIG_TEE_APPID_SECURITY_XATTR; > + int len; > + > + exe_file = get_mm_exe_file(current->mm); > + if (!exe_file) > + return ERR_PTR(-ENOENT); > + > + if (!exe_file->f_inode) { > + fput(exe_file); > + return ERR_PTR(-ENOENT); > + } > + > + len = security_inode_getsecurity(exe_file->f_inode, name, data, true); > + if (len < 0) > + return ERR_PTR(len); > + > + fput(exe_file); > + > + return *data; > +} > +#endif /* CONFIG_TEE_APPID_SECURITY */ > + > +#ifdef CONFIG_TEE_APPID_PATH > +static const char *tee_session_get_application_id(void **data) > +{ > + struct file *exe_file; > + char *path; > + > + *data = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL); > + if (!*data) > + return ERR_PTR(-ENOMEM); > + > + exe_file = get_mm_exe_file(current->mm); > + if (!exe_file) { > + kfree(*data); > + return ERR_PTR(-ENOENT); > + } > + > + path = file_path(exe_file, *data, TEE_UUID_NS_NAME_SIZE); > + if (IS_ERR(path)) { > + kfree(*data); > + return path; > + } > + > + fput(exe_file); > + > + return path; > +} > +#endif /* CONFIG_TEE_APPID_PATH */ > + > +#if defined(CONFIG_TEE_APPID_PATH) || defined(CONFIG_TEE_APPID_SECURITY) > +static void tee_session_free_application_id(void *data) > +{ > + kfree(data); > +} > +#endif /* CONFIG_TEE_APPID_PATH || CONFIG_TEE_APPID_SECURITY */ > + > /** > * uuid_v5() - Calculate UUIDv5 > * @uuid: Resulting UUID > @@ -197,6 +264,8 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, > gid_t ns_grp = (gid_t)-1; > kgid_t grp = INVALID_GID; > char *name = NULL; > + void *application_id_data = NULL; > + const char *application_id = NULL; > int name_len; > int rc; > > @@ -217,6 +286,14 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, > * For TEEC_LOGIN_GROUP: > * gid=<gid> > * > + * For TEEC_LOGIN_APPLICATION: > + * app=<application id> > + * > + * For TEEC_LOGIN_USER_APPLICATION: > + * uid=<uid>:app=<application id> > + * > + * For TEEC_LOGIN_GROUP_APPLICATION: > + * gid=<gid>:app=<application id> > */ > > name = kzalloc(TEE_UUID_NS_NAME_SIZE, GFP_KERNEL); > @@ -249,6 +326,63 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, > } > break; > > + case TEE_IOCTL_LOGIN_APPLICATION: > + application_id = tee_session_get_application_id(&application_id_data); > + if (IS_ERR(application_id)) { > + rc = PTR_ERR(application_id); > + goto out_free_name; > + } > + > + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "app=%s", > + application_id); > + tee_session_free_application_id(application_id_data); > + > + if (name_len >= TEE_UUID_NS_NAME_SIZE) { > + rc = -E2BIG; > + goto out_free_name; > + } > + break; > + > + case TEE_IOCTL_LOGIN_USER_APPLICATION: > + application_id = tee_session_get_application_id(&application_id_data); > + if (IS_ERR(application_id)) { > + rc = PTR_ERR(application_id); > + goto out_free_name; > + } > + > + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "uid=%x:app=%s", > + current_euid().val, application_id); > + tee_session_free_application_id(application_id_data); > + > + if (name_len >= TEE_UUID_NS_NAME_SIZE) { > + rc = -E2BIG; > + goto out_free_name; > + } > + break; > + > + case TEE_IOCTL_LOGIN_GROUP_APPLICATION: > + memcpy(&ns_grp, connection_data, sizeof(gid_t)); > + grp = make_kgid(current_user_ns(), ns_grp); > + if (!gid_valid(grp) || !in_egroup_p(grp)) { > + rc = -EPERM; > + goto out_free_name; > + } > + > + application_id = tee_session_get_application_id(&application_id_data); > + if (IS_ERR(application_id)) { > + rc = PTR_ERR(application_id); > + goto out_free_name; > + } > + name_len = snprintf(name, TEE_UUID_NS_NAME_SIZE, "gid=%x:app=%s", > + grp.val, application_id); > + tee_session_free_application_id(application_id_data); > + > + if (name_len >= TEE_UUID_NS_NAME_SIZE) { > + rc = -E2BIG; > + goto out_free_name; > + } > + break; > + > default: > rc = -EINVAL; > goto out_free_name;

4 years, 9 months

1
0
0 0

[PATCH -next] tee: optee: fix type warning of sizeof in pool_op_alloc()

by Liu Shixin

sizeof() when applied to a pointer typed expression should gives the size of the pointed data, even if the data is a pointer. Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> --- drivers/tee/optee/shm_pool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tee/optee/shm_pool.c b/drivers/tee/optee/shm_pool.c index d767eebf30bd..9fdc667b5df0 100644 --- a/drivers/tee/optee/shm_pool.c +++ b/drivers/tee/optee/shm_pool.c @@ -31,7 +31,7 @@ static int pool_op_alloc(struct tee_shm_pool_mgr *poolm, unsigned int nr_pages = 1 << order, i; struct page **pages; - pages = kcalloc(nr_pages, sizeof(pages), GFP_KERNEL); + pages = kcalloc(nr_pages, sizeof(*pages), GFP_KERNEL); if (!pages) return -ENOMEM; -- 2.25.1

4 years, 9 months

2
1
0 0

2025

2024

2023

2022

2021

2020

OP-TEE