TEE Client API defines that from user space only information needed for specified login operations is group identifier for group based logins.
REE kernel is expected to formulate trustworthy client UUID and pass that to TEE environment. REE kernel is required to verify that provided group identifier for group based logins matches calling processes group memberships.
TEE specification only defines that the information passed from REE environment to TEE environment is encoded into on UUID.
In order to guarantee trustworthiness of client UUID user space is not allowed to freely pass client UUID.
Vesa Jääskeläinen (3): tee: add support for session's client UUID generation tee: optee: Add support for session login client UUID generation [RFC] tee: add support for app id for client UUID generation
drivers/tee/Kconfig | 1 + drivers/tee/optee/call.c | 6 +- drivers/tee/tee_core.c | 211 +++++++++++++++++++++++++++++++++++++++ include/linux/tee_drv.h | 16 +++ 4 files changed, 233 insertions(+), 1 deletion(-)