On Tue, 22 Dec 2020 08:50:56 +0000 Vesa Jääskeläinen via OP-TEE op-tee@lists.trustedfirmware.org wrote:
Hi,
On 2020-10-08 08:53, Jens Wiklander wrote:
Hi Sumit,
On Wed, Oct 7, 2020 at 11:27 AM Sumit Garg sumit.garg@linaro.org wrote:
Hi Jens,
On Thu, 17 Sep 2020 at 19:10, Sumit Garg sumit.garg@linaro.org wrote:
Since the addition of session's client UUID generation via commit [1], login via REE kernel method was disallowed. So fix that via passing nill UUID in case of TEE_IOCTL_LOGIN_REE_KERNEL method as well.
Fixes: e33bcbab16d1 ("tee: add support for session's client UUID generation") [1] Signed-off-by: Sumit Garg sumit.garg@linaro.org
drivers/tee/tee_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
Would you like to pick up this fix?
Thanks for the reminder. This looks good to me. I'll pick up this unless someone objects. Vesa, does this look good to you too?
Cheers, Jens
Sorry I have been away for a while from the mailing list.
It seems that this is merged -- only thing that came to my mind with this is that:
If we have some kernel protected keys or so -- should we have separate client UUID for kernel operations.
Like when TEE_IOCTL_LOGIN_REE_KERNEL is given then client UUID would be generated for "kernel".
This way we can make sure that kernel owned keys stays for kernel. Nil UUID is kinda reserved for public login.
Isn't this unnecessary? According to the TEE Internal Core API Specification, TEE_Identity, a data type that "defines the full identity of a Client", consists of a UUID *and* one of the TEE_LOGIN_XXX constants. Therefore, TEE_LOGIN_PUBLIC with a nil UUID is a different client than TEE_LOGIN_REE_KERNEL with a nil UUID.
Thanks, Vesa Jääskeläinen
-Sumit
diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 64637e0..2f6199e 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -200,7 +200,8 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method, int name_len; int rc;
if (connection_method == TEE_IOCTL_LOGIN_PUBLIC) {
if (connection_method == TEE_IOCTL_LOGIN_PUBLIC ||
connection_method == TEE_IOCTL_LOGIN_REE_KERNEL) { /* Nil UUID to be passed to TEE environment */ uuid_copy(uuid, &uuid_null); return 0;
-- 2.7.4