- Trusted-services - lists.trustedfirmware.org

by Balint Dobszay

Hi All, This is a follow-up email to the OP-TEE v3.17 release, highlighting the updates to the SPMC component. As you might know there is a forked version living at [1], and we are continuously working on moving all features to upstream. This version enables all PSA Secure Partitions implemented by Trusted Services to work with the upstream SPMC. For more information about the PSA SPs, please see [2]. Short summary of introduced changes: - Added support to process the SP manifests in the SPMC. The device MMIO regions described in the SP manifest are mapped into the SP's translation regime, as requested by FF-A. - Added support for the FF-A v1.0 partition boot protocol. The SPMC will pass information to the S-EL0 SPs about the device regions mapped. The boot information is passed in device tree format, using the same bindings as the SP manifest [3]. - Forward TPM Event Log to S-EL0 SPs. For more details on how to get, build and test the SPMC, please see [4]. If you have any questions, please do not hesitate to reach out to us via [5] or [6]. Regards, Balint on behalf of the Trusted Services team [1] https://git.trustedfirmware.org/OP-TEE/optee_os.git/log/?h=psa-development [2] https://trusted-services.readthedocs.io/en/integration [3] https://trustedfirmware-a.readthedocs.io/en/latest/components/ffa-manifest-… [4] https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc [5] https://lists.trustedfirmware.org/mailman3/lists/op-tee.lists.trustedfirmwa… [6] https://lists.trustedfirmware.org/mailman3/lists/trusted-services.lists.tru…

1 month, 1 week

2
1
0 0

Re: Secure Storage Applications

by Miklos Balint

Hi Manorit, You may be interested in the Trusted Services project and its relation to OP-TEE. This recent announcement on the op-tee mailing list describes an extension of OP-TEE with an additional feature: https://lists.trustedfirmware.org/archives/list/op-tee@lists.trustedfirmwar… The key message in the linked wiki entry https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/ from your perspective might be that OP-TEE now has a capability to run so called Trusted Services, which implement PSA Functional API, including, but not limited to, its Secure Storage API: https://www.psacertified.org/development-resources/building-in-security/spe… This provides a client application with a generic interface for using secure storage functionality. Please be mindful of the limitations mentioned on the linked page as this is project is still work in progress, but we would be more than happy to get feedback on what we have done, and whether it can meet your expectations. Regards, Miklos -----Original Message----- From: Manorit Chawdhry <m-chawdhry(a)ti.com> Sent: 23 February 2022 13:10 To: Joakim Bech <joakim.bech(a)linaro.org> Cc: op-tee(a)lists.trustedfirmware.org; p.yadav(a)ti.com Subject: Re: Secure Storage Applications On 09:56-20220223, Joakim Bech wrote: > Hi, > Hi, Thank you all for your replies. Those have been really helpful! Though from all the links you have shared, I am still wondering if there is any core part in OP-TEE which could allow to provide a generic interface for using the secure storage functionality instead of we needing to setup our own TA ( along with some binary on the host with the simple purpose of putting files from Linux in secure storage. ) As this seemed somewhat intuitive to me from a perspective of user wanting to try out secure_storage and would be interested to know if something like this is available in it. Thanks and regards, Manorit > On Wed, Feb 23, 2022 at 11:37:33AM +0530, Sumit Garg wrote: > > Hi Manorit, > > > > On Tue, 22 Feb 2022 at 18:59, Manorit Chawdhry <m-chawdhry(a)ti.com> wrote: > > > > > > Hi, > > > > > > I have been exploring secure storage in OP-TEE for a few days and > > > I need some help in putting some files into it. > > > > > > I have been trying to find some tool which could help me put any > > > files from Linux into secure storage and retrieve them back later > > > so that I could see secure storage in action but haven't been able to find any yet. > > > > > > Is there any tool which you guys might know of which helps put > > > files in secure storage and retrieve them back later? > > > > > > > I would suggest you have a look at storage tests from OP-TEE test > > suite here: client [1] and TA [2]. > > > > [1] > > https://github.com/OP-TEE/optee_test/blob/master/host/xtest/regressi > > on_6000.c [2] > > https://github.com/OP-TEE/optee_test/tree/master/ta/storage > > > In addition to that we also have the secure storage example TA [3], > that comes deployed with our developer environments (QEMU [4] is an > example of such an environment). > > [3] > https://github.com/linaro-swg/optee_examples/tree/master/secure_storag > e [4] > https://optee.readthedocs.io/en/latest/building/devices/qemu.html > > > -Sumit > > > > > Best Regards, > > > Manorit > > // Regards, > Joakim

3 months, 3 weeks

2
1
0 0

OP-TEE S-EL1 SPMC status

by Jelle Sels

Hi all, As part of Trusted Services project we are extending OP-TEE to be a full complaint FF-A S-EL1 SPMC. This work is still on going but some of the Trusted Services applications are already compatible. We created https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/ which gives the current status of the SPMC work and can be a starting point for everyone who wants to get started with the Trusted Services or OP-TEE as a S-EL1 SPMC. Please feel free to ask any questions on the Trusted Service and the OP-TEE mailing list. https://lists.trustedfirmware.org/mailman3/lists/trusted-services.lists.tru… https://lists.trustedfirmware.org/mailman3/lists/op-tee.lists.trustedfirmwa… Regards, Jelle IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

4 months

1
0
0 0

2022

Trusted-services ----- 2022 ----- June 2022 May 2022 April 2022 March 2022 February 2022 January 2022

Trusted-services