Hi Manorit,
You may be interested in the Trusted Services project and its relation to OP-TEE. This recent announcement on the op-tee mailing list describes an extension of OP-TEE with an additional feature: https://lists.trustedfirmware.org/archives/list/op-tee@lists.trustedfirmware...
The key message in the linked wiki entry https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/ from your perspective might be that OP-TEE now has a capability to run so called Trusted Services, which implement PSA Functional API, including, but not limited to, its Secure Storage API: https://www.psacertified.org/development-resources/building-in-security/spec... This provides a client application with a generic interface for using secure storage functionality.
Please be mindful of the limitations mentioned on the linked page as this is project is still work in progress, but we would be more than happy to get feedback on what we have done, and whether it can meet your expectations.
Regards, Miklos
-----Original Message----- From: Manorit Chawdhry m-chawdhry@ti.com Sent: 23 February 2022 13:10 To: Joakim Bech joakim.bech@linaro.org Cc: op-tee@lists.trustedfirmware.org; p.yadav@ti.com Subject: Re: Secure Storage Applications
On 09:56-20220223, Joakim Bech wrote:
Hi,
Hi,
Thank you all for your replies. Those have been really helpful!
Though from all the links you have shared, I am still wondering if there is any core part in OP-TEE which could allow to provide a generic interface for using the secure storage functionality instead of we needing to setup our own TA ( along with some binary on the host with the simple purpose of putting files from Linux in secure storage. )
As this seemed somewhat intuitive to me from a perspective of user wanting to try out secure_storage and would be interested to know if something like this is available in it.
Thanks and regards, Manorit
On Wed, Feb 23, 2022 at 11:37:33AM +0530, Sumit Garg wrote:
Hi Manorit,
On Tue, 22 Feb 2022 at 18:59, Manorit Chawdhry m-chawdhry@ti.com wrote:
Hi,
I have been exploring secure storage in OP-TEE for a few days and I need some help in putting some files into it.
I have been trying to find some tool which could help me put any files from Linux into secure storage and retrieve them back later so that I could see secure storage in action but haven't been able to find any yet.
Is there any tool which you guys might know of which helps put files in secure storage and retrieve them back later?
I would suggest you have a look at storage tests from OP-TEE test suite here: client [1] and TA [2].
[1] https://github.com/OP-TEE/optee_test/blob/master/host/xtest/regressi on_6000.c [2] https://github.com/OP-TEE/optee_test/tree/master/ta/storage
In addition to that we also have the secure storage example TA [3], that comes deployed with our developer environments (QEMU [4] is an example of such an environment).
[3] https://github.com/linaro-swg/optee_examples/tree/master/secure_storag e [4] https://optee.readthedocs.io/en/latest/building/devices/qemu.html
-Sumit
Best Regards, Manorit
// Regards, Joakim
Hi Miklos,
Thank you for the links, it seems like it would most certainly help me. I will get back to you with more questions if I have any regarding Trusted Services.
Thanks and Regards, Manorit
On 19:16-20220301, Miklos Balint wrote:
Hi Manorit,
You may be interested in the Trusted Services project and its relation to OP-TEE. This recent announcement on the op-tee mailing list describes an extension of OP-TEE with an additional feature: https://lists.trustedfirmware.org/archives/list/op-tee@lists.trustedfirmware...
The key message in the linked wiki entry https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/ from your perspective might be that OP-TEE now has a capability to run so called Trusted Services, which implement PSA Functional API, including, but not limited to, its Secure Storage API: https://www.psacertified.org/development-resources/building-in-security/spec... This provides a client application with a generic interface for using secure storage functionality.
Please be mindful of the limitations mentioned on the linked page as this is project is still work in progress, but we would be more than happy to get feedback on what we have done, and whether it can meet your expectations.
Regards, Miklos
-----Original Message----- From: Manorit Chawdhry m-chawdhry@ti.com Sent: 23 February 2022 13:10 To: Joakim Bech joakim.bech@linaro.org Cc: op-tee@lists.trustedfirmware.org; p.yadav@ti.com Subject: Re: Secure Storage Applications
On 09:56-20220223, Joakim Bech wrote:
Hi,
Hi,
Thank you all for your replies. Those have been really helpful!
Though from all the links you have shared, I am still wondering if there is any core part in OP-TEE which could allow to provide a generic interface for using the secure storage functionality instead of we needing to setup our own TA ( along with some binary on the host with the simple purpose of putting files from Linux in secure storage. )
As this seemed somewhat intuitive to me from a perspective of user wanting to try out secure_storage and would be interested to know if something like this is available in it.
Thanks and regards, Manorit
On Wed, Feb 23, 2022 at 11:37:33AM +0530, Sumit Garg wrote:
Hi Manorit,
On Tue, 22 Feb 2022 at 18:59, Manorit Chawdhry m-chawdhry@ti.com wrote:
Hi,
I have been exploring secure storage in OP-TEE for a few days and I need some help in putting some files into it.
I have been trying to find some tool which could help me put any files from Linux into secure storage and retrieve them back later so that I could see secure storage in action but haven't been able to find any yet.
Is there any tool which you guys might know of which helps put files in secure storage and retrieve them back later?
I would suggest you have a look at storage tests from OP-TEE test suite here: client [1] and TA [2].
[1] https://github.com/OP-TEE/optee_test/blob/master/host/xtest/regressi on_6000.c [2] https://github.com/OP-TEE/optee_test/tree/master/ta/storage
In addition to that we also have the secure storage example TA [3], that comes deployed with our developer environments (QEMU [4] is an example of such an environment).
[3] https://github.com/linaro-swg/optee_examples/tree/master/secure_storag e [4] https://optee.readthedocs.io/en/latest/building/devices/qemu.html
-Sumit
Best Regards, Manorit
// Regards, Joakim
trusted-services@lists.trustedfirmware.org
-
Manorit Chawdhry -
Miklos Balint