Hi Jens,
On 8 October 2018 at 01:18, Jens Wiklander jens.wiklander@linaro.org wrote:
Hi Simon,
On Tue, Oct 2, 2018 at 1:21 PM, Simon Glass sjg@chromium.org wrote:
Hi Jen,
On 25 September 2018 at 07:40, Jens Wiklander jens.wiklander@linaro.org wrote:
Hi,
This adds support for storing AVB rollback indexes in the RPMB partition. The RPMB partition (content and key) is managed by OP-TEE (https://www.op-tee.org/) which is a secure OS leveraging ARM TrustZone.
The Linux kernel can already support OP-TEE with reading and updating rollback indexes in the RPMB partition, the catch is that this is needed before the kernel has booted.
The design here is the same as what is in the Linux kernel, with the exception that the user space daemon tee-supplicant is integrated in the OP-TEE driver here (drivers/tee/optee/supplicant.c) instead. A new uclass (UCLASS_TEE) is introduced to provide an abstraction for interfacing with a Trusted Execution Environment (TEE). There's also the OP-TEE driver using UCLASS_TEE for registration.
A Trusted Application (TA) interface is added to be used by the AVB verify functions which are updated accordingly. The TA is managed by OP-TEE and is executed in a secure TrustZone protected environment.
The header files drivers/tee/optee/optee_{msg,msg_supplicant,smc}.h and include/tee/optee_ta_avb.h are copied from https://github.com/OP-TEE/optee_os/tree/master more or less unmodified. They may need to be updated from time to time in order to support new features.
In MMC there's a new function, mmc_rpmb_route_frames(), which as the name suggests is used to route RPMB frames to/from the MMC. This saves OP-TEE from implementing an MMC driver which would need to share resources with its counterpart here in U-Boot.
This was tested on a Hikey (Kirin 620) board.
I've added myself as maintainer of the TEE stuff.
changes in v4:
- Addressed review comments from Simon Glass
- Rebased on v2018.09
- "avb_verify: bugfix avb_ops_free() skipping free" removed due to the rebase
- Commits "dt/bindings: add bindings for optee", "sandbox: imply CONFIG_TEE (TEE uclass)", "tee: add sandbox driver", "avb_verify: support using OP-TEE TA AVB", "test_avb: Update patiensepymark.buildconfigspec information for the AVB tests", "Kconfig: sandbox: enable cmd_avb and dependencies", Reviewed-by: Simon Glass sjg@chromium.org
- Added descriptions of additional structs and functions
- In commit "avb_verify: support sandbox configuration" avoid the #ifdef CONFIG_SANDBOX in get_sector_buf() as suggested by Simon.
You might consider using patman, where you add the change log for each patch individually, and it produces the change log for the series automatically.
I find it harder to review patches which don't have their own individual change log.
I'll try patman next time. A big thank you for reviewing this patch series.
You made it pretty easy :-) Thanks.
- Simon