Re: [PATCH 1/5] drivers: security: Add security devices to driver model

Hi Sean

On Sat, 12 Aug 2023 at 03:28, seanedmond@linux.microsoft.com wrote:

From: Stephen Carlson stcarlso@linux.microsoft.com

Security devices currently implement operations to store an OS anti-rollback monotonic counter. Existing devices such as the Trusted Platform Module (TPM) already support this operation, but this uclass provides abstraction for current and future devices that may support different features.

• New Driver Model uclass UCLASS_SECURITY.
• New config CONFIG_DM_SECURITY to enable security device support.
• New driver sandbox_security matching "security,sandbox", enabled with new config CONFIG_SECURITY_SANDBOX.

[...]

source "drivers/scsi/Kconfig"

+source "drivers/security/Kconfig"

source "drivers/serial/Kconfig"

source "drivers/smem/Kconfig" diff --git a/drivers/Makefile b/drivers/Makefile index efc2a4afb2..b670aae5fd 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -98,6 +98,7 @@ obj-$(CONFIG_PCH) += pch/ obj-$(CONFIG_DM_REBOOT_MODE) += reboot-mode/ obj-y += rtc/ obj-y += scsi/ +obj-y += security/ obj-y += sound/ obj-y += spmi/ obj-y += watchdog/ diff --git a/drivers/security/Kconfig b/drivers/security/Kconfig new file mode 100644 index 0000000000..f7af5c4e78 --- /dev/null +++ b/drivers/security/Kconfig @@ -0,0 +1,25 @@ +config DM_SECURITY

•   bool "Support security devices with driver model"
  

•   depends on DM
  

•   help
  

•     This option enables support for the security uclass which supports
  

•     devices intended to provide additional security features during
  

•     boot. These devices might encapsulate existing features of TPM
  

•     or TEE devices, but can also be dedicated security processors
  

•     implemented in specific hardware.
  

+config SECURITY_SANDBOX

•   bool "Enable sandbox security driver"
  

•   depends on DM_SECURITY
  

•   help
  

•     This driver supports a simulated security device that uses volatile
  

•     memory to store secure data and begins uninitialized. This
  

•     implementation allows OS images with security requirements to be
  

•     loaded in the sandbox environment.
  

+config SECURITY_TPM

•   bool "Enable TPM security driver"
  

•   depends on TPM && TPM_V2 && DM_SECURITY
  

•   help
  

•     This driver supports a security device based on existing TPM
  

•     functionality.
  

I think this is generally a good idea. But we need to define a bit better what we consider 'security' and what is supported by this uclass. One example would be a TPM RNG device. We already support that and we even use it as an RNG in certain cases. Is this something that we should move here? Because atm the new class seems to only support a rollback counter (which is fine, we might just have to pick a different name)

[...]

Thanks /Ilias