From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4864:20::e29; helo=mail-vs1-xe29.google.com; envelope-from=sumit.garg@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3EB0321184E83 for ; Tue, 6 Nov 2018 03:09:46 -0800 (PST) Received: by mail-vs1-xe29.google.com with SMTP id v205so7034672vsc.3 for ; Tue, 06 Nov 2018 03:09:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=K+9rrCkR8zW41DPEuE2v2l6wesjS3XmNeTjghL0Zccc=; b=kitiZKebDAjHkGP3sP6i3szOmKuXV0FHTCW3SmGgYXXijy54NbgJgR68HDsfYq2EUt giC9F6iqUdkB1DOIazqT9SMLudHdBv8EqyoHQLFm5AV8QaBaISQ9z35zGBeVfcYUt0+0 pYJMlVie4xwktFhGUNBS+OHz/kFyhX37Gz/o4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=K+9rrCkR8zW41DPEuE2v2l6wesjS3XmNeTjghL0Zccc=; b=AD2SGBftuku2HHd8HujXZlrgmXgs1fpnZuBa2Por40AmlTvQvsxIlRebnRs+wdhEiF jxs9ua1wO7eos+0QiAlDyrv4mO/BavlLIuotFcaykHK01iL9xkQ5des+pgjFkwxsB4ab fg45bwtgy55lxBLPBOGewT0R4HyoLZtSVAOUszpWTBNmSHXR6LKy2iqr8b1W4U+qqglE iyjNvX/P0hYYItVlI4phK1vlFVo7asd/Dkko1KjDs8kO9OE0XVO6vpNYyfFzsK4Mg82x a1cmWYr7rbc8pK8pbfTDgLa51VeGYn+sJg7IyPHPgJBpAQqXY+jqE8EX8Bj18l+5bj9A 12hA== X-Gm-Message-State: AGRZ1gJzFno+0mIkdUhUM4p/BUC80boaHrB1WoVBmvXCszhsy407mjFT cPRxMdwKUib2/P7r4iewU+UrZFrp2EGTwaP2zDamXw== X-Google-Smtp-Source: AJdET5d8R4uoQhFAc7pJjpZUSUAORCRnTEZjs7w+PfKd6N7+0xU76ac0KKro8uFzURQN/ceKUKddH+fqycciog0GD8s= X-Received: by 2002:a67:7e41:: with SMTP id z62mr10942635vsc.141.1541502585484; Tue, 06 Nov 2018 03:09:45 -0800 (PST) MIME-Version: 1.0 References: <20180921082542.35768-1-christopher.co@microsoft.com> <20180921082542.35768-2-christopher.co@microsoft.com> <20181031204305.mkivnbhnna4niy2g@bivouac.eciton.net> In-Reply-To: From: Sumit Garg Date: Tue, 6 Nov 2018 16:39:33 +0530 Message-ID: To: Christopher.Co@microsoft.com Cc: Leif Lindholm , edk2-devel@lists.01.org, Ard Biesheuvel , Michael D Kinney , tee-dev@lists.linaro.org Subject: Re: [PATCH edk2-platforms 01/27] Platform/Microsoft: Add OpteeClientPkg dec X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Nov 2018 11:09:47 -0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Chris, On Tue, 6 Nov 2018 at 07:23, Chris Co wrote: > > Hi Sumit, > > > -----Original Message----- > > From: Sumit Garg > > > > Hi Chris, > > > > On Sat, 3 Nov 2018 at 05:25, Chris Co wr= ote: > > > > > > Hi Sumit, > > > > > > > -----Original Message----- > > > > From: Sumit Garg > > > > > > > > + OP-TEE ML. > > > > > > > > On Fri, 2 Nov 2018 at 06:11, Chris Co > > wrote: > > > > > > > > > > Hi Sumit, > > > > > > > > > > Our full OpteeClientPkg has: > > > > > - Our OpteeClientAPI implementation. I was monitoring the merge > > > > > progress > > > > on OpteeLib and will look into moving over now that it is available= . > > > > > - The fTPM and AuthVar TA binaries. In our current design, the TA > > > > > binaries > > > > are loaded at runtime. We could host the binaries themselves > > > > elsewhere on the filesystem, but we do not want these binaries as > > > > early/pseudo TAs. Is there a plan for OpteeLib to support loading f= ull TAs? > > > > > > > > Early TAs [1] are basically full TAs only, running in Secure EL0 mo= de. > > > > So instead of loading TA from normal world file-system, they are > > > > linked into a special data section in the OP-TEE core blob. > > > > > > > > Also I don't think loading TAs dynamically especially during boot > > > > makes much sense due to following reasons: > > > > 1. Increased boot time. > > > > 2. Fixed TAs like in your case which could be linked as early TAs a= s well. > > > > > > > > > > We prefer to load TAs dynamically for a more flexible servicing story= . My > > understanding is that Early TAs are coupled with the OP-TEE binary itse= lf, so > > to update an Early TA, a new OP-TEE binary would need to be created and > > pushed. We want to avoid rolling a new OP-TEE and only update the TA > > binary in this scenario. > > > > > > > Are you referring to run-time updates on the device in the field? If th= is is the > > case then how do you think to update TAs, is it via some custom capsule > > update method? > > > > Yes, run-time TA updates. Currently, our fTPM and Authvar TAs get package= d inside our UEFI binary. So an update to a TA means a UEFI update via firm= ware capsule. > The discussion of these TA binaries living on the filesystem were ideas w= e were discussing internally but are not fully baked or committed to. > I would suggest you to keep TAs as part of firmware only (UEFI binary in your case). > > I do consider these TAs used during boot as essential secure services p= rovided > > by the secure firmware (OP-TEE in this case). So these TAs should be pa= rt of > > firmware itself and updates for them should come through firmware capsu= le > > updates only. > > > > I agree in principle and I think I see where the misalignment is, mostly = coming from my end. > The security guarantees (termed TCPS) we want to provide on the current h= ardware we support (NXP i.MX6), mean OP-TEE becomes prohibitively difficult= to update. This is due to a hardware resource limitation (not enough fuse = space). If this limitation were not present, we could freely update OP-TEE = and package these TAs as EarlyTAs. > Now I understand where this requirement came from. It seems to be a valid scenario where secure non-volatile memory is limited on a particular platform. > Info on TCPS (whitepaper at bottom of post) - https://www.microsoft.com/e= n-us/microsoft-365/blog/2018/04/24/trusted-cyber-physical-systems-looks-to-= protect-your-critical-infrastructure-from-modern-threats-in-the-world-of-io= t/ > > I'm not sure how you want to handle this from an OpteeLib vs custom platf= orm package perspective. > We could add this dynamic TA loading support in OpteeLib as optional, enabled in a platform specific way. Regards, Sumit > > > > And you mentioned filesystem, are you referring to root filesystem? > > > > > > > > > > We have not implemented this yet, but we were thinking to have the TA > > binaries present in the EFI partition. > > > > > > > AFAIK, EFI partition is shared among Linux and UEFI. This provides Linu= x > > access to secure firmware TAs that could be a security concern (denial = of > > service could be one of them). > > > > Note - we are booting Windows, though your point here is still valid. The= TAs living in the filesystem is not what is implemented today. It was an i= dea we were discussing internally. > > > > > > - We have two client drivers: a firmware TPM TA driver and an > > > > authenticated variable TA driver. These talk through the > > > > tee-supplicant to their respective TAs. > > > > > > > > > > > > > Here from tee-supplicant apart from loading TAs, what other service= s > > > > are you expecting? If you are looking for secure storage via RPMB, > > > > that could be an enhancement to OpteeLib adding corresponding RPC > > handling here [2]. > > > > > > > > > > For RPC handling, we are looking for the following callback support: > > > - OPTEE_SMC_RPC_FUNC_ALLOC > > > - OPTEE_SMC_RPC_FUNC_FREE > > > - OPTEE_SMC_RPC_FUNC_CMD > > > - OPTEE_MSG_RPC_CMD_LOAD_TA > > > > Please see above comments for this. > > > > > - OPTEE_MSG_RPC_CMD_RPMB > > > - OPTEE_MSG_RPC_CMD_GET_TIME > > > > Can you share the usage of OPTEE_MSG_RPC_CMD_GET_TIME? AFAIK, this is > > used to get REE time from OP-TEE. > > > > I dug further and found that this was being used in our fTPM TA for debug= logs. It has since been deprecated so we do not need this RPC command. > > > > - OPTEE_MSG_RPC_CMD_SHM_ALLOC > > > - OPTEE_MSG_RPC_CMD_SHM_FREE > > > - OPTEE_MSG_RPC_CMD_WAIT_QUEUE > > > > I don't think we need OPTEE_MSG_RPC_CMD_WAIT_QUEUE implementation > > in UEFI as its a single threaded execution flow on boot core. > > > > Agreed. Our implementation is effectively a no-op. We don't need this eit= her. > > > BTW, I am not sure if I could get time to work on RPC handling anytime = soon. > > So patches are welcome and I am happy to review them. > > > > I'll see if I can find time to port over our RPC handlers. Will add you t= o any patches for review. > > Thanks, > Chris > > > Regards, > > Sumit > > > > > > > > Thanks, > > > Chris > > > > > > > [1] > > > > https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2F= git > > > > hub.c > > > > om%2FOP- > > > > > > TEE%2Foptee_os%2Fblob%2Fmaster%2Fdocumentation%2Foptee_design.md > > > > %23early-trusted- > > > > > > applications&data=3D02%7C01%7CChristopher.Co%40microsoft.com%7C4a > > > > > > 7d8c01e4804365f4eb08d640837a15%7C72f988bf86f141af91ab2d7cd011db47% > > > > > > 7C1%7C0%7C636767330779998429&sdata=3DyaDWw5Z6yuux1o89kxzbknVp > > > > b%2B1OHUagbB%2FOGS4dAcU%3D&reserved=3D0 > > > > [2] > > > > https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2F= git > > > > hub.c > > > > > > om%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FArmPkg%2FLibrary%2FOpteeL > > > > > > ib%2FOptee.c%23L147&data=3D02%7C01%7CChristopher.Co%40microsoft.c > > > > > > om%7C4a7d8c01e4804365f4eb08d640837a15%7C72f988bf86f141af91ab2d7cd > > > > > > 011db47%7C1%7C0%7C636767330779998429&sdata=3DLsplb1L7Ugd2C6cXG > > > > 8gBo40Ei8UQPtIA7fNEDL1t%2Fbg%3D&reserved=3D0 > > > > > > > > Regards, > > > > Sumit > > > > > > > > > Chris > > > > > > > > > > > -----Original Message----- > > > > > > From: Sumit Garg > > > > > > Sent: Thursday, November 1, 2018 3:55 AM > > > > > > To: Chris Co ; Leif Lindholm > > > > > > > > > > > > Cc: edk2-devel@lists.01.org; Ard Biesheuvel > > > > > > ; Michael D Kinney > > > > > > > > > > > > Subject: Re: [PATCH edk2-platforms 01/27] Platform/Microsoft: > > > > > > Add OpteeClientPkg dec > > > > > > > > > > > > Hi Christopher, > > > > > > > > > > > > Optee Client library has recently been merged to edk2 source co= de. > > > > > > It tries to provide a generic interface [1] to OP-TEE based > > > > > > trusted applications (pseudo/early). > > > > > > > > > > > > AFAIK, you don't need any platform specific hook in client > > > > > > interface to work with upstream OP-TEE. So instead you should u= se > > Optee library. > > > > > > > > > > > > [1] > > > > > > https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2= F%2 > > > > > > Fgit > > > > > > hub.c > > > > > > > > > > > > om%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FArmPkg%2FInclude%2FLibrary > > > > > > > > > > > > %2FOpteeLib.h&data=3D02%7C01%7CChristopher.Co%40microsoft.com%7C > > > > > > > > > > > > c19b84ef7f8f4213424108d63fe88f66%7C72f988bf86f141af91ab2d7cd011db47 > > > > > > > > > > > > %7C1%7C0%7C636766665404786500&sdata=3Dm24akbKtoyCERVN77meoSU > > > > > > H6E%2Bpf8W2P5MF7nvU5y7I%3D&reserved=3D0 > > > > > > > > > > > > Regards, > > > > > > Sumit > > > > > > > > > > > > On Thu, 1 Nov 2018 at 02:13, Leif Lindholm > > > > > > > > > > wrote: > > > > > > > > > > > > > > +Sumit (just to loop you two together). Is there anything > > > > > > > +Microsoft > > > > > > > platform specific about what will go in here? > > > > > > > > > > > > > > / > > > > > > > Leif > > > > > > > > > > > > > > On Fri, Sep 21, 2018 at 08:25:53AM +0000, Chris Co wrote: > > > > > > > > On Windows IoT Core devices with ARM TrustZone capabilities= , > > > > > > > > EDK2 runs in normal world and we use OP-TEE to execute > > > > > > > > secure world operations. The overall package will contain > > > > > > > > client-side support to invoke EDK2 services implemented as > > > > > > > > OP-TEE trusted applications that run in secure world. > > > > > > > > > > > > > > > > This commit adds the initial dec file to add some PCD > > > > > > > > settings needed by other packages. > > > > > > > > > > > > > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > > > > > > > Signed-off-by: Christopher Co > > > > > > > > Cc: Ard Biesheuvel > > > > > > > > Cc: Leif Lindholm > > > > > > > > Cc: Michael D Kinney > > > > > > > > --- > > > > > > > > Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec | 49 > > > > > > > > ++++++++++++++++++++ > > > > > > > > 1 file changed, 49 insertions(+) > > > > > > > > > > > > > > > > diff --git > > > > > > > > a/Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec > > > > > > > > b/Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec > > > > > > > > new file mode 100644 > > > > > > > > index 000000000000..4752eab39ce3 > > > > > > > > --- /dev/null > > > > > > > > +++ b/Platform/Microsoft/OpteeClientPkg/OpteeClientPkg.dec > > > > > > > > @@ -0,0 +1,49 @@ > > > > > > > > +## @file > > > > > > > > +# > > > > > > > > +# OP-TEE client package > > > > > > > > +# > > > > > > > > +# OP-TEE client package contains the client-side interfac= e > > > > > > > > +to invoke OP- > > > > > > TEE TAs. > > > > > > > > +# Certain EDKII services are implemented in Trusted > > > > > > > > +Applications running in # the secure world OP-TEE OS. > > > > > > > > +# > > > > > > > > +# Copyright (c) 2018 Microsoft Corporation. All rights re= served. > > > > > > > > +# > > > > > > > > +# This program and the accompanying materials # are > > > > > > > > +licensed and made available under the terms and conditions > > > > > > > > +of the BSD License # which accompanies this distribution. > > > > > > > > +The full text of the license may be found at # > > > > > > > > +https://na01.safelinks.protection.outlook.com/?url=3Dhttp%= 3A% > > > > > > > > +2F%2 > > > > > > > > +Fope > > > > > > > > +nsource.org%2Flicenses%2Fbsd- > > > > > > license.php&data=3D02%7C01%7CChristo > > > > > > > > > > > > > > > > > > > > +pher.Co%40microsoft.com%7Cc19b84ef7f8f4213424108d63fe88f66%7C72f988 > > > > > > > > > > > > > > > > > > > > +bf86f141af91ab2d7cd011db47%7C1%7C0%7C636766665404786500&sda > > > > > > ta=3D1 > > > > > > > > > > > > +MxFvlsMPhk19grEexBXo5VqRd0jZaCSRjxZCi87A2w%3D&reserved=3D0 > > > > > > > > +# > > > > > > > > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN > > > > > > > > +"AS > > > > IS" > > > > > > > > +BASIS, # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY > > > > > > > > +KIND, > > > > > > EITHER EXPRESS OR IMPLIED. > > > > > > > > +# > > > > > > > > +## > > > > > > > > + > > > > > > > > +[Defines] > > > > > > > > + DEC_SPECIFICATION =3D 0x0001001A > > > > > > > > + PACKAGE_NAME =3D OpteeClientPkg > > > > > > > > + PACKAGE_GUID =3D 77416fcb-10ec-4693-bd= c0- > > > > 1bdd74ec9595 > > > > > > > > + PACKAGE_VERSION =3D 0.01 > > > > > > > > + > > > > > > > > +[Includes] > > > > > > > > + > > > > > > > > +[LibraryClasses] > > > > > > > > + > > > > > > > > +[Guids] > > > > > > > > + gOpteeClientPkgTokenSpaceGuid =3D { 0x04ad34ca, 0xdd25= , > > 0x4156, { > > > > > > 0x90, 0xf5, 0x16, 0xf9, 0x40, 0xd0, 0x49, 0xe3 }} > > > > > > > > + > > > > > > > > +[PcdsFixedAtBuild] > > > > > > > > + > > > > > > > > > > > > > > > > > > > > +gOpteeClientPkgTokenSpaceGuid.PcdTpm2AcpiBufferBase|0|UINT64|0x0000 > > > > > > > > +0005 > > > > > > > > + > > > > > > > > > > > > > > > > > > > > +gOpteeClientPkgTokenSpaceGuid.PcdTpm2AcpiBufferSize|0|UINT32|0x0000 > > > > > > > > +0006 > > > > > > > > + > > > > > > > > + ## The base address of the Trust Zone OpTEE OS private > > > > > > > > + memory region # This memory is manager privately by the = OpTEE > > OS. > > > > > > > > + > > > > > > > > + > > > > > > > > > > > > gOpteeClientPkgTokenSpaceGuid.PcdTrustZonePrivateMemoryBase|0xDEAD > > > > > > > > + 1|UINT64|0x00000001 > > > > > > > > + > > > > > > > > + ## The size of the Trust Zone OpTEE OS private memory > > > > > > > > + region > > > > > > > > + > > > > > > > > + > > > > > > > > gOpteeClientPkgTokenSpaceGuid.PcdTrustZonePrivateMemorySize|55|U > > > > > > IN > > > > > > > > + T64|0x00000002 > > > > > > > > + > > > > > > > > + ## The base address of the Trust Zone OpTEE OS shared > > > > > > > > + memory region > > > > > > > > + > > > > > > > > + > > > > > > > > > > > > gOpteeClientPkgTokenSpaceGuid.PcdTrustZoneSharedMemoryBase|0xDEAD2 > > > > > > > > + |UINT64|0x00000003 > > > > > > > > + > > > > > > > > + ## The size of the Trust Zone OpTEE OS shared memory > > > > > > > > + region > > > > > > > > + > > > > > > > > + > > > > > > > > > > > > gOpteeClientPkgTokenSpaceGuid.PcdTrustZoneSharedMemorySize|0xAA|UI > > > > > > > > + NT64|0x00000004 > > > > > > > > -- > > > > > > > > 2.16.2.gvfs.1.33.gf5370f1 > > > > > > > >