From patchwork Thu Oct 31 13:58:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 11221267 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0A3C81515 for ; Thu, 31 Oct 2019 14:00:11 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6D58121734 for ; Thu, 31 Oct 2019 14:00:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="poxks8Us"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="Kqyg+WHa" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6D58121734 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=Do1XV/hED56B1BsvbEkPXC0XrEcXv+u+tXK/vNMR/lY=; b=poxks8UsSYGRSp5dDBG/jPMqcH ube1cn83v7exnn1b8m6oWhwZl5Klp7ouz+SawuVDUM/2vFb0AgJGdx3imprVDEhzJ01CBbU5Ctbdy BbyGoYzii3WDoOyXin2oP4hALr+eQsRsXzPITnp/dKD3dbwHtr2XZAG5jzWo/UgNlTJdL06TtzjFt A2C92qDFIbhL3Q0BcD0J31//G1mZrVwMpT548qmrVKeuocNNfryslwPXglxm8tJobRIN2xNlDhbEh CntP6UQLTaiTnjktqk5K3ZlfSrAoztNtcoSJAag0o2I/tYTu829qgbRRikd6s8Zm2K3Hkc50LEnYo MTOyE6wg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQAzd-0006kE-JY; Thu, 31 Oct 2019 14:00:05 +0000 Received: from mail-pg1-x542.google.com ([2607:f8b0:4864:20::542]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQAzF-0006W8-K0 for linux-arm-kernel@lists.infradead.org; Thu, 31 Oct 2019 13:59:45 +0000 Received: by mail-pg1-x542.google.com with SMTP id f19so4092226pgn.13 for ; Thu, 31 Oct 2019 06:59:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4N2qK3I0XAixg8Gqykp67y7zePqj/gx/cyRF/j/7A/0=; b=Kqyg+WHaKi7N2HGDe3jjbqRjhP0iAIF7fq3SfVbK5PtQpNxwCzGGALgWry/cHUWeIB Ed0DVYCEJKhlq01DA5MVDfbQl0R4986RtaS1g/yVbsM7PuC4BXoM/WiZO1VPjDWUG4lm VSBPNH0k4olFhH5ZF9miOX0OaLKjUX74UUz2iu73j6DnLHQUK17XJRqdhFmVJYStt7hw 8ZIQdpp1KLjv2Rg8yCBJJ5dxmRYLFONe8To/Q9lqy5eTES0B2Du52/fuKkzDaXFE0xF5 KJuqpNPoA5AjOnlVVffpYPzho17l0zkMbMTKWwMDPgOKyrcNZxLJkPHiIl9oBiJSrz6I 1Qsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4N2qK3I0XAixg8Gqykp67y7zePqj/gx/cyRF/j/7A/0=; b=XOOZoSX4YG9VNoiImfj1518VOus5Z6RJydf42whANgIJp35wI3JhrvavpYugSCP576 3DNtJubP0lIksAx5HEKd+PYaxIgOMfDpK9V2Z9iQL8JsXkyCFHmDfshopemdbL0Sa0Oj escVZjbIhPLKl0qK+ztwbOHDJu5orsS98n9Cg3/y+yAzkY4w0nbM5nx4n2gFxUKGmb3s Ma/8SgzOAjgzQ+rBlkYPJXMk01Ef+n29288o0bnRA+qBzTb/2TxXhCLwo3DAlsypG1p0 rOZkGZCO4j8G5N7Evv/GdcQmMIXFpKNERLx5CTVVE2/ReNRVX054qRyUgLloaGYKy0aA e5Zg== X-Gm-Message-State: APjAAAUnm0qWEOhD/TsQgWXLc3e6cHeYn5b8Bvq9N2kZoZOHlg0Dn8CI 384EVty9NhdiqmO8dVwI1mODhA== X-Google-Smtp-Source: APXvYqz+zWH54kS4jRD/vTLg3fa52z3BsIVW3U6c2hQ4Fj1BhwZJZIUhAgMu0evVEV8d+Td5DsY8qw== X-Received: by 2002:a17:90a:fa02:: with SMTP id cm2mr7816999pjb.129.1572530380071; Thu, 31 Oct 2019 06:59:40 -0700 (PDT) Received: from localhost.localdomain ([117.252.69.143]) by smtp.gmail.com with ESMTPSA id i16sm3522441pfa.184.2019.10.31.06.59.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Oct 2019 06:59:39 -0700 (PDT) From: Sumit Garg To: jens.wiklander@linaro.org, jarkko.sakkinen@linux.intel.com, dhowells@redhat.com Subject: [Patch v3 1/7] tee: optee: allow kernel pages to register as shm Date: Thu, 31 Oct 2019 19:28:37 +0530 Message-Id: <1572530323-14802-2-git-send-email-sumit.garg@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> References: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191031_065942_049496_4864FBAB X-CRM114-Status: GOOD ( 11.11 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:542 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sumit Garg , daniel.thompson@linaro.org, janne.karhunen@gmail.com, corbet@lwn.net, jejb@linux.ibm.com, ard.biesheuvel@linaro.org, linux-doc@vger.kernel.org, jmorris@namei.org, zohar@linux.ibm.com, linux-kernel@vger.kernel.org, tee-dev@lists.linaro.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, stuart.yoder@arm.com, casey@schaufler-ca.com, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, serge@hallyn.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Kernel pages are marked as normal type memory only so allow kernel pages to be registered as shared memory with OP-TEE. Signed-off-by: Sumit Garg Reviewed-by: Jarkko Sakkinen Reviewed-by: Jens Wiklander --- drivers/tee/optee/call.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/tee/optee/call.c b/drivers/tee/optee/call.c index 13b0269..cf2367b 100644 --- a/drivers/tee/optee/call.c +++ b/drivers/tee/optee/call.c @@ -554,6 +554,13 @@ static int check_mem_type(unsigned long start, size_t num_pages) struct mm_struct *mm = current->mm; int rc; + /* + * Allow kernel address to register with OP-TEE as kernel + * pages are configured as normal memory only. + */ + if (virt_addr_valid(start)) + return 0; + down_read(&mm->mmap_sem); rc = __check_mem_type(find_vma(mm, start), start + num_pages * PAGE_SIZE); From patchwork Thu Oct 31 13:58:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 11221279 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7C5E6913 for ; Thu, 31 Oct 2019 14:00:36 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 598D92087E for ; Thu, 31 Oct 2019 14:00:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="jGWW9E8p"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="vQtn5epM" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 598D92087E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=JaBdVcgwyztx6gQdT05zZ3XfZtQWW6pfHB4yfbAo6p8=; b=jGWW9E8pRXyPBhsBR8Zu+v2P31 u2/RfEs42ikfm4iiQCjMlRYbGasGo/Qttfn77XDIjcrekxijFaITPGB/p/5lMkJ1oFmdKYmVygQqI Mt/DK/QqlaD+zBZYRy5L6/IaUxKZOAfeQ74rSV/JQbyCBwS0SEpPeiPecOmpIa6E+4rSvgHeVzVGj D13F3UZ6iJxYSRJ75njxz4UUdbpCeam5k8rad+vRZtFv9wRKGMs1NLYYT0SiWWxmKRbBCs2amQdDZ gq2HLiXpFq4pt4uXwhTIfY4WrptjrkCJA35VucnfaUauaB3PCtE252ThtszXEZnkGq26fXBAyWPpY My1o5KvA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQB07-0008MD-Dl; Thu, 31 Oct 2019 14:00:35 +0000 Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQAzM-0006bp-Os for linux-arm-kernel@lists.infradead.org; Thu, 31 Oct 2019 13:59:57 +0000 Received: by mail-pl1-x643.google.com with SMTP id g9so2750326plp.3 for ; Thu, 31 Oct 2019 06:59:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=rBi9pDvmSRW/gfGz1S5LaiY/M3/1mDENiO/ALWeCgpk=; b=vQtn5epM7BmXndczOajGVGAnDDTih0deQtjDHqOZaIno2sYSm5HgUpe9M/7tqsey17 JcgSTwFY/6xWrV+8iWqWzgWyz0OJ1KQ8VkRfHUX2V9qiUlAp1qHQCPlRPO3VZjqPglme iDFSD+n12Tl45aTDsljHPGU1HSJZQH0J8DDYa7iVWrhovtRN1+WcIknfWRrt5npqTisz qjYz+EqFAjDFNwFzeb2uxMlGTvMUNBpgN/uHLEcIhsUhQ3P0jCVsW6GLSldnblMq82fu ltdsXfA3qM4hFrffaFAyC70OkJ8YQVOci0NA28T1yGIBut65i64DP9fivni/267D/coO +C1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=rBi9pDvmSRW/gfGz1S5LaiY/M3/1mDENiO/ALWeCgpk=; b=T+VH2Jj64JNCNX5Zw8aC3GzK4RRK+ppXa9o5tiHD0/Lj4IWiRrazHkoGDXbvlGxYXX Tc3F9dsZNM0hQpz07pbqLDfwMSE6d4+ajPgKdzwE8EEkhz8ptXvJ/hktwmlmytc2Qhci hV5qE5A7Sckn8BOlkkFLhjdjd4jWrW5H1sFVatRCOhrbBf4005GtM3KHj1DLSbKb24kh 7fOmQGXIYno1hjm4ZM6saTYXskuj1tRe6PO52RxZa8PPoXZMY170lZ3MBa0nzlaa68b8 t/utDrF2RsFDnCmPZuDZI+PgA6lxe8avUZ9o4FOLe/HKHDwCVDdRM0/9egAmsFLUSh1e pdMA== X-Gm-Message-State: APjAAAWRBrktVG8lR/elsceeAXZEirKn+abWf10y5BLUU19eZ3gU8DEY s4qxC3ODaoOZoNIHLZt+k8/3vtXeDMs= X-Google-Smtp-Source: APXvYqxvxuXZl/u6hfe9tV8jGqosv3YQ51/spMygFoU8LspT81JCa6iermf94WbaR84nA4XCB+w3XA== X-Received: by 2002:a17:902:d705:: with SMTP id w5mr6386152ply.142.1572530388055; Thu, 31 Oct 2019 06:59:48 -0700 (PDT) Received: from localhost.localdomain ([117.252.69.143]) by smtp.gmail.com with ESMTPSA id i16sm3522441pfa.184.2019.10.31.06.59.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Oct 2019 06:59:47 -0700 (PDT) From: Sumit Garg To: jens.wiklander@linaro.org, jarkko.sakkinen@linux.intel.com, dhowells@redhat.com Subject: [Patch v3 2/7] tee: enable support to register kernel memory Date: Thu, 31 Oct 2019 19:28:38 +0530 Message-Id: <1572530323-14802-3-git-send-email-sumit.garg@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> References: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191031_065948_866548_4A45C364 X-CRM114-Status: GOOD ( 17.33 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:643 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sumit Garg , daniel.thompson@linaro.org, janne.karhunen@gmail.com, corbet@lwn.net, jejb@linux.ibm.com, ard.biesheuvel@linaro.org, linux-doc@vger.kernel.org, jmorris@namei.org, zohar@linux.ibm.com, linux-kernel@vger.kernel.org, tee-dev@lists.linaro.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, stuart.yoder@arm.com, casey@schaufler-ca.com, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, serge@hallyn.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Enable support to register kernel memory reference with TEE. This change will allow TEE bus drivers to register memory references. Signed-off-by: Sumit Garg --- drivers/tee/tee_shm.c | 26 ++++++++++++++++++++++++-- include/linux/tee_drv.h | 1 + 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index 09ddcd0..1ec1577 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -9,6 +9,7 @@ #include #include #include +#include #include "tee_private.h" static void tee_shm_release(struct tee_shm *shm) @@ -224,13 +225,14 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, { struct tee_device *teedev = ctx->teedev; const u32 req_flags = TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED; + const u32 req_ker_flags = TEE_SHM_DMA_BUF | TEE_SHM_KERNEL_MAPPED; struct tee_shm *shm; void *ret; int rc; int num_pages; unsigned long start; - if (flags != req_flags) + if (flags != req_flags && flags != req_ker_flags) return ERR_PTR(-ENOTSUPP); if (!tee_device_get(teedev)) @@ -265,7 +267,27 @@ struct tee_shm *tee_shm_register(struct tee_context *ctx, unsigned long addr, goto err; } - rc = get_user_pages_fast(start, num_pages, FOLL_WRITE, shm->pages); + if (flags & TEE_SHM_USER_MAPPED) { + rc = get_user_pages_fast(start, num_pages, FOLL_WRITE, + shm->pages); + } else { + struct kvec *kiov; + int i; + + kiov = kcalloc(num_pages, sizeof(*kiov), GFP_KERNEL); + if (!kiov) { + ret = ERR_PTR(-ENOMEM); + goto err; + } + + for (i = 0; i < num_pages; i++) { + kiov[i].iov_base = (void *)(start + i * PAGE_SIZE); + kiov[i].iov_len = PAGE_SIZE; + } + + rc = get_kernel_pages(kiov, num_pages, 0, shm->pages); + kfree(kiov); + } if (rc > 0) shm->num_pages = rc; if (rc != num_pages) { diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index 7a03f68..dedf8fa 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -26,6 +26,7 @@ #define TEE_SHM_REGISTER BIT(3) /* Memory registered in secure world */ #define TEE_SHM_USER_MAPPED BIT(4) /* Memory mapped in user space */ #define TEE_SHM_POOL BIT(5) /* Memory allocated from pool */ +#define TEE_SHM_KERNEL_MAPPED BIT(6) /* Memory mapped in kernel space */ struct device; struct tee_device; From patchwork Thu Oct 31 13:58:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 11221287 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4B3011515 for ; Thu, 31 Oct 2019 14:00:55 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2874C2087E for ; Thu, 31 Oct 2019 14:00:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="t6LxMcyo"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="tf+KATEy" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2874C2087E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=8AMkFuTjiGLjKzJtLL9t9wUwomIcVkS3sgjQPBOC47c=; b=t6LxMcyoWwIW5jWVdji9yxgyrN 4tIYEG2HRN3+us1glc+1njxsOEOezM3rTaeEsl0iKJYOSGAVZZ+0fcCgEQyOUcOH9beEfNNY54PUz bh9R3wiyH7Z78BrKJ8n9GZm2d+gWxDRHKlYif4Ukm0mcv4Nfype7aDoc16Wkrivv/ckSeEVwWaGEz i7ELvHn3qeg5x3fEyLKjAHYMPaw7aLircTa06y3v8iM4Vq+3O8GCS8quoMt1pZ8wavxMbydqEGKkn IewqmIEvZbBHBmq/aWbEQIMV4LiKfdrXnDSh8QMb2TE6bmHE4ErUlx5U9L6pMp0pgXXgogpXtg5v2 7FVMb6Tg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQB0Q-0000Ct-JM; Thu, 31 Oct 2019 14:00:54 +0000 Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQAzV-0006gn-Ri for linux-arm-kernel@lists.infradead.org; Thu, 31 Oct 2019 14:00:00 +0000 Received: by mail-pg1-x544.google.com with SMTP id e10so4099197pgd.11 for ; Thu, 31 Oct 2019 06:59:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=E3OJFxf+mUWoz3h8BXrLdL53qyDG3CcJuYs/0iyxKF4=; b=tf+KATEyMKScBhe2rDxFmvhHdhpJvsG8Ppi+Ok6s+1JY+Ck0LsQI6EgbXGwk6Gxns2 PBhFeVi79K6keCg6KQopPP+74YLxVly8VZb6Lkf1BGv+ATKanKjaohe+f55adgBuMttF ghSDNFsV11Nb21uJw86b7GMyPRXXuWo3nSS9se6Vt7rIUg3OvajwiDKd2Byp1nMqXkx6 RLI18VC7Bc7ONNECHSTu/fq24VhTJJYi4wjTUIJfJ7zE+NM+fU/oyzFLdPiRdKQgL9qR NVu9qVxDVu59qNFL7TyaD+bkES5v9TlqyZ9mHlOmkX4lzMqpiLj8bfpJmBr8MVXkfcQW HHUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=E3OJFxf+mUWoz3h8BXrLdL53qyDG3CcJuYs/0iyxKF4=; b=asJt99T6N5rpnXLdQ1DEhBfstds+n1AUS3hmE0zjdZP02IvuHXiQwe5J1Sl9AJr8ub /8wcfZez2ttpCLzdDIq0KK6fhEC7zw48ubvoM6ATEoVMpxNGTvoSd3zI4IGvOAgr0lov +i1rYsj3ullYnjUGm0lK3e5eXFvXZP6Zgd4EQB/INSy6Qy8oOOpz9DXdGOS8eh9zj8ds N4pxXtokXmGdaxXNF4yF0iEVeH0bpASVTe0/NiGaOonAs1lWn1eIkzw4B1Kf1rBZBA/B Cxt4VGxgHDL5gwvTCQ7Nh/rITH9EWdeoVDM4biUFXdJlkZLemcCZazcKzKInPfVIqWTD 3TKg== X-Gm-Message-State: APjAAAVQsDbUKifu9d53Ul0pTAK/3Fat+Ch7Tacnox0ugpPPLfxYb1mU TNTk1bs7XRRLYUe2Lva1il/IZw== X-Google-Smtp-Source: APXvYqx6w3fK7udP850k+SVSjxTClJG1BWGTayyOqKUy8HcRBFjYN6ROvTumbYp2kjoyQbEiFFSOdg== X-Received: by 2002:a63:fe0c:: with SMTP id p12mr6825858pgh.121.1572530396394; Thu, 31 Oct 2019 06:59:56 -0700 (PDT) Received: from localhost.localdomain ([117.252.69.143]) by smtp.gmail.com with ESMTPSA id i16sm3522441pfa.184.2019.10.31.06.59.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Oct 2019 06:59:55 -0700 (PDT) From: Sumit Garg To: jens.wiklander@linaro.org, jarkko.sakkinen@linux.intel.com, dhowells@redhat.com Subject: [Patch v3 3/7] tee: add private login method for kernel clients Date: Thu, 31 Oct 2019 19:28:39 +0530 Message-Id: <1572530323-14802-4-git-send-email-sumit.garg@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> References: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191031_065958_213475_20F4F6CF X-CRM114-Status: GOOD ( 13.08 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:544 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sumit Garg , daniel.thompson@linaro.org, janne.karhunen@gmail.com, corbet@lwn.net, jejb@linux.ibm.com, ard.biesheuvel@linaro.org, linux-doc@vger.kernel.org, jmorris@namei.org, zohar@linux.ibm.com, linux-kernel@vger.kernel.org, tee-dev@lists.linaro.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, stuart.yoder@arm.com, casey@schaufler-ca.com, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, serge@hallyn.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org There are use-cases where user-space shouldn't be allowed to communicate directly with a TEE device which is dedicated to provide a specific service for a kernel client. So add a private login method for kernel clients and disallow user-space to open-session using GP implementation defined login method range: (0x80000000 - 0xFFFFFFFF). Signed-off-by: Sumit Garg --- drivers/tee/tee_core.c | 6 ++++++ include/uapi/linux/tee.h | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 0f16d9f..2c2f646 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -334,6 +334,12 @@ static int tee_ioctl_open_session(struct tee_context *ctx, goto out; } + if (arg.clnt_login & TEE_IOCTL_LOGIN_MASK) { + pr_debug("login method not allowed for user-space client\n"); + rc = -EPERM; + goto out; + } + rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params); if (rc) goto out; diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h index 4b9eb06..a0a3d52 100644 --- a/include/uapi/linux/tee.h +++ b/include/uapi/linux/tee.h @@ -172,6 +172,14 @@ struct tee_ioctl_buf_data { #define TEE_IOCTL_LOGIN_APPLICATION 4 #define TEE_IOCTL_LOGIN_USER_APPLICATION 5 #define TEE_IOCTL_LOGIN_GROUP_APPLICATION 6 +/* + * Disallow user-space to use GP implementation specific login + * method range (0x80000000 - 0xFFFFFFFF). This range is rather + * being reserved for REE kernel clients or TEE implementation. + */ +#define TEE_IOCTL_LOGIN_MASK 0x80000000 +/* Private login method for REE kernel clients */ +#define TEE_IOCTL_LOGIN_REE_KERNEL 0x80000000 /** * struct tee_ioctl_param - parameter From patchwork Thu Oct 31 13:58:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 11221289 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BA1C9913 for ; Thu, 31 Oct 2019 14:01:16 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8BFB52087E for ; Thu, 31 Oct 2019 14:01:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="KLz8KXJF"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="p6288aVS" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8BFB52087E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=fsSo93HxxYB0lUyEZAY2eR5SDED9jnbi59o2eVZqkqI=; b=KLz8KXJFk98gHL0H6o2Pxd4xH8 vnF7Q/G5TQddjT7SW2S/AZJYFmGprp3uBR/0iPuS3Q456pWPCCxIAQmVDNGPr5cmWrWzaQ4//y5eo q/s+jhktyx05tbtMF7sU1TIqohc2B0rcM1Fb06s8SVebnS/oAa978n1CEBWswEle5rFVTvldO3wms uILcTCYMT54a373Hw+tQne8iZMVX7B9JV1Pw2HEkUirWZRNubUtbWIiMuNz2pP/ZG8Mg504iOu2Ns JdiGO9MgOLWdJBnYfLriNnBPiSf616LqkdQPn8mML7zWcr2n42CTzZa3Gr8Jo/K82s2CFCiq8ts3p cs6DzkAw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQB0l-0000SV-L9; Thu, 31 Oct 2019 14:01:15 +0000 Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQAzh-0007GD-EJ for linux-arm-kernel@lists.infradead.org; Thu, 31 Oct 2019 14:00:19 +0000 Received: by mail-pg1-x544.google.com with SMTP id l3so4113002pgr.8 for ; Thu, 31 Oct 2019 07:00:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=RIgp3tLevj8LIkiVtdb0AroQFT7z1Het+ETlIMWwdVw=; b=p6288aVSD/z2mjjuft75WNJ7EO1CyYp6QwqzV3d7fw6NCSP/+lDh2L9+zmYFQPcT63 vmxEvrd7QCAWodeDUuv+5Pow1ZH+l8tPhX3v15/hGwXD7OTXiFgP/qJaTudN4hm3MkNl kZt1kCvprfOrxquJkjCBFKmW9ag/e+rX46o6pSZruak0ZR+3gHNuD8MSRLAllB1wVtLU Ba6gDV0w1IRkT4O7YRwXBfLXqfCKsHQlVM2oIsolItMPmiKO+E4e8jNCRxT2R2Y8Yqp+ xk/mN00NWf4GLzRyYmCDzyc70ljWhAD2Xl0NtVYo3ds0jxiQ+ZmFU1fZknOkKUx9mIYo T7gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=RIgp3tLevj8LIkiVtdb0AroQFT7z1Het+ETlIMWwdVw=; b=lIOMjFqEYNZ77iSaM1JD8kom51jwXoEUI068pNSqm5gbWW5/krmqPfTzj0RnCM8DTL FPBCX44A/al6kwWd06lXkfT0QbXnjzEMQKugRIyC/7zdXN4bzet1l5B/Nxmb1aOiYAob uI4y2EojY8GhUsATPBYONlXM/535cykPImzCqCyHvKxZkDVxUTN+sVNYbttb8sxWS8ZY i1osgKE2cnEMXf4XDsOx/EMS8bptJtJVHwtlmSSOZ6k/ut6Pfu0I+Hbdci2gZ9oZBYO6 vfeGhFsRXj8bVkrexUC5u37Gg0F30RAKNZbphB/5S2RrUHF2j+vQ8tdHJc/wwlwI+6Pz egmQ== X-Gm-Message-State: APjAAAWQhYDw4ys8y4SO6LCDqZv4UiE3qRv2JkZJIrnQeBc/FGUFSHyG Ij+RrUdqoZ6LwZtXEY7qlIdMJA== X-Google-Smtp-Source: APXvYqwCXwDHTNm8deZoOUE+1yC1QD3CtEcxFFBMHC6fH6w2GuxzHcjuUzBvYbDEGLIHr3m8zEe0eg== X-Received: by 2002:a17:90a:bb8e:: with SMTP id v14mr7638455pjr.143.1572530406567; Thu, 31 Oct 2019 07:00:06 -0700 (PDT) Received: from localhost.localdomain ([117.252.69.143]) by smtp.gmail.com with ESMTPSA id i16sm3522441pfa.184.2019.10.31.06.59.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Oct 2019 07:00:05 -0700 (PDT) From: Sumit Garg To: jens.wiklander@linaro.org, jarkko.sakkinen@linux.intel.com, dhowells@redhat.com Subject: [Patch v3 4/7] KEYS: trusted: Add generic trusted keys framework Date: Thu, 31 Oct 2019 19:28:40 +0530 Message-Id: <1572530323-14802-5-git-send-email-sumit.garg@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> References: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191031_070009_802313_91053B87 X-CRM114-Status: GOOD ( 24.87 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:544 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sumit Garg , daniel.thompson@linaro.org, janne.karhunen@gmail.com, corbet@lwn.net, jejb@linux.ibm.com, ard.biesheuvel@linaro.org, linux-doc@vger.kernel.org, jmorris@namei.org, zohar@linux.ibm.com, linux-kernel@vger.kernel.org, tee-dev@lists.linaro.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, stuart.yoder@arm.com, casey@schaufler-ca.com, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, serge@hallyn.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Current trusted keys framework is tightly coupled to use TPM device as an underlying implementation which makes it difficult for implementations like Trusted Execution Environment (TEE) etc. to provide trusked keys support in case platform doesn't posses a TPM device. So this patch tries to add generic trusted keys framework where underlying implemtations like TPM, TEE etc. could be easily plugged-in. Suggested-by: Jarkko Sakkinen Signed-off-by: Sumit Garg --- include/keys/trusted-type.h | 45 ++++ include/keys/trusted_tpm.h | 15 -- security/keys/trusted-keys/Makefile | 1 + security/keys/trusted-keys/trusted_common.c | 343 +++++++++++++++++++++++++++ security/keys/trusted-keys/trusted_tpm1.c | 345 +++++----------------------- 5 files changed, 447 insertions(+), 302 deletions(-) create mode 100644 security/keys/trusted-keys/trusted_common.c diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h index a94c03a..5559010 100644 --- a/include/keys/trusted-type.h +++ b/include/keys/trusted-type.h @@ -40,6 +40,51 @@ struct trusted_key_options { uint32_t policyhandle; }; +struct trusted_key_ops { + /* + * flag to indicate if trusted key implementation supports migration + * or not. + */ + unsigned char migratable; + + /* trusted key init */ + int (*init)(void); + + /* seal a trusted key */ + int (*seal)(struct trusted_key_payload *p, char *datablob); + + /* unseal a trusted key */ + int (*unseal)(struct trusted_key_payload *p, char *datablob); + + /* get random trusted key */ + int (*get_random)(unsigned char *key, size_t key_len); + + /* trusted key cleanup */ + void (*cleanup)(void); +}; + extern struct key_type key_type_trusted; +#if defined(CONFIG_TCG_TPM) +extern struct trusted_key_ops tpm_trusted_key_ops; +#endif + +#define TRUSTED_DEBUG 0 + +#if TRUSTED_DEBUG +static inline void dump_payload(struct trusted_key_payload *p) +{ + pr_info("trusted_key: key_len %d\n", p->key_len); + print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE, + 16, 1, p->key, p->key_len, 0); + pr_info("trusted_key: bloblen %d\n", p->blob_len); + print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE, + 16, 1, p->blob, p->blob_len, 0); + pr_info("trusted_key: migratable %d\n", p->migratable); +} +#else +static inline void dump_payload(struct trusted_key_payload *p) +{ +} +#endif #endif /* _KEYS_TRUSTED_TYPE_H */ diff --git a/include/keys/trusted_tpm.h b/include/keys/trusted_tpm.h index a56d8e1..5753231 100644 --- a/include/keys/trusted_tpm.h +++ b/include/keys/trusted_tpm.h @@ -60,17 +60,6 @@ static inline void dump_options(struct trusted_key_options *o) 16, 1, o->pcrinfo, o->pcrinfo_len, 0); } -static inline void dump_payload(struct trusted_key_payload *p) -{ - pr_info("trusted_key: key_len %d\n", p->key_len); - print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE, - 16, 1, p->key, p->key_len, 0); - pr_info("trusted_key: bloblen %d\n", p->blob_len); - print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE, - 16, 1, p->blob, p->blob_len, 0); - pr_info("trusted_key: migratable %d\n", p->migratable); -} - static inline void dump_sess(struct osapsess *s) { print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE, @@ -96,10 +85,6 @@ static inline void dump_options(struct trusted_key_options *o) { } -static inline void dump_payload(struct trusted_key_payload *p) -{ -} - static inline void dump_sess(struct osapsess *s) { } diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile index 7b73ceb..2b1085b 100644 --- a/security/keys/trusted-keys/Makefile +++ b/security/keys/trusted-keys/Makefile @@ -4,5 +4,6 @@ # obj-$(CONFIG_TRUSTED_KEYS) += trusted.o +trusted-y += trusted_common.o trusted-y += trusted_tpm1.o trusted-y += trusted_tpm2.o diff --git a/security/keys/trusted-keys/trusted_common.c b/security/keys/trusted-keys/trusted_common.c new file mode 100644 index 0000000..8f00fde --- /dev/null +++ b/security/keys/trusted-keys/trusted_common.c @@ -0,0 +1,343 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2010 IBM Corporation + * Copyright (c) 2019, Linaro Limited + * + * Author: + * David Safford + * Added generic trusted key framework: Sumit Garg + * + * See Documentation/security/keys/trusted-encrypted.rst + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static struct trusted_key_ops *available_tk_ops[] = { +#if defined(CONFIG_TCG_TPM) + &tpm_trusted_key_ops, +#endif +}; +static struct trusted_key_ops *tk_ops; + +enum { + Opt_err, + Opt_new, Opt_load, Opt_update, +}; + +static const match_table_t key_tokens = { + {Opt_new, "new"}, + {Opt_load, "load"}, + {Opt_update, "update"}, + {Opt_err, NULL} +}; + +/* + * datablob_parse - parse the keyctl data and fill in the + * payload structure + * + * On success returns 0, otherwise -EINVAL. + */ +static int datablob_parse(char *datablob, struct trusted_key_payload *p) +{ + substring_t args[MAX_OPT_ARGS]; + long keylen; + int ret = -EINVAL; + int key_cmd; + char *c; + + /* main command */ + c = strsep(&datablob, " \t"); + if (!c) + return -EINVAL; + key_cmd = match_token(c, key_tokens, args); + switch (key_cmd) { + case Opt_new: + /* first argument is key size */ + c = strsep(&datablob, " \t"); + if (!c) + return -EINVAL; + ret = kstrtol(c, 10, &keylen); + if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE) + return -EINVAL; + p->key_len = keylen; + ret = Opt_new; + break; + case Opt_load: + /* first argument is sealed blob */ + c = strsep(&datablob, " \t"); + if (!c) + return -EINVAL; + p->blob_len = strlen(c) / 2; + if (p->blob_len > MAX_BLOB_SIZE) + return -EINVAL; + ret = hex2bin(p->blob, c, p->blob_len); + if (ret < 0) + return -EINVAL; + ret = Opt_load; + break; + case Opt_update: + ret = Opt_update; + break; + case Opt_err: + return -EINVAL; + } + return ret; +} + +static struct trusted_key_payload *trusted_payload_alloc(struct key *key) +{ + struct trusted_key_payload *p = NULL; + int ret; + + ret = key_payload_reserve(key, sizeof(*p)); + if (ret < 0) + return p; + p = kzalloc(sizeof(*p), GFP_KERNEL); + + p->migratable = tk_ops->migratable; + + return p; +} + +/* + * trusted_instantiate - create a new trusted key + * + * Unseal an existing trusted blob or, for a new key, get a + * random key, then seal and create a trusted key-type key, + * adding it to the specified keyring. + * + * On success, return 0. Otherwise return errno. + */ +static int trusted_instantiate(struct key *key, + struct key_preparsed_payload *prep) +{ + struct trusted_key_payload *payload = NULL; + size_t datalen = prep->datalen; + char *datablob; + int ret = 0; + int key_cmd; + size_t key_len; + + if (datalen <= 0 || datalen > 32767 || !prep->data) + return -EINVAL; + + datablob = kmalloc(datalen + 1, GFP_KERNEL); + if (!datablob) + return -ENOMEM; + memcpy(datablob, prep->data, datalen); + datablob[datalen] = '\0'; + + payload = trusted_payload_alloc(key); + if (!payload) { + ret = -ENOMEM; + goto out; + } + + key_cmd = datablob_parse(datablob, payload); + if (key_cmd < 0) { + ret = key_cmd; + goto out; + } + + dump_payload(payload); + + switch (key_cmd) { + case Opt_load: + ret = tk_ops->unseal(payload, datablob); + dump_payload(payload); + if (ret < 0) + pr_info("trusted_key: key_unseal failed (%d)\n", ret); + break; + case Opt_new: + key_len = payload->key_len; + ret = tk_ops->get_random(payload->key, key_len); + if (ret != key_len) { + pr_info("trusted_key: key_create failed (%d)\n", ret); + goto out; + } + + ret = tk_ops->seal(payload, datablob); + if (ret < 0) + pr_info("trusted_key: key_seal failed (%d)\n", ret); + break; + default: + ret = -EINVAL; + } +out: + kzfree(datablob); + if (!ret) + rcu_assign_keypointer(key, payload); + else + kzfree(payload); + return ret; +} + +static void trusted_rcu_free(struct rcu_head *rcu) +{ + struct trusted_key_payload *p; + + p = container_of(rcu, struct trusted_key_payload, rcu); + kzfree(p); +} + +/* + * trusted_update - reseal an existing key with new PCR values + */ +static int trusted_update(struct key *key, struct key_preparsed_payload *prep) +{ + struct trusted_key_payload *p; + struct trusted_key_payload *new_p; + size_t datalen = prep->datalen; + char *datablob; + int ret = 0; + + if (key_is_negative(key)) + return -ENOKEY; + p = key->payload.data[0]; + if (!p->migratable) + return -EPERM; + if (datalen <= 0 || datalen > 32767 || !prep->data) + return -EINVAL; + + datablob = kmalloc(datalen + 1, GFP_KERNEL); + if (!datablob) + return -ENOMEM; + + new_p = trusted_payload_alloc(key); + if (!new_p) { + ret = -ENOMEM; + goto out; + } + + memcpy(datablob, prep->data, datalen); + datablob[datalen] = '\0'; + ret = datablob_parse(datablob, new_p); + if (ret != Opt_update) { + ret = -EINVAL; + kzfree(new_p); + goto out; + } + + /* copy old key values, and reseal with new pcrs */ + new_p->migratable = p->migratable; + new_p->key_len = p->key_len; + memcpy(new_p->key, p->key, p->key_len); + dump_payload(p); + dump_payload(new_p); + + ret = tk_ops->seal(new_p, datablob); + if (ret < 0) { + pr_info("trusted_key: key_seal failed (%d)\n", ret); + kzfree(new_p); + goto out; + } + + rcu_assign_keypointer(key, new_p); + call_rcu(&p->rcu, trusted_rcu_free); +out: + kzfree(datablob); + return ret; +} + +/* + * trusted_read - copy the sealed blob data to userspace in hex. + * On success, return to userspace the trusted key datablob size. + */ +static long trusted_read(const struct key *key, char __user *buffer, + size_t buflen) +{ + const struct trusted_key_payload *p; + char *ascii_buf; + char *bufp; + int i; + + p = dereference_key_locked(key); + if (!p) + return -EINVAL; + + if (buffer && buflen >= 2 * p->blob_len) { + ascii_buf = kmalloc_array(2, p->blob_len, GFP_KERNEL); + if (!ascii_buf) + return -ENOMEM; + + bufp = ascii_buf; + for (i = 0; i < p->blob_len; i++) + bufp = hex_byte_pack(bufp, p->blob[i]); + if (copy_to_user(buffer, ascii_buf, 2 * p->blob_len) != 0) { + kzfree(ascii_buf); + return -EFAULT; + } + kzfree(ascii_buf); + } + return 2 * p->blob_len; +} + +/* + * trusted_destroy - clear and free the key's payload + */ +static void trusted_destroy(struct key *key) +{ + kzfree(key->payload.data[0]); +} + +struct key_type key_type_trusted = { + .name = "trusted", + .instantiate = trusted_instantiate, + .update = trusted_update, + .destroy = trusted_destroy, + .describe = user_describe, + .read = trusted_read, +}; +EXPORT_SYMBOL_GPL(key_type_trusted); + +static int __init init_trusted(void) +{ + int i, ret = 0; + + for (i = 0; i < sizeof(available_tk_ops); i++) { + tk_ops = available_tk_ops[i]; + + if (!(tk_ops && tk_ops->init && tk_ops->seal && + tk_ops->unseal && tk_ops->get_random)) + continue; + + ret = tk_ops->init(); + if (ret) { + if (tk_ops->cleanup) + tk_ops->cleanup(); + } else { + break; + } + } + + /* + * encrypted_keys.ko depends on successful load of this module even if + * trusted key implementation is not found. + */ + if (ret == -ENODEV) + return 0; + + return ret; +} + +static void __exit cleanup_trusted(void) +{ + if (tk_ops->cleanup) + tk_ops->cleanup(); +} + +late_initcall(init_trusted); +module_exit(cleanup_trusted); + +MODULE_LICENSE("GPL"); diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c index d2c5ec1..32fd1ea 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -1,29 +1,26 @@ // SPDX-License-Identifier: GPL-2.0-only /* * Copyright (C) 2010 IBM Corporation + * Copyright (c) 2019, Linaro Limited * * Author: * David Safford + * Switch to generic trusted key framework: Sumit Garg * * See Documentation/security/keys/trusted-encrypted.rst */ #include -#include -#include #include #include #include #include #include -#include #include #include -#include #include #include #include -#include #include #include @@ -703,7 +700,6 @@ static int key_unseal(struct trusted_key_payload *p, enum { Opt_err, - Opt_new, Opt_load, Opt_update, Opt_keyhandle, Opt_keyauth, Opt_blobauth, Opt_pcrinfo, Opt_pcrlock, Opt_migratable, Opt_hash, @@ -712,9 +708,6 @@ enum { }; static const match_table_t key_tokens = { - {Opt_new, "new"}, - {Opt_load, "load"}, - {Opt_update, "update"}, {Opt_keyhandle, "keyhandle=%s"}, {Opt_keyauth, "keyauth=%s"}, {Opt_blobauth, "blobauth=%s"}, @@ -841,71 +834,6 @@ static int getoptions(char *c, struct trusted_key_payload *pay, return 0; } -/* - * datablob_parse - parse the keyctl data and fill in the - * payload and options structures - * - * On success returns 0, otherwise -EINVAL. - */ -static int datablob_parse(char *datablob, struct trusted_key_payload *p, - struct trusted_key_options *o) -{ - substring_t args[MAX_OPT_ARGS]; - long keylen; - int ret = -EINVAL; - int key_cmd; - char *c; - - /* main command */ - c = strsep(&datablob, " \t"); - if (!c) - return -EINVAL; - key_cmd = match_token(c, key_tokens, args); - switch (key_cmd) { - case Opt_new: - /* first argument is key size */ - c = strsep(&datablob, " \t"); - if (!c) - return -EINVAL; - ret = kstrtol(c, 10, &keylen); - if (ret < 0 || keylen < MIN_KEY_SIZE || keylen > MAX_KEY_SIZE) - return -EINVAL; - p->key_len = keylen; - ret = getoptions(datablob, p, o); - if (ret < 0) - return ret; - ret = Opt_new; - break; - case Opt_load: - /* first argument is sealed blob */ - c = strsep(&datablob, " \t"); - if (!c) - return -EINVAL; - p->blob_len = strlen(c) / 2; - if (p->blob_len > MAX_BLOB_SIZE) - return -EINVAL; - ret = hex2bin(p->blob, c, p->blob_len); - if (ret < 0) - return -EINVAL; - ret = getoptions(datablob, p, o); - if (ret < 0) - return ret; - ret = Opt_load; - break; - case Opt_update: - /* all arguments are options */ - ret = getoptions(datablob, p, o); - if (ret < 0) - return ret; - ret = Opt_update; - break; - case Opt_err: - return -EINVAL; - break; - } - return ret; -} - static struct trusted_key_options *trusted_options_alloc(void) { struct trusted_key_options *options; @@ -926,258 +854,99 @@ static struct trusted_key_options *trusted_options_alloc(void) return options; } -static struct trusted_key_payload *trusted_payload_alloc(struct key *key) +static int tpm_tk_seal(struct trusted_key_payload *p, char *datablob) { - struct trusted_key_payload *p = NULL; - int ret; - - ret = key_payload_reserve(key, sizeof *p); - if (ret < 0) - return p; - p = kzalloc(sizeof *p, GFP_KERNEL); - if (p) - p->migratable = 1; /* migratable by default */ - return p; -} - -/* - * trusted_instantiate - create a new trusted key - * - * Unseal an existing trusted blob or, for a new key, get a - * random key, then seal and create a trusted key-type key, - * adding it to the specified keyring. - * - * On success, return 0. Otherwise return errno. - */ -static int trusted_instantiate(struct key *key, - struct key_preparsed_payload *prep) -{ - struct trusted_key_payload *payload = NULL; struct trusted_key_options *options = NULL; - size_t datalen = prep->datalen; - char *datablob; int ret = 0; - int key_cmd; - size_t key_len; int tpm2; tpm2 = tpm_is_tpm2(chip); if (tpm2 < 0) return tpm2; - if (datalen <= 0 || datalen > 32767 || !prep->data) - return -EINVAL; - - datablob = kmalloc(datalen + 1, GFP_KERNEL); - if (!datablob) - return -ENOMEM; - memcpy(datablob, prep->data, datalen); - datablob[datalen] = '\0'; - options = trusted_options_alloc(); - if (!options) { - ret = -ENOMEM; - goto out; - } - payload = trusted_payload_alloc(key); - if (!payload) { - ret = -ENOMEM; - goto out; - } + if (!options) + return -ENOMEM; - key_cmd = datablob_parse(datablob, payload, options); - if (key_cmd < 0) { - ret = key_cmd; + ret = getoptions(datablob, p, options); + if (ret < 0) goto out; - } + dump_options(options); if (!options->keyhandle) { ret = -EINVAL; goto out; } - dump_payload(payload); - dump_options(options); + if (tpm2) + ret = tpm2_seal_trusted(chip, p, options); + else + ret = key_seal(p, options); + if (ret < 0) { + pr_info("tpm_trusted_key: key_seal failed (%d)\n", ret); + goto out; + } - switch (key_cmd) { - case Opt_load: - if (tpm2) - ret = tpm2_unseal_trusted(chip, payload, options); - else - ret = key_unseal(payload, options); - dump_payload(payload); - dump_options(options); - if (ret < 0) - pr_info("trusted_key: key_unseal failed (%d)\n", ret); - break; - case Opt_new: - key_len = payload->key_len; - ret = tpm_get_random(chip, payload->key, key_len); - if (ret != key_len) { - pr_info("trusted_key: key_create failed (%d)\n", ret); + if (options->pcrlock) { + ret = pcrlock(options->pcrlock); + if (ret < 0) { + pr_info("tpm_trusted_key: pcrlock failed (%d)\n", ret); goto out; } - if (tpm2) - ret = tpm2_seal_trusted(chip, payload, options); - else - ret = key_seal(payload, options); - if (ret < 0) - pr_info("trusted_key: key_seal failed (%d)\n", ret); - break; - default: - ret = -EINVAL; - goto out; } - if (!ret && options->pcrlock) - ret = pcrlock(options->pcrlock); out: - kzfree(datablob); kzfree(options); - if (!ret) - rcu_assign_keypointer(key, payload); - else - kzfree(payload); return ret; } -static void trusted_rcu_free(struct rcu_head *rcu) -{ - struct trusted_key_payload *p; - - p = container_of(rcu, struct trusted_key_payload, rcu); - kzfree(p); -} - -/* - * trusted_update - reseal an existing key with new PCR values - */ -static int trusted_update(struct key *key, struct key_preparsed_payload *prep) +static int tpm_tk_unseal(struct trusted_key_payload *p, char *datablob) { - struct trusted_key_payload *p; - struct trusted_key_payload *new_p; - struct trusted_key_options *new_o; - size_t datalen = prep->datalen; - char *datablob; + struct trusted_key_options *options = NULL; int ret = 0; + int tpm2; - if (key_is_negative(key)) - return -ENOKEY; - p = key->payload.data[0]; - if (!p->migratable) - return -EPERM; - if (datalen <= 0 || datalen > 32767 || !prep->data) - return -EINVAL; + tpm2 = tpm_is_tpm2(chip); + if (tpm2 < 0) + return tpm2; - datablob = kmalloc(datalen + 1, GFP_KERNEL); - if (!datablob) + options = trusted_options_alloc(); + if (!options) return -ENOMEM; - new_o = trusted_options_alloc(); - if (!new_o) { - ret = -ENOMEM; - goto out; - } - new_p = trusted_payload_alloc(key); - if (!new_p) { - ret = -ENOMEM; - goto out; - } - memcpy(datablob, prep->data, datalen); - datablob[datalen] = '\0'; - ret = datablob_parse(datablob, new_p, new_o); - if (ret != Opt_update) { - ret = -EINVAL; - kzfree(new_p); + ret = getoptions(datablob, p, options); + if (ret < 0) goto out; - } + dump_options(options); - if (!new_o->keyhandle) { + if (!options->keyhandle) { ret = -EINVAL; - kzfree(new_p); goto out; } - /* copy old key values, and reseal with new pcrs */ - new_p->migratable = p->migratable; - new_p->key_len = p->key_len; - memcpy(new_p->key, p->key, p->key_len); - dump_payload(p); - dump_payload(new_p); + if (tpm2) + ret = tpm2_unseal_trusted(chip, p, options); + else + ret = key_unseal(p, options); + if (ret < 0) + pr_info("tpm_trusted_key: key_unseal failed (%d)\n", ret); - ret = key_seal(new_p, new_o); - if (ret < 0) { - pr_info("trusted_key: key_seal failed (%d)\n", ret); - kzfree(new_p); - goto out; - } - if (new_o->pcrlock) { - ret = pcrlock(new_o->pcrlock); + if (options->pcrlock) { + ret = pcrlock(options->pcrlock); if (ret < 0) { - pr_info("trusted_key: pcrlock failed (%d)\n", ret); - kzfree(new_p); + pr_info("tpm_trusted_key: pcrlock failed (%d)\n", ret); goto out; } } - rcu_assign_keypointer(key, new_p); - call_rcu(&p->rcu, trusted_rcu_free); out: - kzfree(datablob); - kzfree(new_o); + kzfree(options); return ret; } -/* - * trusted_read - copy the sealed blob data to userspace in hex. - * On success, return to userspace the trusted key datablob size. - */ -static long trusted_read(const struct key *key, char __user *buffer, - size_t buflen) -{ - const struct trusted_key_payload *p; - char *ascii_buf; - char *bufp; - int i; - - p = dereference_key_locked(key); - if (!p) - return -EINVAL; - - if (buffer && buflen >= 2 * p->blob_len) { - ascii_buf = kmalloc_array(2, p->blob_len, GFP_KERNEL); - if (!ascii_buf) - return -ENOMEM; - - bufp = ascii_buf; - for (i = 0; i < p->blob_len; i++) - bufp = hex_byte_pack(bufp, p->blob[i]); - if (copy_to_user(buffer, ascii_buf, 2 * p->blob_len) != 0) { - kzfree(ascii_buf); - return -EFAULT; - } - kzfree(ascii_buf); - } - return 2 * p->blob_len; -} - -/* - * trusted_destroy - clear and free the key's payload - */ -static void trusted_destroy(struct key *key) +int tpm_tk_get_random(unsigned char *key, size_t key_len) { - kzfree(key->payload.data[0]); + return tpm_get_random(chip, key, key_len); } -struct key_type key_type_trusted = { - .name = "trusted", - .instantiate = trusted_instantiate, - .update = trusted_update, - .destroy = trusted_destroy, - .describe = user_describe, - .read = trusted_read, -}; - -EXPORT_SYMBOL_GPL(key_type_trusted); - static void trusted_shash_release(void) { if (hashalg) @@ -1192,14 +961,14 @@ static int __init trusted_shash_alloc(void) hmacalg = crypto_alloc_shash(hmac_alg, 0, 0); if (IS_ERR(hmacalg)) { - pr_info("trusted_key: could not allocate crypto %s\n", + pr_info("tpm_trusted_key: could not allocate crypto %s\n", hmac_alg); return PTR_ERR(hmacalg); } hashalg = crypto_alloc_shash(hash_alg, 0, 0); if (IS_ERR(hashalg)) { - pr_info("trusted_key: could not allocate crypto %s\n", + pr_info("tpm_trusted_key: could not allocate crypto %s\n", hash_alg); ret = PTR_ERR(hashalg); goto hashalg_fail; @@ -1227,16 +996,13 @@ static int __init init_digests(void) return 0; } -static int __init init_trusted(void) +static int __init init_tpm_trusted(void) { int ret; - /* encrypted_keys.ko depends on successful load of this module even if - * TPM is not used. - */ chip = tpm_default_chip(); if (!chip) - return 0; + return -ENODEV; ret = init_digests(); if (ret < 0) @@ -1257,7 +1023,7 @@ static int __init init_trusted(void) return ret; } -static void __exit cleanup_trusted(void) +static void __exit cleanup_tpm_trusted(void) { if (chip) { put_device(&chip->dev); @@ -1267,7 +1033,12 @@ static void __exit cleanup_trusted(void) } } -late_initcall(init_trusted); -module_exit(cleanup_trusted); - -MODULE_LICENSE("GPL"); +struct trusted_key_ops tpm_trusted_key_ops = { + .migratable = 1, /* migratable by default */ + .init = init_tpm_trusted, + .seal = tpm_tk_seal, + .unseal = tpm_tk_unseal, + .get_random = tpm_tk_get_random, + .cleanup = cleanup_tpm_trusted, +}; +EXPORT_SYMBOL_GPL(tpm_trusted_key_ops); From patchwork Thu Oct 31 13:58:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 11221291 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4C401913 for ; Thu, 31 Oct 2019 14:01:31 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 240F92087E for ; Thu, 31 Oct 2019 14:01:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="W7lKP5xG"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="OvH4AeDg" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 240F92087E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=IpmkIkI6rKBCQspvvp5HDb2sXtdWYMB81I9lkxskh1M=; b=W7lKP5xG6mXBlIKj72DJQMm6Pf XpCtlOUi4Bdzuah9zq+C0CJXH18nsQGvmjh+dK6wDbIAnnEv8ysBL7HfhlQx9HzWBDHBQ/LOpzsK4 TpOB+NqpbAj6mCYuuxPca7rrjB5bhpPCi57LHczKyQg8Vsn8KFHYURW5zjKwm9kfVWVUU2uHCtLNw A0Cce4ggV9q8JdW/iRG2u+3ojriFeaqW+CCl/ZFN7jISazRSM6t5+VP0TOACMn3gGBJhuS8TDYAcl ij6tuef8MfJR/ghIaWgzUSHMGdgTl9To7UaHXtvdr4FX4HpP5xkxX+oAVC5v/fOJSHTH971Bm8H4M GA2CNfiQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQB0z-0000gj-V7; Thu, 31 Oct 2019 14:01:30 +0000 Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQAzp-00083U-56 for linux-arm-kernel@lists.infradead.org; Thu, 31 Oct 2019 14:00:23 +0000 Received: by mail-pl1-x642.google.com with SMTP id j12so793545plt.9 for ; Thu, 31 Oct 2019 07:00:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=tV3YdYOF+N6UHAU6eCK1RFhDN2cqefuz5QUFK90oG0E=; b=OvH4AeDgTbhIkBZGp0TQgcWXJcsuzuRjBYfCXxK6UmaYdCG/MV9s7BDQd5K8dWQfcn OdnCagEgtscMK75ssAPM4AZbhwz1jnnVPnuXaFyPaYeIbOeBLlB++LK9g2zABqtll4Rp +aZq3pEY7AYQ86QL/ty3uR0BO+vAkwjau7QtVufIR6pu5z2jObW5q09b27Vwv+XbcYBS k8mrdrMnHnVPBS/0OpWfqihiEJRc5fAUVJNOp8ey4+wjDbJzv8UgGRRpB4/fioesTHrQ foLkjUaZoeIx3Yiq5wbnks59FmRPvbsfZvKYkvHBZU8zFEtRWytzDTTTL1rluFYMPxw3 ShIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=tV3YdYOF+N6UHAU6eCK1RFhDN2cqefuz5QUFK90oG0E=; b=kFXKlong6Ifvx/8tGp/I1V5KOWWhNIqX06FRWZv/R1HZi5TBYbefCxCiidz/B6/YO3 8L4+aMSGDKFInDc475wllgw20vubFIZ+HBvS+X9CbsNfi+UIOHxCvFiXH5oZ+0+cB+D1 OpddfFAUQoWrmQSYNzR+tbCytCMHjri32JJvDebbkMVM8VXw1Uzf/kapNS1S/+U3sz8R fJDdHhFQmN5uJ3yYsYi0cx5sW/1whaU/oiAOYhH5ianRpv0U6bzgqOrNpBBu4mR4Gwjl afduevjcxU+4niACeJUnfC/rcNcd+2XLwVvx3xWcLEdRnbAQkTWjxqAzi8/7rwmH22j2 wsPw== X-Gm-Message-State: APjAAAVndHcLTogbViJB/rjsuIcqhVIdkutMTvkjmkt597JamaL9gWg7 xVIvjOOgF/IEE5a8tHcz6Oyzcg== X-Google-Smtp-Source: APXvYqw2ClUwIgO5Jk3gxRZklBJXlQ8B/mnSfsyCk/TfumCAQxPsmrrR6U5YNRBQFFT3FZL3BHbPoA== X-Received: by 2002:a17:902:fe96:: with SMTP id x22mr6578309plm.72.1572530414887; Thu, 31 Oct 2019 07:00:14 -0700 (PDT) Received: from localhost.localdomain ([117.252.69.143]) by smtp.gmail.com with ESMTPSA id i16sm3522441pfa.184.2019.10.31.07.00.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Oct 2019 07:00:14 -0700 (PDT) From: Sumit Garg To: jens.wiklander@linaro.org, jarkko.sakkinen@linux.intel.com, dhowells@redhat.com Subject: [Patch v3 5/7] KEYS: trusted: Introduce TEE based Trusted Keys Date: Thu, 31 Oct 2019 19:28:41 +0530 Message-Id: <1572530323-14802-6-git-send-email-sumit.garg@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> References: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191031_070017_419509_FE7D8EE3 X-CRM114-Status: GOOD ( 20.46 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:642 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sumit Garg , daniel.thompson@linaro.org, janne.karhunen@gmail.com, corbet@lwn.net, jejb@linux.ibm.com, ard.biesheuvel@linaro.org, linux-doc@vger.kernel.org, jmorris@namei.org, zohar@linux.ibm.com, linux-kernel@vger.kernel.org, tee-dev@lists.linaro.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, stuart.yoder@arm.com, casey@schaufler-ca.com, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, serge@hallyn.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Add support for TEE based trusted keys where TEE provides the functionality to seal and unseal trusted keys using hardware unique key. Refer to Documentation/tee.txt for detailed information about TEE. Signed-off-by: Sumit Garg --- include/keys/trusted-type.h | 3 + include/keys/trusted_tee.h | 66 +++++++ security/keys/Kconfig | 3 + security/keys/trusted-keys/Makefile | 1 + security/keys/trusted-keys/trusted_common.c | 3 + security/keys/trusted-keys/trusted_tee.c | 282 ++++++++++++++++++++++++++++ 6 files changed, 358 insertions(+) create mode 100644 include/keys/trusted_tee.h create mode 100644 security/keys/trusted-keys/trusted_tee.c diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h index 5559010..e0df5df 100644 --- a/include/keys/trusted-type.h +++ b/include/keys/trusted-type.h @@ -67,6 +67,9 @@ extern struct key_type key_type_trusted; #if defined(CONFIG_TCG_TPM) extern struct trusted_key_ops tpm_trusted_key_ops; #endif +#if defined(CONFIG_TEE) +extern struct trusted_key_ops tee_trusted_key_ops; +#endif #define TRUSTED_DEBUG 0 diff --git a/include/keys/trusted_tee.h b/include/keys/trusted_tee.h new file mode 100644 index 0000000..ab58ffd --- /dev/null +++ b/include/keys/trusted_tee.h @@ -0,0 +1,66 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2019 Linaro Ltd. + * + * Author: + * Sumit Garg + */ + +#ifndef __TEE_TRUSTED_KEY_H +#define __TEE_TRUSTED_KEY_H + +#include + +#define DRIVER_NAME "tee-trusted-key" + +/* + * Get random data for symmetric key + * + * [out] memref[0] Random data + * + * Result: + * TEE_SUCCESS - Invoke command success + * TEE_ERROR_BAD_PARAMETERS - Incorrect input param + */ +#define TA_CMD_GET_RANDOM 0x0 + +/* + * Seal trusted key using hardware unique key + * + * [in] memref[0] Plain key + * [out] memref[1] Sealed key datablob + * + * Result: + * TEE_SUCCESS - Invoke command success + * TEE_ERROR_BAD_PARAMETERS - Incorrect input param + */ +#define TA_CMD_SEAL 0x1 + +/* + * Unseal trusted key using hardware unique key + * + * [in] memref[0] Sealed key datablob + * [out] memref[1] Plain key + * + * Result: + * TEE_SUCCESS - Invoke command success + * TEE_ERROR_BAD_PARAMETERS - Incorrect input param + */ +#define TA_CMD_UNSEAL 0x2 + +/** + * struct trusted_key_private - TEE Trusted key private data + * @dev: TEE based Trusted key device. + * @ctx: TEE context handler. + * @session_id: Trusted key TA session identifier. + * @shm_pool: Memory pool shared with TEE device. + */ +struct trusted_key_private { + struct device *dev; + struct tee_context *ctx; + u32 session_id; + u32 data_rate; + struct tee_shm *shm_pool; +}; + +#endif diff --git a/security/keys/Kconfig b/security/keys/Kconfig index dd31343..0d5e37c 100644 --- a/security/keys/Kconfig +++ b/security/keys/Kconfig @@ -88,6 +88,9 @@ config TRUSTED_KEYS if the boot PCRs and other criteria match. Userspace will only ever see encrypted blobs. + It also provides support for alternative TEE based Trusted keys + generation and sealing in case TPM isn't present. + If you are unsure as to whether this is required, answer N. config ENCRYPTED_KEYS diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile index 2b1085b..ea937d3 100644 --- a/security/keys/trusted-keys/Makefile +++ b/security/keys/trusted-keys/Makefile @@ -7,3 +7,4 @@ obj-$(CONFIG_TRUSTED_KEYS) += trusted.o trusted-y += trusted_common.o trusted-y += trusted_tpm1.o trusted-y += trusted_tpm2.o +trusted-y += trusted_tee.o diff --git a/security/keys/trusted-keys/trusted_common.c b/security/keys/trusted-keys/trusted_common.c index 8f00fde..a0a171f 100644 --- a/security/keys/trusted-keys/trusted_common.c +++ b/security/keys/trusted-keys/trusted_common.c @@ -27,6 +27,9 @@ static struct trusted_key_ops *available_tk_ops[] = { #if defined(CONFIG_TCG_TPM) &tpm_trusted_key_ops, #endif +#if defined(CONFIG_TEE) + &tee_trusted_key_ops, +#endif }; static struct trusted_key_ops *tk_ops; diff --git a/security/keys/trusted-keys/trusted_tee.c b/security/keys/trusted-keys/trusted_tee.c new file mode 100644 index 0000000..724a73c --- /dev/null +++ b/security/keys/trusted-keys/trusted_tee.c @@ -0,0 +1,282 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2019 Linaro Ltd. + * + * Author: + * Sumit Garg + */ + +#include +#include +#include +#include +#include + +#include +#include + +static struct trusted_key_private pvt_data; + +/* + * Have the TEE seal(encrypt) the symmetric key + */ +static int tee_key_seal(struct trusted_key_payload *p, char *datablob) +{ + int ret = 0; + struct tee_ioctl_invoke_arg inv_arg; + struct tee_param param[4]; + struct tee_shm *reg_shm_in = NULL, *reg_shm_out = NULL; + + memset(&inv_arg, 0, sizeof(inv_arg)); + memset(¶m, 0, sizeof(param)); + + reg_shm_in = tee_shm_register(pvt_data.ctx, (unsigned long)p->key, + p->key_len, TEE_SHM_DMA_BUF | + TEE_SHM_KERNEL_MAPPED); + if (IS_ERR(reg_shm_in)) { + dev_err(pvt_data.dev, "key shm register failed\n"); + return PTR_ERR(reg_shm_in); + } + + reg_shm_out = tee_shm_register(pvt_data.ctx, (unsigned long)p->blob, + sizeof(p->blob), TEE_SHM_DMA_BUF | + TEE_SHM_KERNEL_MAPPED); + if (IS_ERR(reg_shm_out)) { + dev_err(pvt_data.dev, "blob shm register failed\n"); + ret = PTR_ERR(reg_shm_out); + goto out; + } + + inv_arg.func = TA_CMD_SEAL; + inv_arg.session = pvt_data.session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; + param[0].u.memref.shm = reg_shm_in; + param[0].u.memref.size = p->key_len; + param[0].u.memref.shm_offs = 0; + param[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT; + param[1].u.memref.shm = reg_shm_out; + param[1].u.memref.size = sizeof(p->blob); + param[1].u.memref.shm_offs = 0; + + ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param); + if ((ret < 0) || (inv_arg.ret != 0)) { + dev_err(pvt_data.dev, "TA_CMD_SEAL invoke err: %x\n", + inv_arg.ret); + ret = -EFAULT; + } else { + p->blob_len = param[1].u.memref.size; + } + +out: + if (reg_shm_out) + tee_shm_free(reg_shm_out); + if (reg_shm_in) + tee_shm_free(reg_shm_in); + + return ret; +} + +/* + * Have the TEE unseal(decrypt) the symmetric key + */ +static int tee_key_unseal(struct trusted_key_payload *p, char *datablob) +{ + int ret = 0; + struct tee_ioctl_invoke_arg inv_arg; + struct tee_param param[4]; + struct tee_shm *reg_shm_in = NULL, *reg_shm_out = NULL; + + memset(&inv_arg, 0, sizeof(inv_arg)); + memset(¶m, 0, sizeof(param)); + + reg_shm_in = tee_shm_register(pvt_data.ctx, (unsigned long)p->blob, + p->blob_len, TEE_SHM_DMA_BUF | + TEE_SHM_KERNEL_MAPPED); + if (IS_ERR(reg_shm_in)) { + dev_err(pvt_data.dev, "blob shm register failed\n"); + return PTR_ERR(reg_shm_in); + } + + reg_shm_out = tee_shm_register(pvt_data.ctx, (unsigned long)p->key, + sizeof(p->key), TEE_SHM_DMA_BUF | + TEE_SHM_KERNEL_MAPPED); + if (IS_ERR(reg_shm_out)) { + dev_err(pvt_data.dev, "key shm register failed\n"); + ret = PTR_ERR(reg_shm_out); + goto out; + } + + inv_arg.func = TA_CMD_UNSEAL; + inv_arg.session = pvt_data.session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT; + param[0].u.memref.shm = reg_shm_in; + param[0].u.memref.size = p->blob_len; + param[0].u.memref.shm_offs = 0; + param[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT; + param[1].u.memref.shm = reg_shm_out; + param[1].u.memref.size = sizeof(p->key); + param[1].u.memref.shm_offs = 0; + + ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param); + if ((ret < 0) || (inv_arg.ret != 0)) { + dev_err(pvt_data.dev, "TA_CMD_UNSEAL invoke err: %x\n", + inv_arg.ret); + ret = -EFAULT; + } else { + p->key_len = param[1].u.memref.size; + } + +out: + if (reg_shm_out) + tee_shm_free(reg_shm_out); + if (reg_shm_in) + tee_shm_free(reg_shm_in); + + return ret; +} + +/* + * Have the TEE generate random symmetric key + */ +static int tee_get_random(unsigned char *key, size_t key_len) +{ + int ret = 0; + struct tee_ioctl_invoke_arg inv_arg; + struct tee_param param[4]; + struct tee_shm *reg_shm = NULL; + + memset(&inv_arg, 0, sizeof(inv_arg)); + memset(¶m, 0, sizeof(param)); + + reg_shm = tee_shm_register(pvt_data.ctx, (unsigned long)key, key_len, + TEE_SHM_DMA_BUF | TEE_SHM_KERNEL_MAPPED); + if (IS_ERR(reg_shm)) { + dev_err(pvt_data.dev, "random key shm register failed\n"); + return PTR_ERR(reg_shm); + } + + inv_arg.func = TA_CMD_GET_RANDOM; + inv_arg.session = pvt_data.session_id; + inv_arg.num_params = 4; + + param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT; + param[0].u.memref.shm = reg_shm; + param[0].u.memref.size = key_len; + param[0].u.memref.shm_offs = 0; + + ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param); + if ((ret < 0) || (inv_arg.ret != 0)) { + dev_err(pvt_data.dev, "TA_CMD_GET_RANDOM invoke err: %x\n", + inv_arg.ret); + ret = -EFAULT; + } else { + ret = param[0].u.memref.size; + } + + tee_shm_free(reg_shm); + + return ret; +} + +static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data) +{ + if (ver->impl_id == TEE_IMPL_ID_OPTEE) + return 1; + else + return 0; +} + +static int trusted_key_probe(struct device *dev) +{ + struct tee_client_device *rng_device = to_tee_client_device(dev); + int ret = 0, err = -ENODEV; + struct tee_ioctl_open_session_arg sess_arg; + + memset(&sess_arg, 0, sizeof(sess_arg)); + + /* Open context with TEE driver */ + pvt_data.ctx = tee_client_open_context(NULL, optee_ctx_match, NULL, + NULL); + if (IS_ERR(pvt_data.ctx)) + return -ENODEV; + + /* Open session with hwrng Trusted App */ + memcpy(sess_arg.uuid, rng_device->id.uuid.b, TEE_IOCTL_UUID_LEN); + sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL; + sess_arg.num_params = 0; + + ret = tee_client_open_session(pvt_data.ctx, &sess_arg, NULL); + if ((ret < 0) || (sess_arg.ret != 0)) { + dev_err(dev, "tee_client_open_session failed, err: %x\n", + sess_arg.ret); + err = -EINVAL; + goto out_ctx; + } + pvt_data.session_id = sess_arg.session; + + ret = register_key_type(&key_type_trusted); + if (ret < 0) + goto out_sess; + + pvt_data.dev = dev; + + return 0; + +out_sess: + tee_client_close_session(pvt_data.ctx, pvt_data.session_id); +out_ctx: + tee_client_close_context(pvt_data.ctx); + + return err; +} + +static int trusted_key_remove(struct device *dev) +{ + unregister_key_type(&key_type_trusted); + tee_client_close_session(pvt_data.ctx, pvt_data.session_id); + tee_client_close_context(pvt_data.ctx); + + return 0; +} + +static const struct tee_client_device_id trusted_key_id_table[] = { + {UUID_INIT(0xf04a0fe7, 0x1f5d, 0x4b9b, + 0xab, 0xf7, 0x61, 0x9b, 0x85, 0xb4, 0xce, 0x8c)}, + {} +}; + +MODULE_DEVICE_TABLE(tee, trusted_key_id_table); + +static struct tee_client_driver trusted_key_driver = { + .id_table = trusted_key_id_table, + .driver = { + .name = DRIVER_NAME, + .bus = &tee_bus_type, + .probe = trusted_key_probe, + .remove = trusted_key_remove, + }, +}; + +static int __init init_tee_trusted(void) +{ + return driver_register(&trusted_key_driver.driver); +} + +static void __exit cleanup_tee_trusted(void) +{ + driver_unregister(&trusted_key_driver.driver); +} + +struct trusted_key_ops tee_trusted_key_ops = { + .migratable = 0, /* non-migratable */ + .init = init_tee_trusted, + .seal = tee_key_seal, + .unseal = tee_key_unseal, + .get_random = tee_get_random, + .cleanup = cleanup_tee_trusted, +}; +EXPORT_SYMBOL_GPL(tee_trusted_key_ops); From patchwork Thu Oct 31 13:58:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 11221293 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BAE0D1515 for ; Thu, 31 Oct 2019 14:01:49 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 46D1A2087E for ; Thu, 31 Oct 2019 14:01:49 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="hA3g00DI"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="pjyU78O3" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 46D1A2087E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=QImHOIFJgfI7hnoYFbBIDgoaCKqrqN+OuNU37H4wlIg=; b=hA3g00DIkCv8FBVqCc3N/U04tU s5qs+lyrPTQ37KJlIcp45rjz+IyZop/2rhiRFvRXB9sX/TwNXnWWsUfITtJ60PDJpRy8Tid25Q8vT 6K6Q79Vj3uMTAB9/cXszmoqrMhMcajjgSlsELENI8MlX5E2wUYigyLzjOCr8j/eWeAprVYyNHYLxj 0boV/Wxr93FaUPxiA45WtrFgDAKjXCaFvIjVMd9vP18XDF6dWxhPOhUkFlL1HWswaZk4x+dRlh7hH FMhow9FEmlgKAnhxsDTZ8dnb3pOpU0MB/Jk3dGeqV/u4sbfQDBpCJu6QyXkp6PuOZaVoMbp8hqvDF PcpRwvqQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQB1H-0000yv-Fi; Thu, 31 Oct 2019 14:01:47 +0000 Received: from mail-pf1-x441.google.com ([2607:f8b0:4864:20::441]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQAzv-0008ED-LU for linux-arm-kernel@lists.infradead.org; Thu, 31 Oct 2019 14:00:26 +0000 Received: by mail-pf1-x441.google.com with SMTP id 3so4427734pfb.10 for ; Thu, 31 Oct 2019 07:00:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ihVno30NiTJ4nXlPwk0p1JArXGGwnpn9XYnN+QyiMz4=; b=pjyU78O3YD26ZTvmDq7xDFKMfe99rm566ijOjFmjEwdUYnQCPRdeZh7dv5cb6Oos8F QSMyWgVfo7mHozTV03x0jbZZRFQ4MxkzyoxnQSASeZLcT+BBWjFafJWIhxAR71eLjsbI skUqbhe3vLZYr0aQyxC4mSDwJLduVYXX6TAuOGWX4zjay4Dl7oI5v5QoC3NjmlUnQOwh zDwnvUGNk71ke/htRBQMgau7Skx9H0uP2dPYY9vy5Z5pD430uSHA/dcr9RabkYUHiZvB 8cHTdQFXB8svq3viRjwodMFg1PV4zVPLrOzJjHsmldInuV4PcY2HEPSGNgy8RvfBO/tW bKlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ihVno30NiTJ4nXlPwk0p1JArXGGwnpn9XYnN+QyiMz4=; b=BWzuhs9HdUioTus2YTK3wk5sAYEmfzRDSFSIARRxFcRR2nMuci+CAsRRB3B/c0RfLS NsI3PuNTd/8h6XzpoWsADIU2gy+BzW7qyHpXiiKxiIh0N0temdkTL4ciYWtdNAeTQsEU I4Dl/nvsLgYDhnCkR5Y63TwXR8wIEaAkj/wh+SD2LvJMpB8FfJji77p4n0FDxPKq4QQ/ 4AqbCAUYzEBuMIzhVMgovJRny7EAvd1P6y9TEG5xqntlIJoxqPRem1sb5pAjHdRofJj0 zBgmDEK/m7ioz0mgE+vmDPfYXMs+w+U2HEv8iN9ERwm3ydabBVHbMOI8LIMqXrcV8l9t gOoQ== X-Gm-Message-State: APjAAAXcxJVQ2qs8QAy/7estlPrbOBfdRW98OEZjkIhUAXKl8Vn+G61Q +0UO+xjtZKzVdA3MnxlsTxyXoA== X-Google-Smtp-Source: APXvYqz8MkbuV1hRddfSZ/QAk8v+XST0VkzaBOaZtV3PDcEQqkrpHQNhHr7g24puFk5SVUbTJ1tdbA== X-Received: by 2002:a17:90a:fa02:: with SMTP id cm2mr7821867pjb.129.1572530422954; Thu, 31 Oct 2019 07:00:22 -0700 (PDT) Received: from localhost.localdomain ([117.252.69.143]) by smtp.gmail.com with ESMTPSA id i16sm3522441pfa.184.2019.10.31.07.00.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Oct 2019 07:00:22 -0700 (PDT) From: Sumit Garg To: jens.wiklander@linaro.org, jarkko.sakkinen@linux.intel.com, dhowells@redhat.com Subject: [Patch v3 6/7] doc: keys: Document usage of TEE based Trusted Keys Date: Thu, 31 Oct 2019 19:28:42 +0530 Message-Id: <1572530323-14802-7-git-send-email-sumit.garg@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> References: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191031_070024_235723_BD89B6E1 X-CRM114-Status: GOOD ( 14.78 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:441 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sumit Garg , daniel.thompson@linaro.org, janne.karhunen@gmail.com, corbet@lwn.net, jejb@linux.ibm.com, ard.biesheuvel@linaro.org, linux-doc@vger.kernel.org, jmorris@namei.org, zohar@linux.ibm.com, linux-kernel@vger.kernel.org, tee-dev@lists.linaro.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, stuart.yoder@arm.com, casey@schaufler-ca.com, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, serge@hallyn.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Provide documentation for usage of TEE based Trusted Keys via existing user-space "keyctl" utility. Also, document various use-cases. Signed-off-by: Sumit Garg --- Documentation/security/keys/index.rst | 1 + Documentation/security/keys/tee-trusted.rst | 93 +++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 Documentation/security/keys/tee-trusted.rst diff --git a/Documentation/security/keys/index.rst b/Documentation/security/keys/index.rst index 647d58f..f9ef557 100644 --- a/Documentation/security/keys/index.rst +++ b/Documentation/security/keys/index.rst @@ -9,3 +9,4 @@ Kernel Keys ecryptfs request-key trusted-encrypted + tee-trusted diff --git a/Documentation/security/keys/tee-trusted.rst b/Documentation/security/keys/tee-trusted.rst new file mode 100644 index 0000000..ef03745 --- /dev/null +++ b/Documentation/security/keys/tee-trusted.rst @@ -0,0 +1,93 @@ +====================== +TEE based Trusted Keys +====================== + +TEE based Trusted Keys provides an alternative approach for providing Trusted +Keys in case TPM chip isn't present. + +Trusted Keys use a TEE service/device both to generate and to seal the keys. +Keys are sealed under a hardware unique key in the TEE, and only unsealed by +the TEE. + +For more information about TEE, refer to ``Documentation/tee.txt``. + +Usage:: + + keyctl add trusted name "new keylen" ring + keyctl add trusted name "load hex_blob" ring + keyctl print keyid + +"keyctl print" returns an ascii hex copy of the sealed key, which is in format +specific to TEE device implementation. The key length for new keys are always +in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits). + +Examples of trusted key and its usage as 'master' key for encrypted key usage: + +More details about encrypted keys can be found here: +``Documentation/security/keys/trusted-encrypted.rst`` + +Create and save a trusted key named "kmk" of length 32 bytes:: + + $ keyctl add trusted kmk "new 32" @u + 754414669 + + $ keyctl show + Session Keyring + 827385718 --alswrv 0 65534 keyring: _uid_ses.0 + 274124851 --alswrv 0 65534 \_ keyring: _uid.0 + 754414669 --als-rv 0 0 \_ trusted: kmk + + $ keyctl print 754414669 + 15676790697861b422175596ae001c2f505cea2c6f3ebbc5fb08eeb1f343a07e + + $ keyctl pipe 754414669 > kmk.blob + +Load a trusted key from the saved blob:: + + $ keyctl add trusted kmk "load `cat kmk.blob`" @u + 491638700 + + $ keyctl print 491638700 + 15676790697861b422175596ae001c2f505cea2c6f3ebbc5fb08eeb1f343a07e + +The initial consumer of trusted keys is EVM, which at boot time needs a high +quality symmetric key for HMAC protection of file metadata. The use of a +TEE based trusted key provides security that the EVM key has not been +compromised by a user level problem and tied to particular hardware. + +Create and save an encrypted key "evm" using the above trusted key "kmk": + +option 1: omitting 'format':: + + $ keyctl add encrypted evm "new trusted:kmk 32" @u + 608915065 + +option 2: explicitly defining 'format' as 'default':: + + $ keyctl add encrypted evm "new default trusted:kmk 32" @u + 608915065 + + $ keyctl print 608915065 + default trusted:kmk 32 f380ac588a925f488d5be007cf23e4c900b8b652ab62241c8 + ed54906189b6659d139d619d4b51752a2645537b11fd44673f13154a65b3f595d5fb2131 + 2fe45529ea0407c644ea4026f2a1a75661f2c9b66 + + $ keyctl pipe 608915065 > evm.blob + +Load an encrypted key "evm" from saved blob:: + + $ keyctl add encrypted evm "load `cat evm.blob`" @u + 831684262 + + $ keyctl print 831684262 + default trusted:kmk 32 f380ac588a925f488d5be007cf23e4c900b8b652ab62241c8 + ed54906189b6659d139d619d4b51752a2645537b11fd44673f13154a65b3f595d5fb2131 + 2fe45529ea0407c644ea4026f2a1a75661f2c9b66 + +Other uses for trusted and encrypted keys, such as for disk and file encryption +are anticipated. In particular the 'ecryptfs' encrypted keys format can be used +to mount an eCryptfs filesystem. More details about the usage can be found in +the file ``Documentation/security/keys/ecryptfs.rst``. + +Another format 'enc32' can be used to support encrypted keys with payload size +of 32 bytes. From patchwork Thu Oct 31 13:58:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 11221295 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4157C913 for ; Thu, 31 Oct 2019 14:02:15 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1E4ED2087E for ; Thu, 31 Oct 2019 14:02:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="sdkC0zof"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="lwu1b6fl" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1E4ED2087E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=MeJFwH/YRY7G7CK6z1smcpKEuYQmMQo+YtCax5W+v5M=; b=sdkC0zofSmfUEg22cjQOdvogPY XxjCCcJaoAFat+7Zcfo0BkyPIHCJttPmq9MDP0mH/VZbJ0li24ngHk2DodiqEsFo+bFziP8ZWs5jd QBRFuhznMBrTZzj4nkioLdIwf8Wi1LHnLWPpRABnKI02cgf+ZluPjCnF6Aa9FXPxLZgl8k11xpasr oMpFN1NkpG/F5AH1lXBDxJYFwU0qCVgvOOnOt1m6A5CT+xuRFOFOzmVhOYarhXnd6s9Hcl0iOb4kb sNiFWRlqXVBnlHVVActYhGdsntjfG6s4vqvkmpjG/0BqXHGyFtNolzrOAC4Pqjz/wFXbp1OCbj3eA 1xsmQxrQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQB1a-0001Cx-Hm; Thu, 31 Oct 2019 14:02:06 +0000 Received: from mail-pl1-x630.google.com ([2607:f8b0:4864:20::630]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iQB07-0008K5-V4 for linux-arm-kernel@lists.infradead.org; Thu, 31 Oct 2019 14:00:37 +0000 Received: by mail-pl1-x630.google.com with SMTP id x6so2751439pln.2 for ; Thu, 31 Oct 2019 07:00:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=vwkM+SzsoiF7YKIoK9DIXcbGL7DR7Z0spQKLzLaNHZQ=; b=lwu1b6fl86TKE/CMp25S7IhlXjiw3/P2BxSE+VrP/HwDLSRhME76dbmwTxC8BpTHT/ KlbWpTvNZ8LGCVHZxHYfeVb4PzGeDIRDSQUUNVT1cYlyd90gf/aDu7vQzFlm37hEcFxc KPvQpjyuaoCttslC+3jrhjI35gwN4wAyqx8axXPj3wJRQiyABZJvWFci2ShCan+zXbN6 zPYtL7Np1pNM3HzRTzv6xjj+EHoeRQVR8NLL/jBkKjtl1pqhL2OOqXYI2ujSL1Or0oV2 CRt4RrD958u8atB+0vrOw3fWVyDb6Z1aeIY4m9ANwue1KimAXpvJ6WG+RN5eP5GQdHY/ 2jKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=vwkM+SzsoiF7YKIoK9DIXcbGL7DR7Z0spQKLzLaNHZQ=; b=FMqJX6gFT0QRLq2ds9x3twiOn+4xpz/mMyCgIszJG2wR/IZ7kArOiGE/06edsv1UZs kOZKsMZBCi2riYuVkFp8nBZ/bsBQll+YFmpBLKx9MppsB/vGbtdkyONwWQjmZ8K6/rVA 5DoYLKoPCzrewBccoskkTgQNKl3WswGatjWO+E1hFBDmOVuTeNH0HTj1dzZX/T9lhK7t 92821SxJIgPjiIKnQAL2MbE58/r5KpIDSSOX6iEfXnoUGxkuUhAJWeXasCbLLCo3Ya6R 0iCZNttJ7VwNUAQgZ3ewsImb4BMkYTLahSTVuOq802bIo/732R0PWHBGwf1dJf3BiIfF lvJw== X-Gm-Message-State: APjAAAUblFjFEhUZvkzeFN6W62oSbc0oJHaHoL5dNQwmjL/JfQe7FfGB VUhwlyYzBR0EsI7UsikHQ6cgjw== X-Google-Smtp-Source: APXvYqw09qKkn7Bgw5qiGynPfr7slN+fXXwxh/UBQthSfTfEmpqgT8eYadae9P4L6lIIRwbq16G6sg== X-Received: by 2002:a17:902:a5c2:: with SMTP id t2mr6758983plq.258.1572530431038; Thu, 31 Oct 2019 07:00:31 -0700 (PDT) Received: from localhost.localdomain ([117.252.69.143]) by smtp.gmail.com with ESMTPSA id i16sm3522441pfa.184.2019.10.31.07.00.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Oct 2019 07:00:30 -0700 (PDT) From: Sumit Garg To: jens.wiklander@linaro.org, jarkko.sakkinen@linux.intel.com, dhowells@redhat.com Subject: [Patch v3 7/7] MAINTAINERS: Add entry for TEE based Trusted Keys Date: Thu, 31 Oct 2019 19:28:43 +0530 Message-Id: <1572530323-14802-8-git-send-email-sumit.garg@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> References: <1572530323-14802-1-git-send-email-sumit.garg@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191031_070036_024959_B7AD4E95 X-CRM114-Status: UNSURE ( 9.99 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:630 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sumit Garg , daniel.thompson@linaro.org, janne.karhunen@gmail.com, corbet@lwn.net, jejb@linux.ibm.com, ard.biesheuvel@linaro.org, linux-doc@vger.kernel.org, jmorris@namei.org, zohar@linux.ibm.com, linux-kernel@vger.kernel.org, tee-dev@lists.linaro.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, stuart.yoder@arm.com, casey@schaufler-ca.com, linux-integrity@vger.kernel.org, linux-arm-kernel@lists.infradead.org, serge@hallyn.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Add MAINTAINERS entry for TEE based Trusted Keys framework. Signed-off-by: Sumit Garg --- MAINTAINERS | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index c6c34d0..08d0282 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -9059,6 +9059,15 @@ F: include/keys/trusted-type.h F: security/keys/trusted.c F: include/keys/trusted.h +KEYS-TEE-TRUSTED +M: Sumit Garg +L: linux-integrity@vger.kernel.org +L: keyrings@vger.kernel.org +S: Supported +F: Documentation/security/keys/tee-trusted.rst +F: include/keys/trusted_tee.h +F: security/keys/trusted-keys/trusted_tee.c + KEYS/KEYRINGS: M: David Howells M: Jarkko Sakkinen