Comments (5)
Hi @youssefesmat , thanks for your proposal, please let us have some time to digest and discuss your suggestions. We will come back with an answer soon again.
from optee_os.
Hi @youssefesmat ,
Sorry for taking some time to get back to you, but now we have been looking at
your proposal and in general we like your suggestions. However, there are a few
things we would like to raise.
-
Connecting the APIs
tee_file_operations
We would prefer to not have platform specific tee_file_operations's. I.e,
instead try to have only one for each type in generic code, i.e, flash based
and the RPMB-based. We could add platform specific hooks if we find out that
a certain platform has special needs.To start with, we would like to switch between the two using a compile time
flag. Later on we most likely would like to make it possible to mix between
both of them. For example, it could be useful to leverage RPMB for rollback
counters while still having the possibility use flash for bulk storage. But
as first patchset we would prefer either or. -
RPMB APIs
We're OK with your suggestions here. -
Optimizations
If implemented like a write-through cache, we're OK with this. -
Open Questions
Q: Is there a current ETA for pull request 231 such that we can take a
dependency on it?
A: Yes, the due date for that particular work is end of June. So that must be
taken into account. Also, we see that it is critical that we make use of
"encfs" also when communicating with RPMB, since the communication goes
via the REE (basically the AES-GCM is important).Q: How is locking handled to the lower level RPCs? In other words can two
threads attempt to write to the RPMB block at the same time?
A: No, they will be blocked in the Linux kernel driver. See this section in the kernel driver.
from optee_os.
Thank you very much @jbech-linaro for looking at this. I will apply your feedback.
from optee_os.
Hi @youssefesmat ,
So, finally we have a plan from Linaro and it is as follows:
- We will take the fork you created and rebase it on top of our master branch. In the first shot we will just use a flag to switch between
tee_fs_common.c
andtee_rpmb_fs_common.c
(actually things might change here slightly). - We will implemented the missing pieces in
tee-supplicant
. Basically accepting messages and and call eMMC controller using theioctl
to Linux kernel. - Eventually implement some kind of simple RPMB emulator used by tee-supplicant that will make further development and verification a bit easier than having to solely to rely on real hardware.
After that we will probably look into the optimizations. As you've already indicated, the FAT look-a-like file system might not be the most efficient way of handling the data.
I would like to close this particular "issue" now, since the work actually is ongoing as we're speaking and related to this I would believe that we should close #323, since those patches is more or less the same kind of code as we can find in the fork you gave us (which is what we're trying to rebase and use)? Right? Please let me know if you're OK with my proposal?
from optee_os.
I will close this issue based on @jbech-linaro previous comment, please feel free to re-open if you have additional comments and questions about this topic.
from optee_os.
Related Issues (20)
- Getting value of stack pointer from PTA HOT 2
- RPMB: reading persistent value crashs fTPM TA HOT 3
- How to find the NSEC_DDR_0_BASE and NSEC_DDR_0_SIZE needed by dynamic memory sharing for a given platform? HOT 2
- failed to find an OP-TEE supplicant device HOT 6
- secure python code by optee HOT 5
- Enabling PSS and DH Algorithms in mbedtls_config_uta.h by Default in Future OP-TEE Versions HOT 2
- Question about Linux/optee compatibility HOT 4
- Ping Watchdog from TA? HOT 2
- "expected readable system register" error in vfp when compiling with Clang 18 HOT 2
- How to adjust TA's MMU L1 table? HOT 2
- Does OPTEE support NPU (Neural Processing Unit)? HOT 4
- [RFC] i2c transactions within OP-TEE HOT 7
- Question about IPI (Inter-Processor Interrupt) in SMP Linux+OP-TEE HOT 3
- optee-ftpm startup problem, the device cannot be mounted under /dev HOT 2
- Question: single key storage for XTS crypto mode HOT 4
- How to build sdp environment base on linux 6.6 HOT 5
- MbedTLS TLS 1.3 PSA dependency HOT 10
- ARM32 bit plaform overflow in tee_entry_get_os_revision() when handling Git SHA1 HOT 4
- Access normal world memory from secure world (ARM-TF) HOT 2
- Reduce optee_os RAM footprint HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from optee_os.