tee: add support for session's client UUID generation#5
Open
jforissier wants to merge 2 commits into96boards-poplar:poplar-4.9from
Open
tee: add support for session's client UUID generation#5jforissier wants to merge 2 commits into96boards-poplar:poplar-4.9from
jforissier wants to merge 2 commits into96boards-poplar:poplar-4.9from
Conversation
TEE Client API defines that from user space only information needed for specified login operations is group identifier for group based logins. REE kernel is expected to formulate trustworthy client UUID and pass that to TEE environment. REE kernel is required to verify that provided group identifier for group based logins matches calling processes group memberships. TEE specification only defines that the information passed from REE environment to TEE environment is encoded into on UUID. In order to guarantee trustworthiness of client UUID user space is not allowed to freely pass client UUID. UUIDv5 form is used encode variable amount of information needed for different login types. Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> [jf: cherry-picked and applied to branch poplar-4.9] Signed-off-by: Jerome Forissier <jerome@forissier.org>
Adds support for client UUID generation for OP-TEE. For group based session logins membership is verified. Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
|
Hi @jforissier , I think we can switch to our If you don't have any objections, I'll create PRs then. |
Author
|
Hello @igoropaniuk, That would be great indeed. Thanks for taking care of this. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cherry-picking commits from https://github.com/linaro-swg/linux/commits/optee related to linaro-swg/linux#74.
@igoropaniuk could you please test this?