Joakim,
Just my $.02 on this one : isn’t the point of TEEs to reduce the amount of code that they run, so that better trust can be put into it, and a comprehensive code review remains possible.
Adding a full eMMC stack would mean a lot of code and a greater attack surface, wouldn’t it ? I fear that at one point we need to to consider implementing yet another trust level (we’d have to call them HTTs, Highly Trusted TEEs) because the amount of code in TEE has grown beyond control.
One the other hand, given such problem as early security verifications during boot, we currently are left with a mix of ARM Trusted Firmware and proprietary code, which isn’t an ideal situation.
Erwan
From: Tee-dev [mailto:tee-dev-bounces@lists.linaro.org] On Behalf Of Joakim Bech Sent: jeudi 23 novembre 2017 08:32 To: Stuart Yoder Cc: tee-dev Subject: Re: [Tee-dev] eMMC driver in OP-TEE?
Stuart,
On 22 November 2017 at 21:53, Jerome Forissier <jerome.forissier@linaro.orgmailto:jerome.forissier@linaro.org> wrote: Hi Stuart,
Le 22 nov. 2017 9:28 PM, "Stuart Yoder" <stuart.yoder@arm.commailto:stuart.yoder@arm.com> a écrit :
Is doing this a roadmap (or potential roadmap) item for OP-TEE?
I don't think it is at the moment. We're touching it from another angle, since we have started working with Android Verified Boot 2.0, which means that we will need to access RPMB before Linux kernel is up and running to be able to work with the rollback index in AVB2.0. It's still an open question whether we shall try to use the RPMB support in U-Boot or if it will be something done in OP-TEE directly.
Regards, Joakim
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.