On Wed, Jul 31, 2019 at 5:23 PM Sumit Garg sumit.garg@linaro.org wrote:
I guess my wording was wrong, tried to say that physical TEEs in the wild vary massively hardware wise. Generalizing these things is rough.
There are already well defined GlobalPlatform Standards to generalize the TEE interface. One of them is GlobalPlatform TEE Client API [1] which provides the basis for this TEE interface.
I'm aware of it - I have implemented a large part of the GP TEE APIs earlier (primarily the crypto functions). Does the TEE you work with actually support GP properly? Can I take a look at the code?
Normally the TEE implementations are well-guarded secrets and the state of the implementation is quite random. In many cases keeping things secret is fine from my point of view, given that it is a RoT after all. The secrecy is the core business here. So, this is why I opted the userspace 'secret' route - no secrets in the kernel, but it's fine for the userspace. Umh was a logical fit to implement it.
-- Janne