From: Javier González javier@javigon.com
Hi,
Here's the proposal I described the other day. The goal is to provide support for kernel submodules. I encountered some challenges that I would like to discuss with you:
- Command and parameters: In the patchset Jens sent, all ommunication with the TEE is opaque. This is good for user space but not for kernel submodules. I propose adding a tee_cmd and tee_parameters. The value is opaque and can be flourished by the TEE if necessary.
- Command list: If we want kernel submodules to use the TEE as they use TPM we need a list of commands that all (most) TEEs would support. We need to have this discussion and maybe bring more parties to it. Probably Global Platform's use cases are a good place to start.
- Session: I miss the concept of a session. The responsability is very similar to tee_filp. I would suggest to change the name to tee_session. I believe that it makes it more clear.
- Position: I like sec-hw :) But we need to bring at least another piece of secure hardware to this location in order to motivate a new submodule. TPM is the most obvious. We would then need to move all into /drivers/sec-hw/?? I assume your do not like trustzone since it is very specific for some of you - is tee good? I did not want to send a patch without discussing the naming first.
Finally, regarding the process: is sending patches, discussing, and then applying to github a process you all fell comfortable with? Suggestions are welcome.
Best, Javier
Javier González (1): tee: add tee operations for kernel submodules
drivers/sec-hw/tee.c | 175 +++++++++++++++++++++++++++++++++++++++-- drivers/sec-hw/tee_private.h | 14 ++++ include/linux/sec-hw/tee.h | 98 ++++++++++++++++++++++- include/linux/sec-hw/tee_drv.h | 11 --- 4 files changed, 279 insertions(+), 19 deletions(-)