Hi,
We have some use cases to evaluate against Gen TEE interface framework. 1. Does a TEE using the Gen TEE interface, say OPTEE, support sessions between NS world and a kernel service in SEL1?
Hi Thomas,
On Wed, Jul 13, 2016 at 8:05 PM, thomas m zeng tzeng@codeaurora.org wrote:
Hi,
We have some use cases to evaluate against Gen TEE interface framework.
- Does a TEE using the Gen TEE interface, say OPTEE, support sessions
between NS world and a kernel service in SEL1?
Not in the current patch set I'm posting on the kernel mailing lists. But we have an experimental patch in our development branch at https://github.com/linaro-swg/linux/tree/optee. Look for commit "tee: add kernel internal client interface **not for mainline**". What's provided by this patch isn't well tested, so some problems can be expected.
Regards, Jens
Thank you, Jens.
The patch allows Linux kernel drivers to make use of services in TEE, which is useful in its own right, but I'm actually looking for an example of trusted services deployed in OP-TEE EL1... at the high level, I don't see any show-stopper if one tries to deploy a trusted service in OP-TEE EL1, but I always get burned if I do not validate my assumptions. So can you confirm, please, or better yet, point me to an example?
BTW, I keep getting errors from BusyBox when trying to "repo sync"
$ mkdir -p $HOME/devel/optee $ cd $HOME/devel/optee $ repo init -u https://github.com/OP-TEE/manifest.git -m $default.xml $ repo sync
Can someone share the tips to workaround the dysfunctional busybox.net? it has been down for a few days ....
Thanks -thomas
On 07/14/2016 01:11 AM, Jens Wiklander wrote:
Hi Thomas,
On Wed, Jul 13, 2016 at 8:05 PM, thomas m zeng tzeng@codeaurora.org wrote:
Hi,
We have some use cases to evaluate against Gen TEE interface framework.
- Does a TEE using the Gen TEE interface, say OPTEE, support sessions
between NS world and a kernel service in SEL1?
Not in the current patch set I'm posting on the kernel mailing lists. But we have an experimental patch in our development branch at https://github.com/linaro-swg/linux/tree/optee. Look for commit "tee: add kernel internal client interface **not for mainline**". What's provided by this patch isn't well tested, so some problems can be expected.
Regards, Jens
Jens,
Ignore my question about busybox being down: it is working now. That problem went away, for some reason.
Thanks -thomas
On 07/14/2016 09:16 AM, thomas m zeng wrote:
Thank you, Jens.
The patch allows Linux kernel drivers to make use of services in TEE, which is useful in its own right, but I'm actually looking for an example of trusted services deployed in OP-TEE EL1... at the high level, I don't see any show-stopper if one tries to deploy a trusted service in OP-TEE EL1, but I always get burned if I do not validate my assumptions. So can you confirm, please, or better yet, point me to an example?
BTW, I keep getting errors from BusyBox when trying to "repo sync"
$ mkdir -p $HOME/devel/optee $ cd $HOME/devel/optee $ repo init -u https://github.com/OP-TEE/manifest.git -m $default.xml $ repo sync
Can someone share the tips to workaround the dysfunctional busybox.net? it has been down for a few days ....
Thanks -thomas
On 07/14/2016 01:11 AM, Jens Wiklander wrote:
Hi Thomas,
On Wed, Jul 13, 2016 at 8:05 PM, thomas m zeng tzeng@codeaurora.org wrote:
Hi,
We have some use cases to evaluate against Gen TEE interface framework.
- Does a TEE using the Gen TEE interface, say OPTEE, support sessions
between NS world and a kernel service in SEL1?
Not in the current patch set I'm posting on the kernel mailing lists. But we have an experimental patch in our development branch at https://github.com/linaro-swg/linux/tree/optee. Look for commit "tee: add kernel internal client interface **not for mainline**". What's provided by this patch isn't well tested, so some problems can be expected.
Regards, Jens
On Thu, Jul 14, 2016 at 6:16 PM, thomas m zeng tzeng@codeaurora.org wrote:
Thank you, Jens.
The patch allows Linux kernel drivers to make use of services in TEE, which is useful in its own right, but I'm actually looking for an example of trusted services deployed in OP-TEE EL1... at the high level, I don't see any show-stopper if one tries to deploy a trusted service in OP-TEE EL1, but I always get burned if I do not validate my assumptions. So can you confirm, please, or better yet, point me to an example?
Sorry, I misunderstood the question. There's a concrete example in core/arch/arm/sta/sta_self_tests.c. This what we normally call a static TA or pseudo TA.
Regards, Jens
-
Jens Wiklander -
thomas m zeng