mirror of
https://github.com/torvalds/linux.git
synced 2024-12-04 01:51:34 +00:00
a2d9214c73
This branch introduces a generic TEE framework in the kernel, to handle trusted environemtns (security coprocessor or software implementations such as OP-TEE/TrustZone). I'm sending it separately from the other arm-soc driver changes to give it a little more visibility, once the subsystem is merged, we will likely keep this in the arm₋soc drivers branch or have the maintainers submit pull requests directly, depending on the patch volume. I have reviewed earlier versions in the past, and have reviewed the latest version in person during Linaro Connect BUD17. Here is my overall assessment of the subsystem: * There is clearly demand for this, both for the generic infrastructure and the specific OP-TEE implementation. * The code has gone through a large number of reviews, and the review comments have all been addressed, but the reviews were not coming up with serious issues any more and nobody volunteered to vouch for the quality. * The user space ioctl interface is sufficient to work with the OP-TEE driver, and it should in principle work with other TEE implementations that follow the GlobalPlatform[1] standards, but it might need to be extended in minor ways depending on specific requirements of future TEE implementations * The main downside of the API to me is how the user space is tied to the TEE implementation in hardware or firmware, but uses a generic way to communicate with it. This seems to be an inherent problem with what it is trying to do, and I could not come up with any better solution than what is implemented here. For a detailed history of the patch series, see https://lkml.org/lkml/2017/3/10/1277 Conflicts: needs a fixup after the drm tree was merged, see https://patchwork.kernel.org/patch/9691679/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUAWRIRzWCrR//JCVInAQLKUhAAiJaBqb4uv5wDWKw8MVV5BbFjq6po/eMK r3lgwyBGoRnrYiXo0z2eYNqpHsmNIGrL21qYMzaBGhVeaOOVPZT4q3zH+Se9Oo+J HHZZ4J6Q9kDIUy9WkM7ybHVj3C0kQIn7H+/6zi2L97tMQJMZHI0jCSgDa6XPqHzh G/vqVx5jlaFj6SvkLR0L0yWTe0wXTHoyObSCWsM/nV8AiTNhMD3kcTEOm0XHcAJB k8ei/Pw2INOFZu1B0xpoRkWoAo6YKMcxQp9kiMkcEhChPIkNK+8+npYJ3fiogsii BVTXC9Km2jmUfQ21Pegd2XbqzNGU1rJSdHGTyK2Oax+0J+C8xElGMs8U9tqXPqun fWkSp0dl7Sk0f9Yhc8JBD1Tsbuo0H+TsMtQ6RNvlxLiNHE/5/bZBCeylvtoUyI+m NcvP0x5QeBmkitz7zhYpjaSv5HjZG3PPO3pfaz0Stmen5ZM8DWB1TaS1Nn9MigHt RGXlafc6dKybQQBLWDwStv7IkqDRYte+7pwmx+QFCRWj8+uFtTCDPLyaDUTwlErL n4ztUL1RWiq48S+yJDJURM4mLpEMnJFFF4tiiHH8eUe2JE+CXwGxkT6BG62W71Oy RosiJ84LmdoHRyHx6xmqpoDcL1WG57IgWt05SRUkQatA/ealGX88gguGEAWsPL0h cnKPYkiYfug= =VzpB -----END PGP SIGNATURE----- Merge tag 'armsoc-tee' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull TEE driver infrastructure and OP-TEE drivers from Arnd Bergmann: "This introduces a generic TEE framework in the kernel, to handle trusted environemtns (security coprocessor or software implementations such as OP-TEE/TrustZone). I'm sending it separately from the other arm-soc driver changes to give it a little more visibility, once the subsystem is merged, we will likely keep this in the arm₋soc drivers branch or have the maintainers submit pull requests directly, depending on the patch volume. I have reviewed earlier versions in the past, and have reviewed the latest version in person during Linaro Connect BUD17. Here is my overall assessment of the subsystem: - There is clearly demand for this, both for the generic infrastructure and the specific OP-TEE implementation. - The code has gone through a large number of reviews, and the review comments have all been addressed, but the reviews were not coming up with serious issues any more and nobody volunteered to vouch for the quality. - The user space ioctl interface is sufficient to work with the OP-TEE driver, and it should in principle work with other TEE implementations that follow the GlobalPlatform[1] standards, but it might need to be extended in minor ways depending on specific requirements of future TEE implementations - The main downside of the API to me is how the user space is tied to the TEE implementation in hardware or firmware, but uses a generic way to communicate with it. This seems to be an inherent problem with what it is trying to do, and I could not come up with any better solution than what is implemented here. For a detailed history of the patch series, see https://lkml.org/lkml/2017/3/10/1277" * tag 'armsoc-tee' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: arm64: dt: hikey: Add optee node Documentation: tee subsystem and op-tee driver tee: add OP-TEE driver tee: generic TEE subsystem dt/bindings: add bindings for optee |
||
|---|---|---|
| .. | ||
| ABI | ||
| accounting | ||
| acpi | ||
| admin-guide | ||
| aoe | ||
| arm | ||
| arm64 | ||
| auxdisplay | ||
| backlight | ||
| blackfin | ||
| block | ||
| blockdev | ||
| bus-devices | ||
| cdrom | ||
| cgroup-v1 | ||
| cma | ||
| connector | ||
| console | ||
| core-api | ||
| cpu-freq | ||
| cpuidle | ||
| cris | ||
| crypto | ||
| dev-tools | ||
| device-mapper | ||
| devicetree | ||
| dmaengine | ||
| doc-guide | ||
| DocBook | ||
| driver-api | ||
| driver-model | ||
| early-userspace | ||
| EDID | ||
| extcon | ||
| fault-injection | ||
| fb | ||
| features | ||
| filesystems | ||
| firmware_class | ||
| fmc | ||
| fpga | ||
| frv | ||
| gpio | ||
| gpu | ||
| hid | ||
| hwmon | ||
| i2c | ||
| ia64 | ||
| ide | ||
| iio | ||
| infiniband | ||
| input | ||
| ioctl | ||
| isdn | ||
| kbuild | ||
| kdump | ||
| laptops | ||
| leds | ||
| lightnvm | ||
| livepatch | ||
| locking | ||
| m68k | ||
| md | ||
| media | ||
| memory-devices | ||
| metag | ||
| mic | ||
| mips | ||
| misc-devices | ||
| mmc | ||
| mn10300 | ||
| mtd | ||
| namespaces | ||
| netlabel | ||
| networking | ||
| nfc | ||
| nios2 | ||
| nvdimm | ||
| nvmem | ||
| parisc | ||
| PCI | ||
| pcmcia | ||
| perf | ||
| phy | ||
| platform | ||
| power | ||
| powerpc | ||
| pps | ||
| prctl | ||
| process | ||
| pti | ||
| ptp | ||
| rapidio | ||
| RCU | ||
| s390 | ||
| scheduler | ||
| scsi | ||
| security | ||
| serial | ||
| sh | ||
| sound | ||
| sparc | ||
| sphinx | ||
| sphinx-static | ||
| spi | ||
| sysctl | ||
| target | ||
| thermal | ||
| timers | ||
| trace | ||
| translations | ||
| usb | ||
| userspace-api | ||
| virtual | ||
| vm | ||
| w1 | ||
| watchdog | ||
| wimax | ||
| x86 | ||
| xtensa | ||
| .gitignore | ||
| 00-INDEX | ||
| bcache.txt | ||
| bt8xxgpio.txt | ||
| btmrvl.txt | ||
| bus-virt-phys-mapping.txt | ||
| cachetlb.txt | ||
| cgroup-v2.txt | ||
| Changes | ||
| circular-buffers.txt | ||
| clk.txt | ||
| CodingStyle | ||
| conf.py | ||
| cpu-load.txt | ||
| cputopology.txt | ||
| crc32.txt | ||
| dcdbas.txt | ||
| debugging-modules.txt | ||
| debugging-via-ohci1394.txt | ||
| dell_rbu.txt | ||
| digsig.txt | ||
| DMA-API-HOWTO.txt | ||
| DMA-API.txt | ||
| DMA-attributes.txt | ||
| DMA-ISA-LPC.txt | ||
| docutils.conf | ||
| dontdiff | ||
| efi-stub.txt | ||
| eisa.txt | ||
| flexible-arrays.txt | ||
| futex-requeue-pi.txt | ||
| gcc-plugins.txt | ||
| highuid.txt | ||
| hw_random.txt | ||
| hwspinlock.txt | ||
| index.rst | ||
| intel_txt.txt | ||
| Intel-IOMMU.txt | ||
| io_ordering.txt | ||
| io-mapping.txt | ||
| iostats.txt | ||
| IPMI.txt | ||
| IRQ-affinity.txt | ||
| IRQ-domain.txt | ||
| IRQ.txt | ||
| irqflags-tracing.txt | ||
| isa.txt | ||
| isapnp.txt | ||
| kernel-doc-nano-HOWTO.txt | ||
| kernel-per-CPU-kthreads.txt | ||
| kobject.txt | ||
| kprobes.txt | ||
| kref.txt | ||
| kselftest.txt | ||
| ldm.txt | ||
| lockup-watchdogs.txt | ||
| logo.gif | ||
| logo.txt | ||
| lzo.txt | ||
| mailbox.txt | ||
| Makefile | ||
| Makefile.sphinx | ||
| memory-barriers.txt | ||
| memory-hotplug.txt | ||
| men-chameleon-bus.txt | ||
| nommu-mmap.txt | ||
| ntb.txt | ||
| numastat.txt | ||
| padata.txt | ||
| parport-lowlevel.txt | ||
| percpu-rw-semaphore.txt | ||
| phy.txt | ||
| pi-futex.txt | ||
| pinctrl.txt | ||
| pnp.txt | ||
| preempt-locking.txt | ||
| printk-formats.txt | ||
| pwm.txt | ||
| rbtree.txt | ||
| remoteproc.txt | ||
| rfkill.txt | ||
| robust-futex-ABI.txt | ||
| robust-futexes.txt | ||
| rpmsg.txt | ||
| rtc.txt | ||
| SAK.txt | ||
| sgi-ioc4.txt | ||
| siphash.txt | ||
| SM501.txt | ||
| smsc_ece1099.txt | ||
| static-keys.txt | ||
| SubmittingPatches | ||
| svga.txt | ||
| switchtec.txt | ||
| sync_file.txt | ||
| tee.txt | ||
| this_cpu_ops.txt | ||
| unaligned-memory-access.txt | ||
| vfio-mediated-device.txt | ||
| vfio.txt | ||
| video-output.txt | ||
| xillybus.txt | ||
| xz.txt | ||
| zorro.txt | ||
