From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7247222195536003072 X-Received: by 2002:a05:600c:ad9:b0:3f9:bb1a:9ca1 with SMTP id c25-20020a05600c0ad900b003f9bb1a9ca1mr3790420wmr.29.1687413697592; Wed, 21 Jun 2023 23:01:37 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:600c:1da3:b0:3f6:77a:31b0 with SMTP id p35-20020a05600c1da300b003f6077a31b0ls183403wms.1.-pod-prod-05-eu; Wed, 21 Jun 2023 23:01:36 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5ACUZZnMNi430KSUVRCIb77bO+6gQ8NaZ4l+bislEuiJiJwg4ir72cZEWsnofhwuhUnELa X-Received: by 2002:a5d:44c7:0:b0:311:1b35:12fa with SMTP id z7-20020a5d44c7000000b003111b3512famr13087380wrr.0.1687413695969; Wed, 21 Jun 2023 23:01:35 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1687413695; cv=pass; d=google.com; s=arc-20160816; b=b2eO7w3B2CMK0/HOs7o1P4n6wlE+bI1a3HosKWbJWyeAMLblwafXpndcoKBeyEohFq X9rxcQiG66OtRUR+uHPAynsqrskcjLhT5xUI4p2+lcC1KFbeVakQq7vu+09htJ0Q8HIo nDGtP9CeJ11RqDxEjpShxlij8BfnQ6Y/GjumgCyMf7gdMi3JrCleFfyq9qzy8IWPQuRc wugHelAPQFEH4Ahe4oI3OkjXNKABXsK1+FmTDM0pKLB4h/KE3R5SBUGm03Sv4aa3B1Dj TozHuvsZnlw0bAmB//dcpmZU4AFohnU1rRoO5l/jUgGxjJwWgkr9hfar34i3bTl6X2et RH6g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:in-reply-to:from:references :cc:to:content-language:subject:user-agent:date:message-id :dkim-signature; bh=mqCOQvf1CkX+mHFscbqhMbZEd6uFblkQt7JjXnH/H1o=; b=VP0qGnd4TDO2B0FZkYdcAXuMDWziAXAWqPP79iXxXBXyN1dNtzIJC3Kl7y4z6cSr6u 3PARTTEo5LgeY2Rv+UMiHtZi+zyL1/SVMvi12uYk5Wp9IKdyn7SPFIvCJSTzRf0u8ahV cPqpuPXa0eJkH46eQ+L3nCWDaqvRQBQCY3im2+obefnW6CULdbAz6OLRDxAYHBn+5GxU vGy5CqqicGFyYb3xXeLgL536KPCB9UO85IUnvbWUC3i9gvIrhKUyU6nQAwTYo0rG0W4/ iCgHZSMr98CzdSzCLzk+9DGeLYSEKJsRqfJdwWesaJ7yLhziP01Gar97o6U7n6TYLQwI g1kg== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=emBXELXp; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7eaf::602 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Return-Path: Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on20602.outbound.protection.outlook.com. [2a01:111:f400:7eaf::602]) by gmr-mx.google.com with ESMTPS id bx23-20020a5d5b17000000b0030fc1bc8a69si369791wrb.3.2023.06.21.23.01.35 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Jun 2023 23:01:35 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7eaf::602 as permitted sender) client-ip=2a01:111:f400:7eaf::602; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=emBXELXp; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f400:7eaf::602 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bE1xLeYs/cPetC0fyOYl3I+ZOqdB13motBIXtDyfkHVrk0sQ1wSnWrNFL7x1d0/zjCFOvb8ZPPQzjf464I01g7ZHnC48PklQ+JY4wyJL4iEqa95t6Aev5pvsDGvmlM9KX3+5Z+YuF4D3r3BFcjAYmI1uS2f8mmvExmxu877Yg7/CABBlp9E2RvlupDxfL4ZHFtDfdROHyJxTnSwcRkmmdcDSKTJevM73yFRuOu0ohzvXBf4nYwSUWRP/wOllkfGbH9Ca6f5AICDVN2j7t64ySc4gyZPzzQF66krojULNy3rPTuqFWlabicZdwUzVGOUhfKTh9nKv5kmu/jGOt0gORA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mqCOQvf1CkX+mHFscbqhMbZEd6uFblkQt7JjXnH/H1o=; b=lvHK5pHHPSdX+67GRpIhoS7A3wmM1fvB+QNz/paSnxEVVZtQZ3ElpoXPTDgh+a494n19UaxtTBSOqO7VGuARhVXN80vBpcigKPdn06mvuQL9+1Jgv1JcAO0CMd1Xu8PdNlN24qUOPcagInKUQPvSH+5epCHdqRbNj6FeOnKaTl/KZVXPtDMK4DAIdriEfDxx9KvYt1QtnEbdRpIHpMveSVE6t3+3m1QgFSiaEEmbItNtw9rXLhXZ8lTjPhgHYbUE8ICfTt1sksfj4iB3bP+NlJaVTULOOG41JA2kqqpuVAgnRzN4Mnc5iIhMl3dYkXtGMVZwqrAEnJzIwpw67yg2Rg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mqCOQvf1CkX+mHFscbqhMbZEd6uFblkQt7JjXnH/H1o=; b=emBXELXpqIDlAY6arJ2bT4VuGNsvX2ShTd4w8fx7mjD4htwTpDAH4uNQh/QXdvyIdEvEe/45JMEL6hbVlNO2lNoU/zC2qHstukGZiPaUseVk5UsKkYwIhV1D5WrDqTW54luaNjJ5YcWgd+nsN8ZukSNC0Kg/AHBnrZrByrlW9q1uuVdO4MqS50Wtp4RP+3qYcl1uinrm20OP+5M9xJrS7TVQTlqy83vWOALlu81cG+9X/7OmapIWH93Bednl9GZ8u5sI4SRXCHw8+pq4mIGO57U8SxqZ0bzRPxDyzqI86ozlf1mpAUSwLb/sZpZwn76J6JroghGM1cJnCyk5w7Si2g== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by DU0PR10MB6533.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:406::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Thu, 22 Jun 2023 06:01:34 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::53c2:174a:8b13:ce94]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::53c2:174a:8b13:ce94%3]) with mapi id 15.20.6521.024; Thu, 22 Jun 2023 06:01:34 +0000 Message-ID: <9f2f2ec7-b4fb-b7d2-6209-fbe98b4a313c@siemens.com> Date: Thu, 22 Jun 2023 08:01:31 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v2 0/7] Add optee family and friends Content-Language: en-US To: baocheng_su@163.com, isar-users@googlegroups.com, felix.moessbauer@siemens.com Cc: christian.storm@siemens.com, quirin.gylstorff@siemens.com, baocheng.su@siemens.com References: <20230621192217.2045717-1-baocheng_su@163.com> From: Jan Kiszka In-Reply-To: <20230621192217.2045717-1-baocheng_su@163.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: FR2P281CA0145.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:98::17) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) Return-Path: jan.kiszka@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|DU0PR10MB6533:EE_ X-MS-Office365-Filtering-Correlation-Id: 6a454270-9239-4a6c-eedc-08db72e62224 X-LD-Processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 20XqlyYT1zXMD8MlxN+fyJd3BxCY4Xl2XaNHVk0UpYQ6hdmEJWGdpCP0RJ3372+MCapAlobFVzebL6mDiWRYY2q/690IFkDGdJ9tZ64BkJjyGh3ywhbR278UUhi6yUsBO2HQZvkYldmmnIGa5Mzx04RQ0sJ6wUc3xbDhsSlE5oiyHSQcEZa4nUpR9pTHCMF9PUv34lig1Ym6V+4zrV8MA4tC/mkGyBeytO0GlOtvnau9+f/WLlOTbXWJVJwcj4/JPEtqzYld+/0lK09HRkvUUuX8hn897JbCo/QVY7K5HCPPYy1MnzWEIGf4FTrx0U1wxz26RQbYytN1IVlVYT6f8lV0KRXBJxAi6Siu6/nZdPePY9WD/Df/k1KmkReLVVR+whYdIW+6G90+s3rT5p7kMa2e030cdpgLxDHC/Jze5EPgtqYNTn6SBC7fATxY6faNqZx6D9SPqjf2Yy528Yfv6PFaqHb1uRyERcN5HPBGjU4/aWMkWhYiXv0183bK5rsA+60b5W+hoEZVxDU9GsepYwJCQW/Eg+kalwNrTSuOetzK3CnvfdwwEutqFERWZlfzcZvIKU1PrWuJr8YiuLxsAh55lljgnxDpe6qcZbqeOkZtpW4GWhuQ6dXv34l+Hb3SsXDX5sEzJZpNufEOcCgjRQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230028)(4636009)(136003)(366004)(396003)(39860400002)(346002)(376002)(451199021)(82960400001)(38100700002)(31696002)(86362001)(316002)(2616005)(66556008)(66476007)(8676002)(41300700001)(8936002)(4326008)(6636002)(66946007)(31686004)(44832011)(5660300002)(83380400001)(53546011)(6506007)(6486002)(6666004)(478600001)(107886003)(966005)(26005)(6512007)(186003)(36756003)(2906002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?aUxBbFFQMi94ZklpdDdiOVFCQklzaUVwM1Zob1FsNTBtMDYyNVEwUmw1Tytx?= =?utf-8?B?VzFyWlZkT3IzUWFYVlRsaXhZL1FRQXdUT0ZmTURLOVN3c3JsOXlzNzdsMXRZ?= =?utf-8?B?bUpzTlVoVDE1UU9uZnhPeVBKL3M5bTNnMnMwcGNiV1ZOdDlTekJRbndHNGJ6?= =?utf-8?B?UVpsaHQ1WTlXbFJOOVJNeGxlYkp0MW5YWnpZWnRNSEg5WUVhUTFJZ04xTkhB?= =?utf-8?B?VjhMeEVpcU12dWtvZEpPRmE1SmwxWkViL0drRzNxU250QmE0bWtna0hDMGpO?= =?utf-8?B?YTdaSk41cUd2blhTaFUzOFJmaHpKR0sxN05PVVJFQU9POExUMGJKS2xLZFVx?= =?utf-8?B?dUxQNWR4bjYyM2ZtNzdnK0FIUGNnN3l1akQ5TUlEamtvNGxEcEpFaC9HMkZ1?= =?utf-8?B?UHBFTjNDaXpMRVRHRE55Y2RZdnROUE5COEFGcnZheU8wUm1DRGFHaGEvdjY3?= =?utf-8?B?dndNVWppcDN4OVR6Yno0bzl2bFYzZXFtai9vZGJBcE9rWUI1cDdmNGNBOURr?= =?utf-8?B?eDJYdDQvYTVPY0hqQUVEMHV1Y2Nxdi9yRzJ1SkNLbndTa3B4Mi92ZWlrUGUx?= =?utf-8?B?Y2EzR1VEbnBhdXo5cVJuZG5NRVN0UmhQcTdMa0d0TmJGdDFCbHJ3K3Y5Tlgv?= =?utf-8?B?a0tFOC8vUm9rMVNTV1ZQU0llMVNvV0lJM0VETXp2aXk5ckZ5czl0V1krU2xp?= =?utf-8?B?bVJhNWZ0Ymg1bXV1QVBuUEtMQks5N2NrdlRNajMyWmRkTzZIb3BEeTFXc3E5?= =?utf-8?B?WDhEenNWelhrblJ0Tmdsc0Nnelh3TlZTTFlpV2NpYjY3dkJMcWVQYjY1N2Zz?= =?utf-8?B?RnQwUUpPeGlPM0J1bXN5c1kva2wzdUhwbUVyK1poRjViU28vTThnMi9RMkZp?= =?utf-8?B?QWg5TUZQTHFBWHhsTGFqcUNHaTExdWxsYnpTUTh0azhPZVpXQmZ6bFZiZlN1?= =?utf-8?B?Q3JYZDRJOGNxTTJEZ0hxNkI5OU9LY0pydWgyZUd4YXVoODFNa1AyV0d4dEpu?= =?utf-8?B?TjM3ckpONkJwbkJ4NkN6aitKelA4eU41K284RHpPN2NLV1ppemtJK0pmYUZz?= =?utf-8?B?SnY3RE9IRW05dWd4QTY5VEZyaTdIRXJRNEdjVTIwQjM1b2dFck5DejJ3eEZE?= =?utf-8?B?V2dCb1pOZ2EzTHJDcWlKV3lyN3IzQzNhY05VaC9WV2ZyUjlxcER2ejBFR0N3?= =?utf-8?B?dnFxZEF2ZVRmbkZzQ3JEUFVzNkZIaXRGRWo5WGhRS2h4dFVtaUFEeGd0QmxK?= =?utf-8?B?QzlCZ3ZHRnA3R2VxRUEzK1ZxTzdhTHNoSWJzcjM4WllxZ29kRFdsMUozc2x6?= =?utf-8?B?SFhZa3B6MFBwdVpUcWRGa3BOK0V2ZTBCNU5hc2V2VHkwNjJySzNyTnB1RmFR?= =?utf-8?B?TnUycm8rcml2ODY0ZmtaZVEvOHZrWGhmdEwzQU1MSXVPSzEvVFhlM1NHU1RJ?= =?utf-8?B?OFBNLzRNSHpoV3V2YVhrVE1pVUNuc0NvcllObDlVQ0I5WDFHS1gxODByeW5D?= =?utf-8?B?VnZBL01KUW02ZXpPRkZhbTdzWVdQTzl5eHZmMkxRSzltdnJ0Yy9JS013bUdM?= =?utf-8?B?NDRvdUI3RG9EZ1FBZFdnRDM5eTd5aE1BU0RUTmFEUVpYRTRzK3dBNDZIUlR0?= =?utf-8?B?ZDlmcTE3dWRUZXJMMkpRU1FuUEJkZkI1SVRTTDFwOXg4YmI5RG9WSTF0c1h5?= =?utf-8?B?YTd5K2JaOWRKRXVmbG1GRHNTMUI4SXVxUVd0NDJHdHBZUlVmT2tmY0ladnBm?= =?utf-8?B?ZGFyRmpOZENuOThXajJVdjBEbXV2clBqLzh4bFlZRUp2SnFoenVCQ2hwNFE4?= =?utf-8?B?U1FreWtvd2t4ekRtSC9meXAyNUJKWkh3RjZUaTZMT2gwVUVnQlhDTWVqamY5?= =?utf-8?B?YUpsclFwYUtLQkMzRjNVdmxXRHZ6RHVmUTFyUlcyOWFTb0FyNDZMc3ZxMGM0?= =?utf-8?B?TExDZGFFTTl4cForKytGeks0ZnhCakpTUjlYZW9Zd0l4OW9HNElTdUJoTmtM?= =?utf-8?B?dDlFbjVvZkhlSy9HOVhrcnhNTXRQUmt6TXhHclZTcGVkMEIwMkpFcTFLS0sr?= =?utf-8?B?QmkxMnhNeElBbDdkU1gvSDVBOG9ZNTNxT2VmeXh3bkpId2ZGQWpVMEY1NkY0?= =?utf-8?B?RVMyQ0creWxpSFBSLzZxN1A4a2Q5WjJZdlg1WUF5QVdwOUhRVHdaK091UkF4?= =?utf-8?B?Vnc9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6a454270-9239-4a6c-eedc-08db72e62224 X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jun 2023 06:01:34.4968 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Y5L0xCb9arcASx1FIYe4Nm6nWgKhM96Yr++Z5avuKW0KUXLKw7zogv0EwHXbZj1eLP33s2QJez3rOuaF7OlEew== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB6533 X-TUID: AVaWsVO04cj3 On 21.06.23 21:22, baocheng_su@163.com wrote: > From: Baocheng Su > > This brings below optee family members: > optee-ta-devkit, optee-client, optee-examples > and a fTPM running in optee-os, plus some initramfs hooks for tee-supplicant and > the optee-ftpm. > > The optee-ta-devkit is used to provide a sdk for building trusted application of > optee. > > The optee-client provides the libteec1, the optee-client-dev, and the > tee-supplicant daemon. > > The optee-examples provides both the optee TAs and host applications for > demostrating how to use optee-ta-devkit and optee-client-dev. > > The initramfs hooks for tee-supplicant and optee-ftpm is used to support > initramfs stage applications that needs the optee-ftpm or other TAs, such as the > disk encryption based on TPM. An example is the LUKS2 implementation in > isar-cip-core. > > Also bump the stm32mp15x optee-os version to 3.21.0 to ease the integration. > > Since these bits are the common foundation for applications based on ARM > trustzone, isar should be the best place to hold them. > > The idea is partly inspired by the ARM trusted substrace. substract :) Looks generally good to me now. Maybe we could even move over [1] later on by using the RPMB or RPMB emulation of the stm32mp15x board. > > This integration use stm32mp15x as the demo platform. However, I might need some > help to verify on the real hardware, since I don't have one :) We will try to organize this here, maybe even later today. Thanks, Jan [1] https://gitlab.com/cip-project/cip-core/isar-cip-core/-/tree/master/recipes-bsp/edk2 -- Siemens AG, Technology Competence Center Embedded Linux