Cover Letter Detail
Show a cover letter.
GET /api/covers/961276/?format=api
{ "id": 961276, "url": "http://patchwork.ozlabs.org/api/covers/961276/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/cover/20180823104334.16083-1-jens.wiklander@linaro.org/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20180823104334.16083-1-jens.wiklander@linaro.org>", "list_archive_url": null, "date": "2018-08-23T10:43:19", "name": "[U-Boot,v2,00/15] AVB using OP-TEE", "submitter": { "id": 66201, "url": "http://patchwork.ozlabs.org/api/people/66201/?format=api", "name": "Jens Wiklander", "email": "jens.wiklander@linaro.org" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/cover/20180823104334.16083-1-jens.wiklander@linaro.org/mbox/", "series": [ { "id": 62144, "url": "http://patchwork.ozlabs.org/api/series/62144/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=62144", "date": "2018-08-23T10:43:19", "name": "AVB using OP-TEE", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/62144/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/covers/961276/comments/", "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Authentication-Results": [ "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.denx.de\n\t(client-ip=81.169.180.215; helo=lists.denx.de;\n\tenvelope-from=u-boot-bounces@lists.denx.de;\n\treceiver=<UNKNOWN>)", "ozlabs.org;\n\tdmarc=fail (p=none dis=none) header.from=linaro.org", "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=linaro.org header.i=@linaro.org\n\theader.b=\"fTg5hkl0\"; dkim-atps=neutral" ], "Received": [ "from lists.denx.de (dione.denx.de [81.169.180.215])\n\tby ozlabs.org (Postfix) with ESMTP id 41x1HF23w4z9s3C\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 23 Aug 2018 20:43:53 +1000 (AEST)", "by lists.denx.de (Postfix, from userid 105)\n\tid E14D1C21EB4; Thu, 23 Aug 2018 10:43:48 +0000 (UTC)", "from lists.denx.de (localhost [IPv6:::1])\n\tby lists.denx.de (Postfix) with ESMTP id 0905CC21DCA;\n\tThu, 23 Aug 2018 10:43:44 +0000 (UTC)", "by lists.denx.de (Postfix, from userid 105)\n\tid 6F82BC21DAF; Thu, 23 Aug 2018 10:43:42 +0000 (UTC)", "from mail-lf1-f48.google.com (mail-lf1-f48.google.com\n\t[209.85.167.48])\n\tby lists.denx.de (Postfix) with ESMTPS id 43EB7C21D8A\n\tfor <u-boot@lists.denx.de>; Thu, 23 Aug 2018 10:43:41 +0000 (UTC)", "by mail-lf1-f48.google.com with SMTP id g9-v6so3726019lfh.1\n\tfor <u-boot@lists.denx.de>; Thu, 23 Aug 2018 03:43:41 -0700 (PDT)", "from jax.ideon.se ([85.235.10.227])\n\tby smtp.gmail.com with ESMTPSA id\n\ty5-v6sm679771ljj.75.2018.08.23.03.43.39\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tThu, 23 Aug 2018 03:43:39 -0700 (PDT)" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2,\n\tT_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;\n\th=from:to:cc:subject:date:message-id;\n\tbh=C7oO/dIC3h9PWWHPX8JJeS1PvP3NksDR4ilr0cfbdDU=;\n\tb=fTg5hkl0tGarT9aZKieEiTRC9cMoLpELU5Y+NsIpiyp8lbYpeugE8O7ZuJD5B2jbWH\n\ttUOkw4bCkSON6I4BTWZVg10NF2S3t1RRcaEe2JWeto4XjwUbo28+YUjCQUW5ajO8f044\n\tSD2WylduQaA653klWE9epwJEH82YVPmv9bQ4I=", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id;\n\tbh=C7oO/dIC3h9PWWHPX8JJeS1PvP3NksDR4ilr0cfbdDU=;\n\tb=GRZKHHiEae1Fk4SwwmKYQivp+WCw85ATQ6Z47vps396MxaHJAFc6cxPdw0ltZitB29\n\tNv0p9b88yTcMay+YycaE1H0N+nlvK7svSK83LZnalowcQvpUGAJBhd62irexpxKDq/UY\n\ta3rPrAhFo1IHkFNxeEpVzDzrYp9l17iEGmJgUfWhi6/Im4beb1x1hunnn2wctuBZKkzu\n\tjnyo71V14dan6jugj7gJOwYCQC6N6YUJY02s+cTNDw8wmWnAXS7ZmJb/q61DonV8n/hb\n\twFJb8tUoHgffYizWg9bfvnGOshS6/Ywy7MN7CMmRq24XllLEyS+cszEc3Kt+E4RGNcEC\n\tTveA==", "X-Gm-Message-State": "AOUpUlFAJRXd9Iv2TzqebdWd780hWg/sZQ1os6vFp4721I0+I9L0HbP3\n\tCTliAgDpbv9yX5LaJOwiLEF42q/j6rE=", "X-Google-Smtp-Source": "AA+uWPzCjMZsUs3ZXDL38m3YwKfINw8nzsi6aqu61zjx+smICv6LLS5KGjKrhE6EEnF7lIfT6u1WgQ==", "X-Received": "by 2002:a19:c38b:: with SMTP id\n\tt133-v6mr19957541lff.7.1535021020379; \n\tThu, 23 Aug 2018 03:43:40 -0700 (PDT)", "From": "Jens Wiklander <jens.wiklander@linaro.org>", "To": "u-boot@lists.denx.de", "Date": "Thu, 23 Aug 2018 12:43:19 +0200", "Message-Id": "<20180823104334.16083-1-jens.wiklander@linaro.org>", "X-Mailer": "git-send-email 2.17.1", "Cc": "Tom Rini <trini@konsulko.com>, Pierre Aubert <p.aubert@staubli.com>", "Subject": "[U-Boot] [PATCH v2 00/15] AVB using OP-TEE", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.18", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n\t<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<http://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n\t<mailto:u-boot-request@lists.denx.de?subject=subscribe>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"utf-8\"", "Content-Transfer-Encoding": "base64", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>" }, "content": "Hi,\n\nThis adds support for storing AVB rollback indexes in the RPMB partition.\nThe RPMB partition (content and key) is managed by OP-TEE\n(https://www.op-tee.org/) which is a secure OS leveraging ARM TrustZone.\n\nThe Linux kernel can already support OP-TEE with reading and updating\nrollback indexes in the RPMB partition, the catch is that this is needed\nbefore the kernel has booted.\n\nThe design here is the same as what is in the Linux kernel, with the\nexception that the user space daemon tee-supplicant is integrated in the\nOP-TEE driver here (drivers/tee/optee/supplicant.c) instead. A new uclass\n(UCLASS_TEE) is introduced to provide an abstraction for interfacing with a\nTrusted Execution Environment (TEE). There's also the OP-TEE driver using\nUCLASS_TEE for registration.\n\nA Trusted Application (TA) interface is added to be used by the AVB verify\nfunctions which are updated accordingly. The TA is managed by OP-TEE and is\nexecuted in a secure TrustZone protected environment.\n\nThe header files drivers/tee/optee/optee_{msg,msg_supplicant,smc}.h and\ninclude/tee/optee_ta_avb.h are copied from\nhttps://github.com/OP-TEE/optee_os/tree/master more or less unmodified.\nThey may need to be updated from time to time in order to support new\nfeatures.\n\nIn MMC there's a new function, mmc_rpmb_route_frames(), which as the name\nsuggests is used to route RPMB frames to/from the MMC. This saves OP-TEE\nfrom implementing an MMC driver which would need to share resources with\nits counterpart here in U-boot.\n\nThis was tested on a Hikey (Kirin 620) board.\n\nI've added myself as maintainer of the TEE stuff.\n\nv2:\n* Added sandbox driver and a test in test/dm for the new TEE uclass:\n Commit (\"test: tee: test TEE uclass\") and the enabling commits\n (\"sandbox: dt: add sandbox_tee node\") and\n (\"configs: sandbox: enable CONFIG_TEE (TEE uclass)\")\n* Added descriptions of exported structs and functions\n* Added documentation for the TEE uclass and the OP-TEE driver with\n the new commit (\"Documentation: tee uclass and op-tee driver\")\n* Added documentation for the changes in avb_verify\n* Addressed review comments from Simon Glass\n* Added the commit (\"cmd: avb: print error message if command fails\")\n* Made a few functions static in the OP-TEE driver\n* Commit (\"cmd: avb read_rb: print rb_idx in hexadecimal\") and\n (\"tee: optee: support AVB trusted application\");\n Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>\n\nThanks,\nJens\n\nJens Wiklander (15):\n dm: fdt: scan for devices under /firmware too\n cmd: avb read_rb: print rb_idx in hexadecimal\n cmd: avb: print error message if command fails\n mmc: rpmb: add mmc_rpmb_route_frames()\n Add UCLASS_TEE for Trusted Execution Environment\n dt/bindings: add bindings for optee\n tee: add OP-TEE driver\n Documentation: tee uclass and op-tee driver\n test: tee: test TEE uclass\n sandbox: dt: add sandbox_tee node\n configs: sandbox: enable CONFIG_TEE (TEE uclass)\n arm: dt: hikey: Add optee node\n optee: support routing of rpmb data frames to mmc\n tee: optee: support AVB trusted application\n avb_verify: support using OP-TEE TA AVB\n\n MAINTAINERS | 7 +\n arch/arm/dts/hi6220-hikey.dts | 7 +\n arch/sandbox/dts/sandbox.dts | 4 +\n arch/sandbox/dts/sandbox64.dts | 4 +\n arch/sandbox/dts/test.dts | 4 +\n cmd/avb.c | 19 +-\n common/avb_verify.c | 132 +++-\n configs/sandbox64_defconfig | 1 +\n configs/sandbox_defconfig | 1 +\n configs/sandbox_flattree_defconfig | 1 +\n configs/sandbox_noblk_defconfig | 1 +\n configs/sandbox_spl_defconfig | 1 +\n doc/README.avb2 | 13 +\n doc/README.tee | 112 ++++\n .../firmware/linaro,optee-tz.txt | 31 +\n drivers/Kconfig | 2 +\n drivers/Makefile | 1 +\n drivers/core/root.c | 15 +-\n drivers/mmc/rpmb.c | 160 +++++\n drivers/tee/Kconfig | 17 +\n drivers/tee/Makefile | 4 +\n drivers/tee/optee/Kconfig | 23 +\n drivers/tee/optee/Makefile | 5 +\n drivers/tee/optee/core.c | 622 ++++++++++++++++++\n drivers/tee/optee/optee_msg.h | 423 ++++++++++++\n drivers/tee/optee/optee_msg_supplicant.h | 234 +++++++\n drivers/tee/optee/optee_private.h | 41 ++\n drivers/tee/optee/optee_smc.h | 444 +++++++++++++\n drivers/tee/optee/rpmb.c | 184 ++++++\n drivers/tee/optee/supplicant.c | 92 +++\n drivers/tee/tee-uclass.c | 192 ++++++\n include/avb_verify.h | 4 +\n include/dm/uclass-id.h | 1 +\n include/mmc.h | 2 +\n include/tee.h | 297 +++++++++\n include/tee/optee_ta_avb.h | 48 ++\n test/dm/Makefile | 1 +\n test/dm/tee.c | 182 +++++\n 38 files changed, 3325 insertions(+), 7 deletions(-)\n create mode 100644 doc/README.tee\n create mode 100644 doc/device-tree-bindings/firmware/linaro,optee-tz.txt\n create mode 100644 drivers/tee/Kconfig\n create mode 100644 drivers/tee/Makefile\n create mode 100644 drivers/tee/optee/Kconfig\n create mode 100644 drivers/tee/optee/Makefile\n create mode 100644 drivers/tee/optee/core.c\n create mode 100644 drivers/tee/optee/optee_msg.h\n create mode 100644 drivers/tee/optee/optee_msg_supplicant.h\n create mode 100644 drivers/tee/optee/optee_private.h\n create mode 100644 drivers/tee/optee/optee_smc.h\n create mode 100644 drivers/tee/optee/rpmb.c\n create mode 100644 drivers/tee/optee/supplicant.c\n create mode 100644 drivers/tee/tee-uclass.c\n create mode 100644 include/tee.h\n create mode 100644 include/tee/optee_ta_avb.h\n create mode 100644 test/dm/tee.c" }