Cover Letter Detail

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 965473,
    "url": "http://patchwork.ozlabs.org/api/covers/965473/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/uboot/cover/20180903144711.31585-1-jens.wiklander@linaro.org/",
    "project": {
        "id": 18,
        "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api",
        "name": "U-Boot",
        "link_name": "uboot",
        "list_id": "u-boot.lists.denx.de",
        "list_email": "u-boot@lists.denx.de",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20180903144711.31585-1-jens.wiklander@linaro.org>",
    "list_archive_url": null,
    "date": "2018-09-03T14:46:51",
    "name": "[U-Boot,v3,00/20] AVB using OP-TEE",
    "submitter": {
        "id": 66201,
        "url": "http://patchwork.ozlabs.org/api/people/66201/?format=api",
        "name": "Jens Wiklander",
        "email": "jens.wiklander@linaro.org"
    },
    "mbox": "http://patchwork.ozlabs.org/project/uboot/cover/20180903144711.31585-1-jens.wiklander@linaro.org/mbox/",
    "series": [
        {
            "id": 63875,
            "url": "http://patchwork.ozlabs.org/api/series/63875/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=63875",
            "date": "2018-09-03T14:46:51",
            "name": "AVB using OP-TEE",
            "version": 3,
            "mbox": "http://patchwork.ozlabs.org/series/63875/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/covers/965473/comments/",
    "headers": {
        "Return-Path": "<u-boot-bounces@lists.denx.de>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org",
        "Authentication-Results": [
            "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.denx.de\n\t(client-ip=81.169.180.215; helo=lists.denx.de;\n\tenvelope-from=u-boot-bounces@lists.denx.de;\n\treceiver=<UNKNOWN>)",
            "ozlabs.org;\n\tdmarc=fail (p=none dis=none) header.from=linaro.org",
            "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=linaro.org header.i=@linaro.org\n\theader.b=\"Joqw+UMV\"; dkim-atps=neutral"
        ],
        "Received": [
            "from lists.denx.de (dione.denx.de [81.169.180.215])\n\tby ozlabs.org (Postfix) with ESMTP id 423t9R6sRzz9s4Z\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue,  4 Sep 2018 00:47:35 +1000 (AEST)",
            "by lists.denx.de (Postfix, from userid 105)\n\tid 508ABC21E7E; Mon,  3 Sep 2018 14:47:27 +0000 (UTC)",
            "from lists.denx.de (localhost [IPv6:::1])\n\tby lists.denx.de (Postfix) with ESMTP id BA961C21E0B;\n\tMon,  3 Sep 2018 14:47:22 +0000 (UTC)",
            "by lists.denx.de (Postfix, from userid 105)\n\tid EFAD3C21E02; Mon,  3 Sep 2018 14:47:20 +0000 (UTC)",
            "from mail-lf1-f67.google.com (mail-lf1-f67.google.com\n\t[209.85.167.67])\n\tby lists.denx.de (Postfix) with ESMTPS id CBA2EC21DF9\n\tfor <u-boot@lists.denx.de>; Mon,  3 Sep 2018 14:47:19 +0000 (UTC)",
            "by mail-lf1-f67.google.com with SMTP id c29-v6so672213lfj.1\n\tfor <u-boot@lists.denx.de>; Mon, 03 Sep 2018 07:47:19 -0700 (PDT)",
            "from jax.ideon.se ([85.235.10.227])\n\tby smtp.gmail.com with ESMTPSA id\n\tw18-v6sm3343431ljd.73.2018.09.03.07.47.17\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tMon, 03 Sep 2018 07:47:17 -0700 (PDT)"
        ],
        "X-Spam-Checker-Version": "SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de",
        "X-Spam-Level": "",
        "X-Spam-Status": "No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2,\n\tT_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;\n\th=from:to:cc:subject:date:message-id;\n\tbh=zmT6ypNCxudNJJZ7QCpn5ELo2KSG1RmN39e6M7zrjLY=;\n\tb=Joqw+UMVNNwrtXvOQH88W82B35Nco8ShBCEfGhLheKcMC7i8pJsJM4MUbdM+72JaYL\n\tqbFjhU227GUSQgdmR1aohs+jFkXTR6f/PaDTceMceOPccq0Y2/5kvdn58755eP52cRLq\n\t4aXC8QbRJtpr3qf27DWbsrefK2EZLYkykMvQw=",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id;\n\tbh=zmT6ypNCxudNJJZ7QCpn5ELo2KSG1RmN39e6M7zrjLY=;\n\tb=fowPxKEPbDC0DmPEP8mxMFdaBnGuAlaAfQC6I/jhKSHfd+GkEk4ErkYXnlXCtsLcYJ\n\tc8gDQ0KmqFSe+OSjkhzoJK6UgQ1UFHNpK8JUewOFvyrOI92Wg/OjyQw7J8vbahIfZT2J\n\tZq8ca7DssphVQ3Rgda4NilV1SsuBhZ0PpXZfJ+XRihuHGVkFtCaqyy5zMqALPtDcfl7M\n\tPxCoIDm9NoyGQLRYfH6fbqoRlbpEnVoCoCMZI2SA9nlQhzx5y/2Kj4Hr9fKVlZMBkpCn\n\tZYwj2QZ4V7D5s1/GyQkuAYf4QVHIqYAHqJv42RVRiAv/44uQxDG8z8iRe2YdMbJQsUNR\n\tzAmg==",
        "X-Gm-Message-State": "APzg51Ac7J3mGnULLvXDO5eUPQgk6cEJltB8K+FFd1jm58LqeiycsofR\n\tNXJe4S+2pLkSy3tyb8Baqcy6u9sHcgY=",
        "X-Google-Smtp-Source": "ANB0VdaPYMbPq/7+Hj35C2lLPnkBCJHB4TgTEHmhcmFRoj0H1g4A6Z/LVLLp781Rip0IFsMRa5kEsA==",
        "X-Received": "by 2002:a19:8f8c:: with SMTP id\n\ts12-v6mr18372251lfk.83.1535986038773; \n\tMon, 03 Sep 2018 07:47:18 -0700 (PDT)",
        "From": "Jens Wiklander <jens.wiklander@linaro.org>",
        "To": "u-boot@lists.denx.de",
        "Date": "Mon,  3 Sep 2018 16:46:51 +0200",
        "Message-Id": "<20180903144711.31585-1-jens.wiklander@linaro.org>",
        "X-Mailer": "git-send-email 2.17.1",
        "Cc": "Tom Rini <trini@konsulko.com>, Pierre Aubert <p.aubert@staubli.com>",
        "Subject": "[U-Boot] [PATCH v3 00/20] AVB using OP-TEE",
        "X-BeenThere": "u-boot@lists.denx.de",
        "X-Mailman-Version": "2.1.18",
        "Precedence": "list",
        "List-Id": "U-Boot discussion <u-boot.lists.denx.de>",
        "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n\t<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>",
        "List-Archive": "<http://lists.denx.de/pipermail/u-boot/>",
        "List-Post": "<mailto:u-boot@lists.denx.de>",
        "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>",
        "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n\t<mailto:u-boot-request@lists.denx.de?subject=subscribe>",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=\"utf-8\"",
        "Content-Transfer-Encoding": "base64",
        "Errors-To": "u-boot-bounces@lists.denx.de",
        "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>"
    },
    "content": "Hi,\n\nThis adds support for storing AVB rollback indexes in the RPMB partition.\nThe RPMB partition (content and key) is managed by OP-TEE\n(https://www.op-tee.org/) which is a secure OS leveraging ARM TrustZone.\n\nThe Linux kernel can already support OP-TEE with reading and updating\nrollback indexes in the RPMB partition, the catch is that this is needed\nbefore the kernel has booted.\n\nThe design here is the same as what is in the Linux kernel, with the\nexception that the user space daemon tee-supplicant is integrated in the\nOP-TEE driver here (drivers/tee/optee/supplicant.c) instead. A new uclass\n(UCLASS_TEE) is introduced to provide an abstraction for interfacing with a\nTrusted Execution Environment (TEE). There's also the OP-TEE driver using\nUCLASS_TEE for registration.\n\nA Trusted Application (TA) interface is added to be used by the AVB verify\nfunctions which are updated accordingly. The TA is managed by OP-TEE and is\nexecuted in a secure TrustZone protected environment.\n\nThe header files drivers/tee/optee/optee_{msg,msg_supplicant,smc}.h and\ninclude/tee/optee_ta_avb.h are copied from\nhttps://github.com/OP-TEE/optee_os/tree/master more or less unmodified.\nThey may need to be updated from time to time in order to support new\nfeatures.\n\nIn MMC there's a new function, mmc_rpmb_route_frames(), which as the name\nsuggests is used to route RPMB frames to/from the MMC. This saves OP-TEE\nfrom implementing an MMC driver which would need to share resources with\nits counterpart here in U-Boot.\n\nThis was tested on a Hikey (Kirin 620) board.\n\nI've added myself as maintainer of the TEE stuff.\n\nchanges in v3:\n* Addressed review comments from Simon Glass\n* A few new patches\n  - \"avb_verify: bugfix avb_ops_free() skipping free\"\n  - \"tee: add sandbox driver\"\n  - \"test_avb: Update pymark.buildconfigspec information for the AVB tests\"\n  - \"avb_verify: support sandbox configuration\"\n  - \"Kconfig: sandbox: enable cmd_avb and dependencies\"\n* \"sandbox: imply CONFIG_TEE (TEE uclass)\", replacing\n  \"configs: sandbox: enable CONFIG_TEE (TEE uclass)\"\n* Moved sandbox driver to drivers/tee and added code to emulate the AVB TA\n* Enabled a few AVB tests (test/py/tests/test_avb.py) for sandbox\n* Bugfix tee_find_device()\n* Commits \"dm: fdt: scan for devices under /firmware too\",\n  \"cmd: avb read_rb: print rb_idx in hexadecimal\",\n  \"cmd: avb: print error message if command fails\",\n  \"Add UCLASS_TEE for Trusted Execution Environment\",\n  \"tee: add OP-TEE driver\",\n  \"Documentation: tee uclass and op-tee driver\",\n  \"test: tee: test TEE uclass\",\n  \"arm: dt: hikey: Add optee node\" and\n  \"sandbox: dt: add sandbox_tee node\"\n  Reviewed-by: Simon Glass <sjg@chromium.org>\n\nchanges in v2:\n* Added sandbox driver and a test in test/dm for the new TEE uclass:\n  Commit (\"test: tee: test TEE uclass\") and the enabling commits\n  (\"sandbox: dt: add sandbox_tee node\") and\n  (\"configs: sandbox: enable CONFIG_TEE (TEE uclass)\")\n* Added descriptions of exported structs and functions\n* Added documentation for the TEE uclass and the OP-TEE driver with\n  the new commit (\"Documentation: tee uclass and op-tee driver\")\n* Added documentation for the changes in avb_verify\n* Addressed review comments from Simon Glass\n* Added the commit (\"cmd: avb: print error message if command fails\")\n* Made a few functions static in the OP-TEE driver\n* Commit (\"cmd: avb read_rb: print rb_idx in hexadecimal\") and\n  (\"tee: optee: support AVB trusted application\");\n  Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>\n\nThanks,\nJens\n\nJens Wiklander (20):\n  dm: fdt: scan for devices under /firmware too\n  cmd: avb read_rb: print rb_idx in hexadecimal\n  cmd: avb: print error message if command fails\n  avb_verify: bugfix avb_ops_free() skipping free\n  mmc: rpmb: add mmc_rpmb_route_frames()\n  Add UCLASS_TEE for Trusted Execution Environment\n  dt/bindings: add bindings for optee\n  tee: add OP-TEE driver\n  Documentation: tee uclass and op-tee driver\n  arm: dt: hikey: Add optee node\n  optee: support routing of rpmb data frames to mmc\n  tee: optee: support AVB trusted application\n  sandbox: dt: add sandbox_tee node\n  sandbox: imply CONFIG_TEE (TEE uclass)\n  tee: add sandbox driver\n  test: tee: test TEE uclass\n  avb_verify: support using OP-TEE TA AVB\n  test_avb: Update pymark.buildconfigspec information for the AVB tests\n  avb_verify: support sandbox configuration\n  Kconfig: sandbox: enable cmd_avb and dependencies\n\n MAINTAINERS                                   |   7 +\n arch/Kconfig                                  |   5 +\n arch/arm/dts/hi6220-hikey.dts                 |   7 +\n arch/sandbox/dts/sandbox.dts                  |   4 +\n arch/sandbox/dts/sandbox64.dts                |   4 +\n arch/sandbox/dts/test.dts                     |   4 +\n cmd/avb.c                                     |  19 +-\n common/avb_verify.c                           | 120 +++-\n doc/README.avb2                               |  13 +\n doc/README.tee                                | 112 +++\n .../firmware/linaro,optee-tz.txt              |  31 +\n drivers/Kconfig                               |   2 +\n drivers/Makefile                              |   1 +\n drivers/core/root.c                           |  15 +-\n drivers/fastboot/Kconfig                      |   2 +\n drivers/mmc/rpmb.c                            | 160 +++++\n drivers/tee/Kconfig                           |  29 +\n drivers/tee/Makefile                          |   5 +\n drivers/tee/optee/Kconfig                     |  27 +\n drivers/tee/optee/Makefile                    |   5 +\n drivers/tee/optee/core.c                      | 662 ++++++++++++++++++\n drivers/tee/optee/optee_msg.h                 | 425 +++++++++++\n drivers/tee/optee/optee_msg_supplicant.h      | 240 +++++++\n drivers/tee/optee/optee_private.h             |  65 ++\n drivers/tee/optee/optee_smc.h                 | 450 ++++++++++++\n drivers/tee/optee/rpmb.c                      | 181 +++++\n drivers/tee/optee/supplicant.c                |  96 +++\n drivers/tee/sandbox.c                         | 299 ++++++++\n drivers/tee/tee-uclass.c                      | 233 ++++++\n include/avb_verify.h                          |  13 +\n include/dm/uclass-id.h                        |   1 +\n include/mmc.h                                 |   2 +\n include/sandboxtee.h                          |  15 +\n include/tee.h                                 | 374 ++++++++++\n include/tee/optee_ta_avb.h                    |  48 ++\n test/dm/Makefile                              |   1 +\n test/dm/tee.c                                 |  98 +++\n test/py/tests/test_avb.py                     |   8 +-\n 38 files changed, 3772 insertions(+), 11 deletions(-)\n create mode 100644 doc/README.tee\n create mode 100644 doc/device-tree-bindings/firmware/linaro,optee-tz.txt\n create mode 100644 drivers/tee/Kconfig\n create mode 100644 drivers/tee/Makefile\n create mode 100644 drivers/tee/optee/Kconfig\n create mode 100644 drivers/tee/optee/Makefile\n create mode 100644 drivers/tee/optee/core.c\n create mode 100644 drivers/tee/optee/optee_msg.h\n create mode 100644 drivers/tee/optee/optee_msg_supplicant.h\n create mode 100644 drivers/tee/optee/optee_private.h\n create mode 100644 drivers/tee/optee/optee_smc.h\n create mode 100644 drivers/tee/optee/rpmb.c\n create mode 100644 drivers/tee/optee/supplicant.c\n create mode 100644 drivers/tee/sandbox.c\n create mode 100644 drivers/tee/tee-uclass.c\n create mode 100644 include/sandboxtee.h\n create mode 100644 include/tee.h\n create mode 100644 include/tee/optee_ta_avb.h\n create mode 100644 test/dm/tee.c"
}