KEYS: trusted: tee: Make registered shm dependency explicit

Message ID 20221110111140.1999538-1-sumit.garg@linaro.org
State New
Headers
Series KEYS: trusted: tee: Make registered shm dependency explicit |

Commit Message

Sumit Garg Nov. 10, 2022, 11:11 a.m. UTC
  TEE trusted keys support depends on registered shared memory support
since the key buffers are needed to be registered with OP-TEE. So make
that dependency explicit to not register trusted keys support if
underlying implementation doesn't support registered shared memory.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>
---
 security/keys/trusted-keys/trusted_tee.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
  

Comments

Sumit Garg Nov. 10, 2022, 11:14 a.m. UTC | #1
+ Jarkko (Apologies I accidently missed you while sending the original patch).

On Thu, 10 Nov 2022 at 16:42, Sumit Garg <sumit.garg@linaro.org> wrote:
>
> TEE trusted keys support depends on registered shared memory support
> since the key buffers are needed to be registered with OP-TEE. So make
> that dependency explicit to not register trusted keys support if
> underlying implementation doesn't support registered shared memory.
>
> Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
> Tested-by: Jerome Forissier <jerome.forissier@linaro.org>
> ---
>  security/keys/trusted-keys/trusted_tee.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/security/keys/trusted-keys/trusted_tee.c b/security/keys/trusted-keys/trusted_tee.c
> index c8626686ee1b..ac3e270ade69 100644
> --- a/security/keys/trusted-keys/trusted_tee.c
> +++ b/security/keys/trusted-keys/trusted_tee.c
> @@ -219,7 +219,8 @@ static int trusted_tee_get_random(unsigned char *key, size_t key_len)
>
>  static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data)
>  {
> -       if (ver->impl_id == TEE_IMPL_ID_OPTEE)
> +       if (ver->impl_id == TEE_IMPL_ID_OPTEE &&
> +           ver->gen_caps & TEE_GEN_CAP_REG_MEM)
>                 return 1;
>         else
>                 return 0;
> --
> 2.34.1
>
  
Jarkko Sakkinen Nov. 16, 2022, 12:33 a.m. UTC | #2
On Thu, Nov 10, 2022 at 04:44:20PM +0530, Sumit Garg wrote:
> + Jarkko (Apologies I accidently missed you while sending the original patch).
> 
> On Thu, 10 Nov 2022 at 16:42, Sumit Garg <sumit.garg@linaro.org> wrote:
> >
> > TEE trusted keys support depends on registered shared memory support
> > since the key buffers are needed to be registered with OP-TEE. So make
> > that dependency explicit to not register trusted keys support if
> > underlying implementation doesn't support registered shared memory.
> >
> > Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
> > Tested-by: Jerome Forissier <jerome.forissier@linaro.org>
> > ---
> >  security/keys/trusted-keys/trusted_tee.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/security/keys/trusted-keys/trusted_tee.c b/security/keys/trusted-keys/trusted_tee.c
> > index c8626686ee1b..ac3e270ade69 100644
> > --- a/security/keys/trusted-keys/trusted_tee.c
> > +++ b/security/keys/trusted-keys/trusted_tee.c
> > @@ -219,7 +219,8 @@ static int trusted_tee_get_random(unsigned char *key, size_t key_len)
> >
> >  static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data)
> >  {
> > -       if (ver->impl_id == TEE_IMPL_ID_OPTEE)
> > +       if (ver->impl_id == TEE_IMPL_ID_OPTEE &&
> > +           ver->gen_caps & TEE_GEN_CAP_REG_MEM)
> >                 return 1;
> >         else
> >                 return 0;
> > --
> > 2.34.1
> >

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko
  
Jarkko Sakkinen Nov. 16, 2022, 12:39 a.m. UTC | #3
On Wed, Nov 16, 2022 at 02:33:24AM +0200, Jarkko Sakkinen wrote:
> On Thu, Nov 10, 2022 at 04:44:20PM +0530, Sumit Garg wrote:
> > + Jarkko (Apologies I accidently missed you while sending the original patch).
> > 
> > On Thu, 10 Nov 2022 at 16:42, Sumit Garg <sumit.garg@linaro.org> wrote:
> > >
> > > TEE trusted keys support depends on registered shared memory support
> > > since the key buffers are needed to be registered with OP-TEE. So make
> > > that dependency explicit to not register trusted keys support if
> > > underlying implementation doesn't support registered shared memory.
> > >
> > > Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
> > > Tested-by: Jerome Forissier <jerome.forissier@linaro.org>
> > > ---
> > >  security/keys/trusted-keys/trusted_tee.c | 3 ++-
> > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/security/keys/trusted-keys/trusted_tee.c b/security/keys/trusted-keys/trusted_tee.c
> > > index c8626686ee1b..ac3e270ade69 100644
> > > --- a/security/keys/trusted-keys/trusted_tee.c
> > > +++ b/security/keys/trusted-keys/trusted_tee.c
> > > @@ -219,7 +219,8 @@ static int trusted_tee_get_random(unsigned char *key, size_t key_len)
> > >
> > >  static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data)
> > >  {
> > > -       if (ver->impl_id == TEE_IMPL_ID_OPTEE)
> > > +       if (ver->impl_id == TEE_IMPL_ID_OPTEE &&
> > > +           ver->gen_caps & TEE_GEN_CAP_REG_MEM)
> > >                 return 1;
> > >         else
> > >                 return 0;
> > > --
> > > 2.34.1
> > >
> 
> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

Applied.

BR, Jarkko
  

Patch

diff --git a/security/keys/trusted-keys/trusted_tee.c b/security/keys/trusted-keys/trusted_tee.c
index c8626686ee1b..ac3e270ade69 100644
--- a/security/keys/trusted-keys/trusted_tee.c
+++ b/security/keys/trusted-keys/trusted_tee.c
@@ -219,7 +219,8 @@  static int trusted_tee_get_random(unsigned char *key, size_t key_len)
 
 static int optee_ctx_match(struct tee_ioctl_version_data *ver, const void *data)
 {
-	if (ver->impl_id == TEE_IMPL_ID_OPTEE)
+	if (ver->impl_id == TEE_IMPL_ID_OPTEE &&
+	    ver->gen_caps & TEE_GEN_CAP_REG_MEM)
 		return 1;
 	else
 		return 0;