Re: [PATCH] char: tpm: ftpm_tee: use kernel login identifier
From: Sumit Garg
Date: Wed May 10 2023 - 06:24:26 EST
Hi Etienne,
On Sat, 6 May 2023 at 00:14, Etienne Carriere
<etienne.carriere@xxxxxxxxxx> wrote:
>
> Changes fTPM TEE driver to open the TEE session with REE kernel login
> identifier rather than public login. This is needed in case fTPM service
> it denied to user land application and restricted to kernel operating
> system services only.
This is a valid restriction to avoid any unintended use of fTPM by
user-space. But has the corresponding patch landed in fTPM TA which
would enforce this restriction?
-Sumit
>
> Signed-off-by: Etienne Carriere <etienne.carriere@xxxxxxxxxx>
> ---
> drivers/char/tpm/tpm_ftpm_tee.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/tpm/tpm_ftpm_tee.c b/drivers/char/tpm/tpm_ftpm_tee.c
> index 528f35b14fb6..6d32e260af43 100644
> --- a/drivers/char/tpm/tpm_ftpm_tee.c
> +++ b/drivers/char/tpm/tpm_ftpm_tee.c
> @@ -241,7 +241,7 @@ static int ftpm_tee_probe(struct device *dev)
> /* Open a session with fTPM TA */
> memset(&sess_arg, 0, sizeof(sess_arg));
> export_uuid(sess_arg.uuid, &ftpm_ta_uuid);
> - sess_arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC;
> + sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL;
> sess_arg.num_params = 0;
>
> rc = tee_client_open_session(pvt_data->ctx, &sess_arg, NULL);
> --
> 2.25.1
>