App provisioning framework #367
Commits on Nov 5, 2024
-
Update submodules after merging: * islet-project/assets#12 * islet-project/assets#13 Signed-off-by: Michał Szaknis <m.szaknis@samsung.com>
-
Add handling of realm metadata and sealing key derivation
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Use allocated pages instead of exported arrays in rsi driver
There is no need to modify the realm Linux kernel and export static arrays to use them as granules passed via RSI to RMM. Instead just use page allocation mechanism. The previous issue with the static buffers in rsi.ko was been related to improper usage of virt_to_phys() function, which doesn't work, because the static buffer belongs to the modules memory range. In that case virt_to_phys() returns improper physical address that doesn't belong to the RAM range. To make it work with static buffers, one could use: phys_addr_t granule = page_to_phys(vmalloc_to_page(rsi_page_buf)); Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Don't allow to assign realm metadata multiple times
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Implement handling of RSI_ISLET_REALM_METADATA in the rsi driver
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Apply cosmetic changes to rsi driver
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Fix handling of realm metadata RSI in TF-RMM
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Fix RIM calculation code to be complaint with EAC5 spec
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Fix macro definition name in TF-RMM
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Fix destruction of realm when metadata is not privided
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
hes: Implement derivation of VHUK_A and VHUK_M
Signed-off-by: Zofia Abramowska <z.abramowska@samsung.com>
-
Get VHUKS from TF-A using vendor SMC RMM calls
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
-
Implement RSI sealing key call with HKDF key generation
tf-a-rss: Enable fetching VHUK from HES Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
-
- RMI call - verification and validation - use in the sealing-key process Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
-
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
-
Add description on how to extract the RIM using the rim-measurer-tool
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Add a high level description to README
Signed-off-by: Michał Szaknis <m.szaknis@samsung.com>
-
Change Info to Debug and rework static assertions
Signed-off-by: Michał Szaknis <m.szaknis@samsung.com>
-
Put metadata on heap using Box
Signed-off-by: Michał Szaknis <m.szaknis@samsung.com>
-
Signed-off-by: Michał Szaknis <m.szaknis@samsung.com>
-
Fix the name of the network interface in the app-provisioning manual
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Add a note on how to build an OCI image in case of using older Docker…
… versions Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Add a missing check for RD in State::New in SET_METADATA
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
-
Signed-off-by: Michał Szaknis <m.szaknis@samsung.com>
-
Apply fixes accordind to the review (submodules, comments)
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Update the submodule reference to eac5/kvmtool-rim-measurer
Also, update the README.md file for app provisioning to point this submodule. Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Implement sealing/unsealing operations using the sealing keys
Use the symmetric sealing key that is derived by Islet RMM. Utilize AES-256-GCM for the encryption of sealed data. Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Update readme acording to comments
Signed-off-by: Michał Szaknis <m.szaknis@samsung.com>
-
Let the tf-rmm submodule point to the original repo
Signed-off-by: Piotr Sawicki <p.sawicki2@samsung.com>
-
Change info to debug in sealing.rs
Signed-off-by: Michał Szaknis <m.szaknis@samsung.com>
