Hi Stuart,

Le 22 nov. 2017 9:28 PM, "Stuart Yoder" <stuart.yoder@arm.com> a écrit :

There is no storage controller driver in OP-TEE, as pointed out in the RPMB doc:

There is no eMMC controller driver in OP-TEE. The device operations all have
to go through the normal world. They are handled by the tee-supplicant process
which further relies on the kernel's ioctl() interface to access the device.

Correct.

Is doing this a roadmap (or potential roadmap) item for OP-TEE?

I don't think it is at the moment.

I'm wondering
what discussions might have happened in the past, and if the idea has been
rejected for some reason. Or, is it a potential future to do item?

There are some technical challenges, but we have certainly not rejected the idea!

The use case would be if OP-TEE provided a secure key store, and access was
need to that key store prior to normal world being available...for example,
to store keys that encrypted the disk to be used by Linux.

Makes sense. That being said, there are probably simpler solutions to derive FDE keys (OTP/eFuse/crypto accelerator).

Regards,

Jerome

Thanks,
Stuart

_______________________________________________
Tee-dev mailing list
Tee-dev@lists.linaro.org
https://lists.linaro.org/mailman/listinfo/tee-dev