Joakim,

 

Just my $.02 on this one : isn’t the point of TEEs to reduce the amount of code that they run, so that

better trust can be put into it, and a comprehensive code review remains possible.

 

Adding a full eMMC stack would mean a lot of code and a greater attack surface, wouldn’t it ? I fear

that at one point we need to to consider implementing yet another trust level (we’d have to call them

HTTs, Highly Trusted TEEs) because the amount of code in TEE has grown beyond control.

 

One the other hand, given such problem as early security verifications during boot, we currently are

left with a mix of ARM Trusted Firmware and proprietary code, which isn’t an ideal situation.

 

Erwan

 

 

From: Tee-dev [mailto:tee-dev-bounces@lists.linaro.org] On Behalf Of Joakim Bech
Sent: jeudi 23 novembre 2017 08:32
To: Stuart Yoder
Cc: tee-dev
Subject: Re: [Tee-dev] eMMC driver in OP-TEE?

 

Stuart,

 

On 22 November 2017 at 21:53, Jerome Forissier <jerome.forissier@linaro.org> wrote:

Hi Stuart,

 

Le 22 nov. 2017 9:28 PM, "Stuart Yoder" <stuart.yoder@arm.com> a écrit :

 

Is doing this a roadmap (or potential roadmap) item for OP-TEE? 

 

I don't think it is at the moment.

We're touching it from another angle, since we have started working with Android

Verified Boot 2.0, which means that we will need to access RPMB before Linux

kernel is up and running to be able to work with the rollback index in AVB2.0.

It's still an open question whether we shall try to use the RPMB support in U-Boot

or if it will be something done in OP-TEE directly.

 

Regards,

Joakim

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.