summaryrefslogtreecommitdiff
path: root/include/linux/tee_drv.h
diff options
context:
space:
mode:
authorVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>2020-04-30 15:37:09 +0300
committerJens Wiklander <jens.wiklander@linaro.org>2020-05-11 14:11:26 +0200
commite33bcbab16d1c0dd85d72bec275308369ad901f5 (patch)
tree1dd62de011aafe451df09d29bdf11bf1ddb68cd8 /include/linux/tee_drv.h
parentae83d0b416db002fe95601e7f97f64b59514d936 (diff)
downloadlwn-e33bcbab16d1c0dd85d72bec275308369ad901f5.tar.gz
lwn-e33bcbab16d1c0dd85d72bec275308369ad901f5.zip
tee: add support for session's client UUID generation
TEE Client API defines that from user space only information needed for specified login operations is group identifier for group based logins. REE kernel is expected to formulate trustworthy client UUID and pass that to TEE environment. REE kernel is required to verify that provided group identifier for group based logins matches calling processes group memberships. TEE specification only defines that the information passed from REE environment to TEE environment is encoded into on UUID. In order to guarantee trustworthiness of client UUID user space is not allowed to freely pass client UUID. UUIDv5 form is used encode variable amount of information needed for different login types. Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> [jw: remove unused variable application_id] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Diffstat (limited to 'include/linux/tee_drv.h')
-rw-r--r--include/linux/tee_drv.h16
1 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h
index 1412e9cc79ce..8471b790e858 100644
--- a/include/linux/tee_drv.h
+++ b/include/linux/tee_drv.h
@@ -166,6 +166,22 @@ int tee_device_register(struct tee_device *teedev);
void tee_device_unregister(struct tee_device *teedev);
/**
+ * tee_session_calc_client_uuid() - Calculates client UUID for session
+ * @uuid: Resulting UUID
+ * @connection_method: Connection method for session (TEE_IOCTL_LOGIN_*)
+ * @connectuon_data: Connection data for opening session
+ *
+ * Based on connection method calculates UUIDv5 based client UUID.
+ *
+ * For group based logins verifies that calling process has specified
+ * credentials.
+ *
+ * @return < 0 on failure
+ */
+int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
+ const u8 connection_data[TEE_IOCTL_UUID_LEN]);
+
+/**
* struct tee_shm - shared memory object
* @ctx: context using the object
* @paddr: physical address of the shared memory