[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [virtio-dev] Re: [virtio-comment] [PATCH] Add virtio rpmb device specification
> -----Original Message----- > From: virtio-dev@lists.oasis-open.org [mailto:virtio-dev@lists.oasis-open.org] > On Behalf Of Michael S. Tsirkin > Sent: Sunday, August 4, 2019 5:00 > To: Huang, Yang <yang.huang@intel.com> > Cc: Paolo Bonzini <pbonzini@redhat.com>; virtio-dev@lists.oasis-open.org; > virtio-comment@lists.oasis-open.org; Zhu, Bing <bing.zhu@intel.com>; Winkler, > Tomas <tomas.winkler@intel.com> > Subject: [virtio-dev] Re: [virtio-comment] [PATCH] Add virtio rpmb device > specification > > On Tue, Jul 30, 2019 at 12:33:17AM +0000, Huang, Yang wrote: > > > > > > > -----Original Message----- > > > From: virtio-comment@lists.oasis-open.org > > > [mailto:virtio-comment@lists.oasis- > > > open.org] On Behalf Of Paolo Bonzini > > > Sent: Monday, July 29, 2019 17:19 > > > To: Huang, Yang <yang.huang@intel.com>; > > > virtio-dev@lists.oasis-open.org > > > Cc: virtio-comment@lists.oasis-open.org; mst@redhat.com; Zhu, Bing > > > <bing.zhu@intel.com>; Winkler, Tomas <tomas.winkler@intel.com> > > > Subject: Re: [virtio-comment] [PATCH] Add virtio rpmb device > > > specification > > > > > > On 29/07/19 09:48, Huang Yang wrote: > > > > > > > > But virtualization software like Qemu doesn't provide > > > > eMMC/UFS/NVMe RPMB emulation. It blocks the OS like Trusty or > > > > OP-TEE running in a virtualization environment. For instance, > > > > Google right now uses another way to work around RPMB emulation > > > > issue when running Trusty in > > > ARM Qemu: > > > > https://android.googlesource.com/trusty/external/trusty/+/refs/hea > > > > ds/m > > > > aster/test-runner/ > > > > > > > > Virtio RPMB standardization will definitely benefit OP-TEE, Google > > > > Trusty TEE, Qemu, OVMF or other modules to develop the RPMB based > > > > secure storage in virtualization. > > > > > > > > > > Is there any reason to use a new virtio-blk device, and not add this > > > functionality to virtio-blk? > > > > > > Paolo > > > > RPMB does not behave as a blk device. It doesn't have block device APIs. > > Current virtio blk features or definitions in spec are mostly useless or > inapplicable to virtio rpmb. > > It performs a different behaviors from the operations on a blk device. > > Key, writer counter or nonce are required to read/write on it. > > If add it to blk device, it will not only cause to a higher complexity, but also > cause to two different behaviors on a same device. > > > > > Well it seems that current RPMB implementations are all tied to a storage device, > like MMC or NVMe. Why is that and why doesn't the same logic apply here? > > -- > MST > RPMB is a mandatory hardware partition of eMMC, UFS and optional for NVMe. It is standardized by JEDEC and NVMe. This partition is different from the user data partition that blk device emulates. It provides a signed access in an authenticated and replay protected manner that blk device does not perform. Only RPMB key owner can write to it while anybody can access to a user data partition.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]