[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [virtio-comment] RE: [virtio-dev] Re: [virtio-comment] [PATCH] Add virtio rpmb device specification
On Sun, Aug 04, 2019 at 02:07:49AM +0000, Huang, Yang wrote: > > > > -----Original Message----- > > From: virtio-dev@lists.oasis-open.org [mailto:virtio-dev@lists.oasis-open.org] > > On Behalf Of Michael S. Tsirkin > > Sent: Sunday, August 4, 2019 5:00 > > To: Huang, Yang <yang.huang@intel.com> > > Cc: Paolo Bonzini <pbonzini@redhat.com>; virtio-dev@lists.oasis-open.org; > > virtio-comment@lists.oasis-open.org; Zhu, Bing <bing.zhu@intel.com>; Winkler, > > Tomas <tomas.winkler@intel.com> > > Subject: [virtio-dev] Re: [virtio-comment] [PATCH] Add virtio rpmb device > > specification > > > > On Tue, Jul 30, 2019 at 12:33:17AM +0000, Huang, Yang wrote: > > > > > > > > > > -----Original Message----- > > > > From: virtio-comment@lists.oasis-open.org > > > > [mailto:virtio-comment@lists.oasis- > > > > open.org] On Behalf Of Paolo Bonzini > > > > Sent: Monday, July 29, 2019 17:19 > > > > To: Huang, Yang <yang.huang@intel.com>; > > > > virtio-dev@lists.oasis-open.org > > > > Cc: virtio-comment@lists.oasis-open.org; mst@redhat.com; Zhu, Bing > > > > <bing.zhu@intel.com>; Winkler, Tomas <tomas.winkler@intel.com> > > > > Subject: Re: [virtio-comment] [PATCH] Add virtio rpmb device > > > > specification > > > > > > > > On 29/07/19 09:48, Huang Yang wrote: > > > > > > > > > > But virtualization software like Qemu doesn't provide > > > > > eMMC/UFS/NVMe RPMB emulation. It blocks the OS like Trusty or > > > > > OP-TEE running in a virtualization environment. For instance, > > > > > Google right now uses another way to work around RPMB emulation > > > > > issue when running Trusty in > > > > ARM Qemu: > > > > > https://android.googlesource.com/trusty/external/trusty/+/refs/hea > > > > > ds/m > > > > > aster/test-runner/ > > > > > > > > > > Virtio RPMB standardization will definitely benefit OP-TEE, Google > > > > > Trusty TEE, Qemu, OVMF or other modules to develop the RPMB based > > > > > secure storage in virtualization. > > > > > > > > > > > > > Is there any reason to use a new virtio-blk device, and not add this > > > > functionality to virtio-blk? > > > > > > > > Paolo > > > > > > RPMB does not behave as a blk device. It doesn't have block device APIs. > > > Current virtio blk features or definitions in spec are mostly useless or > > inapplicable to virtio rpmb. > > > It performs a different behaviors from the operations on a blk device. > > > Key, writer counter or nonce are required to read/write on it. > > > If add it to blk device, it will not only cause to a higher complexity, but also > > cause to two different behaviors on a same device. > > > > > > > > > Well it seems that current RPMB implementations are all tied to a storage device, > > like MMC or NVMe. Why is that and why doesn't the same logic apply here? > > > > -- > > MST > > > > RPMB is a mandatory hardware partition of eMMC, UFS and optional for NVMe. > It is standardized by JEDEC and NVMe. > This partition is different from the user data partition that blk device emulates. > It provides a signed access in an authenticated and replay protected manner that > blk device does not perform. Only RPMB key owner can write to it while anybody > can access to a user data partition. Sorry if I'm being dense, so how is this different from e.g. NVMe? -- MST
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]