QEMUv8: RPMB device support#851
Conversation
QEMU has recently added RPMB support to its eMMC emulation [1]. In order to use this feature, enable CONFIG_MMC_SDHCI_PCI in the kernel. Also enable CONFIG_RPMB so that the in-kernel TEE RPMB routing can be used and tested. The legacy support of RPMB via tee-supplicant remains available to OP-TEE via CFG_RPMB_ANNOUNCE_PROBE_CAP=n. [1] https://github.com/qemu/qemu/commits/45423e247076/ Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Update the QEMUv8 command line as well as the kernel config so that an emulated RPMB device is exposed to the Linux kernel and user space. This allows testing CFG_RPMB_FS=y without RPMB support in tee-supplicant. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
| # Toolchain libraries might be here or there | ||
| send -- "export LD_LIBRARY_PATH=/lib:/lib/arm-linux-gnueabihf\r" | ||
| expect "# " | ||
| send -- {if [ -e /dev/mmcblk0rpmb ]; then echo "Programming RPMB key"; printf "\\xD3\\xEB\\x3E\\xC3\\x6E\\x33\\x4C\\x9F\\x98\\x8C\\xE2\\xC0\\xB8\\x59\\x54\\x61\\x0D\\x2B\\xCF\\x86\\x64\\x84\\x4D\\xF2\\xAB\\x56\\xE6\\xC6\\x1B\\xB7\\x01\\xE4" >rpmb_key.bin && mmc rpmb write-key /dev/mmcblk0rpmb rpmb_key.bin; fi} |
There was a problem hiding this comment.
I guess this will not work for fTPM
There was a problem hiding this comment.
No, the key would need to be programmed earlier I suppose. For this use case I believe we could boot the machine, program the RPMB key, then save the eMMC device persistent state (where the RPMB key/write counter etc. are stored) via some QEMU command. Then boot the system again from that state snapshot. @philmd did I get this right?
We could keep this for a later PR.
There was a problem hiding this comment.
Yeah, or we could even use a pre-fabricated binary image.
There was a problem hiding this comment.
The problem is, the key is not stored in the eMMC image file (the emmc0.img passed to QEMU on the command line). That image only contains the data blocks. But perhaps the key can be supplied via a state file that we could generate from scratch without having to save it from a running VM, I don't know.
There was a problem hiding this comment.
We might use the test key, which is well-known.
There was a problem hiding this comment.
The string inside the printf is the test key 😉
|
This pull request has been marked as stale because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed pull request at any time. |
2 participants
This adds support for RPMB device emulation in QEMUv8.
Depends on OP-TEE/manifest#335.