• Vesa Jääskeläinen's avatar
    tee: add support for session's client UUID generation · e33bcbab
    Vesa Jääskeläinen authored
    TEE Client API defines that from user space only information needed for
    specified login operations is group identifier for group based logins.
    
    REE kernel is expected to formulate trustworthy client UUID and pass that
    to TEE environment. REE kernel is required to verify that provided group
    identifier for group based logins matches calling processes group
    memberships.
    
    TEE specification only defines that the information passed from REE
    environment to TEE environment is encoded into on UUID.
    
    In order to guarantee trustworthiness of client UUID user space is not
    allowed to freely pass client UUID.
    
    UUIDv5 form is used encode variable amount of information needed for
    different login types.
    Signed-off-by: default avatarVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
    [jw: remove unused variable application_id]
    Signed-off-by: default avatarJens Wiklander <jens.wiklander@linaro.org>
    e33bcbab
tee_core.c 30.1 KB