Hi All,
We are working on enabling the Secure Storage of Variables for Secure UEFI.
Let me give you a brief idea of what we are doing.
We need StandAlone Management Mode to run in the Secure Environment.
For that in EDK2 we already have the
MmCommunicationDxe Runtime Driver which communicates with StMM running
in Secure Partition in Secure World.
But this driver is based on SPM (Secure Partition Manager) running in the ATF.
As we are aware that ATF can run either in SPM mode or SPD mode, Both are mutually exclusive.
So we cannot have both the StMM running in Secure Partition as well as OP-TEE or any other Secure OS running in Secure World.
On many systems, there are many other secure operations needed to be done that can be done by Secure OS only.
So in these systems we need to make the StMM and Secure OS work together.
As part of doing this only, we have created a kind
of Secure Partition within OP-TEE in which StMM can work as a kind of TA,
and other TAs cannot interfere with the working of this Secure
Partition.
Other TAs can run in parallel to StMM on top of OP-TEE, We can get the work done by StMM by OP-TEE SMC calls only.
It will be like this as shown in the below image.
Secure World
+-----------------------------------------------------------+
| +-----------------------+ +------------------------+ |
| | | | +--------------------+ | |
| | | | | | | |
| | Trusted Application | | | | | |
| | | | | | | |
| | | | | StMM | | |
| +-----------------------+ | | | | |
| | | | | |
| | | | | |
| | +--------------------+ | |
| | | |
| OP-TEE | | |
| | | |
| | Secure Partition | |
| | | |
| | | |
| | | |
| +------------------------+ |
+-----------------------------------------------------------+
So with this approach of running StMM in an exclusive secure partition with OP-TEE, StMM and TAs can work together.
In this way
StMM binary which is compiled is also environment-agnostic, Same StMM
binary can work whether it is running as part of OP-TEE or Standalone in
Secure Word.
If OP-TEE is responsible for running StMM, firmware
implementations, like U-Boot, can use it to store UEFI variables.
Now for implementing the whole system of Secure Variable Storage for Secure UEFI.
We need to make changes in MmCommunicationDxe Runtime Driver and OpteeLib
Let's discuss one by one the changes:
- MmCommunicationDxe – Currently it is based on SPM SMC calls that get landed into ATF and do the required work.
- Now since StMM is running as part of OP-TEE, we need to change these into OP-TEE SMC calls.
- OpteeLib – Currently OpteeLib cannot be used with the Runtime Drivers.
- We need to change its configuration so that it can be used with a Runtime Driver.
So for making these changes we have following approaches:
- MmCommunicationDxe
- We
can have the code for SPM SMC calling and OPTEE SMC calling in the same
driver under some compile time flags, but it will make the code nasty.
- Another approach can be writing a new driver under the name of MmCommunicationOpteeDxe in ArmPkg/Drivers/.
- OpteeLib
- We can make necessary changes to make it work with Runtime Driver.
- Other approach we can make Runtime Driver of Optee also in ArmPkg/Drivers/
So please review the mail and approaches for making the changes and let us know your views.
Regards,
Sahil Malhotra
