On Tue, Dec 21, 2021 at 05:45:02PM +0000, David Brazdil wrote: > Open Profile for DICE is an open protocol for measured boot compatible > with the Trusted Computing Group's Device Identifier Composition > Engine (DICE) specification. The generated Compound Device Identifier > (CDI) certificates represent the hardware/software combination measured > by DICE, and can be used for remote attestation and sealing. > > Add a driver that exposes reserved memory regions populated by firmware > with DICE CDIs and exposes them to userspace via a character device. > > Userspace obtains the memory region's size from read() and calls mmap() > to create a mapping of the memory region in its address space. The > mapping is not allowed to be write+shared, giving userspace a guarantee > that the data were not overwritten by another process. > > Userspace can also call write(), which triggers a wipe of the DICE data > by the driver. Because both the kernel and userspace mappings use > write-combine semantics, all clients observe the memory as zeroed after > the syscall has returned. > > Cc: Andrew Scull <ascull@xxxxxxxxxx> > Cc: Will Deacon <will@xxxxxxxxxx> > Signed-off-by: David Brazdil <dbrazdil@xxxxxxxxxx> > --- > drivers/misc/Kconfig | 12 +++ > drivers/misc/Makefile | 1 + > drivers/misc/open-dice.c | 188 +++++++++++++++++++++++++++++++++++++++ > drivers/of/platform.c | 1 + Acked-by: Rob Herring <robh@xxxxxxxxxx> > 4 files changed, 202 insertions(+) > create mode 100644 drivers/misc/open-dice.c
