Hi Etienne, On Sat, 6 May 2023 at 00:14, Etienne Carriere <etienne.carriere@xxxxxxxxxx> wrote: > > Changes fTPM TEE driver to open the TEE session with REE kernel login > identifier rather than public login. This is needed in case fTPM service > it denied to user land application and restricted to kernel operating > system services only. This is a valid restriction to avoid any unintended use of fTPM by user-space. But has the corresponding patch landed in fTPM TA which would enforce this restriction? -Sumit > > Signed-off-by: Etienne Carriere <etienne.carriere@xxxxxxxxxx> > --- > drivers/char/tpm/tpm_ftpm_tee.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/char/tpm/tpm_ftpm_tee.c b/drivers/char/tpm/tpm_ftpm_tee.c > index 528f35b14fb6..6d32e260af43 100644 > --- a/drivers/char/tpm/tpm_ftpm_tee.c > +++ b/drivers/char/tpm/tpm_ftpm_tee.c > @@ -241,7 +241,7 @@ static int ftpm_tee_probe(struct device *dev) > /* Open a session with fTPM TA */ > memset(&sess_arg, 0, sizeof(sess_arg)); > export_uuid(sess_arg.uuid, &ftpm_ta_uuid); > - sess_arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC; > + sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL; > sess_arg.num_params = 0; > > rc = tee_client_open_session(pvt_data->ctx, &sess_arg, NULL); > -- > 2.25.1 >
