From: Jeffrey Kardatzke <jkardatzke@google.com>
To: Yi Chou <yich@chromium.org>
Cc: devicetree-spec@vger.kernel.org, Rob Herring <robh@kernel.org>,
krzysztof.kozlowski+dt@linaro.org, Yi Chou <yich@google.com>,
Yi-An Chen <chenyian@google.com>,
Jens Wiklander <jens.wiklander@linaro.org>,
Simon Glass <sjg@chromium.org>,
etienne.carriere@linaro.org,
Julius Werner <jwerner@chromium.org>,
joakim.bech@linaro.org, etienne.carriere@foss.st.com
Subject: Re: [PATCH v2] schemas: Add Google Widevine initialization parameters
Date: Thu, 11 Jan 2024 10:30:56 -0800 [thread overview]
Message-ID: <CA+ddPcN-p=cCQUcDRt-33s0=EhZkBMPRFOqULbZS3YMfeP9=Fw@mail.gmail.com> (raw)
In-Reply-To: <CABOkjxLPvtknz4XxfjCdnjvLCpbz5OF1U+x8AgoU7RnRe95TVA@mail.gmail.com>
Can we get a review from maintainers now that we've posted this again?
On Mon, Jan 8, 2024 at 7:44 PM Yi Chou <yich@chromium.org> wrote:
>
> The necessary fields to initialize the Widevine related functions in
> OP-TEE.
> Widevine is Google's content protection system for DRM (Digital rights
> management) contents.
>
> Signed-off-by: Yi Chou <yich@chromium.org>
> Reviewed-by: Simon Glass <sjg@chromium.org>
>
> ---
> The previous discussion in the OP-TEE:
> https://github.com/OP-TEE/optee_os/pull/6418
> The reviewers prefer us to remove the compatible string.
> And they prefer the /options/op-tee/widevine node.
>
> Changes in v2:
> - Change all "widevine" to "Widevine".
> - Fix the prefix of properties.
> - Add the explanation of Widevine in the description section.
> - Add the usage restriction in the description section.
>
> .../options/op-tee/google,widevine.yaml | 79 +++++++++++++++++++
> 1 file changed, 79 insertions(+)
> create mode 100644 dtschema/schemas/options/op-tee/google,widevine.yaml
>
> diff --git a/dtschema/schemas/options/op-tee/google,widevine.yaml
> b/dtschema/schemas/options/op-tee/google,widevine.yaml
> new file mode 100644
> index 0000000..742e519
> --- /dev/null
> +++ b/dtschema/schemas/options/op-tee/google,widevine.yaml
> @@ -0,0 +1,79 @@
> +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
> +%YAML 1.2
> +---
> +$id: http://devicetree.org/schemas/options/op-tee/google,widevine.yaml#
> +$schema: http://devicetree.org/meta-schemas/core.yaml#
> +
> +title: Google Widevine initialization parameters
> +
> +maintainers:
> + - Jeffrey Kardatzke <jkardatzke@chromium.org>
> + - Yi Chou <yich@chromium.org>
> +
> +description:
> + Widevine is Google's content protection system for DRM (digital rights
> + management) contents.
> + The necessary fields to initialize the Widevine related functions in
> + OP-TEE. This node does not represent a real device, but serves as a
> + place for passing data between firmware and OP-TEE.
> + The content of this node should not be shared with the Linux kernel.
> +
> +properties:
> + op-tee,hardware-unique-key:
> + $ref: /schemas/types.yaml#/definitions/uint8-array
> + maxItems: 32
> + description: |
> + The hardware-unique key of the OP-TEE. It will be used to derive
> + the secure storage key.
> + For more information, please reference:
> + https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html#hardware-unique-key
> +
> + tcg,tpm-auth-public-key:
> + $ref: /schemas/types.yaml#/definitions/uint8-array
> + maxItems: 1024
> + description: |
> + The TPM auth public key. Used to communicate the TPM from OP-TEE.
> + The format of data should be TPM2B_PUBLIC.
> + For more information, please reference the 12.2.5 section:
> + https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part2_Structures_pub.pdf
> +
> + google,widevine-root-of-trust-ecc-p256:
> + $ref: /schemas/types.yaml#/definitions/uint8-array
> + maxItems: 32
> + description: |
> + The Widevine root of trust secret. Used to sign the Widevine
> + request in OP-TEE. The value is an ECC NIST P-256 scalar.
> + For more information, please reference the G.1.2 section:
> + https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-186.pdf
> +
> +required:
> + - op-tee,hardware-unique-key
> + - tcg,tpm-auth-public-key
> + - google,widevine-root-of-trust-ecc-p256
> +
> +additionalProperties: false
> +
> +examples:
> + - |
> + options {
> + google,widevine {
> + op-tee,hardware-unique-key = [
> + 12 f7 98 d2 0e d2 85 92 a5 82 bf 98 b8 99 2b c0
> + c6 6f 19 85 79 86 65 18 55 eb ff 9b 6c c0 ac 27
> + ];
> + tcg,tpm-auth-public-key = [
> + 00 76 00 23 00 0b 00 02 04 b2 00 20 e1 47 bf 27
> + e1 74 30 c8 16 ab 72 4d 5c 77 e1 5c 61 2d 56 81
> + b3 35 cd 9d eb 67 41 37 69 f0 32 41 00 10 00 10
> + 00 03 00 10 00 20 70 9a df 50 f9 0f d5 f4 40 e0
> + ea 2c e8 f2 26 9f 0e 5c 02 70 16 c3 6c c1 83 03
> + 2d 04 10 bd 85 7a 00 20 83 03 c2 66 6e 01 32 34
> + 5c 5e 80 22 c7 48 24 3c 70 6b b8 e4 24 42 74 a9
> + cf fc ab f8 30 e9 de 51
> + ];
> + google,widevine-root-of-trust-ecc-p256 = [
> + ac 0d 86 c3 d7 b5 b7 a2 6f c3 d9 93 f7 de bc bb
> + d5 c4 25 9b 21 5f 36 af b5 dd 6d 29 9d 08 c0 10
> + ];
> + };
> + };
> --
> 2.42.0.869.gea05f2083d-goog
next prev parent reply other threads:[~2024-01-11 18:31 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-09 3:44 [PATCH v2] schemas: Add Google Widevine initialization parameters Yi Chou
2024-01-11 18:30 ` Jeffrey Kardatzke [this message]
2024-01-11 19:39 ` Krzysztof Kozlowski
2024-01-11 20:16 ` Rob Herring
-- strict thread matches above, loose matches on Subject: below --
2023-11-13 7:48 Yi Chou
2024-01-08 17:40 ` Jeffrey Kardatzke
2024-01-08 18:53 ` Krzysztof Kozlowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+ddPcN-p=cCQUcDRt-33s0=EhZkBMPRFOqULbZS3YMfeP9=Fw@mail.gmail.com' \
--to=jkardatzke@google.com \
--cc=chenyian@google.com \
--cc=devicetree-spec@vger.kernel.org \
--cc=etienne.carriere@foss.st.com \
--cc=etienne.carriere@linaro.org \
--cc=jens.wiklander@linaro.org \
--cc=joakim.bech@linaro.org \
--cc=jwerner@chromium.org \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=robh@kernel.org \
--cc=sjg@chromium.org \
--cc=yich@chromium.org \
--cc=yich@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).