Replay Protected Memory Block "RPMB" Subsystem Submitted For Linux 6.12
The MMC updates for the Linux 6.12 kernel include the introduction of a new kernel subsystem for Replay Protected Memory Block (RPMB) drivers.
This Replay Protected Memory Block subsystem has been a long time coming... Back in 2016 I wrote about Linux May Get A New Subsystem For RPMB: Replay Protected Memory Block. Now as we approach the end of 2024, RPMB is finally and formally materializing for mainline.
As a refresher on RPMB: Replay Protected Memory Block (RPMB) is a several year old specification for having a portion of memory be more secure and accessed via a hidden security key. The RPMB block in eMMC can be used for matters like storing DRM protection keys, OEM security keys, and other information that can't -- for whatever legal or security reasons -- can't be stored via normal storage. RPMB aims to be tamper resistant and requires authentication for reads/writes.
RPMB has uses for eMMC, NVMe, and other storage. With Linux 6.12 the RPMB subsystem is added to drivers/misc/ and hooks in RPMB support in the MMC subsystem for eMMC cards. The TEE/OPTEE (Trusted Execution Environment) subsystem is the initial user of this RPMB support.
Years ago the original RPMB subsystem was proposed by Intel engineers but now is led by Linaro engineering efforts. The patches have gone through a number of revisions in recent months and the code is ready with the OP-TEE driver integration.
More details on the RPMB subsystem via the MMC pull request for Linux 6.12.
This Replay Protected Memory Block subsystem has been a long time coming... Back in 2016 I wrote about Linux May Get A New Subsystem For RPMB: Replay Protected Memory Block. Now as we approach the end of 2024, RPMB is finally and formally materializing for mainline.
As a refresher on RPMB: Replay Protected Memory Block (RPMB) is a several year old specification for having a portion of memory be more secure and accessed via a hidden security key. The RPMB block in eMMC can be used for matters like storing DRM protection keys, OEM security keys, and other information that can't -- for whatever legal or security reasons -- can't be stored via normal storage. RPMB aims to be tamper resistant and requires authentication for reads/writes.
RPMB has uses for eMMC, NVMe, and other storage. With Linux 6.12 the RPMB subsystem is added to drivers/misc/ and hooks in RPMB support in the MMC subsystem for eMMC cards. The TEE/OPTEE (Trusted Execution Environment) subsystem is the initial user of this RPMB support.
Years ago the original RPMB subsystem was proposed by Intel engineers but now is led by Linaro engineering efforts. The patches have gone through a number of revisions in recent months and the code is ready with the OP-TEE driver integration.
More details on the RPMB subsystem via the MMC pull request for Linux 6.12.
5 Comments