summaryrefslogtreecommitdiff
path: root/documentation/secure_storage_sql.md
diff options
context:
space:
mode:
Diffstat (limited to 'documentation/secure_storage_sql.md')
-rw-r--r--documentation/secure_storage_sql.md19
1 files changed, 8 insertions, 11 deletions
diff --git a/documentation/secure_storage_sql.md b/documentation/secure_storage_sql.md
index 675c794..620e477 100644
--- a/documentation/secure_storage_sql.md
+++ b/documentation/secure_storage_sql.md
@@ -45,21 +45,18 @@ the SQL filesystem is the **tee_file_operations** structure `sql_fs_ops`.
## The SQL filesystem
The secure side of the SQL FS implementation is mostly in
-[core/tee/tee_sql_fs.c](../core/tee/tee_sql_fs.c). This file maps the operations
-in `sql_fs_ops` such as `open`, `truncate`, `read`, `write`, `seek`
-and so on, to similar operations on a file that is a container for the encrypted
-data and associated meta-data. This container is created and manipulated by
-`tee-supplicant` on request from the secure OS. Its layout is like this:
-
-```
- [ File meta-data ] [ Block #0 ] [Block #1]...
- [meta_header|sql_fs_file_meta] [block_header|user data] [ ]...
-```
+[core/tee/tee_sql_fs.c](../core/tee/tee_sql_fs.c). This file maps the
+operations in `sql_fs_ops` such as `open`, `truncate`, `read`, `write`
+and so on, to similar operations on a file that is a container for
+the encrypted data and associated meta-data. This container is created and
+manipulated by `tee-supplicant` on request from the secure OS. Its logical
+layout is similar to REE FS except that there's only a single version of
+each field as atomic updates are ensured by **libsqlfs** instead.
How this file is stored in the SQLite database is private to **libsqlfs**. From
the point of view of OP-TEE, it is a byte-addressable linear file on which
atomic updates can be performed through a standard interface (`open`,
-`truncate`, `seek`, `read`, `write`...) with the addition of `begin_transaction`
+`truncate`, `read`, `write`...) with the addition of `begin_transaction`
and `end_transaction`.
## Encryption