diff options
author | Kai Renken <code@koffeinsucht.de> | 2017-01-05 10:21:14 +0100 |
---|---|---|
committer | Jerome Forissier <jerome.forissier@linaro.org> | 2017-01-06 09:40:32 +0100 |
commit | a593987457b03f32ee4fa92c0dbc5b81204671e2 (patch) | |
tree | 44b99b0c20453adee1254f41766bd177b8fbcc68 /documentation | |
parent | 06f51575d9eef0bbb5afc050085b097221f9ea1d (diff) |
Cleanup documentation due to new TSK
Signed-off-by: Kai Renken <code@koffeinsucht.de>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
[Rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Diffstat (limited to 'documentation')
-rw-r--r-- | documentation/images/secure_storage/block_data_encryption.odg | bin | 22551 -> 14086 bytes | |||
-rw-r--r-- | documentation/images/secure_storage/block_data_encryption.png | bin | 31440 -> 40890 bytes | |||
-rw-r--r-- | documentation/images/secure_storage/meta_data_encryption.odg | bin | 23392 -> 14232 bytes | |||
-rw-r--r-- | documentation/images/secure_storage/meta_data_encryption.png | bin | 33797 -> 44106 bytes | |||
-rw-r--r-- | documentation/secure_storage.md | 23 | ||||
-rw-r--r-- | documentation/secure_storage_rpmb.md | 2 |
6 files changed, 12 insertions, 13 deletions
diff --git a/documentation/images/secure_storage/block_data_encryption.odg b/documentation/images/secure_storage/block_data_encryption.odg Binary files differindex 5a0c930d..655c81d9 100644 --- a/documentation/images/secure_storage/block_data_encryption.odg +++ b/documentation/images/secure_storage/block_data_encryption.odg diff --git a/documentation/images/secure_storage/block_data_encryption.png b/documentation/images/secure_storage/block_data_encryption.png Binary files differindex b8648bcf..b05f2c01 100644 --- a/documentation/images/secure_storage/block_data_encryption.png +++ b/documentation/images/secure_storage/block_data_encryption.png diff --git a/documentation/images/secure_storage/meta_data_encryption.odg b/documentation/images/secure_storage/meta_data_encryption.odg Binary files differindex c3cd573d..f6785d4f 100644 --- a/documentation/images/secure_storage/meta_data_encryption.odg +++ b/documentation/images/secure_storage/meta_data_encryption.odg diff --git a/documentation/images/secure_storage/meta_data_encryption.png b/documentation/images/secure_storage/meta_data_encryption.png Binary files differindex 53549727..9c7f8c48 100644 --- a/documentation/images/secure_storage/meta_data_encryption.png +++ b/documentation/images/secure_storage/meta_data_encryption.png diff --git a/documentation/secure_storage.md b/documentation/secure_storage.md index dc31a889..9202325f 100644 --- a/documentation/secure_storage.md +++ b/documentation/secure_storage.md @@ -159,6 +159,17 @@ to encrypt/decrypt the FEK. TSK is derived by: > TSK = HMAC<sub>SHA256</sub> (SSK, TA_UUID) +#### TA storage space isolation + +OP-TEE provides different folders for different TAs in Linux file system for +storing their own TEE files, but OP-TEE cannot prevent an attacker from +directly copying a TEE file from one TA's folder to another TA's folder in +Linux file system. + +The TSK offers an effective protection against this kind of attack. If an +attacker copies an TEE file from one TA's folder to another TA's folder, +this TA would not be able to obtain the plaintext of the TEE file. + ### File Encryption Key (FEK) When a new TEE file is created, key manager will generate a new FEK by @@ -233,18 +244,6 @@ or crypto unit according to the method defined by your SoC vendor. ## Future Work -- **TA storage space isolation** - -OP-TEE provides different folders for different TAs in Linux file system for -storing their own TEE files, but OP-TEE cannot prevent an attacker from -directly copying a TEE file from one TA's folder to another TA's folder in -Linux file system. TEE OS should have the ability to detect those kind of -attack, but for now OP-TEE secure storage doesn't meet the requirement. - -A simple solution to detect the attack is using TA's UUID as AAD -when calculating the tag of meta file, so that OP-TEE will know if a TEE file -belongs to a specific TA when the TA tries to open the TEE file. - - **TEE file renaming attack detection** OP-TEE creates a specific folder under the TA's folder for each TEE file in diff --git a/documentation/secure_storage_rpmb.md b/documentation/secure_storage_rpmb.md index c88642cd..7ac2304a 100644 --- a/documentation/secure_storage_rpmb.md +++ b/documentation/secure_storage_rpmb.md @@ -127,7 +127,7 @@ file, as follows: ``` -SSK and FEK handling is common with the REE-based secure storage, while the AES +SSK, TSK and FEK handling is common with the REE-based secure storage, while the AES CBC block encryption is used only for RPMB (the REE implementation uses GCM). The FAT is not encrypted. |