diff options
| author | Jens Wiklander <jens.wiklander@linaro.org> | 2017-06-22 16:14:38 +0200 |
|---|---|---|
| committer | Jérôme Forissier <jerome.forissier@linaro.org> | 2017-06-27 10:02:10 +0200 |
| commit | b4b1a20cc70996dc21004c4b5c173a4ef3d545fa (patch) | |
| tree | 15f2bd3ce7a2d1f14da029051ff0ebfea2d19b61 /documentation | |
| parent | 078f18f82eebf72678b5cffe001e2ad6b28a9424 (diff) | |
core: REE FS: use RPMB for hash storage
REE FS uses RPMB (if available) for storage of dirfile hash.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Diffstat (limited to 'documentation')
| -rw-r--r-- | documentation/secure_storage.md | 16 | ||||
| -rw-r--r-- | documentation/secure_storage_rpmb.md | 6 |
2 files changed, 9 insertions, 13 deletions
diff --git a/documentation/secure_storage.md b/documentation/secure_storage.md index 78893c2d..1c84f86c 100644 --- a/documentation/secure_storage.md +++ b/documentation/secure_storage.md @@ -74,8 +74,9 @@ Below is an excerpt from the specification listing the most vital requirements: Typically, an implementation may rely on the REE for that purpose (protection level 100) or on hardware assets controlled by the TEE (protection level 1000). - The current implementation does *not* provide any protection against - rollback, and therefore the protection level is set to 0. + If configured with CFG_RPMB_FS=y the protection against rollback is is + controlled by the TEE and is set to 1000. If CFG_RPMB_FS=n, there's no + protection against rollback, and the protection level is set to 0. ### TEE File Structure In Linux File System @@ -223,17 +224,6 @@ implementations in your platform code for: These implementations should fetch the key data from your SoC-specific e-fuses, or crypto unit according to the method defined by your SoC vendor. -## Future Work - -- **Rollback attack detection** - -An attacker can backup the whole `/data/tee` folder and restore it at later -time. - -The basic idea of detecting rollback attack is to store information -representing the state of `/data/tee/dirf.db` into another storage which has -anti-rollback capability such as the eMMC RPMB partition. - ## Reference * [Secure Storage Presentation](http://www.slideshare.net/linaroorg/sfo15503-secure-storage-in-optee) diff --git a/documentation/secure_storage_rpmb.md b/documentation/secure_storage_rpmb.md index 7ac2304a..60f6305c 100644 --- a/documentation/secure_storage_rpmb.md +++ b/documentation/secure_storage_rpmb.md @@ -132,6 +132,12 @@ CBC block encryption is used only for RPMB (the REE implementation uses GCM). The FAT is not encrypted. +## REE FS + +If configured with both CFG_REE_FS=y and CFG_RPMB_FS=y the REE FS will +create a special file, "dirfile.db.hash" in RPMB which hold a hash +representing the state of REE FS. + ## References - <a name="JEDECeMMC"></a>[1] _Embedded Multi-Media Card (e•MMC) Electrical Standard (5.1)_, JEDEC JESD84-B51, February 2015 |