core: log message when secure storage corruption is detected

When CFG_REE_FS and CFG_RPMB_FS are both 'y', the data stored by OP-TEE in the REE filesystem (typically, under /data/tee) are protected by hashes stored in the RPMB. Any modifications to the REE files via external means are therefore detected and TEE_ERROR_SECURITY is returned. However, no error or debug message is printed to the secure console which makes troubleshooting more difficult than needed. This commit adds a debug message. Signed-off-by: Jerome Forissier <jerome@forissier.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
author: Jerome Forissier <jerome@forissier.org> 2020-07-21 17:39:43 +0200
committer: Jérôme Forissier <jerome@forissier.org> 2020-07-22 14:56:54 +0200
commit: 7446af61c49a70a53c6d131963569ea3f394c939 (patch)
tree: f8c2f2f28f0a6acb9b2f7c50c18d1aaf5647ec8a
parent: b4faf4806c6748fe4e53699d46c9bfb448d54731 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/core/tee/tee_ree_fs.c b/core/tee/tee_ree_fs.c
index 6ad2cb6b..ec810203 100644
--- a/core/tee/tee_ree_fs.c
+++ b/core/tee/tee_ree_fs.c
@@ -423,6 +423,8 @@ out:
 			fdp->dfh.idx = -1;
 		*fh = (struct tee_file_handle *)fdp;
 	} else {
+		if (res == TEE_ERROR_SECURITY)
+			DMSG("Secure storage corruption detected");
 		if (fdp->fd != -1)
 			tee_fs_rpc_close(OPTEE_RPC_CMD_FS, fdp->fd);
 		if (create)
author	Jerome Forissier <jerome@forissier.org>	2020-07-21 17:39:43 +0200
committer	Jérôme Forissier <jerome@forissier.org>	2020-07-22 14:56:54 +0200
commit	7446af61c49a70a53c6d131963569ea3f394c939 (patch)
tree	f8c2f2f28f0a6acb9b2f7c50c18d1aaf5647ec8a
parent	b4faf4806c6748fe4e53699d46c9bfb448d54731 (diff)