diff options
author | Jerome Forissier <jerome@forissier.org> | 2020-07-21 17:39:43 +0200 |
---|---|---|
committer | Jérôme Forissier <jerome@forissier.org> | 2020-07-22 14:56:54 +0200 |
commit | 7446af61c49a70a53c6d131963569ea3f394c939 (patch) | |
tree | f8c2f2f28f0a6acb9b2f7c50c18d1aaf5647ec8a | |
parent | b4faf4806c6748fe4e53699d46c9bfb448d54731 (diff) |
core: log message when secure storage corruption is detected
When CFG_REE_FS and CFG_RPMB_FS are both 'y', the data stored by OP-TEE
in the REE filesystem (typically, under /data/tee) are protected by
hashes stored in the RPMB. Any modifications to the REE files via
external means are therefore detected and TEE_ERROR_SECURITY is
returned. However, no error or debug message is printed to the secure
console which makes troubleshooting more difficult than needed. This
commit adds a debug message.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
-rw-r--r-- | core/tee/tee_ree_fs.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/tee/tee_ree_fs.c b/core/tee/tee_ree_fs.c index 6ad2cb6b..ec810203 100644 --- a/core/tee/tee_ree_fs.c +++ b/core/tee/tee_ree_fs.c @@ -423,6 +423,8 @@ out: fdp->dfh.idx = -1; *fh = (struct tee_file_handle *)fdp; } else { + if (res == TEE_ERROR_SECURITY) + DMSG("Secure storage corruption detected"); if (fdp->fd != -1) tee_fs_rpc_close(OPTEE_RPC_CMD_FS, fdp->fd); if (create) |