diff options
| author | Jorge Ramirez-Ortiz <jorge@foundries.io> | 2021-10-10 16:43:14 +0200 |
|---|---|---|
| committer | Jérôme Forissier <jerome@forissier.org> | 2021-11-08 10:13:23 +0100 |
| commit | f57e4036edaebe33a08d2ec6d785fb5141aefb48 (patch) | |
| tree | 08e3fdfd13f61f85c0051f4e64229d0152c980ea /core | |
| parent | 1d23b02e1ce5665e6552ebd9f8d67883a405cc4e (diff) | |
zynqmp: platform: use HUK derived from PUF KEK for RPMB
Enable the RPMB key when the HUK is generated from the PUF KEK.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Diffstat (limited to 'core')
| -rw-r--r-- | core/arch/arm/plat-zynqmp/conf.mk | 4 | ||||
| -rw-r--r-- | core/arch/arm/plat-zynqmp/main.c | 26 |
2 files changed, 30 insertions, 0 deletions
diff --git a/core/arch/arm/plat-zynqmp/conf.mk b/core/arch/arm/plat-zynqmp/conf.mk index 5d4a73af..8c640668 100644 --- a/core/arch/arm/plat-zynqmp/conf.mk +++ b/core/arch/arm/plat-zynqmp/conf.mk @@ -30,6 +30,10 @@ CFG_CRYPTO_WITH_CE ?= y CFG_ZYNQMP_PM ?= $(CFG_ARM64_core) +ifeq ($(CFG_RPMB_FS),y) +$(call force,CFG_ZYNQMP_HUK,y,Mandated by CFG_RPMB_FS) +endif + ifeq ($(CFG_ZYNQMP_HUK),y) $(call force,CFG_ZYNQMP_CSU_AES,y,Mandated by CFG_ZYNQMP_HUK) $(call force,CFG_ZYNQMP_CSU_PUF,y,Mandated by CFG_ZYNQMP_HUK) diff --git a/core/arch/arm/plat-zynqmp/main.c b/core/arch/arm/plat-zynqmp/main.c index da788364..58df7470 100644 --- a/core/arch/arm/plat-zynqmp/main.c +++ b/core/arch/arm/plat-zynqmp/main.c @@ -33,14 +33,18 @@ #include <drivers/gic.h> #include <drivers/cdns_uart.h> +#include <drivers/zynqmp_csu.h> #include <arm.h> #include <console.h> +#include <io.h> #include <kernel/boot.h> #include <kernel/interrupt.h> #include <kernel/misc.h> +#include <kernel/tee_common_otp.h> #include <kernel/tee_time.h> #include <mm/core_memprot.h> +#include <tee/tee_fs.h> #include <trace.h> static struct gic_data gic_data; @@ -88,3 +92,25 @@ void console_init(void) CONSOLE_UART_CLK_IN_HZ, CONSOLE_BAUDRATE); register_serial_console(&console_data.chip); } + +#if defined(CFG_RPMB_FS) +bool plat_rpmb_key_is_ready(void) +{ + vaddr_t csu = core_mmu_get_va(CSU_BASE, MEM_AREA_IO_SEC, CSU_SIZE); + struct tee_hw_unique_key hwkey = { }; + uint32_t status = 0; + + if (tee_otp_get_hw_unique_key(&hwkey)) + return false; + + /* + * For security reasons, we don't allow writing the RPMB key using the + * development HUK even though it is unique. + */ + status = io_read32(csu + ZYNQMP_CSU_STATUS_OFFSET); + if (status & ZYNQMP_CSU_STATUS_AUTH) + return true; + + return false; +} +#endif |