Age | Commit message (Collapse) | Author |
|
Rename tee_hash_get_digest_size() to tee_alg_get_digest_size().
Change tee_alg_get_digest_size() to use new libutee macro
TEE_ALG_GET_DIGEST_SIZE.
Remove tee_mac_get_digest_size() as its functionality
is handled by tee_alg_get_digest_size() now.
Signed-off-by: Albert Schwarzkopf <a.schwarzkopf@phytec.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Check that the callee_params are writeable too in tee_svc_copy_param()
as they will be updated in tee_svc_update_out_param() in case one of the
parameters is an "out" parameter. To keep it simple always require
callee_params to be writeable.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
In tee_rpmb_write_and_verify_key() a call was recently added to check if
the RPMB key was ready to be retrieved. But the function wasn't called
in the new if statement, instead was just the address of the function
tested to be non-NULL. So with this patch add the missing () to make it
a function call.
Fixes: b1042535dc3e ("rpmb: function to block rpmb write per platform")
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Often the RPMB should only be written if the platform is in the correct
state where the Hardware Unique Key (HUK) for the platform works
correctly. As an example on imx platforms with HUK derivation from the
OTPMK, the OTPMK is only accessible from the secure or trusted state.
Add a function and weak implementation for platforms to indicate that
the device is in the correct state to allow RPMB key writes.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Neveux <cedric.neveux@nxp.com>
|
|
Allows to configure the number of FAT fs entries to be read from RPMB
storage in one chunk. Increasing this number makes functions that
traverse the FAT fs read in more entries within a single RPMB read
operation. While this potentially improves RPMB I/O, it comes at the
cost of additional memory required to be allocated on the heap.
Determining an optimal size is platform- and use-case-dependent.
Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This patch improves RPMB performance. When called, dump_fat()
traverses the whole list of FAT entries and prints them out using
FMSG(). dump_fat() is currently called by write_fat_entry() and
rpmb_fs_setup(). With this commit, dump_fat() is only active when
debugging/tracing, and empty for productive builds.
Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
|
|
Commit 6a2e0a9fe2b9 ("utee: support prehashed RSA sign/ver without
ASN.1") has introduced TEE_OPERATION_EXTENSION in tee_api_defines.h with
value 0xF. This poses a couple of minor issues:
1. Values 0x00000009-0x7FFFFFFF are "Reserved for future use" according
to the TEE Internal Core API specification v1.2.1 (Table 5-6),
2. The meaning of this #define is not clear: "extension" is not a
kind of operation like "cipher", "MAC", "asymmetric signature" etc.
The algorithm added by the above commit is TEE_ALG_RSASSA_PKCS1_V1_5
which is an asymmetric signature and should therefore be associated with
TEE_OPERATION_ASYMMETRIC_SIGNATURE.
I suppose the operation value was added in a attempt to keep the
structure of algorithm identifiers as defined in the GP v1.1
specification, where some particular bits indicate some attributes of
the algorithm. This scheme has since been abandoned by GlobalPlatform so
there is no reason to keep it.
Therefore, this commit removes the TEE_OPERATION_EXTENSION macro and
makes a special case in the TEE_GET_CLASS() macro so that algorithm
TEE_ALG_RSASSA_PKCS1_V1_5 is associated with
TEE_OPERATION_ASYMMETRIC_SIGNATURE.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Gabor Szekely <szvgabor@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Adds SM2 Key Exchange Protocol [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.
SM2 KEP is enabled with CFG_CRYPTO_SM2_KEP=y (default y) wich currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.
[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Adds SM2 Digital Signature Algorithm [1] using LibTomCrypt. The TA
interface complies with the GlobalPlatform TEE Internal Core API
version 1.2.
SM2 DSA is enabled with CFG_CRYPTO_SM2_DSA=y (default y) which currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.
[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Adds SM2 Public Key Encryption [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.
SM2 is enabled with CFG_CRYPTO_SM2_PKE=y (default y) which currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.
[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this hash.
This implementation is based on code published on Gitlab [2]. See commit
ade6f848e084 ("core: crypto: add support for SM4") for details.
[1] https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
[2] https://gitlab.com/otpfree/sm234
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.
ECB, CBC and CTR modes are implemented. Other modes are valid but are
not included in the GP specification, so they are not considered here.
This implementation is based on code published on Gitlab [2]. The
project contains no licensing terms, so I contacted the author
(goldboar@163.com), asking for permission to re-use the code in OP-TEE
under a BSD-2-Clause license. I received the following reply:
"[...] If you like you can use it [...]"
I have reworked the source to better fit the OP-TEE coding style. I
have also added the CTR mode of operation.
I do not think we will need to merge any change from upstream in the
future.
[1] https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
[2] https://gitlab.com/otpfree/sm234
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Adds struct user_mode_ctx which replaces user mode specific fields used
for memory mapping.
Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Prior to this patch tee_tadb_ta_open() had some unreachable code. With
this patch remove that code, but retain the behaviour of
tee_tadb_ta_open().
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Adds description of the fields in struct tadb_entry.
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Add framework to support loading of encrypted TAs from REE-FS using
symmetric authenticated encryption scheme supported by OP-TEE.
The default encryption key is derived from hardware unique key which
can be overridden via platform specific encryption key.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
The mobj interface is changed to use reference counting of mobjs, the
direct mobj_free() call is replaced by mobj_put(). As expected a
mobj_get() is also added to handle multiple references to the same mobj.
This also changes already present reference counting in struct
mobj_reg_shm to use the reference counting mechanism now available in
struct mobj.
The VM_FLAG_EXCLUSIVE_MOBJ flag is removed since the referenced mobj is
put instead when a struct vm_region is removed.
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960)
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Removes the algo parameters from all crypto_authenc_*() functions except
crypto_authenc_alloc_ctx().
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Removes the algo parameters from all crypto_mac_*() functions except
crypto_mac_alloc_ctx().
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Removes the algo parameters from all crypto_cipher_*() functions except
crypto_cipher_alloc_ctx().
tee_aes_cbc_cts_update() is moved into aes-cts.c and renamed to
cbc_cts_update().
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Removes the algo parameters from all crypto_hash_*() functions except
crypto_hash_alloc_ctx().
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
With inconsistent or malformed data it has been possible to call
"update" and "final" crypto functions directly. Using a fuzzer tool [1]
we have seen that this results in asserts, i.e., a crash that
potentially could leak sensitive information.
By setting the state (initialized) in the crypto context (i.e., the
tee_cryp_state) at the end of all syscall_*_init functions and then add
a check of the state at the beginning of all update and final functions,
we prevent direct entrance to the "update" and "final" functions.
[1] https://github.com/MartijnB/optee_fuzzer
Fixes: OP-TEE-2019-0021
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When calling syscall_cipher_init there is no check being done that the
state coming from the TA has been initialized to a valid cipher state.
By checking the class we prevent an assert in cipher_ops.
Fixes: OP-TEE-2019-0020
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When doing calls to syscall_authenc_xyz functions (all of them except
syscall_authenc_init) there is no check being done that the state coming
from the TA has been initialized to a valid authenticated encryption
state. As a consequence of that it's possible to redirect execution to
other functions. Doing like that will make TEE core end up with a data
abort.
Fixes: OP-TEE-2019-0019
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This commit changes the way the tadb_db global variable is protected
against concurrent access on creation and deletion. Instead of using an
atomic reference counter (struct refcount) and a mutex, only the mutex
is used and taken unconditionally. The reference count becomes a global
integer protected by the same mutex.
Using a struct refcount was apparently an optimization to avoid taking
the lock unless actual creation or deletion of the tadb_db was needed.
Unfortunately this implementation was causing occasional crashes of the
TEE core (easily reproducible on HiKey running 'xtest 1013' in a loop).
The new implementation is simpler and appears to be rock solid with no
measurable difference in performance.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
The sockets pseudo-TA is architecture-independent. Move it to
core/tee and drop the pta_ prefix which is not really useful.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
From the eMMC spec, the "Operation result" (Table 19) -- 7 bit quantity
-- is the LSB of "Operation Results data structure" -- 16-bit quantity
-- minus the high order bit. In other words it is
'rpmb_data_frame::op_result[1] & 0x7F' which is probably what we should
be doing here instead of bytes_to_u16().
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
This will give users more details without having to sift through the
code.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Rather than printing all results with DMSG, it's more suitable to
print only errors with EMSG.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Let users know if an RPMB key fails to be generated during RPMB
initializations instead of just exiting the function quietly.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
If we want to write key, then we'd want to write it down as well, so
print it for records.
Note that the key is printed with severity TRACE_DEBUG hence a release
build will not leak it.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
An RPMB key should only be written if the device returns
RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED, not on any RPMB_RESULT* that is
not RPMB_RESULT_OK.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Currently there's no check of return value of tee_fs_dirfile_open,
it's reasonable to do this when dir file truely doesn't exist.
However, if tee_fs_dirfile_open fails with other reason, calling
tee_fs_dirfile_open(true..) will overlap the old dir file, thus
file access in the future will fail.
Signed-off-by: Fangsuo Wu <fangsuowu@asrmicro.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
According to the GlobalPlatform specification it should be possible to
call TEE_StartPersistentObjectEnumerator(..) on an enumerator that
already has been started. When doing that we trigged an assert and ended
up with a panic. This patch fixes that issue by ensuring that we are
closing the currently open directory before re-opening or opening
another directory in those cases where
TEE_StartPersistentObjectEnumerator(..) are called again and again with
no reset done in-between.
Fixes: https://github.com/OP-TEE/optee_os/issues/3093
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Daniel McIlvaney <damcilva@microsoft.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, GP)
|
|
Uses mempool_default for temporary block allocation.
This fixes one out of memory error when loading multiple TAs in
parallel.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
The overflow check used when computing the number of the last block in
the RPMB parition is incorrect. It causes an overflow when
rpmb_size_mult is 128, that is, when the partition size is 16 MiB.
Indeed, max_blk_idx is a uint16_t and we are trying to store 65536
(= 128 * (128 * 1024) / 256).
Fix this by using a 32-bit temporary variable to hold the result of the
multiplication (the number of blocks), then subtract 1 to get the last
block number using SUB_OVERFLOW().
Fixes: ea81076f7896 ("core: RPMB FS: check for potential overflows")
Fixes: https://github.com/OP-TEE/optee_os/issues/3012
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Pengguang Zhu <zpghao@163.com>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
A couple of tee_obj_attr_to_binary() calls are useless,
remove them.
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Fixes: https://github.com/OP-TEE/optee_os/issues/3004
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, GP)
|
|
Adds overflow checks to the secure storage code.
Signed-off-by: Bastien Simondi <bsimondi@netflix.com>
[jf: Fix test in syscall_storage_obj_seek() case TEE_DATA_SEEK_END]
[jf: Get rid of { } block, initialize new local variables]
[jf: Do not fail on (data && !len) in syscall_storage_obj_create()]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
|
|
When servicing syscall_invoke_ta_command(), the invoked TA could modify
the .size field. Make sure the allocated buffer is not overwritten on
return.
Signed-off-by: Bastien Simondi <bsimondi@netflix.com>
[jf: fix multi-line comment, replace '= { 0 };' with '= { };']
[jf: add commit description]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
|
|
The secure storage code makes use of various cryptographic data (keys
and IVs). Make sure the buffers are wiped after use to minimize the
risks that sensitive data may be leaked to an attacker who would have
gained some access to the secure memory.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
|
|
This is a security fix for TA-to-TA calls.
In syscall_open_ta_session() and syscall_invoke_ta_command(), caller TA
can reference some private memory, in which case the kernel makes a
temporary copy. Unfortunately, memory allocated through
alloc_temp_sec_mem() is not cleared when returned. One could leverage
this to copy arbitrary data into this secure memory pool or to snoop
former data from a previous call done by another TA (e.g., using
TEE_PARAM_TYPE_MEMREF_OUTPUT allows to map the data while not overwriting
it, hence accessing to what is already there).
This patch introduces mobj_free_wipe() to clear and free an mobj.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com> [1.5]
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
|
|
Some syscalls can be used to poison kernel heap memory. Data copied from
userland is not wiped when the syscall returns. For instance, when doing
syscall_log() one can copy arbitrary data of variable length onto kernel
memory. When free() is called, the block is returned to the memory pool,
tainted with that userland data. This might be used in combination with
some other vulnerability to produce an exploit.
This patch uses free_wipe() to clear the buffers that have been used to
store user-provided data before returning them to the heap.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com> [1.4]
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Adds get_tag() method to struct user_ta_store_ops.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Adds the function tee_tadb_get_tag() which returns a tag that uniquely
identifies a TA.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Removes the flags argument from tee_pager_alloc() since it's only used
with TEE_MATTR_LOCKED. The exception is the bignum pool, but since it
still releases all locked pages each time the pool becomes unused it's
efficient usage of memory.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When a keep alive TA instance panics, it continues to exist and
blocks all further use of the TA until the next reboot of the system.
Moreover, when a new session is trying to be created for
the panicked TA (while another session to that TA is still opened),
the system hangs.
This change releases panicked TA context and clears all references to
the released context when the TA panics regardless the TA properties.
This allows keep alive TA instances to be created back after they have
panicked without needing to reboot OP-TEE core.
Sessions on panicked TAs have to be closed by the client by calling
the proper API when session client is scheduled back.
Signed-off-by: Ovidiu Mihalachi <ovidiu_mihalachi@mentor.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
tee_rpmb_key_gen() uses huk_subkey_derive() to derive the RPMB instead
of MAC:ing etc directly.
Note that this is only backwards compatible if
CFG_CORE_HUK_SUBKEY_COMPAT=y.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
tee_fs_init_key_manager() uses huk_subkey_derive() to derive the SSK
instead of MAC:ing etc directly.
Note that this is only backwards compatible if
CFG_CORE_HUK_SUBKEY_COMPAT=y.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
After truncating a persistent object, update dataSize in the
corresponding TEE_ObjectInfo structure.
Signed-off-by: Christopher Tam <godtamit@google.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, GP)
|
|
In tee_fs_init_key_manager(), Secure Storage Key (SSK) is computed as
follow:
SSK = HMAC(HUK, message)
message := concatenate(chip_id, static string)
chip_id is a 32-byte array but some tee_otp_get_die_id() implementation
may provide a smaller chip ID. Initialize the chip_id array to make
sure the remaining bytes do not contain garbage data. Without this
initialization, SSK may be inconsistent across power cycles generating
failures when reading back data from the secure storage.
Signed-off-by: Alexandre Jutras <alexandre.jutras@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
|