| #
1fecc0af |
| 26-Oct-2022 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
crypto: se050: SCP03 enabled only session.
The SE050F FIPS 140-2 certified device makes SCP03 mandatory from
boot.
To support this use case, we introduce CFG_CORE_SCP03_ONLY. Its
functionality is d
crypto: se050: SCP03 enabled only session.
The SE050F FIPS 140-2 certified device makes SCP03 mandatory from
boot.
To support this use case, we introduce CFG_CORE_SCP03_ONLY. Its
functionality is described in crypto.mk.
Some information regarding the SE050F device below [1]
[1] https://www.nxp.com/docs/en/application-note/AN12436.pdf
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| #
d7bbf3bd |
| 18-Feb-2022 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
drivers: crypto: se050: panic on initialization error
Failure to initialize the SE05x device is a critical operation as it will
effectively disable ciphers configured at build time.
This also match
drivers: crypto: se050: panic on initialization error
Failure to initialize the SE05x device is a critical operation as it will
effectively disable ciphers configured at build time.
This also matches the behaviour implemented by the other crypto drivers.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
show more ...
|
| #
fcff2a5f |
| 12-Dec-2021 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
crypto: drivers: se050: OEFID runtime detection
The CFG_CORE_SE05X_OEFID definition is not required as the SE05X OEFID
can be read during early init - before the SCP03 session has been
established.
crypto: drivers: se050: OEFID runtime detection
The CFG_CORE_SE05X_OEFID definition is not required as the SE05X OEFID
can be read during early init - before the SCP03 session has been
established.
The user we can continue to define its value so that the OP-TEE driver
only works when such OEFID is available.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
show more ...
|
| #
0f04594c |
| 05-Feb-2021 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
drivers: crypto: se050: Global Platform SCP03 key provisioning
Remove the need to store the SCP03 keys by deriving them from the HUK
and the SE050 unique hardware identifier.
Works under the assump
drivers: crypto: se050: Global Platform SCP03 key provisioning
Remove the need to store the SCP03 keys by deriving them from the HUK
and the SE050 unique hardware identifier.
Works under the assumption that the HUK is unknown and never exposed
outside the TEE.
CFG_CORE_SE05X_SCP03_PROVISION
Needs to be configured to exec the feature.
CFG_CORE_SE05X_DISPLAY_SCP03_KEYS:
Outputs the current and the new SCP03 keys to the console during
provisioning.
Note that to provision new SCP03 keys, SCP03 must already be in
operation (ie, have an encrypted communication channel between the
processor and the SE050).
Tested on imx8mm EVK.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
a3ca687d |
| 24-Sep-2020 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
drivers: implement se050 driver
Add AES_CTR/RSA/RNG/HUK support for NXP SE050 via the Plug And Trust
library.
Tested on imx8mm LPDDR EVK and imx6ull EVK.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@
drivers: implement se050 driver
Add AES_CTR/RSA/RNG/HUK support for NXP SE050 via the Plug And Trust
library.
Tested on imx8mm LPDDR EVK and imx6ull EVK.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|