| #
2c952266 |
| 09-Mar-2023 |
Neal Frager <neal.frager@amd.com> |
core: drivers: zynqmp_csu_puf.c: increase regen time to 6ms
With further evaluation of the ZU+ PUF, we have determined that it is
possible for the PUF regeneration time to exceed 3ms. For this reas
core: drivers: zynqmp_csu_puf.c: increase regen time to 6ms
With further evaluation of the ZU+ PUF, we have determined that it is
possible for the PUF regeneration time to exceed 3ms. For this reason,
the 2023.1 version of the Xilinx xilskey library will bump the wait time
for PUF regeneration to 6ms. This patch brings optee in line with this
change.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
show more ...
|
| #
1d23b02e |
| 08-Oct-2021 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
zynqmp: drivers: generate HUK from PUF KEK
If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.
If authenticated boot was enabled, use the
zynqmp: drivers: generate HUK from PUF KEK
If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.
If authenticated boot was enabled, use the PUK KEK to generate the
HUK instead. The PUF KEK must be registered while securing the board
using the Xilinx tools. In this case, the HUK is generated by reading
the DNA eFuses. This 96 bits value is used to generate a 16 byte
digest which is then AES-GCM encrypted using the PUF KEK. The
resulting 16 byte value is the HUK. To prevent the HUK from being
leaked, the AES-GCM module must be reserved.
The HUK generation was validated on Zynqmp zu3cg using the Xilinx
Lightweight Provisioning Tool to enable authenticated boot and to
provision the PUF (burning a number of eFuses in the process).
Tested-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| #
e4a0a852 |
| 04-Oct-2021 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
zynqmp: drivers: Physically Unclonable Function (PUF)
This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.
The
zynqmp: drivers: Physically Unclonable Function (PUF)
This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.
The KEK is only available once the board has been secured via
programmable eFUSES (RSA_EN authentication via the PPK fuses).
Registering the PUF should be done using the Xilinx tools so the
adequate eFUSES are written.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|