core: kernel: fix typo in huk_subkey.h inline comment

Fix a typo in `huk_subkey.h` inline comment where TEE_SUCCES should be
TEE_SUCCESS.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
S

core: kernel: fix typo in huk_subkey.h inline comment

Fix a typo in `huk_subkey.h` inline comment where TEE_SUCCES should be
TEE_SUCCESS.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Niklas Kirschall <niki.nice1203@gmail.com>

show more ...

core: allow redefinition of function huk_subkey_derive()

Set the function huk_subkey_derive() as weak to allow platform custom
implementation.
We add __huk_subkey_derive() with the implementation of

core: allow redefinition of function huk_subkey_derive()

Set the function huk_subkey_derive() as weak to allow platform custom
implementation.
We add __huk_subkey_derive() with the implementation of
HUK derivation so the default implementation is still accessible
when huk_subkey_derive() is overridden.
This is useful if the key derivation is implemented using hardware
discovered during intilization.
If the substem used to derive a key is disabled, the function
__huk_subkey_derive() can be used as a fallback.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: se050: Global Platform SCP03 key provisioning

Remove the need to store the SCP03 keys by deriving them from the HUK
and the SE050 unique hardware identifier.

Works under the assump

drivers: crypto: se050: Global Platform SCP03 key provisioning

Remove the need to store the SCP03 keys by deriving them from the HUK
and the SE050 unique hardware identifier.

Works under the assumption that the HUK is unknown and never exposed
outside the TEE.

CFG_CORE_SE05X_SCP03_PROVISION
Needs to be configured to exec the feature.

CFG_CORE_SE05X_DISPLAY_SCP03_KEYS:
Outputs the current and the new SCP03 keys to the console during
provisioning.

Note that to provision new SCP03 keys, SCP03 must already be in
operation (ie, have an encrypted communication channel between the
processor and the SE050).

Tested on imx8mm EVK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add framework to load REE-FS encrypted TAs

Add framework to support loading of encrypted TAs from REE-FS using
symmetric authenticated encryption scheme supported by OP-TEE.

The default encry

core: add framework to load REE-FS encrypted TAs

Add framework to support loading of encrypted TAs from REE-FS using
symmetric authenticated encryption scheme supported by OP-TEE.

The default encryption key is derived from hardware unique key which
can be overridden via platform specific encryption key.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

HUK: Add enum for TA unique key derivation

Add an additional enum that will be used when deriving device and TA
unique keys.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wi

HUK: Add enum for TA unique key derivation

Add an additional enum that will be used when deriving device and TA
unique keys.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce huk_subkey_derive()

The hardware unique key should preferably only be used to generate other
keys. This is encouraged with huk_subkey_derive() which is used to
derive a subkey from

core: introduce huk_subkey_derive()

The hardware unique key should preferably only be used to generate other
keys. This is encouraged with huk_subkey_derive() which is used to
derive a subkey from the hardware unique key.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...