core: allow redefinition of function huk_subkey_derive()

Set the function huk_subkey_derive() as weak to allow platform custom
implementation.
We add __huk_subkey_derive() with the implementation of

core: allow redefinition of function huk_subkey_derive()

Set the function huk_subkey_derive() as weak to allow platform custom
implementation.
We add __huk_subkey_derive() with the implementation of
HUK derivation so the default implementation is still accessible
when huk_subkey_derive() is overridden.
This is useful if the key derivation is implemented using hardware
discovered during intilization.
If the substem used to derive a key is disabled, the function
__huk_subkey_derive() can be used as a fallback.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: introduce CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID

Adds CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID which if set to 'y' makes
huk_subkey_derive() generate SSK using tee_otp_get_die_id().

Old s

core: introduce CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID

Adds CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID which if set to 'y' makes
huk_subkey_derive() generate SSK using tee_otp_get_die_id().

Old scheme for SSK generation:
SSK = HMAC_SHA256(HUK, Chip_ID || "ONLY_FOR_tee_fs_ssk")
This config changes Chip_ID from the default BEEF-like value to the
result of tee_otp_get_die_id().

Note that this option works only if
CFG_CORE_HUK_SUBKEY_COMPAT=y.

Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com>

show more ...

core: remove algo from crypto_mac_*()

Removes the algo parameters from all crypto_mac_*() functions except
crypto_mac_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-

core: remove algo from crypto_mac_*()

Removes the algo parameters from all crypto_mac_*() functions except
crypto_mac_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FS: wipe sensitive data after use

The secure storage code makes use of various cryptographic data (keys
and IVs). Make sure the buffers are wiped after use to minimize the
risks that sensitive

core: FS: wipe sensitive data after use

The secure storage code makes use of various cryptographic data (keys
and IVs). Make sure the buffers are wiped after use to minimize the
risks that sensitive data may be leaked to an attacker who would have
gained some access to the secure memory.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: introduce CFG_CORE_HUK_SUBKEY_COMPAT

Adds CFG_CORE_HUK_SUBKEY_COMPAT which if set to 'y' makes
huk_subkey_derive() produce RPMB and SSK keys identical to the legacy
code.

Reviewed-by: Joakim

core: introduce CFG_CORE_HUK_SUBKEY_COMPAT

Adds CFG_CORE_HUK_SUBKEY_COMPAT which if set to 'y' makes
huk_subkey_derive() produce RPMB and SSK keys identical to the legacy
code.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce huk_subkey_derive()

The hardware unique key should preferably only be used to generate other
keys. This is encouraged with huk_subkey_derive() which is used to
derive a subkey from

core: introduce huk_subkey_derive()

The hardware unique key should preferably only be used to generate other
keys. This is encouraged with huk_subkey_derive() which is used to
derive a subkey from the hardware unique key.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...