core: pta: add remote attestation PTA

Add a PTA to perform remote attestation of user space TAs and TEE core
memory. Enabled with CFG_ATTESTATION_PTA=y. Four commands are defined:

- PTA_ATTESTATION

core: pta: add remote attestation PTA

Add a PTA to perform remote attestation of user space TAs and TEE core
memory. Enabled with CFG_ATTESTATION_PTA=y. Four commands are defined:

- PTA_ATTESTATION_GET_PUBKEY

Returns the public RSA key used to sign the measurements generated by
the other commands. The key pair is generated on first call (any
command) and saved to secure storage. It is therefore device-specific.

- PTA_ATTESTATION_GET_TA_SHDR_DIGEST

Returns the digest found in the secure header (struct shdr) of a TA
or trusted shared library given its UUID.

- PTA_ATTESTATION_HASH_TA_MEMORY

This command must be called by a user space TA (not a CA). It computes
a hash of the memory pages that belong to the caller and contain code
or read-only data. This hash is therefore a runtime measurement of the
TA execution environment, including shared libraries (if any). It can be
used to remotely attest that the device is running untampered TA code.

- PTA_ATTESTATION_HASH_TEE_MEMORY

Returns a hash of the TEE OS core (.text and .rodata sections, less the
small part of .text that may be modified at boot). Similar to
PTA_ATTESTATION_HASH_TA_MEMORY, the hash is computed each time the
command is called, so that the result reflects the actual memory
content.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...