Searched hist:"33 b38f8c843ad4bd450639c82ac77babeff581e6" (Results 1 – 2 of 2) sorted by relevance
| /optee_os/core/kernel/ |
| H A D | huk_subkey.c | 33b38f8c843ad4bd450639c82ac77babeff581e6 Sun Nov 21 22:12:34 UTC 2021 Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com> core: introduce CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID
Adds CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID which if set to 'y' makes
huk_subkey_derive() generate SSK using tee_otp_get_die_id().
Old scheme for SSK generation:
SSK = HMAC_SHA256(HUK, Chip_ID || "ONLY_FOR_tee_fs_ssk")
This config changes Chip_ID from the default BEEF-like value to the
result of tee_otp_get_die_id().
Note that this option works only if
CFG_CORE_HUK_SUBKEY_COMPAT=y.
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com>
|
| /optee_os/mk/ |
| H A D | config.mk | 33b38f8c843ad4bd450639c82ac77babeff581e6 Sun Nov 21 22:12:34 UTC 2021 Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com> core: introduce CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID
Adds CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID which if set to 'y' makes
huk_subkey_derive() generate SSK using tee_otp_get_die_id().
Old scheme for SSK generation:
SSK = HMAC_SHA256(HUK, Chip_ID || "ONLY_FOR_tee_fs_ssk")
This config changes Chip_ID from the default BEEF-like value to the
result of tee_otp_get_die_id().
Note that this option works only if
CFG_CORE_HUK_SUBKEY_COMPAT=y.
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com>
|