1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2015, 2019, Linaro Limited
4 */
5
6 #include <assert.h>
7 #include <inttypes.h>
8 #include <kernel/tee_common_otp.h>
9 #include <kernel/huk_subkey.h>
10 #include <signed_hdr.h>
11 #include <ta_pub_key.h>
12
13 /*
14 * Override these in your platform code to really fetch device-unique
15 * bits from e-fuses or whatever.
16 *
17 * The default implementation just sets it to a constant and cannot be
18 * used in a secure environment.
19 */
20
21 #ifdef CFG_INSECURE
tee_otp_get_hw_unique_key(struct tee_hw_unique_key * hwkey)22 __weak TEE_Result tee_otp_get_hw_unique_key(struct tee_hw_unique_key *hwkey)
23 {
24 memset(&hwkey->data[0], 0, sizeof(hwkey->data));
25 return TEE_SUCCESS;
26 }
27 #endif
28
tee_otp_get_die_id(uint8_t * buffer,size_t len)29 __weak int tee_otp_get_die_id(uint8_t *buffer, size_t len)
30 {
31 if (huk_subkey_derive(HUK_SUBKEY_DIE_ID, NULL, 0, buffer, len))
32 return -1;
33
34 return 0;
35 }
36
37 #ifdef CFG_WITH_USER_TA
38 /*
39 * Override this API on your platform to provide TA encryption key as
40 * per your security requirements. There can be two options for this key:
41 *
42 * 1) Unique per device encryption key.
43 * 2) Class wide encryption key.
44 *
45 * The default implementation chooses option (1).
46 */
tee_otp_get_ta_enc_key(uint32_t key_type __maybe_unused,uint8_t * buffer,size_t len)47 __weak TEE_Result tee_otp_get_ta_enc_key(uint32_t key_type __maybe_unused,
48 uint8_t *buffer, size_t len)
49 {
50 assert(key_type == SHDR_ENC_KEY_DEV_SPECIFIC);
51
52 if (huk_subkey_derive(HUK_SUBKEY_TA_ENC, ta_pub_key_modulus,
53 ta_pub_key_modulus_size, buffer, len))
54 return TEE_ERROR_SECURITY;
55
56 return TEE_SUCCESS;
57 }
58 #endif
59