1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2015, 2019, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <inttypes.h> 8 #include <kernel/tee_common_otp.h> 9 #include <kernel/huk_subkey.h> 10 #include <signed_hdr.h> 11 #include <ta_pub_key.h> 12 13 /* 14 * Override these in your platform code to really fetch device-unique 15 * bits from e-fuses or whatever. 16 * 17 * The default implementation just sets it to a constant. 18 */ 19 20 __weak TEE_Result tee_otp_get_hw_unique_key(struct tee_hw_unique_key *hwkey) 21 { 22 memset(&hwkey->data[0], 0, sizeof(hwkey->data)); 23 return TEE_SUCCESS; 24 } 25 26 __weak int tee_otp_get_die_id(uint8_t *buffer, size_t len) 27 { 28 if (huk_subkey_derive(HUK_SUBKEY_DIE_ID, NULL, 0, buffer, len)) 29 return -1; 30 31 return 0; 32 } 33 34 #ifdef CFG_WITH_USER_TA 35 /* 36 * Override this API on your platform to provide TA encryption key as 37 * per your security requirements. There can be two options for this key: 38 * 39 * 1) Unique per device encryption key. 40 * 2) Class wide encryption key. 41 * 42 * The default implementation chooses option (1). 43 */ 44 __weak TEE_Result tee_otp_get_ta_enc_key(uint32_t key_type __maybe_unused, 45 uint8_t *buffer, size_t len) 46 { 47 assert(key_type == SHDR_ENC_KEY_DEV_SPECIFIC); 48 49 if (huk_subkey_derive(HUK_SUBKEY_TA_ENC, ta_pub_key_modulus, 50 ta_pub_key_modulus_size, buffer, len)) 51 return TEE_ERROR_SECURITY; 52 53 return TEE_SUCCESS; 54 } 55 #endif 56