diff options
author | Jerome Forissier <jerome.forissier@linaro.org> | 2017-01-23 12:44:58 +0100 |
---|---|---|
committer | Jerome Forissier <jerome.forissier@linaro.org> | 2017-01-23 13:33:47 +0100 |
commit | ed1993b7f167482550bb8ed55dab700695b9008d (patch) | |
tree | 62962ac9f67734f69ee31f1c907772d900857f87 | |
parent | b1ecda78bab43d76bc570ecff30ddd232caecf18 (diff) |
storage: RPMB: don't try to program the RPMB key by default
Prevent leakage of the RPMB security key by never programming it,
unless a special build option is set (CFG_RPMB_WRITE_KEY=y).
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
-rw-r--r-- | core/tee/tee_rpmb_fs.c | 27 | ||||
-rw-r--r-- | mk/config.mk | 10 |
2 files changed, 31 insertions, 6 deletions
diff --git a/core/tee/tee_rpmb_fs.c b/core/tee/tee_rpmb_fs.c index 5e00d81b..3b87edc6 100644 --- a/core/tee/tee_rpmb_fs.c +++ b/core/tee/tee_rpmb_fs.c @@ -1028,6 +1028,7 @@ static TEE_Result tee_rpmb_verify_key_sync_counter(uint16_t dev_id) return res; } +#ifdef CFG_RPMB_WRITE_KEY static TEE_Result tee_rpmb_write_key(uint16_t dev_id) { TEE_Result res = TEE_ERROR_GENERIC; @@ -1076,6 +1077,25 @@ func_exit: return res; } +static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id) +{ + TEE_Result res; + + DMSG("RPMB INIT: Writing Key"); + res = tee_rpmb_write_key(dev_id); + if (res == TEE_SUCCESS) { + DMSG("RPMB INIT: Verifying Key"); + res = tee_rpmb_verify_key_sync_counter(dev_id); + } + return res; +} +#else +static TEE_Result tee_rpmb_write_and_verify_key(uint16_t dev_id __unused) +{ + return TEE_ERROR_BAD_STATE; +} +#endif + /* True when all the required crypto functions are available */ static bool have_crypto_ops(void) { @@ -1163,12 +1183,7 @@ static TEE_Result tee_rpmb_init(uint16_t dev_id) /* * Need to write the key here and verify it. */ - DMSG("RPMB INIT: Writing Key"); - res = tee_rpmb_write_key(dev_id); - if (res == TEE_SUCCESS) { - DMSG("RPMB INIT: Verifying Key"); - res = tee_rpmb_verify_key_sync_counter(dev_id); - } + res = tee_rpmb_write_and_verify_key(dev_id); } } diff --git a/mk/config.mk b/mk/config.mk index a444ce73..6aa3f338 100644 --- a/mk/config.mk +++ b/mk/config.mk @@ -130,6 +130,16 @@ CFG_RPMB_FS ?= n # tee-supplicant process will open /dev/mmcblk<id>rpmb CFG_RPMB_FS_DEV_ID ?= 0 +# Enables RPMB key programming by the TEE, in case the RPMB partition has not +# been configured yet. +# !!! Security warning !!! +# Do *NOT* enable this in product builds, as doing so would allow the TEE to +# leak the RPMB key. +# This option is useful in the following situations: +# - Testing +# - RPMB key provisioning in a controlled environment (factory setup) +CFG_RPMB_WRITE_KEY ?= n + # SQL FS stores its data in a SQLite database, accessed by normal world CFG_SQL_FS ?= n |