diff options
author | Alexandre Jutras <alexandre.jutras@linaro.org> | 2019-03-07 11:39:57 -0500 |
---|---|---|
committer | Jerome Forissier <jerome.forissier@linaro.org> | 2019-03-08 17:40:11 +0100 |
commit | 025f5cd85440bbcf3bfaf9b7c3367ccfd1db5c44 (patch) | |
tree | d02ae70db434a586ddbbd8632504f3fd9f3368a1 /core | |
parent | 80c4fb791954acddf31a225df7a8c22d48dbe1f1 (diff) |
core: Initialize the chip_id array when generating the SSK
In tee_fs_init_key_manager(), Secure Storage Key (SSK) is computed as
follow:
SSK = HMAC(HUK, message)
message := concatenate(chip_id, static string)
chip_id is a 32-byte array but some tee_otp_get_die_id() implementation
may provide a smaller chip ID. Initialize the chip_id array to make
sure the remaining bytes do not contain garbage data. Without this
initialization, SSK may be inconsistent across power cycles generating
failures when reading back data from the secure storage.
Signed-off-by: Alexandre Jutras <alexandre.jutras@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Diffstat (limited to 'core')
-rw-r--r-- | core/tee/tee_fs_key_manager.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/core/tee/tee_fs_key_manager.c b/core/tee/tee_fs_key_manager.c index 26850104..1bdb7973 100644 --- a/core/tee/tee_fs_key_manager.c +++ b/core/tee/tee_fs_key_manager.c @@ -148,6 +148,7 @@ static TEE_Result tee_fs_init_key_manager(void) * message := concatenate(chip_id, static string) * */ tee_otp_get_hw_unique_key(&huk); + memset(chip_id, 0, sizeof(chip_id)); if (tee_otp_get_die_id(chip_id, sizeof(chip_id))) return TEE_ERROR_BAD_STATE; |