core: Initialize the chip_id array when generating the SSK

In tee_fs_init_key_manager(), Secure Storage Key (SSK) is computed as follow: SSK = HMAC(HUK, message) message := concatenate(chip_id, static string) chip_id is a 32-byte array but some tee_otp_get_die_id() implementation may provide a smaller chip ID. Initialize the chip_id array to make sure the remaining bytes do not contain garbage data. Without this initialization, SSK may be inconsistent across power cycles generating failures when reading back data from the secure storage. Signed-off-by: Alexandre Jutras <alexandre.jutras@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
author: Alexandre Jutras <alexandre.jutras@linaro.org> 2019-03-07 11:39:57 -0500
committer: Jerome Forissier <jerome.forissier@linaro.org> 2019-03-08 17:40:11 +0100
commit: 025f5cd85440bbcf3bfaf9b7c3367ccfd1db5c44 (patch)
tree: d02ae70db434a586ddbbd8632504f3fd9f3368a1 /core
parent: 80c4fb791954acddf31a225df7a8c22d48dbe1f1 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/core/tee/tee_fs_key_manager.c b/core/tee/tee_fs_key_manager.c
index 26850104..1bdb7973 100644
--- a/core/tee/tee_fs_key_manager.c
+++ b/core/tee/tee_fs_key_manager.c
@@ -148,6 +148,7 @@ static TEE_Result tee_fs_init_key_manager(void)
 	 *     message := concatenate(chip_id, static string)
 	 * */
 	tee_otp_get_hw_unique_key(&huk);
+	memset(chip_id, 0, sizeof(chip_id));
 	if (tee_otp_get_die_id(chip_id, sizeof(chip_id)))
 		return TEE_ERROR_BAD_STATE;
author	Alexandre Jutras <alexandre.jutras@linaro.org>	2019-03-07 11:39:57 -0500
committer	Jerome Forissier <jerome.forissier@linaro.org>	2019-03-08 17:40:11 +0100
commit	025f5cd85440bbcf3bfaf9b7c3367ccfd1db5c44 (patch)
tree	d02ae70db434a586ddbbd8632504f3fd9f3368a1 /core
parent	80c4fb791954acddf31a225df7a8c22d48dbe1f1 (diff)