diff options
author | Jerome Forissier <jerome.forissier@linaro.org> | 2019-02-07 18:25:24 +0100 |
---|---|---|
committer | Jérôme Forissier <jerome.forissier@linaro.org> | 2019-02-25 14:23:58 +0100 |
commit | 7db24ad625b91a7f4f16c33b7c825cd56952a8cf (patch) | |
tree | 91fbfd5287cf2e96280cffa3244576af3e15050e /mk/config.mk | |
parent | 77cb2a4dbad1580ae7125d937c6b0e65ed76960c (diff) |
core: REE FS TAs: add option to verify signature before processing
Adds configuration flag CFG_REE_FS_TA_BUFFERED, default enabled.
A new TA store is introduced which depends on the TEE FS TA store to
load the whole binary into a temporary buffer in secure DDR and
authenticate it before being processed further.
This reduces the attack surface of the TEE core in case of a
vulnerability in the ELF loader, at the expense of increased memory
usage at load time.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com> [3.6]
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Diffstat (limited to 'mk/config.mk')
-rw-r--r-- | mk/config.mk | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/mk/config.mk b/mk/config.mk index 7e2c5e53..34e66bfe 100644 --- a/mk/config.mk +++ b/mk/config.mk @@ -208,6 +208,16 @@ CFG_WITH_USER_TA ?= y # Load user TAs from the REE filesystem via tee-supplicant CFG_REE_FS_TA ?= y +# Pre-authentication of TA binaries loaded from the REE filesystem +# +# - If CFG_REE_FS_TA_BUFFERED=y: load TA binary into a temporary buffer in the +# "Secure DDR" pool, check the signature, then process the file only if it is +# valid. +# - If disabled: hash the binaries as they are being processed and verify the +# signature as a last step. +CFG_REE_FS_TA_BUFFERED ?= $(CFG_REE_FS_TA) +$(eval $(call cfg-depends-all,CFG_REE_FS_TA_BUFFERED,CFG_REE_FS_TA)) + # Support for loading user TAs from a special section in the TEE binary. # Such TAs are available even before tee-supplicant is available (hence their # name), but note that many services exported to TAs may need tee-supplicant, |