storage: RPMB: don't try to program the RPMB key by default

Prevent leakage of the RPMB security key by never programming it, unless a special build option is set (CFG_RPMB_WRITE_KEY=y). Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
author: Jerome Forissier <jerome.forissier@linaro.org> 2017-01-23 12:44:58 +0100
committer: Jerome Forissier <jerome.forissier@linaro.org> 2017-01-23 13:33:47 +0100
commit: ed1993b7f167482550bb8ed55dab700695b9008d (patch)
tree: 62962ac9f67734f69ee31f1c907772d900857f87 /mk/config.mk
parent: b1ecda78bab43d76bc570ecff30ddd232caecf18 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/mk/config.mk b/mk/config.mk
index a444ce73..6aa3f338 100644
--- a/mk/config.mk
+++ b/mk/config.mk
@@ -130,6 +130,16 @@ CFG_RPMB_FS ?= n
 # tee-supplicant process will open /dev/mmcblk<id>rpmb
 CFG_RPMB_FS_DEV_ID ?= 0
 
+# Enables RPMB key programming by the TEE, in case the RPMB partition has not
+# been configured yet.
+# !!! Security warning !!!
+# Do *NOT* enable this in product builds, as doing so would allow the TEE to
+# leak the RPMB key.
+# This option is useful in the following situations:
+# - Testing
+# - RPMB key provisioning in a controlled environment (factory setup)
+CFG_RPMB_WRITE_KEY ?= n
+
 # SQL FS stores its data in a SQLite database, accessed by normal world
 CFG_SQL_FS ?= n
author	Jerome Forissier <jerome.forissier@linaro.org>	2017-01-23 12:44:58 +0100
committer	Jerome Forissier <jerome.forissier@linaro.org>	2017-01-23 13:33:47 +0100
commit	ed1993b7f167482550bb8ed55dab700695b9008d (patch)
tree	62962ac9f67734f69ee31f1c907772d900857f87 /mk/config.mk
parent	b1ecda78bab43d76bc570ecff30ddd232caecf18 (diff)