From fda78375e37ff7341cd205bdc26c9ed9b991b927 Mon Sep 17 00:00:00 2001
From: Jens Wiklander <jens.wiklander@linaro.org>
Date: Thu, 25 Apr 2019 16:17:34 +0200
Subject: core: default tee_otp_get_die_id() based on HUK

Changes the default weak tee_otp_get_die_id() implementation to use
huk_subkey_derive() to derive a unique die ID based on the hardware
unique key.

Note that the SSK derivation retains backwards compatibility if
CFG_CORE_HUK_SUBKEY_COMPAT is set to 'y' and tee_otp_get_die_id() wasn't
replaced with a platform specific implementation.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
---
 core/arch/arm/kernel/otp_stubs.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'core')

diff --git a/core/arch/arm/kernel/otp_stubs.c b/core/arch/arm/kernel/otp_stubs.c
index c3cc4268..2f2cba85 100644
--- a/core/arch/arm/kernel/otp_stubs.c
+++ b/core/arch/arm/kernel/otp_stubs.c
@@ -5,6 +5,7 @@
 
 #include <inttypes.h>
 #include <kernel/tee_common_otp.h>
+#include <kernel/huk_subkey.h>
 
 /*
  * Override these in your platform code to really fetch device-unique
@@ -21,11 +22,8 @@ __weak TEE_Result tee_otp_get_hw_unique_key(struct tee_hw_unique_key *hwkey)
 
 __weak int tee_otp_get_die_id(uint8_t *buffer, size_t len)
 {
-	static const char pattern[4] = { 'B', 'E', 'E', 'F' };
-	size_t i;
-
-	for (i = 0; i < len; i++)
-		buffer[i] = pattern[i % 4];
+	if (huk_subkey_derive(HUK_SUBKEY_DIE_ID, NULL, 0, buffer, len))
+		return -1;
 
 	return 0;
 }
-- 
cgit v1.2.3