aboutsummaryrefslogtreecommitdiff
path: root/common/scp03.c
diff options
context:
space:
mode:
authorJorge Ramirez-Ortiz2021-02-14 16:27:23 +0100
committerTom Rini2021-03-13 13:14:52 -0500
commit166363f2ed9e72ed3e2bf09d9317d6a5fdafcbea (patch)
tree5c65dcc0a679d5f82e7bb274d0f45ce4b70809f3 /common/scp03.c
parent2a8dc4c488bf7c67c7065eb5ab565ccf568cf725 (diff)
common: SCP03 control (enable and provision of keys)
This Trusted Application allows enabling SCP03 as well as provisioning the keys on TEE controlled secure element (ie, NXP SE050). All the information flowing on buses (ie I2C) between the processor and the secure element must be encrypted. Secure elements are pre-provisioned with a set of keys known to the user so that the secure channel protocol (encryption) can be enforced on the first boot. This situation is however unsafe since the keys are publically available. For example, in the case of the NXP SE050, these keys would be available in the OP-TEE source tree [2] and of course in the documentation corresponding to the part. To address that, users are required to rotate/provision those keys (ie, generate new keys and write them in the secure element's persistent memory). For information on SCP03, check the Global Platform HomePage and google for that term [1] [1] globalplatform.org [2] https://github.com/OP-TEE/optee_os/ check: core/drivers/crypto/se050/adaptors/utils/scp_config.c Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'common/scp03.c')
-rw-r--r--common/scp03.c53
1 files changed, 53 insertions, 0 deletions
diff --git a/common/scp03.c b/common/scp03.c
new file mode 100644
index 00000000000..09ef7b5ba3d
--- /dev/null
+++ b/common/scp03.c
@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * (C) Copyright 2021, Foundries.IO
+ *
+ */
+
+#include <common.h>
+#include <scp03.h>
+#include <tee.h>
+#include <tee/optee_ta_scp03.h>
+
+static int scp03_enable(bool provision)
+{
+ const struct tee_optee_ta_uuid uuid = PTA_SCP03_UUID;
+ struct tee_open_session_arg session;
+ struct tee_invoke_arg invoke;
+ struct tee_param param;
+ struct udevice *tee = NULL;
+
+ tee = tee_find_device(tee, NULL, NULL, NULL);
+ if (!tee)
+ return -ENODEV;
+
+ memset(&session, 0, sizeof(session));
+ tee_optee_ta_uuid_to_octets(session.uuid, &uuid);
+ if (tee_open_session(tee, &session, 0, NULL))
+ return -ENXIO;
+
+ memset(&param, 0, sizeof(param));
+ param.attr = TEE_PARAM_ATTR_TYPE_VALUE_INPUT;
+ param.u.value.a = provision;
+
+ memset(&invoke, 0, sizeof(invoke));
+ invoke.func = PTA_CMD_ENABLE_SCP03;
+ invoke.session = session.session;
+
+ if (tee_invoke_func(tee, &invoke, 1, &param))
+ return -EIO;
+
+ tee_close_session(tee, session.session);
+
+ return 0;
+}
+
+int tee_enable_scp03(void)
+{
+ return scp03_enable(false);
+}
+
+int tee_provision_scp03(void)
+{
+ return scp03_enable(true);
+}