[PATCHv5 1/6] common: SCP03 control (enable and provision of keys)
Tom Rini
trini at konsulko.com
Mon Mar 15 16:52:53 CET 2021
On Sun, Feb 14, 2021 at 04:27:23PM +0100, Jorge Ramirez-Ortiz wrote:
> This Trusted Application allows enabling SCP03 as well as provisioning
> the keys on TEE controlled secure element (ie, NXP SE050).
>
> All the information flowing on buses (ie I2C) between the processor
> and the secure element must be encrypted. Secure elements are
> pre-provisioned with a set of keys known to the user so that the
> secure channel protocol (encryption) can be enforced on the first
> boot. This situation is however unsafe since the keys are publically
> available.
>
> For example, in the case of the NXP SE050, these keys would be
> available in the OP-TEE source tree [2] and of course in the
> documentation corresponding to the part.
>
> To address that, users are required to rotate/provision those keys
> (ie, generate new keys and write them in the secure element's
> persistent memory).
>
> For information on SCP03, check the Global Platform HomePage and
> google for that term [1]
> [1] globalplatform.org
> [2] https://github.com/OP-TEE/optee_os/
> check:
> core/drivers/crypto/se050/adaptors/utils/scp_config.c
>
> Signed-off-by: Jorge Ramirez-Ortiz <jorge at foundries.io>
> Reviewed-by: Simon Glass <sjg at chromium.org>
Applied to u-boot/next, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210315/7bb5392d/attachment.sig>
More information about the U-Boot
mailing list