1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2015, 2019, Linaro Limited
4 */
5
6 #include <assert.h>
7 #include <inttypes.h>
8 #include <kernel/tee_common_otp.h>
9 #include <kernel/huk_subkey.h>
10 #include <signed_hdr.h>
11 #include <ta_pub_key.h>
12
13 /*
14 * Override these in your platform code to really fetch device-unique
15 * bits from e-fuses or whatever.
16 *
17 * The default implementation just sets it to a constant.
18 */
19
tee_otp_get_hw_unique_key(struct tee_hw_unique_key * hwkey)20 __weak TEE_Result tee_otp_get_hw_unique_key(struct tee_hw_unique_key *hwkey)
21 {
22 memset(&hwkey->data[0], 0, sizeof(hwkey->data));
23 return TEE_SUCCESS;
24 }
25
tee_otp_get_die_id(uint8_t * buffer,size_t len)26 __weak int tee_otp_get_die_id(uint8_t *buffer, size_t len)
27 {
28 if (huk_subkey_derive(HUK_SUBKEY_DIE_ID, NULL, 0, buffer, len))
29 return -1;
30
31 return 0;
32 }
33
34 #ifdef CFG_WITH_USER_TA
35 /*
36 * Override this API on your platform to provide TA encryption key as
37 * per your security requirements. There can be two options for this key:
38 *
39 * 1) Unique per device encryption key.
40 * 2) Class wide encryption key.
41 *
42 * The default implementation chooses option (1).
43 */
tee_otp_get_ta_enc_key(uint32_t key_type __maybe_unused,uint8_t * buffer,size_t len)44 __weak TEE_Result tee_otp_get_ta_enc_key(uint32_t key_type __maybe_unused,
45 uint8_t *buffer, size_t len)
46 {
47 assert(key_type == SHDR_ENC_KEY_DEV_SPECIFIC);
48
49 if (huk_subkey_derive(HUK_SUBKEY_TA_ENC, ta_pub_key_modulus,
50 ta_pub_key_modulus_size, buffer, len))
51 return TEE_ERROR_SECURITY;
52
53 return TEE_SUCCESS;
54 }
55 #endif
56