libptateec: manufacturing protection PTA #352
Conversation
ldts
force-pushed
the
libptateec-up
branch
2 times, most recently
from
b13f83f to
25cb412
Compare
This option allows lmp-device-register to interrogate the CAAM hardware for an EC public key (256 bits usually) The key will be stored in /var/sota in PEM format (for reference) and passed to the gateway in DER format. Afer registration aktualizer-lite should periodically request the CAAM hardware to sign random strings and send these signatures to the gateway along with the message. See [1] for optee-client reference. Upon receiving these digests, the gateway shall verify them using the board associated public key [1] OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
This option allows lmp-device-register to interrogate the CAAM hardware for an EC public key (256 bits usually) The key will be stored in /var/sota in PEM format (for reference) and passed to the gateway in DER format. Afer registration aktualizer-lite should periodically request the CAAM hardware to sign random strings and send these signatures to the gateway along with the message. See [1] for optee-client reference. Upon receiving these digests, the gateway shall verify them using the board associated public key [1] OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
This option allows lmp-device-register to interrogate the CAAM hardware for an EC public key (256 bits usually) The key will be stored in /var/sota in PEM format (for reference) and passed to the gateway. Afer registration aktualizer-lite should periodically request the CAAM hardware to sign random strings and send these signatures to the gateway along with the message. See [1] for optee-client reference. Upon receiving these digests, the gateway shall verify them using the board associated public key [1] OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
This option allows lmp-device-register to interrogate the CAAM hardware for an EC public key (256 bits usually) The key will be stored in /var/sota in PEM format (for reference) and passed to the gateway. Afer registration aktualizer-lite should periodically request the CAAM hardware to sign random strings and send these signatures to the gateway along with the message. See [1] for optee-client reference. Upon receiving these digests, the gateway shall verify them using the board associated public key [1] OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
This option allows lmp-device-register to interrogate the CAAM hardware for an EC public key (256 bits usually) The key will be stored in /var/sota in PEM format (for reference) and passed to the gateway. Afer registration aktualizer-lite should periodically request the CAAM hardware to sign random strings and send these signatures to the gateway along with the message. See [1] for optee-client reference. Upon receiving these digests, the gateway shall verify them using the board associated public key [1] OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
This option allows lmp-device-register to interrogate the CAAM hardware for an EC public key (256 bits usually) The key will be stored in /var/sota in PEM format (for reference) and passed to the gateway in the CSR using a custom extension [1] Afer registration aktualizer-lite should periodically request the CAAM hardware to sign random strings and send these signatures to the gateway along with the message. See [2] for optee-client reference. Upon receiving these digests, the gateway shall verify them using the board associated public key [1] "1.3.6.1.4.1.294.1.00" [2] OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
Allow accessing the PTA without a session. Users could then use the OP-TEE client interface to retrieve the public key as well as to generate signatures. See OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
Allow opening the PTA without a calling session. Enabling CFG_NXP_CAAM_MP_NO_ACCESS_CTR permits users to use the OP-TEE client interface to retrieve the public key as well as to generate signatures. See OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
Allow opening the PTA without a calling session. Enabling CFG_NXP_CAAM_MP_NO_ACCESS_CTRL permits users to use the OP-TEE client interface to retrieve the public key as well as to generate signatures. See OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
Allow opening the PTA without a calling session. Enabling CFG_NXP_CAAM_MP_NO_ACCESS_CTRL permits users to use the OP-TEE client interface to retrieve the public key as well as to generate signatures. See OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]> Acked-by: Clement Faure <[email protected]>
Allow opening the PTA without a calling session. Enabling CFG_NXP_CAAM_MP_NO_ACCESS_CTRL permits users to use the OP-TEE client interface to retrieve the public key as well as to generate signatures. See OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]> Acked-by: Clement Faure <[email protected]>
|
any comments? |
libptateec/include/pta_tee.h
Outdated
| #endif | ||
|
|
||
| typedef unsigned long PTA_ULONG; | ||
| typedef PTA_ULONG PTA_RV; |
There was a problem hiding this comment.
What's wrong with TEEC_Result?
There was a problem hiding this comment.
We dont know and can't foresee what the PTAs will choose to report..errors could have different meanings depending the calls made to the TEE I guess (so the same TEEC_Result could mean something different for different function calls). having another indirection adds flexibility.
There was a problem hiding this comment.
Since we're only supporting upstream PTAs here we can encourage them to use TEEC_Result error codes, and if needed pick values in the 0x80000000 – 0x8FFFFFFF range for an occasional extension.
There was a problem hiding this comment.
so shall I get rid of the typedef and just cast in case of needing to extend ?
Allow opening the PTA without a calling session. Enabling CFG_NXP_CAAM_MP_NO_ACCESS_CTRL permits users to use the OP-TEE client interface to retrieve the public key as well as to generate signatures. See OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]> Acked-by: Clement Faure <[email protected]>
ldts
force-pushed
the
libptateec-up
branch
3 times, most recently
from
f5a7252 to
33d9c0e
Compare
|
actioned. |
| if (!key || !len || !*len) | ||
| return TEEC_ERROR_BAD_PARAMETERS; | ||
|
|
||
| if (!pta_open_session(&manufacturing_protection_ta_ctx)) |
There was a problem hiding this comment.
How is the session closed?
There was a problem hiding this comment.
um I didnt think it matter to keep an open session for all calls.
The way I thought the user (the process that communicates with the remote server, responding to requests and so on) would access the call is by periodically signing random values provided by the server (thus generating some sort of attestation token)
The key would only be retrieved once and would be sent to the server in a secure environment during provisioning (server = verifier)
There was a problem hiding this comment.
Leaving a session open wastes memory so there should be a way to close the session without killing the process.
There was a problem hiding this comment.
sure, ok let me address that but it will not be as nice in terms of usability - many threads could be accessing the PTA so with the capability of closing the sessions now locking is a must
Allow opening the PTA without a calling session. Enabling CFG_NXP_CAAM_MP_NO_ACCESS_CTRL permits users to use the OP-TEE client interface to retrieve the public key as well as to generate signatures. See OP-TEE/optee_client#352 Signed-off-by: Jorge Ramirez-Ortiz <[email protected]> Acked-by: Clement Faure <[email protected]>
| * pta_imx_mprotect_get_key() - Retrieves the iMX CAAM Manufacturing Protection | ||
| * EC public key. The components x,y are retrieved in RAW format and should | ||
| * be converted to DER or PEM as required. | ||
| * |
There was a problem hiding this comment.
could you describe the arguments?
libptateec/src/pta.h
Outdated
| #include <tee_client_api.h> | ||
| #include <teec_trace.h> | ||
|
|
||
| struct ta_context { |
There was a problem hiding this comment.
Could you also add a description for struct and API functions?
| op.params[1].tmpref.buffer = sig; | ||
| op.params[1].tmpref.size = *sig_len; | ||
| op.params[2].tmpref.buffer = mpmr; | ||
| op.params[2].tmpref.size = *mpmr_len; |
| * [out] memref[0].buffer Public key buffer | ||
| * [out] memref[0].size Public key size | ||
| * | ||
| * Return codes: |
There was a problem hiding this comment.
I suggest you remove this list. The command can return more codes.
There was a problem hiding this comment.
no I dont think it can. I think we should keep this.
There was a problem hiding this comment.
It looks the PTA can also return TEE_ERROR_SHORT_BUFFER, TEE_ERROR_OUT_OF_MEMORY, TEE_ERROR_NOT_SUPPORTED or TEE_ERROR_GENERIC.
libptateec/src/pta.h
Outdated
| * Copyright (c) 2023, Foundries.io Ltd | ||
| */ | ||
| #ifndef PTA_H | ||
| #define PTA_H |
There was a problem hiding this comment.
PTA_H seems too short to me for a header file exposed to other numerous libs.
What about PTATEEC_PTA_H
libptateec/include/pta_tee.h
Outdated
| * requiring at least a 64 byte buffer. | ||
| * | ||
| * @key: [out] Public key in RAW format. | ||
| * @len: [in/out] Key length. |
| * @return TEEC_ERROR_GENERIC Error unspecified. | ||
| * @return TEEC_ERROR_SHORT_BUFFER Error small buffer provided. | ||
| * @return TEEC_ERROR_COMMUNICATION Some other thread closed the connection. | ||
| * @return TEEC_SUCCESS On success. |
There was a problem hiding this comment.
maybe add TEE_ERROR_OUT_OF_MEMORY
ditto for pta_imx_mprotect_sign().
libptateec/include/pta_tee.h
Outdated
| * pta_imx_mprotect_final() - Closes the OP-TEE session | ||
| * | ||
| * This function may fail with TEEC_ERROR_BUSY if there are unfulfilled calls | ||
| * pending |
| } | ||
| pthread_mutex_unlock(&ctx->lock); | ||
| ret = TEEC_InvokeCommand(&ctx->session, cmd_id, op, error_origin); | ||
| atomic_fetch_sub(&ctx->count, 1); |
There was a problem hiding this comment.
This means 1 call to pta_open_session() must be balanced by a call to pta_invoke_cmd().
There was a problem hiding this comment.
If so, I think there is no need to have 2 functions. A single call to pta_invoke_cmd() should be is sufficient to open the context session and invoke a PTA. It's a bit strange of a PTA API to require a call to open_session for each calls to invoke_command.
There was a problem hiding this comment.
Sorry, I think it's a bit weird that a generic PTA invocation API requires each call to pta_open_session() be always followed by a single call to pta_invoke_cmd().
There was a problem hiding this comment.
Yeah, this session handling is a bit more complicated than needed with mutex and reference counter. Couldn't we skip it all and rely on the normal TEE Client primitives?
There was a problem hiding this comment.
IMO being capable of rejecting a close request coming from some separate thread because an invoke is about to follow is a nice feature to have (it really only costs the mutex and reference counter and it has no impact on performance).
But sure I can remove it if you think it adds too much maintenance noise.
There was a problem hiding this comment.
Please remove it then.
|
|
||
| /** | ||
| * pta_open_session() - Opens a session with the PTA uuid in the ta_context. | ||
| * If the session is already open it will increment a session counter. |
There was a problem hiding this comment.
* @ctx Session context, already opened ornot
* Field @ctx->uuid defines the target PTA
libptateec/src/pta.h
Outdated
| /** | ||
| * pta_invoke_cmd() - Invokes a command in the PTA | ||
| */ | ||
| TEEC_Result pta_invoke_cmd(struct ta_context *ctx, uint32_t cmd_id, |
There was a problem hiding this comment.
* @ctx Opened session context
* @cmd_id Command passed to target PTA
* @operation TEE operation arguments passed to target PTA
* @error_origin: Output TEE_ORIGIN_* emitter of the result code
This abstraction provides TEEC access to stable PTAs present in the OP-TEE upstream tree. The first of these miscellaenous PTAs to be integrated in the library is the iMX Manufacturing Protection [1] for which two functions are provided: - Retrieval of the EC Public Key. - Signature generation. [1] AN13676, i.MX RT1170 Manufacturing Protection Signed-off-by: Jorge Ramirez-Ortiz <[email protected]>
|
@etienne-lms @jenswi-linaro anything else? |
|
This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time. |
|
I guess this wasn't needed after all. |
This abstraction provides TEEC access to stable PTAs present in the OP-TEE upstream tree.
The first of these miscellaenous PTAs to be integrated in the library is the iMX Manufacturing Protection [1] for which two functions are provided:
In order to access the service provided by the manufacturing protection PTA, OP-TEE needs to be built with this option OP-TEE/optee_os#6274
[1] AN13676, i.MX RT1170 Manufacturing Protection