On Sun, Feb 14, 2021 at 04:27:23PM +0100, Jorge Ramirez-Ortiz wrote: > This Trusted Application allows enabling SCP03 as well as provisioning > the keys on TEE controlled secure element (ie, NXP SE050). > > All the information flowing on buses (ie I2C) between the processor > and the secure element must be encrypted. Secure elements are > pre-provisioned with a set of keys known to the user so that the > secure channel protocol (encryption) can be enforced on the first > boot. This situation is however unsafe since the keys are publically > available. > > For example, in the case of the NXP SE050, these keys would be > available in the OP-TEE source tree [2] and of course in the > documentation corresponding to the part. > > To address that, users are required to rotate/provision those keys > (ie, generate new keys and write them in the secure element's > persistent memory). > > For information on SCP03, check the Global Platform HomePage and > google for that term [1] > [1] globalplatform.org > [2] https://github.com/OP-TEE/optee_os/ > check: > core/drivers/crypto/se050/adaptors/utils/scp_config.c > > Signed-off-by: Jorge Ramirez-Ortiz <jo...@foundries.io> > Reviewed-by: Simon Glass <s...@chromium.org>
Applied to u-boot/next, thanks! -- Tom
signature.asc
Description: PGP signature