From patchwork Tue Feb 9 19:34:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1438593 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=ZDV2CMBe; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DZtQj6pmrz9sB4 for ; Wed, 10 Feb 2021 06:35:25 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7EA4882ABE; Tue, 9 Feb 2021 20:35:16 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="ZDV2CMBe"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 901C782AB3; Tue, 9 Feb 2021 20:34:44 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B48D9828F7 for ; Tue, 9 Feb 2021 20:34:39 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wm1-x32c.google.com with SMTP id i9so4632910wmq.1 for ; Tue, 09 Feb 2021 11:34:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=0vUaZEByBxwNbTiKXtm4FqQVDvKyfcDOoqR5sJkil9E=; b=ZDV2CMBe0uhjSuP8EcTaDdf7vGBwCuOIgwc/LRxNl8uPwUYlbc5WvwYHhWhpLp1a7T jnlpPCeikgP1f8TwCMCTj+1X+dJpsPAHxmGweY/wMiMU6dTRpryAu3wKdk02nFgt/Pio xVbVqVZfu+/fdz0R8Num1dc8Wa/JfO9bbU0FfZvecJajol+PZ2VrWqIefHzmZLkzU51Y dsrdNaV3e0ukVq6o+68mYWPqDoXSRYcHWfgqK/NGA4LMsyr315IWilVHSIgKGHgL9/GK J695C3cIj2ssuQ/HIs1O+vWhqWcljB0UumSrycT0Mtuj/YEbERcrWH/87IvCdtwtXWH8 NSlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=0vUaZEByBxwNbTiKXtm4FqQVDvKyfcDOoqR5sJkil9E=; b=o14Fs1eIXt5Fjo1+oBX7FZBOntH77s1/MnLR37/gBqPykQaudSDIo4oJz6XGiO0vWV mDQQ9vvvtYnqJz6Fd+aHcP2UDufI8pkY1v20MwgLgEFFT4J4/IzrTe1c3V9QKJBkFphL 37Dk4CQd01j1AWMWu22yCfGiiLAr2Kr3lvr/WAhmvppfuAswhP/XYIyqVbpT0S5cfa5I jFf9viyYAc8v/+AmcMhzsRxfXjhooaAlEznhpk0KBpbgZkBGHV3C8BzenE+CvkwnhKnB qon4WTZQ3W6PzeSmJ1PVJX0BLOVSeuYKZJn31b5HnahrFLxxDxxgDChHPcBfC/7xBeWt ZPGA== X-Gm-Message-State: AOAM533CiB4LW/5VLDe/4kDv0mDm7WZ1U82c5cdtWOPCVG71hU+lhRdN hd3/U61n0EXtNfk+m87OZgZt9A== X-Google-Smtp-Source: ABdhPJw2VB/M/iK4m70FM2paVII14bC9cdiLdQGCPzT60p8Tz2sMaH3ZJi9md775Qe/Tn1+CNkCVlg== X-Received: by 2002:a1c:98ce:: with SMTP id a197mr4896739wme.120.1612899279123; Tue, 09 Feb 2021 11:34:39 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id a132sm6621471wmf.42.2021.02.09.11.34.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Feb 2021 11:34:38 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv4 1/6] common: SCP03 control (enable and provision of keys) Date: Tue, 9 Feb 2021 20:34:08 +0100 Message-Id: <20210209193413.26572-1-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean This Trusted Application allows enabling SCP03 as well as provisioning the keys on TEE controlled secure element (ie, NXP SE050). All the information flowing on buses (ie I2C) between the processor and the secure element must be encrypted. Secure elements are pre-provisioned with a set of keys known to the user so that the secure channel protocol (encryption) can be enforced on the first boot. This situation is however unsafe since the keys are publically available. For example, in the case of the NXP SE050, these keys would be available in the OP-TEE source tree [2] and of course in the documentation corresponding to the part. To address that, users are required to rotate/provision those keys (ie, generate new keys and write them in the secure element's persistent memory). For information on SCP03, check the Global Platform HomePage and google for that term [1] [1] globalplatform.org [2] https://github.com/OP-TEE/optee_os/ check: core/drivers/crypto/se050/adaptors/utils/scp_config.c Signed-off-by: Jorge Ramirez-Ortiz Reviewed-by: Simon Glass --- common/Kconfig | 8 ++++++ common/Makefile | 1 + common/scp03.c | 53 ++++++++++++++++++++++++++++++++++++ include/scp03.h | 21 ++++++++++++++ include/tee/optee_ta_scp03.h | 21 ++++++++++++++ 5 files changed, 104 insertions(+) create mode 100644 common/scp03.c create mode 100644 include/scp03.h create mode 100644 include/tee/optee_ta_scp03.h diff --git a/common/Kconfig b/common/Kconfig index 2bb3798f80..482f123534 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -588,6 +588,14 @@ config AVB_BUF_SIZE endif # AVB_VERIFY +config SCP03 + bool "Build SCP03 - Secure Channel Protocol O3 - controls" + depends on OPTEE || SANDBOX + depends on TEE + help + This option allows U-Boot to enable and or provision SCP03 on an OPTEE + controlled Secured Element. + config SPL_HASH bool # "Support hashing API (SHA1, SHA256, etc.)" help diff --git a/common/Makefile b/common/Makefile index daeea67cf2..215b8b26fd 100644 --- a/common/Makefile +++ b/common/Makefile @@ -137,3 +137,4 @@ obj-$(CONFIG_CMD_LOADB) += xyzModem.o obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_AVB_VERIFY) += avb_verify.o +obj-$(CONFIG_SCP03) += scp03.o diff --git a/common/scp03.c b/common/scp03.c new file mode 100644 index 0000000000..09ef7b5ba3 --- /dev/null +++ b/common/scp03.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#include +#include +#include +#include + +static int scp03_enable(bool provision) +{ + const struct tee_optee_ta_uuid uuid = PTA_SCP03_UUID; + struct tee_open_session_arg session; + struct tee_invoke_arg invoke; + struct tee_param param; + struct udevice *tee = NULL; + + tee = tee_find_device(tee, NULL, NULL, NULL); + if (!tee) + return -ENODEV; + + memset(&session, 0, sizeof(session)); + tee_optee_ta_uuid_to_octets(session.uuid, &uuid); + if (tee_open_session(tee, &session, 0, NULL)) + return -ENXIO; + + memset(¶m, 0, sizeof(param)); + param.attr = TEE_PARAM_ATTR_TYPE_VALUE_INPUT; + param.u.value.a = provision; + + memset(&invoke, 0, sizeof(invoke)); + invoke.func = PTA_CMD_ENABLE_SCP03; + invoke.session = session.session; + + if (tee_invoke_func(tee, &invoke, 1, ¶m)) + return -EIO; + + tee_close_session(tee, session.session); + + return 0; +} + +int tee_enable_scp03(void) +{ + return scp03_enable(false); +} + +int tee_provision_scp03(void) +{ + return scp03_enable(true); +} diff --git a/include/scp03.h b/include/scp03.h new file mode 100644 index 0000000000..729667ccd1 --- /dev/null +++ b/include/scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#ifndef _SCP03_H +#define _SCP03_H + +/* + * Requests to OPTEE to enable or provision the Secure Channel Protocol on its + * Secure Element + * + * If key provisioning is requested, OPTEE shall generate new SCP03 keys and + * write them to the Secure Element. + * + * Both functions return < 0 on error else 0. + */ +int tee_enable_scp03(void); +int tee_provision_scp03(void); +#endif /* _SCP03_H */ diff --git a/include/tee/optee_ta_scp03.h b/include/tee/optee_ta_scp03.h new file mode 100644 index 0000000000..13f9956d98 --- /dev/null +++ b/include/tee/optee_ta_scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* + * (C) Copyright 2021, Foundries.IO + * + */ +#ifndef __TA_SCP03_H +#define __TA_SCP03_H + +#define PTA_SCP03_UUID { 0xbe0e5821, 0xe718, 0x4f77, \ + { 0xab, 0x3e, 0x8e, 0x6c, 0x73, 0xa9, 0xc7, 0x35 } } + +/* + * Enable Secure Channel Protocol functionality (SCP03) on the Secure Element. + * Setting the operation value to something different than NULL will trigger + * the SCP03 provisioning request. + * + * in params[0].a = operation + */ +#define PTA_CMD_ENABLE_SCP03 0 + +#endif /*__TA_SCP03_H*/ From patchwork Tue Feb 9 19:34:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1438591 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=lpxJqpom; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DZtQQ62fBz9sB4 for ; Wed, 10 Feb 2021 06:35:00 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A68F882A3C; Tue, 9 Feb 2021 20:34:48 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="lpxJqpom"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1BF0C82AB2; Tue, 9 Feb 2021 20:34:45 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C27DC82A3C for ; Tue, 9 Feb 2021 20:34:40 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wm1-x329.google.com with SMTP id o10so2339112wmc.1 for ; Tue, 09 Feb 2021 11:34:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1hSZkWzu1HKGxQTECBmWnVjyCwoLk2JMjm7u9CNSqVo=; b=lpxJqpomu+qKb87tIweYRczXOlTCu4hxQZquOlCbzgr9lilnGYlq2WUa3vyB8yOV8j biYZWxEZmE9P05/E12njqAX7j3cdGBetuqMsKBegX51ZmM3TYHMZptPH3cHYDeWXtmLo MbBeRkp9ZHFHjt9cBouHZtwhTrNQeuZk36zxHJ3fxxfcY0BdTns6OhzEA7EqoqZEfCJm xInasFAbg+5HZbpw3gaQCHpcqge4vHhuKzHfNMh+jd3AQ1FbR+ChmzXWCIe6cVCrlgGW hwqHwP7IGFeID1uZDoZg33r9afBCjNJHuuCX229586uWMU1I86DDEBowPhSu0eYX1p3M RhZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1hSZkWzu1HKGxQTECBmWnVjyCwoLk2JMjm7u9CNSqVo=; b=rvNSJ4TipOljtdqhZAyxrd2QBvB38whzEO9aWMR+thY2wMONm4nbH3ERqoR5/0TTNI 3+UsQpFBAn0EbTJG28Qgl+1UwTmJ1oTXC9WIAFrxGRDwPwjylJFARKYuOWlg0pX3Ivn9 tdV69fiBereFDNvJ7M4wS7Y9xtoZN7ksapy6X4+Pa1zx78GwMre11o43Ls1Q48c2bDBL pphsCaSOhNjVV+vX1W2B6kHGKPmgOjs5Nea2jnC8nRsfW1ktM7vmLSXpb6WgS1DA3yq6 m3Kia3iAZqk31jovk8/KZPiVQuF2MtSWAb2fXqNY0HeeLrjLVfdONcBlAXxD/7hBp8V+ X6fg== X-Gm-Message-State: AOAM533bfGUWFSOP2lH8dfIo+9IhLqlfotQ/pRbB5+zqwm5vpYKoKFqO xFhy29ZETGobplbi60jMiizp0w== X-Google-Smtp-Source: ABdhPJxHw3YhF218uv81F9EIq6ezGhn+UPws3gHc/DXlth/kqHyFjvkLlC0RujUajOsahsbRawWOhw== X-Received: by 2002:a05:600c:4f56:: with SMTP id m22mr4963321wmq.49.1612899280289; Tue, 09 Feb 2021 11:34:40 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id a132sm6621471wmf.42.2021.02.09.11.34.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Feb 2021 11:34:39 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv4 2/6] cmd: SCP03: enable and provision command Date: Tue, 9 Feb 2021 20:34:09 +0100 Message-Id: <20210209193413.26572-2-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210209193413.26572-1-jorge@foundries.io> References: <20210209193413.26572-1-jorge@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Enable and provision the SCP03 keys on a TEE controlled secured elemt from the U-Boot shell. Executing this command will generate and program new SCP03 encryption keys on the secure element NVM. Depending on the TEE implementation, the keys would then be stored in some persistent storage or better derived from some platform secret (so they can't be lost). Signed-off-by: Jorge Ramirez-Ortiz Reviewed-by: Simon Glass --- cmd/Kconfig | 8 ++++++++ cmd/Makefile | 3 +++ cmd/scp03.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 cmd/scp03.c diff --git a/cmd/Kconfig b/cmd/Kconfig index 928a2a0a2d..6327374f2c 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2021,6 +2021,14 @@ config HASH_VERIFY help Add -v option to verify data against a hash. +config CMD_SCP03 + bool "scp03 - SCP03 enable and rotate/provision operations" + depends on SCP03 + help + This command provides access to a Trusted Application + running in a TEE to request Secure Channel Protocol 03 + (SCP03) enablement and/or rotation of its SCP03 keys. + config CMD_TPM_V1 bool diff --git a/cmd/Makefile b/cmd/Makefile index 176bf925fd..a7017e8452 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o # Android Verified Boot 2.0 obj-$(CONFIG_CMD_AVB) += avb.o +# Foundries.IO SCP03 +obj-$(CONFIG_CMD_SCP03) += scp03.o + obj-$(CONFIG_ARM) += arm/ obj-$(CONFIG_RISCV) += riscv/ obj-$(CONFIG_SANDBOX) += sandbox/ diff --git a/cmd/scp03.c b/cmd/scp03.c new file mode 100644 index 0000000000..655e0bba08 --- /dev/null +++ b/cmd/scp03.c @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#include +#include +#include +#include + +int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + if (argc != 1) + return CMD_RET_USAGE; + + if (tee_enable_scp03()) { + printf("TEE failed to enable SCP03\n"); + return CMD_RET_FAILURE; + } + + printf("SCP03 is enabled\n"); + + return CMD_RET_SUCCESS; +} + +int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + if (argc != 1) + return CMD_RET_USAGE; + + if (tee_provision_scp03()) { + printf("TEE failed to provision SCP03 keys\n"); + return CMD_RET_FAILURE; + } + + printf("SCP03 is provisioned\n"); + + return CMD_RET_SUCCESS; +} + +static char text[] = + "provides a command to enable SCP03 and provision the SCP03 keys\n" + " enable - enable SCP03 on the TEE\n" + " provision - provision SCP03 on the TEE\n"; + +U_BOOT_CMD_WITH_SUBCMDS(scp03, "Secure Channel Protocol 03 control", text, + U_BOOT_SUBCMD_MKENT(enable, 1, 1, do_scp03_enable), + U_BOOT_SUBCMD_MKENT(provision, 1, 1, do_scp03_provision)); + From patchwork Tue Feb 9 19:34:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1438598 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=Cw2Kf6q9; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DZtRk6j3Gz9sB4 for ; Wed, 10 Feb 2021 06:36:18 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 5C01982ACE; Tue, 9 Feb 2021 20:36:10 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="Cw2Kf6q9"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1BCCC82ABE; Tue, 9 Feb 2021 20:34:57 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 01FF782A42 for ; Tue, 9 Feb 2021 20:34:41 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wm1-x32b.google.com with SMTP id f16so4315104wmq.5 for ; Tue, 09 Feb 2021 11:34:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ngwfLorTKmlyJWQMMFaeTqN5Sc3z161KaBCynHKL3+0=; b=Cw2Kf6q9LG91gKvCW8H+YgLY9iWwYpgT8xxfP/4ZnfL6x9YT+x8dwa/uVSteSXwzbI nnJskMDRzPx7nk5DUGztSL29SbSUizDQluSH/lnps0svBVLjFDwIcuUCu+Xpbglr6Kgw KLBKOMvkns5TGAAvgRqQO+oqC8WdGg1Ho72FHAIs/rIBcryYcQIjncW3XPYw+kq3KIDt dVjkcez/hj8SOSpZ/uHpicFMSOnrVEEArQ3HrLJJRHUKuCrudcfJ9CVEeTxdQfsmxsGN jIIjtdvtCvuwwMHc/8fYSj3IOsu1GyGJ4iBXlVfmaPmZSeMkrcOrks3iB+Gq0H/xWcrJ McdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ngwfLorTKmlyJWQMMFaeTqN5Sc3z161KaBCynHKL3+0=; b=ND39DQ0c/LtwcduQP/zbftAGw+Vb1aIPK61ySNYG3AAvhZe5hB12ArKbdAuG7lHnN4 qGDb+9uUDwJWNMDKCcgYDrIp/wj596Nq240xgElgq5oCxOHv4unRhDCb7q7ogOw6O7lL n7Be4FV7aQiaGD2ygZhtOlVL/KKfXP70zIFYEACR3rYVuJOsbgcvgpBcCx3aVTpkq/sN UadBDqQDyP8RkEvnAEvP/7U5SThqAbWwa8vEv2Dp+OpSeAiWycoqEIrWQ5UbE08iU0ff kERbHlmeXCHt7V/eJWO9TnjNXrBn0O0420h3zaJZt1CKL4cOWh/3xbrliQ0ymyK79aRk UxSg== X-Gm-Message-State: AOAM532u+R0F8cS4cV1NkpCYRNbdRQXcupf+D56vtLoHrIvYB+pMzkYQ r9KRjXhh7JT8F34+MNqsng1cZQ== X-Google-Smtp-Source: ABdhPJzVqu9JqgoDs1T8EdxTo8USv2amLHJRyLGOL4SByDz8qARqvBdtBWpFRCBcPkRwKJr5oPJ7bQ== X-Received: by 2002:a1c:7e15:: with SMTP id z21mr4942905wmc.27.1612899281459; Tue, 09 Feb 2021 11:34:41 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id a132sm6621471wmf.42.2021.02.09.11.34.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Feb 2021 11:34:40 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv4 3/6] drivers: tee: sandbox: SCP03 control emulator Date: Tue, 9 Feb 2021 20:34:10 +0100 Message-Id: <20210209193413.26572-3-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210209193413.26572-1-jorge@foundries.io> References: <20210209193413.26572-1-jorge@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Adds support for a working SCP03 emulation. Input parameters are validated however the commands (enable, provision) executed by the TEE are assumed to always succeed. Signed-off-by: Jorge Ramirez-Ortiz Reviewed-by: Simon Glass --- drivers/tee/optee/Kconfig | 6 +++++ drivers/tee/sandbox.c | 57 +++++++++++++++++++++++++++++++++++++-- 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/drivers/tee/optee/Kconfig b/drivers/tee/optee/Kconfig index d489834df9..98988c38f0 100644 --- a/drivers/tee/optee/Kconfig +++ b/drivers/tee/optee/Kconfig @@ -22,6 +22,12 @@ config OPTEE_TA_AVB The TA can support the "avb" subcommands "read_rb", "write"rb" and "is_unlocked". +config OPTEE_TA_SCP03 + bool "Support SCP03 TA" + default y + help + Enables support for controlling (enabling, provisioning) the + Secure Channel Protocol 03 operation in the OP-TEE SCP03 TA. endmenu endif diff --git a/drivers/tee/sandbox.c b/drivers/tee/sandbox.c index e1ba027fd6..f25cdd47e4 100644 --- a/drivers/tee/sandbox.c +++ b/drivers/tee/sandbox.c @@ -7,6 +7,7 @@ #include #include #include +#include /* * The sandbox tee driver tries to emulate a generic Trusted Exectution @@ -32,7 +33,7 @@ struct ta_entry { struct tee_param *params); }; -#ifdef CONFIG_OPTEE_TA_AVB +#if defined(CONFIG_OPTEE_TA_SCP03) || defined(CONFIG_OPTEE_TA_AVB) static u32 get_attr(uint n, uint num_params, struct tee_param *params) { if (n >= num_params) @@ -44,7 +45,7 @@ static u32 get_attr(uint n, uint num_params, struct tee_param *params) static u32 check_params(u8 p0, u8 p1, u8 p2, u8 p3, uint num_params, struct tee_param *params) { - u8 p[] = { p0, p1, p2, p3}; + u8 p[] = { p0, p1, p2, p3 }; uint n; for (n = 0; n < ARRAY_SIZE(p); n++) @@ -62,6 +63,52 @@ bad_params: return TEE_ERROR_BAD_PARAMETERS; } +#endif + +#ifdef CONFIG_OPTEE_TA_SCP03 +static u32 pta_scp03_open_session(struct udevice *dev, uint num_params, + struct tee_param *params) +{ + /* + * We don't expect additional parameters when opening a session to + * this TA. + */ + return check_params(TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE, + num_params, params); +} + +static u32 pta_scp03_invoke_func(struct udevice *dev, u32 func, uint num_params, + struct tee_param *params) +{ + u32 res; + static bool enabled; + + switch (func) { + case PTA_CMD_ENABLE_SCP03: + res = check_params(TEE_PARAM_ATTR_TYPE_VALUE_INPUT, + TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, + num_params, params); + if (res) + return res; + + if (!enabled) { + enabled = true; + } else { + } + + if (params[0].u.value.a) + + return TEE_SUCCESS; + default: + return TEE_ERROR_NOT_SUPPORTED; + } +} +#endif + +#ifdef CONFIG_OPTEE_TA_AVB static u32 ta_avb_open_session(struct udevice *dev, uint num_params, struct tee_param *params) @@ -223,6 +270,12 @@ static const struct ta_entry ta_entries[] = { .invoke_func = ta_avb_invoke_func, }, #endif +#ifdef CONFIG_OPTEE_TA_SCP03 + { .uuid = PTA_SCP03_UUID, + .open_session = pta_scp03_open_session, + .invoke_func = pta_scp03_invoke_func, + }, +#endif }; static void sandbox_tee_get_version(struct udevice *dev, From patchwork Tue Feb 9 19:34:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1438596 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=Q3OSa7jf; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DZtRV23rzz9sB4 for ; Wed, 10 Feb 2021 06:36:06 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6157682AAA; Tue, 9 Feb 2021 20:36:02 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="Q3OSa7jf"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 395BC82AB7; Tue, 9 Feb 2021 20:35:02 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 17EFF82AAA for ; Tue, 9 Feb 2021 20:34:43 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wr1-x430.google.com with SMTP id v15so23458993wrx.4 for ; Tue, 09 Feb 2021 11:34:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=M76zgkg51jsSiGaAz5wiwNelUViZSJPCbB0L4hflxDg=; b=Q3OSa7jfbNaBqZEUvrQy0Y/bhSgJDFoxKwUXWzxIp4IxrnEQzSi1rmrsHck97m9Mg4 bdexQEB3Nr34WX6z0YHkg2FlWeAJE2W4TW6gskKX7RbVAKomp7ztxUQ/mKschAuVkSvs txT7JzgLkakF1Sm7Qq+asZMnDcuDozWnFVtQPwuG6SrYrdHTrmlD5JQ5gfu+WiJ7j2uo tBOTOgEQw83kGIm7YESAzLHtzZE2KzrfPswrFdGLAW2gzgB6EV7K8XIAwl+gf6s4sp0d n95RknFW9HgUxXyuaNygVvkBDKso1R9f07r0jlJ7ipccKt6p2YVTqqniACnehgKY2vYu 65eQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=M76zgkg51jsSiGaAz5wiwNelUViZSJPCbB0L4hflxDg=; b=OQ6c9BAz0LZbOZaKd3VC3XD/xWXwqM8UE/gv/77Oh/f+um1BHh0WnQn5igtiKKeYA9 8y4ieOg9dXvnyX2BfOlp9HpQcXV2Bml4wySZTpqmu93qSCjGvpV1wFVEsNV2vqNsG2pl bCdEASxPVFezhhvWKyTkNU/099HkBErDYbwBqPcZgpX4jqswoY8fJKqHyudsMlE6y+Nj ME70HWNyTWfc0ozUolGHSBXs9XKFUIaEmknOGlJ65Oj5NrFLxIK/25cJsSf1ddaF1Iam kE5hm2UHATF4z8y8DE5NC9NKhzzm3wc8os6/bl1tak1qZXBgears7lv8L5ZziEwmxCyR y1Gg== X-Gm-Message-State: AOAM532kySue95JVpCtZ4DsMfRhAk3COcgGUN4i5P1dPFVvbvgLh8POy JyRqqQ/Ey7+fid1t6uGC387DHA== X-Google-Smtp-Source: ABdhPJzdLMiksTMQdqCepf78gGgZtIFOW3ExzbUxlX5eS3WY+CK+F7gSOxBBLuTDBjZCUqzfXp07nw== X-Received: by 2002:adf:9031:: with SMTP id h46mr27463357wrh.19.1612899282629; Tue, 09 Feb 2021 11:34:42 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id a132sm6621471wmf.42.2021.02.09.11.34.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Feb 2021 11:34:42 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv4 4/6] doc: describe the scp03 command Date: Tue, 9 Feb 2021 20:34:11 +0100 Message-Id: <20210209193413.26572-4-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210209193413.26572-1-jorge@foundries.io> References: <20210209193413.26572-1-jorge@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean The Secure Channel Protocol 03 command sends control requests (enable/provision) to the TEE implementing the protocol between the processor and the secure element. Signed-off-by: Jorge Ramirez-Ortiz --- doc/usage/index.rst | 1 + doc/usage/scp03.rst | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 doc/usage/scp03.rst diff --git a/doc/usage/index.rst b/doc/usage/index.rst index 5754958d7e..fa1c4160b9 100644 --- a/doc/usage/index.rst +++ b/doc/usage/index.rst @@ -29,3 +29,4 @@ Shell commands pstore sbi true + scp03 diff --git a/doc/usage/scp03.rst b/doc/usage/scp03.rst new file mode 100644 index 0000000000..7ff87ed85a --- /dev/null +++ b/doc/usage/scp03.rst @@ -0,0 +1,33 @@ +.. SPDX-License-Identifier: GPL-2.0+ + +scp03 command +============= + +Synopsis +-------- + +:: + + scp03 enable + scp03 provision + +Description +----------- + +The *scp03* command calls into a Trusted Application executing in a +Trusted Execution Environment to enable (if present) the Secure +Channel Protocol 03 stablished between the processor and the secure +element. + +This protocol encrypts all the communication between the processor and +the secure element using a set of pre-defined keys. These keys can be +rotated (provisioned) using the *provision* request. + +See also +-------- + +For some information on the internals implemented in the TEE, please +check the GlobalPlatform documentation on `Secure Channel Protocol '03'`_ + +.. _Secure Channel Protocol '03': + https://globalplatform.org/wp-content/uploads/2014/07/GPC_2.3_D_SCP03_v1.1.2_PublicRelease.pdf From patchwork Tue Feb 9 19:34:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1438594 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=KJWbLqup; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DZtQt14XCz9sB4 for ; Wed, 10 Feb 2021 06:35:33 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A9A9282A42; Tue, 9 Feb 2021 20:35:24 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="KJWbLqup"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0685B82AB7; Tue, 9 Feb 2021 20:34:55 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2A54082AB6 for ; Tue, 9 Feb 2021 20:34:44 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wr1-x432.google.com with SMTP id g10so23526912wrx.1 for ; Tue, 09 Feb 2021 11:34:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6T5BDZMSxydYlchC9aG21XxBviV5UOY8Itme+Om7PjQ=; b=KJWbLqupPoS7VDArlwrcl8/eUy+D7/5wgd5FzUOJb/zHIoEAHdeaVNI1rt9dejybR9 unZfVBIZ2wr6PZkzNat8KnS1uBkT+s0wXnZ5Hy2iW157+pwI8EQxwNRSHAj8QFyOJI0K rTC3PKwipGyJOqpEXR9jJ7nusvNDrB4MQ1pY56IJNxnt2ztjDB89d62izXGm2HtdHfnG eUWRunBH+ehmP0lczXvyCxto+crOWAFI1Uco15bmQMUL8nJFYKP6uqsAM4Bt0os2uIgw Lrfd+QJHMA8qSWPSLbaUusceKbIEWUptdMMmvBBAg6n3rvfIuL37xl54euV7nPd+TScj 9QEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6T5BDZMSxydYlchC9aG21XxBviV5UOY8Itme+Om7PjQ=; b=LqyxvjBxt8jRC/kFoXfFDf5eJeiLtySwqitYMerYvPnxb7rEtYnLd40XZCy5VdoI6W AJGiq8fWMRmSdMAOOa6OOUzytduEzprRFkoxJ7DHt4Sq2Icxhjziyaop8Ki6QSdt6IOL //4YJjOo5laAzoD6X8emdtlj6ltTX+i4YlaVlj+XSMaHU+18JaMqeEs1Suyp+aO2gyZ+ sZmllANGL9Xy+jBm10Mf8WnA/ZBbWkypQty64YBR1akI5tow/Fk/8IJXm6tN/95V9qr3 qOtLmjqWNNrvlZ5OinE3sELSZqBKLskOgINWILv6Tc2H1XrY1f785YE5+j6yuyEj0KCY D3Mw== X-Gm-Message-State: AOAM532wpDhQmJRCHiQ0syOUAADbAfjchLzq+8aX4PHfs1JKVfSi5Ji3 +ADwDcCJgWguf3K1npUXH/2lIg== X-Google-Smtp-Source: ABdhPJw4z1akNZuvA9H0VbMCaAkSZGR1VVQBIWjE89PcvGqSTDLpOIKsRd2kXaJj7kjZIhOrBjFJeQ== X-Received: by 2002:a5d:4d08:: with SMTP id z8mr27756015wrt.240.1612899283736; Tue, 09 Feb 2021 11:34:43 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id a132sm6621471wmf.42.2021.02.09.11.34.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Feb 2021 11:34:43 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv4 5/6] sandbox: imply SCP03 and CMD_SCP03 Date: Tue, 9 Feb 2021 20:34:12 +0100 Message-Id: <20210209193413.26572-5-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210209193413.26572-1-jorge@foundries.io> References: <20210209193413.26572-1-jorge@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean From: Igor Opaniuk Enable by default SCP_03/CMD_SCP03 for sandbox target. Signed-off-by: Igor Opaniuk --- arch/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index 27843cd79c..7023223927 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -142,6 +142,8 @@ config SANDBOX imply AVB_VERIFY imply LIBAVB imply CMD_AVB + imply SCP03 + imply CMD_SCP03 imply UDP_FUNCTION_FASTBOOT imply VIRTIO_MMIO imply VIRTIO_PCI From patchwork Tue Feb 9 19:34:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1438595 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=cyxf9XNl; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DZtR85HHdz9sCD for ; Wed, 10 Feb 2021 06:35:45 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4849882AD2; Tue, 9 Feb 2021 20:35:37 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="cyxf9XNl"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F3F60826AE; Tue, 9 Feb 2021 20:34:52 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 40827826AE for ; Tue, 9 Feb 2021 20:34:45 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wr1-x431.google.com with SMTP id g6so10477786wrs.11 for ; Tue, 09 Feb 2021 11:34:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=qyOEk8wtfoAwKyJiHgojmiQ1ksztWTf798zIE5Jz1H0=; b=cyxf9XNl3+lfMJFfnA4N+lx0Y4sQT2tUoKelerrLksiMtiIN/0ZWnXL3RdqhoBpooe tytXPo9y9ffdWH2GJ4I8P27Lnzp2Ipr2bDE5AjFGDl2i3/qbgnNQQ1jpnVYvTN7W+gZV CK6m67VWzv67lDUPfQnGLj/zjrq+tA2CDI21b9B8NOEHA5Cd5TB5qGg+nBQGKrpNYkby X4Ai4iC065l9H0b1LJt0iOfYJB9Q6YyQR+mvgs8NtZa9geA8EP8uS5gkCihA04oY0SEn nE3KF180X7sc/99PD5ksgsXC2I6TukGuVDaUgUvsnCH/6Le/lf2gty6H+vAsBic0aRq3 CR6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=qyOEk8wtfoAwKyJiHgojmiQ1ksztWTf798zIE5Jz1H0=; b=C/kj0p9+rHa7x8xGQRVBAi9EinaJXtCRLcliGZHetp6UTocXhHQb72+VnmWmVq1tso RXAFLo1O+t+ZcHmtIcxyB+BEii6f1nHAAOWc/ItcKHda8axyzeAA9+nVGxcPTImoGJ30 2kVb66ZGMm5B1cXma7I66cAgBwF4zWq7Anb/ZOEWgs0Z3k9pqzwHMUTKjQgJ394PFZ06 RXtv1iad4ttSnxYV16+Ehi8XglVf7AVK3FH9e/Ok4cP3bHcQZL2u/gFN78OND23plR7b 6PvVfEgxT6a6vKuF/vyTQ0CfOGUoR6GJRBeuDCfZm9E1eOI6sf4pReMDl4+9RtYkMAQt JK5g== X-Gm-Message-State: AOAM531Jb9skRYelpA3chRy0Ra+HMeUTMW+KT8ugBEUyLwjwun9BJqXZ PAQOYLiGDQFnI1/60IB/YXcApQ== X-Google-Smtp-Source: ABdhPJypvBYRKOrzkpwOVBPGUBS8YhDhOx9T5mT3Ehayuxxuhz/kDB+XPyz+PjdYeMYSxEcB9ZHeww== X-Received: by 2002:a5d:4a8b:: with SMTP id o11mr20368278wrq.346.1612899284853; Tue, 09 Feb 2021 11:34:44 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id a132sm6621471wmf.42.2021.02.09.11.34.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Feb 2021 11:34:44 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv4 6/6] test: py: add initial coverage for scp03 cmd Date: Tue, 9 Feb 2021 20:34:13 +0100 Message-Id: <20210209193413.26572-6-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210209193413.26572-1-jorge@foundries.io> References: <20210209193413.26572-1-jorge@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean From: Igor Opaniuk Add initial test coverage for SCP03 command. Signed-off-by: Igor Opaniuk --- test/py/tests/test_scp03.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 test/py/tests/test_scp03.py diff --git a/test/py/tests/test_scp03.py b/test/py/tests/test_scp03.py new file mode 100644 index 0000000000..2b584db24d --- /dev/null +++ b/test/py/tests/test_scp03.py @@ -0,0 +1,27 @@ +# Copyright (c) 2021, Foun +# +# SPDX-License-Identifier: GPL-2.0+ +# +# SCP03 command test + +""" +This tests SCP03 command in U-boot. + +For additional details check doc/usage/scp03.rst +""" + +import pytest +import u_boot_utils as util + +@pytest.mark.buildconfigspec('cmd_scp03') +def test_scp03(u_boot_console): + """Enable and provision keys with SCP03 + """ + + success_str1 = "SCP03 is enabled" + success_str2 = "SCP03 is provisioned" + + response = u_boot_console.run_command('scp03 enable') + assert success_str1 in response + response = u_boot_console.run_command('scp03 provision') + assert success_str2 in response