From patchwork Sun Feb 14 15:27:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1440289 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=UCBvUWft; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Ddrhw4zmVz9sBJ for ; Mon, 15 Feb 2021 02:27:57 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9DE7382709; Sun, 14 Feb 2021 16:27:44 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="UCBvUWft"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CAE21806C5; Sun, 14 Feb 2021 16:27:38 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 7A682806C5 for ; Sun, 14 Feb 2021 16:27:35 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wm1-x329.google.com with SMTP id l17so4016323wmq.2 for ; Sun, 14 Feb 2021 07:27:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=0vUaZEByBxwNbTiKXtm4FqQVDvKyfcDOoqR5sJkil9E=; b=UCBvUWftFXtlTol3qubv5+Z10gXXQ7w/oLpM6dYzBVgKEKKQZLd3Sb5P4SVVfRGO3R CT9IuP4aVd5HTZcJ/VDa8hBPk1lF0OquQADowLjldY81Zw+MRoNFjOI1o4tno8R7t+zG 7b0minm7ruoxdqhIV0b85VBQRyXR2k3eX3O46YjDdZ1wBN35HsB5BhyImK2HAH/ZjVoy +KlEiuorGx2mWlf2qUn+H90rANaMnO5vq/3GVu0GRIJD9tVgEdCgXDmhsMHNpIhzj0VE XAeSukMSAT5ugboDFrdObntgVLkA0Tj1gOfmVLmaWvYbD6iUOMWQAaIum35MJqAtHBBW mD9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0vUaZEByBxwNbTiKXtm4FqQVDvKyfcDOoqR5sJkil9E=; b=I33iSdWRia1pOj3JDmRBqpe214nxwN6oRwi8mS7rcFaZTA/ZBXt2yn+/+TA5FyeaQA XODlmlPDn3AK/Ge1gV6iLREUx+ruryV0nGSMoa/hufCvSS94QsXobkleQKPCMFnPDVZa xk2JgZzwGyaf2b5dmuuzvFbgEdGdkXecopMEWB98mF8oz9OfMQYNTQxTBnkR4x/aotQo MKzGcGgh15lDLFPiJPRT+Ot7Us2CZ9AZECh3S2UJpc1uJpOGyaFP5bDDzq2gZTb7vACp ANU0UhqJdTsyBqoF45OaGtbxFAoOHKYVrIPqW0AsnKuyWNvFAJzrsYUynP2PRAthmEfP +SbA== X-Gm-Message-State: AOAM531AsGNmlTGF4YNN+s1Fqx6p0j3nIXP2/l44QNw1S0G2gIGbLI7V MSC6lwYjgp2bn+o/ZtzgqZPW1g== X-Google-Smtp-Source: ABdhPJxzlCmwFxZoKrH0wBP/kdq6u3Nu9E84R2U3qAd70CDFM8xamHE4LGHZE2GIGZihBl63ymnQeA== X-Received: by 2002:a7b:cb05:: with SMTP id u5mr10606538wmj.140.1613316455056; Sun, 14 Feb 2021 07:27:35 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id f7sm10520801wmh.39.2021.02.14.07.27.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Feb 2021 07:27:34 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv5 1/6] common: SCP03 control (enable and provision of keys) Date: Sun, 14 Feb 2021 16:27:23 +0100 Message-Id: <20210214152728.8628-2-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210214152728.8628-1-jorge@foundries.io> References: <20210214152728.8628-1-jorge@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean This Trusted Application allows enabling SCP03 as well as provisioning the keys on TEE controlled secure element (ie, NXP SE050). All the information flowing on buses (ie I2C) between the processor and the secure element must be encrypted. Secure elements are pre-provisioned with a set of keys known to the user so that the secure channel protocol (encryption) can be enforced on the first boot. This situation is however unsafe since the keys are publically available. For example, in the case of the NXP SE050, these keys would be available in the OP-TEE source tree [2] and of course in the documentation corresponding to the part. To address that, users are required to rotate/provision those keys (ie, generate new keys and write them in the secure element's persistent memory). For information on SCP03, check the Global Platform HomePage and google for that term [1] [1] globalplatform.org [2] https://github.com/OP-TEE/optee_os/ check: core/drivers/crypto/se050/adaptors/utils/scp_config.c Signed-off-by: Jorge Ramirez-Ortiz Reviewed-by: Simon Glass --- common/Kconfig | 8 ++++++ common/Makefile | 1 + common/scp03.c | 53 ++++++++++++++++++++++++++++++++++++ include/scp03.h | 21 ++++++++++++++ include/tee/optee_ta_scp03.h | 21 ++++++++++++++ 5 files changed, 104 insertions(+) create mode 100644 common/scp03.c create mode 100644 include/scp03.h create mode 100644 include/tee/optee_ta_scp03.h diff --git a/common/Kconfig b/common/Kconfig index 2bb3798f80..482f123534 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -588,6 +588,14 @@ config AVB_BUF_SIZE endif # AVB_VERIFY +config SCP03 + bool "Build SCP03 - Secure Channel Protocol O3 - controls" + depends on OPTEE || SANDBOX + depends on TEE + help + This option allows U-Boot to enable and or provision SCP03 on an OPTEE + controlled Secured Element. + config SPL_HASH bool # "Support hashing API (SHA1, SHA256, etc.)" help diff --git a/common/Makefile b/common/Makefile index daeea67cf2..215b8b26fd 100644 --- a/common/Makefile +++ b/common/Makefile @@ -137,3 +137,4 @@ obj-$(CONFIG_CMD_LOADB) += xyzModem.o obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_AVB_VERIFY) += avb_verify.o +obj-$(CONFIG_SCP03) += scp03.o diff --git a/common/scp03.c b/common/scp03.c new file mode 100644 index 0000000000..09ef7b5ba3 --- /dev/null +++ b/common/scp03.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#include +#include +#include +#include + +static int scp03_enable(bool provision) +{ + const struct tee_optee_ta_uuid uuid = PTA_SCP03_UUID; + struct tee_open_session_arg session; + struct tee_invoke_arg invoke; + struct tee_param param; + struct udevice *tee = NULL; + + tee = tee_find_device(tee, NULL, NULL, NULL); + if (!tee) + return -ENODEV; + + memset(&session, 0, sizeof(session)); + tee_optee_ta_uuid_to_octets(session.uuid, &uuid); + if (tee_open_session(tee, &session, 0, NULL)) + return -ENXIO; + + memset(¶m, 0, sizeof(param)); + param.attr = TEE_PARAM_ATTR_TYPE_VALUE_INPUT; + param.u.value.a = provision; + + memset(&invoke, 0, sizeof(invoke)); + invoke.func = PTA_CMD_ENABLE_SCP03; + invoke.session = session.session; + + if (tee_invoke_func(tee, &invoke, 1, ¶m)) + return -EIO; + + tee_close_session(tee, session.session); + + return 0; +} + +int tee_enable_scp03(void) +{ + return scp03_enable(false); +} + +int tee_provision_scp03(void) +{ + return scp03_enable(true); +} diff --git a/include/scp03.h b/include/scp03.h new file mode 100644 index 0000000000..729667ccd1 --- /dev/null +++ b/include/scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#ifndef _SCP03_H +#define _SCP03_H + +/* + * Requests to OPTEE to enable or provision the Secure Channel Protocol on its + * Secure Element + * + * If key provisioning is requested, OPTEE shall generate new SCP03 keys and + * write them to the Secure Element. + * + * Both functions return < 0 on error else 0. + */ +int tee_enable_scp03(void); +int tee_provision_scp03(void); +#endif /* _SCP03_H */ diff --git a/include/tee/optee_ta_scp03.h b/include/tee/optee_ta_scp03.h new file mode 100644 index 0000000000..13f9956d98 --- /dev/null +++ b/include/tee/optee_ta_scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* + * (C) Copyright 2021, Foundries.IO + * + */ +#ifndef __TA_SCP03_H +#define __TA_SCP03_H + +#define PTA_SCP03_UUID { 0xbe0e5821, 0xe718, 0x4f77, \ + { 0xab, 0x3e, 0x8e, 0x6c, 0x73, 0xa9, 0xc7, 0x35 } } + +/* + * Enable Secure Channel Protocol functionality (SCP03) on the Secure Element. + * Setting the operation value to something different than NULL will trigger + * the SCP03 provisioning request. + * + * in params[0].a = operation + */ +#define PTA_CMD_ENABLE_SCP03 0 + +#endif /*__TA_SCP03_H*/ From patchwork Sun Feb 14 15:27:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1440291 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=jOKifKP6; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Ddrj466Zjz9sBJ for ; Mon, 15 Feb 2021 02:28:08 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id AD37882717; Sun, 14 Feb 2021 16:27:48 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="jOKifKP6"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CF5CE826FC; Sun, 14 Feb 2021 16:27:40 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 557DB82385 for ; Sun, 14 Feb 2021 16:27:36 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wm1-x32b.google.com with SMTP id l17so4016347wmq.2 for ; Sun, 14 Feb 2021 07:27:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1hSZkWzu1HKGxQTECBmWnVjyCwoLk2JMjm7u9CNSqVo=; b=jOKifKP6qOSVQu+G2/K2aq39lMizbO8Rh1t0CgzfbOUa26eFGX9gB/kZTPWjmk5HVy WDTzfD9RHRPEjWacWshmeZaYRohTECDD/0GT3HEEEwS/XXs9JQkOHTFPN1WeiLghSHK9 Rh7d6AJvnzssVYfsRgiTqEKJ9505B6UA7F3EPxQ1njDmX8iOYwtYi79qzE7/Twb7S6a1 29x06iLgumRo1T8wMHCX4gosi/Em4d3JMT0ZcHDb1hCR6a7K8/kxJcMoFEjbm80Ajn6m Q61F9+D3RFGc5MJv31jndK5jZk8HNc4yZKbJTIQZP9buQP/OmR35RD0ffFgFHBKW3/4z 67dg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1hSZkWzu1HKGxQTECBmWnVjyCwoLk2JMjm7u9CNSqVo=; b=AFUGMMHVSoNx7c+t4Yn8v82Bziq1rU4y/5s7/ainx1bEFYb3yfInLcc16+WpSsol3s VcoJo2mtOWngFUum6GRZar3LAOv4ttuKr9+w4uD2x2L3Z6Jo07kOTz1YFCTm1fqK5//x Stvf7qN3ukmYXc/7Ju8xPlwSi7K6ItZuMb1veCzE0hNB7DEQfJLt5nYdftE1nDMEDKrS GWuLMAz5FDMikwvg9L8i4ZlIkII2CaxA1MUm/ksn2SZ4TA/9sso/hi3Utb4QfeSy95Ho dGta3YyNOml4y5GEZwc7lQtkqPfsvwYx1aqzm9AACIXlEA6QgMLzHK6z0joZu1tJbhYx gIPg== X-Gm-Message-State: AOAM532QzFxxxo5A1JoMWDcvYB+ReE1Kzo/v+jenFwKih98p8v8aeOd8 sbVv12zOiQ6GSWh9sYmaS9f6Qg== X-Google-Smtp-Source: ABdhPJx1rn3fqz//w3GgNDx1mMqvRdkyRiu80/sE1jRQAtrv4O9gAO50ZgY/beTFIMbe7Y+3MgAPKQ== X-Received: by 2002:a1c:f001:: with SMTP id a1mr10615453wmb.21.1613316455927; Sun, 14 Feb 2021 07:27:35 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id f7sm10520801wmh.39.2021.02.14.07.27.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Feb 2021 07:27:35 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv5 2/6] cmd: SCP03: enable and provision command Date: Sun, 14 Feb 2021 16:27:24 +0100 Message-Id: <20210214152728.8628-3-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210214152728.8628-1-jorge@foundries.io> References: <20210214152728.8628-1-jorge@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Enable and provision the SCP03 keys on a TEE controlled secured elemt from the U-Boot shell. Executing this command will generate and program new SCP03 encryption keys on the secure element NVM. Depending on the TEE implementation, the keys would then be stored in some persistent storage or better derived from some platform secret (so they can't be lost). Signed-off-by: Jorge Ramirez-Ortiz Reviewed-by: Simon Glass Reviewed-by: Igor Opaniuk --- cmd/Kconfig | 8 ++++++++ cmd/Makefile | 3 +++ cmd/scp03.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 cmd/scp03.c diff --git a/cmd/Kconfig b/cmd/Kconfig index 928a2a0a2d..6327374f2c 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2021,6 +2021,14 @@ config HASH_VERIFY help Add -v option to verify data against a hash. +config CMD_SCP03 + bool "scp03 - SCP03 enable and rotate/provision operations" + depends on SCP03 + help + This command provides access to a Trusted Application + running in a TEE to request Secure Channel Protocol 03 + (SCP03) enablement and/or rotation of its SCP03 keys. + config CMD_TPM_V1 bool diff --git a/cmd/Makefile b/cmd/Makefile index 176bf925fd..a7017e8452 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o # Android Verified Boot 2.0 obj-$(CONFIG_CMD_AVB) += avb.o +# Foundries.IO SCP03 +obj-$(CONFIG_CMD_SCP03) += scp03.o + obj-$(CONFIG_ARM) += arm/ obj-$(CONFIG_RISCV) += riscv/ obj-$(CONFIG_SANDBOX) += sandbox/ diff --git a/cmd/scp03.c b/cmd/scp03.c new file mode 100644 index 0000000000..655e0bba08 --- /dev/null +++ b/cmd/scp03.c @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#include +#include +#include +#include + +int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + if (argc != 1) + return CMD_RET_USAGE; + + if (tee_enable_scp03()) { + printf("TEE failed to enable SCP03\n"); + return CMD_RET_FAILURE; + } + + printf("SCP03 is enabled\n"); + + return CMD_RET_SUCCESS; +} + +int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + if (argc != 1) + return CMD_RET_USAGE; + + if (tee_provision_scp03()) { + printf("TEE failed to provision SCP03 keys\n"); + return CMD_RET_FAILURE; + } + + printf("SCP03 is provisioned\n"); + + return CMD_RET_SUCCESS; +} + +static char text[] = + "provides a command to enable SCP03 and provision the SCP03 keys\n" + " enable - enable SCP03 on the TEE\n" + " provision - provision SCP03 on the TEE\n"; + +U_BOOT_CMD_WITH_SUBCMDS(scp03, "Secure Channel Protocol 03 control", text, + U_BOOT_SUBCMD_MKENT(enable, 1, 1, do_scp03_enable), + U_BOOT_SUBCMD_MKENT(provision, 1, 1, do_scp03_provision)); + From patchwork Sun Feb 14 15:27:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1440294 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=jqEozxrC; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Ddrjj2cHCz9sBJ for ; Mon, 15 Feb 2021 02:28:41 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A935682760; Sun, 14 Feb 2021 16:28:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="jqEozxrC"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CDE6C826FB; Sun, 14 Feb 2021 16:27:45 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3ED73826A6 for ; Sun, 14 Feb 2021 16:27:37 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wm1-x32f.google.com with SMTP id w4so3991784wmi.4 for ; Sun, 14 Feb 2021 07:27:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ngwfLorTKmlyJWQMMFaeTqN5Sc3z161KaBCynHKL3+0=; b=jqEozxrCawgbAz89lGAObvuRRFkv+G3M/qzGLWiHlbvikQX008rUXsjD01fajZK55o T/E97sIj8okOCS71KZ/gjcLYQ18kU2I1OWbd33nKg8223VQwpouhW37Ts0tcuDl73Oz0 z66tYvySlnLr5KRFCZovZBH83MS6caGcS6KOXSJQnL+l8ZuCuaC+1qUUcxK1lpLj/ZH/ DZt/c0NeME+ESbHF8Rsee2690FV8yuSM0RGoF+WBwPlL84hMhP1qGmfwZmRsPyyCJfYc LyLheENRe1G3dWuT5PC0iilNwnQTcHzDWOltvUSp1Yw1M3F/gY0kY6tjYylNNnFzDcle cYBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ngwfLorTKmlyJWQMMFaeTqN5Sc3z161KaBCynHKL3+0=; b=b4ZxnCeHJ6mf68L7QOOFp1j93JaaNIRiYMoEcKDWBwvCNcjvX91CYxRUtljVgl95/s yY5jdKMR61+oI0NXxW4sL5VeC8pV5+TNT6FOE9vHC3+vNO9Y3+UNpsU4D4gE3hxX/Cp3 pZ21ryx/awafpd+IJjbHgrQXIahX3OfohP8G8TJnGY75CpGxiHIBYzxhDORYa9KfQJRM CheH5oHGamNrgBmQi+ViJibVvWOVJf0rhUbV9zlihYZSF5tjl9MDBFrguBjoWeP0w2ov juq4CFtBmqIvWXjIkscy03EC0mNScWz3jWFNi2zopeVfAMPBYLYLDIwe9rI8cAvEDfSS XrfQ== X-Gm-Message-State: AOAM530qfVN7u9CVZWeFT2R8DLT/GxaBKOoCyR2wuDgGV8/YngtPSAyi +Czb0StCBy8UI+hPqO8dnv2swA== X-Google-Smtp-Source: ABdhPJy9IVPZ1lFWu5xXanrLuMpHT9dK/CQ06EWdRiuAB6BCqSsNJQacCYZPXVL5KGgC6w2G03US4w== X-Received: by 2002:a1c:2605:: with SMTP id m5mr10485366wmm.170.1613316456832; Sun, 14 Feb 2021 07:27:36 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id f7sm10520801wmh.39.2021.02.14.07.27.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Feb 2021 07:27:36 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv5 3/6] drivers: tee: sandbox: SCP03 control emulator Date: Sun, 14 Feb 2021 16:27:25 +0100 Message-Id: <20210214152728.8628-4-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210214152728.8628-1-jorge@foundries.io> References: <20210214152728.8628-1-jorge@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Adds support for a working SCP03 emulation. Input parameters are validated however the commands (enable, provision) executed by the TEE are assumed to always succeed. Signed-off-by: Jorge Ramirez-Ortiz Reviewed-by: Simon Glass --- drivers/tee/optee/Kconfig | 6 +++++ drivers/tee/sandbox.c | 57 +++++++++++++++++++++++++++++++++++++-- 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/drivers/tee/optee/Kconfig b/drivers/tee/optee/Kconfig index d489834df9..98988c38f0 100644 --- a/drivers/tee/optee/Kconfig +++ b/drivers/tee/optee/Kconfig @@ -22,6 +22,12 @@ config OPTEE_TA_AVB The TA can support the "avb" subcommands "read_rb", "write"rb" and "is_unlocked". +config OPTEE_TA_SCP03 + bool "Support SCP03 TA" + default y + help + Enables support for controlling (enabling, provisioning) the + Secure Channel Protocol 03 operation in the OP-TEE SCP03 TA. endmenu endif diff --git a/drivers/tee/sandbox.c b/drivers/tee/sandbox.c index e1ba027fd6..f25cdd47e4 100644 --- a/drivers/tee/sandbox.c +++ b/drivers/tee/sandbox.c @@ -7,6 +7,7 @@ #include #include #include +#include /* * The sandbox tee driver tries to emulate a generic Trusted Exectution @@ -32,7 +33,7 @@ struct ta_entry { struct tee_param *params); }; -#ifdef CONFIG_OPTEE_TA_AVB +#if defined(CONFIG_OPTEE_TA_SCP03) || defined(CONFIG_OPTEE_TA_AVB) static u32 get_attr(uint n, uint num_params, struct tee_param *params) { if (n >= num_params) @@ -44,7 +45,7 @@ static u32 get_attr(uint n, uint num_params, struct tee_param *params) static u32 check_params(u8 p0, u8 p1, u8 p2, u8 p3, uint num_params, struct tee_param *params) { - u8 p[] = { p0, p1, p2, p3}; + u8 p[] = { p0, p1, p2, p3 }; uint n; for (n = 0; n < ARRAY_SIZE(p); n++) @@ -62,6 +63,52 @@ bad_params: return TEE_ERROR_BAD_PARAMETERS; } +#endif + +#ifdef CONFIG_OPTEE_TA_SCP03 +static u32 pta_scp03_open_session(struct udevice *dev, uint num_params, + struct tee_param *params) +{ + /* + * We don't expect additional parameters when opening a session to + * this TA. + */ + return check_params(TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE, + num_params, params); +} + +static u32 pta_scp03_invoke_func(struct udevice *dev, u32 func, uint num_params, + struct tee_param *params) +{ + u32 res; + static bool enabled; + + switch (func) { + case PTA_CMD_ENABLE_SCP03: + res = check_params(TEE_PARAM_ATTR_TYPE_VALUE_INPUT, + TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, + num_params, params); + if (res) + return res; + + if (!enabled) { + enabled = true; + } else { + } + + if (params[0].u.value.a) + + return TEE_SUCCESS; + default: + return TEE_ERROR_NOT_SUPPORTED; + } +} +#endif + +#ifdef CONFIG_OPTEE_TA_AVB static u32 ta_avb_open_session(struct udevice *dev, uint num_params, struct tee_param *params) @@ -223,6 +270,12 @@ static const struct ta_entry ta_entries[] = { .invoke_func = ta_avb_invoke_func, }, #endif +#ifdef CONFIG_OPTEE_TA_SCP03 + { .uuid = PTA_SCP03_UUID, + .open_session = pta_scp03_open_session, + .invoke_func = pta_scp03_invoke_func, + }, +#endif }; static void sandbox_tee_get_version(struct udevice *dev, From patchwork Sun Feb 14 15:27:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1440295 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=Ko34Nrhk; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Ddrjw1K0rz9sBJ for ; Mon, 15 Feb 2021 02:28:52 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8D8278276C; Sun, 14 Feb 2021 16:28:05 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="Ko34Nrhk"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A381E82713; Sun, 14 Feb 2021 16:27:45 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=no autolearn_force=no version=3.4.2 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3B2488006D for ; Sun, 14 Feb 2021 16:27:38 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wr1-x42c.google.com with SMTP id v1so5631826wrd.6 for ; Sun, 14 Feb 2021 07:27:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gmNdhA2SrE8qVhg0wRKkB05un1deWXwJjVjp4nZN6Pk=; b=Ko34NrhkUx3ef9RTbI7SNeHuna89TFRCkZHQmSJsC2HSopxtzwLRQyqlu1ZTzpINeD ArmYAHmcQx3Tis0TaUJXD5Kx0jRl/XJC0rhYe55klnVql5I0uVvTw57+ehapyYvh0AUl rDb4vk5b89xFVTzDQY19aHSl6zBR9iBu28h/+CyQWCZH29uf7oRKSmEC9eJSQ3wFGm95 jAL0ZEdC8FLKt0UC3hhv7vvcl1pex9l/CVz2uqdhDaKJVPCMbCXIuuns6EdL8prcDc7U Qda0UYwryJBL3DXwqDr+L/2azuTI0fshDqKEC0yib1bpcpWjv+ePuIaGKyDYttvUmNt+ JfVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gmNdhA2SrE8qVhg0wRKkB05un1deWXwJjVjp4nZN6Pk=; b=lo0xf5omM3Dy4njhPhu9fomZ3U8vU0VgBPYUwxR2+dTmnpS3djSGMpYwI2l6/HDFGk ZCNx5/jCw/Cr4Fln3aay1JZjaxeO0/xuZa30MtWjjsi4IcxdPr9mGRSqNp5RIftpPa3J YTC2803MmahodNL3F0w7a6fTuwB0tRMxSlrSr2CwvOChll02CwVAy5ePcZN+pezNe7aZ 98X5hEfGSt6e2IIeEK5v1zV32kpBDF62pmI/oonVGzceHzD//VjhmzCAyx8rWhpfxYsA jYP7mU5EiSYPJP67P/iFjgkodEb9W69ToK7Yw475OaKfxOr12uE2q+OxNq/V4GQopHUN t3eQ== X-Gm-Message-State: AOAM5329Roy95sS8ao0/x+lZq3myaeNiXOLP8KpaHxttEK1GC2gu8qOT oQmUw+AagrEzCwjnlrJJeBO8/w== X-Google-Smtp-Source: ABdhPJypATr7BsgwvbnKBZBBiB18sxyZs64SYj9ya/9DglH+ZnafrYBj7E1GItOhIKW1Sior0mrgZw== X-Received: by 2002:a5d:58db:: with SMTP id o27mr14056300wrf.397.1613316457766; Sun, 14 Feb 2021 07:27:37 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id f7sm10520801wmh.39.2021.02.14.07.27.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Feb 2021 07:27:37 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv5 4/6] doc: describe the scp03 command Date: Sun, 14 Feb 2021 16:27:26 +0100 Message-Id: <20210214152728.8628-5-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210214152728.8628-1-jorge@foundries.io> References: <20210214152728.8628-1-jorge@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean The Secure Channel Protocol 03 command sends control requests (enable/provision) to the TEE implementing the protocol between the processor and the secure element. Signed-off-by: Jorge Ramirez-Ortiz Reviewed-by: Simon Glass --- doc/usage/index.rst | 1 + doc/usage/scp03.rst | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 doc/usage/scp03.rst diff --git a/doc/usage/index.rst b/doc/usage/index.rst index 5754958d7e..fa1c4160b9 100644 --- a/doc/usage/index.rst +++ b/doc/usage/index.rst @@ -29,3 +29,4 @@ Shell commands pstore sbi true + scp03 diff --git a/doc/usage/scp03.rst b/doc/usage/scp03.rst new file mode 100644 index 0000000000..7ff87ed85a --- /dev/null +++ b/doc/usage/scp03.rst @@ -0,0 +1,33 @@ +.. SPDX-License-Identifier: GPL-2.0+ + +scp03 command +============= + +Synopsis +-------- + +:: + + scp03 enable + scp03 provision + +Description +----------- + +The *scp03* command calls into a Trusted Application executing in a +Trusted Execution Environment to enable (if present) the Secure +Channel Protocol 03 stablished between the processor and the secure +element. + +This protocol encrypts all the communication between the processor and +the secure element using a set of pre-defined keys. These keys can be +rotated (provisioned) using the *provision* request. + +See also +-------- + +For some information on the internals implemented in the TEE, please +check the GlobalPlatform documentation on `Secure Channel Protocol '03'`_ + +.. _Secure Channel Protocol '03': + https://globalplatform.org/wp-content/uploads/2014/07/GPC_2.3_D_SCP03_v1.1.2_PublicRelease.pdf From patchwork Sun Feb 14 15:27:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1440292 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=RepRmT6M; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DdrjH0RYJz9sBJ for ; Mon, 15 Feb 2021 02:28:19 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 127DF82734; Sun, 14 Feb 2021 16:27:51 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="RepRmT6M"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id D285A826FC; Sun, 14 Feb 2021 16:27:42 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 5C815826AD for ; Sun, 14 Feb 2021 16:27:39 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wr1-x42c.google.com with SMTP id b3so5634105wrj.5 for ; Sun, 14 Feb 2021 07:27:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dMvwXxjTk1AXYi+lHeu9PrMVwuUCIi4RMFMvUuL99g4=; b=RepRmT6Moml/icD1Flx4wJGZyRN2uiA92YtuDrhYlDsi7loTk1aH+8ajLWf4BqY+bZ kTvo951imsLULnvakHxpDp9uaRIVZLuRyItRCqM/H4dKvXOBJQxRM8Trhfju0Km92vvh /h5ap4VpsYCr/qIWcSBUKsZGeM4dmxBzuwLPva+x1zw7BwsC06XTKjgcZqKf3RdiT8uG jMaVzmpjo0bWWl3QOB5mMUVQ6CZFXMFh0h2U+oixPU09FO7narAn5JojxvgMUfN6KMy4 njWVyvj9osl6PK0RIdhyKGcVBhP5QhdUYH/x2nW5WQ9Xuc6GqWjl1bQdjapWSEBXK3TY tjXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dMvwXxjTk1AXYi+lHeu9PrMVwuUCIi4RMFMvUuL99g4=; b=ehmOpqAQI6pCtj8qcEkEV33IM+C087kQjt1ld4lcYXfFntPxwnBaffaNtFSw5AY//+ qMBl9WvWUPtmhBvpqD7GgXKnErvOsnGX8Dhrc4yPJjbyqWHfSA+XMbNEFOpNo2nY23SU RkqYDitnazVJiZrr13t26iawut66fgW2Te2knsPceTTk6MKCzcNlya6c3gNXmkoRk/Nu HNSM3+I1kEozsWnm0DvZW0rh6iO+vqLfkD82wnTmYs5jSVpazV4CY+grZbec0A2TG86k HoU98EA1IKz7udIDzUTYMMsL7jB6cMkPcJfr1wh/9IXtN1sppd6cLH3xnGWWI39flgf6 mIbA== X-Gm-Message-State: AOAM532OmMvQP7sxCKdcXQOfqjkTjCaIrv6Ftibakezz75V++kTN1gPM rNMrfHzvTWbUWalVToQcsNBChV6x8EnQcw== X-Google-Smtp-Source: ABdhPJz7H0In2yJziitKkd75XjEmSqL1Tcy4kjkABCbC6Wmymi8fVFuzeoQ2YHbZoibZ3fZ4nVImZA== X-Received: by 2002:a05:6000:1373:: with SMTP id q19mr14198645wrz.371.1613316458653; Sun, 14 Feb 2021 07:27:38 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id f7sm10520801wmh.39.2021.02.14.07.27.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Feb 2021 07:27:38 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv5 5/6] sandbox: imply SCP03 and CMD_SCP03 Date: Sun, 14 Feb 2021 16:27:27 +0100 Message-Id: <20210214152728.8628-6-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210214152728.8628-1-jorge@foundries.io> References: <20210214152728.8628-1-jorge@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean From: Igor Opaniuk Enable by default SCP_03/CMD_SCP03 for sandbox target. Signed-off-by: Igor Opaniuk Reviewed-by: Simon Glass --- arch/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index 27843cd79c..7023223927 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -142,6 +142,8 @@ config SANDBOX imply AVB_VERIFY imply LIBAVB imply CMD_AVB + imply SCP03 + imply CMD_SCP03 imply UDP_FUNCTION_FASTBOOT imply VIRTIO_MMIO imply VIRTIO_PCI From patchwork Sun Feb 14 15:27:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jorge Ramirez-Ortiz, Foundries" X-Patchwork-Id: 1440293 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=WiK2Ztge; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DdrjV1Sw2z9sBJ for ; Mon, 15 Feb 2021 02:28:30 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3556882748; Sun, 14 Feb 2021 16:27:58 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="WiK2Ztge"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CEE508270A; Sun, 14 Feb 2021 16:27:44 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 240DE826FB for ; Sun, 14 Feb 2021 16:27:40 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jorge@foundries.io Received: by mail-wr1-x433.google.com with SMTP id v15so5634578wrx.4 for ; Sun, 14 Feb 2021 07:27:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=69XwDOK8DSTN2n8ANZh+ZPkqpCEkOL7WvsN2ksdz2GI=; b=WiK2ZtgeQeDrbD/4LNu+qa23XO85J60d/G3wq+T11Lz++mUuc+9bDBut0U9oXM3XOF 3lLJ/7/42bRU39cEvDlK/3/9U7nbf95ruJbM5gSTJ8t0a1gmDGYwjeW8s9q+nMRBVJl0 +xiOrlNDfUVsogGq8TOiaoD2E7ZlfxwqCfx/Wh2frtC+u8rVMLnYpk6AJ6o+vnLsIJMe JIcngxzZ9/IMDRbHpQmntNYpNVSVa5GchVmpDVZc+mobGu5AkFpJRtm4K3XCpm0VjYYU GGSA4uPrYYBvnjb4Z6jYvHGW3DCIBy2hkl73AoLLrHAOwRJi8XcKrIZ7N5iVxxzM8gUj eitw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=69XwDOK8DSTN2n8ANZh+ZPkqpCEkOL7WvsN2ksdz2GI=; b=X0mPQ5XHT21OqKp7Q95HlnqQ65WN5tp0mepoYop/Pwy/4dKgR6Y/Yrgwnfg5MSRJP8 q6yBL1SDjwfk5kQu3pOZUuYG6/0lDQQee4XkgvNX20o6PU8rd8w9KHi8gkF/+p+bs3o3 5rpbCOJAzp1EjV488W7UWUdc85htCep5uuuYMhGqGeylSJH36fhdPysJJ5IPf9xy3qio xO5T1lM5zATzlnTpi28Bbv0YEzRx4iYEQbtvGLZpMGxa7K+ZzRdD3Hv8V1VuOmyonM41 KsdvbVDF1xYjEPCpQVfMGbZH7FUbNDfVXUKHMxEGjZsK53dcFe+wEkd6/uJY4vspvlWx 9vcw== X-Gm-Message-State: AOAM531HRJdTCUM0gmXPV4ew3j1a1vhbexfPiwizq3PAGCFWGFja4iNx iLycKxhpjmtKFngGQgUsPsQmvcFTgUnOhA== X-Google-Smtp-Source: ABdhPJwsSfj/bmiI2VF5la104wnApNyqBEjuJGTDVaCo/3eBCv1bmym0F7gWW+Xql0FPGf13N5W9ug== X-Received: by 2002:adf:ea48:: with SMTP id j8mr14270881wrn.197.1613316459783; Sun, 14 Feb 2021 07:27:39 -0800 (PST) Received: from localhost.localdomain (182.red-79-146-86.dynamicip.rima-tde.net. [79.146.86.182]) by smtp.gmail.com with ESMTPSA id f7sm10520801wmh.39.2021.02.14.07.27.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Feb 2021 07:27:39 -0800 (PST) From: Jorge Ramirez-Ortiz To: jorge@foundries.io, sjg@chromium.org, jens.wiklander@linaro.org Cc: igor.opaniuk@foundries.io, u-boot@lists.denx.de Subject: [PATCHv5 6/6] test: py: add initial coverage for scp03 cmd Date: Sun, 14 Feb 2021 16:27:28 +0100 Message-Id: <20210214152728.8628-7-jorge@foundries.io> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210214152728.8628-1-jorge@foundries.io> References: <20210214152728.8628-1-jorge@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean From: Igor Opaniuk Add initial test coverage for SCP03 command. Signed-off-by: Igor Opaniuk Reviewed-by: Simon Glass --- test/py/tests/test_scp03.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 test/py/tests/test_scp03.py diff --git a/test/py/tests/test_scp03.py b/test/py/tests/test_scp03.py new file mode 100644 index 0000000000..1f689252dd --- /dev/null +++ b/test/py/tests/test_scp03.py @@ -0,0 +1,27 @@ +# Copyright (c) 2021 Foundries.io Ltd +# +# SPDX-License-Identifier: GPL-2.0+ +# +# SCP03 command test + +""" +This tests SCP03 command in U-boot. + +For additional details check doc/usage/scp03.rst +""" + +import pytest +import u_boot_utils as util + +@pytest.mark.buildconfigspec('cmd_scp03') +def test_scp03(u_boot_console): + """Enable and provision keys with SCP03 + """ + + success_str1 = "SCP03 is enabled" + success_str2 = "SCP03 is provisioned" + + response = u_boot_console.run_command('scp03 enable') + assert success_str1 in response + response = u_boot_console.run_command('scp03 provision') + assert success_str2 in response