Skip to content
Snippets Groups Projects
Select Git revision
  • glaroque/fixintegbranch
  • u-boot/v2024.01-rc1/integ
  • b4/adnroidv2
  • master default protected
  • mkorpershoek/yukawa-android-mainline
  • mkorpershoek/bootmeth_android-vim3-WIP
  • glaroque/updatevimandroid
  • mkorpershoek/b4/avb-verify
  • mkorpershoek/wip-meson-dm-usb-debug
  • souajih_upstreaming
  • souajih/BootImagev4
  • souajih/v4support
  • u-boot/v2022.04/dev-usb
  • u-boot/v2022.01/integ
  • mkorpershoek/u-boot/v2021.10/integ
  • u-boot/v2021.07/integ protected
  • u-boot/v2021.07/integ-20210712
  • mkorpershoek/v2021.04/flash-mmc-boot
  • u-boot-amlogic
  • u-boot/v2021.01/integ
  • u-boot/v2024.01-rc1/integ-20231103
  • v2021.04-rc2
  • u-boot/v2021.01/integ-20210202
  • v2021.04-rc1
  • v2021.01
  • v2021.01-rc5
  • v2021.01-rc4
  • v2021.01-rc3
  • u-boot/v2020.10/integ-20201113
  • v2021.01-rc2
  • v2021.01-rc1
  • u-boot/v2020.10/integ-20201020
  • v2020.10
  • v2020.10-rc5
  • v2020.10-rc4
  • v2020.10-rc3
  • u-boot/v2020.07/integ-20200818
  • v2020.10-rc2
  • v2020.10-rc1
  • v2020.07
40 results
Blame Permalink
  • Jorge Ramirez-Ortiz's avatar
    166363f2
    common: SCP03 control (enable and provision of keys) · 166363f2
    Jorge Ramirez-Ortiz authored 
    This Trusted Application allows enabling SCP03 as well as provisioning
the keys on TEE controlled secure element (ie, NXP SE050).

All the information flowing on buses (ie I2C) between the processor
and the secure element must be encrypted. Secure elements are
pre-provisioned with a set of keys known to the user so that the
secure channel protocol (encryption) can be enforced on the first
boot. This situation is however unsafe since the keys are publically
available.

For example, in the case of the NXP SE050, these keys would be
available in the OP-TEE source tree [2] and of course in the
documentation corresponding to the part.

To address that, users are required to rotate/provision those keys
(ie, generate new keys and write them in the secure element's
persistent memory).

For information on SCP03, check the Global Platform HomePage and
google for that term [1]
[1] globalplatform.org
[2] https://github.com/OP-TEE/optee_os/


    check:
    core/drivers/crypto/se050/adaptors/utils/scp_config.c

Signed-off-by: default avatarJorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: default avatarSimon Glass <sjg@chromium.org>
    166363f2
    History
    common: SCP03 control (enable and provision of keys)
    Jorge Ramirez-Ortiz authored 
    This Trusted Application allows enabling SCP03 as well as provisioning
the keys on TEE controlled secure element (ie, NXP SE050).

All the information flowing on buses (ie I2C) between the processor
and the secure element must be encrypted. Secure elements are
pre-provisioned with a set of keys known to the user so that the
secure channel protocol (encryption) can be enforced on the first
boot. This situation is however unsafe since the keys are publically
available.

For example, in the case of the NXP SE050, these keys would be
available in the OP-TEE source tree [2] and of course in the
documentation corresponding to the part.

To address that, users are required to rotate/provision those keys
(ie, generate new keys and write them in the secure element's
persistent memory).

For information on SCP03, check the Global Platform HomePage and
google for that term [1]
[1] globalplatform.org
[2] https://github.com/OP-TEE/optee_os/


    check:
    core/drivers/crypto/se050/adaptors/utils/scp_config.c

Signed-off-by: default avatarJorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: default avatarSimon Glass <sjg@chromium.org>