Closed johndoe31415 closed 1 year ago
Am I reading this right?
Yes you are. OP-TEE release tag 3.16.0 does not embed a secure HUK for platform stm32mp1. Such support was added in 3.20.0 with various means to define which BSEC words store the HUK bytes: see stm32mp15_huk.c.
This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.
In digging through OP-TEE I just found something that I don't fully understand. I need to be on 3.16, working on the STM32MP1 target and noticed that the platform main.c does not seem to override the weak
tee_otp_get_hw_unique_key
. The weak implementation is just a memset to zero. Indeed, with vanilla 3.16:Am I reading this right? Does this mean 3.16 in this form should not be used for productive use on the STM32MP1? Or is there any other location where the HUK is read out of OTP/BSEC? Sorry if I'm overly cautious but this has me a bit worried right now.