search

OP-TEE / optee_os

Trusted side of the TEE
Other
1.59k stars 1.07k forks source link

PKCS11 doesn't write Persistent keys: Keys removed after reboot #6982

Closed Muhammadhassan1234 closed 3 months ago

Muhammadhassan1234 commented 3 months ago

Hello Community!

I have just started working on the optee and trying to use optee as a virtual HSM. I am writing keys to Optee using PKCS11 commands like this 

pkcs11-tool --module /usr/lib/libckteec.so.0 --init-token --label rauc --so-pin 123412344

pkcs11-tool --module /usr/lib/libckteec.so.0 --label rauc --login --so-pin 12341234 --init-pin --pin 12341234

pkcs11-tool --module /usr/lib/libckteec.so.0 --login --write-object crypt.key.pem --type privkey --label rauc

pkcs11-tool --module /usr/lib/libckteec.so.0 --login --write-object crypt.cert.pem --type cert --label rauc

I successfully wrote the keys in optee too and did rauc bundle verification once too using this. but when I rebooted the system, all my data from optee is gone. Can anyone tell me what can be the issue? Does optee write data on ram and not on any persistent storage?

I am using REE_FS for now but no /data/tee folder is creating

Muhammadhassan1234 commented 3 months ago

Solved using rpmb