From 52eb9a780f1d6c5097d8bc82b16946192f025d9e Mon Sep 17 00:00:00 2001 From: "Haoran.Wang" Date: Tue, 16 Jul 2019 13:12:15 +0800 Subject: MA-15142 Support secure attestation provision In host end, need encrypt the attestation keys and certs by manufacture protection public key though AES-128-ECB. Then use below 4 set of commands to provision encrypted RSA attestation and EC attestation: * $fastboot stage atte_rsa_key.bin * $fastboot oem set-rsa-atte-key-enc * $fastboot stage atte_rsa_cert.bin * $fastboot oem append-rsa-atte-cert-enc * $fastboot stage atte_ec_key.bin * $fastboot oem set-ec-atte-key-enc * $fastboot stage atte_ec_cert.bin * $fastboot oem append-ec-atte-cert-enc Change-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346 Signed-off-by: Haoran.Wang --- lib/trusty/ql-tipc/keymaster.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lib/trusty/ql-tipc') diff --git a/lib/trusty/ql-tipc/keymaster.c b/lib/trusty/ql-tipc/keymaster.c index 0826002943..01828e0bd7 100644 --- a/lib/trusty/ql-tipc/keymaster.c +++ b/lib/trusty/ql-tipc/keymaster.c @@ -410,6 +410,21 @@ int trusty_append_attestation_cert_chain(const uint8_t *cert, cert, cert_size, algorithm); } +int trusty_set_attestation_key_enc(const uint8_t *key, uint32_t key_size, + keymaster_algorithm_t algorithm) +{ + return trusty_send_attestation_data(KM_SET_ATTESTATION_KEY_ENC, key, key_size, + algorithm); +} + +int trusty_append_attestation_cert_chain_enc(const uint8_t *cert, + uint32_t cert_size, + keymaster_algorithm_t algorithm) +{ + return trusty_send_attestation_data(KM_APPEND_ATTESTATION_CERT_CHAIN_ENC, + cert, cert_size, algorithm); +} + int trusty_atap_get_ca_request(const uint8_t *operation_start, uint32_t operation_start_size, uint8_t **ca_request_p, -- cgit v1.2.3