core: user_ta: PAUTH key initialization may fail Test crypto_rng_read() return value when initializing user TA pointer authentication. For sake of simplicity get random bytes before user TA context starts to be initialized. Fixes: 2b06f9dede33 ("Add basic pointer authentication support for TA's") Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

commit: 614b28146e96edda3e92c316eb78b592e00072c2 [log] [tgz]
author: Etienne Carriere <etienne.carriere@foss.st.com> Sun Jun 22 21:23:48 2025 +0200
committer: Jerome Forissier <jerome@forissier.org> Fri Jun 27 10:24:40 2025 +0200
tree: 5ffd7d8849e5fa233f8e82a81d932b32dcbdcf0f
parent: 69315690d8ff7c3afcf881ccffde9bd2b09bfd1e [diff]
diff --git a/core/kernel/user_ta.c b/core/kernel/user_ta.c
index c96d369..34de6cc 100644
--- a/core/kernel/user_ta.c
+++ b/core/kernel/user_ta.c

@@ -468,6 +468,14 @@
 	if (!utc)
 		return TEE_ERROR_OUT_OF_MEMORY;
 
+#ifdef CFG_TA_PAUTH
+	res = crypto_rng_read(&utc->uctx.keys, sizeof(utc->uctx.keys));
+	if (res) {
+		free(utc);
+		return res;
+	}
+#endif
+
 	TAILQ_INIT(&utc->open_sessions);
 	TAILQ_INIT(&utc->cryp_states);
 	TAILQ_INIT(&utc->objects);
@@ -491,10 +499,6 @@
 
 	utc->ta_ctx.is_initializing = true;
 
-#ifdef CFG_TA_PAUTH
-	crypto_rng_read(&utc->uctx.keys, sizeof(utc->uctx.keys));
-#endif
-
 	assert(!mutex_trylock(&tee_ta_mutex));
 
 	s->ts_sess.ctx = &utc->ta_ctx.ts_ctx;
commit	614b28146e96edda3e92c316eb78b592e00072c2	[log] [tgz]
author	Etienne Carriere <etienne.carriere@foss.st.com>	Sun Jun 22 21:23:48 2025 +0200
committer	Jerome Forissier <jerome@forissier.org>	Fri Jun 27 10:24:40 2025 +0200
tree	5ffd7d8849e5fa233f8e82a81d932b32dcbdcf0f
parent	69315690d8ff7c3afcf881ccffde9bd2b09bfd1e [diff]