commit 28aeec3393fc777ce2d00f9a93eb7ae802892507
author Tamas Ban <tamas.ban@arm.com> Wed Jan 09 16:53:26 2019 +0000
committer Tamas Ban <tamas.ban@arm.com> Wed Feb 13 14:03:47 2019 +0100
tree cd2715c9eefd20b4cad1ddd58459cbdb801d2f1e
parent 5080ce7a5871575e1bf6d03e6e0b9c1b3c571c94

Attest: Register attestation key to crypto

Initial attestation key is provisoned in the SoC during
fabrication. It must be obtained from platform layer and
registered to crypto partition for further usage. This key
is used to sign the initial attestation token (IAT).

Unregister the initial attestation test suite from the
TFM_LVL == 3 compatible test suite list. This is needed,
because this patch introduces partition-to-partition calls
between attestation and crypto partition and crypto
partition currently does not support TFM_LVL == 3 execution.

Change-Id: I57d5b722753cc60084eca0ded852a7a7bcecd883
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

secure_fw/services/initial_attestation/attestation_key.h

diff --git a/secure_fw/services/initial_attestation/attestation_key.h b/secure_fw/services/initial_attestation/attestation_key.h
new file mode 100644
index 0000000..c565752
--- /dev/null
+++ b/secure_fw/services/initial_attestation/attestation_key.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __ATTESTATION_KEY_H__
+#define __ATTESTATION_KEY_H__
+
+#include "psa_initial_attestation_api.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \def ATTEST_PRIVATE_KEY_SLOT
+ *
+ * \brief Key slot number to store the initial attestation private key.
+ *
+ * Private key is used by initial attestation service to sign the
+ * initial attestation token (IAT).
+ */
+#define ATTEST_PRIVATE_KEY_SLOT (1u)
+
+/**
+ * \def ATTEST_PUBLIC_KEY_SLOT
+ *
+ * \brief Key slot number to store the initial attestation public key.
+ *
+ * Public key is used by initial attestation test suit to verify the signature
+ * of the initial attestation token (IAT).
+ */
+#define ATTEST_PUBLIC_KEY_SLOT  (2u)
+
+/**
+ * \brief Get the initial attestation key from platform layer and register it
+ *        to crypto service for further usage (signing or verification).
+ *
+ * Private key MUST be present on the device, public key is optional.
+ *
+ * \retval  PSA_ATTEST_ERR_SUCCESS   Key(s) was registered.
+ * \retval  PSA_ATTEST_ERR_GENERAL   Key(s) could not be registered.
+ */
+enum psa_attest_err_t attest_register_initial_attestation_key(void);
+
+/**
+ * \brief Unregister the initial attestation key(s) from crypto service to do
+ *        not occupy key slot(s).
+ *
+ * \retval  PSA_ATTEST_ERR_SUCCESS   Key(s) was unregistered.
+ * \retval  PSA_ATTEST_ERR_GENERAL   Key(s) could not be unregistered.
+ */
+enum psa_attest_err_t attest_unregister_initial_attestation_key(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __ATTESTATION_KEY_H__ */