cancel
Showing results for 
Search instead for 
Did you mean: 

I've come across the chip ID caveat mentioned in the op-tee documentation for secure storage. Are unique chip IDs implemented in STs branch of the op-tee OS? Also is trustzone code itself stored securely at rest or only the data in secure storage? Thanks

GorillaDoctor
Associate

Full text from op-tee:

Important caveats
Currently no OP-TEE platform is able to support retrieval of the Hardware Unique Key or Chip ID required for secure operation.
 
For all platforms, a constant key is used, resulting in no protection against decryption, or Secure Storage duplication to other devices.
 
This is because information about how to retrieve key data from the SoC is considered sensitive by the vendors and it is not freely available.
 
In OP-TEE, there are apis for reading the keys generically from "One-Time Programmable" memory, or OTP. But there are no existing platform implementations.
 
To allow Secure Storage to operate securely on your platform, you must define implementations in your platform code for:
 
 void tee_otp_get_hw_unique_key(struct tee_hw_unique_key *hwkey);
 int tee_otp_get_die_id(uint8_t *buffer, size_t len);
These implementations should fetch the key data from your SoC-specific e-fuses, or crypto unit according to the method defined by your SoC vendor.

1 ACCEPTED SOLUTION

Accepted Solutions
Yves C
ST Employee

STM didn't implement the "tee_otp_get_hw_unique_key" service, implementation depend on customer need. To access OTP there is a BSEC driver.

View solution in original post

1 REPLY 1
Yves C
ST Employee

STM didn't implement the "tee_otp_get_hw_unique_key" service, implementation depend on customer need. To access OTP there is a BSEC driver.