The following patchset allows U-Boot to enable the Secure Channel Protocol 03 implemented in a TEE and executed between the processor and the secure element.
It also allows U-Boot to request the rotation of the encryption keys defined as part of the protocol; when this is request is made, the TEE will derive new keys program them in the secure element so all communications with the secure element remains secured.
Changes v3: common: SCP03 control (enable and provision of keys) Simon Glass: document Kconfig include common.h return -ENXIO on TA not available cmd: SCP03: enable and provision command Simon Glass: requested .rst docs printf on error use U_BOOT_CMD_WITH_SUBCMDS
drivers: tee: sandbox: SCP03 control emulator Simon Glass: expand Kconfig information
Changes v2: remove obsolete patch (wasnt part of the set)
Jorge Ramirez-Ortiz (4): common: SCP03 control (enable and provision of keys) cmd: SCP03: enable and provision command drivers: tee: sandbox: SCP03 control emulator doc: describe the scp03 command
cmd/Kconfig | 8 +++++ cmd/Makefile | 3 ++ cmd/scp03.c | 48 +++++++++++++++++++++++++++++ common/Kconfig | 8 +++++ common/Makefile | 1 + common/scp03.c | 53 +++++++++++++++++++++++++++++++ doc/usage/index.rst | 1 + doc/usage/scp03.rst | 33 ++++++++++++++++++++ drivers/tee/optee/Kconfig | 6 ++++ drivers/tee/sandbox.c | 60 ++++++++++++++++++++++++++++++++++-- include/scp03.h | 21 +++++++++++++ include/tee/optee_ta_scp03.h | 21 +++++++++++++ 12 files changed, 261 insertions(+), 2 deletions(-) create mode 100644 cmd/scp03.c create mode 100644 common/scp03.c create mode 100644 doc/usage/scp03.rst create mode 100644 include/scp03.h create mode 100644 include/tee/optee_ta_scp03.h