[PATCHv5 1/6] common: SCP03 control (enable and provision of keys)
This Trusted Application allows enabling SCP03 as well as provisioning the keys on TEE controlled secure element (ie, NXP SE050).
All the information flowing on buses (ie I2C) between the processor and the secure element must be encrypted. Secure elements are pre-provisioned with a set of keys known to the user so that the secure channel protocol (encryption) can be enforced on the first boot. This situation is however unsafe since the keys are publically available.
For example, in the case of the NXP SE050, these keys would be available in the OP-TEE source tree [2] and of course in the documentation corresponding to the part.
To address that, users are required to rotate/provision those keys (ie, generate new keys and write them in the secure element's persistent memory).
For information on SCP03, check the Global Platform HomePage and google for that term [1] [1] globalplatform.org [2] https://github.com/OP-TEE/optee_os/ check: core/drivers/crypto/se050/adaptors/utils/scp_config.c
Signed-off-by: Jorge Ramirez-Ortiz jorge@foundries.io Reviewed-by: Simon Glass sjg@chromium.org --- common/Kconfig | 8 ++++++ common/Makefile | 1 + common/scp03.c | 53 ++++++++++++++++++++++++++++++++++++ include/scp03.h | 21 ++++++++++++++ include/tee/optee_ta_scp03.h | 21 ++++++++++++++ 5 files changed, 104 insertions(+) create mode 100644 common/scp03.c create mode 100644 include/scp03.h create mode 100644 include/tee/optee_ta_scp03.h
diff --git a/common/Kconfig b/common/Kconfig index 2bb3798f80..482f123534 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -588,6 +588,14 @@ config AVB_BUF_SIZE
endif # AVB_VERIFY
+config SCP03 + bool "Build SCP03 - Secure Channel Protocol O3 - controls" + depends on OPTEE || SANDBOX + depends on TEE + help + This option allows U-Boot to enable and or provision SCP03 on an OPTEE + controlled Secured Element. + config SPL_HASH bool # "Support hashing API (SHA1, SHA256, etc.)" help diff --git a/common/Makefile b/common/Makefile index daeea67cf2..215b8b26fd 100644 --- a/common/Makefile +++ b/common/Makefile @@ -137,3 +137,4 @@ obj-$(CONFIG_CMD_LOADB) += xyzModem.o obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o
obj-$(CONFIG_AVB_VERIFY) += avb_verify.o +obj-$(CONFIG_SCP03) += scp03.o diff --git a/common/scp03.c b/common/scp03.c new file mode 100644 index 0000000000..09ef7b5ba3 --- /dev/null +++ b/common/scp03.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#include <common.h> +#include <scp03.h> +#include <tee.h> +#include <tee/optee_ta_scp03.h> + +static int scp03_enable(bool provision) +{ + const struct tee_optee_ta_uuid uuid = PTA_SCP03_UUID; + struct tee_open_session_arg session; + struct tee_invoke_arg invoke; + struct tee_param param; + struct udevice *tee = NULL; + + tee = tee_find_device(tee, NULL, NULL, NULL); + if (!tee) + return -ENODEV; + + memset(&session, 0, sizeof(session)); + tee_optee_ta_uuid_to_octets(session.uuid, &uuid); + if (tee_open_session(tee, &session, 0, NULL)) + return -ENXIO; + + memset(¶m, 0, sizeof(param)); + param.attr = TEE_PARAM_ATTR_TYPE_VALUE_INPUT; + param.u.value.a = provision; + + memset(&invoke, 0, sizeof(invoke)); + invoke.func = PTA_CMD_ENABLE_SCP03; + invoke.session = session.session; + + if (tee_invoke_func(tee, &invoke, 1, ¶m)) + return -EIO; + + tee_close_session(tee, session.session); + + return 0; +} + +int tee_enable_scp03(void) +{ + return scp03_enable(false); +} + +int tee_provision_scp03(void) +{ + return scp03_enable(true); +} diff --git a/include/scp03.h b/include/scp03.h new file mode 100644 index 0000000000..729667ccd1 --- /dev/null +++ b/include/scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#ifndef _SCP03_H +#define _SCP03_H + +/* + * Requests to OPTEE to enable or provision the Secure Channel Protocol on its + * Secure Element + * + * If key provisioning is requested, OPTEE shall generate new SCP03 keys and + * write them to the Secure Element. + * + * Both functions return < 0 on error else 0. + */ +int tee_enable_scp03(void); +int tee_provision_scp03(void); +#endif /* _SCP03_H */ diff --git a/include/tee/optee_ta_scp03.h b/include/tee/optee_ta_scp03.h new file mode 100644 index 0000000000..13f9956d98 --- /dev/null +++ b/include/tee/optee_ta_scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* + * (C) Copyright 2021, Foundries.IO + * + */ +#ifndef __TA_SCP03_H +#define __TA_SCP03_H + +#define PTA_SCP03_UUID { 0xbe0e5821, 0xe718, 0x4f77, \ + { 0xab, 0x3e, 0x8e, 0x6c, 0x73, 0xa9, 0xc7, 0x35 } } + +/* + * Enable Secure Channel Protocol functionality (SCP03) on the Secure Element. + * Setting the operation value to something different than NULL will trigger + * the SCP03 provisioning request. + * + * in params[0].a = operation + */ +#define PTA_CMD_ENABLE_SCP03 0 + +#endif /*__TA_SCP03_H*/
Enable and provision the SCP03 keys on a TEE controlled secured elemt from the U-Boot shell.
Executing this command will generate and program new SCP03 encryption keys on the secure element NVM.
Depending on the TEE implementation, the keys would then be stored in some persistent storage or better derived from some platform secret (so they can't be lost).
Signed-off-by: Jorge Ramirez-Ortiz jorge@foundries.io Reviewed-by: Simon Glass sjg@chromium.org --- cmd/Kconfig | 8 ++++++++ cmd/Makefile | 3 +++ cmd/scp03.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 cmd/scp03.c
diff --git a/cmd/Kconfig b/cmd/Kconfig index 928a2a0a2d..6327374f2c 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2021,6 +2021,14 @@ config HASH_VERIFY help Add -v option to verify data against a hash.
+config CMD_SCP03 + bool "scp03 - SCP03 enable and rotate/provision operations" + depends on SCP03 + help + This command provides access to a Trusted Application + running in a TEE to request Secure Channel Protocol 03 + (SCP03) enablement and/or rotation of its SCP03 keys. + config CMD_TPM_V1 bool
diff --git a/cmd/Makefile b/cmd/Makefile index 176bf925fd..a7017e8452 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -193,6 +193,9 @@ obj-$(CONFIG_CMD_BLOB) += blob.o # Android Verified Boot 2.0 obj-$(CONFIG_CMD_AVB) += avb.o
+# Foundries.IO SCP03 +obj-$(CONFIG_CMD_SCP03) += scp03.o + obj-$(CONFIG_ARM) += arm/ obj-$(CONFIG_RISCV) += riscv/ obj-$(CONFIG_SANDBOX) += sandbox/ diff --git a/cmd/scp03.c b/cmd/scp03.c new file mode 100644 index 0000000000..655e0bba08 --- /dev/null +++ b/cmd/scp03.c @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * (C) Copyright 2021, Foundries.IO + * + */ + +#include <common.h> +#include <command.h> +#include <env.h> +#include <scp03.h> + +int do_scp03_enable(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + if (argc != 1) + return CMD_RET_USAGE; + + if (tee_enable_scp03()) { + printf("TEE failed to enable SCP03\n"); + return CMD_RET_FAILURE; + } + + printf("SCP03 is enabled\n"); + + return CMD_RET_SUCCESS; +} + +int do_scp03_provision(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + if (argc != 1) + return CMD_RET_USAGE; + + if (tee_provision_scp03()) { + printf("TEE failed to provision SCP03 keys\n"); + return CMD_RET_FAILURE; + } + + printf("SCP03 is provisioned\n"); + + return CMD_RET_SUCCESS; +} + +static char text[] = + "provides a command to enable SCP03 and provision the SCP03 keys\n" + " enable - enable SCP03 on the TEE\n" + " provision - provision SCP03 on the TEE\n"; + +U_BOOT_CMD_WITH_SUBCMDS(scp03, "Secure Channel Protocol 03 control", text, + U_BOOT_SUBCMD_MKENT(enable, 1, 1, do_scp03_enable), + U_BOOT_SUBCMD_MKENT(provision, 1, 1, do_scp03_provision)); +
Adds support for a working SCP03 emulation. Input parameters are validated however the commands (enable, provision) executed by the TEE are assumed to always succeed.
Signed-off-by: Jorge Ramirez-Ortiz jorge@foundries.io Reviewed-by: Simon Glass sjg@chromium.org --- drivers/tee/optee/Kconfig | 6 +++++ drivers/tee/sandbox.c | 57 +++++++++++++++++++++++++++++++++++++-- 2 files changed, 61 insertions(+), 2 deletions(-)
diff --git a/drivers/tee/optee/Kconfig b/drivers/tee/optee/Kconfig index d489834df9..98988c38f0 100644 --- a/drivers/tee/optee/Kconfig +++ b/drivers/tee/optee/Kconfig @@ -22,6 +22,12 @@ config OPTEE_TA_AVB The TA can support the "avb" subcommands "read_rb", "write"rb" and "is_unlocked".
+config OPTEE_TA_SCP03 + bool "Support SCP03 TA" + default y + help + Enables support for controlling (enabling, provisioning) the + Secure Channel Protocol 03 operation in the OP-TEE SCP03 TA. endmenu
endif diff --git a/drivers/tee/sandbox.c b/drivers/tee/sandbox.c index e1ba027fd6..f25cdd47e4 100644 --- a/drivers/tee/sandbox.c +++ b/drivers/tee/sandbox.c @@ -7,6 +7,7 @@ #include <sandboxtee.h> #include <tee.h> #include <tee/optee_ta_avb.h> +#include <tee/optee_ta_scp03.h>
/* * The sandbox tee driver tries to emulate a generic Trusted Exectution @@ -32,7 +33,7 @@ struct ta_entry { struct tee_param *params); };
-#ifdef CONFIG_OPTEE_TA_AVB +#if defined(CONFIG_OPTEE_TA_SCP03) || defined(CONFIG_OPTEE_TA_AVB) static u32 get_attr(uint n, uint num_params, struct tee_param *params) { if (n >= num_params) @@ -44,7 +45,7 @@ static u32 get_attr(uint n, uint num_params, struct tee_param *params) static u32 check_params(u8 p0, u8 p1, u8 p2, u8 p3, uint num_params, struct tee_param *params) { - u8 p[] = { p0, p1, p2, p3}; + u8 p[] = { p0, p1, p2, p3 }; uint n;
for (n = 0; n < ARRAY_SIZE(p); n++) @@ -62,6 +63,52 @@ bad_params:
return TEE_ERROR_BAD_PARAMETERS; } +#endif + +#ifdef CONFIG_OPTEE_TA_SCP03 +static u32 pta_scp03_open_session(struct udevice *dev, uint num_params, + struct tee_param *params) +{ + /* + * We don't expect additional parameters when opening a session to + * this TA. + */ + return check_params(TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, TEE_PARAM_ATTR_TYPE_NONE, + num_params, params); +} + +static u32 pta_scp03_invoke_func(struct udevice *dev, u32 func, uint num_params, + struct tee_param *params) +{ + u32 res; + static bool enabled; + + switch (func) { + case PTA_CMD_ENABLE_SCP03: + res = check_params(TEE_PARAM_ATTR_TYPE_VALUE_INPUT, + TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, + TEE_PARAM_ATTR_TYPE_NONE, + num_params, params); + if (res) + return res; + + if (!enabled) { + enabled = true; + } else { + } + + if (params[0].u.value.a) + + return TEE_SUCCESS; + default: + return TEE_ERROR_NOT_SUPPORTED; + } +} +#endif + +#ifdef CONFIG_OPTEE_TA_AVB
static u32 ta_avb_open_session(struct udevice *dev, uint num_params, struct tee_param *params) @@ -223,6 +270,12 @@ static const struct ta_entry ta_entries[] = { .invoke_func = ta_avb_invoke_func, }, #endif +#ifdef CONFIG_OPTEE_TA_SCP03 + { .uuid = PTA_SCP03_UUID, + .open_session = pta_scp03_open_session, + .invoke_func = pta_scp03_invoke_func, + }, +#endif };
static void sandbox_tee_get_version(struct udevice *dev,
The Secure Channel Protocol 03 command sends control requests (enable/provision) to the TEE implementing the protocol between the processor and the secure element.
Signed-off-by: Jorge Ramirez-Ortiz jorge@foundries.io --- doc/usage/index.rst | 1 + doc/usage/scp03.rst | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 doc/usage/scp03.rst
diff --git a/doc/usage/index.rst b/doc/usage/index.rst index 5754958d7e..fa1c4160b9 100644 --- a/doc/usage/index.rst +++ b/doc/usage/index.rst @@ -29,3 +29,4 @@ Shell commands pstore sbi true + scp03 diff --git a/doc/usage/scp03.rst b/doc/usage/scp03.rst new file mode 100644 index 0000000000..7ff87ed85a --- /dev/null +++ b/doc/usage/scp03.rst @@ -0,0 +1,33 @@ +.. SPDX-License-Identifier: GPL-2.0+ + +scp03 command +============= + +Synopsis +-------- + +:: + + scp03 enable + scp03 provision + +Description +----------- + +The *scp03* command calls into a Trusted Application executing in a +Trusted Execution Environment to enable (if present) the Secure +Channel Protocol 03 stablished between the processor and the secure +element. + +This protocol encrypts all the communication between the processor and +the secure element using a set of pre-defined keys. These keys can be +rotated (provisioned) using the *provision* request. + +See also +-------- + +For some information on the internals implemented in the TEE, please +check the GlobalPlatform documentation on `Secure Channel Protocol '03'`_ + +.. _Secure Channel Protocol '03': + https://globalplatform.org/wp-content/uploads/2014/07/GPC_2.3_D_SCP03_v1.1.2...
On Tue, 9 Feb 2021 at 13:10, Jorge Ramirez-Ortiz jorge@foundries.io wrote:
The Secure Channel Protocol 03 command sends control requests (enable/provision) to the TEE implementing the protocol between the processor and the secure element.
Signed-off-by: Jorge Ramirez-Ortiz jorge@foundries.io
doc/usage/index.rst | 1 + doc/usage/scp03.rst | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 doc/usage/scp03.rst
Reviewed-by: Simon Glass sjg@chromium.org
From: Igor Opaniuk igor.opaniuk@foundries.io
Enable by default SCP_03/CMD_SCP03 for sandbox target.
Signed-off-by: Igor Opaniuk igor.opaniuk@foundries.io --- arch/Kconfig | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/arch/Kconfig b/arch/Kconfig index 27843cd79c..7023223927 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -142,6 +142,8 @@ config SANDBOX imply AVB_VERIFY imply LIBAVB imply CMD_AVB + imply SCP03 + imply CMD_SCP03 imply UDP_FUNCTION_FASTBOOT imply VIRTIO_MMIO imply VIRTIO_PCI
On Tue, 9 Feb 2021 at 13:10, Jorge Ramirez-Ortiz jorge@foundries.io wrote:
From: Igor Opaniuk igor.opaniuk@foundries.io
Enable by default SCP_03/CMD_SCP03 for sandbox target.
Signed-off-by: Igor Opaniuk igor.opaniuk@foundries.io
arch/Kconfig | 2 ++ 1 file changed, 2 insertions(+)
Reviewed-by: Simon Glass sjg@chromium.org
From: Igor Opaniuk igor.opaniuk@foundries.io
Add initial test coverage for SCP03 command.
Signed-off-by: Igor Opaniuk igor.opaniuk@foundries.io --- test/py/tests/test_scp03.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 test/py/tests/test_scp03.py
diff --git a/test/py/tests/test_scp03.py b/test/py/tests/test_scp03.py new file mode 100644 index 0000000000..1f689252dd --- /dev/null +++ b/test/py/tests/test_scp03.py @@ -0,0 +1,27 @@ +# Copyright (c) 2021 Foundries.io Ltd +# +# SPDX-License-Identifier: GPL-2.0+ +# +# SCP03 command test + +""" +This tests SCP03 command in U-boot. + +For additional details check doc/usage/scp03.rst +""" + +import pytest +import u_boot_utils as util + +@pytest.mark.buildconfigspec('cmd_scp03') +def test_scp03(u_boot_console): + """Enable and provision keys with SCP03 + """ + + success_str1 = "SCP03 is enabled" + success_str2 = "SCP03 is provisioned" + + response = u_boot_console.run_command('scp03 enable') + assert success_str1 in response + response = u_boot_console.run_command('scp03 provision') + assert success_str2 in response
Hi Jorge,
On Tue, 9 Feb 2021 at 13:10, Jorge Ramirez-Ortiz jorge@foundries.io wrote:
From: Igor Opaniuk igor.opaniuk@foundries.io
Add initial test coverage for SCP03 command.
Signed-off-by: Igor Opaniuk igor.opaniuk@foundries.io
test/py/tests/test_scp03.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 test/py/tests/test_scp03.py
Reviewed-by: Simon Glass sjg@chromium.org
This is fine, but note you can also write this test in C for sandbox, and this might be easier if it gets more complicated. For example you can check the state of devices from C.
Regards, Simon
On 09/02/21, Jorge Ramirez-Ortiz wrote:
This Trusted Application allows enabling SCP03 as well as provisioning the keys on TEE controlled secure element (ie, NXP SE050).
All the information flowing on buses (ie I2C) between the processor and the secure element must be encrypted. Secure elements are pre-provisioned with a set of keys known to the user so that the secure channel protocol (encryption) can be enforced on the first boot. This situation is however unsafe since the keys are publically available.
For example, in the case of the NXP SE050, these keys would be available in the OP-TEE source tree [2] and of course in the documentation corresponding to the part.
To address that, users are required to rotate/provision those keys (ie, generate new keys and write them in the secure element's persistent memory).
For information on SCP03, check the Global Platform HomePage and google for that term [1] [1] globalplatform.org [2] https://github.com/OP-TEE/optee_os/ check: core/drivers/crypto/se050/adaptors/utils/scp_config.c
hi Simon, we added the tests that you asked for. all ok with this series?
thanks!
Signed-off-by: Jorge Ramirez-Ortiz jorge@foundries.io Reviewed-by: Simon Glass sjg@chromium.org
common/Kconfig | 8 ++++++ common/Makefile | 1 + common/scp03.c | 53 ++++++++++++++++++++++++++++++++++++ include/scp03.h | 21 ++++++++++++++ include/tee/optee_ta_scp03.h | 21 ++++++++++++++ 5 files changed, 104 insertions(+) create mode 100644 common/scp03.c create mode 100644 include/scp03.h create mode 100644 include/tee/optee_ta_scp03.h
diff --git a/common/Kconfig b/common/Kconfig index 2bb3798f80..482f123534 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -588,6 +588,14 @@ config AVB_BUF_SIZE
endif # AVB_VERIFY
+config SCP03
- bool "Build SCP03 - Secure Channel Protocol O3 - controls"
- depends on OPTEE || SANDBOX
- depends on TEE
- help
This option allows U-Boot to enable and or provision SCP03 on an OPTEEcontrolled Secured Element.config SPL_HASH bool # "Support hashing API (SHA1, SHA256, etc.)" help diff --git a/common/Makefile b/common/Makefile index daeea67cf2..215b8b26fd 100644 --- a/common/Makefile +++ b/common/Makefile @@ -137,3 +137,4 @@ obj-$(CONFIG_CMD_LOADB) += xyzModem.o obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o
obj-$(CONFIG_AVB_VERIFY) += avb_verify.o +obj-$(CONFIG_SCP03) += scp03.o diff --git a/common/scp03.c b/common/scp03.c new file mode 100644 index 0000000000..09ef7b5ba3 --- /dev/null +++ b/common/scp03.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- (C) Copyright 2021, Foundries.IO
- */
+#include <common.h> +#include <scp03.h> +#include <tee.h> +#include <tee/optee_ta_scp03.h>
+static int scp03_enable(bool provision) +{
- const struct tee_optee_ta_uuid uuid = PTA_SCP03_UUID;
- struct tee_open_session_arg session;
- struct tee_invoke_arg invoke;
- struct tee_param param;
- struct udevice *tee = NULL;
- tee = tee_find_device(tee, NULL, NULL, NULL);
- if (!tee)
return -ENODEV;- memset(&session, 0, sizeof(session));
- tee_optee_ta_uuid_to_octets(session.uuid, &uuid);
- if (tee_open_session(tee, &session, 0, NULL))
return -ENXIO;- memset(¶m, 0, sizeof(param));
- param.attr = TEE_PARAM_ATTR_TYPE_VALUE_INPUT;
- param.u.value.a = provision;
- memset(&invoke, 0, sizeof(invoke));
- invoke.func = PTA_CMD_ENABLE_SCP03;
- invoke.session = session.session;
- if (tee_invoke_func(tee, &invoke, 1, ¶m))
return -EIO;- tee_close_session(tee, session.session);
- return 0;
+}
+int tee_enable_scp03(void) +{
- return scp03_enable(false);
+}
+int tee_provision_scp03(void) +{
- return scp03_enable(true);
+} diff --git a/include/scp03.h b/include/scp03.h new file mode 100644 index 0000000000..729667ccd1 --- /dev/null +++ b/include/scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/*
- (C) Copyright 2021, Foundries.IO
- */
+#ifndef _SCP03_H +#define _SCP03_H
+/*
- Requests to OPTEE to enable or provision the Secure Channel Protocol on its
- Secure Element
- If key provisioning is requested, OPTEE shall generate new SCP03 keys and
- write them to the Secure Element.
- Both functions return < 0 on error else 0.
- */
+int tee_enable_scp03(void); +int tee_provision_scp03(void); +#endif /* _SCP03_H */ diff --git a/include/tee/optee_ta_scp03.h b/include/tee/optee_ta_scp03.h new file mode 100644 index 0000000000..13f9956d98 --- /dev/null +++ b/include/tee/optee_ta_scp03.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/*
- (C) Copyright 2021, Foundries.IO
- */
+#ifndef __TA_SCP03_H +#define __TA_SCP03_H
+#define PTA_SCP03_UUID { 0xbe0e5821, 0xe718, 0x4f77, \
{ 0xab, 0x3e, 0x8e, 0x6c, 0x73, 0xa9, 0xc7, 0x35 } }+/*
- Enable Secure Channel Protocol functionality (SCP03) on the Secure Element.
- Setting the operation value to something different than NULL will trigger
- the SCP03 provisioning request.
- in params[0].a = operation
- */
+#define PTA_CMD_ENABLE_SCP03 0
+#endif /*__TA_SCP03_H*/
2.30.0
participants (3)
-
Jorge Ramirez-Ortiz -
Jorge Ramirez-Ortiz, Foundries
-
Simon Glass