1 /*
2 * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8 #include "tfm_plat_crypto_nv_seed.h"
9 #include "tfm_plat_otp.h"
10 #include "psa/internal_trusted_storage.h"
11 #include "config_tfm.h"
12
13 #define NV_SEED_SIZE 64
14 #if NV_SEED_SIZE > ITS_MAX_ASSET_SIZE
15 #error "ITS_MAX_ASSET_SIZE is too small to store the entropy seed"
16 #endif
17
tfm_plat_crypto_provision_entropy_seed(void)18 int tfm_plat_crypto_provision_entropy_seed(void)
19 {
20 enum tfm_plat_err_t plat_err;
21 int err;
22 uint8_t buf[NV_SEED_SIZE];
23
24 /* If the seed is already provisioned, then return successfully */
25 err = tfm_plat_crypto_nv_seed_read(buf, sizeof(buf));
26 if (err == TFM_CRYPTO_NV_SEED_SUCCESS) {
27 return err;
28 }
29
30 plat_err = tfm_plat_otp_read(PLAT_OTP_ID_ENTROPY_SEED, sizeof(buf), buf);
31 if(plat_err != TFM_PLAT_ERR_SUCCESS) {
32 return TFM_CRYPTO_NV_SEED_FAILED;
33 }
34
35 err = tfm_plat_crypto_nv_seed_write(buf, sizeof(buf));
36 if (err != TFM_CRYPTO_NV_SEED_SUCCESS) {
37 return err;
38 }
39
40 return TFM_CRYPTO_NV_SEED_SUCCESS;
41 }
42
tfm_plat_crypto_nv_seed_read(unsigned char * buf,size_t buf_len)43 int tfm_plat_crypto_nv_seed_read(unsigned char *buf, size_t buf_len)
44 {
45 psa_storage_uid_t uid = NV_SEED_FILE_ID;
46 psa_status_t status;
47 size_t data_length = 0;
48
49 status = psa_its_get(uid, 0, buf_len, buf, &data_length);
50
51 if (status == PSA_SUCCESS && data_length == buf_len) {
52 return TFM_CRYPTO_NV_SEED_SUCCESS;
53 } else {
54 return TFM_CRYPTO_NV_SEED_FAILED;
55 }
56 }
57
tfm_plat_crypto_nv_seed_write(const unsigned char * buf,size_t buf_len)58 int tfm_plat_crypto_nv_seed_write(const unsigned char *buf, size_t buf_len)
59 {
60 psa_storage_uid_t uid = NV_SEED_FILE_ID;
61 psa_status_t status;
62
63 status = psa_its_set(uid, buf_len, buf, 0);
64
65 if (status == PSA_SUCCESS) {
66 return TFM_CRYPTO_NV_SEED_SUCCESS;
67 } else {
68 return TFM_CRYPTO_NV_SEED_FAILED;
69 }
70 }
71
