Thread history

From Talk:R-Car/Boards/Yocto-Gen3
Viewing a history listing
Jump to: navigation, search
Time User Activity Comment
18:52, 14 December 2017 TNoda (talk | contribs)

New reply created

(Reply to How to execute OP-TEE cryptographic algorithms directly from ARM Trusted Firmware)
03:31, 12 December 2017 Ygohda (talk | contribs)

New reply created

(Reply to How to execute OP-TEE cryptographic algorithms directly from ARM Trusted Firmware)
18:29, 7 December 2017 TNoda (talk | contribs)

Comment text edited

 
18:27, 7 December 2017 TNoda (talk | contribs)

Comment text edited

 
18:27, 7 December 2017 TNoda (talk | contribs)

Comment text edited

 
18:23, 7 December 2017 TNoda (talk | contribs)

New thread created

 

I want to evaluate cryptographic algorithms on the boot loader before Linux starts up.

We plan to include evaluation software in ARM Trusted Firmware (bl31-h3ulcb).

ARM Trusted Firmware has no encryption algorithm, so we are considering using a library in OP-TEE (tee-h3ulcb).

For example, in evaluating signature verification using RSA, the following processing is considered necessary.

・ Register the public key and secret key.

・ And generates a hash value of the evaluation target data. (For example SHA 256)

・ Generate a signature by encrypting the hash value with the secret key.

・ Generate a hash value by decrypting the signature with the public key.

Among these processes, I do not know how to register the public key and secret key to OP-TEE.

Please tell me what kind of processing can be realized from ARM Trusted Firmware.

18:23, 7 December 2017

(If you have product planning, )I think that you should officially contact Renesas.

03:31, 12 December 2017

I am not a product planning representative.
I'm considering running cryptographic algorithms implemented on R-Car H3 on a boot loader on which Linux is not running.

I will concretely describe what I can not realize.

First, when ARM Trusted Firmware jumps to the address where the OP-TEE function exists, an exception will be raised.
After that, "plat_panic_handler" will be in infinite loop state.
I guess that it is probably guarded by MMU, but I do not know how to deal with it.

Second, About signature verification using key of RSA.
In order to register the key of RSA, I guess using functions like "alloc_rsa_public_key" and "alloc_rsa_keypair" in OP - TEE.
However, I do not know how to use functions such as arguments and procedures.

18:52, 14 December 2017