How to execute OP-TEE cryptographic algorithms directly from ARM Trusted Firmware

Jump to: navigation, search
Revision as of 15 December 2017 at 01:52.
The highlighted comment was created in this revision.

I want to evaluate cryptographic algorithms on the boot loader before Linux starts up.

We plan to include evaluation software in ARM Trusted Firmware (bl31-h3ulcb).

ARM Trusted Firmware has no encryption algorithm, so we are considering using a library in OP-TEE (tee-h3ulcb).

For example, in evaluating signature verification using RSA, the following processing is considered necessary.

・ Register the public key and secret key.

・ And generates a hash value of the evaluation target data. (For example SHA 256)

・ Generate a signature by encrypting the hash value with the secret key.

・ Generate a hash value by decrypting the signature with the public key.

Among these processes, I do not know how to register the public key and secret key to OP-TEE.

Please tell me what kind of processing can be realized from ARM Trusted Firmware.

    18:23, 7 December 2017

    (If you have product planning, )I think that you should officially contact Renesas.

      03:31, 12 December 2017

      I am not a product planning representative.
      I'm considering running cryptographic algorithms implemented on R-Car H3 on a boot loader on which Linux is not running.

      I will concretely describe what I can not realize.

      First, when ARM Trusted Firmware jumps to the address where the OP-TEE function exists, an exception will be raised.
      After that, "plat_panic_handler" will be in infinite loop state.
      I guess that it is probably guarded by MMU, but I do not know how to deal with it.

      Second, About signature verification using key of RSA.
      In order to register the key of RSA, I guess using functions like "alloc_rsa_public_key" and "alloc_rsa_keypair" in OP - TEE.
      However, I do not know how to use functions such as arguments and procedures.

        18:52, 14 December 2017