How to execute OP-TEE cryptographic algorithms directly from ARM Trusted Firmware

Jump to: navigation, search

I want to evaluate cryptographic algorithms on the boot loader before Linux starts up. We plan to include evaluation software in ARM Trusted Firmware (bl31-h3ulcb). ARM Trusted Firmware has no encryption algorithm, so we are considering using a library in OP-TEE (tee-h3ulcb). For example, in evaluating signature verification using RSA, the following processing is considered necessary. ・ Register the public key and secret key. ・ And generates a hash value of the evaluation target data. (For example SHA 256) ・ Generate a signature by encrypting the hash value with the secret key. ・ Generate a hash value by decrypting the signature with the public key. Among these processes, I do not know how to register the public key and secret key to OP-TEE. Please tell me what kind of processing can be realized from ARM Trusted Firmware.

18:23, 7 December 2017

(If you have product planning, )I think that you should officially contact Renesas.

03:31, 12 December 2017

I am not a product planning representative.
I'm considering running cryptographic algorithms implemented on R-Car H3 on a boot loader on which Linux is not running.

I will concretely describe what I can not realize.

First, when ARM Trusted Firmware jumps to the address where the OP-TEE function exists, an exception will be raised.
After that, "plat_panic_handler" will be in infinite loop state.
I guess that it is probably guarded by MMU, but I do not know how to deal with it.

Second, About signature verification using key of RSA.
In order to register the key of RSA, I guess using functions like "alloc_rsa_public_key" and "alloc_rsa_keypair" in OP - TEE.
However, I do not know how to use functions such as arguments and procedures.

18:52, 14 December 2017