Hi Andrej,

 

Key derivation should be deterministic – given the same input parameters, tfm_plat_get_huk_derived_key() should always derive the same key.

 

Each platform needs to implement tfm_plat_get_huk_derived_key() to use a key derivation function (KDF) to derive keys from the hardware unique key (HUK) that is kept in some one time programmable (OTP) memory on the chip. Depending on the platform, the key derivation might be done with a crypto accelerator, or it might be done with a software implementation of a KDF if no accelerator is available. You can use the Musca-B1 implementation as an example (https://git.trustedfirmware.org/trusted-firmware-m.git/tree/platform/ext/target/musca_b1/dummy_crypto_keys.c#n68), which uses CryptoCell-312 to derive keys from the HUK. Other Arm platforms only have dummy implementations of this function.

 

In general, users of this API will keep their derived keys in volatile memory and redo the key derivation on each boot, as the cost of key derivation is low.

 

Kind regards,

Jamie

 

 

Hello,

 

Could you clarify:

1) Must the tfm_plat_get_huk_derived_key() function to return the same key per each call (as it’s done now), or it may return randomized key (per each call) derived from HUK?

2) If tfm_plat_get_huk_derived_key() may return a different key per call, the generated key must be stored in persistent storage.

    Is this key persistent storage already implemented (using the default parameters) for example in ITS, or the key-storage must be implemented additionally?

    It looks like the current  TFM key storage is placed in RAM, or I have missed something?

 

Thank you,

Andrej Butok