HI, i'm developing the RSE firmware based on TF-Mv2.3.0(with TF-Mv2.3.0 release tag) for the our platform that refers to rdv3r1.

In TF-M runtime security service, it needs a IAK(Initial Attestation Key) derived by IAK seed to create IAT(Initial Attestation Token).

When i checked tfm_plat_get_iak(), it gets IAK_seed by just reading KMU slot which IAK_seed is stored.

However, the KMU keyslot storing IAK_seed have been locked since IAK_seed is created so that IAT creation is failed.

I was checking possible ways that exports locked key in KMU keyslot and found some evidence in the source codes.

That is using CC3xx opaque key that is the method using the KMU export with keyslot index instead using raw key values.

Currently, it seems that cc3xx opaque keys feature is supported only for HW keys and AES / CMAC algorithm.

However, IAK_seed is stored in S/W keyslot and IAK needs ECC algorithm derivation.

(CC3xx lowlevel seems to support it but PSA crypto driver doesn't support it)

According to TODO comments like below, it seems that there is some long term plan about it.

(I guess that it will be removed When PSA crypto driver supporting all keys and algorithm is implemented)

rse_setup_iak_seed()@rse_kmu_keys.c

/* TODO: Should be removed once setup_key properly locks KMU slots */
kmu_err = kmu_set_key_locked(&KMU_DEV_S, RSE_KMU_SLOT_IAK_SEED);
if (kmu_err != KMU_ERROR_NONE) {
    return (enumtfm_plat_err_t) kmu_err;
}

Are there any plans or progress regarding this?

Best Regards

RH Kim