feat: linux: Add docs on OP-TEE Secure Storage

OP-TEE provides secure storage mechanism. Add docs to explain what
it is, its uses and how to compile it.

Signed-off-by: Suhaas Joshi <[email protected]>

Author: jsuhaas22

configs/AM62AX/AM62AX_linux_toc.txt

@@ -95,6 +95,7 @@ linux/Foundational_Components/Power_Management/pm_debug
 
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
+linux/Foundational_Components/System_Security/OPTEE_Secure_Storage
 
 linux/Foundational_Components_Kernel_Users_Guide
 linux/Foundational_Components_Kernel_LTP-DDT_Validation

configs/AM62PX/AM62PX_linux_toc.txt

@@ -100,6 +100,7 @@ linux/Foundational_Components/Power_Management/pm_debug
 
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
+linux/Foundational_Components/System_Security/OPTEE_Secure_Storage
 
 linux/Foundational_Components_Kernel_Users_Guide
 linux/Foundational_Components_Kernel_LTP-DDT_Validation

configs/AM62X/AM62X_linux_toc.txt

@@ -97,6 +97,7 @@ linux/Foundational_Components/Power_Management/pm_debug
 
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
+linux/Foundational_Components/System_Security/OPTEE_Secure_Storage
 
 linux/Foundational_Components_PRU_Subsystem
 linux/Foundational_Components/PRU-ICSS-Linux-Drivers

source/linux/Foundational_Components/System_Security/OPTEE_Secure_Storage.rst

@@ -0,0 +1,134 @@
+.. _optee_secure_storage:
+
+*********************
+OP-TEE Secure Storage
+*********************
+
+There is often the need to store sensitive data securely, such that its
+confidentiality and integrity are guaranteed. This data includes cryptographic
+keys, certificates and other application-specific or general-purpose data.
+
+To guarantee such security, OP-TEE provides 2 Secure Storage mechanisms:
+
+#. REE FS: Data is stored in the normal world's filesystem, as encrypted binary
+   blobs.
+#. RPMB: Data is stored in a special partition of compliant storage devices such
+   as eMMC and UFS.
+
+REE FS
+======
+
+**REE FS** stands for *Rich Execution Environment Filesystem*; that is, Linux's
+filesystem on TI SoCs. When the TA needs to store any data in REE FS mode,
+OP-TEE first encrypts the data, and then stores it through the TEE Linux driver
+using the userspace process "tee_supplicant".
+
+While REE FS guarantees confidentiality of the data (i.e. only the TA that
+encrypted it can decrypt it), it does not provide any protection against
+denial-of-service attacks (i.e., if Linux root is compromised, the attacker can
+delete these blobs). Further, unless RPMB also has been enabled, there's no
+protection provided against replay attacks.
+
+In TI SDK, REE FS is enabled by default. RPMB is disabled, therefore no
+protection is provided against replay attacks. The encrypted binary blobs are
+stored at ``/var/lib/tee/``.
+
+RPMB
+====
+
+**RPMB** stands for *Replay Protection Memory Block*. Storage devices such as
+the eMMC on TI SoCs contain a special "RPMB partition". This partition uses an
+"Authentication Key" to authenticate each write. Further, it maintains a counter
+to count the number of write operation, thereby ensuring protection against
+replay attacks.
+
+RPMB does not guarantee confidentiality. Data from the RPMB partition can be
+read by any process without requiring the Authentication Key. Therefore,
+to ensure confidentialty, the application must provide encryption or use RPMB in
+conjunction with REE FS.
+
+For more information on compiling OP-TEE with RPMB enabled, refer: :ref:`optee-rpmb-flags`.
+
+.. _optee-client-rpmb:
+
+OP-TEE Client and RPMB Emulation Mode
+-------------------------------------
+
+The optee-client repository provides a userspace process called
+"tee-supplicant", in ``/usr/sbin/``. This process runs as a systemd service
+by-default. All OP-TEE operations on secure storage (regardless of whether they
+are REE_FS or RPMB) go through tee-supplicant.
+
+OP-TEE client provides a flag "RPMB_EMU". When set to `1`, tee-supplicant
+emulates RPMB instead of using the real RPMB on the eMMC. This is useful for
+testing and development activities. This "emulated RPMB" exists only in volatile
+memory, so it is reset at each boot.
+
+One use-case for "emulated RPMB" is to test the programming of the
+Authentication Key, using ``CFG_RPMB_WRITE_KEY=y`` option. Since this is a one-time
+and irreversible operation on the real RPMB, it is safer to test it on the
+emulated one (which is reset at every boot).
+
+Therefore, to use real RPMB, re-compile optee-client with RPMB_EMU=0 and copy
+the tee-supplicant to ``/usr/sbin/``. For more details, see: :ref:`optee-client-build`.
+
+
+Programming the Authentication Key
+----------------------------------
+
+Initially, on a new TI board, there's no key programmed into the eMMC for the
+RPMB.
+
+There are 2 ways to program the key:
+
+#. Use tools like ``mmc-utils`` to write the key.
+#. Use the ``CFG_RPMB_WRITE_KEY=y`` flag while compiling OP-TEE.
+
+The recommended approach is to use 3rd party tools like
+``mmc-utils``. ``CFG_RPMB_WRITE_KEY=y`` makes OP-TEE send the key to the normal
+world in plain-text, therefore it must always be kept disabled in production
+builds.
+
+If ``CFG_RPMB_WRITE_KEY=y`` is being used for programming the key in factory,
+then 2 sets of OP-TEE binaries are required:
+
+#. the first, with ``CFG_RPMB_WRITE_KEY=y``, to program the key.
+#. the second, with ``CFG_RPMB_WRITE_KEY=n``, to be used in production.
+
+.. warning::
+
+   If ``CFG_RPMB_WRITE_KEY`` is set to =y, OP-TEE sends the key in plain-text to
+   Linux normal world. Therefore, ensure that it is **NEVER** enabled in
+   production builds. To avoid accidents, the recommended way is to **never**
+   use ``CFG_RPMB_WRITE_KEY=y`` at all, and instead to just rely on third-party
+   tools like ``mmc-utils``.
+
+.. warning::
+
+   The RPMB Authentication Key is one-time programmable only. Once written, it
+   cannot be re-written or modified. Thus if the wrong key is written, or the
+   key is lost, the RPMB partition of the device becomes un-usable. Be careful
+   in writing the key.
+
+   If OP-TEE has been compiled with ``CFG_RPMB_WRITE_KEY``, and tee-supplicant has
+   been compiled with RPMB_EMU=1, then the key will be programmed to the
+   emulated RPMB, and will be reset at each boot. This is good for testing and
+   development phase.
+
+   However, if RPMB_EMU=0 with ``CFG_RPMB_WRITE_KEY``, or you are using other tools,
+   then the key is programmed to the real RPMB, therefore be careful!
+
+
+OP-TEE Secure Storage Example
+*****************************
+
+To demonstrate secure storage in OP-TEE, use the
+``optee_examples_secure_storage`` binary in the filesystem.
+
+.. code::
+
+   optee_examples_secure_storage
+
+This example reads and writes raw data from and to the secure storage. This
+secure storage could be either REE_FS or RPMB or both, based on
+configuration. By default, it is REE_FS.

source/linux/Foundational_Components_OPTEE.rst

@@ -75,6 +75,7 @@ of entropy can work around these issues.
 
    $ make CROSS_COMPILE="$CROSS_COMPILE_32" CROSS_COMPILE64="$CROSS_COMPILE_64" PLATFORM=k3-|__OPTEE_PLATFORM_FLAVOR__| CFG_ARM64_core=y CFG_WITH_SOFTWARE_PRNG=y
 
+.. _optee-rpmb-flags:
 
 Secure Storage with RPMB (For HS)
 *********************************
@@ -84,10 +85,31 @@ KEK embedded in them that is programmed across OP-TEE instances that are distrib
 in a derived manner. Each HS device has its own HUK signing key (DKEK) which is different
 from other HS devices.
 
+To learn more about secure storage in OP-TEE, refer: :ref:`optee_secure_storage`.
+
 For enabling RPMB support along with secure storage, additional flags need to be passed to
 the build instructions. The information for the flags can be found here.
 https://optee.readthedocs.io/en/latest/architecture/secure_storage.html
 
+Two flags of interest are:
+
+#. ``CFG_RPMB_FS=y``: Enables RPMB support.
+#. ``CFG_RPMB_WRITE_KEY=y``: Enables OP-TEE to write the Authentication Key if a
+   key is not already programmed.
+
+.. warning::
+
+   ``CFG_RPMB_WRITE_KEY`` should never be enabled in a production build. It makes
+   OP-TEE send the Authentication Key in plain-text to normal world, which is a
+   huge security risk! Keep it disabled in production builds.
+
+.. note::
+
+   ``CFG_RPMB_WRITE_KEY`` is a convenience feature provided by OP-TEE for easy key
+   writing. A key can be written even with it disabled. That is, in fact, the
+   recommended approach to writing a key. To write a key without
+   ``CFG_RPMB_WRITE_KEY``, use third-party tools such as ``mmc-utils``.
+
 There is a hybrid mode in which both the flags i.e `CFG_REE_FS=y` and `CFG_RPMB_FS=y` are enabled.
 This mode stores the state of the Secure Storage directory in RPMB partition to check for the
 integrity of the data present in it. It is the recommended way.
@@ -107,15 +129,27 @@ E.g. For enabling hybrid mode of RPMB along with REE_FS
 OPTEE-client also needs to be updated to enable the use of real
 emmc instead of the virtual emmc that is enabled by default
 
+.. _optee-client-build:
+
 Getting OP-TEE Client source code
 ---------------------------------
 
+To get optee_client source code, do:
+
+.. rubric:: Getting OP-TEE Client source code
+
 .. code-block:: console
 
   $ git clone https://github.com/OP-TEE/optee_client
 
 .. rubric:: Building OP-TEE Client with RPMB support
 
+To use emulated RPMB, set RPMB_EMU=1. Otherwise, set RPMB_EMU=0. For details,
+see: :ref:`optee-client-rpmb`.
+
+For example, the following command builds optee_client to use the real RPMB,
+instead of the emulated one.
+
 .. code-block:: console
 
   $ make CROSS_COMPILE="$CROSS_COMPILE_64" PLATFORM=k3 CFG_TEE_SUPP_LOG_LEVEL=2 RPMB_EMU=0 CFG_ARM64_core=y

source/linux/Foundational_Components_Security.rst

@@ -11,3 +11,4 @@ Security
    Foundational_Components_Secure_Boot
    Foundational_Components/System_Security/SELinux
    Foundational_Components/System_Security/Auth_boot
+   Foundational_Components/System_Security/OPTEE_Secure_Storage