Feature: device key HAL addition #6267
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bulislaw
reviewed
Mar 9, 2018
| The DeviceKey consists of a secret and unique value per board instance, containing 128 or 256 bits. | ||
| There are several possible sources for this data, the preferred one is via this HAL API. | ||
| If this HAL API is not implemented and the device supports TRNG, mbedos will generate a DeviceKey the first time it is requested, using the TRNG, and save the value in the internal memory using NVStore. | ||
| As a last option, if none of the above is available, the DeviceKey can still be injected from outside the board and saved in NVStore using a dedicated API |
There was a problem hiding this comment.
I think we should mention that this value should be readable from outside or there shouldn't be a way to guess it someway (like mac generated base of it).
|
|
||
| utest::v1::status_t greentea_test_setup(const size_t number_of_cases) | ||
| { | ||
| GREENTEA_SETUP(20, "default_auto"); |
There was a problem hiding this comment.
Do we really need 20s timeout? It looks like it could be 1-2sek
|
|
||
| ##### Undefined behavior | ||
| - There should not be any undefined behavior | ||
|
|
There was a problem hiding this comment.
Do you mind explicitly calling out dependencies, you can say none or actual presence of the identifier in hw.
| @@ -0,0 +1,31 @@ | |||
| ### DeviceKey | |||
There was a problem hiding this comment.
That will need to go to https://github.com/ARMmbed/Handbook
|
Let's close this, and reopen with an update. @yossi2le Thanks for the update info |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
DeviceKey is a mechanism that can be used as a root of trust for key derivation, and is one of the most fundamental elements in the implementation of security in a device.
Pull request type