On Thu, Jun 28, 2018 at 10:29 AM, shijun zhao zqyzsj@gmail.com wrote:
Hi, Wiklander,
Thanks for your reply. It seems that I use outdated OP-TEE sources (version 2.4.0).
This has been more or less unchanged since the introduction of r/w paging.
For platforms that don't enable pager, is it because that the on-chip SRAM is not big enough to hold the whole pager?
Yes and also because DDR may be secure enough for various reasons.
Thanks, Jens
Best Regards, Shijun Zhao Jens Wiklander jens.wiklander@linaro.org 于2018年6月28日周四 下午3:46写道:
Hi Zhao,
On Thu, Jun 28, 2018 at 9:29 AM, shijun zhao zqyzsj@gmail.com wrote:
Hi, everyone,
I find that pager uses AES-GCM to protect data sections. I see that the initialization vectors (IVs) used in AES-GCM for every page is initialized to be zero. However, according to the NIST 800 specification [1]: IV should not repeat, otherwise AES-GCM may be vulnerable to the forgery attacks [2]. So I suggest concatenating the physical address of each page (DRAM address) and the IV, then the concatenated IVs will be different for each page.
That's already done, only slightly different at: https://github.com/OP-TEE/optee_os/blob/e7dc41caf2eeb3f4997f6dbb37922c5d4d48...
Note that each physical page has its own rwp assigned to it, so the address of rwp is unique for a particular physical page.
I also see that pager is removed from many devices, such as i.mx and Hikey. Doesn't OP-TEE support pager any more?
OP-TEE supports pager, it's just that for many platforms it doesn't make sense to enable it.
Thanks, Jens
Best Regards, Shijun Zhao
- Dworkin M. NIST special publication 800-38B[J]. NIST special
publication, 2005, 800(38B): 38B. 2. A. Joux, Authentication Failures in NIST version of GCM, Natl. Inst. Stand. Technol. [Web page], http://www.csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/800-38_Ser.... _______________________________________________ Tee-dev mailing list Tee-dev@lists.linaro.org https://lists.linaro.org/mailman/listinfo/tee-dev