RPMB (Replay Protected Memory Block)
emmc
eMMC security feature: password lock/unlock, write protect, RPMB
AP (Application Processor)
CP (Communication Processor),也称为modem
AP <--- IPC ---> CP
eMMC (Embedded Multi Media Card) 存储软件、用户数据
RPMB是从eMMC划出一块特殊的区域,128KB的整数倍,进行访问控制,确保外部无法直接读取,而是需要通过hmac-sha256校验后由RPMB返回相关内容
modem 通过 IPC,请 AP 帮忙把某些数据(例如device id、subscriber id、call number)写入eMMC,这些信息一般是需要保密、且防篡改。
emmc partition
Boot Area Partitions: boot1, boot2
RPMB Partition
General Purpose Partitions (GPP): 1~4,GPP分区一般OTP单次写入。
User Data Area: 可基于GPT重分区。
partition size
boot1, boot2, rpmb 三个partition的默认size
Partition Size = 128KB × BOOT_SIZE_MULT
默认 BOOT_SIZE_MULT = 32,Partition = 4MB。
BOOT_SIZE_MULT最高 128,Partition 最高16MB。
overview
RPMB Data frame的关键内容:Authentication Key,Data,Nonce,Write Counter, Address
产线阶段,Host生成HUK,基于HUK派生Authentication Key,并将Authentication Key写入RPMB。
read
Host生成nonce,向eMMC请求读取某个Address的内容
eMMC基于预置的Authentication Key,结合nonce、Data等信息,计算MAC
Host校验收到的MAC,确认Data内容未经篡改
write
Host生成nonce,并基于Authentication Key,结合nonce,计算MAC;向eMMC请求谋取某个Address的Write Counter
eMMC校验MAC,确认读取Write Counter请求的合法性
eMMC返回Write Counter,且返回的内容也要带MAC
Host校验收到的Write Counter未经篡改
Host基于预置的Authentication Key,结合Write Counter、新的Data等信息,计算MAC;发给eMMC
eMMC校验MAC,确认写入新的Data,并将Write Counter加1
eMMC基于预置的Authentication Key,结合新的Write Counter 以及Result,计算MAC;发给Host
Host校验MAC,确认写入成功
use case
anti-rollback, 存version number
fail unlock attempts,防止暴力破解
secure write protect
trusty
get_rpmb_ss_auth_key
EVP_EncryptInit_ex(&evp, EVP_aes_256_cbc(), NULL, fake_device_key, NULL);
rc = EVP_EncryptUpdate(&evp, kbuf, &out_len, rpmb_salt, sizeof(rpmb_salt));
optee
optee的处理更好一点。
read_cid
static const uint8_t test_cid[] = {
/* MID (Manufacturer ID): Micron */
0xfe,
/* CBX (Device/BGA): BGA */
0x01,
/* OID (OEM/Application ID) */
0x4e,
/* PNM (Product name) "MMC04G" */
0x4d, 0x4d, 0x43, 0x30, 0x34, 0x47,
/* PRV (Product revision): 4.2 */
0x42,
/* PSN (Product serial number) */
0xc8, 0xf6, 0x55, 0x2a,
/*
* MDT (Manufacturing date):
* June, 2014
*/
0x61,
/* (CRC7 (0xA) << 1) | 0x1 */
0x15
};
derive_key
# Prepare the CID and Clear the PRV (Product revision) and CRC (CRC7
# checksum) fields as OP-TEE does.
data = bytearray(cid)
data[9] = 0
data[15] = 0
# This is how __huk_subkey_derive() is implemented, if huk_subkey_derive()
# is overridden the key derived here may not match what OP-TEE is using
#
# HUK is as tee_otp_get_hw_unique_key() in OP-TEE returns it
okm = hmac-sha256(huk, data)