Default Keystore Implementation

Data Structures

struct  keystore_data_slot_info_t
struct  keystore_data_t

Typedefs

typedef struct
keystore_data_slot_info_t 
keystore_data_slot_info_t
typedef struct keystore_data_t keystore_data_t

Functions

fsl_shw_return_t shw_kso_init_data (fsl_shw_uco_t *user_ctx, void **user_data)
void shw_kso_cleanup_data (fsl_shw_uco_t *user_ctx, void **user_data)
fsl_shw_return_t shw_slot_verify_access (void *user_data, uint64_t owner_id, uint32_t slot)
fsl_shw_return_t shw_slot_alloc (void *user_data, uint32_t size, uint64_t owner_id, uint32_t *slot)
fsl_shw_return_t shw_slot_dealloc (void *user_data, uint64_t owner_id, uint32_t slot)
void * shw_slot_get_address (void *user_data, uint32_t slot)
uint32_t shw_slot_get_base (void *user_data, uint32_t slot)
uint32_t shw_slot_get_offset (void *user_data, uint32_t slot)
uint32_t shw_slot_get_slot_size (void *user_data, uint32_t slot)

Detailed Description

Default Keystore Implementation

These functions define the default keystore implementation, which is used for the system keystore and for user keystores initialized by fsl_shw_init_keystore_default(). They can be used as-is or as a reference for creating a custom keystore handler. It uses an entire Secure Memory partition, divided in to equal slots of length KEYSTORE_SLOT_SIZE. These functions are not intended to be used directly- all user interaction with the keystore should be through the User Keystore API and the Wrapped Key interface.

The current implementation is designed to work with both SCC and SCC2. Differences between the two versions are noted below.


Typedef Documentation

Data structure to hold per-slot information

Data structure to hold keystore information.


Function Documentation

void shw_kso_cleanup_data ( fsl_shw_uco_t user_ctx,
void **  user_data 
)

Default keystore cleanup routine.

This function releases the Secure Partition Object and the memory holding the keystore data structure, that obtained by the shw_kso_init_data function.

Parameters:
user_ctx User context
[in,out] user_data Pointer to the location where the keystore data structure is stored.
fsl_shw_return_t shw_kso_init_data ( fsl_shw_uco_t user_ctx,
void **  user_data 
)

Default keystore initialization routine.

This function acquires a Secure Partition Object to store the keystore, divides it into slots of length KEYSTORE_SLOT_SIZE, and builds a data structure to hold key information.

Parameters:
user_ctx User context
[out] user_data Pointer to the location where the keystore data structure is to be stored.
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t shw_slot_alloc ( void *  user_data,
uint32_t  size,
uint64_t  owner_id,
uint32_t *  slot 
)

Default keystore slot allocation

This function first checks that the requested size is equal to or less than the maximum keystore slot size. If so, it searches the keystore for a free key slot, and if found, marks it as used and returns a slot reference to the user.

Parameters:
[in] user_data Pointer to the location where the keystore data structure stored.
[in] size Size of the key data that will be stored in this slot (octets)
[in] owner_id Owner ID supplied as a credential.
[out] slot Requested slot
Returns:
A return code of type fsl_shw_return_t.
fsl_shw_return_t shw_slot_dealloc ( void *  user_data,
uint64_t  owner_id,
uint32_t  slot 
)

Default keystore slot deallocation

This function releases the given key slot in the keystore, making it available to store a new key.

Parameters:
[in] user_data Pointer to the location where the keystore data structure stored.
[in] owner_id Owner ID supplied as a credential.
[in] slot Requested slot
Returns:
A return code of type fsl_shw_return_t.
void* shw_slot_get_address ( void *  user_data,
uint32_t  slot 
)

Default keystore slot address lookup

This function calculates the address where the key data is stored.

Parameters:
[in] user_data Pointer to the location where the keystore data structure stored.
[in] slot Requested slot
Returns:
SCC2: Virtual address (kernel or userspace) of the key data. SCC: Physical address of the key data.
uint32_t shw_slot_get_base ( void *  user_data,
uint32_t  slot 
)

Default keystore slot base address lookup

This function calculates the base address of the Secure Partition on which the key data is located. For the reference design, only one Secure Partition is used per Keystore, however in general, any number may be used.

Parameters:
[in] user_data Pointer to the location where the keystore data structure stored.
[in] slot Requested slot
Returns:
SCC2: Secure Partition virtual (kernel or userspace) base address. SCC: Secure Partition physical base address.
uint32_t shw_slot_get_offset ( void *  user_data,
uint32_t  slot 
)

Default keystore slot offset lookup

This function calculates the offset from the base of the Secure Partition where the key data is located.

Parameters:
[in] user_data Pointer to the location where the keystore data structure stored.
[in] slot Requested slot
Returns:
SCC2: Key data offset (octets) SCC: Not implemented
uint32_t shw_slot_get_slot_size ( void *  user_data,
uint32_t  slot 
)

Default keystore slot offset lookup

This function returns the size of the given key slot. In the reference implementation, all key slots are of the same size, however in general, the keystore slot sizes can be made variable.

Parameters:
[in] user_data Pointer to the location where the keystore data structure stored.
[in] slot Requested slot
Returns:
SCC2: Keystore slot size. SCC: Not implemented
fsl_shw_return_t shw_slot_verify_access ( void *  user_data,
uint64_t  owner_id,
uint32_t  slot 
)

Default keystore slot access verification

This function compares the supplied Owner ID to the registered owner of the key slot, to see if the supplied ID is correct.

Parameters:
[in] user_data Pointer to the location where the keystore data structure stored.
[in] owner_id Owner ID supplied as a credential.
[in] slot Requested slot
Returns:
A return code of type fsl_shw_return_t.
footer
©  Freescale Semiconductor, Inc., 2007.  All rights reserved.
Freescale Confidential Proprietary
NDA Required
doxygen