diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-08-12 15:06:51 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-08-13 19:43:43 +0000 |
commit | 5d24282d7db3854c4a6adf925c75b7573de5617d (patch) | |
tree | 9210b38f9dd921df1a9ae1e4154ac3cbd7e4a920 /board/cr50/dcrypto/p256_ecies.c | |
parent | 2a590e25e8cc41d324abf56894b032ceda028832 (diff) | |
download | chrome-ec-5d24282d7db3854c4a6adf925c75b7573de5617d.tar.gz |
cr50: update FIPS initialization logic to match security policy
FIPS security policy was updated to move U2F key management out of scope
as it doesn't add anything from certification standpoint on L1, but
greatly complicates design and requires flash operations to be in the
FIPS module boundary.
This change aligns FIPS initialization flow with security policy:
1) Checking of U2F key type is removed and would be handled during
U2F command processing to choose approved / not-approved key gen.
2) FIPS module is always in approved mode when self-integrity tests,
known-answer tests and TRNG power-up tests succeeds.
3) Implementation of console command and TPM2 command moved out of
FIPS boundary.
BUG=b:134594373
TEST=make BOARD=cr50 [CRYPTO_TEST=1]; console commands
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I03fc8fa450927e4d37e691770e872e7ffa5b628d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3093088
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board/cr50/dcrypto/p256_ecies.c')
0 files changed, 0 insertions, 0 deletions