Inquiry Regarding default_ta.pem for Offline TA Signing and Early TAs.

[ydonghyuk]

I would like to apply offline TA signing by generating a new key as shown below,
instead of using the default TA signing key (default_ta.pem) provided by default.

test_private_key.pem 
test_public_key.pem

The purpose is to avoid providing the private key for TA signing to an external vendor providing OP-TEE.

Reference document: https://optee.readthedocs.io/en/latest/building/trusted_applications.html#offline-signing-of-tas

The TEE binary is modified and built as follows.

diff --git a/mk/config.mk b/mk/config.mk
index 4107f8486..eb87434eb 100644
--- a/mk/config.mk
+++ b/mk/config.mk
@@ -229,7 +229,7 @@ _CFG_WITH_SECURE_STORAGE := $(call cfg-one-enabled,CFG_REE_FS CFG_RPMB_FS)
 # key and then set TA_PUBLIC_KEY to match public key from the HSM.
 # TA_PUBLIC_KEY's public key will be embedded into OP-TEE OS.
 TA_SIGN_KEY ?= keys/default_ta.pem
-TA_PUBLIC_KEY ?= $(TA_SIGN_KEY)
+TA_PUBLIC_KEY ?= test_public_key.pem

After this, I applied offline TA signing to the TA under development according to the guide and confirmed that it works correctly.
I have two questions from two perspectives:

1. The necessity of default_ta.pem
2. Signing of early TAs

Questions:

1. The necessity of default_ta.pem

• Can I delete default_ta.pem?

2. Is it necessary to sign early TAs with the generated key (test_private_key.pem)?

• From what I have confirmed, it seems that early TAs do not require a separate signing process,but I would like to confirm if I understand this correctly.

Additional question:
I understand that early TAs are included within the TEE binary, why do they also exist in the rootfs (/lib/optee_armtz/)?

Thank you in advance for your help.

[etienne-lms]

1. The necessity of default_ta.pem

• Can I delete default_ta.pem?

Yes you can delete the file assuming you set config switches at least TA_PUBLIC_KEY to the appropriate public key PEM file.
That said, when you build OP-TEE OS with CFG_BUILD_IN_TREE_TA=y or CFG_ULIBS_SHARED=y, the build process generates signed TAs/TA libraries, based on TA_SIGN_KEY. If you do not have access to the private key at this point (maybe you sign TAs/libs offline after OP-TEE build completes) then you likely need a dummy key (like default_ta.pem) for build to succeed, after which you can sign TAs/libs with the right key in some post-build sequence.

2. Is it necessary to sign early TAs with the generated key (test_private_key.pem)?

• From what I have confirmed, it seems that early TAs do not require a separate signing process,but I would like to confirm if I understand this correctly.

I confirm that early TAs are not signed.

Additional question:
I understand that early TAs are included within the TEE binary, why do they also exist in the rootfs (/lib/optee_armtz/)?

They are present in the rootfs only if the build process embeds them whether or not they are lists in EARLY_TA_PATHS/CFG_IN_TREE_EARLY_TAS. That is what is done by OP-TEE/build.git repo, for sake of simplicity. However it is not needed at all.

[ydonghyuk]

@etienne-lms

Thank you for your response.
I would like to clarify a few points that I am not sure about.

1. The difference between the following two features:
   EARLY_TA_PATHS
   CFG_IN_TREE_EARLY_TAS

2. The purpose of the following feature:
   CFG_BUILD_IN_TREE_TA

Ultimately, I am curious about the possibility of deleting default_ta.pem when applying offline TA signing for external TAs and using early TAs (e.g., pkcs#11).
As I understand it, CFG_BUILD_IN_TREE_TA must be enabled to use early TAs (e.g., pkcs#11).
If that is the case, it seems that default_ta.pem must remain as a dummy key. Could you please confirm this?

[etienne-lms]

• CFG_IN_TREE_EARLY_TAS allows to define as early-TAs some TAs which source files are stored in OP-TEE OS source tree, in ta/<ta-name>/... directories.

• EARLY_TA_PATHS allows to define early-TAs which sources are outside OP-TEE source tree.
  (It can also be used with OP-TEE OS in-tree TAs if you provide the OP-TEE OS TA build path)

• CFG_BUILD_IN_TREE_TA, when enabled, makes OP-TEE OS build sequence to also build all TAs which sources are stored in OP-TEE OS source tree (ta/...).
  Note that building OP-TEE OS in-tree TAs does not mean the TAs are embedded in your system. If some are to be embedded as early TAs, you need to set CFG_IN_TREE_EARLY_TAS accordingly. If some are to be embedded in the Linux filesystem, you need to store/install the related .ta files in your embedded file system.

As I understand it, CFG_BUILD_IN_TREE_TA must be enabled to use early TAs (e.g., pkcs#11).
If that is the case, it seems that default_ta.pem must remain as a dummy key. Could you please confirm this?

Indeed, when CFG_BUILD_IN_TREE_TA=y, you need a (default) private key to generate the in-tree TAs signed image (xxx.ta files).

That said, you can build OP-TEE core with pkcs11 early TA without using CFG_BUILD_IN_TREE_TA=y and without any default/dummy private key file. It may be a bit tricky and needs to be done in 3 steps:

1. build OP-TEE TA devkit
2. build your TA(s) EFL files (preferrably stripped :-)
3. build OP-TEE OS core (embedding the target early TA(s)).

For example, to build OP-TEE core with pkcs11 as early TA and without any private key file defined:

1. build OP-TEE OS TA devkit without any private key and without building in-tree TAs:

make PLATFORM=<...> O=my-out CFG_BUILD_IN_TREE_TA=n TA_SIGN_KEY=""  ta_dev_kit

2. build the pkcs11 TA ELF file only, using the generated TA devkit:
   (note: you need to set all pkcs11 TA local config directives CFG_PKCS11_TA_xxx, as in example below)

make -C ta/pkcs11 O=out \
    TA_DEV_KIT_DIR=$PWD/my-out/export-ta_arm32/ \
    CFG_PKCS11_TA_ALLOW_DIGEST_KEY=y \
    CFG_PKCS11_TA_AUTH_TEE_IDENTITY=y \
    CFG_PKCS11_TA_HEAP_SIZE=32768 \
    CFG_PKCS11_TA_TOKEN_COUNT=1 \
    CFG_PKCS11_TA_CHECK_VALUE_ATTRIBUTE=n \
    out/fd02c9da-306c-48c7-a49c-bbd827ae86ee.stripped.elf

3. Build OP-TEE OS core image with pkcs11 early TA (without a private key file and without building in-tree TAs).
   You need to provide you TA authentication public key with

make PLATFORM=<...> O=my-out CFG_BUILD_IN_TREE_TA=n TA_SIGN_KEY="" \
    TA_PUBLIC_KEY=my-ta-public-key.pem \
    EARLY_TA_PATHS=ta/pkcs11/out/fd02c9da-306c-48c7-a49c-bbd827ae86ee.stripped.elf \
    all

Remember that what count is the public key your OP-TEE OS core is built with. This key shall be the right one.
Generating some useless signed TA images based on a dummy private key that does not match your embedded public key is harmless (from a security perspective) so keeping a default dummy private key (keys/default.pem) should not be an issue and make the build sequence simpler.

[ydonghyuk]

@etienne-lms

I think I understand most of your detailed explanation. Thank you.

I understand that I can build the early TA (elf) using the ta_dev_kit and include it in EARLY_TA_PATHS. (Command below)

make PLATFORM=<...> O=my-out CFG_BUILD_IN_TREE_TA=n TA_SIGN_KEY="" \
    TA_PUBLIC_KEY=my-ta-public-key.pem \
    EARLY_TA_PATHS=ta/pkcs11/out/fd02c9da-306c-48c7-a49c-bbd827ae86ee.stripped.elf \
    all

Is it possible to skip the process of building the early TA (elf) and use CFG_IN_TREE_EARLY_TAS instead of EARLY_TA_PATHS with the following command?

make PLATFORM=<...> O=my-out CFG_BUILD_IN_TREE_TA=n TA_SIGN_KEY="" \
    TA_PUBLIC_KEY=my-ta-public-key.pem \
    CFG_IN_TREE_EARLY_TAS=pkcs11/fd02c9da-306c-48c7-a49c-bbd827ae86ee \
    all

If it is not possible, do CFG_IN_TREE_EARLY_TAS and CFG_BUILD_IN_TREE_TA need to be enabled together?

[etienne-lms]

With current build process, CFG_IN_TREE_EARLY_TAS=... needs CFG_BUILD_IN_TREE_TA=y