Hi, Wiklander,
Thanks for your reply. It seems that I use outdated OP-TEE sources (version 2.4.0).
For platforms that don't enable pager, is it because that the on-chip SRAM is not big enough to hold the whole pager?
Best Regards, Shijun Zhao Jens Wiklander jens.wiklander@linaro.org 于2018年6月28日周四 下午3:46写道:
Hi Zhao,
On Thu, Jun 28, 2018 at 9:29 AM, shijun zhao zqyzsj@gmail.com wrote:
Hi, everyone,
I find that pager uses AES-GCM to protect data sections. I see that the initialization vectors (IVs) used in AES-GCM for every page is initialized to be zero. However, according to the NIST 800 specification [1]: IV should not repeat, otherwise AES-GCM may be vulnerable to the forgery attacks [2]. So I suggest concatenating the physical address of each page (DRAM address) and the IV, then the concatenated IVs will be different for each page.
That's already done, only slightly different at: https://github.com/OP-TEE/optee_os/blob/e7dc41caf2eeb3f4997f6dbb37922c5d4d48...
Note that each physical page has its own rwp assigned to it, so the address of rwp is unique for a particular physical page.
I also see that pager is removed from many devices, such as i.mx and Hikey. Doesn't OP-TEE support pager any more?
OP-TEE supports pager, it's just that for many platforms it doesn't make sense to enable it.
Thanks, Jens
Best Regards, Shijun Zhao
- Dworkin M. NIST special publication 800-38B[J]. NIST special
publication, 2005, 800(38B): 38B. 2. A. Joux, Authentication Failures in NIST version of GCM, Natl. Inst. Stand. Technol. [Web page], http://www.csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/800-38_Ser.... _______________________________________________ Tee-dev mailing list Tee-dev@lists.linaro.org https://lists.linaro.org/mailman/listinfo/tee-dev