Dear TF-M Team,

 

I'm Takekazu Tabata, a director and architect from the Fujitsu processor team.

We are currently developing FUJITSU-MONAKA, which supports the CCA feature.

 

We have three questions regarding the TF-M documents and TF-M implementations.

We would greatly appreciate it if you could provide answers.

 

Question 1)

In the TF-M document “RSE provisioning”,
The CM provisioning Key is used to encrypt DM Provisioning Bundle.

https://trustedfirmware-m.readthedocs.io/en/latest/platform/arm/rse/rse_provisioning.html

After the cold reset, the RSE will automatically transition to Device Manufacturer provisioning
state “DM” as the LCM hardware state-machine reads the values of the cm_config_1 and cm_config_2 fields as non-zero. This state is designed to provision the DM provisioning key, the DM code-encryption key and the DM config. The procedure follows the same steps as the CM provisioning flow, with the exception that the bundle will now be encrypted and signed using the CM provisioning key and must be placed at the base of VM1.

However, the purpose of the data provided in the DM is not described in this document. These data are not used in the source code of TF-M v2.2.0.

DM provisioning is probably assumed to be done during device manufacturing, but could you explain the purpose in more detail?
Also, What are the DM provisioning key, the DM code-encryption key and the DM config used for?

 

Question 2)

In the TF-M document “RSE integration guide”,
attestation key(CPAK) is derived by GUK.
https://trustedfirmware-m.readthedocs.io/en/latest/platform/arm/rse/rse_integration_guide.html#provisioning-values

The GUK is a key unique to a group of chips that have identical security properties, used to derive the attestation key.

However, CPAK is derived from HUK in the source code of TF-M. GUK in the specification is a typo.
https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/+/refs/tags/TF-Mv2.2.0/platform/ext/target/arm/rse/common/bl1/rse_kmu_keys.c#322

    /* This derives from HUK, there is a typo in the spec, not from GUK.
     * FixMe: this should be configurable per platform
     */
    return setup_key_from_derivation(KMU_HW_SLOT_HUK, NULL, iak_seed_label,
                                     sizeof(iak_seed_label), NULL, 0,
                                     RSE_KMU_SLOT_CPAK_SEED, /* FixMe: The slot needs rename to IAK_SEED */
                                     &aes_key0_export_config, NULL, false,
                                     boot_state_config);

Which is right, GUK or HUK?
If it‘s HUK (not Virtual HUK), is it no problem that multiple CPAKs are generated in Multi-socket systems?

 

Question 3)

In the CM/DM lifecycle state, is it no problem to create an original provisioning bundle to run chip or device verification programs in PE?

 

Thank you for your time and assistance.

 

Best regards,

TABATA