Hi,

 

> shouldn't it be a value changing on each boot?
Yes, you are right. Boot seed is about the distinguish boot cycles. It should be a random number per boot cycle.

https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-24.html#name-boot-seed

 

> implementation id, couldn't it be read from the board id (pico_get_unique_board_id)?

“Note that this identifies the PSA RoT implementation, not a particular instance. To uniquely identify an instance, see the Instance ID claim”

https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-24.html#name-implementation-id

It is more kind a soc-family-id.

 

Regards,

Tamas

 

 

Hi,

 

TF-M has got a default OTP map and template files which using the default map. This makes the development and testing easier. Each platform can use these as a starting point and implement the platform specific parts with the help of these.

 

You can use the functions provided by the pico SDK, in this case you have to change the platform functions.

In your case:

• copy the “platform/ext/common/template/attest_hal.c” file to the platform’s directory
• add the copied “attest_hal.c“ file’s path to the platform_s cmake target, you can use the “platform/ext/target/arm/mps4/common/common.cmake” as an example
• Change the “tfm_plat_get_boot_seed” and “tfm_plat_get_implementation_id” functions in the new “attest_hal.c“ file.
• build with -DPLATFORM_DEFAULT_ATTEST_HAL=OFF or add this cmake variable to the platform’s config.cmake file

 

If you can, please upstream the changes, we welcome all contributions.

 

Regards,

Dávid