OrgACRN
/
acrn-hypervisor
mirror of https://github.com/projectacrn/acrn-hypervisor.git
1
0
Fork 0
Code Issues Releases Wiki Activity
acrn-hypervisor/doc
History
Chen, Gang G fc9ec5d88f hv: Derive decryption key from Seed for Trusty to decrypt attestation keybox 
CSE FW uses an AEK (Attestation keybox Encryption Key) to encrypt the keybox
with AES-256-GCM algorithm before sending it to Android/Trusty. This key is
derived from the latest platform Seed by CSE FW with KDF (key derivation function)
HMAC-SHA256. After Trusty retrieves this encrypted keybox over HECI/MEI driver,
Trusty needs the same AEKkey to decrypt it. Hence, before Trusty launches,
Hypervisor derives the same AEK key from Platform Seed with the same algorithm
and the same derivation parameters, then sends this AEK along with Trusty vSeed
to Trusty world memory.

Since Platform Seed is only visible to Hypervisor and it must not be
sent to any guest VM, only Hypervisor can derive this AEK from this
Platform Seed, just like previous per-Trusty virtual Seed derivation.
Please note that Android Attestation Keybox is shared in a single hardware
platform, so all the Trusty instance/world can get the same AEK for
decryption even if there are multiple Android User OS/VMs running
on top of Hypervisor.

v1 --> v2:
	Add detailed description why we need the patch to derive an extra key

v2 --> v3:
	Convert API descriptions to Doxygen

Tracked-On: #1812
Reviewed-by: Bing Zhu <bing.zhu@intel.com>
Reviewed-by: Kai Wang <kai.z.wang@intel.com>
Signed-off-by: Chen Gang G <gang.g.chen@intel.com>
Acked-by: Bing Zhu <bing.zhu@intel.com>
 		2018-11-20 09:22:37 +08:00
..
.known-issues doc: hide doxygen duplicate definition warnings 2018-11-01 20:55:11 -07:00
_templates doc: cleanup css, search, version choices 2018-07-26 14:00:49 -07:00
api doc: Fix AcrnGT broken API doc due to kernel upgrade 2018-10-29 09:20:43 -07:00
custom-doxygen doc: organizational and look improvements 2018-05-11 14:44:27 +08:00
developer-guides hv:Replace dynamic memory with static for mmio 2018-11-13 11:52:48 +08:00
extensions doc: add support for kerneldoc API tools 2018-07-04 18:26:44 -07:00
getting-started Documentation: update GSG for release 0.3 2018-11-12 10:43:03 -08:00
images doc: use graphviz for intro boot-flow diagram 2018-06-11 13:09:40 -07:00
introduction doc: use graphviz for intro boot-flow diagram 2018-06-11 13:09:40 -07:00
reference/kconfig doc: add hypervisor kconfig option reference 2018-06-15 15:20:43 -07:00
scripts doc: filter error exit status incorrect 2018-10-25 13:38:11 -07:00
static doc: code-block text not readable 2018-09-24 15:31:37 -07:00
tutorials Documentation: add 'make' to GSG and expand PATH for `sphinx-build` 2018-11-02 16:45:58 -07:00
user-guides doc: update rest of hypervisor HLD sections 2018-10-30 11:20:09 -07:00
LICENSE doc: update project documentation LICENSE 2018-05-15 17:19:35 +08:00
Makefile doc: add Makefile option for singlehtml 2018-11-12 09:47:12 -08:00
README.md doc: post-merge changes to docs 2018-05-15 18:03:33 +08:00
acrn.doxyfile hv: Derive decryption key from Seed for Trusty to decrypt attestation keybox 2018-11-20 09:22:37 +08:00
conf.py doc: release notes for 0.3 2018-11-09 09:51:28 -08:00
glossary.rst Documentation: update to AcrnGT official name 2018-09-06 21:51:23 -07:00
hardware.rst doc: reorganize doc tree 2018-07-16 15:17:11 -07:00
index.rst doc: reorganize doc tree 2018-07-16 15:17:11 -07:00
release_notes.rst doc: prepare for versioned release notes 2018-09-05 15:53:27 -07:00
release_notes_0.1.rst doc: fix doc misspellings 2018-09-05 16:06:19 -07:00
release_notes_0.2.rst doc: update doc version menu for v0.2 release 2018-09-24 11:01:15 -07:00
release_notes_0.3.rst doc: tweaks to 0.3 release notes 2018-11-12 10:57:47 -08:00
substitutions.txt doc: add network virtualization hld 2018-09-20 10:02:43 -07:00

README.md

Project ACRN Documentation

This folder hold the source and configuration files used to generate the Project ACRN documentation web site published to https://projectacrn.github.io