widevine-partner/oemcrypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 17.1

Browse Source 
Updates to OEMCrypto API and OPK reference implementation.
This commit is contained in:
Fred Gylys-Colwell
2022-06-26 20:46:35 -07:00
parent 5e1f940c81
commit 1ec4f64360
134 changed files with 4508 additions and 5931 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
CHANGELOG.md
View File

@@ -2,6 +2,44 @@
[TOC]
## [Version 17.1][v17.1]
This release contains a major change to the build process for the OP-TEE port,
a new ODK minor version, handling for v16.4.x licenses with clear key control
block, provisioning 4.0 in the wtpi_reference code, and various small changes.
The build process for the OP-TEE port has been simplified. Previously, the OPK
components were compiled with their own makefiles, compiler flags, and
toolchain; a platform-specific build system would then need to link those
components into the final application. Now, a list of all OPK files is
provided in the new `tee-sources.mk` file for inclusion in the target platform's
build system. This guarantees that the OPK code will be compiled with the same
build flags and toolchain as the rest of the TA. The OP-TEE port has been
modified to use this new list of source files, and the generated makefiles from
previous versions have been removed.
The ODK has been updated to v17.1. A new function has been added,
`ODK_PrepareCoreRenewedProvisioningRequest()`, for use with renewing deleted or
compromised keyboxes. An out of bounds buffer error was fixed in
`CreateCoreLicenseResponse()`.
A unit test has been added to test against the issue where certain 16.4.x SDK
versions return a clear key control block (KCB) in the license response. An
OEMCrypto v17.1+ implementation should be able to handle the clear KCB in the
16.4.x response and load the license correctly.
Provisioning 4.0 is now supported in oemcrypto_ta and the WTPI reference code.
The `WTPI_GetProvisioningMethod()` config function should return
`OEMCrypto_BootCertificateChain` to enable this.
`WTPI_ED25519Sign()` has been removed from the WTPI layer.
All oemcrypto_unittests now pass for the OP-TEE port running on NXP iMX8.
Provisioning 4.0 is not yet supported on the OP-TEE port.
Please note that no changes have been made to the Trusty port code. As a result,
the Trusty port may not compile against the latest changes to the rest of OPK.
## [Version 17 plus test updates and OPK v17][v17+test-updates+opk+mk]
Add makefiles to partner visible git repo.
@@ -124,3 +162,4 @@ Public release for OEMCrypto API and ODK library version 16.4.
[v17-initial-release]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17-initial-release
[v17+test-updates+opk]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17+test-updates+opk
[v17+test-updates+opk+mk]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17+test-updates+opk+mk
[v17.1]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17.1