Verify key returning 0xffff0006 (TEE_ERROR_BAD_PARAMETERS) when CONFIG_NULL_TTY is activated

[jcmrodrigues]

Hello all! :)

I catch the error 0xffff0006 (TEE_ERROR_BAD_PARAMETERS) when I enable CONFIG_NULL_TTY on the kernel configs or/and I disable G_SERIAL on the kernel configs also.
I am not even using ttynull to redirect the console, and the default one continues to be the same.
When using PKCS11 TA without NULL_TTY activated, it works, but as soon as I disable it I start having the Verify key returning 0xffff0006, no additional changes are performed.

I checked the key present on both working and failing one (with NULL_TTY activated) and the tee_rpmb_ctx key is the same, so it should match the RPMB key on both.

[OP-TEE][0.792000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x20EB
[OP-TEE][0.792000][1]D/TEE-CORE:?   tee_ta_init_pseudo_ta_session:309 Open device.pta
[OP-TEE][0.792000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0xA7
[OP-TEE][0.792000][1]D/TEE-CORE:?   tee_ta_init_pseudo_ta_session:309 Open rng.pta
[OP-TEE][0.792000][1]F/TEE-CORE:?   invoke_command:63 rng.pta command 0x1 ptypes 0x2
[OP-TEE][0.792000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x22
[OP-TEE][0.793000][1]F/TEE-CORE:?   invoke_command:63 rng.pta command 0 ptypes 0x7
[OP-TEE][0.793000][1]D/TEE-CORE:?   tee_ta_close_session:548 Destroy session
[OP-TEE][0.793000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x36
[OP-TEE][0.810000][1]F/TEE-CORE:?   invoke_command:63 rng.pta command 0 ptypes 0x7
[OP-TEE][1.326000][0]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x80
[OP-TEE][1.326000][0]D/TEE-CORE:?   tee_ta_close_session:529 csess 0x442dcac0 id 3
[OP-TEE][1.326000][0]D/TEE-CORE:?   tee_ta_close_session:548 Destroy session
[OP-TEE][1.577000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x50
[OP-TEE][1.579000][1]D/TEE-CORE:?   ldelf_load_ldelf:96 ldelf load address 0x80006000
[OP-TEE][1.579000][1]D/LD:  ldelf:142 Loading TS [[[ID]]]
[OP-TEE][1.579000][1]F/TEE-CORE:?   trace_syscall:159 syscall #3 (syscall_get_property)
[OP-TEE][1.579000][1]F/TEE-CORE:?   trace_syscall:159 syscall #5 (syscall_open_ta_session)
[OP-TEE][1.579000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0xED
[OP-TEE][1.582000][1]F/TEE-CORE:?   trace_syscall:159 syscall #7 (syscall_invoke_ta_command)
[OP-TEE][1.582000][1]F/TEE-CORE:?   read_compressed:179 4096 bytes
[OP-TEE][1.582000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0xB6
[OP-TEE][1.582000][1]F/TEE-CORE:?   trace_syscall:159 syscall #7 (syscall_invoke_ta_command)
[OP-TEE][1.590000][1]F/TEE-CORE:?   read_compressed:179 350000 bytes
[OP-TEE][1.590000][1]F/TEE-CORE:?   trace_syscall:159 syscall #3 (syscall_get_property)
[OP-TEE][1.591000][1]F/TEE-CORE:?   trace_syscall:159 syscall #8 (syscall_check_access_rights)
[OP-TEE][1.591000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x1E
[OP-TEE][1.591000][1]F/TEE-CORE:?   read_compressed:179 1024 bytes
[OP-TEE][1.591000][1]F/TEE-CORE:?   read_compressed:179 1024 bytes
[OP-TEE][1.591000][1]F/TEE-CORE:?   read_compressed:179 208 bytes
[OP-TEE][1.591000][1]F/TEE-CORE:?   read_compressed:179 14496 bytes
[OP-TEE][1.591000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x18
[OP-TEE][1.591000][1]F/TEE-CORE:?   trace_syscall:159 syscall #8 (syscall_check_access_rights)
[OP-TEE][1.592000][1]F/TEE-CORE:?   read_compressed:179 144 bytes
[OP-TEE][1.592000][1]F/TEE-CORE:?   read_compressed:179 1152 bytes
[OP-TEE][1.592000][1]F/TEE-CORE:?   trace_syscall:159 syscall #6 (syscall_close_ta_session)
[OP-TEE][1.592000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0xFC
[OP-TEE][1.592000][1]F/TEE-CORE:?   trace_syscall:159 syscall #3 (syscall_get_property)
[OP-TEE][1.592000][1]D/LD:  ldelf:176 ELF ([[[ID]]]) at 0x80014000
[OP-TEE][1.592000][1]F/TEE-CORE:?   trace_syscall:159 syscall #33 (syscall_cryp_random_number_generate)
[OP-TEE][1.647000][1]F/TEE-CORE:?   trace_syscall:159 syscall #8 (syscall_check_access_rights)
[OP-TEE][1.647000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x0C
[OP-TEE][1.647000][1]F/TEE-CORE:?   trace_syscall:159 syscall #8 (syscall_check_access_rights)
[OP-TEE][1.647000][1]F/TEE-CORE:?   trace_syscall:159 syscall #4 (syscall_get_property_name_to_index)
[OP-TEE][1.647000][1]F/TEE-CORE:?   trace_syscall:159 syscall #8 (syscall_check_access_rights)
[OP-TEE][1.647000][1]F/TEE-CORE:?   trace_syscall:159 syscall #41 (syscall_storage_obj_open)
[OP-TEE][1.647000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x53
[OP-TEE][1.648000][1]D/TEE-CORE:?   tee_rpmb_init:1218 RPMB: Syncing device information
[OP-TEE][1.652000][1]D/TEE-CORE:?   tee_rpmb_init:1226 RPMB: RPMB size is 32*128 KB
[OP-TEE][1.652000][1]D/TEE-CORE:?   tee_rpmb_init:1227 RPMB: Reliable Write Sector Count is 1
[OP-TEE][1.652000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x0C
[OP-TEE][1.652000][1]D/TEE-CORE:?   tee_rpmb_init:1254 RPMB INIT: Deriving key
[OP-TEE][1.652000][1]I/TEE-CORE: RPMB: Using generated key
[OP-TEE][1.652000][1]D/TEE-CORE:?   tee_rpmb_init:1269 RPMB INIT: Verifying Key
[OP-TEE][1.652000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x38
[OP-TEE][1.659000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0xD8
[OP-TEE][2.022000][1]E/TEE-CORE:?   tee_rpmb_verify_key_sync_counter:1099 Verify key returning 0xffff0006
[OP-TEE][2.022000][1]E/TEE-CORE:?   tee_rpmb_init:1289 Verify key failed!
[OP-TEE][2.022000][1]E/TEE-CORE:?   tee_rpmb_init:1290 Make sure key here matches device key
[OP-TEE][2.022000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0xFA
[OP-TEE][2.022000][1]F/TEE-CORE:?   trace_syscall:159 syscall #2 (syscall_panic)
[OP-TEE][2.022000][1]E/TEE-CORE:?
[OP-TEE][2.022000][1]E/TEE-CORE:?   TA panicked with code 0xffff0006
[OP-TEE][2.022000][1]E/LD:  Status of TA [[[ID]]]
[OP-TEE][2.022000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0xBD
[OP-TEE][2.022000][1]E/LD:   arch: aarch64
[OP-TEE][2.022000][1]E/LD:  region  0: va 0x80004000 pa 0x44400000 size 0x002000 flags rw-s (ldelf)
[OP-TEE][2.022000][1]E/LD:  region  1: va 0x80006000 pa 0x44402000 size 0x008000 flags r-xs (ldelf)
[OP-TEE][2.022000][1]E/LD:  region  2: va 0x8000e000 pa 0x4440a000 size 0x001000 flags rw-s (ldelf)
[OP-TEE][2.022000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0xD2
[OP-TEE][2.022000][1]E/LD:  region  3: va 0x8000f000 pa 0x4440b000 size 0x004000 flags rw-s (ldelf)
[OP-TEE][2.023000][1]E/LD:  region  4: va 0x80013000 pa 0x4440f000 size 0x001000 flags r--s
[OP-TEE][2.023000][1]E/LD:  region  5: va 0x80014000 pa 0x00001000 size 0x056000 flags r-xs [0]
[OP-TEE][2.023000][1]E/LD:  region  6: va 0x8006a000 pa 0x00057000 size 0x022000 flags rw-s [0]
[OP-TEE][2.023000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x83
[OP-TEE][2.023000][1]E/LD:  region  7: va 0x8008c000 pa 0x44488000 size 0x004000 flags rw-s (stack)
[OP-TEE][2.023000][1]E/LD:   [0] [[[ID]]] @ 0x80014000
[OP-TEE][2.023000][1]D/TEE-CORE:?   user_ta_enter:176 tee_user_ta_enter: TA panicked with code 0xffff0006
[OP-TEE][2.023000][1]D/TEE-CORE:?   tee_ta_close_session:529 csess 0x442dcac0 id 3
[OP-TEE][2.023000][1]F/TEE-CORE:?   plat_prng_add_jitter_entropy:72 0x27
[OP-TEE][2.023000][1]D/TEE-CORE:?   tee_ta_close_session:548 Destroy session
[OP-TEE][2.023000][1]E/TEE-CORE:?   tee_ta_open_session:785 Failed. Return error 0xffff3024

I am still digging on the optee code to try to catch the exact line where it fails.

Do you have any clue on why is this happening? I am only enabling CONFIG_NULL_TYY on kernel config and this starts to fail.

Thank you for your support!! :)