1. What is RPMB
First of all, RPMB is a repaly protected memory block, which literally means a playback protected storage area.
This area is an area on EMMC or UFS. This area can be read and written, but reading and writing are protected by access control and playback.
The RPMB space size on UFS is generally 16M;
the RPMB space size on EMMC is generally 4M, and there are also 64K;
so the RPMB space size generally depends on the data sheet of the selected memory chip (I have encountered that there is no RPMB area on EMMC).
In general, the data needs to have several elements:
- confidentiality
- integrity
- freshness
- Availability
Replay protection ensures data freshness.
2. What is Replay Protection
To understand replay protection, let's first understand replay attacks.
int write_file()
{ char *data = "123456"; int fd; fd = open("a.txt", O_RDWR); if (fd < 0) { printf("open a.txt failed, errno= %d\ n", errno); return -1; }
int wlen = write(fd, data, strlen(data));
if (wlen != strlen(data)) {
printf("write failed");
close(fd);
return -2;
}
printf("write file success\n");
close(fd);
return 0;
}
In the method above, we wrote some data into a.txt. At this time, if we back up the written file into b.txt, we can use the program to read a.txt, and it can be read normally. Then delete a.txt, and finally copy b.txt to a.txt.
If there is playback protection, the program should fail to read a.txt again. If successful, it proves that there is no replay protection mechanism.
3. The working principle of RPMB
RPMB function
- get counter: Get the counter counter in RPMB;
- program key: write RPMB key, each RPMB needs to program only one key during its life cycle, this action can be done in the factory, or it can be done automatically in the bootloader every time it is turned on;
- read: read the data in RPMB;
- write: write data to RPMB;
- get max wr size: Get the maximum amount of data that can be written to RPMB at one time;
RPMB operates key data structures
struct rpmb_frame {
u_int8_t stuff[196]; //无用
u_int8_t key_mac[32]; //rpmb key,program rpmb key指令的时候会使用到
u_int8_t data[256];//对RPMB进行读写的数据
u_int8_t nonce[16];//一个随机数,可以不使用,如果使用,需要发起者生成随机数,RPMB硬件对随机数与其它数据一起做mac,发起者调用返回之后,需要验证mac与nonce,保证调用是新鲜的。相当于很多场景中challenge的意思。
u_int32_t write_counter; //写操作的时候,counter标记,用户防止回放攻击
u_int16_t addr; //读写RPMB的地址,块设备操作,每次操作256字节,因此这个地方可以是256的整数倍
u_int16_t block_count;//每次读写几块RPMB数据,一块是256字节
u_int16_t result; //操作之后的返回结果,对frameout的数据有效
u_int16_t req_resp; //本次操作的CMD, 代表本次要做什么
};
RPMB program key
This action can be done automatically when booting, operated by the bootloader, or manually bound through the user's production line.
Notice:
- The RPMB KEY is bound to the CPU in most cases, that is to say, if the CPU is damaged, the EMMC or UFS needs to be replaced during maintenance.
- Since the RPMB KEY is bound to the CPU, most customers use the factory program key when using RPMB. Reason: to reduce costs.
- The factory needs to carry out the aging test of the CPU. If the CPU and EMMC are bound in advance, the bad CPU will lead to waste of EMMC. Therefore, in the case of mass production, customers will choose the delayed binding solution to save costs.
RPMB READ and WRITE principle
RPMB read and write: call principle
4. RPMB implementation reference
EMMC RPMB: Application call implementation reference
UFS RPMB: Application call implementation reference /dev/0:0:0:49476
trusty REE RPMB: REE end RPMB call
trusty TEE RPMB: TEE end RPMB call