On Fri Mar 8, 2024 at 9:17 AM EET, David Gstir wrote:

Hi Jarkko,

quoted

On 07.03.2024, at 20:30, Jarkko Sakkinen [off-list ref] wrote:

[...]

quoted

quoted

+
+static int trusted_dcp_init(void)
+{
+ int ret;
+
+ if (use_otp_key)
+ pr_info("Using DCP OTP key\n");
+
+ ret = test_for_zero_key();
+ if (ret) {
+ pr_err("Test for zero'ed keys failed: %i\n", ret);

I'm not sure whether this should err or warn.

What sort of situations can cause the test the fail (e.g.
adversary/interposer, bad configuration etc.).

This occurs when the hardware is not in "secure mode". I.e. it’s a bad configuration issue.
Once the board is properly configured, this will never trigger again.
Do you think a warning is better for this then?

Bad configuration is not unexpected configuration so it cannot possibly
be an error situation as far as Linux is considered. So warning is 
appropriate here I'd figure.

BR, Jarkko