From ba80ea5c49c0c3631fdcaa77f0237ebe1570e71a Mon Sep 17 00:00:00 2001
From: Saheli Saha <sahesaha@qti.qualcomm.com>
Date: Fri, 31 Oct 2025 12:03:20 +0530
Subject: [PATCH] libckteec: Add PKCS#11 vendor specific indestructible
 attribute

Add CKA_OPTEE_INDESTRUCTIBLE vendor specific attribute ID
for object that should never be destroyed, even on token re-initialization.

Reviewed-by: Neeraj Soni <neersoni@qti.qualcomm.com>
Signed-off-by: Saheli Saha <sahesaha@qti.qualcomm.com>
---
 libckteec/include/pkcs11.h    | 3 +++
 libckteec/include/pkcs11_ta.h | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/libckteec/include/pkcs11.h b/libckteec/include/pkcs11.h
index 6d7a0f77..e7fcd8c9 100644
--- a/libckteec/include/pkcs11.h
+++ b/libckteec/include/pkcs11.h
@@ -198,6 +198,9 @@ struct CK_ATTRIBUTE {
 #define CKA_DEFAULT_CMS_ATTRIBUTES	0x0502
 #define CKA_SUPPORTED_CMS_ATTRIBUTES	0x0503
 #define CKA_ALLOWED_MECHANISMS		(0x0600 | CKF_ARRAY_ATTRIBUTE)
+/* Vendor Defined Indestructible Attribute */
+#define CKA_OPTEE_INDESTRUCTIBLE 	(0x0001 | CKA_VENDOR_DEFINED)
+
 
 /* Attribute CKA_CLASS refers to a CK_OBJECT_CLASS typed value */
 typedef CK_ULONG CK_OBJECT_CLASS;
diff --git a/libckteec/include/pkcs11_ta.h b/libckteec/include/pkcs11_ta.h
index 063198b9..1f33aef1 100644
--- a/libckteec/include/pkcs11_ta.h
+++ b/libckteec/include/pkcs11_ta.h
@@ -1139,6 +1139,8 @@ enum pkcs11_attr_id {
 	PKCS11_CKA_ALLOWED_MECHANISMS		= 0x40000600,
 	/* Vendor extension: reserved for undefined ID (~0U) */
 	PKCS11_CKA_UNDEFINED_ID			= PKCS11_UNDEFINED_ID,
+	/* Vendor Defined Indestructible Attribute */
+	PKCS11_CKA_OPTEE_INDESTRUCTIBLE               = 0x80000001,
 };
 
 /*