Commit 03f8d398212ab75b220024e3f1142590f04ef085
1 parent
206c8a0e7a
Exists in
smarc_8mm-imx_v2019.04_4.19.35_1.1.0
and in
1 other branch
MA-15575-3 Add support for oemlock 1.0 hal
Add commands to read oem device unlock state from trusty avb app. Use the oem device unlock state to determine if the device can be unlocked instead of the state in persistdata part. Test: Read oem device unlock state from avb app. Change-Id: Ifccaa788ba0f681c2b3a47151c8474e8da5a2559 Signed-off-by: Ji Luo <ji.luo@nxp.com>
Showing 4 changed files with 32 additions and 6 deletions Side-by-side Diff
drivers/fastboot/fb_fsl/fastboot_lock_unlock.c
| ... | ... | @@ -449,18 +449,28 @@ |
| 449 | 449 | |
| 450 | 450 | } |
| 451 | 451 | FbLockEnableResult fastboot_lock_enable() { |
| 452 | - struct blk_desc *fs_dev_desc; | |
| 453 | - disk_partition_t fs_partition; | |
| 454 | - unsigned char *bdata; | |
| 455 | - int mmc_id; | |
| 456 | - FbLockEnableResult ret; | |
| 457 | - | |
| 458 | 452 | #ifdef CONFIG_DUAL_BOOTLOADER |
| 459 | 453 | /* Always allow unlock device in spl recovery mode. */ |
| 460 | 454 | if (is_spl_recovery()) |
| 461 | 455 | return FASTBOOT_UL_ENABLE; |
| 462 | 456 | #endif |
| 463 | 457 | |
| 458 | +#ifdef CONFIG_IMX_TRUSTY_OS | |
| 459 | + int ret; | |
| 460 | + uint8_t oem_device_unlock; | |
| 461 | + | |
| 462 | + ret = trusty_read_oem_unlock_device_permission(&oem_device_unlock); | |
| 463 | + if (ret < 0) | |
| 464 | + return FASTBOOT_UL_ERROR; | |
| 465 | + else | |
| 466 | + return oem_device_unlock; | |
| 467 | +#else /* CONFIG_IMX_TRUSTY_OS */ | |
| 468 | + FbLockEnableResult ret; | |
| 469 | + struct blk_desc *fs_dev_desc; | |
| 470 | + disk_partition_t fs_partition; | |
| 471 | + unsigned char *bdata; | |
| 472 | + int mmc_id; | |
| 473 | + | |
| 464 | 474 | bdata = (unsigned char *)memalign(ALIGN_BYTES, SECTOR_SIZE); |
| 465 | 475 | if (bdata == NULL) |
| 466 | 476 | return FASTBOOT_UL_ERROR; |
| ... | ... | @@ -500,6 +510,7 @@ |
| 500 | 510 | fail: |
| 501 | 511 | free(bdata); |
| 502 | 512 | return ret; |
| 513 | +#endif /* CONFIG_IMX_TRUSTY_OS */ | |
| 503 | 514 | |
| 504 | 515 | } |
| 505 | 516 | #endif |
include/interface/avb/avb.h
| ... | ... | @@ -44,6 +44,8 @@ |
| 44 | 44 | LOCK_BOOT_STATE = (7 << AVB_REQ_SHIFT), |
| 45 | 45 | READ_VBMETA_PUBLIC_KEY = (8 << AVB_REQ_SHIFT), |
| 46 | 46 | WRITE_VBMETA_PUBLIC_KEY = (9 << AVB_REQ_SHIFT), |
| 47 | + WRITE_OEM_UNLOCK_DEVICE_PERMISSION = (10 << AVB_REQ_SHIFT), | |
| 48 | + READ_OEM_UNLOCK_DEVICE_PERMISSION = (11 << AVB_REQ_SHIFT), | |
| 47 | 49 | }; |
| 48 | 50 | |
| 49 | 51 | /** |
include/trusty/avb.h
| ... | ... | @@ -116,6 +116,12 @@ |
| 116 | 116 | * Returns one of trusty_err. |
| 117 | 117 | */ |
| 118 | 118 | int trusty_lock_boot_state(void); |
| 119 | +/* | |
| 120 | + * Send request to secure side to read oem device unlock state from RPMB. | |
| 121 | + * | |
| 122 | + * Returns one of trusty_err. | |
| 123 | + */ | |
| 124 | +int trusty_read_oem_unlock_device_permission(uint8_t *lock_state); | |
| 119 | 125 | |
| 120 | 126 | #endif /* TRUSTY_AVB_H_ */ |
lib/trusty/ql-tipc/avb.c
| ... | ... | @@ -260,4 +260,11 @@ |
| 260 | 260 | { |
| 261 | 261 | return avb_do_tipc(LOCK_BOOT_STATE, NULL, 0, NULL, NULL); |
| 262 | 262 | } |
| 263 | + | |
| 264 | +int trusty_read_oem_unlock_device_permission(uint8_t *oem_device_unlock) | |
| 265 | +{ | |
| 266 | + uint32_t resp_size = sizeof(*oem_device_unlock); | |
| 267 | + return avb_do_tipc(READ_OEM_UNLOCK_DEVICE_PERMISSION, NULL, 0, oem_device_unlock, | |
| 268 | + &resp_size); | |
| 269 | +} |