Commit 0e8b4af40671aee9e6fa656870aa00efb44a4116
1 parent
6192aff568
Exists in
smarc-imx_v2018.03_4.14.78_1.0.0_ga
MA-13629 [Trusty] Add commands to set vbmeta public key
Add commands to write/read vbmeta public key to/from secure storage. The vbmeta public key can only be set once. Comands to set the public key: fastboot stage <path-to-your-public-key> fastboot oem set-public-key Test: build and boot on imx8qxp_mek. Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca Signed-off-by: Ji Luo <ji.luo@nxp.com>
Showing 8 changed files with 91 additions and 4 deletions Side-by-side Diff
drivers/usb/gadget/f_fastboot.c
... | ... | @@ -3761,8 +3761,14 @@ |
3761 | 3761 | strcpy(response, "FAILset rpmb key failed!"); |
3762 | 3762 | } else |
3763 | 3763 | strcpy(response, "OKAY"); |
3764 | + } else if (endswith(cmd, FASTBOOT_SET_VBMETA_PUBLIC_KEY)) { | |
3765 | + if (avb_set_public_key(interface.transfer_buffer, | |
3766 | + download_bytes)) | |
3767 | + strcpy(response, "FAILcan't set public key!"); | |
3768 | + else | |
3769 | + strcpy(response, "OKAY"); | |
3764 | 3770 | } |
3765 | -#endif | |
3771 | +#endif /* CONFIG_ANDROID_AUTO_SUPPORT */ | |
3766 | 3772 | #endif /* CONFIG_IMX_TRUSTY_OS */ |
3767 | 3773 | else if (endswith(cmd, "unlock_critical")) { |
3768 | 3774 | strcpy(response, "OKAY"); |
include/fsl_avb.h
include/fsl_fastboot.h
... | ... | @@ -83,8 +83,11 @@ |
83 | 83 | #define FASTBOOT_PARTITION_FBMISC "fbmisc" |
84 | 84 | #endif |
85 | 85 | |
86 | +#ifdef CONFIG_IMX_TRUSTY_OS | |
86 | 87 | #ifdef CONFIG_ANDROID_AUTO_SUPPORT |
87 | 88 | #define FASTBOOT_SET_RPMB_KEY "set-rpmb-key" |
89 | +#define FASTBOOT_SET_VBMETA_PUBLIC_KEY "set-public-key" | |
90 | +#endif | |
88 | 91 | #endif |
89 | 92 | |
90 | 93 | #if defined(CONFIG_AVB_ATX) || defined(CONFIG_ANDROID_AUTO_SUPPORT) |
include/interface/avb/avb.h
include/trusty/avb.h
... | ... | @@ -78,6 +78,24 @@ |
78 | 78 | */ |
79 | 79 | int trusty_write_permanent_attributes(uint8_t *attributes, uint32_t size); |
80 | 80 | /* |
81 | + * Send request to secure side to read vbmeta public key. | |
82 | + * | |
83 | + * Copies public key received by secure side to |publickey|. If |size| does not | |
84 | + * match the size returned by the secure side, an error is returned. Returns one | |
85 | + * of trusty_err. | |
86 | + * | |
87 | + * @publickey: caller allocated buffer | |
88 | + * @size: size of |publickey| | |
89 | + */ | |
90 | +int trusty_read_vbmeta_public_key(uint8_t *publickey, uint32_t size); | |
91 | +/* | |
92 | + * Send request to secure side to write vbmeta public key. Public key | |
93 | + * can only be written to storage once. | |
94 | + * | |
95 | + * Returns one of trusty_err. | |
96 | + */ | |
97 | +int trusty_write_vbmeta_public_key(uint8_t *publickey, uint32_t size); | |
98 | +/* | |
81 | 99 | * Send request to secure side to read device lock state from RPMB. |
82 | 100 | * |
83 | 101 | * Returns one of trusty_err. |
lib/avb/fsl/fsl_avb.c
... | ... | @@ -20,8 +20,8 @@ |
20 | 20 | #include "fsl_atx_attributes.h" |
21 | 21 | |
22 | 22 | #define FSL_AVB_DEV "mmc" |
23 | +#define AVB_MAX_BUFFER_LENGTH 2048 | |
23 | 24 | |
24 | - | |
25 | 25 | static struct blk_desc *fs_dev_desc = NULL; |
26 | 26 | static struct blk_desc *get_mmc_desc(void) { |
27 | 27 | extern int mmc_get_env_dev(void); |
28 | 28 | |
29 | 29 | |
... | ... | @@ -604,11 +604,27 @@ |
604 | 604 | assert(ops != NULL && out_is_trusted != NULL); |
605 | 605 | *out_is_trusted = false; |
606 | 606 | |
607 | +#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT) | |
608 | + uint8_t public_key_buf[AVB_MAX_BUFFER_LENGTH]; | |
609 | + if (trusty_read_vbmeta_public_key(public_key_buf, | |
610 | + public_key_length) != 0) { | |
611 | + ERR("Read public key error\n"); | |
612 | + /* We're not going to return error code here because it will | |
613 | + * abort the following avb verify process even we allow the | |
614 | + * verification error. Return AVB_IO_RESULT_OK and keep the | |
615 | + * 'out_is_trusted' as false, avb will handle the error | |
616 | + * depends on the 'allow_verification_error' flag. | |
617 | + */ | |
618 | + return AVB_IO_RESULT_OK; | |
619 | + } | |
620 | + | |
621 | + if (memcmp(public_key_buf, public_key_data, public_key_length)) { | |
622 | +#else | |
607 | 623 | /* match given public key */ |
608 | 624 | if (memcmp(fsl_public_key, public_key_data, public_key_length)) { |
609 | - ret = AVB_IO_RESULT_ERROR_IO; | |
625 | +#endif | |
610 | 626 | ERR("public key not match\n"); |
611 | - return AVB_IO_RESULT_ERROR_IO; | |
627 | + return AVB_IO_RESULT_OK; | |
612 | 628 | } |
613 | 629 | |
614 | 630 | *out_is_trusted = true; |
lib/avb/fsl/fsl_avbkey.c
... | ... | @@ -15,6 +15,7 @@ |
15 | 15 | #include <mapmem.h> |
16 | 16 | |
17 | 17 | #include <fsl_avb.h> |
18 | +#include "trusty/avb.h" | |
18 | 19 | #ifdef CONFIG_IMX_TRUSTY_OS |
19 | 20 | #include <trusty/libtipc.h> |
20 | 21 | #endif |
... | ... | @@ -1126,6 +1127,21 @@ |
1126 | 1127 | } |
1127 | 1128 | |
1128 | 1129 | return ret; |
1130 | +} | |
1131 | + | |
1132 | +int avb_set_public_key(uint8_t *staged_buffer, uint32_t size) { | |
1133 | + | |
1134 | + if ((staged_buffer == NULL) || (size <= 0)) { | |
1135 | + ERR("Error. Get null staged_buffer\n"); | |
1136 | + return -1; | |
1137 | + } | |
1138 | + if (trusty_write_vbmeta_public_key(staged_buffer, size)) { | |
1139 | + ERR("Error. Failed to write vbmeta public key into secure storage\n"); | |
1140 | + return -1; | |
1141 | + } else | |
1142 | + printf("Set vbmeta public key successfully!\n"); | |
1143 | + | |
1144 | + return 0; | |
1129 | 1145 | } |
1130 | 1146 | #endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */ |
1131 | 1147 | #endif /* CONFIG_SPL_BUILD */ |
lib/trusty/ql-tipc/avb.c
... | ... | @@ -220,6 +220,29 @@ |
220 | 220 | NULL); |
221 | 221 | } |
222 | 222 | |
223 | +int trusty_read_vbmeta_public_key(uint8_t *publickey, uint32_t size) | |
224 | +{ | |
225 | + uint8_t resp_buf[AVB_MAX_BUFFER_LENGTH]; | |
226 | + uint32_t resp_size = AVB_MAX_BUFFER_LENGTH; | |
227 | + int rc = avb_do_tipc(READ_VBMETA_PUBLIC_KEY, NULL, 0, resp_buf, | |
228 | + &resp_size); | |
229 | + if (rc != 0) { | |
230 | + return rc; | |
231 | + } | |
232 | + /* ensure caller passed size matches size returned by Trusty */ | |
233 | + if (size != resp_size) { | |
234 | + return TRUSTY_ERR_INVALID_ARGS; | |
235 | + } | |
236 | + trusty_memcpy(publickey, resp_buf, resp_size); | |
237 | + return rc; | |
238 | +} | |
239 | + | |
240 | +int trusty_write_vbmeta_public_key(uint8_t *publickey, uint32_t size) | |
241 | +{ | |
242 | + return avb_do_tipc(WRITE_VBMETA_PUBLIC_KEY, publickey, size, NULL, | |
243 | + NULL); | |
244 | +} | |
245 | + | |
223 | 246 | int trusty_read_lock_state(uint8_t *lock_state) |
224 | 247 | { |
225 | 248 | uint32_t resp_size = sizeof(*lock_state); |