Commit 3fc3f521957677b1f363624494ed866985a25505
1 parent
6c1087c030
Exists in
smarc_8mm-imx_v2019.04_4.19.35_1.1.0
and in
1 other branch
MA-15151 Limit some hwcrypto commands within bootloader
It can be dangerous to export some hwcrypto commands to Linux, add commands to limit some commands within bootloader. Test: hwcrypto commands can't be used after locking boot state. Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22 Signed-off-by: Ji Luo <ji.luo@nxp.com>
Showing 4 changed files with 15 additions and 0 deletions Side-by-side Diff
drivers/fastboot/fb_fsl/fb_fsl_boot.c
... | ... | @@ -831,6 +831,8 @@ |
831 | 831 | goto fail; |
832 | 832 | /* lock the boot status and rollback_idx preventing Linux modify it */ |
833 | 833 | trusty_lock_boot_state(); |
834 | + /* lock the boot state so linux can't use some hwcrypto commands. */ | |
835 | + hwcrypto_lock_boot_state(); | |
834 | 836 | /* put ql-tipc to release resource for Linux */ |
835 | 837 | trusty_ipc_shutdown(); |
836 | 838 | #endif |
include/interface/hwcrypto/hwcrypto.h
include/trusty/hwcrypto.h
... | ... | @@ -82,5 +82,12 @@ |
82 | 82 | * @len: size of required rng. |
83 | 83 | * */ |
84 | 84 | int hwcrypto_gen_bkek(uint32_t buf, uint32_t len); |
85 | + | |
86 | +/* Send request to secure side to lock boot state, so some | |
87 | + * hwcrypto commands can't be used outside of bootloader. | |
88 | + * Returns one of trusty_err. | |
89 | + * */ | |
90 | +int hwcrypto_lock_boot_state(void); | |
91 | + | |
85 | 92 | #endif /* TRUSTY_HWCRYPTO_H_ */ |
lib/trusty/ql-tipc/hwcrypto.c
-
mentioned in commit 1411f5
-
mentioned in commit 1411f5
-
mentioned in commit 0221ae
-
mentioned in commit 0221ae
-
mentioned in commit 38f997
-
mentioned in commit 38f997
-
mentioned in commit 0221ae
-
mentioned in commit 38f997
-
mentioned in commit 38f997
-
mentioned in commit 38f997
-
mentioned in commit 38f997
-
mentioned in commit 744668