Commit 6192aff56871a4f88c8ac23d9ca2b6131c579f1f
1 parent
a024d695b7
Exists in
smarc-imx_v2018.03_4.14.78_1.0.0_ga
MA-13628 [Auto] Read/Write rollback index from rpmb
Secure storage is ready in trusty so we should read/write the rollback index from rpmb. But for borads without rpmb key, read/write the rpmb will fail and will block the following avb verify process. In this case, check if the rpmb key has been set and always return AVB_IO_RESULT_OK for the boards without rpmb key. Test: build and boot pass on imx8qm_mek. Change-Id: I10c438e56d049ae97ebedfc446c8202642630d8b Signed-off-by: Ji Luo <ji.luo@nxp.com>
Showing 5 changed files with 28 additions and 10 deletions Side-by-side Diff
common/board_r.c
... | ... | @@ -654,7 +654,7 @@ |
654 | 654 | } |
655 | 655 | #endif |
656 | 656 | |
657 | -#ifdef AVB_RPMB | |
657 | +#if defined(AVB_RPMB) && !defined(CONFIG_SPL) | |
658 | 658 | extern int init_avbkey(void); |
659 | 659 | static int initr_avbkey(void) |
660 | 660 | { |
... | ... | @@ -899,7 +899,7 @@ |
899 | 899 | #ifdef CONFIG_PS2KBD |
900 | 900 | initr_kbd, |
901 | 901 | #endif |
902 | -#ifdef AVB_RPMB | |
902 | +#if defined(AVB_RPMB) && !defined(CONFIG_SPL) | |
903 | 903 | initr_avbkey, |
904 | 904 | #endif |
905 | 905 | #ifdef CONFIG_IMX_TRUSTY_OS |
include/configs/imx8qm_mek_android_auto.h
include/configs/imx8qxp_mek_android_auto.h
lib/avb/fsl/fsl_avb.c
... | ... | @@ -631,8 +631,16 @@ |
631 | 631 | AvbIOResult ret; |
632 | 632 | #ifdef CONFIG_IMX_TRUSTY_OS |
633 | 633 | if (trusty_write_rollback_index(rollback_index_slot, rollback_index)) { |
634 | - ERR("write rollback from Trusty error!"); | |
635 | - ret = AVB_IO_RESULT_ERROR_IO; | |
634 | + ERR("write rollback from Trusty error!\n"); | |
635 | +#ifdef CONFIG_ANDROID_AUTO_SUPPORT | |
636 | + /* Read/write rollback index from rpmb will fail if the rpmb | |
637 | + * key hasn't been set, return AVB_IO_RESULT_OK in this case. | |
638 | + */ | |
639 | + if (!rpmbkey_is_set()) | |
640 | + ret = AVB_IO_RESULT_OK; | |
641 | + else | |
642 | +#endif | |
643 | + ret = AVB_IO_RESULT_ERROR_IO; | |
636 | 644 | } else { |
637 | 645 | ret = AVB_IO_RESULT_OK; |
638 | 646 | } |
... | ... | @@ -720,8 +728,14 @@ |
720 | 728 | AvbIOResult ret; |
721 | 729 | #ifdef CONFIG_IMX_TRUSTY_OS |
722 | 730 | if (trusty_read_rollback_index(rollback_index_slot, out_rollback_index)) { |
723 | - ERR("read rollback from Trusty error!"); | |
724 | - ret = AVB_IO_RESULT_ERROR_IO; | |
731 | + ERR("read rollback from Trusty error!\n"); | |
732 | +#ifdef CONFIG_ANDROID_AUTO_SUPPORT | |
733 | + if (!rpmbkey_is_set()) { | |
734 | + *out_rollback_index = 0; | |
735 | + ret = AVB_IO_RESULT_OK; | |
736 | + } else | |
737 | +#endif | |
738 | + ret = AVB_IO_RESULT_ERROR_IO; | |
725 | 739 | } else { |
726 | 740 | ret = AVB_IO_RESULT_OK; |
727 | 741 | } |
lib/avb/fsl/fsl_avbkey.c
... | ... | @@ -572,7 +572,6 @@ |
572 | 572 | } |
573 | 573 | |
574 | 574 | int init_avbkey(void) { |
575 | -#ifndef CONFIG_ARM64 | |
576 | 575 | struct keyslot_package kp; |
577 | 576 | read_keyslot_package(&kp); |
578 | 577 | if (strcmp(kp.magic, KEYPACK_MAGIC)) { |
... | ... | @@ -588,7 +587,6 @@ |
588 | 587 | return RESULT_ERROR; |
589 | 588 | #endif |
590 | 589 | fill_secure_keyslot_package(&kp); |
591 | -#endif | |
592 | 590 | return RESULT_OK; |
593 | 591 | } |
594 | 592 |