Commit 7ade5b407fe6164c0d07f32f72e487ae5f6f3964

Authored by Ji Luo
1 parent de975d8500

MA-13832 [Trusty] Support random rpmb key set

Sometimes we need to set random rpmb key which is invisible
except for the device.
Generate the random key with hwcrypto interface and support
fastboot command "fastboot oem set-rpmb-random-key" to set it.

Test: build and boot on imx8q.

Change-Id: I44e1b6b091366d8ffceb1159fc65c17610ce5243
Signed-off-by: Ji Luo <ji.luo@nxp.com>

Showing 4 changed files with 39 additions and 10 deletions Side-by-side Diff

drivers/usb/gadget/f_fastboot.c
... ... @@ -3766,6 +3766,12 @@
3766 3766 strcpy(response, "FAILset rpmb key failed!");
3767 3767 } else
3768 3768 strcpy(response, "OKAY");
  3769 + } else if (endswith(cmd, FASTBOOT_SET_RPMB_RANDOM_KEY)) {
  3770 + if (fastboot_set_rpmb_random_key()) {
  3771 + printf("ERROR set rpmb random key failed!\n");
  3772 + strcpy(response, "FAILset rpmb random key failed!");
  3773 + } else
  3774 + strcpy(response, "OKAY");
3769 3775 } else if (endswith(cmd, FASTBOOT_SET_VBMETA_PUBLIC_KEY)) {
3770 3776 if (avb_set_public_key(interface.transfer_buffer,
3771 3777 download_bytes))
... ... @@ -251,6 +251,9 @@
251 251 /* Initialize rpmb key with the staged key */
252 252 int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size);
253 253  
  254 +/* Initialize rpmb key with random key which is generated by caam rng */
  255 +int fastboot_set_rpmb_random_key(void);
  256 +
254 257 /* Generate ATX unlock challenge */
255 258 int avb_atx_get_unlock_challenge(struct AvbAtxOps* atx_ops,
256 259 uint8_t *upload_buffer, uint32_t *size);
include/fsl_fastboot.h
... ... @@ -86,6 +86,7 @@
86 86 #ifdef CONFIG_IMX_TRUSTY_OS
87 87 #ifndef CONFIG_AVB_ATX
88 88 #define FASTBOOT_SET_RPMB_KEY "set-rpmb-key"
  89 +#define FASTBOOT_SET_RPMB_RANDOM_KEY "set-rpmb-random-key"
89 90 #define FASTBOOT_SET_VBMETA_PUBLIC_KEY "set-public-key"
90 91 #endif
91 92  
lib/avb/fsl/fsl_avbkey.c
... ... @@ -1034,7 +1034,7 @@
1034 1034 return ret;
1035 1035 }
1036 1036  
1037   -int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
  1037 +int do_rpmb_key_set(uint8_t *key, uint32_t key_size)
1038 1038 {
1039 1039 int ret = 0;
1040 1040 int mmcc;
... ... @@ -1046,10 +1046,9 @@
1046 1046 ALLOC_CACHE_ALIGN_BUFFER(uint8_t, blob,
1047 1047 RPMBKEY_LENGTH + CAAM_PAD);
1048 1048  
1049   - if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) {
1050   - printf("ERROR - rpmb magic doesn't match!\n");
1051   - return -1;
1052   - }
  1049 + /* copy rpmb key to cache aligned buffer. */
  1050 + memset(rpmb_key, 0, RPMBKEY_LENGTH);
  1051 + memcpy(rpmb_key, key, RPMBKEY_LENGTH);
1053 1052  
1054 1053 /* Get current mmc device. */
1055 1054 mmcc = mmc_get_env_dev();
... ... @@ -1070,11 +1069,6 @@
1070 1069 desc->hwpart = MMC_PART_RPMB;
1071 1070 }
1072 1071  
1073   - /* Set rpmb key. */
1074   - memset(rpmb_key, 0, RPMBKEY_LENGTH);
1075   - memcpy(rpmb_key,
1076   - staged_buf + strlen(RPMB_KEY_MAGIC), RPMBKEY_LENGTH);
1077   -
1078 1072 if (mmc_rpmb_set_key(mmc, rpmb_key)) {
1079 1073 printf("ERROR - Key already programmed ?\n");
1080 1074 ret = -1;
... ... @@ -1117,6 +1111,7 @@
1117 1111  
1118 1112 /* Erase the key buffer. */
1119 1113 memset(rpmb_key, 0, RPMBKEY_LENGTH);
  1114 + memset(key, 0, RPMBKEY_LENGTH);
1120 1115  
1121 1116 fail:
1122 1117 /* Return to original partition */
... ... @@ -1127,6 +1122,30 @@
1127 1122 }
1128 1123  
1129 1124 return ret;
  1125 +}
  1126 +
  1127 +int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
  1128 +{
  1129 +
  1130 + if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) {
  1131 + printf("ERROR - rpmb magic doesn't match!\n");
  1132 + return -1;
  1133 + }
  1134 +
  1135 + return do_rpmb_key_set(staged_buf + strlen(RPMB_KEY_MAGIC),
  1136 + RPMBKEY_LENGTH);
  1137 +}
  1138 +
  1139 +int fastboot_set_rpmb_random_key(void)
  1140 +{
  1141 + ALLOC_CACHE_ALIGN_BUFFER(uint8_t, rpmb_key, RPMBKEY_LENGTH);
  1142 +
  1143 + if (hwcrypto_gen_rng((ulong)rpmb_key, RPMBKEY_LENGTH)) {
  1144 + printf("error - can't generate random key!\n");
  1145 + return -1;
  1146 + }
  1147 +
  1148 + return do_rpmb_key_set(rpmb_key, RPMBKEY_LENGTH);
1130 1149 }
1131 1150  
1132 1151 int avb_set_public_key(uint8_t *staged_buffer, uint32_t size) {