Commit 7ade5b407fe6164c0d07f32f72e487ae5f6f3964
1 parent
de975d8500
Exists in
smarc-imx_v2018.03_4.14.78_1.0.0_ga
MA-13832 [Trusty] Support random rpmb key set
Sometimes we need to set random rpmb key which is invisible except for the device. Generate the random key with hwcrypto interface and support fastboot command "fastboot oem set-rpmb-random-key" to set it. Test: build and boot on imx8q. Change-Id: I44e1b6b091366d8ffceb1159fc65c17610ce5243 Signed-off-by: Ji Luo <ji.luo@nxp.com>
Showing 4 changed files with 39 additions and 10 deletions Side-by-side Diff
drivers/usb/gadget/f_fastboot.c
... | ... | @@ -3766,6 +3766,12 @@ |
3766 | 3766 | strcpy(response, "FAILset rpmb key failed!"); |
3767 | 3767 | } else |
3768 | 3768 | strcpy(response, "OKAY"); |
3769 | + } else if (endswith(cmd, FASTBOOT_SET_RPMB_RANDOM_KEY)) { | |
3770 | + if (fastboot_set_rpmb_random_key()) { | |
3771 | + printf("ERROR set rpmb random key failed!\n"); | |
3772 | + strcpy(response, "FAILset rpmb random key failed!"); | |
3773 | + } else | |
3774 | + strcpy(response, "OKAY"); | |
3769 | 3775 | } else if (endswith(cmd, FASTBOOT_SET_VBMETA_PUBLIC_KEY)) { |
3770 | 3776 | if (avb_set_public_key(interface.transfer_buffer, |
3771 | 3777 | download_bytes)) |
include/fsl_avb.h
... | ... | @@ -251,6 +251,9 @@ |
251 | 251 | /* Initialize rpmb key with the staged key */ |
252 | 252 | int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size); |
253 | 253 | |
254 | +/* Initialize rpmb key with random key which is generated by caam rng */ | |
255 | +int fastboot_set_rpmb_random_key(void); | |
256 | + | |
254 | 257 | /* Generate ATX unlock challenge */ |
255 | 258 | int avb_atx_get_unlock_challenge(struct AvbAtxOps* atx_ops, |
256 | 259 | uint8_t *upload_buffer, uint32_t *size); |
include/fsl_fastboot.h
lib/avb/fsl/fsl_avbkey.c
... | ... | @@ -1034,7 +1034,7 @@ |
1034 | 1034 | return ret; |
1035 | 1035 | } |
1036 | 1036 | |
1037 | -int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) | |
1037 | +int do_rpmb_key_set(uint8_t *key, uint32_t key_size) | |
1038 | 1038 | { |
1039 | 1039 | int ret = 0; |
1040 | 1040 | int mmcc; |
... | ... | @@ -1046,10 +1046,9 @@ |
1046 | 1046 | ALLOC_CACHE_ALIGN_BUFFER(uint8_t, blob, |
1047 | 1047 | RPMBKEY_LENGTH + CAAM_PAD); |
1048 | 1048 | |
1049 | - if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) { | |
1050 | - printf("ERROR - rpmb magic doesn't match!\n"); | |
1051 | - return -1; | |
1052 | - } | |
1049 | + /* copy rpmb key to cache aligned buffer. */ | |
1050 | + memset(rpmb_key, 0, RPMBKEY_LENGTH); | |
1051 | + memcpy(rpmb_key, key, RPMBKEY_LENGTH); | |
1053 | 1052 | |
1054 | 1053 | /* Get current mmc device. */ |
1055 | 1054 | mmcc = mmc_get_env_dev(); |
... | ... | @@ -1070,11 +1069,6 @@ |
1070 | 1069 | desc->hwpart = MMC_PART_RPMB; |
1071 | 1070 | } |
1072 | 1071 | |
1073 | - /* Set rpmb key. */ | |
1074 | - memset(rpmb_key, 0, RPMBKEY_LENGTH); | |
1075 | - memcpy(rpmb_key, | |
1076 | - staged_buf + strlen(RPMB_KEY_MAGIC), RPMBKEY_LENGTH); | |
1077 | - | |
1078 | 1072 | if (mmc_rpmb_set_key(mmc, rpmb_key)) { |
1079 | 1073 | printf("ERROR - Key already programmed ?\n"); |
1080 | 1074 | ret = -1; |
... | ... | @@ -1117,6 +1111,7 @@ |
1117 | 1111 | |
1118 | 1112 | /* Erase the key buffer. */ |
1119 | 1113 | memset(rpmb_key, 0, RPMBKEY_LENGTH); |
1114 | + memset(key, 0, RPMBKEY_LENGTH); | |
1120 | 1115 | |
1121 | 1116 | fail: |
1122 | 1117 | /* Return to original partition */ |
... | ... | @@ -1127,6 +1122,30 @@ |
1127 | 1122 | } |
1128 | 1123 | |
1129 | 1124 | return ret; |
1125 | +} | |
1126 | + | |
1127 | +int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) | |
1128 | +{ | |
1129 | + | |
1130 | + if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) { | |
1131 | + printf("ERROR - rpmb magic doesn't match!\n"); | |
1132 | + return -1; | |
1133 | + } | |
1134 | + | |
1135 | + return do_rpmb_key_set(staged_buf + strlen(RPMB_KEY_MAGIC), | |
1136 | + RPMBKEY_LENGTH); | |
1137 | +} | |
1138 | + | |
1139 | +int fastboot_set_rpmb_random_key(void) | |
1140 | +{ | |
1141 | + ALLOC_CACHE_ALIGN_BUFFER(uint8_t, rpmb_key, RPMBKEY_LENGTH); | |
1142 | + | |
1143 | + if (hwcrypto_gen_rng((ulong)rpmb_key, RPMBKEY_LENGTH)) { | |
1144 | + printf("error - can't generate random key!\n"); | |
1145 | + return -1; | |
1146 | + } | |
1147 | + | |
1148 | + return do_rpmb_key_set(rpmb_key, RPMBKEY_LENGTH); | |
1130 | 1149 | } |
1131 | 1150 | |
1132 | 1151 | int avb_set_public_key(uint8_t *staged_buffer, uint32_t size) { |