diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c index 8963c64..715eea1 100644 --- a/drivers/usb/gadget/f_fastboot.c +++ b/drivers/usb/gadget/f_fastboot.c @@ -3766,6 +3766,12 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req) strcpy(response, "FAILset rpmb key failed!"); } else strcpy(response, "OKAY"); + } else if (endswith(cmd, FASTBOOT_SET_RPMB_RANDOM_KEY)) { + if (fastboot_set_rpmb_random_key()) { + printf("ERROR set rpmb random key failed!\n"); + strcpy(response, "FAILset rpmb random key failed!"); + } else + strcpy(response, "OKAY"); } else if (endswith(cmd, FASTBOOT_SET_VBMETA_PUBLIC_KEY)) { if (avb_set_public_key(interface.transfer_buffer, download_bytes)) diff --git a/include/fsl_avb.h b/include/fsl_avb.h index c377d3a..225f42a 100644 --- a/include/fsl_avb.h +++ b/include/fsl_avb.h @@ -251,6 +251,9 @@ int avb_atx_fuse_perm_attr(uint8_t *staged_buffer, uint32_t size); /* Initialize rpmb key with the staged key */ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size); +/* Initialize rpmb key with random key which is generated by caam rng */ +int fastboot_set_rpmb_random_key(void); + /* Generate ATX unlock challenge */ int avb_atx_get_unlock_challenge(struct AvbAtxOps* atx_ops, uint8_t *upload_buffer, uint32_t *size); diff --git a/include/fsl_fastboot.h b/include/fsl_fastboot.h index ad0fce6..a58663a 100644 --- a/include/fsl_fastboot.h +++ b/include/fsl_fastboot.h @@ -86,6 +86,7 @@ #ifdef CONFIG_IMX_TRUSTY_OS #ifndef CONFIG_AVB_ATX #define FASTBOOT_SET_RPMB_KEY "set-rpmb-key" +#define FASTBOOT_SET_RPMB_RANDOM_KEY "set-rpmb-random-key" #define FASTBOOT_SET_VBMETA_PUBLIC_KEY "set-public-key" #endif diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c index 5b58515..4ef914a 100644 --- a/lib/avb/fsl/fsl_avbkey.c +++ b/lib/avb/fsl/fsl_avbkey.c @@ -1034,7 +1034,7 @@ bool rpmbkey_is_set(void) return ret; } -int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) +int do_rpmb_key_set(uint8_t *key, uint32_t key_size) { int ret = 0; int mmcc; @@ -1046,10 +1046,9 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) ALLOC_CACHE_ALIGN_BUFFER(uint8_t, blob, RPMBKEY_LENGTH + CAAM_PAD); - if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) { - printf("ERROR - rpmb magic doesn't match!\n"); - return -1; - } + /* copy rpmb key to cache aligned buffer. */ + memset(rpmb_key, 0, RPMBKEY_LENGTH); + memcpy(rpmb_key, key, RPMBKEY_LENGTH); /* Get current mmc device. */ mmcc = mmc_get_env_dev(); @@ -1070,11 +1069,6 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) desc->hwpart = MMC_PART_RPMB; } - /* Set rpmb key. */ - memset(rpmb_key, 0, RPMBKEY_LENGTH); - memcpy(rpmb_key, - staged_buf + strlen(RPMB_KEY_MAGIC), RPMBKEY_LENGTH); - if (mmc_rpmb_set_key(mmc, rpmb_key)) { printf("ERROR - Key already programmed ?\n"); ret = -1; @@ -1117,6 +1111,7 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) /* Erase the key buffer. */ memset(rpmb_key, 0, RPMBKEY_LENGTH); + memset(key, 0, RPMBKEY_LENGTH); fail: /* Return to original partition */ @@ -1129,6 +1124,30 @@ fail: return ret; } +int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) +{ + + if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) { + printf("ERROR - rpmb magic doesn't match!\n"); + return -1; + } + + return do_rpmb_key_set(staged_buf + strlen(RPMB_KEY_MAGIC), + RPMBKEY_LENGTH); +} + +int fastboot_set_rpmb_random_key(void) +{ + ALLOC_CACHE_ALIGN_BUFFER(uint8_t, rpmb_key, RPMBKEY_LENGTH); + + if (hwcrypto_gen_rng((ulong)rpmb_key, RPMBKEY_LENGTH)) { + printf("error - can't generate random key!\n"); + return -1; + } + + return do_rpmb_key_set(rpmb_key, RPMBKEY_LENGTH); +} + int avb_set_public_key(uint8_t *staged_buffer, uint32_t size) { if ((staged_buffer == NULL) || (size <= 0)) {