Commit 8b58afda1cd1f91048504b48b95260e930a37326
Committed by
Ye Li
1 parent
75d9dfb247
Exists in
smarc_8mq_lf_v2020.04
and in
4 other branches
MA-15575-3 Add support for oemlock 1.0 hal
Add commands to read oem device unlock state from trusty avb app. Use the oem device unlock state to determine if the device can be unlocked instead of the state in persistdata part. Test: Read oem device unlock state from avb app. Change-Id: Ifccaa788ba0f681c2b3a47151c8474e8da5a2559 Signed-off-by: Ji Luo <ji.luo@nxp.com> (cherry picked from commit c6eaf8e32987f120c0c5441ea39aa0f39a65b50d)
Showing 4 changed files with 32 additions and 6 deletions Side-by-side Diff
drivers/fastboot/fb_fsl/fastboot_lock_unlock.c
... | ... | @@ -449,18 +449,28 @@ |
449 | 449 | |
450 | 450 | } |
451 | 451 | FbLockEnableResult fastboot_lock_enable() { |
452 | - struct blk_desc *fs_dev_desc; | |
453 | - disk_partition_t fs_partition; | |
454 | - unsigned char *bdata; | |
455 | - int mmc_id; | |
456 | - FbLockEnableResult ret; | |
457 | - | |
458 | 452 | #ifdef CONFIG_DUAL_BOOTLOADER |
459 | 453 | /* Always allow unlock device in spl recovery mode. */ |
460 | 454 | if (is_spl_recovery()) |
461 | 455 | return FASTBOOT_UL_ENABLE; |
462 | 456 | #endif |
463 | 457 | |
458 | +#ifdef CONFIG_IMX_TRUSTY_OS | |
459 | + int ret; | |
460 | + uint8_t oem_device_unlock; | |
461 | + | |
462 | + ret = trusty_read_oem_unlock_device_permission(&oem_device_unlock); | |
463 | + if (ret < 0) | |
464 | + return FASTBOOT_UL_ERROR; | |
465 | + else | |
466 | + return oem_device_unlock; | |
467 | +#else /* CONFIG_IMX_TRUSTY_OS */ | |
468 | + FbLockEnableResult ret; | |
469 | + struct blk_desc *fs_dev_desc; | |
470 | + disk_partition_t fs_partition; | |
471 | + unsigned char *bdata; | |
472 | + int mmc_id; | |
473 | + | |
464 | 474 | bdata = (unsigned char *)memalign(ALIGN_BYTES, SECTOR_SIZE); |
465 | 475 | if (bdata == NULL) |
466 | 476 | return FASTBOOT_UL_ERROR; |
... | ... | @@ -500,6 +510,7 @@ |
500 | 510 | fail: |
501 | 511 | free(bdata); |
502 | 512 | return ret; |
513 | +#endif /* CONFIG_IMX_TRUSTY_OS */ | |
503 | 514 | |
504 | 515 | } |
505 | 516 | #endif |
include/interface/avb/avb.h
... | ... | @@ -44,6 +44,8 @@ |
44 | 44 | LOCK_BOOT_STATE = (7 << AVB_REQ_SHIFT), |
45 | 45 | READ_VBMETA_PUBLIC_KEY = (8 << AVB_REQ_SHIFT), |
46 | 46 | WRITE_VBMETA_PUBLIC_KEY = (9 << AVB_REQ_SHIFT), |
47 | + WRITE_OEM_UNLOCK_DEVICE_PERMISSION = (10 << AVB_REQ_SHIFT), | |
48 | + READ_OEM_UNLOCK_DEVICE_PERMISSION = (11 << AVB_REQ_SHIFT), | |
47 | 49 | }; |
48 | 50 | |
49 | 51 | /** |
include/trusty/avb.h
... | ... | @@ -116,6 +116,12 @@ |
116 | 116 | * Returns one of trusty_err. |
117 | 117 | */ |
118 | 118 | int trusty_lock_boot_state(void); |
119 | +/* | |
120 | + * Send request to secure side to read oem device unlock state from RPMB. | |
121 | + * | |
122 | + * Returns one of trusty_err. | |
123 | + */ | |
124 | +int trusty_read_oem_unlock_device_permission(uint8_t *lock_state); | |
119 | 125 | |
120 | 126 | #endif /* TRUSTY_AVB_H_ */ |
lib/trusty/ql-tipc/avb.c
... | ... | @@ -260,4 +260,11 @@ |
260 | 260 | { |
261 | 261 | return avb_do_tipc(LOCK_BOOT_STATE, NULL, 0, NULL, NULL); |
262 | 262 | } |
263 | + | |
264 | +int trusty_read_oem_unlock_device_permission(uint8_t *oem_device_unlock) | |
265 | +{ | |
266 | + uint32_t resp_size = sizeof(*oem_device_unlock); | |
267 | + return avb_do_tipc(READ_OEM_UNLOCK_DEVICE_PERMISSION, NULL, 0, oem_device_unlock, | |
268 | + &resp_size); | |
269 | +} |
-
mentioned in commit 432f84