MA-13759-1 imx8mm: Enable trusty support

Open configs to enable trusty for imx8mm_evk and also add new config imx8mm_evk_android_trusty_defconfig based on imx8mm_evk_android_defconfig. Test: Trusty starts ok. Change-Id: Iaea90de21f886ed23082a5e8e8d2fa7fb139a9cb Signed-off-by: Ji Luo <ji.luo@nxp.com>

MA-13759-1 imx8mm: Enable trusty support
Open configs to enable trusty for imx8mm_evk and also add new config imx8mm_evk_android_trusty_defconfig based on imx8mm_evk_android_defconfig. Test: Trusty starts ok. Change-Id: Iaea90de21f886ed23082a5e8e8d2fa7fb139a9cb Signed-off-by: Ji Luo <ji.luo@nxp.com>
Ji Luo
1 parent 02ae8f8df6
Showing 10 changed files with 98 additions and 25 deletions Side-by-side Diff
common/spl/spl_mmc.c
configs/imx8mm_evk_android_trusty_defconfig
drivers/usb/gadget/f_fastboot.c
include/configs/imx8mm_evk_android.h
include/fsl_fastboot.h
lib/avb/fsl/fsl_avb.c
lib/avb/fsl/fsl_avbkey.c
lib/avb/fsl/fsl_avbkey.h
lib/avb/libavb/avb_slot_verify.c
lib/trusty/ql-tipc/libtipc.c
@@ -54,7 +54,7 @@
 	return blk_dread(mmc_get_blk_desc(mmc), sector, count, buf);
 }
  
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 /* Pre-declaration of check_rpmb_blob. */
 int check_rpmb_blob(struct mmc *mmc);
 #endif
@@ -109,7 +109,7 @@
 	}
  
 	/* Images loaded, now check the rpmb keyblob for Trusty OS. */
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 	ret = check_rpmb_blob(mmc);
 #endif
 	return ret;
+CONFIG_ARM=y
+CONFIG_ARCH_IMX8M=y
+CONFIG_SYS_TEXT_BASE=0x40200000
+CONFIG_SYS_MALLOC_F_LEN=0x2000
+CONFIG_USB_TCPC=y
+CONFIG_TARGET_IMX8MM_EVK=y
+CONFIG_SYS_EXTRA_OPTIONS="IMX_CONFIG=arch/arm/mach-imx/spl_sd.cfg,SPL_TEXT_BASE=0x7E1000,ANDROID_SUPPORT"
+CONFIG_FIT=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_EFI_PARTITION=y
+CONFIG_ARCH_MISC_INIT=y
+CONFIG_SPL=y
+CONFIG_SPL_BOARD_INIT=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_HUSH_PARSER=y
+CONFIG_OF_LIBFDT=y
+CONFIG_FS_FAT=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_EXT4=y
+CONFIG_CMD_EXT4_WRITE=y
+CONFIG_CMD_FAT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-imx8mm-evk"
+CONFIG_ENV_IS_IN_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_GPIO=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_REGULATOR=y
+CONFIG_CMD_MEMTEST=y
+CONFIG_OF_CONTROL=y
+CONFIG_DM_GPIO=y
+CONFIG_DM_I2C=y
+CONFIG_SYS_I2C_MXC=y
+CONFIG_DM_MMC=y
+# CONFIG_DM_PMIC=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_DM_ETH=y
+CONFIG_PINCTRL=y
+CONFIG_PINCTRL_IMX8M=y
+CONFIG_DM_REGULATOR=y
+CONFIG_DM_REGULATOR_FIXED=y
+CONFIG_DM_REGULATOR_GPIO=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_FSPI=y
+CONFIG_NXP_TMU=y
+CONFIG_DM_THERMAL=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_EHCI_HCD=y
+CONFIG_LZ4=y
+CONFIG_FLASH_MCUFIRMWARE_SUPPORT=y
+CONFIG_USB_GADGET=y
+CONFIG_USB_GADGET_DOWNLOAD=y
+CONFIG_SDP_LOADADDR=0x40400000
+CONFIG_USB_GADGET_MANUFACTURER="FSL"
+CONFIG_USB_GADGET_VENDOR_NUM=0x0525
+CONFIG_USB_GADGET_PRODUCT_NUM=0xa4a5
+CONFIG_SPL_USB_HOST_SUPPORT=y
+CONFIG_SPL_USB_GADGET_SUPPORT=y
+CONFIG_SPL_USB_SDP_SUPPORT=y
+CONFIG_IMX_TRUSTY_OS=y
+CONFIG_SPL_ENV_SUPPORT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
@@ -3730,7 +3730,6 @@
 	}
 #endif /* CONFIG_ANDROID_THINGS_SUPPORT */
 #ifdef CONFIG_IMX_TRUSTY_OS
-#if defined(CONFIG_AVB_ATX) || defined(CONFIG_ANDROID_AUTO_SUPPORT)
 	else if (endswith(cmd, FASTBOOT_GET_CA_REQ)) {
 		uint8_t *ca_output;
 		uint32_t ca_length, cp_length;
@@ -3753,8 +3752,7 @@
 		} else
 			strcpy(response, "OKAY");
 	}
-#endif /* CONFIG_AVB_ATX || CONFIG_ANDROID_AUTO_SUPPORT */
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 	else if (endswith(cmd, FASTBOOT_SET_RPMB_KEY)) {
 		if (fastboot_set_rpmb_key(interface.transfer_buffer, download_bytes)) {
 			printf("ERROR set rpmb key failed!\n");
@@ -3768,7 +3766,7 @@
 		else
 			strcpy(response, "OKAY");
 	}
-#endif /* CONFIG_ANDROID_AUTO_SUPPORT */
+#endif /* !CONFIG_AVB_ATX */
 #endif /* CONFIG_IMX_TRUSTY_OS */
 	else if (endswith(cmd, "unlock_critical")) {
 		strcpy(response, "OKAY");
@@ -62,5 +62,17 @@
 #endif
 #define AVB_AB_I_UNDERSTAND_LIBAVB_AB_IS_DEPRECATED
  
+#ifdef CONFIG_IMX_TRUSTY_OS
+#define AVB_RPMB
+#define KEYSLOT_HWPARTITION_ID 2
+#define KEYSLOT_BLKS             0x1FFF
+#define NS_ARCH_ARM64 1
+
+#ifdef CONFIG_SPL_BUILD
+#undef CONFIG_BLK
+#endif
+
+#endif
+
 #endif /* IMX8MM_EVK_ANDROID_H */
@@ -84,16 +84,14 @@
 #endif
  
 #ifdef CONFIG_IMX_TRUSTY_OS
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 #define FASTBOOT_SET_RPMB_KEY "set-rpmb-key"
 #define FASTBOOT_SET_VBMETA_PUBLIC_KEY "set-public-key"
 #endif
-#endif
  
-#if defined(CONFIG_AVB_ATX) || defined(CONFIG_ANDROID_AUTO_SUPPORT)
 #define FASTBOOT_SET_CA_RESP "at-set-ca-response"
 #define FASTBOOT_GET_CA_REQ  "at-get-ca-request"
-#endif /* CONFIG_AVB_ATX || CONFIG_ANDROID_AUTO_SUPPORT */
+#endif
  
 #ifdef CONFIG_ANDROID_THINGS_SUPPORT
 #define FASTBOOT_BOOTLOADER_VBOOT_KEY "fuse at-bootloader-vboot-key"
@@ -16,7 +16,7 @@
 #include "utils.h"
 #include "debug.h"
 #include "trusty/avb.h"
-#if !defined(CONFIG_IMX_TRUSTY_OS) || !defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if !defined(CONFIG_IMX_TRUSTY_OS)
 #include "fsl_public_key.h"
 #endif
 #include "fsl_atx_attributes.h"
@@ -606,7 +606,7 @@
 	assert(ops != NULL && out_is_trusted != NULL);
 	*out_is_trusted = false;
  
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 	uint8_t public_key_buf[AVB_MAX_BUFFER_LENGTH];
 	if (trusty_read_vbmeta_public_key(public_key_buf,
 						public_key_length) != 0) {
@@ -650,7 +650,7 @@
 #ifdef CONFIG_IMX_TRUSTY_OS
 	if (trusty_write_rollback_index(rollback_index_slot, rollback_index)) {
 		ERR("write rollback from Trusty error!\n");
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 		/* Read/write rollback index from rpmb will fail if the rpmb
 		 * key hasn't been set, return AVB_IO_RESULT_OK in this case.
 		 */
@@ -747,7 +747,7 @@
 #ifdef CONFIG_IMX_TRUSTY_OS
 	if (trusty_read_rollback_index(rollback_index_slot, out_rollback_index)) {
 		ERR("read rollback from Trusty error!\n");
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 		if (!rpmbkey_is_set()) {
 			*out_rollback_index = 0;
 			ret = AVB_IO_RESULT_OK;
@@ -651,7 +651,7 @@
 #endif /* AVB_RPMB */
  
 #ifdef CONFIG_SPL_BUILD
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 int check_rpmb_blob(struct mmc *mmc)
 {
 	int ret = 0;
@@ -691,7 +691,7 @@
  
 	return ret;
 }
-#endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */
+#endif /* CONFIG_IMX_TRUSTY_OS && !defined(CONFIG_AVB_ATX) */
 #else /* CONFIG_SPL_BUILD */
 #ifdef CONFIG_AVB_ATX
 static int fsl_fuse_ops(uint32_t *buffer, uint32_t length, uint32_t offset,
@@ -982,7 +982,7 @@
 }
 #endif /* CONFIG_AVB_ATX */
  
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 bool rpmbkey_is_set(void)
 {
 	int mmcc;
@@ -1143,6 +1143,6 @@
  
 	return 0;
 }
-#endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */
+#endif /* CONFIG_IMX_TRUSTY_OS && !defind(CONFIG_AVB_ATX) */
 #endif /* CONFIG_SPL_BUILD */
@@ -40,7 +40,7 @@
 };
 #endif
  
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 #define RPMB_KEY_MAGIC "RPMB"
 #endif
  
@@ -33,7 +33,7 @@
 #include "avb_util.h"
 #include "avb_vbmeta_image.h"
 #include "avb_version.h"
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 #include "trusty/hwcrypto.h"
 #include <memalign.h>
 #endif
@@ -298,7 +298,7 @@
   }
  
   if (avb_strcmp((const char*)hash_desc.hash_algorithm, "sha256") == 0) {
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
     /* DMA requires cache aligned input/output buffer */
     ALLOC_CACHE_ALIGN_BUFFER(uint8_t, hash_out, AVB_SHA256_DIGEST_SIZE);
     uint32_t round_buf_size = ROUND(hash_desc.salt_len + hash_desc.image_size,
@@ -39,7 +39,7 @@
 static struct trusty_ipc_dev *_ipc_dev;
 static struct trusty_dev _tdev; /* There should only be one trusty device */
 static void *rpmb_ctx;
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 bool rpmbkey_is_set(void);
 #endif
  
@@ -52,7 +52,7 @@
     (void)avb_tipc_shutdown(_ipc_dev);
     (void)km_tipc_shutdown(_ipc_dev);
  
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
     (void)hwcrypto_tipc_shutdown(_ipc_dev);
 #endif
  
@@ -91,7 +91,7 @@
     if (rc != 0) {
         trusty_error("Initlializing RPMB storage proxy service failed (%d)\n",
                      rc);
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
         /* check if rpmb key has been fused. */
         if(rpmbkey_is_set()) {
             /* Go to hang if the key has been destroyed. */
@@ -120,7 +120,7 @@
         }
     }
  
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
     trusty_info("Initializing Trusty Hardware Crypto client\n");
     rc = hwcrypto_tipc_init(_ipc_dev);
     if (rc != 0) {
...	...	@@ -54,7 +54,7 @@
54	54	return blk_dread(mmc_get_blk_desc(mmc), sector, count, buf);
55	55	}
56	56
57		-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
	57	+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
58	58	/* Pre-declaration of check_rpmb_blob. */
59	59	int check_rpmb_blob(struct mmc *mmc);
60	60	#endif
...	...	@@ -109,7 +109,7 @@
109	109	}
110	110
111	111	/* Images loaded, now check the rpmb keyblob for Trusty OS. */
112		-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
	112	+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
113	113	ret = check_rpmb_blob(mmc);
114	114	#endif
115	115	return ret;
	1	+CONFIG_ARM=y
	2	+CONFIG_ARCH_IMX8M=y
	3	+CONFIG_SYS_TEXT_BASE=0x40200000
	4	+CONFIG_SYS_MALLOC_F_LEN=0x2000
	5	+CONFIG_USB_TCPC=y
	6	+CONFIG_TARGET_IMX8MM_EVK=y
	7	+CONFIG_SYS_EXTRA_OPTIONS="IMX_CONFIG=arch/arm/mach-imx/spl_sd.cfg,SPL_TEXT_BASE=0x7E1000,ANDROID_SUPPORT"
	8	+CONFIG_FIT=y
	9	+CONFIG_SPL_LOAD_FIT=y
	10	+CONFIG_EFI_PARTITION=y
	11	+CONFIG_ARCH_MISC_INIT=y
	12	+CONFIG_SPL=y
	13	+CONFIG_SPL_BOARD_INIT=y
	14	+CONFIG_SPL_MMC_SUPPORT=y
	15	+CONFIG_HUSH_PARSER=y
	16	+CONFIG_OF_LIBFDT=y
	17	+CONFIG_FS_FAT=y
	18	+CONFIG_CMD_EXT2=y
	19	+CONFIG_CMD_EXT4=y
	20	+CONFIG_CMD_EXT4_WRITE=y
	21	+CONFIG_CMD_FAT=y
	22	+CONFIG_DEFAULT_DEVICE_TREE="fsl-imx8mm-evk"
	23	+CONFIG_ENV_IS_IN_MMC=y
	24	+CONFIG_CMD_SF=y
	25	+CONFIG_CMD_I2C=y
	26	+CONFIG_CMD_GPIO=y
	27	+CONFIG_CMD_CACHE=y
	28	+CONFIG_CMD_REGULATOR=y
	29	+CONFIG_CMD_MEMTEST=y
	30	+CONFIG_OF_CONTROL=y
	31	+CONFIG_DM_GPIO=y
	32	+CONFIG_DM_I2C=y
	33	+CONFIG_SYS_I2C_MXC=y
	34	+CONFIG_DM_MMC=y
	35	+# CONFIG_DM_PMIC=y
	36	+CONFIG_DM_SPI_FLASH=y
	37	+CONFIG_SPI_FLASH=y
	38	+CONFIG_SPI_FLASH_STMICRO=y
	39	+CONFIG_DM_ETH=y
	40	+CONFIG_PINCTRL=y
	41	+CONFIG_PINCTRL_IMX8M=y
	42	+CONFIG_DM_REGULATOR=y
	43	+CONFIG_DM_REGULATOR_FIXED=y
	44	+CONFIG_DM_REGULATOR_GPIO=y
	45	+CONFIG_DM_SPI=y
	46	+CONFIG_FSL_FSPI=y
	47	+CONFIG_NXP_TMU=y
	48	+CONFIG_DM_THERMAL=y
	49	+CONFIG_USB=y
	50	+CONFIG_DM_USB=y
	51	+CONFIG_USB_EHCI_HCD=y
	52	+CONFIG_LZ4=y
	53	+CONFIG_FLASH_MCUFIRMWARE_SUPPORT=y
	54	+CONFIG_USB_GADGET=y
	55	+CONFIG_USB_GADGET_DOWNLOAD=y
	56	+CONFIG_SDP_LOADADDR=0x40400000
	57	+CONFIG_USB_GADGET_MANUFACTURER="FSL"
	58	+CONFIG_USB_GADGET_VENDOR_NUM=0x0525
	59	+CONFIG_USB_GADGET_PRODUCT_NUM=0xa4a5
	60	+CONFIG_SPL_USB_HOST_SUPPORT=y
	61	+CONFIG_SPL_USB_GADGET_SUPPORT=y
	62	+CONFIG_SPL_USB_SDP_SUPPORT=y
	63	+CONFIG_IMX_TRUSTY_OS=y
	64	+CONFIG_SPL_ENV_SUPPORT=y
	65	+CONFIG_SPL_LIBDISK_SUPPORT=y
...	...	@@ -3730,7 +3730,6 @@
3730	3730	}
3731	3731	#endif /* CONFIG_ANDROID_THINGS_SUPPORT */
3732	3732	#ifdef CONFIG_IMX_TRUSTY_OS
3733		-#if defined(CONFIG_AVB_ATX) \|\| defined(CONFIG_ANDROID_AUTO_SUPPORT)
3734	3733	else if (endswith(cmd, FASTBOOT_GET_CA_REQ)) {
3735	3734	uint8_t *ca_output;
3736	3735	uint32_t ca_length, cp_length;
...	...	@@ -3753,8 +3752,7 @@
3753	3752	} else
3754	3753	strcpy(response, "OKAY");
3755	3754	}
3756		-#endif /* CONFIG_AVB_ATX \|\| CONFIG_ANDROID_AUTO_SUPPORT */
3757		-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
	3755	+#ifndef CONFIG_AVB_ATX
3758	3756	else if (endswith(cmd, FASTBOOT_SET_RPMB_KEY)) {
3759	3757	if (fastboot_set_rpmb_key(interface.transfer_buffer, download_bytes)) {
3760	3758	printf("ERROR set rpmb key failed!\n");
...	...	@@ -3768,7 +3766,7 @@
3768	3766	else
3769	3767	strcpy(response, "OKAY");
3770	3768	}
3771		-#endif /* CONFIG_ANDROID_AUTO_SUPPORT */
	3769	+#endif /* !CONFIG_AVB_ATX */
3772	3770	#endif /* CONFIG_IMX_TRUSTY_OS */
3773	3771	else if (endswith(cmd, "unlock_critical")) {
3774	3772	strcpy(response, "OKAY");
...	...	@@ -62,5 +62,17 @@
62	62	#endif
63	63	#define AVB_AB_I_UNDERSTAND_LIBAVB_AB_IS_DEPRECATED
64	64
	65	+#ifdef CONFIG_IMX_TRUSTY_OS
	66	+#define AVB_RPMB
	67	+#define KEYSLOT_HWPARTITION_ID 2
	68	+#define KEYSLOT_BLKS 0x1FFF
	69	+#define NS_ARCH_ARM64 1
	70	+
	71	+#ifdef CONFIG_SPL_BUILD
	72	+#undef CONFIG_BLK
	73	+#endif
	74	+
	75	+#endif
	76	+
65	77	#endif /* IMX8MM_EVK_ANDROID_H */
...	...	@@ -84,16 +84,14 @@
84	84	#endif
85	85
86	86	#ifdef CONFIG_IMX_TRUSTY_OS
87		-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
	87	+#ifndef CONFIG_AVB_ATX
88	88	#define FASTBOOT_SET_RPMB_KEY "set-rpmb-key"
89	89	#define FASTBOOT_SET_VBMETA_PUBLIC_KEY "set-public-key"
90	90	#endif
91		-#endif
92	91
93		-#if defined(CONFIG_AVB_ATX) \|\| defined(CONFIG_ANDROID_AUTO_SUPPORT)
94	92	#define FASTBOOT_SET_CA_RESP "at-set-ca-response"
95	93	#define FASTBOOT_GET_CA_REQ "at-get-ca-request"
96		-#endif /* CONFIG_AVB_ATX \|\| CONFIG_ANDROID_AUTO_SUPPORT */
	94	+#endif
97	95
98	96	#ifdef CONFIG_ANDROID_THINGS_SUPPORT
99	97	#define FASTBOOT_BOOTLOADER_VBOOT_KEY "fuse at-bootloader-vboot-key"
...	...	@@ -16,7 +16,7 @@
16	16	#include "utils.h"
17	17	#include "debug.h"
18	18	#include "trusty/avb.h"
19		-#if !defined(CONFIG_IMX_TRUSTY_OS) \|\| !defined(CONFIG_ANDROID_AUTO_SUPPORT)
	19	+#if !defined(CONFIG_IMX_TRUSTY_OS)
20	20	#include "fsl_public_key.h"
21	21	#endif
22	22	#include "fsl_atx_attributes.h"
...	...	@@ -606,7 +606,7 @@
606	606	assert(ops != NULL && out_is_trusted != NULL);
607	607	*out_is_trusted = false;
608	608
609		-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
	609	+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
610	610	uint8_t public_key_buf[AVB_MAX_BUFFER_LENGTH];
611	611	if (trusty_read_vbmeta_public_key(public_key_buf,
612	612	public_key_length) != 0) {
...	...	@@ -650,7 +650,7 @@
650	650	#ifdef CONFIG_IMX_TRUSTY_OS
651	651	if (trusty_write_rollback_index(rollback_index_slot, rollback_index)) {
652	652	ERR("write rollback from Trusty error!\n");
653		-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
	653	+#ifndef CONFIG_AVB_ATX
654	654	/* Read/write rollback index from rpmb will fail if the rpmb
655	655	* key hasn't been set, return AVB_IO_RESULT_OK in this case.
656	656	*/
...	...	@@ -747,7 +747,7 @@
747	747	#ifdef CONFIG_IMX_TRUSTY_OS
748	748	if (trusty_read_rollback_index(rollback_index_slot, out_rollback_index)) {
749	749	ERR("read rollback from Trusty error!\n");
750		-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
	750	+#ifndef CONFIG_AVB_ATX
751	751	if (!rpmbkey_is_set()) {
752	752	*out_rollback_index = 0;
753	753	ret = AVB_IO_RESULT_OK;
...	...	@@ -651,7 +651,7 @@
651	651	#endif /* AVB_RPMB */
652	652
653	653	#ifdef CONFIG_SPL_BUILD
654		-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
	654	+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
655	655	int check_rpmb_blob(struct mmc *mmc)
656	656	{
657	657	int ret = 0;
...	...	@@ -691,7 +691,7 @@
691	691
692	692	return ret;
693	693	}
694		-#endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */
	694	+#endif /* CONFIG_IMX_TRUSTY_OS && !defined(CONFIG_AVB_ATX) */
695	695	#else /* CONFIG_SPL_BUILD */
696	696	#ifdef CONFIG_AVB_ATX
697	697	static int fsl_fuse_ops(uint32_t *buffer, uint32_t length, uint32_t offset,
...	...	@@ -982,7 +982,7 @@
982	982	}
983	983	#endif /* CONFIG_AVB_ATX */
984	984
985		-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
	985	+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
986	986	bool rpmbkey_is_set(void)
987	987	{
988	988	int mmcc;
...	...	@@ -1143,6 +1143,6 @@
1143	1143
1144	1144	return 0;
1145	1145	}
1146		-#endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */
	1146	+#endif /* CONFIG_IMX_TRUSTY_OS && !defind(CONFIG_AVB_ATX) */
1147	1147	#endif /* CONFIG_SPL_BUILD */
...	...	@@ -40,7 +40,7 @@
40	40	};
41	41	#endif
42	42
43		-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
	43	+#ifndef CONFIG_AVB_ATX
44	44	#define RPMB_KEY_MAGIC "RPMB"
45	45	#endif
46	46
...	...	@@ -33,7 +33,7 @@
33	33	#include "avb_util.h"
34	34	#include "avb_vbmeta_image.h"
35	35	#include "avb_version.h"
36		-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
	36	+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
37	37	#include "trusty/hwcrypto.h"
38	38	#include <memalign.h>
39	39	#endif
...	...	@@ -298,7 +298,7 @@
298	298	}
299	299
300	300	if (avb_strcmp((const char*)hash_desc.hash_algorithm, "sha256") == 0) {
301		-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
	301	+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
302	302	/* DMA requires cache aligned input/output buffer */
303	303	ALLOC_CACHE_ALIGN_BUFFER(uint8_t, hash_out, AVB_SHA256_DIGEST_SIZE);
304	304	uint32_t round_buf_size = ROUND(hash_desc.salt_len + hash_desc.image_size,
...	...	@@ -39,7 +39,7 @@
39	39	static struct trusty_ipc_dev *_ipc_dev;
40	40	static struct trusty_dev _tdev; /* There should only be one trusty device */
41	41	static void *rpmb_ctx;
42		-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
	42	+#ifndef CONFIG_AVB_ATX
43	43	bool rpmbkey_is_set(void);
44	44	#endif
45	45
...	...	@@ -52,7 +52,7 @@
52	52	(void)avb_tipc_shutdown(_ipc_dev);
53	53	(void)km_tipc_shutdown(_ipc_dev);
54	54
55		-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
	55	+#ifndef CONFIG_AVB_ATX
56	56	(void)hwcrypto_tipc_shutdown(_ipc_dev);
57	57	#endif
58	58
...	...	@@ -91,7 +91,7 @@
91	91	if (rc != 0) {
92	92	trusty_error("Initlializing RPMB storage proxy service failed (%d)\n",
93	93	rc);
94		-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
	94	+#ifndef CONFIG_AVB_ATX
95	95	/* check if rpmb key has been fused. */
96	96	if(rpmbkey_is_set()) {
97	97	/* Go to hang if the key has been destroyed. */
...	...	@@ -120,7 +120,7 @@
120	120	}
121	121	}
122	122
123		-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
	123	+#ifndef CONFIG_AVB_ATX
124	124	trusty_info("Initializing Trusty Hardware Crypto client\n");
125	125	rc = hwcrypto_tipc_init(_ipc_dev);
126	126	if (rc != 0) {