Commit bcb82557f9731d5ea849400832e80e1589b2aeba
1 parent
02ae8f8df6
Exists in
smarc-imx_v2018.03_4.14.78_1.0.0_ga
MA-13759-1 imx8mm: Enable trusty support
Open configs to enable trusty for imx8mm_evk and also add new config imx8mm_evk_android_trusty_defconfig based on imx8mm_evk_android_defconfig. Test: Trusty starts ok. Change-Id: Iaea90de21f886ed23082a5e8e8d2fa7fb139a9cb Signed-off-by: Ji Luo <ji.luo@nxp.com>
Showing 10 changed files with 98 additions and 25 deletions Side-by-side Diff
common/spl/spl_mmc.c
... | ... | @@ -54,7 +54,7 @@ |
54 | 54 | return blk_dread(mmc_get_blk_desc(mmc), sector, count, buf); |
55 | 55 | } |
56 | 56 | |
57 | -#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT) | |
57 | +#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) | |
58 | 58 | /* Pre-declaration of check_rpmb_blob. */ |
59 | 59 | int check_rpmb_blob(struct mmc *mmc); |
60 | 60 | #endif |
... | ... | @@ -109,7 +109,7 @@ |
109 | 109 | } |
110 | 110 | |
111 | 111 | /* Images loaded, now check the rpmb keyblob for Trusty OS. */ |
112 | -#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT) | |
112 | +#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) | |
113 | 113 | ret = check_rpmb_blob(mmc); |
114 | 114 | #endif |
115 | 115 | return ret; |
configs/imx8mm_evk_android_trusty_defconfig
1 | +CONFIG_ARM=y | |
2 | +CONFIG_ARCH_IMX8M=y | |
3 | +CONFIG_SYS_TEXT_BASE=0x40200000 | |
4 | +CONFIG_SYS_MALLOC_F_LEN=0x2000 | |
5 | +CONFIG_USB_TCPC=y | |
6 | +CONFIG_TARGET_IMX8MM_EVK=y | |
7 | +CONFIG_SYS_EXTRA_OPTIONS="IMX_CONFIG=arch/arm/mach-imx/spl_sd.cfg,SPL_TEXT_BASE=0x7E1000,ANDROID_SUPPORT" | |
8 | +CONFIG_FIT=y | |
9 | +CONFIG_SPL_LOAD_FIT=y | |
10 | +CONFIG_EFI_PARTITION=y | |
11 | +CONFIG_ARCH_MISC_INIT=y | |
12 | +CONFIG_SPL=y | |
13 | +CONFIG_SPL_BOARD_INIT=y | |
14 | +CONFIG_SPL_MMC_SUPPORT=y | |
15 | +CONFIG_HUSH_PARSER=y | |
16 | +CONFIG_OF_LIBFDT=y | |
17 | +CONFIG_FS_FAT=y | |
18 | +CONFIG_CMD_EXT2=y | |
19 | +CONFIG_CMD_EXT4=y | |
20 | +CONFIG_CMD_EXT4_WRITE=y | |
21 | +CONFIG_CMD_FAT=y | |
22 | +CONFIG_DEFAULT_DEVICE_TREE="fsl-imx8mm-evk" | |
23 | +CONFIG_ENV_IS_IN_MMC=y | |
24 | +CONFIG_CMD_SF=y | |
25 | +CONFIG_CMD_I2C=y | |
26 | +CONFIG_CMD_GPIO=y | |
27 | +CONFIG_CMD_CACHE=y | |
28 | +CONFIG_CMD_REGULATOR=y | |
29 | +CONFIG_CMD_MEMTEST=y | |
30 | +CONFIG_OF_CONTROL=y | |
31 | +CONFIG_DM_GPIO=y | |
32 | +CONFIG_DM_I2C=y | |
33 | +CONFIG_SYS_I2C_MXC=y | |
34 | +CONFIG_DM_MMC=y | |
35 | +# CONFIG_DM_PMIC=y | |
36 | +CONFIG_DM_SPI_FLASH=y | |
37 | +CONFIG_SPI_FLASH=y | |
38 | +CONFIG_SPI_FLASH_STMICRO=y | |
39 | +CONFIG_DM_ETH=y | |
40 | +CONFIG_PINCTRL=y | |
41 | +CONFIG_PINCTRL_IMX8M=y | |
42 | +CONFIG_DM_REGULATOR=y | |
43 | +CONFIG_DM_REGULATOR_FIXED=y | |
44 | +CONFIG_DM_REGULATOR_GPIO=y | |
45 | +CONFIG_DM_SPI=y | |
46 | +CONFIG_FSL_FSPI=y | |
47 | +CONFIG_NXP_TMU=y | |
48 | +CONFIG_DM_THERMAL=y | |
49 | +CONFIG_USB=y | |
50 | +CONFIG_DM_USB=y | |
51 | +CONFIG_USB_EHCI_HCD=y | |
52 | +CONFIG_LZ4=y | |
53 | +CONFIG_FLASH_MCUFIRMWARE_SUPPORT=y | |
54 | +CONFIG_USB_GADGET=y | |
55 | +CONFIG_USB_GADGET_DOWNLOAD=y | |
56 | +CONFIG_SDP_LOADADDR=0x40400000 | |
57 | +CONFIG_USB_GADGET_MANUFACTURER="FSL" | |
58 | +CONFIG_USB_GADGET_VENDOR_NUM=0x0525 | |
59 | +CONFIG_USB_GADGET_PRODUCT_NUM=0xa4a5 | |
60 | +CONFIG_SPL_USB_HOST_SUPPORT=y | |
61 | +CONFIG_SPL_USB_GADGET_SUPPORT=y | |
62 | +CONFIG_SPL_USB_SDP_SUPPORT=y | |
63 | +CONFIG_IMX_TRUSTY_OS=y | |
64 | +CONFIG_SPL_ENV_SUPPORT=y | |
65 | +CONFIG_SPL_LIBDISK_SUPPORT=y |
drivers/usb/gadget/f_fastboot.c
... | ... | @@ -3730,7 +3730,6 @@ |
3730 | 3730 | } |
3731 | 3731 | #endif /* CONFIG_ANDROID_THINGS_SUPPORT */ |
3732 | 3732 | #ifdef CONFIG_IMX_TRUSTY_OS |
3733 | -#if defined(CONFIG_AVB_ATX) || defined(CONFIG_ANDROID_AUTO_SUPPORT) | |
3734 | 3733 | else if (endswith(cmd, FASTBOOT_GET_CA_REQ)) { |
3735 | 3734 | uint8_t *ca_output; |
3736 | 3735 | uint32_t ca_length, cp_length; |
... | ... | @@ -3753,8 +3752,7 @@ |
3753 | 3752 | } else |
3754 | 3753 | strcpy(response, "OKAY"); |
3755 | 3754 | } |
3756 | -#endif /* CONFIG_AVB_ATX || CONFIG_ANDROID_AUTO_SUPPORT */ | |
3757 | -#ifdef CONFIG_ANDROID_AUTO_SUPPORT | |
3755 | +#ifndef CONFIG_AVB_ATX | |
3758 | 3756 | else if (endswith(cmd, FASTBOOT_SET_RPMB_KEY)) { |
3759 | 3757 | if (fastboot_set_rpmb_key(interface.transfer_buffer, download_bytes)) { |
3760 | 3758 | printf("ERROR set rpmb key failed!\n"); |
... | ... | @@ -3768,7 +3766,7 @@ |
3768 | 3766 | else |
3769 | 3767 | strcpy(response, "OKAY"); |
3770 | 3768 | } |
3771 | -#endif /* CONFIG_ANDROID_AUTO_SUPPORT */ | |
3769 | +#endif /* !CONFIG_AVB_ATX */ | |
3772 | 3770 | #endif /* CONFIG_IMX_TRUSTY_OS */ |
3773 | 3771 | else if (endswith(cmd, "unlock_critical")) { |
3774 | 3772 | strcpy(response, "OKAY"); |
include/configs/imx8mm_evk_android.h
... | ... | @@ -62,5 +62,17 @@ |
62 | 62 | #endif |
63 | 63 | #define AVB_AB_I_UNDERSTAND_LIBAVB_AB_IS_DEPRECATED |
64 | 64 | |
65 | +#ifdef CONFIG_IMX_TRUSTY_OS | |
66 | +#define AVB_RPMB | |
67 | +#define KEYSLOT_HWPARTITION_ID 2 | |
68 | +#define KEYSLOT_BLKS 0x1FFF | |
69 | +#define NS_ARCH_ARM64 1 | |
70 | + | |
71 | +#ifdef CONFIG_SPL_BUILD | |
72 | +#undef CONFIG_BLK | |
73 | +#endif | |
74 | + | |
75 | +#endif | |
76 | + | |
65 | 77 | #endif /* IMX8MM_EVK_ANDROID_H */ |
include/fsl_fastboot.h
... | ... | @@ -84,16 +84,14 @@ |
84 | 84 | #endif |
85 | 85 | |
86 | 86 | #ifdef CONFIG_IMX_TRUSTY_OS |
87 | -#ifdef CONFIG_ANDROID_AUTO_SUPPORT | |
87 | +#ifndef CONFIG_AVB_ATX | |
88 | 88 | #define FASTBOOT_SET_RPMB_KEY "set-rpmb-key" |
89 | 89 | #define FASTBOOT_SET_VBMETA_PUBLIC_KEY "set-public-key" |
90 | 90 | #endif |
91 | -#endif | |
92 | 91 | |
93 | -#if defined(CONFIG_AVB_ATX) || defined(CONFIG_ANDROID_AUTO_SUPPORT) | |
94 | 92 | #define FASTBOOT_SET_CA_RESP "at-set-ca-response" |
95 | 93 | #define FASTBOOT_GET_CA_REQ "at-get-ca-request" |
96 | -#endif /* CONFIG_AVB_ATX || CONFIG_ANDROID_AUTO_SUPPORT */ | |
94 | +#endif | |
97 | 95 | |
98 | 96 | #ifdef CONFIG_ANDROID_THINGS_SUPPORT |
99 | 97 | #define FASTBOOT_BOOTLOADER_VBOOT_KEY "fuse at-bootloader-vboot-key" |
lib/avb/fsl/fsl_avb.c
... | ... | @@ -16,7 +16,7 @@ |
16 | 16 | #include "utils.h" |
17 | 17 | #include "debug.h" |
18 | 18 | #include "trusty/avb.h" |
19 | -#if !defined(CONFIG_IMX_TRUSTY_OS) || !defined(CONFIG_ANDROID_AUTO_SUPPORT) | |
19 | +#if !defined(CONFIG_IMX_TRUSTY_OS) | |
20 | 20 | #include "fsl_public_key.h" |
21 | 21 | #endif |
22 | 22 | #include "fsl_atx_attributes.h" |
... | ... | @@ -606,7 +606,7 @@ |
606 | 606 | assert(ops != NULL && out_is_trusted != NULL); |
607 | 607 | *out_is_trusted = false; |
608 | 608 | |
609 | -#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT) | |
609 | +#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) | |
610 | 610 | uint8_t public_key_buf[AVB_MAX_BUFFER_LENGTH]; |
611 | 611 | if (trusty_read_vbmeta_public_key(public_key_buf, |
612 | 612 | public_key_length) != 0) { |
... | ... | @@ -650,7 +650,7 @@ |
650 | 650 | #ifdef CONFIG_IMX_TRUSTY_OS |
651 | 651 | if (trusty_write_rollback_index(rollback_index_slot, rollback_index)) { |
652 | 652 | ERR("write rollback from Trusty error!\n"); |
653 | -#ifdef CONFIG_ANDROID_AUTO_SUPPORT | |
653 | +#ifndef CONFIG_AVB_ATX | |
654 | 654 | /* Read/write rollback index from rpmb will fail if the rpmb |
655 | 655 | * key hasn't been set, return AVB_IO_RESULT_OK in this case. |
656 | 656 | */ |
... | ... | @@ -747,7 +747,7 @@ |
747 | 747 | #ifdef CONFIG_IMX_TRUSTY_OS |
748 | 748 | if (trusty_read_rollback_index(rollback_index_slot, out_rollback_index)) { |
749 | 749 | ERR("read rollback from Trusty error!\n"); |
750 | -#ifdef CONFIG_ANDROID_AUTO_SUPPORT | |
750 | +#ifndef CONFIG_AVB_ATX | |
751 | 751 | if (!rpmbkey_is_set()) { |
752 | 752 | *out_rollback_index = 0; |
753 | 753 | ret = AVB_IO_RESULT_OK; |
lib/avb/fsl/fsl_avbkey.c
... | ... | @@ -651,7 +651,7 @@ |
651 | 651 | #endif /* AVB_RPMB */ |
652 | 652 | |
653 | 653 | #ifdef CONFIG_SPL_BUILD |
654 | -#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT) | |
654 | +#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) | |
655 | 655 | int check_rpmb_blob(struct mmc *mmc) |
656 | 656 | { |
657 | 657 | int ret = 0; |
... | ... | @@ -691,7 +691,7 @@ |
691 | 691 | |
692 | 692 | return ret; |
693 | 693 | } |
694 | -#endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */ | |
694 | +#endif /* CONFIG_IMX_TRUSTY_OS && !defined(CONFIG_AVB_ATX) */ | |
695 | 695 | #else /* CONFIG_SPL_BUILD */ |
696 | 696 | #ifdef CONFIG_AVB_ATX |
697 | 697 | static int fsl_fuse_ops(uint32_t *buffer, uint32_t length, uint32_t offset, |
... | ... | @@ -982,7 +982,7 @@ |
982 | 982 | } |
983 | 983 | #endif /* CONFIG_AVB_ATX */ |
984 | 984 | |
985 | -#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT) | |
985 | +#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) | |
986 | 986 | bool rpmbkey_is_set(void) |
987 | 987 | { |
988 | 988 | int mmcc; |
... | ... | @@ -1143,6 +1143,6 @@ |
1143 | 1143 | |
1144 | 1144 | return 0; |
1145 | 1145 | } |
1146 | -#endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */ | |
1146 | +#endif /* CONFIG_IMX_TRUSTY_OS && !defind(CONFIG_AVB_ATX) */ | |
1147 | 1147 | #endif /* CONFIG_SPL_BUILD */ |
lib/avb/fsl/fsl_avbkey.h
lib/avb/libavb/avb_slot_verify.c
... | ... | @@ -33,7 +33,7 @@ |
33 | 33 | #include "avb_util.h" |
34 | 34 | #include "avb_vbmeta_image.h" |
35 | 35 | #include "avb_version.h" |
36 | -#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT) | |
36 | +#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) | |
37 | 37 | #include "trusty/hwcrypto.h" |
38 | 38 | #include <memalign.h> |
39 | 39 | #endif |
... | ... | @@ -298,7 +298,7 @@ |
298 | 298 | } |
299 | 299 | |
300 | 300 | if (avb_strcmp((const char*)hash_desc.hash_algorithm, "sha256") == 0) { |
301 | -#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT) | |
301 | +#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) | |
302 | 302 | /* DMA requires cache aligned input/output buffer */ |
303 | 303 | ALLOC_CACHE_ALIGN_BUFFER(uint8_t, hash_out, AVB_SHA256_DIGEST_SIZE); |
304 | 304 | uint32_t round_buf_size = ROUND(hash_desc.salt_len + hash_desc.image_size, |
lib/trusty/ql-tipc/libtipc.c
... | ... | @@ -39,7 +39,7 @@ |
39 | 39 | static struct trusty_ipc_dev *_ipc_dev; |
40 | 40 | static struct trusty_dev _tdev; /* There should only be one trusty device */ |
41 | 41 | static void *rpmb_ctx; |
42 | -#ifdef CONFIG_ANDROID_AUTO_SUPPORT | |
42 | +#ifndef CONFIG_AVB_ATX | |
43 | 43 | bool rpmbkey_is_set(void); |
44 | 44 | #endif |
45 | 45 | |
... | ... | @@ -52,7 +52,7 @@ |
52 | 52 | (void)avb_tipc_shutdown(_ipc_dev); |
53 | 53 | (void)km_tipc_shutdown(_ipc_dev); |
54 | 54 | |
55 | -#ifdef CONFIG_ANDROID_AUTO_SUPPORT | |
55 | +#ifndef CONFIG_AVB_ATX | |
56 | 56 | (void)hwcrypto_tipc_shutdown(_ipc_dev); |
57 | 57 | #endif |
58 | 58 | |
... | ... | @@ -91,7 +91,7 @@ |
91 | 91 | if (rc != 0) { |
92 | 92 | trusty_error("Initlializing RPMB storage proxy service failed (%d)\n", |
93 | 93 | rc); |
94 | -#ifdef CONFIG_ANDROID_AUTO_SUPPORT | |
94 | +#ifndef CONFIG_AVB_ATX | |
95 | 95 | /* check if rpmb key has been fused. */ |
96 | 96 | if(rpmbkey_is_set()) { |
97 | 97 | /* Go to hang if the key has been destroyed. */ |
... | ... | @@ -120,7 +120,7 @@ |
120 | 120 | } |
121 | 121 | } |
122 | 122 | |
123 | -#ifdef CONFIG_ANDROID_AUTO_SUPPORT | |
123 | +#ifndef CONFIG_AVB_ATX | |
124 | 124 | trusty_info("Initializing Trusty Hardware Crypto client\n"); |
125 | 125 | rc = hwcrypto_tipc_init(_ipc_dev); |
126 | 126 | if (rc != 0) { |