Commit e29e4022c5e236fb2ebbcc719724feef738e269f
1 parent
4bddbabb10
Exists in
smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga
and in
4 other branches
MA-13904 [Trusty] Pass root trust to keymaster service
Pass the verified boot key hash to keymaster, it will be treated as the root trust in keymaster service. Also set the 'initialized' flag after initializing the keymaster client or set keymaster boot parameters will fail. Test: Pass CTS cases: android.keystore.cts.KeyAttestationTest#testRsaAttestation android.keystore.cts.KeyAttestationTest#testEcAttestation Change-Id: I486b5493826160f42c61a3da0e6cd769df92254d Signed-off-by: Ji Luo <ji.luo@nxp.com>
Showing 3 changed files with 19 additions and 7 deletions Side-by-side Diff
drivers/usb/gadget/f_fastboot.c
... | ... | @@ -83,7 +83,7 @@ |
83 | 83 | #include "fastboot_lock_unlock.h" |
84 | 84 | #endif |
85 | 85 | |
86 | -#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_DUAL_BOOTLOADER) | |
86 | +#ifdef CONFIG_IMX_TRUSTY_OS | |
87 | 87 | #include "u-boot/sha256.h" |
88 | 88 | #endif |
89 | 89 | |
90 | 90 | |
91 | 91 | |
92 | 92 | |
... | ... | @@ -2125,12 +2125,21 @@ |
2125 | 2125 | keymaster_verified_boot_t vbstatus; |
2126 | 2126 | FbLockState lock_status = fastboot_get_lock_stat(); |
2127 | 2127 | |
2128 | - uint8_t permanent_attributes_hash[AVB_SHA256_DIGEST_SIZE]; | |
2128 | + uint8_t boot_key_hash[AVB_SHA256_DIGEST_SIZE]; | |
2129 | 2129 | #ifdef CONFIG_AVB_ATX |
2130 | - if (fsl_read_permanent_attributes_hash(&fsl_avb_atx_ops, permanent_attributes_hash)) { | |
2130 | + if (fsl_read_permanent_attributes_hash(&fsl_avb_atx_ops, boot_key_hash)) { | |
2131 | 2131 | printf("ERROR - failed to read permanent attributes hash for keymaster\n"); |
2132 | - memset(permanent_attributes_hash, 0, AVB_SHA256_DIGEST_SIZE); | |
2132 | + memset(boot_key_hash, 0, AVB_SHA256_DIGEST_SIZE); | |
2133 | 2133 | } |
2134 | +#else | |
2135 | + uint8_t public_key_buf[AVB_MAX_BUFFER_LENGTH]; | |
2136 | + if (trusty_read_vbmeta_public_key(public_key_buf, | |
2137 | + AVB_MAX_BUFFER_LENGTH) != 0) { | |
2138 | + printf("ERROR - failed to read public key for keymaster\n"); | |
2139 | + memset(boot_key_hash, 0, AVB_SHA256_DIGEST_SIZE); | |
2140 | + } else | |
2141 | + sha256_csum_wd((unsigned char *)public_key_buf, AVB_SHA256_DIGEST_SIZE, | |
2142 | + (unsigned char *)boot_key_hash, CHUNKSZ_SHA256); | |
2134 | 2143 | #endif |
2135 | 2144 | |
2136 | 2145 | bool lock = (lock_status == FASTBOOT_LOCK)? true: false; |
2137 | 2146 | |
... | ... | @@ -2147,11 +2156,11 @@ |
2147 | 2156 | } |
2148 | 2157 | |
2149 | 2158 | trusty_set_boot_params(os_ver_km, os_lvl_km, vbstatus, lock, |
2150 | - permanent_attributes_hash, AVB_SHA256_DIGEST_SIZE, | |
2159 | + boot_key_hash, AVB_SHA256_DIGEST_SIZE, | |
2151 | 2160 | vbh, AVB_SHA256_DIGEST_SIZE); |
2152 | 2161 | #else |
2153 | 2162 | trusty_set_boot_params(os_ver_km, os_lvl_km, vbstatus, lock, |
2154 | - permanent_attributes_hash, AVB_SHA256_DIGEST_SIZE, | |
2163 | + boot_key_hash, AVB_SHA256_DIGEST_SIZE, | |
2155 | 2164 | NULL, 0); |
2156 | 2165 | #endif |
2157 | 2166 |
lib/trusty/ql-tipc/avb.c