Eric Lee / smarc-uboot

Download as
Browse Code ยป

Commit f39aa82a3dbcab9ac0807b794e524c9226fdf69a

Authored by Luo Ji
1 parent e26db8caf2
Exists in smarc-imx_v2018.03_4.14.78_1.0.0_ga

MA-13487 Refine fsl avb functions 

Too many macros are used in fsl_avbkey.c and
make it difficult to maintain.
This patch made some refine by:
  1. Move all avb/atx operations to fsl_avb.c.
  2. Refine the functions logic.
  3. Drop some unsupported conditions/functions.

Test: build and boot on
      imx8qm_mek/imx8mq_evk/imx6qp_sabresd/imx7d_pico/imx8m_aiy.

Change-Id: I5c99732acfc47d53cdf188d69223983777e577f4
Signed-off-by: Luo Ji <ji.luo@nxp.com>

Showing 10 changed files with 1094 additions and 1275 deletions Side-by-side Diff

configs/pico-imx7d-trusty_defconfig
Diff comments   View file @ f39aa82
... ... @@ -39,4 +39,5 @@
39 39 CONFIG_AVB_ATX=y
40 40 CONFIG_USE_STDINT=y
41 41 CONFIG_LIB_RAND=y
  42 +CONFIG_CMD_UUID=y
drivers/usb/gadget/f_fastboot.c
Diff comments   View file @ f39aa82
... ... @@ -933,18 +933,6 @@
933 933 {
934 934 if (download_bytes) {
935 935 struct fastboot_ptentry *ptn;
936   -#if defined(AVB_RPMB) && !defined(CONFIG_ARM64)
937   - if (!strcmp_l1(FASTBOOT_PARTITION_AVBKEY, cmdbuf)) {
938   - printf("pubkey len %d\n", download_bytes);
939   - if (avbkey_init(interface.transfer_buffer, download_bytes) != 0) {
940   - fastboot_fail("fail to Write partition");
941   - } else {
942   - printf("init 'avbkey' DONE!\n");
943   - fastboot_okay("OKAY");
944   - }
945   - return;
946   - }
947   -#endif
948 936  
949 937 /* Next is the partition name */
950 938 ptn = fastboot_flash_find_ptn(cmdbuf);
include/configs/imx8qm_mek_android_auto.h
Diff comments   View file @ f39aa82
... ... @@ -102,6 +102,7 @@
102 102 #endif
103 103  
104 104 #ifdef CONFIG_SPL_BUILD
  105 +#define AVB_RPMB
105 106 #undef CONFIG_BLK
106 107 #endif
107 108  
include/configs/imx8qxp_mek_android_auto.h
Diff comments   View file @ f39aa82
... ... @@ -95,6 +95,7 @@
95 95 #undef CONFIG_USB_FUNCTION_MASS_STORAGE
96 96  
97 97 #ifdef CONFIG_SPL_BUILD
  98 +#define AVB_RPMB
98 99 #undef CONFIG_BLK
99 100 #endif
100 101  
lib/avb/fsl/Makefile
Diff comments   View file @ f39aa82
1   -ccflags-y += -Werror
2   -
3 1 ifndef CONFIG_SPL_BUILD
4 2 obj-y += fsl_avb.o
5 3 obj-y += fsl_bootctl.o
... ... @@ -9,4 +7,5 @@
9 7 obj-y += fsl_avbkey.o
10 8 obj-y += utils.o
11 9 obj-y += fsl_avb_ab_flow.o
  10 +obj-$(CONFIG_AVB_ATX) += fsl_atx_attributes.o
lib/avb/fsl/fsl_atx_attributes.c
Diff comments   View file @ f39aa82
  1 +/*
  2 + * Copyright 2018 NXP
  3 + *
  4 + * SPDX-License-Identifier: GPL-2.0+
  5 + */
  6 +
  7 +/* This product_id is generated from
  8 + * extern/avb/test/data/atx_product_id.bin */
  9 +unsigned char fsl_atx_product_id[16] = {
  10 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  11 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  12 +};
  13 +/* This product_root_public_key is generated form
  14 + * extern/avb/test/data/testkey_atx_prk.pem */
  15 +unsigned char fsl_product_root_public_key[1032] = {
  16 + 0x00,0x00,0x10,0x00,0x9f,0x35,0xef,0x65,
  17 + 0xc3,0x29,0x4c,0x23,0x16,0x10,0xac,0x32,
  18 + 0xc1,0x3c,0xd5,0xc5,0xab,0xa1,0xd9,0xe7,
  19 + 0x13,0x3f,0x7e,0xd1,0xe6,0x61,0x5d,0xa3,
  20 + 0xa1,0x60,0xda,0x57,0x4b,0xb2,0xe6,0x0f,
  21 + 0xe1,0x50,0xbf,0x47,0xff,0x09,0xaf,0xcd,
  22 + 0x49,0x2d,0x82,0x33,0x76,0xa1,0xfe,0x28,
  23 + 0x5f,0x89,0x62,0xb3,0xc0,0xf1,0x11,0xaf,
  24 + 0x15,0x09,0x27,0xdb,0xeb,0x06,0x01,0xa2,
  25 + 0xf8,0xb7,0xd7,0x9c,0xe4,0x88,0x3a,0x86,
  26 + 0x05,0x02,0x20,0x69,0xb2,0x36,0x4c,0x3e,
  27 + 0x25,0x03,0xed,0xfc,0x0c,0x6b,0x1b,0x0a,
  28 + 0x04,0x9c,0xce,0x7f,0x83,0x82,0x60,0xd9,
  29 + 0x52,0x7e,0xc4,0x35,0x7b,0x1c,0xe6,0x64,
  30 + 0x9c,0x17,0xec,0x81,0xe7,0x9c,0x0c,0x8b,
  31 + 0x4b,0x7e,0x48,0xbe,0x00,0x98,0xa8,0x20,
  32 + 0x10,0x4c,0x9b,0xd1,0x16,0x5b,0x25,0xe9,
  33 + 0x4e,0x61,0xda,0x7c,0x63,0x80,0x8f,0xa4,
  34 + 0xac,0x74,0xee,0xa8,0x06,0xac,0x26,0xd5,
  35 + 0x71,0x6f,0xaa,0x73,0x20,0x9c,0x7f,0xcd,
  36 + 0x73,0xd4,0xa9,0xa0,0x7e,0x5a,0xb5,0x61,
  37 + 0xb0,0x88,0xb0,0xdd,0xdb,0x6b,0x79,0xd1,
  38 + 0x5a,0x9e,0x54,0x49,0x55,0xc6,0x89,0x76,
  39 + 0x7a,0xc6,0x78,0x99,0xdc,0xc9,0x00,0x5d,
  40 + 0x20,0xf5,0xfc,0x8f,0x39,0x46,0xf3,0x02,
  41 + 0x96,0x0d,0x9b,0xfb,0xbc,0xd5,0xcf,0x5a,
  42 + 0x4f,0xc4,0xb8,0x0b,0xd0,0xf3,0x19,0x3c,
  43 + 0x74,0x04,0xd5,0x94,0x2c,0x19,0x15,0x64,
  44 + 0xbf,0x53,0x67,0x97,0x7b,0x9e,0xc6,0xe0,
  45 + 0xfb,0x29,0x5b,0x90,0xad,0x04,0x8a,0xd8,
  46 + 0x5b,0xdf,0x69,0x09,0xe4,0xa5,0xe9,0xd9,
  47 + 0x0f,0xc4,0xff,0xae,0xb7,0x44,0x12,0xae,
  48 + 0xad,0x03,0x97,0xb8,0xda,0xd7,0x60,0x37,
  49 + 0x15,0xf2,0xb9,0xdb,0x10,0xf6,0xe2,0x26,
  50 + 0x48,0x7e,0x3e,0x3e,0xc3,0x67,0xd3,0xa6,
  51 + 0x02,0xf7,0xbc,0x60,0xed,0x45,0xdf,0x37,
  52 + 0xef,0xf9,0xea,0x97,0x5f,0x37,0xb4,0xeb,
  53 + 0xb4,0x91,0x6c,0x39,0x4d,0xed,0x52,0x15,
  54 + 0x39,0x47,0x59,0x62,0xde,0x32,0x55,0xe1,
  55 + 0xd4,0x15,0x58,0x7d,0x52,0x41,0x12,0x78,
  56 + 0xee,0x9f,0x0d,0xc8,0x5e,0x34,0x91,0xf9,
  57 + 0xe7,0x4c,0x1e,0xe7,0x2f,0x90,0x7f,0xbb,
  58 + 0xf8,0x99,0x3e,0xc9,0x79,0xab,0x01,0xdb,
  59 + 0x24,0x39,0xe3,0xb4,0xc9,0x52,0x73,0xdb,
  60 + 0x65,0x42,0xa5,0x2e,0x43,0x56,0xa0,0x33,
  61 + 0x8c,0x1a,0xb7,0xa1,0xed,0x5c,0xd0,0x14,
  62 + 0x93,0x8d,0x23,0x78,0x93,0xcb,0x3a,0x03,
  63 + 0x1f,0xbb,0xc6,0x7b,0xcd,0x51,0x4e,0xaa,
  64 + 0x14,0x01,0xe9,0x03,0x27,0x13,0xe2,0xb2,
  65 + 0xf8,0x36,0xc6,0xe3,0xc3,0x7f,0xb5,0x74,
  66 + 0x20,0x5e,0x17,0xaa,0x25,0x07,0x9b,0x60,
  67 + 0xda,0x83,0x98,0xb5,0x55,0xae,0x1b,0x7a,
  68 + 0xc1,0x1f,0x49,0x72,0xe2,0xcb,0x6a,0x11,
  69 + 0x77,0xdf,0x3f,0xc0,0x9f,0x8f,0x33,0xc7,
  70 + 0x10,0x17,0x8c,0xfc,0xd5,0xb7,0x5f,0x5e,
  71 + 0xb2,0xe3,0x7b,0x2e,0xdc,0xc7,0x34,0xdb,
  72 + 0x31,0xb0,0xdc,0x5d,0x14,0x98,0xb6,0x1a,
  73 + 0x2a,0xd4,0xb4,0x04,0x2c,0xf0,0x68,0x1c,
  74 + 0x91,0x60,0x28,0xa5,0x3b,0x01,0x98,0xb6,
  75 + 0x1e,0x6e,0xaa,0x35,0x89,0xc7,0x94,0xaa,
  76 + 0x9e,0xf0,0x11,0x52,0x0f,0x28,0xa1,0x3d,
  77 + 0xd3,0x17,0xb5,0x08,0xd8,0x7a,0x41,0xf9,
  78 + 0x07,0xe2,0x87,0x36,0xcd,0x86,0x3e,0x79,
  79 + 0x99,0x73,0x50,0x21,0x30,0x00,0xd2,0xf3,
  80 + 0x88,0x60,0x32,0x59,0x58,0x2f,0x55,0x93,
  81 + 0x86,0x56,0x9a,0x96,0xb9,0xf8,0xbf,0x24,
  82 + 0xc4,0xba,0xea,0xa4,0x73,0xb0,0x0c,0xa6,
  83 + 0xdb,0x09,0x2d,0x0a,0x36,0x3f,0x80,0xe6,
  84 + 0x85,0x7a,0xf3,0x01,0x90,0x3a,0xc6,0xee,
  85 + 0x2d,0xa8,0xce,0xb4,0x3f,0x3a,0xa6,0xa3,
  86 + 0xaf,0xb9,0x21,0xef,0x40,0x6f,0xf4,0x7f,
  87 + 0x78,0x25,0x55,0x39,0x53,0x67,0x53,0x56,
  88 + 0x8d,0x81,0xaf,0x63,0x97,0x68,0x86,0x75,
  89 + 0x66,0x14,0x1e,0xa6,0x63,0x1e,0x02,0xd0,
  90 + 0x41,0xd8,0x78,0x75,0x0d,0x76,0x77,0xfa,
  91 + 0x9c,0xc5,0xcc,0x54,0x06,0x25,0x53,0x95,
  92 + 0xeb,0x4b,0x7c,0xb4,0xc8,0xbb,0x5d,0x6b,
  93 + 0x6e,0xf0,0xd7,0x8d,0x3f,0xdf,0x93,0x4c,
  94 + 0x30,0x5b,0x02,0xf5,0x0e,0x49,0x87,0x60,
  95 + 0x5f,0x19,0x06,0x24,0x3d,0x5d,0x97,0x37,
  96 + 0x61,0xef,0x3e,0x0b,0x9e,0x85,0x1c,0x1a,
  97 + 0xa6,0x53,0x91,0xd2,0x2c,0x18,0x7c,0x8f,
  98 + 0x5b,0x4a,0xd5,0xdd,0xd9,0x8a,0xc3,0x92,
  99 + 0x19,0x54,0x39,0xde,0x33,0xa1,0xe1,0x37,
  100 + 0x60,0x3c,0x3b,0x3b,0xc5,0xed,0x1b,0xef,
  101 + 0x28,0xf5,0xdf,0x44,0x91,0xa3,0x1e,0x69,
  102 + 0x6a,0x35,0x85,0x6e,0x26,0x46,0x22,0x4d,
  103 + 0x87,0x92,0x44,0x6b,0x96,0xdb,0x75,0xfe,
  104 + 0x76,0x03,0x60,0xf7,0xfd,0x90,0x55,0x7d,
  105 + 0x6e,0xd7,0xaa,0x44,0x05,0xc7,0x23,0x37,
  106 + 0x12,0xa8,0xd4,0xb2,0x2b,0xed,0x41,0x5f,
  107 + 0x23,0x38,0x7c,0x16,0xe6,0x16,0xd3,0x10,
  108 + 0x19,0x12,0xcc,0x8b,0x6e,0xcd,0xd6,0xa6,
  109 + 0x39,0x8a,0x1b,0x24,0x3f,0x4d,0x6f,0xa6,
  110 + 0x00,0x7c,0xa0,0xa1,0x4a,0xfd,0xcd,0x68,
  111 + 0x50,0x76,0xc8,0x68,0x9d,0xeb,0xdf,0x24,
  112 + 0x39,0xaf,0x77,0xb2,0xb6,0xaf,0xb6,0x34,
  113 + 0x61,0x37,0x6a,0xfd,0xc7,0x6d,0x02,0x9f,
  114 + 0x29,0xd5,0x45,0xf4,0x89,0xd8,0x8c,0x5c,
  115 + 0xd3,0x31,0xa0,0x58,0x19,0x54,0x33,0x46,
  116 + 0x92,0xbc,0x1e,0x4b,0x14,0xac,0x73,0xa5,
  117 + 0x09,0x9f,0xb6,0x2b,0x2b,0x73,0x6b,0x83,
  118 + 0x86,0x13,0x6e,0x03,0xf7,0xe0,0x7d,0x81,
  119 + 0x47,0x18,0x08,0xea,0x09,0x10,0x24,0x61,
  120 + 0x6d,0x09,0x1d,0xb8,0x8e,0xba,0x04,0x4d,
  121 + 0xcc,0xe6,0xff,0x28,0x27,0x86,0x38,0x01,
  122 + 0x86,0xbe,0xf0,0x5b,0xf8,0x1a,0xd6,0xde,
  123 + 0xbe,0xf9,0x3b,0x76,0x3f,0x85,0x82,0x22,
  124 + 0x92,0x4b,0xe0,0x76,0x15,0xb2,0x57,0x5a,
  125 + 0xb0,0x64,0xde,0xce,0x93,0xb8,0x9f,0x25,
  126 + 0x53,0x8c,0x5e,0xdf,0x29,0x4e,0x50,0x69,
  127 + 0xfb,0x7e,0x33,0xcb,0x0e,0x28,0x01,0x6c,
  128 + 0xab,0xfa,0xd8,0x88,0x02,0xbc,0xf2,0xb1,
  129 + 0x0e,0x2f,0x6d,0x1c,0x8d,0xe4,0x11,0x23,
  130 + 0xcc,0x67,0x94,0x7b,0xf7,0x8a,0xf3,0x68,
  131 + 0x52,0xe4,0x82,0x25,0x86,0xc6,0x72,0x19,
  132 + 0x77,0x80,0x28,0xe3,0x86,0xc8,0x8a,0xea,
  133 + 0x3d,0x54,0x2f,0x0b,0x64,0x0a,0xc5,0x12,
  134 + 0x8c,0xb2,0x07,0x72,0x1b,0x09,0x9f,0x32,
  135 + 0xbd,0xa3,0xb0,0x0c,0x95,0xc8,0x4d,0xe5,
  136 + 0xd7,0x20,0xdb,0xf8,0x34,0x2a,0x9d,0x91,
  137 + 0x58,0x38,0x7a,0x9c,0xe0,0xa3,0x0f,0x40,
  138 + 0x9d,0xff,0xeb,0x4b,0xe2,0x16,0x94,0x32,
  139 + 0xce,0xe8,0x52,0x75,0x49,0xf4,0x71,0x13,
  140 + 0xbc,0x59,0x7d,0x9a,0xe8,0x60,0x29,0x58,
  141 + 0x1a,0x14,0x94,0xe6,0x37,0x23,0xad,0xfe,
  142 + 0x0b,0xf0,0x63,0x60,0x4f,0x5d,0x10,0x91,
  143 + 0xf2,0x50,0x8e,0x0b,0x4a,0x47,0xc9,0x0c,
  144 + 0x1f,0xdc,0x94,0x75,0x25,0x52,0x99,0xfc
  145 +};
lib/avb/fsl/fsl_atx_attributes.h
Diff comments   View file @ f39aa82
1 1 /*
2   - * Copyright 2017 NXP
  2 + * Copyright 2018 NXP
3 3 *
4 4 * SPDX-License-Identifier: GPL-2.0+
5 5 */
6 6  
7 7  
... ... @@ -10,144 +10,10 @@
10 10 #define fsl_version 1
11 11 /* This product_id is generated from
12 12 * extern/avb/test/data/atx_product_id.bin */
13   -unsigned char fsl_atx_product_id[] = {
14   - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
15   - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
16   -};
  13 +extern unsigned char fsl_atx_product_id[17];
17 14 /* This product_root_public_key is generated form
18 15 * extern/avb/test/data/testkey_atx_prk.pem */
19   -unsigned char fsl_product_root_public_key[] = {
20   - 0x00,0x00,0x10,0x00,0x9f,0x35,0xef,0x65,
21   - 0xc3,0x29,0x4c,0x23,0x16,0x10,0xac,0x32,
22   - 0xc1,0x3c,0xd5,0xc5,0xab,0xa1,0xd9,0xe7,
23   - 0x13,0x3f,0x7e,0xd1,0xe6,0x61,0x5d,0xa3,
24   - 0xa1,0x60,0xda,0x57,0x4b,0xb2,0xe6,0x0f,
25   - 0xe1,0x50,0xbf,0x47,0xff,0x09,0xaf,0xcd,
26   - 0x49,0x2d,0x82,0x33,0x76,0xa1,0xfe,0x28,
27   - 0x5f,0x89,0x62,0xb3,0xc0,0xf1,0x11,0xaf,
28   - 0x15,0x09,0x27,0xdb,0xeb,0x06,0x01,0xa2,
29   - 0xf8,0xb7,0xd7,0x9c,0xe4,0x88,0x3a,0x86,
30   - 0x05,0x02,0x20,0x69,0xb2,0x36,0x4c,0x3e,
31   - 0x25,0x03,0xed,0xfc,0x0c,0x6b,0x1b,0x0a,
32   - 0x04,0x9c,0xce,0x7f,0x83,0x82,0x60,0xd9,
33   - 0x52,0x7e,0xc4,0x35,0x7b,0x1c,0xe6,0x64,
34   - 0x9c,0x17,0xec,0x81,0xe7,0x9c,0x0c,0x8b,
35   - 0x4b,0x7e,0x48,0xbe,0x00,0x98,0xa8,0x20,
36   - 0x10,0x4c,0x9b,0xd1,0x16,0x5b,0x25,0xe9,
37   - 0x4e,0x61,0xda,0x7c,0x63,0x80,0x8f,0xa4,
38   - 0xac,0x74,0xee,0xa8,0x06,0xac,0x26,0xd5,
39   - 0x71,0x6f,0xaa,0x73,0x20,0x9c,0x7f,0xcd,
40   - 0x73,0xd4,0xa9,0xa0,0x7e,0x5a,0xb5,0x61,
41   - 0xb0,0x88,0xb0,0xdd,0xdb,0x6b,0x79,0xd1,
42   - 0x5a,0x9e,0x54,0x49,0x55,0xc6,0x89,0x76,
43   - 0x7a,0xc6,0x78,0x99,0xdc,0xc9,0x00,0x5d,
44   - 0x20,0xf5,0xfc,0x8f,0x39,0x46,0xf3,0x02,
45   - 0x96,0x0d,0x9b,0xfb,0xbc,0xd5,0xcf,0x5a,
46   - 0x4f,0xc4,0xb8,0x0b,0xd0,0xf3,0x19,0x3c,
47   - 0x74,0x04,0xd5,0x94,0x2c,0x19,0x15,0x64,
48   - 0xbf,0x53,0x67,0x97,0x7b,0x9e,0xc6,0xe0,
49   - 0xfb,0x29,0x5b,0x90,0xad,0x04,0x8a,0xd8,
50   - 0x5b,0xdf,0x69,0x09,0xe4,0xa5,0xe9,0xd9,
51   - 0x0f,0xc4,0xff,0xae,0xb7,0x44,0x12,0xae,
52   - 0xad,0x03,0x97,0xb8,0xda,0xd7,0x60,0x37,
53   - 0x15,0xf2,0xb9,0xdb,0x10,0xf6,0xe2,0x26,
54   - 0x48,0x7e,0x3e,0x3e,0xc3,0x67,0xd3,0xa6,
55   - 0x02,0xf7,0xbc,0x60,0xed,0x45,0xdf,0x37,
56   - 0xef,0xf9,0xea,0x97,0x5f,0x37,0xb4,0xeb,
57   - 0xb4,0x91,0x6c,0x39,0x4d,0xed,0x52,0x15,
58   - 0x39,0x47,0x59,0x62,0xde,0x32,0x55,0xe1,
59   - 0xd4,0x15,0x58,0x7d,0x52,0x41,0x12,0x78,
60   - 0xee,0x9f,0x0d,0xc8,0x5e,0x34,0x91,0xf9,
61   - 0xe7,0x4c,0x1e,0xe7,0x2f,0x90,0x7f,0xbb,
62   - 0xf8,0x99,0x3e,0xc9,0x79,0xab,0x01,0xdb,
63   - 0x24,0x39,0xe3,0xb4,0xc9,0x52,0x73,0xdb,
64   - 0x65,0x42,0xa5,0x2e,0x43,0x56,0xa0,0x33,
65   - 0x8c,0x1a,0xb7,0xa1,0xed,0x5c,0xd0,0x14,
66   - 0x93,0x8d,0x23,0x78,0x93,0xcb,0x3a,0x03,
67   - 0x1f,0xbb,0xc6,0x7b,0xcd,0x51,0x4e,0xaa,
68   - 0x14,0x01,0xe9,0x03,0x27,0x13,0xe2,0xb2,
69   - 0xf8,0x36,0xc6,0xe3,0xc3,0x7f,0xb5,0x74,
70   - 0x20,0x5e,0x17,0xaa,0x25,0x07,0x9b,0x60,
71   - 0xda,0x83,0x98,0xb5,0x55,0xae,0x1b,0x7a,
72   - 0xc1,0x1f,0x49,0x72,0xe2,0xcb,0x6a,0x11,
73   - 0x77,0xdf,0x3f,0xc0,0x9f,0x8f,0x33,0xc7,
74   - 0x10,0x17,0x8c,0xfc,0xd5,0xb7,0x5f,0x5e,
75   - 0xb2,0xe3,0x7b,0x2e,0xdc,0xc7,0x34,0xdb,
76   - 0x31,0xb0,0xdc,0x5d,0x14,0x98,0xb6,0x1a,
77   - 0x2a,0xd4,0xb4,0x04,0x2c,0xf0,0x68,0x1c,
78   - 0x91,0x60,0x28,0xa5,0x3b,0x01,0x98,0xb6,
79   - 0x1e,0x6e,0xaa,0x35,0x89,0xc7,0x94,0xaa,
80   - 0x9e,0xf0,0x11,0x52,0x0f,0x28,0xa1,0x3d,
81   - 0xd3,0x17,0xb5,0x08,0xd8,0x7a,0x41,0xf9,
82   - 0x07,0xe2,0x87,0x36,0xcd,0x86,0x3e,0x79,
83   - 0x99,0x73,0x50,0x21,0x30,0x00,0xd2,0xf3,
84   - 0x88,0x60,0x32,0x59,0x58,0x2f,0x55,0x93,
85   - 0x86,0x56,0x9a,0x96,0xb9,0xf8,0xbf,0x24,
86   - 0xc4,0xba,0xea,0xa4,0x73,0xb0,0x0c,0xa6,
87   - 0xdb,0x09,0x2d,0x0a,0x36,0x3f,0x80,0xe6,
88   - 0x85,0x7a,0xf3,0x01,0x90,0x3a,0xc6,0xee,
89   - 0x2d,0xa8,0xce,0xb4,0x3f,0x3a,0xa6,0xa3,
90   - 0xaf,0xb9,0x21,0xef,0x40,0x6f,0xf4,0x7f,
91   - 0x78,0x25,0x55,0x39,0x53,0x67,0x53,0x56,
92   - 0x8d,0x81,0xaf,0x63,0x97,0x68,0x86,0x75,
93   - 0x66,0x14,0x1e,0xa6,0x63,0x1e,0x02,0xd0,
94   - 0x41,0xd8,0x78,0x75,0x0d,0x76,0x77,0xfa,
95   - 0x9c,0xc5,0xcc,0x54,0x06,0x25,0x53,0x95,
96   - 0xeb,0x4b,0x7c,0xb4,0xc8,0xbb,0x5d,0x6b,
97   - 0x6e,0xf0,0xd7,0x8d,0x3f,0xdf,0x93,0x4c,
98   - 0x30,0x5b,0x02,0xf5,0x0e,0x49,0x87,0x60,
99   - 0x5f,0x19,0x06,0x24,0x3d,0x5d,0x97,0x37,
100   - 0x61,0xef,0x3e,0x0b,0x9e,0x85,0x1c,0x1a,
101   - 0xa6,0x53,0x91,0xd2,0x2c,0x18,0x7c,0x8f,
102   - 0x5b,0x4a,0xd5,0xdd,0xd9,0x8a,0xc3,0x92,
103   - 0x19,0x54,0x39,0xde,0x33,0xa1,0xe1,0x37,
104   - 0x60,0x3c,0x3b,0x3b,0xc5,0xed,0x1b,0xef,
105   - 0x28,0xf5,0xdf,0x44,0x91,0xa3,0x1e,0x69,
106   - 0x6a,0x35,0x85,0x6e,0x26,0x46,0x22,0x4d,
107   - 0x87,0x92,0x44,0x6b,0x96,0xdb,0x75,0xfe,
108   - 0x76,0x03,0x60,0xf7,0xfd,0x90,0x55,0x7d,
109   - 0x6e,0xd7,0xaa,0x44,0x05,0xc7,0x23,0x37,
110   - 0x12,0xa8,0xd4,0xb2,0x2b,0xed,0x41,0x5f,
111   - 0x23,0x38,0x7c,0x16,0xe6,0x16,0xd3,0x10,
112   - 0x19,0x12,0xcc,0x8b,0x6e,0xcd,0xd6,0xa6,
113   - 0x39,0x8a,0x1b,0x24,0x3f,0x4d,0x6f,0xa6,
114   - 0x00,0x7c,0xa0,0xa1,0x4a,0xfd,0xcd,0x68,
115   - 0x50,0x76,0xc8,0x68,0x9d,0xeb,0xdf,0x24,
116   - 0x39,0xaf,0x77,0xb2,0xb6,0xaf,0xb6,0x34,
117   - 0x61,0x37,0x6a,0xfd,0xc7,0x6d,0x02,0x9f,
118   - 0x29,0xd5,0x45,0xf4,0x89,0xd8,0x8c,0x5c,
119   - 0xd3,0x31,0xa0,0x58,0x19,0x54,0x33,0x46,
120   - 0x92,0xbc,0x1e,0x4b,0x14,0xac,0x73,0xa5,
121   - 0x09,0x9f,0xb6,0x2b,0x2b,0x73,0x6b,0x83,
122   - 0x86,0x13,0x6e,0x03,0xf7,0xe0,0x7d,0x81,
123   - 0x47,0x18,0x08,0xea,0x09,0x10,0x24,0x61,
124   - 0x6d,0x09,0x1d,0xb8,0x8e,0xba,0x04,0x4d,
125   - 0xcc,0xe6,0xff,0x28,0x27,0x86,0x38,0x01,
126   - 0x86,0xbe,0xf0,0x5b,0xf8,0x1a,0xd6,0xde,
127   - 0xbe,0xf9,0x3b,0x76,0x3f,0x85,0x82,0x22,
128   - 0x92,0x4b,0xe0,0x76,0x15,0xb2,0x57,0x5a,
129   - 0xb0,0x64,0xde,0xce,0x93,0xb8,0x9f,0x25,
130   - 0x53,0x8c,0x5e,0xdf,0x29,0x4e,0x50,0x69,
131   - 0xfb,0x7e,0x33,0xcb,0x0e,0x28,0x01,0x6c,
132   - 0xab,0xfa,0xd8,0x88,0x02,0xbc,0xf2,0xb1,
133   - 0x0e,0x2f,0x6d,0x1c,0x8d,0xe4,0x11,0x23,
134   - 0xcc,0x67,0x94,0x7b,0xf7,0x8a,0xf3,0x68,
135   - 0x52,0xe4,0x82,0x25,0x86,0xc6,0x72,0x19,
136   - 0x77,0x80,0x28,0xe3,0x86,0xc8,0x8a,0xea,
137   - 0x3d,0x54,0x2f,0x0b,0x64,0x0a,0xc5,0x12,
138   - 0x8c,0xb2,0x07,0x72,0x1b,0x09,0x9f,0x32,
139   - 0xbd,0xa3,0xb0,0x0c,0x95,0xc8,0x4d,0xe5,
140   - 0xd7,0x20,0xdb,0xf8,0x34,0x2a,0x9d,0x91,
141   - 0x58,0x38,0x7a,0x9c,0xe0,0xa3,0x0f,0x40,
142   - 0x9d,0xff,0xeb,0x4b,0xe2,0x16,0x94,0x32,
143   - 0xce,0xe8,0x52,0x75,0x49,0xf4,0x71,0x13,
144   - 0xbc,0x59,0x7d,0x9a,0xe8,0x60,0x29,0x58,
145   - 0x1a,0x14,0x94,0xe6,0x37,0x23,0xad,0xfe,
146   - 0x0b,0xf0,0x63,0x60,0x4f,0x5d,0x10,0x91,
147   - 0xf2,0x50,0x8e,0x0b,0x4a,0x47,0xc9,0x0c,
148   - 0x1f,0xdc,0x94,0x75,0x25,0x52,0x99,0xfc
149   -};
  16 +extern unsigned char fsl_product_root_public_key[1032];
150 17  
151   -#endif
152   -/* __FSL_ATX_ATTRIBUTES_H__ */
  18 +#endif /* __FSL_ATX_ATTRIBUTES_H__ */
lib/avb/fsl/fsl_avb.c
Diff comments   View file @ f39aa82
... ... @@ -15,6 +15,9 @@
15 15 #include "fsl_avbkey.h"
16 16 #include "utils.h"
17 17 #include "debug.h"
  18 +#include "trusty/avb.h"
  19 +#include "fsl_public_key.h"
  20 +#include "fsl_atx_attributes.h"
18 21  
19 22 #define FSL_AVB_DEV "mmc"
20 23  
... ... @@ -435,4 +438,393 @@
435 438 *out_size_num_bytes = (uint64_t)(pte->length * 512);
436 439 return AVB_IO_RESULT_OK;
437 440 }
  441 +
  442 +#ifdef CONFIG_AVB_ATX
  443 +/* Reads permanent |attributes| data. There are no restrictions on where this
  444 + * data is stored. On success, returns AVB_IO_RESULT_OK and populates
  445 + * |attributes|.
  446 + */
  447 +AvbIOResult fsl_read_permanent_attributes(
  448 + AvbAtxOps* atx_ops, AvbAtxPermanentAttributes* attributes) {
  449 +#ifdef CONFIG_IMX_TRUSTY_OS
  450 + if (!trusty_read_permanent_attributes((uint8_t *)attributes,
  451 + sizeof(AvbAtxPermanentAttributes))) {
  452 + return AVB_IO_RESULT_OK;
  453 + }
  454 + ERR("No perm-attr fused. Will use hard code one.\n");
  455 +#endif /* CONFIG_IMX_TRUSTY_OS */
  456 +
  457 + /* use hard code permanent attributes due to limited fuse and RPMB */
  458 + attributes->version = fsl_version;
  459 + memcpy(attributes->product_root_public_key, fsl_product_root_public_key,
  460 + sizeof(fsl_product_root_public_key));
  461 + memcpy(attributes->product_id, fsl_atx_product_id,
  462 + sizeof(fsl_atx_product_id));
  463 +
  464 + return AVB_IO_RESULT_OK;
  465 +}
  466 +
  467 +/* Reads a |hash| of permanent attributes. This hash MUST be retrieved from a
  468 + * permanently read-only location (e.g. fuses) when a device is LOCKED. On
  469 + * success, returned AVB_IO_RESULT_OK and populates |hash|.
  470 + */
  471 +AvbIOResult fsl_read_permanent_attributes_hash(
  472 + AvbAtxOps* atx_ops, uint8_t hash[AVB_SHA256_DIGEST_SIZE]) {
  473 +#ifdef CONFIG_ARM64
  474 + /* calculate sha256(permanent attributes) */
  475 + if (permanent_attributes_sha256_hash(hash) != RESULT_OK) {
  476 + return AVB_IO_RESULT_ERROR_IO;
  477 + } else {
  478 + return AVB_IO_RESULT_OK;
  479 + }
  480 +#else
  481 + uint8_t sha256_hash_buf[AVB_SHA256_DIGEST_SIZE];
  482 + uint32_t sha256_hash_fuse[ATX_FUSE_BANK_NUM];
  483 +
  484 + /* read first 112 bits of sha256(permanent attributes) from fuse */
  485 + if (fsl_fuse_read(sha256_hash_fuse, ATX_FUSE_BANK_NUM,
  486 + PERMANENT_ATTRIBUTE_HASH_OFFSET)) {
  487 + printf("ERROR - read permanent attributes hash from "
  488 + "fuse error\n");
  489 + return AVB_IO_RESULT_ERROR_IO;
  490 + }
  491 + /* only take the lower 2 bytes of last bank */
  492 + sha256_hash_fuse[ATX_FUSE_BANK_NUM - 1] &= ATX_FUSE_BANK_MASK;
  493 +
  494 + /* calculate sha256(permanent attributes) */
  495 + if (permanent_attributes_sha256_hash(sha256_hash_buf) != RESULT_OK) {
  496 + return AVB_IO_RESULT_ERROR_IO;
  497 + }
  498 + /* check if the sha256(permanent attributes) hash match the calculated one,
  499 + * if not match, just return all zeros hash.
  500 + */
  501 + if (memcmp(sha256_hash_fuse, sha256_hash_buf, ATX_HASH_LENGTH)) {
  502 + printf("ERROR - sha256(permanent attributes) does not match\n");
  503 + memset(hash, 0, AVB_SHA256_DIGEST_SIZE);
  504 + } else {
  505 + memcpy(hash, sha256_hash_buf, AVB_SHA256_DIGEST_SIZE);
  506 + }
  507 +
  508 + return AVB_IO_RESULT_OK;
  509 +#endif /* CONFIG_ARM64 */
  510 +}
  511 +
  512 + /* Generates |num_bytes| random bytes and stores them in |output|,
  513 + * which must point to a buffer large enough to store the bytes.
  514 + *
  515 + * Returns AVB_IO_RESULT_OK on success, otherwise an error code.
  516 + */
  517 +AvbIOResult fsl_get_random(AvbAtxOps* atx_ops,
  518 + size_t num_bytes,
  519 + uint8_t* output)
  520 +{
  521 + uint32_t num = 0;
  522 + uint32_t i;
  523 +
  524 + if (output == NULL) {
  525 + ERR("Output buffer is NULL!\n");
  526 + return AVB_IO_RESULT_ERROR_INSUFFICIENT_SPACE;
  527 + }
  528 +
  529 + /* set the seed as device boot time. */
  530 + srand((uint32_t)get_timer(0));
  531 + for (i = 0; i < num_bytes; i++) {
  532 + num = rand() % 256;
  533 + output[i] = (uint8_t)num;
  534 + }
  535 +
  536 + return AVB_IO_RESULT_OK;
  537 +}
  538 +/* Provides the key version of a key used during verification. This may be
  539 + * useful for managing the minimum key version.
  540 + */
  541 +void fsl_set_key_version(AvbAtxOps* atx_ops,
  542 + size_t rollback_index_location,
  543 + uint64_t key_version) {
  544 + kblb_hdr_t hdr;
  545 + kblb_tag_t *rbk;
  546 + uint64_t *plain_idx = NULL;
  547 + struct mmc *mmc_dev;
  548 + static const uint32_t kTypeMask = 0xF000;
  549 +
  550 + DEBUGAVB("[rpmb] write to rollback slot: (%zu, %" PRIu64 ")\n",
  551 + rollback_index_location, key_version);
  552 +
  553 + assert(atx_ops != NULL);
  554 +
  555 + if ((mmc_dev = get_mmc()) == NULL) {
  556 + ERR("err get mmc device\n");
  557 + }
  558 + /* read the kblb header */
  559 + if (rpmb_read(mmc_dev, (uint8_t *)&hdr, sizeof(hdr), 0) != 0) {
  560 + ERR("read RPMB error\n");
  561 + }
  562 +
  563 + if (memcmp(hdr.magic, AVB_KBLB_MAGIC, AVB_KBLB_MAGIC_LEN) != 0) {
  564 + ERR("magic not match\n");
  565 + }
  566 +
  567 + /* rollback index for Android Things key versions */
  568 + rbk = &hdr.atx_rbk_tags[rollback_index_location & ~kTypeMask];
  569 +
  570 + plain_idx = malloc(rbk->len);
  571 + if (plain_idx == NULL)
  572 + printf("\nError! allocate memory fail!\n");
  573 + memset(plain_idx, 0, rbk->len);
  574 + *plain_idx = key_version;
  575 +
  576 + /* write rollback_index keyblob */
  577 + if (rpmb_write(mmc_dev, (uint8_t *)plain_idx, rbk->len, rbk->offset) !=
  578 + 0) {
  579 + ERR("write rollback index error\n");
  580 + goto fail;
  581 + }
  582 +fail:
  583 + if (plain_idx != NULL)
  584 + free(plain_idx);
  585 +}
  586 +#endif /* CONFIG_AVB_ATX */
  587 +
  588 +#ifdef AVB_RPMB
  589 +/* Checks if the given public key used to sign the 'vbmeta'
  590 + * partition is trusted. Boot loaders typically compare this with
  591 + * embedded key material generated with 'avbtool
  592 + * extract_public_key'.
  593 + *
  594 + * If AVB_IO_RESULT_OK is returned then |out_is_trusted| is set -
  595 + * true if trusted or false if untrusted.
  596 + */
  597 +AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops,
  598 + const uint8_t* public_key_data,
  599 + size_t public_key_length,
  600 + const uint8_t* public_key_metadata,
  601 + size_t public_key_metadata_length,
  602 + bool* out_is_trusted) {
  603 + AvbIOResult ret;
  604 + assert(ops != NULL && out_is_trusted != NULL);
  605 + *out_is_trusted = false;
  606 +
  607 + /* match given public key */
  608 + if (memcmp(fsl_public_key, public_key_data, public_key_length)) {
  609 + ret = AVB_IO_RESULT_ERROR_IO;
  610 + ERR("public key not match\n");
  611 + return AVB_IO_RESULT_ERROR_IO;
  612 + }
  613 +
  614 + *out_is_trusted = true;
  615 + ret = AVB_IO_RESULT_OK;
  616 +
  617 + return ret;
  618 +}
  619 +
  620 +/* Sets the rollback index corresponding to the slot given by
  621 + * |rollback_index_slot| to |rollback_index|. Returns
  622 + * AVB_IO_RESULT_OK if the rollback index was set, otherwise an
  623 + * error code.
  624 + *
  625 + * A device may have a limited amount of rollback index slots (say,
  626 + * one or four) so may error out if |rollback_index_slot| exceeds
  627 + * this number.
  628 + */
  629 +AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
  630 + uint64_t rollback_index) {
  631 + AvbIOResult ret;
  632 +#ifdef CONFIG_IMX_TRUSTY_OS
  633 + if (trusty_write_rollback_index(rollback_index_slot, rollback_index)) {
  634 + ERR("write rollback from Trusty error!");
  635 + ret = AVB_IO_RESULT_ERROR_IO;
  636 + } else {
  637 + ret = AVB_IO_RESULT_OK;
  638 + }
  639 + return ret;
  640 +#else
  641 + kblb_hdr_t hdr;
  642 + kblb_tag_t *rbk;
  643 + uint64_t *plain_idx = NULL;
  644 + struct mmc *mmc_dev;
  645 +#ifdef CONFIG_AVB_ATX
  646 + static const uint32_t kTypeMask = 0xF000;
  647 + static const unsigned int kTypeShift = 12;
  648 +#endif
  649 +
  650 + DEBUGAVB("[rpmb] write to rollback slot: (%zu, %" PRIu64 ")\n",
  651 + rollback_index_slot, rollback_index);
  652 +
  653 + assert(ops != NULL);
  654 + /* check if the rollback index location exceed the limit */
  655 +#ifdef CONFIG_AVB_ATX
  656 + if ((rollback_index_slot & ~kTypeMask) >= AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS)
  657 +#else
  658 + if (rollback_index_slot >= AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS)
  659 +#endif /* CONFIG_AVB_ATX */
  660 + return AVB_IO_RESULT_ERROR_IO;
  661 +
  662 + if ((mmc_dev = get_mmc()) == NULL) {
  663 + ERR("err get mmc device\n");
  664 + return AVB_IO_RESULT_ERROR_IO;
  665 + }
  666 + /* read the kblb header */
  667 + if (rpmb_read(mmc_dev, (uint8_t *)&hdr, sizeof(hdr), 0) != 0) {
  668 + ERR("read RPMB error\n");
  669 + return AVB_IO_RESULT_ERROR_IO;
  670 + }
  671 +
  672 + if (memcmp(hdr.magic, AVB_KBLB_MAGIC, AVB_KBLB_MAGIC_LEN) != 0) {
  673 + ERR("magic not match\n");
  674 + return AVB_IO_RESULT_ERROR_IO;
  675 + }
  676 + /* choose rollback index type */
  677 +#ifdef CONFIG_AVB_ATX
  678 + if ((rollback_index_slot & kTypeMask) >> kTypeShift) {
  679 + /* rollback index for Android Things key versions */
  680 + rbk = &hdr.atx_rbk_tags[rollback_index_slot & ~kTypeMask];
  681 + } else {
  682 + /* rollback index for vbmeta */
  683 + rbk = &hdr.rbk_tags[rollback_index_slot & ~kTypeMask];
  684 + }
  685 +#else
  686 + rbk = &hdr.rbk_tags[rollback_index_slot];
  687 +#endif /* CONFIG_AVB_ATX */
  688 + plain_idx = malloc(rbk->len);
  689 + if (plain_idx == NULL)
  690 + return AVB_IO_RESULT_ERROR_OOM;
  691 + memset(plain_idx, 0, rbk->len);
  692 + *plain_idx = rollback_index;
  693 +
  694 + /* write rollback_index keyblob */
  695 + if (rpmb_write(mmc_dev, (uint8_t *)plain_idx, rbk->len, rbk->offset) !=
  696 + 0) {
  697 + ERR("write rollback index error\n");
  698 + ret = AVB_IO_RESULT_ERROR_IO;
  699 + goto fail;
  700 + }
  701 + ret = AVB_IO_RESULT_OK;
  702 +fail:
  703 + if (plain_idx != NULL)
  704 + free(plain_idx);
  705 + return ret;
  706 +#endif /* CONFIG_IMX_TRUSTY_OS */
  707 +}
  708 +
  709 +/* Gets the rollback index corresponding to the slot given by
  710 + * |rollback_index_slot|. The value is returned in
  711 + * |out_rollback_index|. Returns AVB_IO_RESULT_OK if the rollback
  712 + * index was retrieved, otherwise an error code.
  713 + *
  714 + * A device may have a limited amount of rollback index slots (say,
  715 + * one or four) so may error out if |rollback_index_slot| exceeds
  716 + * this number.
  717 + */
  718 +AvbIOResult fsl_read_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
  719 + uint64_t* out_rollback_index) {
  720 + AvbIOResult ret;
  721 +#ifdef CONFIG_IMX_TRUSTY_OS
  722 + if (trusty_read_rollback_index(rollback_index_slot, out_rollback_index)) {
  723 + ERR("read rollback from Trusty error!");
  724 + ret = AVB_IO_RESULT_ERROR_IO;
  725 + } else {
  726 + ret = AVB_IO_RESULT_OK;
  727 + }
  728 + return ret;
  729 +#else
  730 + kblb_hdr_t hdr;
  731 + kblb_tag_t *rbk;
  732 + uint64_t *extract_idx = NULL;
  733 + struct mmc *mmc_dev;
  734 +#ifdef CONFIG_AVB_ATX
  735 + static const uint32_t kTypeMask = 0xF000;
  736 + static const unsigned int kTypeShift = 12;
  737 +#endif
  738 +
  739 + assert(ops != NULL && out_rollback_index != NULL);
  740 + *out_rollback_index = ~0;
  741 +
  742 + DEBUGAVB("[rpmb] read rollback slot: %zu\n", rollback_index_slot);
  743 +
  744 + /* check if the rollback index location exceed the limit */
  745 +#ifdef CONFIG_AVB_ATX
  746 + if ((rollback_index_slot & ~kTypeMask) >= AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS)
  747 +#else
  748 + if (rollback_index_slot >= AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS)
  749 +#endif
  750 + return AVB_IO_RESULT_ERROR_IO;
  751 +
  752 + if ((mmc_dev = get_mmc()) == NULL) {
  753 + ERR("err get mmc device\n");
  754 + return AVB_IO_RESULT_ERROR_IO;
  755 + }
  756 + /* read the kblb header */
  757 + if (rpmb_read(mmc_dev, (uint8_t *)&hdr, sizeof(hdr), 0) != 0) {
  758 + ERR("read RPMB error\n");
  759 + return AVB_IO_RESULT_ERROR_IO;
  760 + }
  761 +
  762 + if (memcmp(hdr.magic, AVB_KBLB_MAGIC, AVB_KBLB_MAGIC_LEN) != 0) {
  763 + ERR("magic not match\n");
  764 + return AVB_IO_RESULT_ERROR_IO;
  765 + }
  766 + /* choose rollback index type */
  767 +#ifdef CONFIG_AVB_ATX
  768 + if ((rollback_index_slot & kTypeMask) >> kTypeShift) {
  769 + /* rollback index for Android Things key versions */
  770 + rbk = &hdr.atx_rbk_tags[rollback_index_slot & ~kTypeMask];
  771 + } else {
  772 + /* rollback index for vbmeta */
  773 + rbk = &hdr.rbk_tags[rollback_index_slot & ~kTypeMask];
  774 + }
  775 +#else
  776 + rbk = &hdr.rbk_tags[rollback_index_slot];
  777 +#endif /* CONFIG_AVB_ATX */
  778 + extract_idx = malloc(rbk->len);
  779 + if (extract_idx == NULL)
  780 + return AVB_IO_RESULT_ERROR_OOM;
  781 +
  782 + /* read rollback_index keyblob */
  783 + if (rpmb_read(mmc_dev, (uint8_t *)extract_idx, rbk->len, rbk->offset) != 0) {
  784 + ERR("read rollback index error\n");
  785 + ret = AVB_IO_RESULT_ERROR_IO;
  786 + goto fail;
  787 + }
  788 +
  789 +#ifdef AVB_VVDEBUG
  790 + printf("\n----idx dump: ---\n");
  791 + print_buffer(0, extract_idx, HEXDUMP_WIDTH, rbk->len, 0);
  792 + printf("--- end ---\n");
  793 +#endif
  794 + *out_rollback_index = *extract_idx;
  795 + DEBUGAVB("rollback_index = %" PRIu64 "\n", *out_rollback_index);
  796 + ret = AVB_IO_RESULT_OK;
  797 +fail:
  798 + if (extract_idx != NULL)
  799 + free(extract_idx);
  800 + return ret;
  801 +#endif /* CONFIG_IMX_TRUSTY_OS */
  802 +}
  803 +#else /* AVB_RPMB */
  804 +/*
  805 + * In no security enhanced ARM64, we cannot protect public key.
  806 + * So that we choose to trust the key from vbmeta image
  807 + */
  808 +AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops,
  809 + const uint8_t* public_key_data,
  810 + size_t public_key_length,
  811 + const uint8_t* public_key_metadata,
  812 + size_t public_key_metadata_length,
  813 + bool* out_is_trusted) {
  814 + *out_is_trusted = true;
  815 + return AVB_IO_RESULT_OK;
  816 +}
  817 +
  818 +/* In no security enhanced ARM64, rollback index has no protection so no use it */
  819 +AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
  820 + uint64_t rollback_index) {
  821 + return AVB_IO_RESULT_OK;
  822 +
  823 +}
  824 +AvbIOResult fsl_read_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
  825 + uint64_t* out_rollback_index) {
  826 + *out_rollback_index = 0;
  827 + return AVB_IO_RESULT_OK;
  828 +}
  829 +#endif /* AVB_RPMB */
lib/avb/fsl/fsl_avbkey.c
Diff comments   View file @ f39aa82
Changes suppressed. Click to show
... ... @@ -19,425 +19,36 @@
19 19 #include <trusty/libtipc.h>
20 20 #endif
21 21 #include "fsl_avbkey.h"
22   -#include "fsl_public_key.h"
23   -#include "fsl_atx_attributes.h"
24 22 #include "utils.h"
25 23 #include "debug.h"
26 24 #include <memalign.h>
27 25 #include "trusty/hwcrypto.h"
  26 +#include "fsl_atx_attributes.h"
28 27  
29 28 #define INITFLAG_FUSE_OFFSET 0
30 29 #define INITFLAG_FUSE_MASK 0x00000001
31 30 #define INITFLAG_FUSE 0x00000001
32 31  
33 32 #define RPMB_BLKSZ 256
34   -#define RPMBKEY_FUSE_OFFSET 1
35 33 #define RPMBKEY_LENGTH 32
36   -#define RPMBKEY_FUSE_LEN ((RPMBKEY_LENGTH) + (CAAM_PAD))
37   -#define RPMBKEY_FUSE_LENW (RPMBKEY_FUSE_LEN / 4)
38 34 #define RPMBKEY_BLOB_LEN ((RPMBKEY_LENGTH) + (CAAM_PAD))
39 35  
40   -#ifdef CONFIG_AVB_ATX
41   -#define ATX_FUSE_BANK_NUM 4
42   -#define ATX_FUSE_BANK_MASK 0xFFFF
43   -#define ATX_HASH_LENGTH 14
44   -#endif
  36 +extern int mmc_switch(struct mmc *mmc, u8 set, u8 index, u8 value);
45 37  
46   -#define RESULT_ERROR -1
47   -#define RESULT_OK 0
  38 +#ifdef AVB_RPMB
  39 +static int mmc_dev_no = -1;
48 40  
49   -#ifndef CONFIG_SPL_BUILD
50   -#if defined(CONFIG_AVB_ATX)
51   -static int fsl_fuse_ops(uint32_t *buffer, uint32_t length, uint32_t offset,
52   - const uint8_t read) {
53   -
54   - unsigned short bs, ws, bksz, cnt;
55   - unsigned short num_done = 0;
56   - margin_pos_t margin;
57   - int i;
58   -
59   - /* read from fuse */
60   - bksz = CONFIG_AVB_FUSE_BANK_SIZEW;
61   - if(get_margin_pos(CONFIG_AVB_FUSE_BANK_START, CONFIG_AVB_FUSE_BANK_END, bksz,
62   - &margin, offset, length, false))
63   - return -1;
64   - bs = (unsigned short)margin.blk_start;
65   - ws = (unsigned short)margin.start;
66   -
67   - while (num_done < length) {
68   - cnt = bksz - ws;
69   - if (num_done + cnt > length)
70   - cnt = length - num_done;
71   - for (i = 0; i < cnt; i++) {
72   - VDEBUG("cur: bank=%d, word=%d\n",bs, ws);
73   - if (read) {
74   - if (fuse_sense(bs, ws, buffer)) {
75   - ERR("read fuse bank %d, word %d error\n", bs, ws);
76   - return -1;
77   - }
78   - } else {
79   -#ifdef CONFIG_AVB_FUSE
80   - if (fuse_prog(bs, ws, *buffer)) {
81   -#else
82   - if (fuse_override(bs, ws, *buffer)) {
83   -#endif
84   - ERR("write fuse bank %d, word %d error\n", bs, ws);
85   - return -1;
86   - }
87   - }
88   - ws++;
89   - buffer++;
90   - }
91   - bs++;
92   - num_done += cnt;
93   - ws = 0;
94   - }
95   - return 0;
  41 +struct mmc *get_mmc(void) {
  42 + extern int mmc_get_env_devno(void);
  43 + struct mmc *mmc;
  44 + if (mmc_dev_no < 0 && (mmc_dev_no = mmc_get_env_dev()) < 0)
  45 + return NULL;
  46 + mmc = find_mmc_device(mmc_dev_no);
  47 + if (!mmc || mmc_init(mmc))
  48 + return NULL;
  49 + return mmc;
96 50 }
97 51  
98   -static int fsl_fuse_read(uint32_t *buffer, uint32_t length, uint32_t offset) {
99   -
100   - return fsl_fuse_ops(
101   - buffer,
102   - length,
103   - offset,
104   - 1
105   - );
106   -}
107   -
108   -static int fsl_fuse_write(const uint32_t *buffer, uint32_t length, uint32_t offset) {
109   -
110   - return fsl_fuse_ops(
111   - (uint32_t *)buffer,
112   - length,
113   - offset,
114   - 0
115   - );
116   -}
117   -#endif /* defined(CONFIG_AVB_ATX) && !defined(CONFIG_ARM64) */
118   -
119   -#if defined(CONFIG_AVB_ATX)
120   -static int sha256(unsigned char* data, int len, unsigned char* output) {
121   - struct hash_algo *algo;
122   - void *buf;
123   -
124   - if (hash_lookup_algo("sha256", &algo)) {
125   - printf("error in lookup sha256 algo!\n");
126   - return RESULT_ERROR;
127   - }
128   - buf = map_sysmem((ulong)data, len);
129   - algo->hash_func_ws(buf, len, output, algo->chunk_size);
130   - unmap_sysmem(buf);
131   -
132   - return algo->digest_size;
133   -}
134   -
135   -static int permanent_attributes_sha256_hash(unsigned char* output) {
136   - AvbAtxPermanentAttributes attributes;
137   -
138   -#ifdef CONFIG_IMX_TRUSTY_OS
139   - if(!trusty_read_permanent_attributes((uint8_t *)(&attributes),
140   - sizeof(AvbAtxPermanentAttributes))) {
141   - goto calc_sha256;
142   - } else {
143   - ERR("No perm-attr fused. Will use hard code one.\n");
144   - }
145   -#endif
146   - /* get permanent attributes */
147   - attributes.version = fsl_version;
148   - memcpy(attributes.product_root_public_key, fsl_product_root_public_key,
149   - sizeof(fsl_product_root_public_key));
150   - memcpy(attributes.product_id, fsl_atx_product_id,
151   - sizeof(fsl_atx_product_id));
152   -#ifdef CONFIG_IMX_TRUSTY_OS
153   -calc_sha256:
154   -#endif
155   - /* calculate sha256(permanent attributes) hash */
156   - if (sha256((unsigned char *)&attributes, sizeof(AvbAtxPermanentAttributes),
157   - output) == RESULT_ERROR) {
158   - printf("ERROR - calculate permanent attributes hash error");
159   - return RESULT_ERROR;
160   - }
161   -
162   - return RESULT_OK;
163   -}
164   -
165   -static int init_permanent_attributes_fuse(void) {
166   -
167   -#ifdef CONFIG_ARM64
168   - return RESULT_OK;
169   -#else
170   - uint8_t sha256_hash[AVB_SHA256_DIGEST_SIZE];
171   - uint32_t buffer[ATX_FUSE_BANK_NUM];
172   - int num = 0;
173   -
174   - /* read first 112 bits of sha256(permanent attributes) from fuse */
175   - if (fsl_fuse_read(buffer, ATX_FUSE_BANK_NUM, PERMANENT_ATTRIBUTE_HASH_OFFSET)) {
176   - printf("ERROR - read permanent attributes hash from fuse error\n");
177   - return RESULT_ERROR;
178   - }
179   - /* only take the lower 2 bytes of the last bank */
180   - buffer[ATX_FUSE_BANK_NUM - 1] &= ATX_FUSE_BANK_MASK;
181   -
182   - /* return RESULT_OK if fuse has been initialized before */
183   - for (num = 0; num < ATX_FUSE_BANK_NUM; num++) {
184   - if (buffer[num])
185   - return RESULT_OK;
186   - }
187   -
188   - /* calculate sha256(permanent attributes) */
189   - if (permanent_attributes_sha256_hash(sha256_hash) != RESULT_OK) {
190   - printf("ERROR - calculating permanent attributes SHA256 error!\n");
191   - return RESULT_ERROR;
192   - }
193   -
194   - /* write first 112 bits of sha256(permanent attributes) into fuse */
195   - memset(buffer, 0, sizeof(buffer));
196   - memcpy(buffer, sha256_hash, ATX_HASH_LENGTH);
197   - if (fsl_fuse_write(buffer, ATX_FUSE_BANK_NUM, PERMANENT_ATTRIBUTE_HASH_OFFSET)) {
198   - printf("ERROR - write permanent attributes hash to fuse error\n");
199   - return RESULT_ERROR;
200   - }
201   -
202   - return RESULT_OK;
203   -#endif /* CONFIG_ARM64 */
204   -}
205   -#endif
206   -
207   -#ifdef CONFIG_AVB_ATX
208   -int avb_atx_fuse_perm_attr(uint8_t *staged_buffer, uint32_t size) {
209   -
210   - if (staged_buffer == NULL) {
211   - ERR("Error. Get null staged_buffer\n");
212   - return -1;
213   - }
214   - if (size != sizeof(AvbAtxPermanentAttributes)) {
215   - ERR("Error. expect perm_attr length %u, but get %u.\n",
216   - (uint32_t)sizeof(AvbAtxPermanentAttributes), size);
217   - return -1;
218   - }
219   -#ifdef CONFIG_IMX_TRUSTY_OS
220   - if (trusty_write_permanent_attributes(staged_buffer, size)) {
221   - ERR("Error. Failed to write permanent attributes into secure storage\n");
222   - return -1;
223   - }
224   - else
225   - return init_permanent_attributes_fuse();
226   -#else
227   - /*
228   - * TODO:
229   - * Need to handle this when no Trusty OS support.
230   - * But now every Android Things will have Trusty OS support.
231   - */
232   - ERR("No Trusty OS enabled in bootloader.\n");
233   - return 0;
234   -#endif
235   -}
236   -
237   -int avb_atx_get_unlock_challenge(struct AvbAtxOps* atx_ops,
238   - uint8_t *upload_buffer, uint32_t *upload_size)
239   -{
240   - struct AvbAtxUnlockChallenge *buf = NULL;
241   - int ret, size;
242   -
243   - size = sizeof(struct AvbAtxUnlockChallenge);
244   - buf = (struct AvbAtxUnlockChallenge *)malloc(size);
245   - if (buf == NULL) {
246   - ERR("unable to alloc memory!\n");
247   - return -1;
248   - }
249   -
250   - if (avb_atx_generate_unlock_challenge(atx_ops, buf) !=
251   - AVB_IO_RESULT_OK) {
252   - ERR("generate unlock challenge fail!\n");
253   - ret = -1;
254   - goto fail;
255   - }
256   - /* Current avbtool only accept 16 bytes random numbers as unlock
257   - * challenge, need to return the whole 'AvbAtxUnlockChallenge'
258   - * when avbtool is ready.
259   - */
260   - memcpy(upload_buffer, buf->challenge, AVB_ATX_UNLOCK_CHALLENGE_SIZE);
261   - *upload_size = AVB_ATX_UNLOCK_CHALLENGE_SIZE;
262   - ret = 0;
263   -fail:
264   - if (buf != NULL)
265   - free(buf);
266   - return ret;
267   -}
268   -
269   -int avb_atx_verify_unlock_credential(struct AvbAtxOps* atx_ops,
270   - uint8_t *staged_buffer)
271   -{
272   - bool out_is_trusted;
273   - AvbIOResult ret;
274   - const AvbAtxUnlockCredential* buf = NULL;
275   -
276   - buf = (const AvbAtxUnlockCredential*)staged_buffer;
277   - ret = avb_atx_validate_unlock_credential(atx_ops, buf, &out_is_trusted);
278   - if ((ret != AVB_IO_RESULT_OK) || (out_is_trusted != true)) {
279   - ERR("validate unlock credential fail!\n");
280   - return -1;
281   - } else
282   - return 0;
283   -}
284   -
285   -bool perm_attr_are_fused(void)
286   -{
287   -#ifdef CONFIG_IMX_TRUSTY_OS
288   - AvbAtxPermanentAttributes attributes;
289   - if(!trusty_read_permanent_attributes((uint8_t *)(&attributes),
290   - sizeof(AvbAtxPermanentAttributes))) {
291   - return true;
292   - } else {
293   - ERR("No perm-attr fused, please fuse your perm-attr first!.\n");
294   - return false;
295   - }
296   -#else
297   - /* We hard code the perm-attr if trusty is not enabled. */
298   - return true;
299   -#endif
300   -}
301   -
302   -bool at_unlock_vboot_is_disabled(void)
303   -{
304   - uint32_t unlock_vboot_status;
305   -
306   - if (fsl_fuse_read(&unlock_vboot_status, 1,
307   - UNLOCK_VBOOT_STATUS_OFFSET_IN_WORD)) {
308   - printf("Read at unlock vboot status error!\n");
309   - return false;
310   - }
311   -
312   - if (unlock_vboot_status & (1 << UNLOCK_VBOOT_STATUS_OFFSET_IN_BIT))
313   - return true;
314   - else
315   - return false;
316   -}
317   -
318   -int at_disable_vboot_unlock(void)
319   -{
320   - uint32_t unlock_vboot_status = 0;
321   -
322   - /* Read the status first */
323   - if (fsl_fuse_read(&unlock_vboot_status, 1,
324   - UNLOCK_VBOOT_STATUS_OFFSET_IN_WORD)) {
325   - ERR("Read unlock vboot status error!\n");
326   - return -1;
327   - }
328   -
329   - /* Set the disable unlock vboot bit */
330   - unlock_vboot_status |= (1 << UNLOCK_VBOOT_STATUS_OFFSET_IN_BIT);
331   -
332   - /* Write disable unlock vboot bit to fuse */
333   - if (fsl_fuse_write(&unlock_vboot_status, 1,
334   - UNLOCK_VBOOT_STATUS_OFFSET_IN_WORD)) {
335   - ERR("Write unlock vboot status fail!\n");
336   - return -1;
337   - }
338   -
339   - return 0;
340   -}
341   -/* Reads permanent |attributes| data. There are no restrictions on where this
342   - * data is stored. On success, returns AVB_IO_RESULT_OK and populates
343   - * |attributes|.
344   - */
345   -AvbIOResult fsl_read_permanent_attributes(
346   - AvbAtxOps* atx_ops, AvbAtxPermanentAttributes* attributes) {
347   -#ifdef CONFIG_IMX_TRUSTY_OS
348   - if (!trusty_read_permanent_attributes((uint8_t *)attributes,
349   - sizeof(AvbAtxPermanentAttributes))) {
350   - return AVB_IO_RESULT_OK;
351   - }
352   - ERR("No perm-attr fused. Will use hard code one.\n");
353   -#endif /* CONFIG_IMX_TRUSTY_OS */
354   -
355   - /* use hard code permanent attributes due to limited fuse and RPMB */
356   - attributes->version = fsl_version;
357   - memcpy(attributes->product_root_public_key, fsl_product_root_public_key,
358   - sizeof(fsl_product_root_public_key));
359   - memcpy(attributes->product_id, fsl_atx_product_id,
360   - sizeof(fsl_atx_product_id));
361   -
362   - return AVB_IO_RESULT_OK;
363   -}
364   -
365   -/* Reads a |hash| of permanent attributes. This hash MUST be retrieved from a
366   - * permanently read-only location (e.g. fuses) when a device is LOCKED. On
367   - * success, returned AVB_IO_RESULT_OK and populates |hash|.
368   - */
369   -AvbIOResult fsl_read_permanent_attributes_hash(
370   - AvbAtxOps* atx_ops, uint8_t hash[AVB_SHA256_DIGEST_SIZE]) {
371   -#ifdef CONFIG_ARM64
372   - /* calculate sha256(permanent attributes) */
373   - if (permanent_attributes_sha256_hash(hash) != RESULT_OK) {
374   - return AVB_IO_RESULT_ERROR_IO;
375   - } else {
376   - return AVB_IO_RESULT_OK;
377   - }
378   -#else
379   - uint8_t sha256_hash_buf[AVB_SHA256_DIGEST_SIZE];
380   - uint32_t sha256_hash_fuse[ATX_FUSE_BANK_NUM];
381   -
382   - /* read first 112 bits of sha256(permanent attributes) from fuse */
383   - if (fsl_fuse_read(sha256_hash_fuse, ATX_FUSE_BANK_NUM,
384   - PERMANENT_ATTRIBUTE_HASH_OFFSET)) {
385   - printf("ERROR - read permanent attributes hash from "
386   - "fuse error\n");
387   - return AVB_IO_RESULT_ERROR_IO;
388   - }
389   - /* only take the lower 2 bytes of last bank */
390   - sha256_hash_fuse[ATX_FUSE_BANK_NUM - 1] &= ATX_FUSE_BANK_MASK;
391   -
392   - /* calculate sha256(permanent attributes) */
393   - if (permanent_attributes_sha256_hash(sha256_hash_buf) != RESULT_OK) {
394   - return AVB_IO_RESULT_ERROR_IO;
395   - }
396   - /* check if the sha256(permanent attributes) hash match the calculated one,
397   - * if not match, just return all zeros hash.
398   - */
399   - if (memcmp(sha256_hash_fuse, sha256_hash_buf, ATX_HASH_LENGTH)) {
400   - printf("ERROR - sha256(permanent attributes) does not match\n");
401   - memset(hash, 0, AVB_SHA256_DIGEST_SIZE);
402   - } else {
403   - memcpy(hash, sha256_hash_buf, AVB_SHA256_DIGEST_SIZE);
404   - }
405   -
406   - return AVB_IO_RESULT_OK;
407   -#endif /* CONFIG_ARM64 */
408   -}
409   -
410   - /* Generates |num_bytes| random bytes and stores them in |output|,
411   - * which must point to a buffer large enough to store the bytes.
412   - *
413   - * Returns AVB_IO_RESULT_OK on success, otherwise an error code.
414   - */
415   -AvbIOResult fsl_get_random(AvbAtxOps* atx_ops,
416   - size_t num_bytes,
417   - uint8_t* output)
418   -{
419   - uint32_t num = 0;
420   - uint32_t i;
421   -
422   - if (output == NULL) {
423   - ERR("Output buffer is NULL!\n");
424   - return AVB_IO_RESULT_ERROR_INSUFFICIENT_SPACE;
425   - }
426   -
427   - /* set the seed as device boot time. */
428   - srand((uint32_t)get_timer(0));
429   - for (i = 0; i < num_bytes; i++) {
430   - num = rand() % 256;
431   - output[i] = (uint8_t)num;
432   - }
433   -
434   - return AVB_IO_RESULT_OK;
435   -}
436   -
437   -#endif /* CONFIG_AVB_ATX */
438   -#endif /* CONFIG_SPL_BUILD */
439   -
440   -#if defined(AVB_RPMB) || defined(CONFIG_IMX_TRUSTY_OS)
441 52 void fill_secure_keyslot_package(struct keyslot_package *kp) {
442 53  
443 54 memcpy((void*)CAAM_ARB_BASE_ADDR, kp, sizeof(struct keyslot_package));
444 55  
445 56  
446 57  
447 58  
448 59  
449 60  
450 61  
451 62  
... ... @@ -521,61 +132,211 @@
521 132 #endif
522 133 return ret;
523 134 }
524   -#endif /* (AVB_RPMB) || defined(CONFIG_IMX_TRUSTY_OS) */
525 135  
526   -#ifndef AVB_RPMB
527   -/* ARM64 won't avbkey and rollback index in this stage directly. */
528   -int avbkey_init(uint8_t *plainkey, uint32_t keylen) {
529   - return 0;
530   -}
  136 +#ifdef CONFIG_FSL_CAAM_KB
  137 +int rpmb_read(struct mmc *mmc, uint8_t *buffer, size_t num_bytes, int64_t offset) {
531 138  
532   -int rbkidx_erase(void) {
533   - return 0;
534   -}
  139 + unsigned char *bdata = NULL;
  140 + unsigned char *out_buf = (unsigned char *)buffer;
  141 + unsigned long s, cnt;
  142 + unsigned long blksz;
  143 + size_t num_read = 0;
  144 + unsigned short part_start, part_length, part_end, bs, be;
  145 + margin_pos_t margin;
  146 + char original_part;
  147 + uint8_t *blob = NULL;
  148 + struct blk_desc *desc = mmc_get_blk_desc(mmc);
  149 + ALLOC_CACHE_ALIGN_BUFFER(uint8_t, extract_key, RPMBKEY_LENGTH);
535 150  
536   -/*
537   - * In no security enhanced ARM64, we cannot protect public key.
538   - * So that we choose to trust the key from vbmeta image
539   - */
540   -AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops,
541   - const uint8_t* public_key_data,
542   - size_t public_key_length,
543   - const uint8_t* public_key_metadata,
544   - size_t public_key_metadata_length,
545   - bool* out_is_trusted) {
546   - *out_is_trusted = true;
547   - return AVB_IO_RESULT_OK;
548   -}
  151 + struct keyslot_package kp;
  152 + int ret;
549 153  
550   -/* In no security enhanced ARM64, rollback index has no protection so no use it */
551   -AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
552   - uint64_t rollback_index) {
553   - return AVB_IO_RESULT_OK;
  154 + blksz = RPMB_BLKSZ;
  155 + part_length = mmc->capacity_rpmb >> 8;
  156 + part_start = 0;
  157 + part_end = part_start + part_length - 1;
554 158  
555   -}
556   -AvbIOResult fsl_read_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
557   - uint64_t* out_rollback_index) {
558   - *out_rollback_index = 0;
559   - return AVB_IO_RESULT_OK;
560   -}
561   -#else /* AVB_RPMB */
562   -static int mmc_dev_no = -1;
  159 + DEBUGAVB("[rpmb]: offset=%ld, num_bytes=%zu\n", (long)offset, num_bytes);
563 160  
564   -struct mmc *get_mmc(void) {
565   - extern int mmc_get_env_devno(void);
566   - struct mmc *mmc;
567   - if (mmc_dev_no < 0 && (mmc_dev_no = mmc_get_env_dev()) < 0)
568   - return NULL;
569   - mmc = find_mmc_device(mmc_dev_no);
570   - if (!mmc || mmc_init(mmc))
571   - return NULL;
572   - return mmc;
  161 + if(get_margin_pos(part_start, part_end, blksz,
  162 + &margin, offset, num_bytes, false))
  163 + return -1;
  164 +
  165 + bs = (unsigned short)margin.blk_start;
  166 + be = (unsigned short)margin.blk_end;
  167 + s = margin.start;
  168 +
  169 + /* Switch to the RPMB partition */
  170 + original_part = desc->hwpart;
  171 + if (desc->hwpart != MMC_PART_RPMB) {
  172 + if (mmc_switch_part(mmc, MMC_PART_RPMB) != 0)
  173 + return -1;
  174 + desc->hwpart = MMC_PART_RPMB;
  175 + }
  176 +
  177 + /* get rpmb key */
  178 + blob = (uint8_t *)memalign(ARCH_DMA_MINALIGN, RPMBKEY_BLOB_LEN);
  179 + if (read_keyslot_package(&kp)) {
  180 + ERR("read rpmb key error\n");
  181 + ret = -1;
  182 + goto fail;
  183 + }
  184 + /* copy rpmb key to blob */
  185 + memcpy(blob, kp.rpmb_keyblob, RPMBKEY_BLOB_LEN);
  186 + caam_open();
  187 + if (caam_decap_blob((ulong)extract_key, (ulong)blob,
  188 + RPMBKEY_LENGTH)) {
  189 + ERR("decap rpmb key error\n");
  190 + ret = -1;
  191 + goto fail;
  192 + }
  193 +
  194 + /* alloc a blksz mem */
  195 + bdata = (unsigned char *)memalign(ALIGN_BYTES, blksz);
  196 + if (bdata == NULL) {
  197 + ret = -1;
  198 + goto fail;
  199 + }
  200 + /* one block a time */
  201 + while (bs <= be) {
  202 + memset(bdata, 0, blksz);
  203 + if (mmc_rpmb_read(mmc, bdata, bs, 1, extract_key) != 1) {
  204 + ret = -1;
  205 + goto fail;
  206 + }
  207 + cnt = blksz - s;
  208 + if (num_read + cnt > num_bytes)
  209 + cnt = num_bytes - num_read;
  210 + VDEBUG("cur: bs=%d, start=%ld, cnt=%ld bdata=0x%p\n",
  211 + bs, s, cnt, bdata);
  212 + memcpy(out_buf, bdata + s, cnt);
  213 + bs++;
  214 + num_read += cnt;
  215 + out_buf += cnt;
  216 + s = 0;
  217 + }
  218 + ret = 0;
  219 +
  220 +fail:
  221 + /* Return to original partition */
  222 + if (desc->hwpart != original_part) {
  223 + if (mmc_switch_part(mmc, original_part) != 0)
  224 + return -1;
  225 + desc->hwpart = original_part;
  226 + }
  227 + if (blob != NULL)
  228 + free(blob);
  229 + if (bdata != NULL)
  230 + free(bdata);
  231 + return ret;
  232 +
573 233 }
574 234  
575   -int rpmb_read(struct mmc *mmc, uint8_t *buffer, size_t num_bytes, int64_t offset);
576   -int rpmb_write(struct mmc *mmc, uint8_t *buffer, size_t num_bytes, int64_t offset);
  235 +int rpmb_write(struct mmc *mmc, uint8_t *buffer, size_t num_bytes, int64_t offset) {
577 236  
578   -#if !defined(CONFIG_IMX_TRUSTY_OS) || defined(CONFIG_SPL_BUILD)
  237 + unsigned char *bdata = NULL;
  238 + unsigned char *in_buf = (unsigned char *)buffer;
  239 + unsigned long s, cnt;
  240 + unsigned long blksz;
  241 + size_t num_write = 0;
  242 + unsigned short part_start, part_length, part_end, bs;
  243 + margin_pos_t margin;
  244 + char original_part;
  245 + uint8_t *blob = NULL;
  246 + struct blk_desc *desc = mmc_get_blk_desc(mmc);
  247 + ALLOC_CACHE_ALIGN_BUFFER(uint8_t, extract_key, RPMBKEY_LENGTH);
  248 +
  249 + struct keyslot_package kp;
  250 + int ret;
  251 +
  252 + blksz = RPMB_BLKSZ;
  253 + part_length = mmc->capacity_rpmb >> 8;
  254 + part_start = 0;
  255 + part_end = part_start + part_length - 1;
  256 +
  257 + DEBUGAVB("[rpmb]: offset=%ld, num_bytes=%zu\n", (long)offset, num_bytes);
  258 +
  259 + if(get_margin_pos(part_start, part_end, blksz,
  260 + &margin, offset, num_bytes, false)) {
  261 + ERR("get_margin_pos err\n");
  262 + return -1;
  263 + }
  264 +
  265 + bs = (unsigned short)margin.blk_start;
  266 + s = margin.start;
  267 +
  268 + /* Switch to the RPMB partition */
  269 + original_part = desc->hwpart;
  270 + if (desc->hwpart != MMC_PART_RPMB) {
  271 + if (mmc_switch_part(mmc, MMC_PART_RPMB) != 0)
  272 + return -1;
  273 + desc->hwpart = MMC_PART_RPMB;
  274 + }
  275 +
  276 + /* get rpmb key */
  277 + blob = (uint8_t *)memalign(ARCH_DMA_MINALIGN, RPMBKEY_BLOB_LEN);
  278 + if (read_keyslot_package(&kp)) {
  279 + ERR("read rpmb key error\n");
  280 + ret = -1;
  281 + goto fail;
  282 + }
  283 + /* copy rpmb key to blob */
  284 + memcpy(blob, kp.rpmb_keyblob, RPMBKEY_BLOB_LEN);
  285 + caam_open();
  286 + if (caam_decap_blob((ulong)extract_key, (ulong)blob,
  287 + RPMBKEY_LENGTH)) {
  288 + ERR("decap rpmb key error\n");
  289 + ret = -1;
  290 + goto fail;
  291 + }
  292 + /* alloc a blksz mem */
  293 + bdata = (unsigned char *)memalign(ALIGN_BYTES, blksz);
  294 + if (bdata == NULL) {
  295 + ret = -1;
  296 + goto fail;
  297 + }
  298 + while (num_write < num_bytes) {
  299 + memset(bdata, 0, blksz);
  300 + cnt = blksz - s;
  301 + if (num_write + cnt > num_bytes)
  302 + cnt = num_bytes - num_write;
  303 + if (!s || cnt != blksz) { /* read blk first */
  304 + if (mmc_rpmb_read(mmc, bdata, bs, 1, extract_key) != 1) {
  305 + ERR("mmc_rpmb_read err, mmc= 0x%08x\n", (uint32_t)(ulong)mmc);
  306 + ret = -1;
  307 + goto fail;
  308 + }
  309 + }
  310 + memcpy(bdata + s, in_buf, cnt); /* change data */
  311 + VDEBUG("cur: bs=%d, start=%ld, cnt=%ld\n", bs, s, cnt);
  312 + if (mmc_rpmb_write(mmc, bdata, bs, 1, extract_key) != 1) {
  313 + ret = -1;
  314 + goto fail;
  315 + }
  316 + bs++;
  317 + num_write += cnt;
  318 + in_buf += cnt;
  319 + if (s != 0)
  320 + s = 0;
  321 + }
  322 + ret = 0;
  323 +
  324 +fail:
  325 + /* Return to original partition */
  326 + if (desc->hwpart != original_part) {
  327 + if (mmc_switch_part(mmc, original_part) != 0)
  328 + return -1;
  329 + desc->hwpart = original_part;
  330 + }
  331 + if (blob != NULL)
  332 + free(blob);
  333 + if (bdata != NULL)
  334 + free(bdata);
  335 +
  336 + return ret;
  337 +
  338 +}
  339 +
579 340 int rpmb_init(void) {
580 341 #if !defined(CONFIG_SPL_BUILD) || !defined(CONFIG_DUAL_BOOTLOADER)
581 342 int i;
582 343  
... ... @@ -692,9 +453,7 @@
692 453  
693 454 return 0;
694 455 }
695   -#endif /* !CONFIG_IMX_TRUSTY_OS || CONFIG_SPL_BUILD */
696 456  
697   -#if defined(CONFIG_SPL_BUILD) || !defined(CONFIG_ARM64)
698 457 int gen_rpmb_key(struct keyslot_package *kp) {
699 458 char original_part;
700 459 unsigned char* fill = NULL;
701 460  
702 461  
... ... @@ -715,9 +474,13 @@
715 474 printf("boota: cannot find '%d' mmc device\n", mmcc);
716 475 return -1;
717 476 }
  477 +#ifndef CONFIG_BLK
718 478 original_part = mmc->block_dev.hwpart;
719   -
720 479 dev_desc = blk_get_dev("mmc", mmcc);
  480 +#else
  481 + dev_desc = mmc_get_blk_desc(mmc);
  482 + original_part = dev_desc->hwpart;
  483 +#endif
721 484 if (NULL == dev_desc) {
722 485 printf("** Block device MMC %d not supported\n", mmcc);
723 486 goto fail;
724 487  
725 488  
... ... @@ -766,11 +529,19 @@
766 529 }
767 530  
768 531 /* program key to mmc */
  532 +#ifndef CONFIG_BLK
769 533 if (mmc->block_dev.hwpart != MMC_PART_RPMB) {
770 534 if (mmc_switch_part(mmc, MMC_PART_RPMB) != 0)
771   - goto fail;
  535 + return -1;
772 536 mmc->block_dev.hwpart = MMC_PART_RPMB;
773 537 }
  538 +#else
  539 + if (dev_desc->hwpart != MMC_PART_RPMB) {
  540 + if (mmc_switch_part(mmc, MMC_PART_RPMB) != 0)
  541 + return -1;
  542 + dev_desc->hwpart = MMC_PART_RPMB;
  543 + }
  544 +#endif
774 545 if (mmc_rpmb_set_key(mmc, plain_key)) {
775 546 ERR("Key already programmed ?\n");
776 547 goto fail;
777 548  
778 549  
779 550  
780 551  
781 552  
782 553  
... ... @@ -783,236 +554,22 @@
783 554 free(fill);
784 555  
785 556 /* Return to original partition */
  557 +#ifndef CONFIG_BLK
786 558 if (mmc->block_dev.hwpart != original_part) {
787 559 if (mmc_switch_part(mmc, original_part) != 0)
788 560 return -1;
789 561 mmc->block_dev.hwpart = original_part;
790 562 }
791   - return ret;
792   -
793   -}
794   -
795   -int rpmb_read(struct mmc *mmc, uint8_t *buffer, size_t num_bytes, int64_t offset) {
796   -
797   - unsigned char *bdata = NULL;
798   - unsigned char *out_buf = (unsigned char *)buffer;
799   - unsigned long s, cnt;
800   - unsigned long blksz;
801   - size_t num_read = 0;
802   - unsigned short part_start, part_length, part_end, bs, be;
803   - margin_pos_t margin;
804   - char original_part;
805   - uint8_t *blob = NULL;
806   - struct blk_desc *desc = mmc_get_blk_desc(mmc);
807   - ALLOC_CACHE_ALIGN_BUFFER(uint8_t, extract_key, RPMBKEY_LENGTH);
808   -
809   -#ifdef AVB_RPMB
810   - struct keyslot_package kp;
811   -#endif
812   -
813   - int ret;
814   -
815   - blksz = RPMB_BLKSZ;
816   - part_length = mmc->capacity_rpmb >> 8;
817   - part_start = 0;
818   - part_end = part_start + part_length - 1;
819   -
820   - DEBUGAVB("[rpmb]: offset=%ld, num_bytes=%zu\n", (long)offset, num_bytes);
821   -
822   - if(get_margin_pos(part_start, part_end, blksz,
823   - &margin, offset, num_bytes, false))
824   - return -1;
825   -
826   - bs = (unsigned short)margin.blk_start;
827   - be = (unsigned short)margin.blk_end;
828   - s = margin.start;
829   -
830   - /* Switch to the RPMB partition */
831   - original_part = desc->hwpart;
832   - if (desc->hwpart != MMC_PART_RPMB) {
833   - if (mmc_switch_part(mmc, MMC_PART_RPMB) != 0)
834   - return -1;
835   - desc->hwpart = MMC_PART_RPMB;
836   - }
837   -
838   - /* get rpmb key */
839   - blob = (uint8_t *)memalign(ARCH_DMA_MINALIGN, RPMBKEY_BLOB_LEN);
840   -#ifdef AVB_RPMB
841   - if (read_keyslot_package(&kp)) {
842 563 #else
843   - if (fsl_fuse_read((uint32_t *)blob, RPMBKEY_FUSE_LENW, RPMBKEY_FUSE_OFFSET)){
844   -#endif
845   - ERR("read rpmb key error\n");
846   - ret = -1;
847   - goto fail;
848   - }
849   - /* copy rpmb key to blob */
850   -#ifdef AVB_RPMB
851   - memcpy(blob, kp.rpmb_keyblob, RPMBKEY_BLOB_LEN);
852   -#endif
853   - caam_open();
854   - if (caam_decap_blob((ulong)extract_key, (ulong)blob,
855   - RPMBKEY_LENGTH)) {
856   - ERR("decap rpmb key error\n");
857   - ret = -1;
858   - goto fail;
859   - }
860   -
861   - /* alloc a blksz mem */
862   - bdata = (unsigned char *)memalign(ALIGN_BYTES, blksz);
863   - if (bdata == NULL) {
864   - ret = -1;
865   - goto fail;
866   - }
867   - /* one block a time */
868   - while (bs <= be) {
869   - memset(bdata, 0, blksz);
870   - if (mmc_rpmb_read(mmc, bdata, bs, 1, extract_key) != 1) {
871   - ret = -1;
872   - goto fail;
873   - }
874   - cnt = blksz - s;
875   - if (num_read + cnt > num_bytes)
876   - cnt = num_bytes - num_read;
877   - VDEBUG("cur: bs=%d, start=%ld, cnt=%ld bdata=0x%p\n",
878   - bs, s, cnt, bdata);
879   - memcpy(out_buf, bdata + s, cnt);
880   - bs++;
881   - num_read += cnt;
882   - out_buf += cnt;
883   - s = 0;
884   - }
885   - ret = 0;
886   -
887   -fail:
888   - /* Return to original partition */
889   - if (desc->hwpart != original_part) {
  564 + if (dev_desc->hwpart != original_part) {
890 565 if (mmc_switch_part(mmc, original_part) != 0)
891 566 return -1;
892   - desc->hwpart = original_part;
  567 + dev_desc->hwpart = original_part;
893 568 }
894   - if (blob != NULL)
895   - free(blob);
896   - if (bdata != NULL)
897   - free(bdata);
898   - return ret;
899   -
900   -}
901   -int rpmb_write(struct mmc *mmc, uint8_t *buffer, size_t num_bytes, int64_t offset) {
902   -
903   - unsigned char *bdata = NULL;
904   - unsigned char *in_buf = (unsigned char *)buffer;
905   - unsigned long s, cnt;
906   - unsigned long blksz;
907   - size_t num_write = 0;
908   - unsigned short part_start, part_length, part_end, bs;
909   - margin_pos_t margin;
910   - char original_part;
911   - uint8_t *blob = NULL;
912   - struct blk_desc *desc = mmc_get_blk_desc(mmc);
913   - ALLOC_CACHE_ALIGN_BUFFER(uint8_t, extract_key, RPMBKEY_LENGTH);
914   -
915   -#ifdef AVB_RPMB
916   - struct keyslot_package kp;
917 569 #endif
918   -
919   - int ret;
920   -
921   - blksz = RPMB_BLKSZ;
922   - part_length = mmc->capacity_rpmb >> 8;
923   - part_start = 0;
924   - part_end = part_start + part_length - 1;
925   -
926   - DEBUGAVB("[rpmb]: offset=%ld, num_bytes=%zu\n", (long)offset, num_bytes);
927   -
928   - if(get_margin_pos(part_start, part_end, blksz,
929   - &margin, offset, num_bytes, false)) {
930   - ERR("get_margin_pos err\n");
931   - return -1;
932   - }
933   -
934   - bs = (unsigned short)margin.blk_start;
935   - s = margin.start;
936   -
937   - /* Switch to the RPMB partition */
938   - original_part = desc->hwpart;
939   - if (desc->hwpart != MMC_PART_RPMB) {
940   - if (mmc_switch_part(mmc, MMC_PART_RPMB) != 0)
941   - return -1;
942   - desc->hwpart = MMC_PART_RPMB;
943   - }
944   -
945   - /* get rpmb key */
946   - blob = (uint8_t *)memalign(ARCH_DMA_MINALIGN, RPMBKEY_BLOB_LEN);
947   -#ifdef AVB_RPMB
948   - if (read_keyslot_package(&kp)) {
949   -#else
950   - if (fsl_fuse_read((uint32_t *)blob, RPMBKEY_FUSE_LENW, RPMBKEY_FUSE_OFFSET)){
951   -#endif
952   - ERR("read rpmb key error\n");
953   - ret = -1;
954   - goto fail;
955   - }
956   - /* copy rpmb key to blob */
957   -#ifdef AVB_RPMB
958   - memcpy(blob, kp.rpmb_keyblob, RPMBKEY_BLOB_LEN);
959   -#endif
960   - caam_open();
961   - if (caam_decap_blob((ulong)extract_key, (ulong)blob,
962   - RPMBKEY_LENGTH)) {
963   - ERR("decap rpmb key error\n");
964   - ret = -1;
965   - goto fail;
966   - }
967   - /* alloc a blksz mem */
968   - bdata = (unsigned char *)memalign(ALIGN_BYTES, blksz);
969   - if (bdata == NULL) {
970   - ret = -1;
971   - goto fail;
972   - }
973   - while (num_write < num_bytes) {
974   - memset(bdata, 0, blksz);
975   - cnt = blksz - s;
976   - if (num_write + cnt > num_bytes)
977   - cnt = num_bytes - num_write;
978   - if (!s || cnt != blksz) { /* read blk first */
979   - if (mmc_rpmb_read(mmc, bdata, bs, 1, extract_key) != 1) {
980   - ERR("mmc_rpmb_read err, mmc= 0x%08x\n", (uint32_t)(ulong)mmc);
981   - ret = -1;
982   - goto fail;
983   - }
984   - }
985   - memcpy(bdata + s, in_buf, cnt); /* change data */
986   - VDEBUG("cur: bs=%d, start=%ld, cnt=%ld\n", bs, s, cnt);
987   - if (mmc_rpmb_write(mmc, bdata, bs, 1, extract_key) != 1) {
988   - ret = -1;
989   - goto fail;
990   - }
991   - bs++;
992   - num_write += cnt;
993   - in_buf += cnt;
994   - if (s != 0)
995   - s = 0;
996   - }
997   - ret = 0;
998   -
999   -fail:
1000   - /* Return to original partition */
1001   - if (desc->hwpart != original_part) {
1002   - if (mmc_switch_part(mmc, original_part) != 0)
1003   - return -1;
1004   - desc->hwpart = original_part;
1005   - }
1006   - if (blob != NULL)
1007   - free(blob);
1008   - if (bdata != NULL)
1009   - free(bdata);
1010   -
1011 570 return ret;
1012 571  
1013 572 }
1014   -#endif /* CONFIG_SPL_BUILD || !CONFIG_ARM64 */
1015   -//#ifndef CONFIG_SPL_BUILD
1016 573  
1017 574 int init_avbkey(void) {
1018 575 #ifndef CONFIG_ARM64
... ... @@ -1035,90 +592,7 @@
1035 592 return RESULT_OK;
1036 593 }
1037 594  
1038   -#ifndef CONFIG_SPL_BUILD
1039   -#ifndef CONFIG_ARM64
1040   -static int rpmb_key(struct mmc *mmc) {
1041   - char original_part;
1042   - int ret = 0;
1043   - struct blk_desc *desc = mmc_get_blk_desc(mmc);
1044   - ALLOC_CACHE_ALIGN_BUFFER(uint8_t, blob, RPMBKEY_FUSE_LEN);
1045   - ALLOC_CACHE_ALIGN_BUFFER(uint8_t, plain_key, RPMBKEY_LENGTH);
1046   -
1047   - DEBUGAVB("[rpmb]: set kley\n");
1048   -
1049   - /* Switch to the RPMB partition */
1050   - original_part = desc->hwpart;
1051   - if (desc->hwpart != MMC_PART_RPMB) {
1052   - if (mmc_switch_part(mmc, MMC_PART_RPMB) != 0) {
1053   - ERR("failed to switch part!\n");
1054   - return -1;
1055   - }
1056   - desc->hwpart = MMC_PART_RPMB;
1057   - }
1058   -
1059   - /* use caam hwrng to generate */
1060   - caam_open();
1061   - if (caam_hwrng(plain_key, RPMBKEY_LENGTH)) {
1062   - ERR("ERROR - caam rng\n");
1063   - ret = -1;
1064   - goto fail;
1065   - }
1066   -
1067   - /* generate keyblob and program to fuse */
1068   - if (caam_gen_blob((ulong)plain_key, (ulong)blob,
1069   - RPMBKEY_LENGTH)) {
1070   - ERR("gen rpmb key blb error\n");
1071   - ret = -1;
1072   - goto fail;
1073   - }
1074   -
1075   - if (fsl_fuse_write((uint32_t *)blob, RPMBKEY_FUSE_LENW, RPMBKEY_FUSE_OFFSET)){
1076   - ERR("write rpmb key to fuse error\n");
1077   - ret = -1;
1078   - goto fail;
1079   - }
1080   -
1081   -#ifdef CONFIG_AVB_FUSE
1082   - /* program key to mmc */
1083   - if (mmc_rpmb_set_key(mmc, plain_key)) {
1084   - ERR("Key already programmed ?\n");
1085   - ret = -1;
1086   - goto fail;
1087   - }
1088   -#endif
1089   -
1090   -#ifdef CONFIG_AVB_DEBUG
1091   - /* debug */
1092   - ALLOC_CACHE_ALIGN_BUFFER(uint8_t, ext_key, RPMBKEY_LENGTH);
1093   - printf(" RPMB plain kay---\n");
1094   - print_buffer(0, plain_key, HEXDUMP_WIDTH, RPMBKEY_LENGTH, 0);
1095   - if (fsl_fuse_read((uint32_t *)blob, RPMBKEY_FUSE_LENW, RPMBKEY_FUSE_OFFSET)){
1096   - ERR("read rpmb key to fuse error\n");
1097   - ret = -1;
1098   - goto fail;
1099   - }
1100   - printf(" RPMB blob---\n");
1101   - print_buffer(0, blob, HEXDUMP_WIDTH, RPMBKEY_FUSE_LEN, 0);
1102   - if (caam_decap_blob((uint32_t)ext_key, (uint32_t)blob, RPMBKEY_LENGTH)) {
1103   - ret = -1;
1104   - goto fail;
1105   - }
1106   - printf(" RPMB extract---\n");
1107   - print_buffer(0, ext_key, HEXDUMP_WIDTH, RPMBKEY_LENGTH, 0);
1108   - /* debug done */
1109   -#endif
1110   -
1111   -fail:
1112   - /* Return to original partition */
1113   - if (desc->hwpart != original_part) {
1114   - if (mmc_switch_part(mmc, original_part) != 0)
1115   - return -1;
1116   - desc->hwpart = original_part;
1117   - }
1118   - return ret;
1119   -
1120   -}
1121   -
  595 +#ifndef CONFIG_IMX_TRUSTY_OS
1122 596 int rbkidx_erase(void) {
1123 597 int i;
1124 598 kblb_hdr_t hdr;
1125 599  
1126 600  
1127 601  
1128 602  
1129 603  
1130 604  
1131 605  
1132 606  
1133 607  
1134 608  
1135 609  
1136 610  
1137 611  
1138 612  
1139 613  
1140 614  
1141 615  
1142 616  
1143 617  
1144 618  
1145 619  
1146 620  
1147 621  
1148 622  
1149 623  
1150 624  
1151 625  
1152 626  
1153 627  
1154 628  
1155 629  
1156 630  
1157 631  
1158 632  
1159 633  
1160 634  
1161 635  
1162 636  
1163 637  
1164 638  
1165 639  
1166 640  
1167 641  
1168 642  
1169 643  
1170 644  
1171 645  
1172 646  
1173 647  
1174 648  
1175 649  
1176 650  
1177 651  
1178 652  
1179 653  
1180 654  
1181 655  
1182 656  
1183 657  
1184 658  
1185 659  
1186 660  
1187 661  
1188 662  
... ... @@ -1169,407 +643,347 @@
1169 643 }
1170 644 return 0;
1171 645 }
  646 +#endif /* CONFIG_FSL_CAAM_KB */
  647 +#endif /* CONFIG_IMX_TRUSTY_OS */
  648 +#else /* AVB_RPMB */
  649 +int rbkidx_erase(void) {
  650 + return 0;
  651 +}
  652 +#endif /* AVB_RPMB */
1172 653  
1173   -int avbkey_init(uint8_t *plainkey, uint32_t keylen) {
1174   - int i;
1175   - kblb_hdr_t hdr;
1176   - kblb_tag_t *tag;
1177   - struct mmc *mmc_dev;
1178   - uint32_t init_flag;
  654 +#ifdef CONFIG_SPL_BUILD
  655 +#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
  656 +int check_rpmb_blob(struct mmc *mmc)
  657 +{
  658 + int ret = 0;
  659 + char original_part;
  660 + struct keyslot_package kp;
1179 661  
1180   - /* int ret; */
1181   -
1182   - assert(plainkey != NULL);
1183   -
1184   - /* check overflow */
1185   - if (keylen > AVB_RBIDX_START - AVB_PUBKY_OFFSET) {
1186   - ERR("key len overflow\n");
1187   - return -1;
  662 + read_keyslot_package(&kp);
  663 + if (strcmp(kp.magic, KEYPACK_MAGIC)) {
  664 + printf("keyslot package magic error, do nothing here!\n");
  665 + return 0;
1188 666 }
  667 + /* If keyslot package valid, copy it to secure memory */
  668 + fill_secure_keyslot_package(&kp);
1189 669  
1190   - /* check init status */
1191   - if (fsl_fuse_read(&init_flag, 1, INITFLAG_FUSE_OFFSET)) {
1192   - ERR("ERROR - read fuse init flag error\n");
1193   - return -1;
  670 + /* switch to boot1 partition. */
  671 + original_part = mmc->block_dev.hwpart;
  672 + if (mmc_switch_part(mmc, KEYSLOT_HWPARTITION_ID) != 0) {
  673 + printf("ERROR - can't switch to boot1 partition! \n");
  674 + ret = -1;
  675 + goto fail;
  676 + } else
  677 + mmc->block_dev.hwpart = KEYSLOT_HWPARTITION_ID;
  678 + /* write power-on write protection for boot1 partition. */
  679 + if (mmc_switch(mmc, EXT_CSD_CMD_SET_NORMAL,
  680 + EXT_CSD_BOOT_WP, BOOT1_PWR_WP)) {
  681 + printf("ERROR - unable to set power-on write protection!\n");
  682 + ret = -1;
  683 + goto fail;
1194 684 }
1195   - if ((init_flag & INITFLAG_FUSE_MASK) == INITFLAG_FUSE) {
1196   - ERR("ERROR - already inited\n");
1197   - return -1;
  685 +fail:
  686 + /* return to original partition. */
  687 + if (mmc->block_dev.hwpart != original_part) {
  688 + if (mmc_switch_part(mmc, original_part) != 0)
  689 + return -1;
  690 + mmc->block_dev.hwpart = original_part;
1198 691 }
1199   - init_flag = INITFLAG_FUSE & INITFLAG_FUSE_MASK;
1200 692  
1201   - /* generate and write key to mmc/fuse */
1202   - if ((mmc_dev = get_mmc()) == NULL) {
1203   - ERR("ERROR - get mmc device\n");
1204   - return -1;
1205   - }
1206   - if (rpmb_key(mmc_dev)) {
1207   - ERR("ERROR - write mmc rpmb key\n");
1208   - return -1;
1209   - }
  693 + return ret;
  694 +}
  695 +#endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */
  696 +#else /* CONFIG_SPL_BUILD */
  697 +#ifdef CONFIG_AVB_ATX
  698 +static int fsl_fuse_ops(uint32_t *buffer, uint32_t length, uint32_t offset,
  699 + const uint8_t read) {
1210 700  
1211   - if (fsl_fuse_write(&init_flag, 1, INITFLAG_FUSE_OFFSET)){
1212   - ERR("write fuse init error\n");
1213   - return -1;
1214   - }
  701 + unsigned short bs, ws, bksz, cnt;
  702 + unsigned short num_done = 0;
  703 + margin_pos_t margin;
  704 + int i;
1215 705  
1216   - /* init pubkey */
1217   - tag = &hdr.pubk_tag;
1218   - tag->flag = AVB_PUBKY_FLAG;
1219   - tag->offset = AVB_PUBKY_OFFSET;
1220   - tag->len = keylen;
1221   -
1222   - if (rpmb_write(mmc_dev, plainkey, tag->len, tag->offset) != 0) {
1223   - ERR("write RPMB error\n");
  706 + /* read from fuse */
  707 + bksz = CONFIG_AVB_FUSE_BANK_SIZEW;
  708 + if(get_margin_pos(CONFIG_AVB_FUSE_BANK_START, CONFIG_AVB_FUSE_BANK_END, bksz,
  709 + &margin, offset, length, false))
1224 710 return -1;
1225   - }
  711 + bs = (unsigned short)margin.blk_start;
  712 + ws = (unsigned short)margin.start;
1226 713  
1227   - /* init rollback index */
1228   - uint32_t offset = AVB_RBIDX_START;
1229   - uint32_t rbidx_len = AVB_RBIDX_LEN;
1230   - uint8_t *rbidx = malloc(rbidx_len);
1231   - if (rbidx == NULL)
1232   - return -1;
1233   - memset(rbidx, 0, rbidx_len);
1234   - *(uint64_t *)rbidx = AVB_RBIDX_INITVAL;
1235   - for (i = 0; i < AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS; i++) {
1236   - tag = &hdr.rbk_tags[i];
1237   - tag->flag = AVB_RBIDX_FLAG;
1238   - tag->offset = offset;
1239   - tag->len = rbidx_len;
1240   - if (rpmb_write(mmc_dev, rbidx, tag->len, tag->offset) != 0) {
1241   - ERR("write RBKIDX RPMB error\n");
1242   - free(rbidx);
1243   - return -1;
  714 + while (num_done < length) {
  715 + cnt = bksz - ws;
  716 + if (num_done + cnt > length)
  717 + cnt = length - num_done;
  718 + for (i = 0; i < cnt; i++) {
  719 + VDEBUG("cur: bank=%d, word=%d\n",bs, ws);
  720 + if (read) {
  721 + if (fuse_sense(bs, ws, buffer)) {
  722 + ERR("read fuse bank %d, word %d error\n", bs, ws);
  723 + return -1;
  724 + }
  725 + } else {
  726 +#ifdef CONFIG_AVB_FUSE
  727 + if (fuse_prog(bs, ws, *buffer)) {
  728 +#else
  729 + if (fuse_override(bs, ws, *buffer)) {
  730 +#endif
  731 + ERR("write fuse bank %d, word %d error\n", bs, ws);
  732 + return -1;
  733 + }
  734 + }
  735 + ws++;
  736 + buffer++;
1244 737 }
1245   - offset += AVB_RBIDX_ALIGN;
  738 + bs++;
  739 + num_done += cnt;
  740 + ws = 0;
1246 741 }
1247   - free(rbidx);
  742 + return 0;
  743 +}
1248 744  
1249   - /* init hdr */
1250   - memcpy(hdr.magic, AVB_KBLB_MAGIC, AVB_KBLB_MAGIC_LEN);
1251   - if (rpmb_write(mmc_dev, (uint8_t *)&hdr, sizeof(hdr), 0) != 0) {
1252   - ERR("write RPMB hdr error\n");
1253   - return -1;
1254   - }
  745 +int fsl_fuse_read(uint32_t *buffer, uint32_t length, uint32_t offset) {
1255 746  
1256   - return 0;
  747 + return fsl_fuse_ops(
  748 + buffer,
  749 + length,
  750 + offset,
  751 + 1
  752 + );
1257 753 }
1258   -#endif /* CONFIG_ARM64 */
1259 754  
1260   -/* Checks if the given public key used to sign the 'vbmeta'
1261   - * partition is trusted. Boot loaders typically compare this with
1262   - * embedded key material generated with 'avbtool
1263   - * extract_public_key'.
1264   - *
1265   - * If AVB_IO_RESULT_OK is returned then |out_is_trusted| is set -
1266   - * true if trusted or false if untrusted.
1267   - */
1268   -AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops,
1269   - const uint8_t* public_key_data,
1270   - size_t public_key_length,
1271   - const uint8_t* public_key_metadata,
1272   - size_t public_key_metadata_length,
1273   - bool* out_is_trusted) {
1274   - AvbIOResult ret;
1275   - assert(ops != NULL && out_is_trusted != NULL);
1276   - *out_is_trusted = false;
  755 +int fsl_fuse_write(const uint32_t *buffer, uint32_t length, uint32_t offset) {
1277 756  
1278   - /* match given public key */
1279   - if (memcmp(fsl_public_key, public_key_data, public_key_length)) {
1280   - ret = AVB_IO_RESULT_ERROR_IO;
1281   - ERR("public key not match\n");
1282   - return AVB_IO_RESULT_ERROR_IO;
1283   - }
  757 + return fsl_fuse_ops(
  758 + (uint32_t *)buffer,
  759 + length,
  760 + offset,
  761 + 0
  762 + );
  763 +}
1284 764  
1285   - *out_is_trusted = true;
1286   - ret = AVB_IO_RESULT_OK;
  765 +static int sha256(unsigned char* data, int len, unsigned char* output) {
  766 + struct hash_algo *algo;
  767 + void *buf;
1287 768  
1288   - return ret;
  769 + if (hash_lookup_algo("sha256", &algo)) {
  770 + printf("error in lookup sha256 algo!\n");
  771 + return RESULT_ERROR;
  772 + }
  773 + buf = map_sysmem((ulong)data, len);
  774 + algo->hash_func_ws(buf, len, output, algo->chunk_size);
  775 + unmap_sysmem(buf);
  776 +
  777 + return algo->digest_size;
1289 778 }
1290 779  
1291   -/* Gets the rollback index corresponding to the slot given by
1292   - * |rollback_index_slot|. The value is returned in
1293   - * |out_rollback_index|. Returns AVB_IO_RESULT_OK if the rollback
1294   - * index was retrieved, otherwise an error code.
1295   - *
1296   - * A device may have a limited amount of rollback index slots (say,
1297   - * one or four) so may error out if |rollback_index_slot| exceeds
1298   - * this number.
1299   - */
1300   -AvbIOResult fsl_read_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
1301   - uint64_t* out_rollback_index) {
1302   - AvbIOResult ret;
  780 +int permanent_attributes_sha256_hash(unsigned char* output) {
  781 + AvbAtxPermanentAttributes attributes;
  782 +
1303 783 #ifdef CONFIG_IMX_TRUSTY_OS
1304   - if (trusty_read_rollback_index(rollback_index_slot, out_rollback_index)) {
1305   - ERR("read rollback from Trusty error!");
1306   - ret = AVB_IO_RESULT_ERROR_IO;
  784 + if(!trusty_read_permanent_attributes((uint8_t *)(&attributes),
  785 + sizeof(AvbAtxPermanentAttributes))) {
  786 + goto calc_sha256;
1307 787 } else {
1308   - ret = AVB_IO_RESULT_OK;
  788 + ERR("No perm-attr fused. Will use hard code one.\n");
1309 789 }
1310   - return ret;
1311   -#else
1312   - kblb_hdr_t hdr;
1313   - kblb_tag_t *rbk;
1314   - uint64_t *extract_idx = NULL;
1315   - struct mmc *mmc_dev;
1316   -#ifdef CONFIG_AVB_ATX
1317   - static const uint32_t kTypeMask = 0xF000;
1318   - static const unsigned int kTypeShift = 12;
1319 790 #endif
  791 + /* get permanent attributes */
  792 + attributes.version = fsl_version;
  793 + memcpy(attributes.product_root_public_key, fsl_product_root_public_key,
  794 + sizeof(fsl_product_root_public_key));
  795 + memcpy(attributes.product_id, fsl_atx_product_id,
  796 + sizeof(fsl_atx_product_id));
  797 +#ifdef CONFIG_IMX_TRUSTY_OS
  798 +calc_sha256:
  799 +#endif
  800 + /* calculate sha256(permanent attributes) hash */
  801 + if (sha256((unsigned char *)&attributes, sizeof(AvbAtxPermanentAttributes),
  802 + output) == RESULT_ERROR) {
  803 + printf("ERROR - calculate permanent attributes hash error");
  804 + return RESULT_ERROR;
  805 + }
1320 806  
1321   - assert(ops != NULL && out_rollback_index != NULL);
1322   - *out_rollback_index = ~0;
  807 + return RESULT_OK;
  808 +}
1323 809  
1324   - DEBUGAVB("[rpmb] read rollback slot: %zu\n", rollback_index_slot);
  810 +static int init_permanent_attributes_fuse(void) {
1325 811  
1326   - /* check if the rollback index location exceed the limit */
1327   -#ifdef CONFIG_AVB_ATX
1328   - if ((rollback_index_slot & ~kTypeMask) >= AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS)
  812 +#ifdef CONFIG_ARM64
  813 + return RESULT_OK;
1329 814 #else
1330   - if (rollback_index_slot >= AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS)
1331   -#endif
1332   - return AVB_IO_RESULT_ERROR_IO;
  815 + uint8_t sha256_hash[AVB_SHA256_DIGEST_SIZE];
  816 + uint32_t buffer[ATX_FUSE_BANK_NUM];
  817 + int num = 0;
1333 818  
1334   - if ((mmc_dev = get_mmc()) == NULL) {
1335   - ERR("err get mmc device\n");
1336   - return AVB_IO_RESULT_ERROR_IO;
  819 + /* read first 112 bits of sha256(permanent attributes) from fuse */
  820 + if (fsl_fuse_read(buffer, ATX_FUSE_BANK_NUM, PERMANENT_ATTRIBUTE_HASH_OFFSET)) {
  821 + printf("ERROR - read permanent attributes hash from fuse error\n");
  822 + return RESULT_ERROR;
1337 823 }
1338   - /* read the kblb header */
1339   - if (rpmb_read(mmc_dev, (uint8_t *)&hdr, sizeof(hdr), 0) != 0) {
1340   - ERR("read RPMB error\n");
1341   - return AVB_IO_RESULT_ERROR_IO;
  824 + /* only take the lower 2 bytes of the last bank */
  825 + buffer[ATX_FUSE_BANK_NUM - 1] &= ATX_FUSE_BANK_MASK;
  826 +
  827 + /* return RESULT_OK if fuse has been initialized before */
  828 + for (num = 0; num < ATX_FUSE_BANK_NUM; num++) {
  829 + if (buffer[num])
  830 + return RESULT_OK;
1342 831 }
1343 832  
1344   - if (memcmp(hdr.magic, AVB_KBLB_MAGIC, AVB_KBLB_MAGIC_LEN) != 0) {
1345   - ERR("magic not match\n");
1346   - return AVB_IO_RESULT_ERROR_IO;
  833 + /* calculate sha256(permanent attributes) */
  834 + if (permanent_attributes_sha256_hash(sha256_hash) != RESULT_OK) {
  835 + printf("ERROR - calculating permanent attributes SHA256 error!\n");
  836 + return RESULT_ERROR;
1347 837 }
1348   - /* choose rollback index type */
1349   -#ifdef CONFIG_AVB_ATX
1350   - if ((rollback_index_slot & kTypeMask) >> kTypeShift) {
1351   - /* rollback index for Android Things key versions */
1352   - rbk = &hdr.atx_rbk_tags[rollback_index_slot & ~kTypeMask];
1353   - } else {
1354   - /* rollback index for vbmeta */
1355   - rbk = &hdr.rbk_tags[rollback_index_slot & ~kTypeMask];
1356   - }
1357   -#else
1358   - rbk = &hdr.rbk_tags[rollback_index_slot];
1359   -#endif /* CONFIG_AVB_ATX */
1360   - extract_idx = malloc(rbk->len);
1361   - if (extract_idx == NULL)
1362   - return AVB_IO_RESULT_ERROR_OOM;
1363 838  
1364   - /* read rollback_index keyblob */
1365   - if (rpmb_read(mmc_dev, (uint8_t *)extract_idx, rbk->len, rbk->offset) != 0) {
1366   - ERR("read rollback index error\n");
1367   - ret = AVB_IO_RESULT_ERROR_IO;
1368   - goto fail;
  839 + /* write first 112 bits of sha256(permanent attributes) into fuse */
  840 + memset(buffer, 0, sizeof(buffer));
  841 + memcpy(buffer, sha256_hash, ATX_HASH_LENGTH);
  842 + if (fsl_fuse_write(buffer, ATX_FUSE_BANK_NUM, PERMANENT_ATTRIBUTE_HASH_OFFSET)) {
  843 + printf("ERROR - write permanent attributes hash to fuse error\n");
  844 + return RESULT_ERROR;
1369 845 }
1370 846  
1371   -#ifdef AVB_VVDEBUG
1372   - printf("\n----idx dump: ---\n");
1373   - print_buffer(0, extract_idx, HEXDUMP_WIDTH, rbk->len, 0);
1374   - printf("--- end ---\n");
1375   -#endif
1376   - *out_rollback_index = *extract_idx;
1377   - DEBUGAVB("rollback_index = %" PRIu64 "\n", *out_rollback_index);
1378   - ret = AVB_IO_RESULT_OK;
1379   -fail:
1380   - if (extract_idx != NULL)
1381   - free(extract_idx);
1382   - return ret;
1383   -#endif /* CONFIG_IMX_TRUSTY_OS */
  847 + return RESULT_OK;
  848 +#endif /* CONFIG_ARM64 */
1384 849 }
1385 850  
1386   -/* Sets the rollback index corresponding to the slot given by
1387   - * |rollback_index_slot| to |rollback_index|. Returns
1388   - * AVB_IO_RESULT_OK if the rollback index was set, otherwise an
1389   - * error code.
1390   - *
1391   - * A device may have a limited amount of rollback index slots (say,
1392   - * one or four) so may error out if |rollback_index_slot| exceeds
1393   - * this number.
1394   - */
1395   -AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
1396   - uint64_t rollback_index) {
1397   - AvbIOResult ret;
  851 +int avb_atx_fuse_perm_attr(uint8_t *staged_buffer, uint32_t size) {
  852 +
  853 + if (staged_buffer == NULL) {
  854 + ERR("Error. Get null staged_buffer\n");
  855 + return -1;
  856 + }
  857 + if (size != sizeof(AvbAtxPermanentAttributes)) {
  858 + ERR("Error. expect perm_attr length %u, but get %u.\n",
  859 + (uint32_t)sizeof(AvbAtxPermanentAttributes), size);
  860 + return -1;
  861 + }
1398 862 #ifdef CONFIG_IMX_TRUSTY_OS
1399   - if (trusty_write_rollback_index(rollback_index_slot, rollback_index)) {
1400   - ERR("write rollback from Trusty error!");
1401   - ret = AVB_IO_RESULT_ERROR_IO;
1402   - } else {
1403   - ret = AVB_IO_RESULT_OK;
  863 + if (trusty_write_permanent_attributes(staged_buffer, size)) {
  864 + ERR("Error. Failed to write permanent attributes into secure storage\n");
  865 + return -1;
1404 866 }
1405   - return ret;
  867 + else
  868 + return init_permanent_attributes_fuse();
1406 869 #else
1407   - kblb_hdr_t hdr;
1408   - kblb_tag_t *rbk;
1409   - uint64_t *plain_idx = NULL;
1410   - struct mmc *mmc_dev;
1411   -#ifdef CONFIG_AVB_ATX
1412   - static const uint32_t kTypeMask = 0xF000;
1413   - static const unsigned int kTypeShift = 12;
  870 + /*
  871 + * TODO:
  872 + * Need to handle this when no Trusty OS support.
  873 + * But now every Android Things will have Trusty OS support.
  874 + */
  875 + ERR("No Trusty OS enabled in bootloader.\n");
  876 + return 0;
1414 877 #endif
  878 +}
1415 879  
1416   - DEBUGAVB("[rpmb] write to rollback slot: (%zu, %" PRIu64 ")\n",
1417   - rollback_index_slot, rollback_index);
  880 +int avb_atx_get_unlock_challenge(struct AvbAtxOps* atx_ops,
  881 + uint8_t *upload_buffer, uint32_t *upload_size)
  882 +{
  883 + struct AvbAtxUnlockChallenge *buf = NULL;
  884 + int ret, size;
1418 885  
1419   - assert(ops != NULL);
1420   - /* check if the rollback index location exceed the limit */
1421   -#ifdef CONFIG_AVB_ATX
1422   - if ((rollback_index_slot & ~kTypeMask) >= AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS)
1423   -#else
1424   - if (rollback_index_slot >= AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS)
1425   -#endif /* CONFIG_AVB_ATX */
1426   - return AVB_IO_RESULT_ERROR_IO;
1427   -
1428   - if ((mmc_dev = get_mmc()) == NULL) {
1429   - ERR("err get mmc device\n");
1430   - return AVB_IO_RESULT_ERROR_IO;
  886 + size = sizeof(struct AvbAtxUnlockChallenge);
  887 + buf = (struct AvbAtxUnlockChallenge *)malloc(size);
  888 + if (buf == NULL) {
  889 + ERR("unable to alloc memory!\n");
  890 + return -1;
1431 891 }
1432   - /* read the kblb header */
1433   - if (rpmb_read(mmc_dev, (uint8_t *)&hdr, sizeof(hdr), 0) != 0) {
1434   - ERR("read RPMB error\n");
1435   - return AVB_IO_RESULT_ERROR_IO;
1436   - }
1437 892  
1438   - if (memcmp(hdr.magic, AVB_KBLB_MAGIC, AVB_KBLB_MAGIC_LEN) != 0) {
1439   - ERR("magic not match\n");
1440   - return AVB_IO_RESULT_ERROR_IO;
1441   - }
1442   - /* choose rollback index type */
1443   -#ifdef CONFIG_AVB_ATX
1444   - if ((rollback_index_slot & kTypeMask) >> kTypeShift) {
1445   - /* rollback index for Android Things key versions */
1446   - rbk = &hdr.atx_rbk_tags[rollback_index_slot & ~kTypeMask];
1447   - } else {
1448   - /* rollback index for vbmeta */
1449   - rbk = &hdr.rbk_tags[rollback_index_slot & ~kTypeMask];
1450   - }
1451   -#else
1452   - rbk = &hdr.rbk_tags[rollback_index_slot];
1453   -#endif /* CONFIG_AVB_ATX */
1454   - plain_idx = malloc(rbk->len);
1455   - if (plain_idx == NULL)
1456   - return AVB_IO_RESULT_ERROR_OOM;
1457   - memset(plain_idx, 0, rbk->len);
1458   - *plain_idx = rollback_index;
1459   -
1460   - /* write rollback_index keyblob */
1461   - if (rpmb_write(mmc_dev, (uint8_t *)plain_idx, rbk->len, rbk->offset) !=
1462   - 0) {
1463   - ERR("write rollback index error\n");
1464   - ret = AVB_IO_RESULT_ERROR_IO;
  893 + if (avb_atx_generate_unlock_challenge(atx_ops, buf) !=
  894 + AVB_IO_RESULT_OK) {
  895 + ERR("generate unlock challenge fail!\n");
  896 + ret = -1;
1465 897 goto fail;
1466 898 }
1467   - ret = AVB_IO_RESULT_OK;
  899 + /* Current avbtool only accept 16 bytes random numbers as unlock
  900 + * challenge, need to return the whole 'AvbAtxUnlockChallenge'
  901 + * when avbtool is ready.
  902 + */
  903 + memcpy(upload_buffer, buf->challenge, AVB_ATX_UNLOCK_CHALLENGE_SIZE);
  904 + *upload_size = AVB_ATX_UNLOCK_CHALLENGE_SIZE;
  905 + ret = 0;
1468 906 fail:
1469   - if (plain_idx != NULL)
1470   - free(plain_idx);
  907 + if (buf != NULL)
  908 + free(buf);
1471 909 return ret;
1472   -#endif /* CONFIG_IMX_TRUSTY_OS */
1473 910 }
1474   -#endif /* CONFIG_SPL_BUILD */
1475   -#endif /* AVB_RPMB */
1476 911  
1477   -#if defined(AVB_RPMB) && defined(CONFIG_AVB_ATX) && !defined(CONFIG_SPL_BUILD)
1478   -/* Provides the key version of a key used during verification. This may be
1479   - * useful for managing the minimum key version.
1480   - */
1481   -void fsl_set_key_version(AvbAtxOps* atx_ops,
1482   - size_t rollback_index_location,
1483   - uint64_t key_version) {
1484   - kblb_hdr_t hdr;
1485   - kblb_tag_t *rbk;
1486   - uint64_t *plain_idx = NULL;
1487   - struct mmc *mmc_dev;
1488   - static const uint32_t kTypeMask = 0xF000;
  912 +int avb_atx_verify_unlock_credential(struct AvbAtxOps* atx_ops,
  913 + uint8_t *staged_buffer)
  914 +{
  915 + bool out_is_trusted;
  916 + AvbIOResult ret;
  917 + const AvbAtxUnlockCredential* buf = NULL;
1489 918  
1490   - DEBUGAVB("[rpmb] write to rollback slot: (%zu, %" PRIu64 ")\n",
1491   - rollback_index_location, key_version);
  919 + buf = (const AvbAtxUnlockCredential*)staged_buffer;
  920 + ret = avb_atx_validate_unlock_credential(atx_ops, buf, &out_is_trusted);
  921 + if ((ret != AVB_IO_RESULT_OK) || (out_is_trusted != true)) {
  922 + ERR("validate unlock credential fail!\n");
  923 + return -1;
  924 + } else
  925 + return 0;
  926 +}
1492 927  
1493   - assert(atx_ops != NULL);
1494   -
1495   - if ((mmc_dev = get_mmc()) == NULL) {
1496   - ERR("err get mmc device\n");
  928 +bool perm_attr_are_fused(void)
  929 +{
  930 +#ifdef CONFIG_IMX_TRUSTY_OS
  931 + AvbAtxPermanentAttributes attributes;
  932 + if(!trusty_read_permanent_attributes((uint8_t *)(&attributes),
  933 + sizeof(AvbAtxPermanentAttributes))) {
  934 + return true;
  935 + } else {
  936 + ERR("No perm-attr fused, please fuse your perm-attr first!.\n");
  937 + return false;
1497 938 }
1498   - /* read the kblb header */
1499   - if (rpmb_read(mmc_dev, (uint8_t *)&hdr, sizeof(hdr), 0) != 0) {
1500   - ERR("read RPMB error\n");
1501   - }
  939 +#else
  940 + /* We hard code the perm-attr if trusty is not enabled. */
  941 + return true;
  942 +#endif
  943 +}
1502 944  
1503   - if (memcmp(hdr.magic, AVB_KBLB_MAGIC, AVB_KBLB_MAGIC_LEN) != 0) {
1504   - ERR("magic not match\n");
1505   - }
  945 +bool at_unlock_vboot_is_disabled(void)
  946 +{
  947 + uint32_t unlock_vboot_status;
1506 948  
1507   - /* rollback index for Android Things key versions */
1508   - rbk = &hdr.atx_rbk_tags[rollback_index_location & ~kTypeMask];
1509   -
1510   - plain_idx = malloc(rbk->len);
1511   - if (plain_idx == NULL)
1512   - printf("\nError! allocate memory fail!\n");
1513   - memset(plain_idx, 0, rbk->len);
1514   - *plain_idx = key_version;
1515   -
1516   - /* write rollback_index keyblob */
1517   - if (rpmb_write(mmc_dev, (uint8_t *)plain_idx, rbk->len, rbk->offset) !=
1518   - 0) {
1519   - ERR("write rollback index error\n");
1520   - goto fail;
  949 + if (fsl_fuse_read(&unlock_vboot_status, 1,
  950 + UNLOCK_VBOOT_STATUS_OFFSET_IN_WORD)) {
  951 + printf("Read at unlock vboot status error!\n");
  952 + return false;
1521 953 }
1522   -fail:
1523   - if (plain_idx != NULL)
1524   - free(plain_idx);
  954 +
  955 + if (unlock_vboot_status & (1 << UNLOCK_VBOOT_STATUS_OFFSET_IN_BIT))
  956 + return true;
  957 + else
  958 + return false;
1525 959 }
1526   -#endif /* AVB_RPMB && CONFIG_AVB_ATX */
1527 960  
1528   -#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
1529   -
1530   -extern int mmc_switch(struct mmc *mmc, u8 set, u8 index, u8 value);
1531   -
1532   -#ifdef CONFIG_SPL_BUILD
1533   -int check_rpmb_blob(struct mmc *mmc)
  961 +int at_disable_vboot_unlock(void)
1534 962 {
1535   - int ret = 0;
1536   - char original_part;
1537   - struct keyslot_package kp;
  963 + uint32_t unlock_vboot_status = 0;
1538 964  
1539   - read_keyslot_package(&kp);
1540   - if (strcmp(kp.magic, KEYPACK_MAGIC)) {
1541   - printf("keyslot package magic error, do nothing here!\n");
1542   - return 0;
  965 + /* Read the status first */
  966 + if (fsl_fuse_read(&unlock_vboot_status, 1,
  967 + UNLOCK_VBOOT_STATUS_OFFSET_IN_WORD)) {
  968 + ERR("Read unlock vboot status error!\n");
  969 + return -1;
1543 970 }
1544   - /* If keyslot package valid, copy it to secure memory */
1545   - fill_secure_keyslot_package(&kp);
1546 971  
1547   - /* switch to boot1 partition. */
1548   - original_part = mmc->block_dev.hwpart;
1549   - if (mmc_switch_part(mmc, KEYSLOT_HWPARTITION_ID) != 0) {
1550   - printf("ERROR - can't switch to boot1 partition! \n");
1551   - ret = -1;
1552   - goto fail;
1553   - } else
1554   - mmc->block_dev.hwpart = KEYSLOT_HWPARTITION_ID;
1555   - /* write power-on write protection for boot1 partition. */
1556   - if (mmc_switch(mmc, EXT_CSD_CMD_SET_NORMAL,
1557   - EXT_CSD_BOOT_WP, BOOT1_PWR_WP)) {
1558   - printf("ERROR - unable to set power-on write protection!\n");
1559   - ret = -1;
1560   - goto fail;
  972 + /* Set the disable unlock vboot bit */
  973 + unlock_vboot_status |= (1 << UNLOCK_VBOOT_STATUS_OFFSET_IN_BIT);
  974 +
  975 + /* Write disable unlock vboot bit to fuse */
  976 + if (fsl_fuse_write(&unlock_vboot_status, 1,
  977 + UNLOCK_VBOOT_STATUS_OFFSET_IN_WORD)) {
  978 + ERR("Write unlock vboot status fail!\n");
  979 + return -1;
1561 980 }
1562   -fail:
1563   - /* return to original partition. */
1564   - if (mmc->block_dev.hwpart != original_part) {
1565   - if (mmc_switch_part(mmc, original_part) != 0)
1566   - return -1;
1567   - mmc->block_dev.hwpart = original_part;
1568   - }
1569 981  
1570   - return ret;
  982 + return 0;
1571 983 }
1572   -#else /* CONFIG_SPL_BUILD */
  984 +#endif /* CONFIG_AVB_ATX */
  985 +
  986 +#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
1573 987 bool rpmbkey_is_set(void)
1574 988 {
1575 989 int mmcc;
1576 990  
... ... @@ -1715,6 +1129,6 @@
1715 1129  
1716 1130 return ret;
1717 1131 }
  1132 +#endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */
1718 1133 #endif /* CONFIG_SPL_BUILD */
1719   -#endif
lib/avb/fsl/fsl_avbkey.h
Diff comments   View file @ f39aa82
... ... @@ -44,6 +44,15 @@
44 44 #define RPMB_KEY_MAGIC "RPMB"
45 45 #endif
46 46  
  47 +#ifdef CONFIG_AVB_ATX
  48 +#define ATX_FUSE_BANK_NUM 4
  49 +#define ATX_FUSE_BANK_MASK 0xFFFF
  50 +#define ATX_HASH_LENGTH 14
  51 +#endif
  52 +
  53 +#define RESULT_ERROR -1
  54 +#define RESULT_OK 0
  55 +
47 56 struct kblb_tag {
48 57 uint32_t flag;
49 58 uint32_t offset;
... ... @@ -59,7 +68,7 @@
59 68 */
60 69 #if defined(CONFIG_DUAL_BOOTLOADER) && defined(CONFIG_SPL_BUILD)
61 70 kblb_tag_t bootloader_rbk_tags;
62   -#else
  71 +#endif
63 72 /* public key keyblb tag */
64 73 kblb_tag_t pubk_tag;
65 74 /* vbmeta rollback index keyblb tag */
... ... @@ -68,7 +77,6 @@
68 77 /* Android Things key versions rollback index keyblb tag */
69 78 kblb_tag_t atx_rbk_tags[AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS];
70 79 #endif
71   -#endif
72 80 };
73 81 typedef struct kblb_hdr kblb_hdr_t;
74 82  
... ... @@ -93,5 +101,9 @@
93 101  
94 102 int check_rpmb_blob(struct mmc *mmc);
95 103 bool rpmbkey_is_set(void);
  104 +int fsl_fuse_write(const uint32_t *buffer, uint32_t length, uint32_t offset);
  105 +int fsl_fuse_read(uint32_t *buffer, uint32_t length, uint32_t offset);
  106 +int permanent_attributes_sha256_hash(unsigned char* output);
  107 +struct mmc *get_mmc(void);
96 108 #endif