24 Dec, 2018

1 commit

• e05d44f55   MA-13832 [Trusty] Support random rpmb key set ... Browse Code »

  Sometimes we need to set random rpmb key which is invisible
  except for the device.
  Generate the random key with hwcrypto interface and support
  fastboot command "fastboot oem set-rpmb-random-key" to set it.

  Test: build and boot on imx8q.

  Change-Id: I44e1b6b091366d8ffceb1159fc65c17610ce5243
  Signed-off-by: Ji Luo

  Ji Luo

  2018-12-24 09:13:38 +0800  

04 Dec, 2018

1 commit

• 2d831d95f   MA-13629 [Trusty] Add commands to set vbmeta public key ... Browse Code »

  Add commands to write/read vbmeta public key to/from secure
  storage. The vbmeta public key can only be set once.
  Comands to set the public key:
  fastboot stage
  fastboot oem set-public-key

  Test: build and boot on imx8qxp_mek.

  Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca
  Signed-off-by: Ji Luo

  Ji Luo

  2018-12-04 09:53:12 +0800  

12 Nov, 2018

3 commits

• aebefa804   [iot] Support command 'oem at-disable-unlock-vboot' ... Browse Code »

  Device will be locked permanently after disabling the unlcok vboot, store
  the disable unlock vboot status into fuse. Since the fuse write operation
  is irreversible so config 'CONFIG_AVB_FUSE' is disabled by default, user
  need to add this config manually and run this command again.

  Test: Disable unlock vboot bit is set after enabling "CONFIG_AVB_FUSE",
  device was locked permanently after running this command. This is
  verified on both imx7d_pico and AIY.

  Change-Id: Iad8991a238763b1d662e33cba65f0b9eb44e97ef
  Signed-off-by: Ji Luo

  Ji Luo

  2018-11-12 09:18:37 +0800  
• c14e9d4e2   [iot] Support lock vboot for Android Things ... Browse Code »

  Supoort "fastboot oem at-lock-vboot" command for Android
  Things, this command can only be called after perm-attr
  have been fused.

  Test: build and boot ok on imx7d_pico and AIY.

  Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb
  Signed-off-by: Ji Luo

  Ji Luo

  2018-11-12 09:18:37 +0800  
• d4a0dbd9a   [iot] Support authenticated unlock ... Browse Code »

  Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
  and "fastboot oem at-unlock-vboot" to support the authenticated
  unlock feature for Android Things devices. Use software random
  numbers generator to generate the 16 bytes random challenge, it
  should be replaced with hardware encrypted random generator when
  the TEE part is ready.

  Test: Generate unlock challenge by:
  ./avbtool make_atx_unlock_credential
  --output=atx_unlock_credential.bin
  --intermediate_key_certificate=atx_pik_certificate.bin
  --unlock_key_certificate=atx_puk_certificate.bin
  --challenge=my_generated_challenge.bin
  --unlock_key=testkey_atx_puk.pem
  validated the unlock credential successfully on imx7d_pico
  and AIY.

  Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
  Signed-off-by: Ji Luo

  Ji Luo

  2018-11-12 09:18:37 +0800  

12 Oct, 2018

1 commit

• 557981f3a   MA-13048 [AUTO] Support program rpmb key with fastboot command ... Browse Code »

  Add fastboot command "fastboot oem set-rpmb-key" to program the rpmb
  key which should be staged first.
  Usage:
  1. fastboot stage my-rpmb-key.bin
  2. fastboot oem set-rpmb-key

  Test: rpmb key programed successfully on imx8qxp.

  Change-Id: I95474a6367eb8ef0db16bb38680975b8c45b84f1
  Signed-off-by: Ji Luo

  Ji Luo

  2018-10-12 09:02:28 +0800  

20 Aug, 2018

4 commits

• 0bfb34cbc   [iot] Verify single slot in boota for dual bootloader ... Browse Code »

  A/B switch logic will be moved to SPL stage if dual bootloader
  feature is enable, in such case, we just need to verify single
  slot which is selected in SPL stage.

  Test: verify and boot ok for imx8m.

  Change-Id: Iafe0d2d4aea1c178551940808416eec4a3547259
  Signed-off-by: Luo Ji

  Luo Ji

  2018-08-20 21:31:57 +0800  
• dbcf1e3cc   [iot] Support dual bootloader in SPL ... Browse Code »

  2

  Move the A/B slot check to SPL, the A/B slot switch
  workflow is just like what we have in libavb_ab.

  Test: A/B select works fine on imx8m.

  Change-Id: Ie3d827a9be0298b491bf2bc8d48833597fd70e90
  Signed-off-by: Luo Ji

  Luo Ji

  2018-08-20 21:31:28 +0800  
• fd9eec336   [iot] Support fastboot oem fuse at-perm-attr command ... Browse Code »

  Support "fastboot oem fuse at-perm-attr" command for
  ATX. The perm_attr will be stored into RPMB which
  managed by Trusty OS.
  Modified permanent_attributes related AVB ops that
  support Trusty OS backed RPMB storage.

  Change-Id: Id6248570b4294fed3c45270064196bd6b9cf9208
  Signed-off-by: Haoran.Wang

  Yu Shan

  2018-08-20 21:25:45 +0800  
• 449f9048e   [iot] Update libavb in u-boot ... Browse Code »

  This commit did:
  1. Sync AVB lib with external/avb, head of commit is:
  commit 6d5326a945c2d17d5d0e7718d5cb97663c3b33a2
  Author: Neal Ostrem
  Date: Tue Apr 24 13:09:45 2018 -0700

  Merge fix/changes required after merge from AOSP ToT.

  Change library name to one used by AT.
  Test: Built successfully and unit tests pass.
  Change-Id: I5e5fc9a6010d96cfecfc6faf0858ba930cba65a0
  2. Change product id in ATX to be full zeros to sync with
  external/avb.
  3. Fix build errors and implement ops fsl_set_key_version.
  4. Move most nxp modified code to lib/avb/fsl/.

  Test: build and boot successfully for imx7d_pico and imx8m_phanbell.

  Change-Id: I199a035fe8267b10955299a4b745458d40a2e754
  Signed-off-by: Luo Ji

  Luo Ji

  2018-08-20 21:25:44 +0800  

13 Jun, 2018

1 commit

• 2105662ad   MLK-18591-1 android: Add the AVB library ... Browse Code »

  14

  Porting the android AVB lib from imx u-boot v2017.03

  Signed-off-by: Ye Li

  Ye Li

  2018-06-13 17:41:08 +0800