Eric Lee / smarc-uboot

18 Apr, 2019

1 commit

  • 0d6d88077   MA-14629 fix build warnings for varialbe initialization and type cast ... Browse Code »

    initialize potential uninitialized variable with the type of"char*" to
    be NULL in AVB. That "hashtree_error_mode" in code is manually specified
    with a known value, the cases listed cover all potential value of
    "hashtree_error_mode"

    explicitly do a type cast for memcpy parameters.

    Change-Id: Ie5d234422a273d6dab75585bd0d8eb81583707ca
    Signed-off-by: faqiang.zhu

    faqiang.zhu
     

14 Mar, 2019

1 commit

  • dfdf60c69   MA-14374 [coverity] Fix coverity issues in fsl_avbkey.c ... Browse Code »

    Fix coverity issues as:
    CID 5899697: Dereference before null check (REVERSE_INULL)
    CID 3616594: Unchecked return value (CHECKED_RETURN)
    CID 3616598: Resource leak (RESOURCE_LEAK)
    CID 3616591: Resource leak (RESOURCE_LEAK)

    Test: Coverity scan pass.

    Change-Id: I70abb41c3cd825c6eec43dc7e5baec716ae46680
    Signed-off-by: Luo Ji

    Luo Ji
     

12 Mar, 2019

2 commits

  • e0343ea46   MA-14318-1 Support dual bootloader for xen ... Browse Code »

    Trusty is not supported for xen so we don't need to check
    the keyslot package or rollback index in spl. Reassign the
    dram address for spl and u-boot to avoid conflicts.

    Support serial init functions to enable debug console
    in spl when xen is running.

    Test: Boot and A/B slot switch on imx8qm_mek.

    Change-Id: If6829252f1ec2e32255f951715c8747181951fd0
    Signed-off-by: Ji Luo
    Reviewed-by: Peng Fan

    Ji Luo
     
  • 40f95bfc0   MA-14280 [coverity] Fix resource leak in libavb ... Browse Code »

    Fix resource leak in libavb, coverity issue:
    CID 5899691: Resource leak (RESOURCE_LEAK) leaked_storage: Variable
    hash_out going out of scope leaks the storage it points to.

    CID 5899689: Resource leak (RESOURCE_LEAK) leaked_storage: Variable
    hash_buf going out of scope leaks the storage it points to.

    CID 5899688: Uninitialized pointer read (UNINIT) uninit_use: Using
    uninitialized value digest.

    CID 5899692: Structurally dead code (UNREACHABLE) unreachable: This
    code cannot be reached: goto out;

    Test: Coverity scan pass.

    Change-Id: If8e26fdd383c32a9160775006621830b42c0f07e
    Signed-off-by: Luo Ji

    Luo Ji
     

22 Feb, 2019

4 commits

  • 55dbdd9d5   MA-14121 Only free hash buffer for Android Auto ... Browse Code »

    The hash buffer is allocated on stack if we don't use
    CAAM to accelerate the hash calculation, don't free
    the hash buffer in such case.

    Test: Boot ok on imx8qm.

    Change-Id: I3b3dcc0e8359848b4f9c58c802d51f0a76931e5e
    Signed-off-by: Ji Luo

    Ji Luo
     
  • 24e33164c   MA-14120 Add config to guard append bootargs support ... Browse Code »

    Grant user the permission to change the bootargs can be very
    dangerous, so add config 'CONFIG_APPEND_BOOTARGS' to guard the
    bootargs appending feature.

    Test: bootargs can't be appended if "CONFIG_APPEND_BOOTARGS" is
    not set.

    Change-Id: I6d6879415ca251c806b56490290e5032aef24277
    Signed-off-by: Ji Luo

    Ji Luo
     
  • 3a62d022b   MA-14118 Avoid slot switch if retry count exhaust in spl ... Browse Code »

    The A/B slot is chosen at spl stage and should be kept up to
    u-boot stage. Decrease slot retry count will cause slot switch
    when the slot only has one chance left.
    Set the 'bootloader_verified' flag when current slot is running the last
    chance at spl, u-boot will treat the slot as bootable if the
    'reserved' flag is set even the retry count exhausted.

    Test: Slot not switch during 7 times reboot try.

    Change-Id: I7ae84b2ce683300a1bb332606cd58e48483214ea
    Signed-off-by: Ji Luo

    Ji Luo
     
  • 7eebccd17   MA-14043 Fix avb verify fail in adb reboot test ... Browse Code »

    During AVB verify, CAAM will be invoked to calculate the hash
    of boot.img and dtbo.img. ALLOC_CACHE_ALIGN_BUFFER() supports
    allocate cache aligned buffer on *stack*, which may cause
    'dirty' dcache data be flushed to dram after CAAM operations
    complete.

    Use memalign() to allocate cache aligned buffer on *heap* to
    fix this issue.

    Test: 1200 times reboot test on imx8qm and 2300 times reboot
    on imx8qxp.

    Change-Id: I8f86248df318093d44a46dcab76306377898766e
    Signed-off-by: Ji Luo

    Ji Luo
     

31 Jan, 2019

1 commit

  • fd421f74d   MA-14051 Enable trusty for imx8q xen ... Browse Code »

    Open configs to add trusty os support for imx8q xen
    build. The rpmb keyslot package must be checked and
    copied to secure memory before trusty os boot.

    Change-Id: I66201783fa8439f2685377c10f257f064057dcfa
    Signed-off-by: Ji Luo

    Ji Luo
     

18 Jan, 2019

1 commit

  • 71562aae3   MA-13938 [Android] imx8q: Support dual bootloader feature ... Browse Code »
    2

    Support dual bootloader feature for imx8q which uses the
    container format. Move the A/B slot select and verify to
    SPL stage, the bootloader rollback index will be stored
    at the last 8K bytes of eMMC rpmb storage.

    Test: Boot and rbindex verify pass on imx8q.

    Change-Id: I0a48210f65984a083037a0cd3f9558951029ed7d
    Signed-off-by: Ji Luo

    Ji Luo
     

08 Jan, 2019

1 commit

  • e29e4022c   MA-13904 [Trusty] Pass root trust to keymaster service ... Browse Code »

    Pass the verified boot key hash to keymaster, it will be
    treated as the root trust in keymaster service.
    Also set the 'initialized' flag after initializing the
    keymaster client or set keymaster boot parameters will fail.

    Test: Pass CTS cases:
    android.keystore.cts.KeyAttestationTest#testRsaAttestation
    android.keystore.cts.KeyAttestationTest#testEcAttestation

    Change-Id: I486b5493826160f42c61a3da0e6cd769df92254d
    Signed-off-by: Ji Luo

    Ji Luo
     

24 Dec, 2018

2 commits

12 Dec, 2018

1 commit

  • fc734f07d   MA-13759-1 imx8mm: Enable trusty support ... Browse Code »

    Open configs to enable trusty for imx8mm_evk and also
    add new config imx8mm_evk_android_trusty_defconfig based
    on imx8mm_evk_android_defconfig.

    Test: Trusty starts ok.

    Change-Id: Iaea90de21f886ed23082a5e8e8d2fa7fb139a9cb
    Signed-off-by: Ji Luo

    Ji Luo
     

10 Dec, 2018

1 commit

05 Dec, 2018

1 commit

04 Dec, 2018

2 commits

  • 2d831d95f   MA-13629 [Trusty] Add commands to set vbmeta public key ... Browse Code »

    Add commands to write/read vbmeta public key to/from secure
    storage. The vbmeta public key can only be set once.
    Comands to set the public key:
    fastboot stage
    fastboot oem set-public-key

    Test: build and boot on imx8qxp_mek.

    Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca
    Signed-off-by: Ji Luo

    Ji Luo
     
  • d7c768a69   MA-13628 [Auto] Read/Write rollback index from rpmb ... Browse Code »

    Secure storage is ready in trusty so we should read/write the rollback
    index from rpmb.
    But for borads without rpmb key, read/write the rpmb will fail and will
    block the following avb verify process. In this case, check if the rpmb
    key has been set and always return AVB_IO_RESULT_OK for the boards without
    rpmb key.

    Test: build and boot pass on imx8qm_mek.

    Change-Id: I10c438e56d049ae97ebedfc446c8202642630d8b
    Signed-off-by: Ji Luo

    Ji Luo
     

21 Nov, 2018

2 commits

  • f042c8f7c   MA-13487 Refine fsl avb functions ... Browse Code »

    Too many macros are used in fsl_avbkey.c and
    make it difficult to maintain.
    This patch made some refine by:
    1. Move all avb/atx operations to fsl_avb.c.
    2. Refine the functions logic.
    3. Drop some unsupported conditions/functions.

    Test: build and boot on
    imx8qm_mek/imx8mq_evk/imx6qp_sabresd/imx7d_pico/imx8m_aiy.

    Change-Id: I5c99732acfc47d53cdf188d69223983777e577f4
    Signed-off-by: Luo Ji

    Luo Ji
     
  • eb1892df1   MA-13480-1 [Auto] Fix XEN hang with wrong keymaster service ... Browse Code »

    Pass "androidboot.keystore=trusty" for trusty backed keymaster
    service, pass "androidboot.keystore=software" for software
    keymaster service.

    Test: boot pass on imx8qm_mek.

    Change-Id: I9fa38c15a7c10aef09ab29b0e9859b690e3e7a41
    Signed-off-by: Ji Luo

    Ji Luo
     

12 Nov, 2018

14 commits

  • 1b2d27563   MA-13365 [Trusty] Fix imx8q hang when rpmb key not set ... Browse Code »

    Commit "ql-tipc: trusty_ipc: Change ipc polling to be per device" removes
    rpmb_storage_proxy_poll() call in avb_do_tipc() which will return early
    if the rpmb proxy service isn't initialized properly, this will make boards
    hang if the rpmb key is not set.
    Skip initializing AVB and Keymaster client if the rpmb key hasn't been
    set, but keep the hwcrypto client initialization since we need it to
    generate the rpmb key blob.

    Test: Build and boot ok on imx8q.

    Change-Id: I1ead849e812da55edae8b739d9ae56a7d4951af4
    Signed-off-by: Ji Luo

    Ji Luo
     
  • e48ceaae2   [iot] Update rollback index when slot has been marked as successful ... Browse Code »

    The rollback index should be updated when avb verify pass
    and the slot has been marked as successful, update the
    rollback index also for those enabled dual bootloader
    feature.
    This commit also fix some configs condition issue so
    read/write rollback index with trusty will work.

    Test: rollback index updated successfully on
    imx7d_pico and AIY.

    Change-Id: I2344d6462249d8d88f0622d331cdeffc7e12f885
    Signed-off-by: Ji Luo

    Ji Luo
     
  • b57739cac   [iot] Support fastboot variable 'at-vboot-state' ... Browse Code »

    Add support for fastboot variable 'at-vboot-state', it's composed
    by 6 sub-variable: 'bootloader-locked', 'bootloader-min-versions',
    'avb-perm-attr-set', 'avb-locked', 'avb-unlock-disabled' and
    'avb-min-versions'.

    Test: All 'at-vboot-state' variables are returned
    correctly on imx7d_pico and AIY.

    Change-Id: Ibb855cbcc7c41657af62dafb98a96c4dfb96ef22
    Signed-off-by: Ji Luo

    Ji Luo
     
  • aebefa804   [iot] Support command 'oem at-disable-unlock-vboot' ... Browse Code »

    Device will be locked permanently after disabling the unlcok vboot, store
    the disable unlock vboot status into fuse. Since the fuse write operation
    is irreversible so config 'CONFIG_AVB_FUSE' is disabled by default, user
    need to add this config manually and run this command again.

    Test: Disable unlock vboot bit is set after enabling "CONFIG_AVB_FUSE",
    device was locked permanently after running this command. This is
    verified on both imx7d_pico and AIY.

    Change-Id: Iad8991a238763b1d662e33cba65f0b9eb44e97ef
    Signed-off-by: Ji Luo

    Ji Luo
     
  • c14e9d4e2   [iot] Support lock vboot for Android Things ... Browse Code »

    Supoort "fastboot oem at-lock-vboot" command for Android
    Things, this command can only be called after perm-attr
    have been fused.

    Test: build and boot ok on imx7d_pico and AIY.

    Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb
    Signed-off-by: Ji Luo

    Ji Luo
     
  • d4a0dbd9a   [iot] Support authenticated unlock ... Browse Code »

    Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
    and "fastboot oem at-unlock-vboot" to support the authenticated
    unlock feature for Android Things devices. Use software random
    numbers generator to generate the 16 bytes random challenge, it
    should be replaced with hardware encrypted random generator when
    the TEE part is ready.

    Test: Generate unlock challenge by:
    ./avbtool make_atx_unlock_credential
    --output=atx_unlock_credential.bin
    --intermediate_key_certificate=atx_pik_certificate.bin
    --unlock_key_certificate=atx_puk_certificate.bin
    --challenge=my_generated_challenge.bin
    --unlock_key=testkey_atx_puk.pem
    validated the unlock credential successfully on imx7d_pico
    and AIY.

    Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
    Signed-off-by: Ji Luo

    Ji Luo
     
  • b5bb5e0ec   initialize trusty hardware crypto service for Android Auto ... Browse Code »

    for Android Things, sha256 is caculated with software, for Android Auto,
    sha256 is caculated with CAAM hardware module. so use macro to seperate
    the code about hardware crypto service.

    Change-Id: Ibf4cad2c98240ab2c826869e9cb28ad09bded2f6
    Signed-off-by: faqiang.zhu

    faqiang.zhu
     
  • 9d5a4e04e   [iot] Support ARM64 for Trusty OS ... Browse Code »

    Align the callback to ARM64 environment for
    Trusty OS.

    TEST: AIY-3G & AIY-1G board's TIPC and AVB handler
    works.

    Change-Id: I65806f56267a4a9278db04a462e351da181618cc
    Signed-off-by: Haoran.Wang

    Haoran.Wang
     
  • 5e7a59943   ql-tipc: Compile fixes ... Browse Code »

    Change-Id: I1c800fe39b5999169edd6e2acb9f66e557a3a86e

    Arve Hjønnevåg
     
  • 1939a7914   ql-tipc: sysdeps.h: separate memory allocation from getting attributes ... Browse Code »

    Obtaining the memory attributes can be done indepentently of the
    bootloader environment and is now done by the ipc layer.

    Updated u-boot example to reflect this.

    Change-Id: I8e649a1367ba02981419c43aac6e55b469dcf651

    Roberto Pereira
     
  • 8b91ad3b1   ql-tipc: sysdeps: Change memory allocation to be page based ... Browse Code »

    Changed trusty_membuf_alloc and trusty_membuf_free to trusty_alloc_pages and
    trusty_free_pages. The memory allocated by these functions is intended
    to be shared with the secure world so it should be inherently page based.

    Updated u-boot sysdeps and trusty_ipc_dev_create/shutdown to use these
    new functions

    Change-Id: Ica1aa5b0cb50eba6ce18914d048e731133d94c4f

    Roberto Pereira
     
  • 5f019ea53   ql-tipc: ipc_dev.c: Move error exit label to correct location ... Browse Code »

    Change-Id: I4b52d9ba71c9d4fa959f19ee7d741c46dcdef09a

    Roberto Pereira
     
  • dfd911856   ql-tipc: trusty_ipc: Change ipc polling to be per device ... Browse Code »
    10

    This allows ipc devices to provide service callbacks (e.g. rpmb) transparently
    to the application instead of needing to have prior knowledge of the expected
    request and having to poll the individual services' channels separately.

    Change-Id: I3257ae5e429f4a0c279f070d750b56c5600c38d5

    Roberto Pereira
     
  • cbbcf9c2d   ql-tipc: arm: trusty_mem: Add support for more execution states ... Browse Code »

    trusty_encode_page_info now also supports EL2 and EL3 in 64-bit environments
    and PL1 and PL2 in 32-bit

    Change-Id: I296212ae7a1f0b276279819523a13eb1cfaf2a26

    Roberto Pereira
     

09 Nov, 2018

1 commit

  • a37a72c84   MA-13357 [Trusty] Init hwcrypto service even rpmb key not set ... Browse Code »

    RPMB storage proxy service will return fail if the rpmb key is not
    correct, we should not return early here if the rpmb key has not
    been set because we still need to initialize the hwcrypto service
    to generate the rpmb key blob.
    This commit also adds more hint when set the rpmb key.

    Change-Id: I8ee59e4e277b545283d63b1070e671d508dbe0c2
    Signed-off-by: Luo Ji

    Luo Ji
     

03 Nov, 2018

4 commits

  • 8cd43400c   MA-13276 [Auto] Generate key blob when set the rpmb key ... Browse Code »

    Generate the key blob and store it to the last block of boot1 partition
    after setting the rpmb key. The key blob should be checked in spl and be
    passed to Trusty OS if it's valid. If the key blob are damaged, RPMB
    storage proxy service will return fail and should make the device hang.

    Test: Build and boot ok on imx8qm/qxp.

    Change-Id: Ia274cd72109ab6ae15920e91b2a2008e1f1e667c
    Signed-off-by: Ji Luo

    Ji Luo
     
  • 4207a8df8   MA-13275 [trusty] Add tipc command to generate blob with CAAM ... Browse Code »

    Add new hwcrypto tipc command and handler to generate blob with
    CAAM.

    Test: Message exchange with trusty and blob encapsulate/decapsulate ok.

    Change-Id: I925b47cb3e22eeddf4c89e84a9c994d2f30423fe
    Signed-off-by: Ji Luo

    Ji Luo
     
  • 86b33989f   MA-13234 [Auto] Calculate SHA256 hash with CAAM ... Browse Code »

    Use CAAM to accelerate SHA256 hash calculation in AVB,
    this will reduce u-boot boot time, about 570ms can be
    saved for imx8qxp.

    Test: Build and boot ok for imx8qxp.

    Change-Id: Idbbd781e5ad8e7d6cd8865190d7547c165d02190
    Signed-off-by: Ji Luo

    Ji Luo
     
  • ced616aa4   MA-13233 [trusty] Add service 'hwcrypto' ... Browse Code »

    Add new service 'hwcrypto' to handle CAAM related work
    with Trusty OS. Add tipc interface to accelerate hash
    calculation with CAAM.

    Test: Service connect and message exchange with Trusty OS
    are ok.

    Change-Id: Ia870c3ad2ff30af987f327a9777a8b32f53593db
    Signed-off-by: Ji Luo

    Ji Luo
     

12 Oct, 2018

1 commit