Eric Lee / smarc-uboot

08 Jan, 2021

1 commit

  • 7f300b1fc   MA-18352-5 Support device IDs provision ... Browse Code »
    1

    The device IDs are provisioned from bootloader, this commit
    add commands to provision the deivce IDs:
    $ fastboot oem append-device-id

    Test: Device IDs provision and attest.

    Change-Id: Id3c737d3da02f7ba463e51b0525f3cb9bcf0c6d1
    Signed-off-by: Ji Luo
    (cherry picked from commit 7575ac07ac625c35269868511297385a69c96196)

    Ji Luo
     

11 Dec, 2020

1 commit

  • 8e2cacff5   MA-18406 Fix panic when provision keys on boards without rpmb key ... Browse Code »
    1

    The keymaster client won't be initialized if the rpmb
    key is not set, return early with error in such case
    to avoid panic.

    Test: provision attestation keys & certs on boards without
    rpmb key set.

    Change-Id: I6f908aecafd15ab390629cb89b090c9ee817ba1e
    Signed-off-by: Ji Luo
    (cherry picked from commit b999b03c3eb153a99b481e42315e048653247107)

    Ji Luo
     

19 Oct, 2020

1 commit

  • 55a7698e6   MA-17788 Boot time refine for automotive ... Browse Code »

    Disable unused dts and configs for imx8q to reduce the boot time.

    The 'part_get_info_by_name' can be very time consuming as it will
    loop through all the GPT entries to find the matched partition,
    specify the number of 'misc' partition and use 'part_get_info' to
    load the partition info directly will save much time.

    With this patch, about 300ms can be save for imx8qm, about 350ms
    can be saved for imx8qxp.

    Test: boot tests.

    Signed-off-by: Ji Luo
    Change-Id: I66bc7e002caea62754b670d0a30860a23a17ff61
    (cherry picked from commit d25c0c7b9de22abd6c326975199c86c943e742cf)

    Ji Luo
     

26 Aug, 2020

4 commits

16 Jul, 2020

2 commits

  • e79c079bd   MA-17387 Remove the rpmb handle flag in hwcrypto ... Browse Code »
    1

    The handle_rpmb flag should indicate whether the call will invoke
    RPMB callbacks, which has been removed by below commit:
    commit dfd911856d31fd91eb4e3c1edb1d691723c6edaf
    Author: Roberto Pereira
    Date: Thu Nov 2 15:09:20 2017 -0700

    ql-tipc: trusty_ipc: Change ipc polling to be per device

    This allows ipc devices to provide service callbacks (e.g. rpmb) transparently
    to the application instead of needing to have prior knowledge of the expected
    request and having to poll the individual services' channels separately.

    Change-Id: I3257ae5e429f4a0c279f070d750b56c5600c38d5

    Sync the change for hwcrypto, it will help remove some build warnings.

    Test: builds and boots with trusty.

    Signed-off-by: Ji Luo
    Change-Id: I696b13d9d509d5983c934df5ee6fb36e46f4c884
    (cherry picked from commit 8812d39018c23cc26afa43a97acf27427979c90c)

    Ji Luo
     
  • 524717357   MA-17390 Clean build warnings for android ... Browse Code »
    1

    This commit eliminate the annoying build warning logs.

    Test: builds with buildman.

    Signed-off-by: Ji Luo
    Change-Id: Ia335dafe3f4c0eab08e011215b9de5d2974b8d0c
    (cherry picked from commit 85e0d429d19b8f9a62369a5f20e088644c488b1e)

    Ji Luo
     

16 Jun, 2020

7 commits

  • 4cd1d0871   MA-17226 Invalidate the dcache after DMA operation ... Browse Code »
    1

    The main memory contents can spontaneously come to the cache due to
    the speculative memory access by the CPU, this may cause coherency
    problem if this happens during the DMA operaion is on-going.

    Invalidate the dcache range after DMA opeartion but before the main
    memory read to avoid coherency problem.

    Test: reboot test.

    Change-Id: I93824deab9285b5478669e0a311e0b338bf02f8a
    Signed-off-by: Ji Luo

    Ji Luo
     
  • 8b58afda1   MA-15575-3 Add support for oemlock 1.0 hal ... Browse Code »
    1

    Add commands to read oem device unlock state from
    trusty avb app. Use the oem device unlock state to
    determine if the device can be unlocked instead of
    the state in persistdata part.

    Test: Read oem device unlock state from avb app.

    Change-Id: Ifccaa788ba0f681c2b3a47151c8474e8da5a2559
    Signed-off-by: Ji Luo
    (cherry picked from commit c6eaf8e32987f120c0c5441ea39aa0f39a65b50d)

    Ji Luo
     
  • 063d358ab   MA-15321-3 Support secure unlock feature ... Browse Code »
    1

    Decrypt and verify the secure credential in keymaster TA, unlock
    operation can only be allowed after secure credential verify pass.

    Since the mppubk can only be generated on hab closed imx8q, so secure
    unlock feature can only supported when hab is closed.

    Test: secure unlock credential verify on hab closed imx8mm_evk.

    Change-Id: I1ab5e24df28d1e75ff853de3adf29f34da1d0a71
    Signed-off-by: Ji Luo
    (cherry picked from commit 631149fc0fc8ce035311949db643c2708e41435a)

    Ji Luo
     
  • 38f997506   MA-15151 Limit some hwcrypto commands within bootloader ... Browse Code »
    1

    It can be dangerous to export some hwcrypto commands to Linux,
    add commands to limit some commands within bootloader.

    Test: hwcrypto commands can't be used after locking boot state.

    Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22
    Signed-off-by: Ji Luo
    (cherry picked from commit 3fc3f521957677b1f363624494ed866985a25505)

    Ji Luo
     
  • 02f0cd148   MA-15017 Add new command to generate bkek from trusty ... Browse Code »
    1

    Add new command to generate bkek from trusty.

    Test: generate and dump bkek.

    Change-Id: I6b2a30b87c755eecd00ced7c53cfb86e432040de
    Signed-off-by: Ji Luo
    (cherry picked from commit 6c1087c030de491a12b7f1be9d332f30ba27d183)

    Ji Luo
     
  • 04e5532e1   MA-15142 Support secure attestation provision ... Browse Code »

    In host end, need encrypt the attestation keys and certs
    by manufacture protection public key though AES-128-ECB.
    Then use below 4 set of commands to provision encrypted
    RSA attestation and EC attestation:
    * $fastboot stage atte_rsa_key.bin
    * $fastboot oem set-rsa-atte-key-enc
    * $fastboot stage atte_rsa_cert.bin
    * $fastboot oem append-rsa-atte-cert-enc
    * $fastboot stage atte_ec_key.bin
    * $fastboot oem set-ec-atte-key-enc
    * $fastboot stage atte_ec_cert.bin
    * $fastboot oem append-ec-atte-cert-enc

    Change-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346
    Signed-off-by: Haoran.Wang
    (cherry picked from commit 58965915dd69050429142d3d180c75e98ad14788)

    Haoran.Wang
     
  • 6bdc7d05c   MA-15019-1 Support Manufacture Protection public key generation ... Browse Code »

    Add new keymaster commands to get Manufacure Production key (mppubk).
    Since the mppubk can only be generated in OEM CLOSED imx8q board, so
    we can only use this command when the board is HAB/AHAB closed.

    Commands to extract the mppubk:
    * $fastboot oem get-mppubk
    * $fastboot get_staged mppubk.bin

    Test: Generate and dump the mppubk.bin

    Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4
    Signed-off-by: Ji Luo
    (cherry picked from commit 52300d644a275dfa4fe73ecb51601a8efaff8ab7)

    Ji Luo
     

06 May, 2020

1 commit

  • de2d7e7bf   MLK-18591-4 android: iot: Import ql-tipc lib for Trusty OS ... Browse Code »
    1

    The lib provided ql-tipc communication channel with
    Trusty OS.
    Also the AVB, Keymaster, hwcrypto and SecureStorage service
    tipc client implement in this lib.

    Change-Id: I0ab1ec9ee1b6f272b960c2e944008283c2c9249a
    Signed-off-by: Haoran.Wang
    (cherry picked from commit 8fb370dd80fbb293b58115d2e7fc4970813773c7)
    (cherry picked from commit 0ccdd527a794c2b450658980361a7857ce7495c9)
    (cherry picked from commit ffca28682c5a9375c29b3036a156aff190341960)

    Haoran.Wang