24 Dec, 2018
1 commit
-
Sometimes we need to set random rpmb key which is invisible
except for the device.
Generate the random key with hwcrypto interface and support
fastboot command "fastboot oem set-rpmb-random-key" to set it.Test: build and boot on imx8q.
Change-Id: I44e1b6b091366d8ffceb1159fc65c17610ce5243
Signed-off-by: Ji Luo
21 Dec, 2018
1 commit
-
For mek_8qm, bootloader offset in SD card is 32kb, in eMMC
bootpartition, it's 0kb. This patch fix the issue that bootloader offset
used in uboot is always based on the device that the board boot from.Now, if uboot environment variable "target_ubootdev" is set, bootloader
offset used in uboot is based on the device "target_ubootdev" specified.
So boot from eMMC to flash SD, the board can boot from SD and vice versa.Change-Id: Ia2cd64ba6ece02b98ea3d2addbce00b1661077de
Signed-off-by: faqiang.zhu
20 Dec, 2018
1 commit
-
To avoid end user executing uboot command through fastboot, the fastboot
command of "ucmd" and "acmd" in the uboot to be flashed into
non-volatile storage device is removed in this partch.Change-Id: I999b8688a53c2201d02979be68266afc110dfb15
Signed-off-by: faqiang.zhu
12 Dec, 2018
1 commit
-
Open configs to enable trusty for imx8mm_evk and also
add new config imx8mm_evk_android_trusty_defconfig based
on imx8mm_evk_android_defconfig.Test: Trusty starts ok.
Change-Id: Iaea90de21f886ed23082a5e8e8d2fa7fb139a9cb
Signed-off-by: Ji Luo
06 Dec, 2018
2 commits
-
Now "is_boot_from_usb()" can work for imx6, imx7 and imx8, use this
function to judge whether boot from USB, and then return
FASTBOOT_UNLOCK.This can save some time for imx8 to flash images if the board is
locked.Change-Id: Iaa63f326f33400f2fdf13bf2e175cd9ac7d60317
Signed-off-by: faqiang.zhu -
When change lock status, misc partition, which stores data generated
by users, is erased.Before, we take different actions on misc partition for Android and
Android Things. The situation of Android Auto is not handled.Change-Id: Ia290b8e351b7a688d7a3a562cd30fca858e5a30c
Signed-off-by: faqiang.zhu
04 Dec, 2018
1 commit
-
Add commands to write/read vbmeta public key to/from secure
storage. The vbmeta public key can only be set once.
Comands to set the public key:
fastboot stage
fastboot oem set-public-keyTest: build and boot on imx8qxp_mek.
Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca
Signed-off-by: Ji Luo
29 Nov, 2018
1 commit
-
to handle situations that it is not allowed to unlock but the board is
already unlocked, unlock logic is modified in this patchChange-Id: I90b22c2dfbc1c64ed9514032986e98b27526c7b9
Signed-off-by: faqiang.zhu
22 Nov, 2018
1 commit
-
Too many macros are used in fsl_avbkey.c and
make it difficult to maintain.
This patch made some refine by:
1. Move all avb/atx operations to fsl_avb.c.
2. Refine the functions logic.
3. Drop some unsupported conditions/functions.Test: build and boot on
imx8qm_mek/imx8mq_evk/imx6qp_sabresd/imx7d_pico/imx8m_aiy.Change-Id: I5c99732acfc47d53cdf188d69223983777e577f4
Signed-off-by: Luo Ji
13 Nov, 2018
4 commits
-
Current code uses strlen of string to get the property data
length, which is wrong for unicode string, also the whole
property length also should be corrected(descriptor length
minus head length, 142-10=132), detail data format of single
GUID see below table:Table 4a: Microsoft Extended Properties Feature Descriptor
===================================================================
Value | TYPE | Description
===================================================================
0x8E, 0x00, 0x00, 0x00 | DWORD (LE) | Descriptor length
| | (142 bytes)
--------------------------------------------------------------------
0x00, 0x01 | BCD WORD (LE) | Version ('1.0')
--------------------------------------------------------------------
0x05, 0x00 | WORD (LE) | Extended Property
| | Descriptor index (5)
--------------------------------------------------------------------
0x01, 0x00 | WORD (LE) | Number of sections (1)
--------------------------------------------------------------------
0x84, 0x00, 0x00, 0x00 | DWORD (LE) | Size of the property
| | section (132 bytes)
--------------------------------------------------------------------
0x01, 0x00, 0x00, 0x00 | DWORD (LE) | Property data type
| | (1 = Unicode
| | REG_SZ,
| | see table below)
--------------------------------------------------------------------
0x28, 0x00 | WORD (LE) | Property name
| | length (40 bytes)
--------------------------------------------------------------------
0x44, 0x00, 0x65, 0x00, | NUL-terminated | Property name
(...) | Unicode String | "DeviceInterfaceGUID"
0x74, 0x00, 0x00, 0x00 | (LE) |
--------------------------------------------------------------------
0x4e, 0x00, 0x00, 0x00 | DWORD (LE) | Property data
| | length (78 bytes)
--------------------------------------------------------------------
0x7b, 0x00, 0x46, 0x00, | NUL-terminated | Property name
(...) | Unicode String | "{xxxxxxxx-xxxx-
0x7d, 0x00, 0x00, 0x00 | (LE) | xxxx-xxxx-
| | xxxxxxxxxxxx}\0"
--------------------------------------------------------------------Details of WCID see below link:
https://github.com/pbatard/libwdi/wiki/WCID-DevicesReviewed-by: Ye Li
Signed-off-by: Li Jun -
Fix coverity issue CID 5015449: Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking mmc suggests that it may be null, but it has
already been dereferenced on all paths leading to the checkSigned-off-by: Ye Li
-
Fix coverity issue CID 1898965: Dereference null return value (NULL_RETURNS)
dereference: Dereferencing a pointer that might be NULL dev_desc when calling
write_backup_gpt_partitionsSigned-off-by: Ye Li
-
Fix coverity issue CID 3826473: Destination buffer too small (STRING_OVERFLOW)
string_overflow: You might overrun the 16-character destination string buffer by
writing 20 characters fromThe size of g_ptable->name is 20, but we use 16 bytes buffer for strcpy. It may
cause buffer overflow.Signed-off-by: Ye Li
12 Nov, 2018
8 commits
-
The rollback index should be updated when avb verify pass
and the slot has been marked as successful, update the
rollback index also for those enabled dual bootloader
feature.
This commit also fix some configs condition issue so
read/write rollback index with trusty will work.Test: rollback index updated successfully on
imx7d_pico and AIY.Change-Id: I2344d6462249d8d88f0622d331cdeffc7e12f885
Signed-off-by: Ji Luo -
SHA256 hash of the entire verified software stack should be calculated
and passed to 'trusty_set_boot_params'. This commit will calculate the
SHA256 hash which represents spl.bin and bootloader.img, and then extend
that hash with the hash of vbmeta image into the final VBH.Bug: 110905171
Test: VBH is calculated and passed ok on AIY.
Change-Id: Id83ad36f3de79bedd435ca8f26035a35cca66b07
Signed-off-by: Ji Luo -
Add support for fastboot variable 'at-vboot-state', it's composed
by 6 sub-variable: 'bootloader-locked', 'bootloader-min-versions',
'avb-perm-attr-set', 'avb-locked', 'avb-unlock-disabled' and
'avb-min-versions'.Test: All 'at-vboot-state' variables are returned
correctly on imx7d_pico and AIY.Change-Id: Ibb855cbcc7c41657af62dafb98a96c4dfb96ef22
Signed-off-by: Ji Luo -
Device will be locked permanently after disabling the unlcok vboot, store
the disable unlock vboot status into fuse. Since the fuse write operation
is irreversible so config 'CONFIG_AVB_FUSE' is disabled by default, user
need to add this config manually and run this command again.Test: Disable unlock vboot bit is set after enabling "CONFIG_AVB_FUSE",
device was locked permanently after running this command. This is
verified on both imx7d_pico and AIY.Change-Id: Iad8991a238763b1d662e33cba65f0b9eb44e97ef
Signed-off-by: Ji Luo -
Supoort "fastboot oem at-lock-vboot" command for Android
Things, this command can only be called after perm-attr
have been fused.Test: build and boot ok on imx7d_pico and AIY.
Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb
Signed-off-by: Ji Luo -
Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
and "fastboot oem at-unlock-vboot" to support the authenticated
unlock feature for Android Things devices. Use software random
numbers generator to generate the 16 bytes random challenge, it
should be replaced with hardware encrypted random generator when
the TEE part is ready.Test: Generate unlock challenge by:
./avbtool make_atx_unlock_credential
--output=atx_unlock_credential.bin
--intermediate_key_certificate=atx_pik_certificate.bin
--unlock_key_certificate=atx_puk_certificate.bin
--challenge=my_generated_challenge.bin
--unlock_key=testkey_atx_puk.pem
validated the unlock credential successfully on imx7d_pico
and AIY.Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
Signed-off-by: Ji Luo -
Per security requirement, attestation of keymaster
supported by Trusty OS should support both P256
and curve25519 algorithm for Diffie-Hellman.TEST: Works on AIY boards by below commands:
$fastboot getvar at-attest-dhChange-Id: I3244f8d8b677222463b4e8fc75412e54dadeb23e
Signed-off-by: Haoran.Wang -
Flashing a signed vbmeta image adds extra
parameters to the kernel command line, overflowing
the buffer and corrupting the global data struct.
Increase the command line buffer size from 512
to 1024 to accomodate the extra data, and change
the sprintf's to snprintf's to prevent this from
happening if more parameters are added later.This bug was exposed by
Idd55dde79eed793dccdd7319600fbd04e11ca12d.Bug: 112397808
Test: Device boots with images from console and
from local build.Change-Id: If73d04007d54193527e11e11c6ef326110e899b6
07 Nov, 2018
1 commit
-
When booting from NAND/SPINOR/WEIMNOR boot devices, the fastboot will
print "unsupported boot device". This warning is used by android fastboot
when setting its "bootcmd". Since android does not support these devices.
so it gives the warning correctly.
But for BSP normal boot, this warning will bring confuse to users. So
change to check the "bootcmd" before giving such warning.Signed-off-by: Ye Li
Reviewed-by: Peng Fan
03 Nov, 2018
1 commit
-
Type "ulong" will be 32 bits long on imx6/7 but we may have
userdate partition more than 4G on 32 bits platforms. Use
"uint64_t" instead of "ulong" here to fix this issue.Test: Get correct userdata partition size on both imx6dl
and imx8qxp.Change-Id: Ia6b242f3998a65b157737e83da0ad3126b689713
Signed-off-by: Ji Luo
12 Oct, 2018
1 commit
-
Add fastboot command "fastboot oem set-rpmb-key" to program the rpmb
key which should be staged first.
Usage:
1. fastboot stage my-rpmb-key.bin
2. fastboot oem set-rpmb-keyTest: rpmb key programed successfully on imx8qxp.
Change-Id: I95474a6367eb8ef0db16bb38680975b8c45b84f1
Signed-off-by: Ji Luo
29 Sep, 2018
1 commit
-
For imx8 chips, if boot from usb, lock status will be ignored for the
convenience of using uuu. For imx6 and imx7, the presistdata partition
is ignored, so unlock operation can alway succeed.Change-Id: I842bab9fd2c04f8a864f4a134b63efc4436f71a4
Signed-off-by: faqiang.zhu
13 Sep, 2018
1 commit
-
Assign security features to specific config.
Now, use AVB_RPMB to enable RPMB stored rollback
index.After this refine,
for imx6/7/8 Android release, use no AVB_RPMB,
for imx6/7 AndroidThings, use AVB_RPMB.This patch also fix below build error for imx6/7:
vendor/nxp-opensource/uboot-imx/lib/avb/fsl/fsl_avbkey.c:711:2: error:
implicit declaration of function 'fsl_fuse_read'
[-Werror=implicit-function-declaration]
if (fsl_fuse_read((uint32_t *)blob, RPMBKEY_FUSE_LENW,
RPMBKEY_FUSE_OFFSET)){Change-Id: I734479f0627901f372f4b211b2e710bd103eb244
Signed-off-by: Haoran.Wang
12 Sep, 2018
1 commit
-
Align the callback to ARM64 environment for
Trusty OS.TEST: AIY-3G & AIY-1G board's TIPC and AVB handler
works.Change-Id: I65806f56267a4a9278db04a462e351da181618cb
Signed-off-by: Haoran.Wang
10 Sep, 2018
2 commits
-
- fix the blksize is 0 bug when boot device is sata
- add the sparse image support in the process flash sataSigned-off-by: Richard Zhu
Signed-off-by: Ye Li -
for 8qm B0, bootloader in eMMC boot partition should be 0, it is
different from 8qm A0, which need to be 33K.Change-Id: I3606aaee733b3a159bc818ac4938c34ec65f5896
Signed-off-by: faqiang.zhu
07 Sep, 2018
1 commit
-
Non-A/B devices should include dtbo in recovery.img to prevent mismatch
with recovery if OTA failure. Load dtbo from recovery.img for Non-A/B
devices in recovery mode.Change-Id: Ie8b12aeb562b80a172769af0b163df3c672c9af0
Signed-off-by: Ji Luo
28 Aug, 2018
1 commit
-
After executing each ucmd, the ucmd callback function always call fastboot_setup
to setup some enviroments.Because the mmc will be switched to user area by calling blk_get_dev in _fastboot_load_partitions.
When running "mmc partconf" by ucmd, the PART_CONFIG EXTCSD is updated, but the part_config and
hwpart variables in mmc and blk structure are not synced. So the old value will write to
PART_CONFIG EXTCSD again when switch to user area.This patch changes the fastboot_setup, only load the partitions when the storage device is changed.
Also force to re-init mmc before loading the partitions to sync mmc variables.Signed-off-by: Ye Li
(cherry picked from commit c9cd93b25586ecd4ce9178da7b8141f60cdd9deb)
27 Aug, 2018
1 commit
-
make the case of USB_BOOT won't execute to the case of default.
Change-Id: I6393d1532df6fe75e81b0ee0a88ca83427378e5c
Signed-off-by: faqiang.zhu
24 Aug, 2018
1 commit
-
For Android, /data, misc, cache, presistdata, RBK are erased
when lock/unlock.
For Android Things, above partitions except misc are erased.Change-Id: I4c9f5b81f15bf46322d6aea8d535d80f9ae7ca8b
Signed-off-by: Ji Luo
22 Aug, 2018
1 commit
-
Add some message prompt when the device will enter recovery
mode.Change-Id: I3b1829594998f146fd973e15a418cd4c9f52f771
Signed-off-by: Ji Luo
21 Aug, 2018
5 commits
-
Legacy platform (imx6/7) don't support A/B slot so the fdt
partition name should be 'dtbo' instead of 'dtbo_a/dtbo_b'.Test: build and boot ok on imx6q_sabresd.
Change-Id: I282594289d78ffac6d7f503a0e471e050724efea
Signed-off-by: Ji Luo -
Change bootcmd to "fastboot 0" directly when detect
booted from USB. By this the u-boot which booted by
uuu will enter fastboot mode and ready for the
remain commands.Change-Id: I937c07f770e68568dcb3ea67130ee6634feea47a
Signed-off-by: Haoran.Wang -
Sometimes we don't need to dump the whole partition table when
some partition can't be found, only dump the partition table
when it's needed.Test: Build and boot ok.
Change-Id: I52407f0117b73f4b3656fe2435b08dfc7a349939
Signed-off-by: Ji Luo -
Remove CONFIG_LOAD_FDT_FROM_PART and decide the fdt
location at run time.Test: build and build ok on both Android and Android Things.
Change-Id: Ice49e71b54db33468e49298705a714e4acb333e3
Signed-off-by: Ji Luo -
The oem_bootloader partition is critical and should be verified. All
necessary verify data has been added (hash footer in oem_bootloader
and descriptors in vbmeta), verify the oem_bootloader by libavb at
u-boot stage.
Since the oem_bootloader will be loaded by libavb, use it directly
instead of loading it from disk again.Test: oem_bootloader verify ok and boot ok for both imx7d and imx8m.
Change-Id: Ic37d2555f800385a982f6664b3858b9c83b9c484
Signed-off-by: Luo Ji
20 Aug, 2018
1 commit
-
Add 1G DDR support, distinguish different boards by the
Board ID, They are:
SAI5_MCLK: Board_id[6]
SAI5_RXFS: Board_id[5]
SAI5_RXC: Board_id[4]
SAI5_RXD3: Board_id[3]
SAI5_RXD2: Board_id[2]
SAI5_RXD1: Board_id[1]
SAI5_RXD0: Board_id[0]
Current Board ID for imx8m boards are:
AIY Micron 1G: 0x5c
AIY Hynix 1G: 0x56
AIY Mirconb 3G: 0x40
Wibo 3G: 0x00
imx8m_ref 3G: 0x00Test: Boot ok on all imx8m boards.
Change-Id: I3d65931483f369c545632b660f04fc9da120547d
Signed-off-by: Luo Ji
Reviewed-on: http://androidsource.ap.freescale.net/project/5093
Reviewed-by: guoyin.chen
Reviewed-by: Wang Haoran