24 Dec, 2018
1 commit
-
Sometimes we need to set random rpmb key which is invisible
except for the device.
Generate the random key with hwcrypto interface and support
fastboot command "fastboot oem set-rpmb-random-key" to set it.Test: build and boot on imx8q.
Change-Id: I44e1b6b091366d8ffceb1159fc65c17610ce5243
Signed-off-by: Ji Luo
04 Dec, 2018
1 commit
-
Add commands to write/read vbmeta public key to/from secure
storage. The vbmeta public key can only be set once.
Comands to set the public key:
fastboot stage
fastboot oem set-public-keyTest: build and boot on imx8qxp_mek.
Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca
Signed-off-by: Ji Luo
12 Nov, 2018
3 commits
-
Device will be locked permanently after disabling the unlcok vboot, store
the disable unlock vboot status into fuse. Since the fuse write operation
is irreversible so config 'CONFIG_AVB_FUSE' is disabled by default, user
need to add this config manually and run this command again.Test: Disable unlock vboot bit is set after enabling "CONFIG_AVB_FUSE",
device was locked permanently after running this command. This is
verified on both imx7d_pico and AIY.Change-Id: Iad8991a238763b1d662e33cba65f0b9eb44e97ef
Signed-off-by: Ji Luo -
Supoort "fastboot oem at-lock-vboot" command for Android
Things, this command can only be called after perm-attr
have been fused.Test: build and boot ok on imx7d_pico and AIY.
Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb
Signed-off-by: Ji Luo -
Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
and "fastboot oem at-unlock-vboot" to support the authenticated
unlock feature for Android Things devices. Use software random
numbers generator to generate the 16 bytes random challenge, it
should be replaced with hardware encrypted random generator when
the TEE part is ready.Test: Generate unlock challenge by:
./avbtool make_atx_unlock_credential
--output=atx_unlock_credential.bin
--intermediate_key_certificate=atx_pik_certificate.bin
--unlock_key_certificate=atx_puk_certificate.bin
--challenge=my_generated_challenge.bin
--unlock_key=testkey_atx_puk.pem
validated the unlock credential successfully on imx7d_pico
and AIY.Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
Signed-off-by: Ji Luo
12 Oct, 2018
1 commit
-
Add fastboot command "fastboot oem set-rpmb-key" to program the rpmb
key which should be staged first.
Usage:
1. fastboot stage my-rpmb-key.bin
2. fastboot oem set-rpmb-keyTest: rpmb key programed successfully on imx8qxp.
Change-Id: I95474a6367eb8ef0db16bb38680975b8c45b84f1
Signed-off-by: Ji Luo
20 Aug, 2018
4 commits
-
A/B switch logic will be moved to SPL stage if dual bootloader
feature is enable, in such case, we just need to verify single
slot which is selected in SPL stage.Test: verify and boot ok for imx8m.
Change-Id: Iafe0d2d4aea1c178551940808416eec4a3547259
Signed-off-by: Luo Ji -
Move the A/B slot check to SPL, the A/B slot switch
workflow is just like what we have in libavb_ab.Test: A/B select works fine on imx8m.
Change-Id: Ie3d827a9be0298b491bf2bc8d48833597fd70e90
Signed-off-by: Luo Ji -
Support "fastboot oem fuse at-perm-attr" command for
ATX. The perm_attr will be stored into RPMB which
managed by Trusty OS.
Modified permanent_attributes related AVB ops that
support Trusty OS backed RPMB storage.Change-Id: Id6248570b4294fed3c45270064196bd6b9cf9208
Signed-off-by: Haoran.Wang -
This commit did:
1. Sync AVB lib with external/avb, head of commit is:
commit 6d5326a945c2d17d5d0e7718d5cb97663c3b33a2
Author: Neal Ostrem
Date: Tue Apr 24 13:09:45 2018 -0700Merge fix/changes required after merge from AOSP ToT.
Change library name to one used by AT.
Test: Built successfully and unit tests pass.
Change-Id: I5e5fc9a6010d96cfecfc6faf0858ba930cba65a0
2. Change product id in ATX to be full zeros to sync with
external/avb.
3. Fix build errors and implement ops fsl_set_key_version.
4. Move most nxp modified code to lib/avb/fsl/.Test: build and boot successfully for imx7d_pico and imx8m_phanbell.
Change-Id: I199a035fe8267b10955299a4b745458d40a2e754
Signed-off-by: Luo Ji
13 Jun, 2018
1 commit
-
Porting the android AVB lib from imx u-boot v2017.03
Signed-off-by: Ye Li