Eric Lee / smarc-uboot

24 Dec, 2018

2 commits

12 Dec, 2018

1 commit

  • bcb82557f   MA-13759-1 imx8mm: Enable trusty support ... Browse Code »

    Open configs to enable trusty for imx8mm_evk and also
    add new config imx8mm_evk_android_trusty_defconfig based
    on imx8mm_evk_android_defconfig.

    Test: Trusty starts ok.

    Change-Id: Iaea90de21f886ed23082a5e8e8d2fa7fb139a9cb
    Signed-off-by: Ji Luo

    Ji Luo
     

10 Dec, 2018

1 commit

05 Dec, 2018

1 commit

04 Dec, 2018

2 commits

  • 0e8b4af40   MA-13629 [Trusty] Add commands to set vbmeta public key ... Browse Code »

    Add commands to write/read vbmeta public key to/from secure
    storage. The vbmeta public key can only be set once.
    Comands to set the public key:
    fastboot stage
    fastboot oem set-public-key

    Test: build and boot on imx8qxp_mek.

    Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca
    Signed-off-by: Ji Luo

    Ji Luo
     
  • 6192aff56   MA-13628 [Auto] Read/Write rollback index from rpmb ... Browse Code »

    Secure storage is ready in trusty so we should read/write the rollback
    index from rpmb.
    But for borads without rpmb key, read/write the rpmb will fail and will
    block the following avb verify process. In this case, check if the rpmb
    key has been set and always return AVB_IO_RESULT_OK for the boards without
    rpmb key.

    Test: build and boot pass on imx8qm_mek.

    Change-Id: I10c438e56d049ae97ebedfc446c8202642630d8b
    Signed-off-by: Ji Luo

    Ji Luo
     

22 Nov, 2018

1 commit

  • f39aa82a3   MA-13487 Refine fsl avb functions ... Browse Code »

    Too many macros are used in fsl_avbkey.c and
    make it difficult to maintain.
    This patch made some refine by:
    1. Move all avb/atx operations to fsl_avb.c.
    2. Refine the functions logic.
    3. Drop some unsupported conditions/functions.

    Test: build and boot on
    imx8qm_mek/imx8mq_evk/imx6qp_sabresd/imx7d_pico/imx8m_aiy.

    Change-Id: I5c99732acfc47d53cdf188d69223983777e577f4
    Signed-off-by: Luo Ji

    Luo Ji
     

21 Nov, 2018

1 commit

12 Nov, 2018

14 commits

  • 1b2d27563   MA-13365 [Trusty] Fix imx8q hang when rpmb key not set ... Browse Code »

    Commit "ql-tipc: trusty_ipc: Change ipc polling to be per device" removes
    rpmb_storage_proxy_poll() call in avb_do_tipc() which will return early
    if the rpmb proxy service isn't initialized properly, this will make boards
    hang if the rpmb key is not set.
    Skip initializing AVB and Keymaster client if the rpmb key hasn't been
    set, but keep the hwcrypto client initialization since we need it to
    generate the rpmb key blob.

    Test: Build and boot ok on imx8q.

    Change-Id: I1ead849e812da55edae8b739d9ae56a7d4951af4
    Signed-off-by: Ji Luo

    Ji Luo
     
  • e48ceaae2   [iot] Update rollback index when slot has been marked as successful ... Browse Code »

    The rollback index should be updated when avb verify pass
    and the slot has been marked as successful, update the
    rollback index also for those enabled dual bootloader
    feature.
    This commit also fix some configs condition issue so
    read/write rollback index with trusty will work.

    Test: rollback index updated successfully on
    imx7d_pico and AIY.

    Change-Id: I2344d6462249d8d88f0622d331cdeffc7e12f885
    Signed-off-by: Ji Luo

    Ji Luo
     
  • b57739cac   [iot] Support fastboot variable 'at-vboot-state' ... Browse Code »

    Add support for fastboot variable 'at-vboot-state', it's composed
    by 6 sub-variable: 'bootloader-locked', 'bootloader-min-versions',
    'avb-perm-attr-set', 'avb-locked', 'avb-unlock-disabled' and
    'avb-min-versions'.

    Test: All 'at-vboot-state' variables are returned
    correctly on imx7d_pico and AIY.

    Change-Id: Ibb855cbcc7c41657af62dafb98a96c4dfb96ef22
    Signed-off-by: Ji Luo

    Ji Luo
     
  • aebefa804   [iot] Support command 'oem at-disable-unlock-vboot' ... Browse Code »

    Device will be locked permanently after disabling the unlcok vboot, store
    the disable unlock vboot status into fuse. Since the fuse write operation
    is irreversible so config 'CONFIG_AVB_FUSE' is disabled by default, user
    need to add this config manually and run this command again.

    Test: Disable unlock vboot bit is set after enabling "CONFIG_AVB_FUSE",
    device was locked permanently after running this command. This is
    verified on both imx7d_pico and AIY.

    Change-Id: Iad8991a238763b1d662e33cba65f0b9eb44e97ef
    Signed-off-by: Ji Luo

    Ji Luo
     
  • c14e9d4e2   [iot] Support lock vboot for Android Things ... Browse Code »

    Supoort "fastboot oem at-lock-vboot" command for Android
    Things, this command can only be called after perm-attr
    have been fused.

    Test: build and boot ok on imx7d_pico and AIY.

    Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb
    Signed-off-by: Ji Luo

    Ji Luo
     
  • d4a0dbd9a   [iot] Support authenticated unlock ... Browse Code »

    Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
    and "fastboot oem at-unlock-vboot" to support the authenticated
    unlock feature for Android Things devices. Use software random
    numbers generator to generate the 16 bytes random challenge, it
    should be replaced with hardware encrypted random generator when
    the TEE part is ready.

    Test: Generate unlock challenge by:
    ./avbtool make_atx_unlock_credential
    --output=atx_unlock_credential.bin
    --intermediate_key_certificate=atx_pik_certificate.bin
    --unlock_key_certificate=atx_puk_certificate.bin
    --challenge=my_generated_challenge.bin
    --unlock_key=testkey_atx_puk.pem
    validated the unlock credential successfully on imx7d_pico
    and AIY.

    Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
    Signed-off-by: Ji Luo

    Ji Luo
     
  • b5bb5e0ec   initialize trusty hardware crypto service for Android Auto ... Browse Code »

    for Android Things, sha256 is caculated with software, for Android Auto,
    sha256 is caculated with CAAM hardware module. so use macro to seperate
    the code about hardware crypto service.

    Change-Id: Ibf4cad2c98240ab2c826869e9cb28ad09bded2f6
    Signed-off-by: faqiang.zhu

    faqiang.zhu
     
  • 9d5a4e04e   [iot] Support ARM64 for Trusty OS ... Browse Code »

    Align the callback to ARM64 environment for
    Trusty OS.

    TEST: AIY-3G & AIY-1G board's TIPC and AVB handler
    works.

    Change-Id: I65806f56267a4a9278db04a462e351da181618cc
    Signed-off-by: Haoran.Wang

    Haoran.Wang
     
  • 5e7a59943   ql-tipc: Compile fixes ... Browse Code »

    Change-Id: I1c800fe39b5999169edd6e2acb9f66e557a3a86e

    Arve Hjønnevåg
     
  • 1939a7914   ql-tipc: sysdeps.h: separate memory allocation from getting attributes ... Browse Code »

    Obtaining the memory attributes can be done indepentently of the
    bootloader environment and is now done by the ipc layer.

    Updated u-boot example to reflect this.

    Change-Id: I8e649a1367ba02981419c43aac6e55b469dcf651

    Roberto Pereira
     
  • 8b91ad3b1   ql-tipc: sysdeps: Change memory allocation to be page based ... Browse Code »

    Changed trusty_membuf_alloc and trusty_membuf_free to trusty_alloc_pages and
    trusty_free_pages. The memory allocated by these functions is intended
    to be shared with the secure world so it should be inherently page based.

    Updated u-boot sysdeps and trusty_ipc_dev_create/shutdown to use these
    new functions

    Change-Id: Ica1aa5b0cb50eba6ce18914d048e731133d94c4f

    Roberto Pereira
     
  • 5f019ea53   ql-tipc: ipc_dev.c: Move error exit label to correct location ... Browse Code »

    Change-Id: I4b52d9ba71c9d4fa959f19ee7d741c46dcdef09a

    Roberto Pereira
     
  • dfd911856   ql-tipc: trusty_ipc: Change ipc polling to be per device ... Browse Code »
    10

    This allows ipc devices to provide service callbacks (e.g. rpmb) transparently
    to the application instead of needing to have prior knowledge of the expected
    request and having to poll the individual services' channels separately.

    Change-Id: I3257ae5e429f4a0c279f070d750b56c5600c38d5

    Roberto Pereira
     
  • cbbcf9c2d   ql-tipc: arm: trusty_mem: Add support for more execution states ... Browse Code »

    trusty_encode_page_info now also supports EL2 and EL3 in 64-bit environments
    and PL1 and PL2 in 32-bit

    Change-Id: I296212ae7a1f0b276279819523a13eb1cfaf2a26

    Roberto Pereira
     

09 Nov, 2018

1 commit

  • a37a72c84   MA-13357 [Trusty] Init hwcrypto service even rpmb key not set ... Browse Code »

    RPMB storage proxy service will return fail if the rpmb key is not
    correct, we should not return early here if the rpmb key has not
    been set because we still need to initialize the hwcrypto service
    to generate the rpmb key blob.
    This commit also adds more hint when set the rpmb key.

    Change-Id: I8ee59e4e277b545283d63b1070e671d508dbe0c2
    Signed-off-by: Luo Ji

    Luo Ji
     

03 Nov, 2018

4 commits

  • 8cd43400c   MA-13276 [Auto] Generate key blob when set the rpmb key ... Browse Code »

    Generate the key blob and store it to the last block of boot1 partition
    after setting the rpmb key. The key blob should be checked in spl and be
    passed to Trusty OS if it's valid. If the key blob are damaged, RPMB
    storage proxy service will return fail and should make the device hang.

    Test: Build and boot ok on imx8qm/qxp.

    Change-Id: Ia274cd72109ab6ae15920e91b2a2008e1f1e667c
    Signed-off-by: Ji Luo

    Ji Luo
     
  • 4207a8df8   MA-13275 [trusty] Add tipc command to generate blob with CAAM ... Browse Code »

    Add new hwcrypto tipc command and handler to generate blob with
    CAAM.

    Test: Message exchange with trusty and blob encapsulate/decapsulate ok.

    Change-Id: I925b47cb3e22eeddf4c89e84a9c994d2f30423fe
    Signed-off-by: Ji Luo

    Ji Luo
     
  • 86b33989f   MA-13234 [Auto] Calculate SHA256 hash with CAAM ... Browse Code »

    Use CAAM to accelerate SHA256 hash calculation in AVB,
    this will reduce u-boot boot time, about 570ms can be
    saved for imx8qxp.

    Test: Build and boot ok for imx8qxp.

    Change-Id: Idbbd781e5ad8e7d6cd8865190d7547c165d02190
    Signed-off-by: Ji Luo

    Ji Luo
     
  • ced616aa4   MA-13233 [trusty] Add service 'hwcrypto' ... Browse Code »

    Add new service 'hwcrypto' to handle CAAM related work
    with Trusty OS. Add tipc interface to accelerate hash
    calculation with CAAM.

    Test: Service connect and message exchange with Trusty OS
    are ok.

    Change-Id: Ia870c3ad2ff30af987f327a9777a8b32f53593db
    Signed-off-by: Ji Luo

    Ji Luo
     

12 Oct, 2018

1 commit

13 Sep, 2018

2 commits

  • cf2a6c19c   MA-12699 Refine libavb for security features ... Browse Code »

    Assign security features to specific config.
    Now, use AVB_RPMB to enable RPMB stored rollback
    index.

    After this refine,
    for imx6/7/8 Android release, use no AVB_RPMB,
    for imx6/7 AndroidThings, use AVB_RPMB.

    This patch also fix below build error for imx6/7:
    vendor/nxp-opensource/uboot-imx/lib/avb/fsl/fsl_avbkey.c:711:2: error:
    implicit declaration of function 'fsl_fuse_read'
    [-Werror=implicit-function-declaration]
    if (fsl_fuse_read((uint32_t *)blob, RPMBKEY_FUSE_LENW,
    RPMBKEY_FUSE_OFFSET)){

    Change-Id: I734479f0627901f372f4b211b2e710bd103eb244
    Signed-off-by: Haoran.Wang

    Haoran.Wang
     
  • 0c6af83fe   MA-12698 Check NULL pointer in secure storage proxy ... Browse Code »

    In some situation, like uuu, the current mmc device
    won't return the correct value. Avoid the NULL
    pointer in secure storage proxy which may cause
    panic.

    Change-Id: Ie24afc270fec0b0977dee71b7fc44fe94876e410
    Signed-off-by: Haoran.Wang

    Haoran.Wang
     

12 Sep, 2018

2 commits

22 Aug, 2018

2 commits

21 Aug, 2018

3 commits

  • c2763113a   MA-12358 Only dump partition table when it's needed ... Browse Code »

    Sometimes we don't need to dump the whole partition table when
    some partition can't be found, only dump the partition table
    when it's needed.

    Test: Build and boot ok.

    Change-Id: I52407f0117b73f4b3656fe2435b08dfc7a349939
    Signed-off-by: Ji Luo

    Ji Luo
     
  • 80834f323   [iot] Set power-on write protection for boot1 partition ... Browse Code »

    The RPMB keyslot is stored in last block of boot1 partition which
    is easily erased or tampered, set power-on write protection for this
    partition to prevent corruption.

    Test: Power-on write protection works as expected on imx8m.

    Change-Id: I7aadaed81ff81de680da9b20049f163a982e3d57
    Signed-off-by: Luo Ji

    Luo Ji
     
  • a3f5218d3   [iot] Support rollback index protection at SPL stage ... Browse Code »

    Bootloader image take fit format and the rollback index for bootloader
    is stored at the "rbindex" node, SPL will read the rollback index for
    bootloader and compare it with the one stored in RPMB. The stored
    rollback index will be updated only when current slot pass the verify
    and has been marked as successful.

    Bug:109947126
    Test: Rollback index protection feature works fine for imx8m.

    Change-Id: Ic12db4571287fbcb99e5eba0127e0b09378fa5d6
    Signed-off-by: Luo Ji

    Luo Ji
     

20 Aug, 2018

2 commits

  • 0bfb34cbc   [iot] Verify single slot in boota for dual bootloader ... Browse Code »

    A/B switch logic will be moved to SPL stage if dual bootloader
    feature is enable, in such case, we just need to verify single
    slot which is selected in SPL stage.

    Test: verify and boot ok for imx8m.

    Change-Id: Iafe0d2d4aea1c178551940808416eec4a3547259
    Signed-off-by: Luo Ji

    Luo Ji
     
  • dbcf1e3cc   [iot] Support dual bootloader in SPL ... Browse Code »
    2

    Move the A/B slot check to SPL, the A/B slot switch
    workflow is just like what we have in libavb_ab.

    Test: A/B select works fine on imx8m.

    Change-Id: Ie3d827a9be0298b491bf2bc8d48833597fd70e90
    Signed-off-by: Luo Ji

    Luo Ji