08 Jan, 2019
1 commit
-
Pass the verified boot key hash to keymaster, it will be
treated as the root trust in keymaster service.
Also set the 'initialized' flag after initializing the
keymaster client or set keymaster boot parameters will fail.Test: Pass CTS cases:
android.keystore.cts.KeyAttestationTest#testRsaAttestation
android.keystore.cts.KeyAttestationTest#testEcAttestationChange-Id: I486b5493826160f42c61a3da0e6cd769df92254d
Signed-off-by: Ji Luo
24 Dec, 2018
1 commit
-
Add new hwcrypto command to support rng generation with CAAM.
Test: rng generated on imx8qxp_mek.
Change-Id: I756f3e99423f0f9dfc2bcd30117a3f96e9f5f2f7
Signed-off-by: Ji Luo
12 Dec, 2018
1 commit
-
Open configs to enable trusty for imx8mm_evk and also
add new config imx8mm_evk_android_trusty_defconfig based
on imx8mm_evk_android_defconfig.Test: Trusty starts ok.
Change-Id: Iaea90de21f886ed23082a5e8e8d2fa7fb139a9cb
Signed-off-by: Ji Luo
10 Dec, 2018
1 commit
-
Print the func name instead of null buffer.
Test: boot on imx8qm_mek.
Change-Id: I883a9cebb2981b7e2451c00ed27000baf40097bf
Signed-off-by: Ji Luo
04 Dec, 2018
1 commit
-
Add commands to write/read vbmeta public key to/from secure
storage. The vbmeta public key can only be set once.
Comands to set the public key:
fastboot stage
fastboot oem set-public-keyTest: build and boot on imx8qxp_mek.
Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca
Signed-off-by: Ji Luo
21 Nov, 2018
1 commit
-
Pass "androidboot.keystore=trusty" for trusty backed keymaster
service, pass "androidboot.keystore=software" for software
keymaster service.Test: boot pass on imx8qm_mek.
Change-Id: I9fa38c15a7c10aef09ab29b0e9859b690e3e7a41
Signed-off-by: Ji Luo
12 Nov, 2018
8 commits
-
Commit "ql-tipc: trusty_ipc: Change ipc polling to be per device" removes
rpmb_storage_proxy_poll() call in avb_do_tipc() which will return early
if the rpmb proxy service isn't initialized properly, this will make boards
hang if the rpmb key is not set.
Skip initializing AVB and Keymaster client if the rpmb key hasn't been
set, but keep the hwcrypto client initialization since we need it to
generate the rpmb key blob.Test: Build and boot ok on imx8q.
Change-Id: I1ead849e812da55edae8b739d9ae56a7d4951af4
Signed-off-by: Ji Luo -
for Android Things, sha256 is caculated with software, for Android Auto,
sha256 is caculated with CAAM hardware module. so use macro to seperate
the code about hardware crypto service.Change-Id: Ibf4cad2c98240ab2c826869e9cb28ad09bded2f6
Signed-off-by: faqiang.zhu -
Change-Id: I1c800fe39b5999169edd6e2acb9f66e557a3a86e
-
Obtaining the memory attributes can be done indepentently of the
bootloader environment and is now done by the ipc layer.Updated u-boot example to reflect this.
Change-Id: I8e649a1367ba02981419c43aac6e55b469dcf651
-
Changed trusty_membuf_alloc and trusty_membuf_free to trusty_alloc_pages and
trusty_free_pages. The memory allocated by these functions is intended
to be shared with the secure world so it should be inherently page based.Updated u-boot sysdeps and trusty_ipc_dev_create/shutdown to use these
new functionsChange-Id: Ica1aa5b0cb50eba6ce18914d048e731133d94c4f
-
Change-Id: I4b52d9ba71c9d4fa959f19ee7d741c46dcdef09a
-
This allows ipc devices to provide service callbacks (e.g. rpmb) transparently
to the application instead of needing to have prior knowledge of the expected
request and having to poll the individual services' channels separately.Change-Id: I3257ae5e429f4a0c279f070d750b56c5600c38d5
-
trusty_encode_page_info now also supports EL2 and EL3 in 64-bit environments
and PL1 and PL2 in 32-bitChange-Id: I296212ae7a1f0b276279819523a13eb1cfaf2a26
09 Nov, 2018
1 commit
-
RPMB storage proxy service will return fail if the rpmb key is not
correct, we should not return early here if the rpmb key has not
been set because we still need to initialize the hwcrypto service
to generate the rpmb key blob.
This commit also adds more hint when set the rpmb key.Change-Id: I8ee59e4e277b545283d63b1070e671d508dbe0c2
Signed-off-by: Luo Ji
03 Nov, 2018
3 commits
-
Generate the key blob and store it to the last block of boot1 partition
after setting the rpmb key. The key blob should be checked in spl and be
passed to Trusty OS if it's valid. If the key blob are damaged, RPMB
storage proxy service will return fail and should make the device hang.Test: Build and boot ok on imx8qm/qxp.
Change-Id: Ia274cd72109ab6ae15920e91b2a2008e1f1e667c
Signed-off-by: Ji Luo -
Add new hwcrypto tipc command and handler to generate blob with
CAAM.Test: Message exchange with trusty and blob encapsulate/decapsulate ok.
Change-Id: I925b47cb3e22eeddf4c89e84a9c994d2f30423fe
Signed-off-by: Ji Luo -
Add new service 'hwcrypto' to handle CAAM related work
with Trusty OS. Add tipc interface to accelerate hash
calculation with CAAM.Test: Service connect and message exchange with Trusty OS
are ok.Change-Id: Ia870c3ad2ff30af987f327a9777a8b32f53593db
Signed-off-by: Ji Luo
13 Sep, 2018
1 commit
-
In some situation, like uuu, the current mmc device
won't return the correct value. Avoid the NULL
pointer in secure storage proxy which may cause
panic.Change-Id: Ie24afc270fec0b0977dee71b7fc44fe94876e410
Signed-off-by: Haoran.Wang
12 Sep, 2018
2 commits
-
This patch fix the bug that when keymaster tipc not
initialized the access will make uboot panic.Change-Id: I6500219061ce69103c5f98750eaa5ace4854efea
Signed-off-by: Haoran.Wang -
Align the callback to ARM64 environment for
Trusty OS.TEST: AIY-3G & AIY-1G board's TIPC and AVB handler
works.Change-Id: I65806f56267a4a9278db04a462e351da181618cb
Signed-off-by: Haoran.Wang
20 Aug, 2018
4 commits
-
Fix build warnings in u-boot.
Change-Id: I1944657d2d89a03c0d2303a22a09538dfaa5fd2c
Signed-off-by: Luo Ji -
Add API and IPC calls to read the ATAP certificate UUID from keymaster.
Also rename const local variables to the standard convention.
This cherry-picked the CL 649562 from trusty/external/trusty.Bug: 76211194
Change-Id: I98ab68180c3855e07884994dc20b879f0b59965d
Signed-off-by: Haoran.Wang -
Refine ql-tipc Makefile to pass the u-boot
build which use uboot.mk.Change-Id: I678eebdd8b5e5702a59b20b9580592dbaa78aa90
Signed-off-by: Haoran.Wang -
Update to commit bb39a2b12dce8b6c9df9012faf231648de795e6d
List of changes:
bb39a2b ql-tipc: Support ATAP operations from bootloader
62b8d61 ql-tipc: Move serialization code to keymaster_serializable
8283307 avoid dead loop if tipc is closed by peer
cf3f7f5 [ql-tipc] Refactor U-boot rpmb_storage_send
4b1d74d Make logging more readableTest: build + manual TIPC tests
Change-Id: Ib2c0e7a4a8313b6e62c1fe4f58b923c0c2d3f695
13 Jun, 2018
1 commit
-
The lib provided ql-tipc communication channel with
Trusty OS.
Also the AVB, Keymaster and SecureStorage service
tipc client implement in this lib.Change-Id: I0ab1ec9ee1b6f272b960c2e944008283c2c9249a
Signed-off-by: Haoran.Wang
(cherry picked from commit 8fb370dd80fbb293b58115d2e7fc4970813773c7)