16 Oct, 2019
1 commit
-
Add commands to read oem device unlock state from
trusty avb app. Use the oem device unlock state to
determine if the device can be unlocked instead of
the state in persistdata part.Test: Read oem device unlock state from avb app.
Change-Id: Ifccaa788ba0f681c2b3a47151c8474e8da5a2559
Signed-off-by: Ji Luo
20 Aug, 2019
1 commit
-
Decrypt and verify the secure credential in keymaster TA, unlock
operation can only be allowed after secure credential verify pass.Since the mppubk can only be generated on hab closed imx8q, so secure
unlock feature can only supported when hab is closed.Test: secure unlock credential verify on hab closed imx8mm_evk.
Change-Id: I1ab5e24df28d1e75ff853de3adf29f34da1d0a71
Signed-off-by: Ji Luo
25 Jul, 2019
3 commits
-
It can be dangerous to export some hwcrypto commands to Linux,
add commands to limit some commands within bootloader.Test: hwcrypto commands can't be used after locking boot state.
Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22
Signed-off-by: Ji Luo -
Add new command to generate bkek from trusty.
Test: generate and dump bkek.
Change-Id: I6b2a30b87c755eecd00ced7c53cfb86e432040de
Signed-off-by: Ji Luo -
Add new keymaster commands to get Manufacure Production key (mppubk).
Since the mppubk can only be generated in OEM CLOSED imx8q board, so
we can only use this command when the board is HAB/AHAB closed.Commands to extract the mppubk:
* $fastboot oem get-mppubk
* $fastboot get_staged mppubk.binTest: Generate and dump the mppubk.bin
Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4
Signed-off-by: Ji Luo
24 May, 2019
1 commit
-
The lib provided ql-tipc communication channel with
Trusty OS.
Also the AVB, Keymaster, hwcrypto and SecureStorage service
tipc client implement in this lib.Change-Id: I0ab1ec9ee1b6f272b960c2e944008283c2c9249a
Signed-off-by: Haoran.Wang
(cherry picked from commit 8fb370dd80fbb293b58115d2e7fc4970813773c7)
(cherry picked from commit 0ccdd527a794c2b450658980361a7857ce7495c9)
