21 Nov, 2018
2 commits
-
To enable SPL+CONTAINER format on android auto with tee, after SPL load
container, SPL need to check rpmb keyblob and copy it to secure memory
for latter use.Change-Id: I40a791d5b5b1eba6a0170d6853626fb546be4b2c
Signed-off-by: faqiang.zhu -
Pass "androidboot.keystore=trusty" for trusty backed keymaster
service, pass "androidboot.keystore=software" for software
keymaster service.Test: boot pass on imx8qm_mek.
Change-Id: I9fa38c15a7c10aef09ab29b0e9859b690e3e7a41
Signed-off-by: Ji Luo
20 Nov, 2018
1 commit
-
Update the ddrc Qos setting for B1 to align with B0'ssetting.
Correct the initial clock for dram_pll. This setting will be
overwrite before ddr phy training. Although there is no impact
on the dram init, we still need to correct it to eliminate
confusion.Signed-off-by: Bai Ping
Reviewed-by: Ye Li
Tested-by: Robby Cai
(cherry picked from commit 566b798213ab9690966f163de2765acdbfe647a7)
19 Nov, 2018
1 commit
-
Some platforms don't have alias for usb1 device, so when initialize the
second controller, its seq is allocated by u-boot automatically.
This introduces a problem if the initialization of first controller is failed,
for example nothing connect to first controller, then the seq allocated
for second controller is 0 not 1. EHCI driver uses the seq as index for
USB controller and phy, so it will cause initialization problem for second
controller.Fix the issue by adding the usb1 alias for second USB controller.
Signed-off-by: Ye Li
Reviewed-by: Peng Fan
(cherry picked from commit fe21a1ab93d0788017ec58905e3273c9ab0f5a67)
16 Nov, 2018
2 commits
-
Enlarge dom0 mem to 2048M
Signed-off-by: Peng Fan
(cherry picked from commit 2f756c93a265e96bf524bfbe224fbbeceecd1417) -
Enable dm usb using the base board otg usb port for fastboot usage
Signed-off-by: Peng Fan
Reviewed-by: Ye Li
15 Nov, 2018
6 commits
-
Enable dm serial for xen uboot.
Log as below:
#xl console 1
MMC: FSL_SDHC: 0
Loading Environment from ... *** Warning - bad CRC, using default environmentFailed (-5)
In: serial@5a060000
Out: serial@5a060000
Err: serial@5a060000
flash target is MMC:0
Fastboot: Normal
Normal Boot
=>Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu -
Support output/input using `xl console [domid]`.
Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu -
Update mem map table for xen uboot.
xen console and some magic pages needs to be mappe as normal memory.Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu -
Introduce new hypercalls
Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu -
Introduce puts hook for dm serial driver.
Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu -
Introduce xen header files from Linux Kernel commit
e2b623fbe6a3("Merge tag 's390-4.20-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux")Signed-off-by: Peng Fan
Reviewed-by: Peng Fan
Reviewed-by: Flynn xu
14 Nov, 2018
3 commits
-
Fix coverity issue CID 43665: Free of address-of expression (BAD_FREE)
incorrect_free: free frees incorrect pointer pp.pp points the port array field of struct ahci_uc_priv, should not free it.
Signed-off-by: Ye Li
Acked-by: Peng Fan -
Fix coverity issue CID 18031: Resource leak (RESOURCE_LEAK)
leaked_storage: Variable fill_buf going out of scope leaks the storage it points toShould free the fill_buf before function return.
Signed-off-by: Ye Li
-
Current flexspi clock root is set to 25Mhz OSC, but the flash can support
to 166Mhz clock, so change the flexspi clock root to system PLL1 100Mhz
clock to increase speed.Signed-off-by: Ye Li
Reviewed-by: Peng Fan
13 Nov, 2018
9 commits
-
Current code uses strlen of string to get the property data
length, which is wrong for unicode string, also the whole
property length also should be corrected(descriptor length
minus head length, 142-10=132), detail data format of single
GUID see below table:Table 4a: Microsoft Extended Properties Feature Descriptor
===================================================================
Value | TYPE | Description
===================================================================
0x8E, 0x00, 0x00, 0x00 | DWORD (LE) | Descriptor length
| | (142 bytes)
--------------------------------------------------------------------
0x00, 0x01 | BCD WORD (LE) | Version ('1.0')
--------------------------------------------------------------------
0x05, 0x00 | WORD (LE) | Extended Property
| | Descriptor index (5)
--------------------------------------------------------------------
0x01, 0x00 | WORD (LE) | Number of sections (1)
--------------------------------------------------------------------
0x84, 0x00, 0x00, 0x00 | DWORD (LE) | Size of the property
| | section (132 bytes)
--------------------------------------------------------------------
0x01, 0x00, 0x00, 0x00 | DWORD (LE) | Property data type
| | (1 = Unicode
| | REG_SZ,
| | see table below)
--------------------------------------------------------------------
0x28, 0x00 | WORD (LE) | Property name
| | length (40 bytes)
--------------------------------------------------------------------
0x44, 0x00, 0x65, 0x00, | NUL-terminated | Property name
(...) | Unicode String | "DeviceInterfaceGUID"
0x74, 0x00, 0x00, 0x00 | (LE) |
--------------------------------------------------------------------
0x4e, 0x00, 0x00, 0x00 | DWORD (LE) | Property data
| | length (78 bytes)
--------------------------------------------------------------------
0x7b, 0x00, 0x46, 0x00, | NUL-terminated | Property name
(...) | Unicode String | "{xxxxxxxx-xxxx-
0x7d, 0x00, 0x00, 0x00 | (LE) | xxxx-xxxx-
| | xxxxxxxxxxxx}\0"
--------------------------------------------------------------------Details of WCID see below link:
https://github.com/pbatard/libwdi/wiki/WCID-DevicesReviewed-by: Ye Li
Signed-off-by: Li Jun -
Fix coverity issue CID 5015449: Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking mmc suggests that it may be null, but it has
already been dereferenced on all paths leading to the checkSigned-off-by: Ye Li
-
Fix coverity issue CID 1898965: Dereference null return value (NULL_RETURNS)
dereference: Dereferencing a pointer that might be NULL dev_desc when calling
write_backup_gpt_partitionsSigned-off-by: Ye Li
-
Fix coverity issue CID 3826473: Destination buffer too small (STRING_OVERFLOW)
string_overflow: You might overrun the 16-character destination string buffer by
writing 20 characters fromThe size of g_ptable->name is 20, but we use 16 bytes buffer for strcpy. It may
cause buffer overflow.Signed-off-by: Ye Li
-
Fix coverity issue CID 3606685: Structurally dead code (UNREACHABLE)
unreachable: This code cannot be reached: return esdhc_getcd_commonShould not return true directly, otherwise the esdhc_getcd_common is
bypassed.Signed-off-by: Ye Li
-
Fix coverity issue CID 3411367: Missing break in switch (MISSING_BREAK)
unterminated_case: The case for value 1U is not terminated by a 'break' statement.Signed-off-by: Ye Li
-
Fix coverity issue CID 3768406: Dereference null return value (NULL_RETURNS)
dereference: Dereferencing a pointer that might be NULL gis_input when calling strcmp.The gis_input may returns NULL from env_get, need check it before strcmp.
Signed-off-by: Ye Li
-
Fix coverity issue CID 3261683: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
operator_confusion: ({...; __v;}) | 67108864 is always 1/true regardless of the values
of its operand. This occurs as the logical operand of !When DIAG_X is set, the PHY COMINIT signal is detected, so should use '&' to check
whether it is set.Signed-off-by: Ye Li
-
Fix coverity issue CID 3606684: Resource leak (RESOURCE_LEAK)
leaked_storage: Variable uc_priv going out of scope leaks the storage it points toSigned-off-by: Ye Li
12 Nov, 2018
16 commits
-
Commit "ql-tipc: trusty_ipc: Change ipc polling to be per device" removes
rpmb_storage_proxy_poll() call in avb_do_tipc() which will return early
if the rpmb proxy service isn't initialized properly, this will make boards
hang if the rpmb key is not set.
Skip initializing AVB and Keymaster client if the rpmb key hasn't been
set, but keep the hwcrypto client initialization since we need it to
generate the rpmb key blob.Test: Build and boot ok on imx8q.
Change-Id: I1ead849e812da55edae8b739d9ae56a7d4951af4
Signed-off-by: Ji Luo -
The rollback index should be updated when avb verify pass
and the slot has been marked as successful, update the
rollback index also for those enabled dual bootloader
feature.
This commit also fix some configs condition issue so
read/write rollback index with trusty will work.Test: rollback index updated successfully on
imx7d_pico and AIY.Change-Id: I2344d6462249d8d88f0622d331cdeffc7e12f885
Signed-off-by: Ji Luo -
SHA256 hash of the entire verified software stack should be calculated
and passed to 'trusty_set_boot_params'. This commit will calculate the
SHA256 hash which represents spl.bin and bootloader.img, and then extend
that hash with the hash of vbmeta image into the final VBH.Bug: 110905171
Test: VBH is calculated and passed ok on AIY.
Change-Id: Id83ad36f3de79bedd435ca8f26035a35cca66b07
Signed-off-by: Ji Luo -
Enable HAB for imx8m Android Things platform, this will enable
HAB verify for bootloader.img(atf+tee+u-boot) at spl stage.
Disable the HAB verify for bootimg because we will use AVB to
verify it.Test: Build and boot ok on AIY.
Change-Id: Ia6ee456c7c5fa71afc3740689adf898f411c6c4e
Signed-off-by: Ji Luo -
- temp fix for boot hangup with camera
This reverts commit a8109598e7dca72d415ad5d26ac5868b88da9dfc.
Bug: 115532706
Test: test boot up
Change-Id: I7bb1bc14eb81ae0965fc03abdf5cb65444720d13 -
Add support for fastboot variable 'at-vboot-state', it's composed
by 6 sub-variable: 'bootloader-locked', 'bootloader-min-versions',
'avb-perm-attr-set', 'avb-locked', 'avb-unlock-disabled' and
'avb-min-versions'.Test: All 'at-vboot-state' variables are returned
correctly on imx7d_pico and AIY.Change-Id: Ibb855cbcc7c41657af62dafb98a96c4dfb96ef22
Signed-off-by: Ji Luo -
Device will be locked permanently after disabling the unlcok vboot, store
the disable unlock vboot status into fuse. Since the fuse write operation
is irreversible so config 'CONFIG_AVB_FUSE' is disabled by default, user
need to add this config manually and run this command again.Test: Disable unlock vboot bit is set after enabling "CONFIG_AVB_FUSE",
device was locked permanently after running this command. This is
verified on both imx7d_pico and AIY.Change-Id: Iad8991a238763b1d662e33cba65f0b9eb44e97ef
Signed-off-by: Ji Luo -
Supoort "fastboot oem at-lock-vboot" command for Android
Things, this command can only be called after perm-attr
have been fused.Test: build and boot ok on imx7d_pico and AIY.
Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb
Signed-off-by: Ji Luo -
Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
and "fastboot oem at-unlock-vboot" to support the authenticated
unlock feature for Android Things devices. Use software random
numbers generator to generate the 16 bytes random challenge, it
should be replaced with hardware encrypted random generator when
the TEE part is ready.Test: Generate unlock challenge by:
./avbtool make_atx_unlock_credential
--output=atx_unlock_credential.bin
--intermediate_key_certificate=atx_pik_certificate.bin
--unlock_key_certificate=atx_puk_certificate.bin
--challenge=my_generated_challenge.bin
--unlock_key=testkey_atx_puk.pem
validated the unlock credential successfully on imx7d_pico
and AIY.Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
Signed-off-by: Ji Luo -
Change-Id: Ia9e76742d0501d3222d5837057d8bc916f2ff989
Signed-off-by: Haoran.Wang -
for Android Things, sha256 is caculated with software, for Android Auto,
sha256 is caculated with CAAM hardware module. so use macro to seperate
the code about hardware crypto service.Change-Id: Ibf4cad2c98240ab2c826869e9cb28ad09bded2f6
Signed-off-by: faqiang.zhu -
Change some includes in include/trusty/sysdeps.h
to match our platform.Test: build pass for imx7d and imx8m.
Change-Id: I01fd3634413f358ead8c9b67d05def544682c274
Signed-off-by: Luo Ji -
Trusty image should be loaded to different address for AIY 1G/3G ddr
board which have different ddr size. Use board id to distinguish
different baseboard, load trusty image to 0x7e00_0000 for AIY 1G ddr
board and 0xfe00_0000 for AIY 3G ddr board.Test: build and boot Trusty ok for AIY 1G/3G ddr board.
Change-Id: I62d8a19b13fe19f38075512a6faa4bbb36f74791
Signed-off-by: Ji Luo -
Align the callback to ARM64 environment for
Trusty OS.TEST: AIY-3G & AIY-1G board's TIPC and AVB handler
works.Change-Id: I65806f56267a4a9278db04a462e351da181618cc
Signed-off-by: Haoran.Wang -
Per security requirement, attestation of keymaster
supported by Trusty OS should support both P256
and curve25519 algorithm for Diffie-Hellman.TEST: Works on AIY boards by below commands:
$fastboot getvar at-attest-dhChange-Id: I3244f8d8b677222463b4e8fc75412e54dadeb23e
Signed-off-by: Haoran.Wang -
Because sysdeps.h in trusty include stdint.h, so we need to define
USE_STDINT.Test: Local build test and flash on imx7d. Verify provision som
key and product key succeed.
Bug: None
Change-Id: I08db7c10dd4453a87f15ff4432335fe4c41f9c5f
