18 May, 2020
3 commits
-
Decrypt and verify the secure credential in keymaster TA, unlock
operation can only be allowed after secure credential verify pass.Since the mppubk can only be generated on hab closed imx8q, so secure
unlock feature can only supported when hab is closed.Test: secure unlock credential verify on hab closed imx8mm_evk.
Change-Id: I1ab5e24df28d1e75ff853de3adf29f34da1d0a71
Signed-off-by: Ji Luo
(cherry picked from commit 631149fc0fc8ce035311949db643c2708e41435a) -
The A/B slot selection is moved to spl, it may lead to hang
if no bootable slots found. The only way to recover the board
is re-flash images with uuu tool, which is quite inconvenient
for some customers who can't enter serial download mode.This patch will set "spl recovery mode" which will give us a
chance to re-flash images with fastboot commands.Test: Enter spl recovery mode and flash images when no bootable
slots found.Change-Id: I31278f5212bde7609fe2f49e77b3849e92c0c516
Signed-off-by: Ji Luo
(cherry picked from commit 46cc755cf3f42422ee1d7783394e14e8125df2b6) -
Add new keymaster commands to get Manufacure Production key (mppubk).
Since the mppubk can only be generated in OEM CLOSED imx8q board, so
we can only use this command when the board is HAB/AHAB closed.Commands to extract the mppubk:
* $fastboot oem get-mppubk
* $fastboot get_staged mppubk.binTest: Generate and dump the mppubk.bin
Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4
Signed-off-by: Ji Luo
(cherry picked from commit 52300d644a275dfa4fe73ecb51601a8efaff8ab7)
27 Apr, 2020
1 commit
-
Porting the android AVB lib from imx u-boot v2018.03. Since 2019 u-boot
has added latest AVB library, try to reuse it.Signed-off-by: Ye Li
(cherry picked from commit 2105662ada738a271e12a81d775134a5821dc38f)
(cherry picked from commit f7291d86c4183ce2e299ad271aa5618c71507ffc)
(cherry picked from commit b871714c519e1bda3de6afbd354bee2cb246e4b7)
