MA-13048 [AUTO] Support program rpmb key with fastboot command

Add fastboot command "fastboot oem set-rpmb-key" to program the rpmb key which should be staged first. Usage: 1. fastboot stage my-rpmb-key.bin 2. fastboot oem set-rpmb-key Test: rpmb key programed successfully on imx8qxp. Change-Id: I95474a6367eb8ef0db16bb38680975b8c45b84f1 Signed-off-by: Ji Luo <ji.luo@nxp.com> (cherry picked from commit 557981f3ace1f11f1483668dd97076e6c3f1d1cc)
author: Ji Luo <ji.luo@nxp.com> 2018-10-10 17:29:35 +0800
committer: Ye Li <ye.li@nxp.com> 2018-10-11 19:41:40 -0700
commit: 884ef77506e8255903ba9d9b8f6d54142f242e9f (patch)
tree: 3c7934787819d3aead5a2c8d0188e6588dd9764e
parent: c66bb808116f24c9f8f95db974b62046d9a9e0ba (diff)
5 files changed, 80 insertions, 0 deletions
diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c
index a9e92d4225..31445d6b14 100644
--- a/drivers/usb/gadget/f_fastboot.c
+++ b/drivers/usb/gadget/f_fastboot.c
@@ -3348,6 +3348,15 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req)
 			strcpy(response, "OKAY");
 	}
 #endif /* CONFIG_AVB_ATX || CONFIG_ANDROID_AUTO_SUPPORT */
+#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+	else if (endswith(cmd, FASTBOOT_SET_RPMB_KEY)) {
+		if (fastboot_set_rpmb_key(interface.transfer_buffer, download_bytes)) {
+			printf("ERROR set rpmb key failed!\n");
+			strcpy(response, "FAILset rpmb key failed!");
+		} else
+			strcpy(response, "OKAY");
+	}
+#endif
 #endif /* CONFIG_IMX_TRUSTY_OS */
 	else if (endswith(cmd, "unlock_critical")) {
 		strcpy(response, "OKAY");
diff --git a/include/fsl_avb.h b/include/fsl_avb.h
index f992be91a1..20db2674d2 100644
--- a/include/fsl_avb.h
+++ b/include/fsl_avb.h
@@ -240,4 +240,7 @@ AvbABFlowResult avb_flow_dual_uboot(AvbABOps* ab_ops,
 /* Program ATX perm_attr into RPMB partition */
 int avb_atx_fuse_perm_attr(uint8_t *staged_buffer, uint32_t size);
 
+/* Initialize rpmb key with the staged key */
+int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size);
+
 #endif /* __FSL_AVB_H__ */
diff --git a/include/fsl_fastboot.h b/include/fsl_fastboot.h
index 813b52f711..b033aaee91 100644
--- a/include/fsl_fastboot.h
+++ b/include/fsl_fastboot.h
@@ -83,10 +83,15 @@
 #define FASTBOOT_PARTITION_FBMISC "fbmisc"
 #endif
 
+#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#define FASTBOOT_SET_RPMB_KEY "set-rpmb-key"
+#endif
+
 #if defined(CONFIG_AVB_ATX) || defined(CONFIG_ANDROID_AUTO_SUPPORT)
 #define FASTBOOT_SET_CA_RESP "at-set-ca-response"
 #define FASTBOOT_GET_CA_REQ  "at-get-ca-request"
 #endif /* CONFIG_AVB_ATX || CONFIG_ANDROID_AUTO_SUPPORT */
+
 #ifdef CONFIG_ANDROID_THINGS_SUPPORT
 #define FASTBOOT_BOOTLOADER_VBOOT_KEY "fuse at-bootloader-vboot-key"
 #ifdef CONFIG_AVB_ATX
diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c
index 71a012906b..7c192f31ef 100644
--- a/lib/avb/fsl/fsl_avbkey.c
+++ b/lib/avb/fsl/fsl_avbkey.c
@@ -1368,3 +1368,63 @@ fail:
 }
 
 #endif /* AVB_RPMB && CONFIG_AVB_ATX */
+
+#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
+{
+	int ret = 0;
+	int mmcc;
+	struct mmc *mmc;
+	char original_part;
+	struct blk_desc *desc = NULL;
+	uint8_t rpmb_key[RPMBKEY_LENGTH];
+
+	if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) {
+		printf("ERROR - rpmb magic doesn't match!\n");
+		return -1;
+	}
+
+	/* Get current mmc device. */
+	mmcc = mmc_get_env_dev();
+	mmc = find_mmc_device(mmcc);
+	if (!mmc) {
+		printf("error - cannot find '%d' mmc device\n", mmcc);
+		return -1;
+	}
+	desc = mmc_get_blk_desc(mmc);
+	original_part = desc->hwpart;
+
+	/* Switch to the RPMB partition */
+	if (desc->hwpart != MMC_PART_RPMB) {
+		if (mmc_switch_part(mmc, MMC_PART_RPMB) != 0) {
+			printf("ERROR - can't switch to rpmb partition \n");
+			return -1;
+		}
+		desc->hwpart = MMC_PART_RPMB;
+	}
+
+	/* Set rpmb key. */
+	memset(rpmb_key, 0, RPMBKEY_LENGTH);
+	memcpy(rpmb_key, staged_buf + strlen(RPMB_KEY_MAGIC), RPMBKEY_LENGTH);
+
+	if (mmc_rpmb_set_key(mmc, rpmb_key)) {
+		printf("ERROR - Key already programmed ?\n");
+		ret = -1;
+		goto fail;
+	} else
+		printf("RPMB key programed successfully!");
+
+	/* TODO Generate keyblob with CAAM and store it to boot1,
+	 * this requires CAAM is ready for Android Auto.
+	 */
+fail:
+	/* Return to original partition */
+	if (desc->hwpart != original_part) {
+		if (mmc_switch_part(mmc, original_part) != 0)
+			return -1;
+		desc->hwpart = original_part;
+	}
+
+	return ret;
+}
+#endif
diff --git a/lib/avb/fsl/fsl_avbkey.h b/lib/avb/fsl/fsl_avbkey.h
index 1a1b76ad09..7300a12d2f 100644
--- a/lib/avb/fsl/fsl_avbkey.h
+++ b/lib/avb/fsl/fsl_avbkey.h
@@ -31,6 +31,9 @@
 #define AVB_KBLB_MAGIC "\0KBLB!"
 #define AVB_KBLB_MAGIC_LEN 6
 
+#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#define RPMB_KEY_MAGIC "RPMB"
+#endif
 
 struct kblb_tag {
 	uint32_t flag;
author	Ji Luo <ji.luo@nxp.com>	2018-10-10 17:29:35 +0800
committer	Ye Li <ye.li@nxp.com>	2018-10-11 19:41:40 -0700
commit	884ef77506e8255903ba9d9b8f6d54142f242e9f (patch)
tree	3c7934787819d3aead5a2c8d0188e6588dd9764e
parent	c66bb808116f24c9f8f95db974b62046d9a9e0ba (diff)