diff options
author | Haoran.Wang <elven.wang@nxp.com> | 2019-07-16 13:12:15 +0800 |
---|---|---|
committer | Ji Luo <ji.luo@nxp.com> | 2019-07-16 22:05:00 +0800 |
commit | 52eb9a780f1d6c5097d8bc82b16946192f025d9e (patch) | |
tree | 66f23fb50302721ba4d74f677f819977aba94036 /drivers | |
parent | 2b7597fa3e9b3d09002fc6ef85aae1de19e184d0 (diff) |
MA-15142 Support secure attestation provision
In host end, need encrypt the attestation keys and certs
by manufacture protection public key though AES-128-ECB.
Then use below 4 set of commands to provision encrypted
RSA attestation and EC attestation:
* $fastboot stage atte_rsa_key.bin
* $fastboot oem set-rsa-atte-key-enc
* $fastboot stage atte_rsa_cert.bin
* $fastboot oem append-rsa-atte-cert-enc
* $fastboot stage atte_ec_key.bin
* $fastboot oem set-ec-atte-key-enc
* $fastboot stage atte_ec_cert.bin
* $fastboot oem append-ec-atte-cert-enc
Change-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/usb/gadget/f_fastboot.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c index bb36c9bf1b..245372080d 100644 --- a/drivers/usb/gadget/f_fastboot.c +++ b/drivers/usb/gadget/f_fastboot.c @@ -3827,6 +3827,46 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req) strcpy(response, "FAILInternal error!"); } else strcpy(response, "OKAY"); + } else if (endswith(cmd, FASTBOOT_SET_RSA_ATTESTATION_KEY_ENC)) { + if (trusty_set_attestation_key_enc(interface.transfer_buffer, + download_bytes, + KM_ALGORITHM_RSA)) { + printf("ERROR set rsa attestation key failed!\n"); + strcpy(response, "FAILInternal error!"); + } else { + printf("Set rsa attestation key successfully!\n"); + strcpy(response, "OKAY"); + } + } else if (endswith(cmd, FASTBOOT_SET_EC_ATTESTATION_KEY_ENC)) { + if (trusty_set_attestation_key_enc(interface.transfer_buffer, + download_bytes, + KM_ALGORITHM_EC)) { + printf("ERROR set ec attestation key failed!\n"); + strcpy(response, "FAILInternal error!"); + } else { + printf("Set ec attestation key successfully!\n"); + strcpy(response, "OKAY"); + } + } else if (endswith(cmd, FASTBOOT_APPEND_RSA_ATTESTATION_CERT_ENC)) { + if (trusty_append_attestation_cert_chain_enc(interface.transfer_buffer, + download_bytes, + KM_ALGORITHM_RSA)) { + printf("ERROR append rsa attestation cert chain failed!\n"); + strcpy(response, "FAILInternal error!"); + } else { + printf("Append rsa attestation key successfully!\n"); + strcpy(response, "OKAY"); + } + } else if (endswith(cmd, FASTBOOT_APPEND_EC_ATTESTATION_CERT_ENC)) { + if (trusty_append_attestation_cert_chain_enc(interface.transfer_buffer, + download_bytes, + KM_ALGORITHM_EC)) { + printf("ERROR append ec attestation cert chain failed!\n"); + strcpy(response, "FAILInternal error!"); + } else { + printf("Append ec attestation key successfully!\n"); + strcpy(response, "OKAY"); + } } else if (endswith(cmd, FASTBOOT_SET_RSA_ATTESTATION_KEY)) { if (trusty_set_attestation_key(interface.transfer_buffer, download_bytes, |