[iot] Support lock vboot for Android Things

Supoort "fastboot oem at-lock-vboot" command for Android Things, this command can only be called after perm-attr have been fused. Test: build and boot ok on imx7d_pico and AIY. Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb Signed-off-by: Ji Luo <ji.luo@nxp.com>
author: Ji Luo <ji.luo@nxp.com> 2018-08-23 19:12:45 +0800
committer: faqiang.zhu <faqiang.zhu@nxp.com> 2018-11-12 09:18:37 +0800
commit: c14e9d4e276c408db200a632029a8193944348f3 (patch)
tree: 92582988f4a35fa40766fd34842436d91feb9e72 /lib
parent: d4a0dbd9a467984d7f4a4861213298e2b95a3327 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c
index 9436e9b865..5ac88a3bb3 100644
--- a/lib/avb/fsl/fsl_avbkey.c
+++ b/lib/avb/fsl/fsl_avbkey.c
@@ -283,6 +283,23 @@ int avb_atx_verify_unlock_credential(struct AvbAtxOps* atx_ops,
 		return 0;
 }
 
+bool perm_attr_are_fused(void)
+{
+#ifdef CONFIG_IMX_TRUSTY_OS
+	AvbAtxPermanentAttributes attributes;
+	if(!trusty_read_permanent_attributes((uint8_t *)(&attributes),
+		sizeof(AvbAtxPermanentAttributes))) {
+		return true;
+	} else {
+		ERR("No perm-attr fused, please fuse your perm-attr first!.\n");
+		return false;
+	}
+#else
+	/* We hard code the perm-attr if trusty is not enabled. */
+	return true;
+#endif
+}
+
 /* Reads permanent |attributes| data. There are no restrictions on where this
  * data is stored. On success, returns AVB_IO_RESULT_OK and populates
  * |attributes|.
author	Ji Luo <ji.luo@nxp.com>	2018-08-23 19:12:45 +0800
committer	faqiang.zhu <faqiang.zhu@nxp.com>	2018-11-12 09:18:37 +0800
commit	c14e9d4e276c408db200a632029a8193944348f3 (patch)
tree	92582988f4a35fa40766fd34842436d91feb9e72 /lib
parent	d4a0dbd9a467984d7f4a4861213298e2b95a3327 (diff)