diff options
author | Ji Luo <ji.luo@nxp.com> | 2018-11-30 09:59:36 +0800 |
---|---|---|
committer | Ji Luo <ji.luo@nxp.com> | 2018-12-04 10:38:55 +0800 |
commit | 6192aff56871a4f88c8ac23d9ca2b6131c579f1f (patch) | |
tree | ba168a2319cc01c08b7796e97d972fe7f7f4a48e | |
parent | a024d695b71caf33a3ec2334c235beba398393c2 (diff) |
MA-13628 [Auto] Read/Write rollback index from rpmb
Secure storage is ready in trusty so we should read/write the rollback
index from rpmb.
But for borads without rpmb key, read/write the rpmb will fail and will
block the following avb verify process. In this case, check if the rpmb
key has been set and always return AVB_IO_RESULT_OK for the boards without
rpmb key.
Test: build and boot pass on imx8qm_mek.
Change-Id: I10c438e56d049ae97ebedfc446c8202642630d8b
Signed-off-by: Ji Luo <ji.luo@nxp.com>
-rw-r--r-- | common/board_r.c | 4 | ||||
-rw-r--r-- | include/configs/imx8qm_mek_android_auto.h | 5 | ||||
-rw-r--r-- | include/configs/imx8qxp_mek_android_auto.h | 5 | ||||
-rw-r--r-- | lib/avb/fsl/fsl_avb.c | 22 | ||||
-rw-r--r-- | lib/avb/fsl/fsl_avbkey.c | 2 |
5 files changed, 28 insertions, 10 deletions
diff --git a/common/board_r.c b/common/board_r.c index f9cd2e26a0..9444bc17b8 100644 --- a/common/board_r.c +++ b/common/board_r.c @@ -654,7 +654,7 @@ static int initr_kbd(void) } #endif -#ifdef AVB_RPMB +#if defined(AVB_RPMB) && !defined(CONFIG_SPL) extern int init_avbkey(void); static int initr_avbkey(void) { @@ -899,7 +899,7 @@ static init_fnc_t init_sequence_r[] = { #ifdef CONFIG_PS2KBD initr_kbd, #endif -#ifdef AVB_RPMB +#if defined(AVB_RPMB) && !defined(CONFIG_SPL) initr_avbkey, #endif #ifdef CONFIG_IMX_TRUSTY_OS diff --git a/include/configs/imx8qm_mek_android_auto.h b/include/configs/imx8qm_mek_android_auto.h index 9c71f01553..63ede93e48 100644 --- a/include/configs/imx8qm_mek_android_auto.h +++ b/include/configs/imx8qm_mek_android_auto.h @@ -102,8 +102,11 @@ #include "imx8qm_mek_android_auto_xen.h" #endif -#ifdef CONFIG_SPL_BUILD +#ifdef CONFIG_IMX_TRUSTY_OS #define AVB_RPMB +#endif + +#ifdef CONFIG_SPL_BUILD #undef CONFIG_BLK #endif diff --git a/include/configs/imx8qxp_mek_android_auto.h b/include/configs/imx8qxp_mek_android_auto.h index 76dcb7db53..6d472ffdac 100644 --- a/include/configs/imx8qxp_mek_android_auto.h +++ b/include/configs/imx8qxp_mek_android_auto.h @@ -94,8 +94,11 @@ #undef CONFIG_USB_HOST_ETHER #undef CONFIG_USB_FUNCTION_MASS_STORAGE -#ifdef CONFIG_SPL_BUILD +#ifdef CONFIG_IMX_TRUSTY_OS #define AVB_RPMB +#endif + +#ifdef CONFIG_SPL_BUILD #undef CONFIG_BLK #endif diff --git a/lib/avb/fsl/fsl_avb.c b/lib/avb/fsl/fsl_avb.c index a1c56b196f..ee9f34f205 100644 --- a/lib/avb/fsl/fsl_avb.c +++ b/lib/avb/fsl/fsl_avb.c @@ -631,8 +631,16 @@ AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slo AvbIOResult ret; #ifdef CONFIG_IMX_TRUSTY_OS if (trusty_write_rollback_index(rollback_index_slot, rollback_index)) { - ERR("write rollback from Trusty error!"); - ret = AVB_IO_RESULT_ERROR_IO; + ERR("write rollback from Trusty error!\n"); +#ifdef CONFIG_ANDROID_AUTO_SUPPORT + /* Read/write rollback index from rpmb will fail if the rpmb + * key hasn't been set, return AVB_IO_RESULT_OK in this case. + */ + if (!rpmbkey_is_set()) + ret = AVB_IO_RESULT_OK; + else +#endif + ret = AVB_IO_RESULT_ERROR_IO; } else { ret = AVB_IO_RESULT_OK; } @@ -720,8 +728,14 @@ AvbIOResult fsl_read_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot AvbIOResult ret; #ifdef CONFIG_IMX_TRUSTY_OS if (trusty_read_rollback_index(rollback_index_slot, out_rollback_index)) { - ERR("read rollback from Trusty error!"); - ret = AVB_IO_RESULT_ERROR_IO; + ERR("read rollback from Trusty error!\n"); +#ifdef CONFIG_ANDROID_AUTO_SUPPORT + if (!rpmbkey_is_set()) { + *out_rollback_index = 0; + ret = AVB_IO_RESULT_OK; + } else +#endif + ret = AVB_IO_RESULT_ERROR_IO; } else { ret = AVB_IO_RESULT_OK; } diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c index 56adf44c5a..890ff71322 100644 --- a/lib/avb/fsl/fsl_avbkey.c +++ b/lib/avb/fsl/fsl_avbkey.c @@ -572,7 +572,6 @@ fail: } int init_avbkey(void) { -#ifndef CONFIG_ARM64 struct keyslot_package kp; read_keyslot_package(&kp); if (strcmp(kp.magic, KEYPACK_MAGIC)) { @@ -588,7 +587,6 @@ int init_avbkey(void) { return RESULT_ERROR; #endif fill_secure_keyslot_package(&kp); -#endif return RESULT_OK; } |