MA-13832 [Trusty] Support random rpmb key set

Sometimes we need to set random rpmb key which is invisible except for the device. Generate the random key with hwcrypto interface and support fastboot command "fastboot oem set-rpmb-random-key" to set it. Test: build and boot on imx8q. Change-Id: I44e1b6b091366d8ffceb1159fc65c17610ce5243 Signed-off-by: Ji Luo <ji.luo@nxp.com>
author: Ji Luo <ji.luo@nxp.com> 2018-12-20 16:22:36 +0800
committer: Ji Luo <ji.luo@nxp.com> 2018-12-24 09:13:38 +0800
commit: e05d44f550ca90b899e568eed770a68fba90afcb (patch)
tree: c274154fa7e8f1cc0bf89320972998ddf245fb98
parent: 4668e8a45e6226801bb8da0571af626d81e981fb (diff)
4 files changed, 39 insertions, 10 deletions
diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c
index 4569a15fe78..640dc45a63b 100644
--- a/drivers/usb/gadget/f_fastboot.c
+++ b/drivers/usb/gadget/f_fastboot.c
@@ -3808,6 +3808,12 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req)
 			strcpy(response, "FAILset rpmb key failed!");
 		} else
 			strcpy(response, "OKAY");
+	} else if (endswith(cmd, FASTBOOT_SET_RPMB_RANDOM_KEY)) {
+		if (fastboot_set_rpmb_random_key()) {
+			printf("ERROR set rpmb random key failed!\n");
+			strcpy(response, "FAILset rpmb random key failed!");
+		} else
+			strcpy(response, "OKAY");
 	} else if (endswith(cmd, FASTBOOT_SET_VBMETA_PUBLIC_KEY)) {
 		if (avb_set_public_key(interface.transfer_buffer,
 					download_bytes))
diff --git a/include/fsl_avb.h b/include/fsl_avb.h
index c377d3a22ba..225f42ab096 100644
--- a/include/fsl_avb.h
+++ b/include/fsl_avb.h
@@ -251,6 +251,9 @@ int avb_atx_fuse_perm_attr(uint8_t *staged_buffer, uint32_t size);
 /* Initialize rpmb key with the staged key */
 int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size);
 
+/* Initialize rpmb key with random key which is generated by caam rng */
+int fastboot_set_rpmb_random_key(void);
+
 /* Generate ATX unlock challenge */
 int avb_atx_get_unlock_challenge(struct AvbAtxOps* atx_ops,
 				uint8_t *upload_buffer, uint32_t *size);
diff --git a/include/fsl_fastboot.h b/include/fsl_fastboot.h
index ad0fce66292..a58663a623f 100644
--- a/include/fsl_fastboot.h
+++ b/include/fsl_fastboot.h
@@ -86,6 +86,7 @@
 #ifdef CONFIG_IMX_TRUSTY_OS
 #ifndef CONFIG_AVB_ATX
 #define FASTBOOT_SET_RPMB_KEY "set-rpmb-key"
+#define FASTBOOT_SET_RPMB_RANDOM_KEY "set-rpmb-random-key"
 #define FASTBOOT_SET_VBMETA_PUBLIC_KEY "set-public-key"
 #endif
 
diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c
index 5b58515fd50..4ef914aa39a 100644
--- a/lib/avb/fsl/fsl_avbkey.c
+++ b/lib/avb/fsl/fsl_avbkey.c
@@ -1034,7 +1034,7 @@ bool rpmbkey_is_set(void)
 	return ret;
 }
 
-int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
+int do_rpmb_key_set(uint8_t *key, uint32_t key_size)
 {
 	int ret = 0;
 	int mmcc;
@@ -1046,10 +1046,9 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
 	ALLOC_CACHE_ALIGN_BUFFER(uint8_t, blob,
                                  RPMBKEY_LENGTH + CAAM_PAD);
 
-	if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) {
-		printf("ERROR - rpmb magic doesn't match!\n");
-		return -1;
-	}
+	/* copy rpmb key to cache aligned buffer. */
+	memset(rpmb_key, 0, RPMBKEY_LENGTH);
+	memcpy(rpmb_key, key, RPMBKEY_LENGTH);
 
 	/* Get current mmc device. */
 	mmcc = mmc_get_env_dev();
@@ -1070,11 +1069,6 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
 		desc->hwpart = MMC_PART_RPMB;
 	}
 
-	/* Set rpmb key. */
-	memset(rpmb_key, 0, RPMBKEY_LENGTH);
-	memcpy(rpmb_key,
-		staged_buf + strlen(RPMB_KEY_MAGIC), RPMBKEY_LENGTH);
-
 	if (mmc_rpmb_set_key(mmc, rpmb_key)) {
 		printf("ERROR - Key already programmed ?\n");
 		ret = -1;
@@ -1117,6 +1111,7 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
 
 	/* Erase the key buffer. */
 	memset(rpmb_key, 0, RPMBKEY_LENGTH);
+	memset(key, 0, RPMBKEY_LENGTH);
 
 fail:
 	/* Return to original partition */
@@ -1129,6 +1124,30 @@ fail:
 	return ret;
 }
 
+int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
+{
+
+	if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) {
+		printf("ERROR - rpmb magic doesn't match!\n");
+		return -1;
+	}
+
+	return do_rpmb_key_set(staged_buf + strlen(RPMB_KEY_MAGIC),
+				RPMBKEY_LENGTH);
+}
+
+int fastboot_set_rpmb_random_key(void)
+{
+	ALLOC_CACHE_ALIGN_BUFFER(uint8_t, rpmb_key, RPMBKEY_LENGTH);
+
+	if (hwcrypto_gen_rng((ulong)rpmb_key, RPMBKEY_LENGTH)) {
+		printf("error - can't generate random key!\n");
+		return -1;
+	}
+
+	return do_rpmb_key_set(rpmb_key, RPMBKEY_LENGTH);
+}
+
 int avb_set_public_key(uint8_t *staged_buffer, uint32_t size) {
 
 	if ((staged_buffer == NULL) || (size <= 0)) {
author	Ji Luo <ji.luo@nxp.com>	2018-12-20 16:22:36 +0800
committer	Ji Luo <ji.luo@nxp.com>	2018-12-24 09:13:38 +0800
commit	e05d44f550ca90b899e568eed770a68fba90afcb (patch)
tree	c274154fa7e8f1cc0bf89320972998ddf245fb98
parent	4668e8a45e6226801bb8da0571af626d81e981fb (diff)