MA-13832 [Trusty] Support random rpmb key set

Sometimes we need to set random rpmb key which is invisible except for the device. Generate the random key with hwcrypto interface and support fastboot command "fastboot oem set-rpmb-random-key" to set it. Test: build and boot on imx8q. Change-Id: I44e1b6b091366d8ffceb1159fc65c17610ce5243 Signed-off-by: Ji Luo <ji.luo@nxp.com>
author: Ji Luo <ji.luo@nxp.com> 2018-12-20 16:22:36 +0800
committer: Ji Luo <ji.luo@nxp.com> 2018-12-24 09:14:31 +0800
commit: 7ade5b407fe6164c0d07f32f72e487ae5f6f3964 (patch)
tree: f4ff4f88e410fbc5d60ea1741575a3ef4f636f22
parent: de975d8500dc9423d10faf8c8290f6463662144c (diff)
4 files changed, 39 insertions, 10 deletions
diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c
index 8963c64b2cc..715eea17807 100644
--- a/drivers/usb/gadget/f_fastboot.c
+++ b/drivers/usb/gadget/f_fastboot.c
@@ -3766,6 +3766,12 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req)
 			strcpy(response, "FAILset rpmb key failed!");
 		} else
 			strcpy(response, "OKAY");
+	} else if (endswith(cmd, FASTBOOT_SET_RPMB_RANDOM_KEY)) {
+		if (fastboot_set_rpmb_random_key()) {
+			printf("ERROR set rpmb random key failed!\n");
+			strcpy(response, "FAILset rpmb random key failed!");
+		} else
+			strcpy(response, "OKAY");
 	} else if (endswith(cmd, FASTBOOT_SET_VBMETA_PUBLIC_KEY)) {
 		if (avb_set_public_key(interface.transfer_buffer,
 					download_bytes))
diff --git a/include/fsl_avb.h b/include/fsl_avb.h
index c377d3a22ba..225f42ab096 100644
--- a/include/fsl_avb.h
+++ b/include/fsl_avb.h
@@ -251,6 +251,9 @@ int avb_atx_fuse_perm_attr(uint8_t *staged_buffer, uint32_t size);
 /* Initialize rpmb key with the staged key */
 int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size);
 
+/* Initialize rpmb key with random key which is generated by caam rng */
+int fastboot_set_rpmb_random_key(void);
+
 /* Generate ATX unlock challenge */
 int avb_atx_get_unlock_challenge(struct AvbAtxOps* atx_ops,
 				uint8_t *upload_buffer, uint32_t *size);
diff --git a/include/fsl_fastboot.h b/include/fsl_fastboot.h
index ad0fce66292..a58663a623f 100644
--- a/include/fsl_fastboot.h
+++ b/include/fsl_fastboot.h
@@ -86,6 +86,7 @@
 #ifdef CONFIG_IMX_TRUSTY_OS
 #ifndef CONFIG_AVB_ATX
 #define FASTBOOT_SET_RPMB_KEY "set-rpmb-key"
+#define FASTBOOT_SET_RPMB_RANDOM_KEY "set-rpmb-random-key"
 #define FASTBOOT_SET_VBMETA_PUBLIC_KEY "set-public-key"
 #endif
 
diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c
index 5b58515fd50..4ef914aa39a 100644
--- a/lib/avb/fsl/fsl_avbkey.c
+++ b/lib/avb/fsl/fsl_avbkey.c
@@ -1034,7 +1034,7 @@ bool rpmbkey_is_set(void)
 	return ret;
 }
 
-int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
+int do_rpmb_key_set(uint8_t *key, uint32_t key_size)
 {
 	int ret = 0;
 	int mmcc;
@@ -1046,10 +1046,9 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
 	ALLOC_CACHE_ALIGN_BUFFER(uint8_t, blob,
                                  RPMBKEY_LENGTH + CAAM_PAD);
 
-	if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) {
-		printf("ERROR - rpmb magic doesn't match!\n");
-		return -1;
-	}
+	/* copy rpmb key to cache aligned buffer. */
+	memset(rpmb_key, 0, RPMBKEY_LENGTH);
+	memcpy(rpmb_key, key, RPMBKEY_LENGTH);
 
 	/* Get current mmc device. */
 	mmcc = mmc_get_env_dev();
@@ -1070,11 +1069,6 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
 		desc->hwpart = MMC_PART_RPMB;
 	}
 
-	/* Set rpmb key. */
-	memset(rpmb_key, 0, RPMBKEY_LENGTH);
-	memcpy(rpmb_key,
-		staged_buf + strlen(RPMB_KEY_MAGIC), RPMBKEY_LENGTH);
-
 	if (mmc_rpmb_set_key(mmc, rpmb_key)) {
 		printf("ERROR - Key already programmed ?\n");
 		ret = -1;
@@ -1117,6 +1111,7 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
 
 	/* Erase the key buffer. */
 	memset(rpmb_key, 0, RPMBKEY_LENGTH);
+	memset(key, 0, RPMBKEY_LENGTH);
 
 fail:
 	/* Return to original partition */
@@ -1129,6 +1124,30 @@ fail:
 	return ret;
 }
 
+int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size)
+{
+
+	if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) {
+		printf("ERROR - rpmb magic doesn't match!\n");
+		return -1;
+	}
+
+	return do_rpmb_key_set(staged_buf + strlen(RPMB_KEY_MAGIC),
+				RPMBKEY_LENGTH);
+}
+
+int fastboot_set_rpmb_random_key(void)
+{
+	ALLOC_CACHE_ALIGN_BUFFER(uint8_t, rpmb_key, RPMBKEY_LENGTH);
+
+	if (hwcrypto_gen_rng((ulong)rpmb_key, RPMBKEY_LENGTH)) {
+		printf("error - can't generate random key!\n");
+		return -1;
+	}
+
+	return do_rpmb_key_set(rpmb_key, RPMBKEY_LENGTH);
+}
+
 int avb_set_public_key(uint8_t *staged_buffer, uint32_t size) {
 
 	if ((staged_buffer == NULL) || (size <= 0)) {
author	Ji Luo <ji.luo@nxp.com>	2018-12-20 16:22:36 +0800
committer	Ji Luo <ji.luo@nxp.com>	2018-12-24 09:14:31 +0800
commit	7ade5b407fe6164c0d07f32f72e487ae5f6f3964 (patch)
tree	f4ff4f88e410fbc5d60ea1741575a3ef4f636f22
parent	de975d8500dc9423d10faf8c8290f6463662144c (diff)