diff options
author | Ji Luo <ji.luo@nxp.com> | 2019-01-07 18:16:25 +0800 |
---|---|---|
committer | Ji Luo <ji.luo@nxp.com> | 2019-01-08 17:18:10 +0800 |
commit | 0e202ab93ea99c1e8ca855c896566a4a18957795 (patch) | |
tree | 26508120851d90e108ddae28f8a02398d418972b /drivers/usb | |
parent | e29e4022c5e236fb2ebbcc719724feef738e269f (diff) |
MA-13906 [Trusty] Support commands to set attestation materials
Keystore attestation requires provision keys and cerificate chains into
secure storage. Add commands to support rsa/ecdsa keys and certificate
chains provision, each key/certificate should be staged before provision.
Usage:
Set rsa attestation key:
fastboot stage <path-to-rsa-atte-key>
fastboot oem set-rsa-atte-key
Set ec attestation key:
fastboot stage <path-to-ec-atte-key>
fastboot oem set-ec-atte-key
Append rsa attestation certs:
fastboot stage <path-to-rsa-atte-cert>
fastboot oem append-rsa-atte-cert
Append ec attestation certs:
fastboot stage <path-to-ec-atte-cert>
fastboot oem append-ec-atte-cert
Test: Pass CTS cases:
android.keystore.cts.KeyAttestationTest#testRsaAttestation
android.keystore.cts.KeyAttestationTest#testEcAttestation
Change-Id: Ic3ed87e7e328a39b0f1bfb163356ea9e37d2f4fc
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Diffstat (limited to 'drivers/usb')
-rw-r--r-- | drivers/usb/gadget/f_fastboot.c | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c index 3f300d0e56..bdf15b00b5 100644 --- a/drivers/usb/gadget/f_fastboot.c +++ b/drivers/usb/gadget/f_fastboot.c @@ -3802,13 +3802,52 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req) strcpy(response, "OKAY"); } - } - else if (endswith(cmd, FASTBOOT_SET_CA_RESP)) { + } else if (endswith(cmd, FASTBOOT_SET_CA_RESP)) { if (trusty_atap_set_ca_response(interface.transfer_buffer,download_bytes)) { printf("ERROR set_ca_response failed!\n"); strcpy(response, "FAILInternal error!"); } else strcpy(response, "OKAY"); + } else if (endswith(cmd, FASTBOOT_SET_RSA_ATTESTATION_KEY)) { + if (trusty_set_attestation_key(interface.transfer_buffer, + download_bytes, + KM_ALGORITHM_RSA)) { + printf("ERROR set rsa attestation key failed!\n"); + strcpy(response, "FAILInternal error!"); + } else { + printf("Set rsa attestation key successfully!\n"); + strcpy(response, "OKAY"); + } + } else if (endswith(cmd, FASTBOOT_SET_EC_ATTESTATION_KEY)) { + if (trusty_set_attestation_key(interface.transfer_buffer, + download_bytes, + KM_ALGORITHM_EC)) { + printf("ERROR set ec attestation key failed!\n"); + strcpy(response, "FAILInternal error!"); + } else { + printf("Set ec attestation key successfully!\n"); + strcpy(response, "OKAY"); + } + } else if (endswith(cmd, FASTBOOT_APPEND_RSA_ATTESTATION_CERT)) { + if (trusty_append_attestation_cert_chain(interface.transfer_buffer, + download_bytes, + KM_ALGORITHM_RSA)) { + printf("ERROR append rsa attestation cert chain failed!\n"); + strcpy(response, "FAILInternal error!"); + } else { + printf("Append rsa attestation key successfully!\n"); + strcpy(response, "OKAY"); + } + } else if (endswith(cmd, FASTBOOT_APPEND_EC_ATTESTATION_CERT)) { + if (trusty_append_attestation_cert_chain(interface.transfer_buffer, + download_bytes, + KM_ALGORITHM_EC)) { + printf("ERROR append ec attestation cert chain failed!\n"); + strcpy(response, "FAILInternal error!"); + } else { + printf("Append ec attestation key successfully!\n"); + strcpy(response, "OKAY"); + } } #ifndef CONFIG_AVB_ATX else if (endswith(cmd, FASTBOOT_SET_RPMB_KEY)) { |