[iot] Support authenticated unlock

Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
and "fastboot oem at-unlock-vboot" to support the authenticated
unlock feature for Android Things devices. Use software random
numbers generator to generate the 16 bytes random challenge, it
should be replaced with hardware encrypted random generator when
the TEE part is ready.

Test: Generate unlock challenge by:
        ./avbtool make_atx_unlock_credential
        --output=atx_unlock_credential.bin
        --intermediate_key_certificate=atx_pik_certificate.bin
        --unlock_key_certificate=atx_puk_certificate.bin
        --challenge=my_generated_challenge.bin
        --unlock_key=testkey_atx_puk.pem
      validated the unlock credential successfully on imx7d_pico
      and AIY.

Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
Signed-off-by: Ji Luo <ji.luo@nxp.com>

1 files changed, 4 insertions, 3 deletions

diff --git a/include/configs/imx8mq_evk_androidthings.h b/include/configs/imx8mq_evk_androidthings.h
index 0234456045..184a9ed4b3 100644
--- a/include/configs/imx8mq_evk_androidthings.h
+++ b/include/configs/imx8mq_evk_androidthings.h
@@ -10,7 +10,6 @@
 #define CONFIG_CMD_READ
 
 #define CONFIG_ANDROID_AB_SUPPORT
-#define CONFIG_AVB_SUPPORT
 #define CONFIG_SUPPORT_EMMC_RPMB
 #define CONFIG_SYSTEM_RAMDISK_SUPPORT
 #define CONFIG_AVB_FUSE_BANK_SIZEW 0
@@ -51,6 +50,10 @@
 #define TEE_LOAD_ADDR_1G 0x7e000000
 #define TEE_LOAD_ADDR_3G 0xfe000000
 
+
+#define KEYSLOT_HWPARTITION_ID   2
+#define KEYSLOT_BLKS             0x1FFF
+
 #ifdef CONFIG_SPL_BUILD
 
 #define CONFIG_SPL_SHA256
@@ -64,8 +67,6 @@
 #define BOOTLOADER_RBIDX_START   0x1F000
 #define BOOTLOADER_RBIDX_LEN     0x08
 #define BOOTLOADER_RBIDX_INITVAL 0
-#define KEYSLOT_HWPARTITION_ID   2
-#define KEYSLOT_BLKS             0x1FFF
 #endif
 
 #else