diff options
author | Ji Luo <ji.luo@nxp.com> | 2018-08-22 14:32:44 +0800 |
---|---|---|
committer | faqiang.zhu <faqiang.zhu@nxp.com> | 2018-11-12 09:18:37 +0800 |
commit | d4a0dbd9a467984d7f4a4861213298e2b95a3327 (patch) | |
tree | 8da78aedb168a2acf3991b09368204ec9bd018f5 /include/fsl_fastboot.h | |
parent | 22ab111509407a17b12fa2c058f0934ca947619b (diff) |
[iot] Support authenticated unlock
Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
and "fastboot oem at-unlock-vboot" to support the authenticated
unlock feature for Android Things devices. Use software random
numbers generator to generate the 16 bytes random challenge, it
should be replaced with hardware encrypted random generator when
the TEE part is ready.
Test: Generate unlock challenge by:
./avbtool make_atx_unlock_credential
--output=atx_unlock_credential.bin
--intermediate_key_certificate=atx_pik_certificate.bin
--unlock_key_certificate=atx_puk_certificate.bin
--challenge=my_generated_challenge.bin
--unlock_key=testkey_atx_puk.pem
validated the unlock credential successfully on imx7d_pico
and AIY.
Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Diffstat (limited to 'include/fsl_fastboot.h')
-rw-r--r-- | include/fsl_fastboot.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/fsl_fastboot.h b/include/fsl_fastboot.h index b033aaee91b..c3fd85eb386 100644 --- a/include/fsl_fastboot.h +++ b/include/fsl_fastboot.h @@ -96,6 +96,8 @@ #define FASTBOOT_BOOTLOADER_VBOOT_KEY "fuse at-bootloader-vboot-key" #ifdef CONFIG_AVB_ATX #define FASTBOOT_AVB_AT_PERM_ATTR "fuse at-perm-attr" +#define FASTBOOT_AT_UNLOCK_VBOOT "at-unlock-vboot" +#define FASTBOOT_AT_GET_UNLOCK_CHALLENGE "at-get-vboot-unlock-challenge" #endif /* CONFIG_AVB_ATX */ #endif /* CONFIG_ANDROID_THINGS_SUPPORT */ |