[iot] Support authenticated unlock

Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge" and "fastboot oem at-unlock-vboot" to support the authenticated unlock feature for Android Things devices. Use software random numbers generator to generate the 16 bytes random challenge, it should be replaced with hardware encrypted random generator when the TEE part is ready. Test: Generate unlock challenge by: ./avbtool make_atx_unlock_credential --output=atx_unlock_credential.bin --intermediate_key_certificate=atx_pik_certificate.bin --unlock_key_certificate=atx_puk_certificate.bin --challenge=my_generated_challenge.bin --unlock_key=testkey_atx_puk.pem validated the unlock credential successfully on imx7d_pico and AIY. Change-Id: I4b8cee87c9e96924169479b65020a081136681f6 Signed-off-by: Ji Luo <ji.luo@nxp.com>
author: Ji Luo <ji.luo@nxp.com> 2018-08-22 14:32:44 +0800
committer: faqiang.zhu <faqiang.zhu@nxp.com> 2018-11-12 09:18:37 +0800
commit: d4a0dbd9a467984d7f4a4861213298e2b95a3327 (patch)
tree: 8da78aedb168a2acf3991b09368204ec9bd018f5 /include/fsl_fastboot.h
parent: 22ab111509407a17b12fa2c058f0934ca947619b (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/fsl_fastboot.h b/include/fsl_fastboot.h
index b033aaee91b..c3fd85eb386 100644
--- a/include/fsl_fastboot.h
+++ b/include/fsl_fastboot.h
@@ -96,6 +96,8 @@
 #define FASTBOOT_BOOTLOADER_VBOOT_KEY "fuse at-bootloader-vboot-key"
 #ifdef CONFIG_AVB_ATX
 #define FASTBOOT_AVB_AT_PERM_ATTR "fuse at-perm-attr"
+#define FASTBOOT_AT_UNLOCK_VBOOT "at-unlock-vboot"
+#define FASTBOOT_AT_GET_UNLOCK_CHALLENGE "at-get-vboot-unlock-challenge"
 #endif /* CONFIG_AVB_ATX */
 #endif /* CONFIG_ANDROID_THINGS_SUPPORT */
author	Ji Luo <ji.luo@nxp.com>	2018-08-22 14:32:44 +0800
committer	faqiang.zhu <faqiang.zhu@nxp.com>	2018-11-12 09:18:37 +0800
commit	d4a0dbd9a467984d7f4a4861213298e2b95a3327 (patch)
tree	8da78aedb168a2acf3991b09368204ec9bd018f5 /include/fsl_fastboot.h
parent	22ab111509407a17b12fa2c058f0934ca947619b (diff)