MA-15142 Support secure attestation provision

In host end, need encrypt the attestation keys and certs by manufacture protection public key though AES-128-ECB. Then use below 4 set of commands to provision encrypted RSA attestation and EC attestation: * $fastboot stage atte_rsa_key.bin * $fastboot oem set-rsa-atte-key-enc * $fastboot stage atte_rsa_cert.bin * $fastboot oem append-rsa-atte-cert-enc * $fastboot stage atte_ec_key.bin * $fastboot oem set-ec-atte-key-enc * $fastboot stage atte_ec_cert.bin * $fastboot oem append-ec-atte-cert-enc Change-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346 Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
author: Haoran.Wang <elven.wang@nxp.com> 2019-07-16 13:12:15 +0800
committer: Ji Luo <ji.luo@nxp.com> 2019-07-16 22:05:00 +0800
commit: 52eb9a780f1d6c5097d8bc82b16946192f025d9e (patch)
tree: 66f23fb50302721ba4d74f677f819977aba94036 /include
parent: 2b7597fa3e9b3d09002fc6ef85aae1de19e184d0 (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/include/fsl_fastboot.h b/include/fsl_fastboot.h
index 1dff46ecb3..86423d1cbb 100644
--- a/include/fsl_fastboot.h
+++ b/include/fsl_fastboot.h
@@ -97,6 +97,10 @@
 #define FASTBOOT_SET_EC_ATTESTATION_KEY  "set-ec-atte-key"
 #define FASTBOOT_APPEND_RSA_ATTESTATION_CERT  "append-rsa-atte-cert"
 #define FASTBOOT_APPEND_EC_ATTESTATION_CERT  "append-ec-atte-cert"
+#define FASTBOOT_SET_RSA_ATTESTATION_KEY_ENC  "set-rsa-atte-key-enc"
+#define FASTBOOT_SET_EC_ATTESTATION_KEY_ENC  "set-ec-atte-key-enc"
+#define FASTBOOT_APPEND_RSA_ATTESTATION_CERT_ENC  "append-rsa-atte-cert-enc"
+#define FASTBOOT_APPEND_EC_ATTESTATION_CERT_ENC  "append-ec-atte-cert-enc"
 #endif
 
 #ifdef CONFIG_ANDROID_THINGS_SUPPORT
diff --git a/include/interface/keymaster/keymaster.h b/include/interface/keymaster/keymaster.h
index ff5583496f..1b1fc63315 100644
--- a/include/interface/keymaster/keymaster.h
+++ b/include/interface/keymaster/keymaster.h
@@ -63,6 +63,8 @@ enum keymaster_command {
     KM_ATAP_SET_CA_RESPONSE_FINISH     = (0x7000 << KEYMASTER_REQ_SHIFT),
     KM_ATAP_READ_UUID                  = (0x8000 << KEYMASTER_REQ_SHIFT),
     KM_SET_PRODUCT_ID                  = (0x9000 << KEYMASTER_REQ_SHIFT),
+    KM_SET_ATTESTATION_KEY_ENC         = (0xa000 << KEYMASTER_REQ_SHIFT),
+    KM_APPEND_ATTESTATION_CERT_CHAIN_ENC = (0xb000 << KEYMASTER_REQ_SHIFT),
     KM_GET_MPPUBK                      = (0xc000 << KEYMASTER_REQ_SHIFT)
 };
author	Haoran.Wang <elven.wang@nxp.com>	2019-07-16 13:12:15 +0800
committer	Ji Luo <ji.luo@nxp.com>	2019-07-16 22:05:00 +0800
commit	52eb9a780f1d6c5097d8bc82b16946192f025d9e (patch)
tree	66f23fb50302721ba4d74f677f819977aba94036 /include
parent	2b7597fa3e9b3d09002fc6ef85aae1de19e184d0 (diff)