MA-15019-1 Support Manufacture Protection public key generation

Add new keymaster commands to get Manufacure Production key (mppubk).
Since the mppubk can only be generated in OEM CLOSED imx8q board, so
we can only use this command when the board is HAB/AHAB closed.

Commands to extract the mppubk:
        * $fastboot oem get-mppubk
        * $fastboot get_staged mppubk.bin

Test: Generate and dump the mppubk.bin

Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4
Signed-off-by: Ji Luo <ji.luo@nxp.com>
(cherry picked from commit 52300d644a275dfa4fe73ecb51601a8efaff8ab7)
(cherry picked from commit 7320c7c0efacfb7706e85bfe82d11ac6c2e5b61f)

1 files changed, 28 insertions, 0 deletions

diff --git a/lib/trusty/ql-tipc/keymaster.c b/lib/trusty/ql-tipc/keymaster.c
index eaa43e3874..0826002943 100644
--- a/lib/trusty/ql-tipc/keymaster.c
+++ b/lib/trusty/ql-tipc/keymaster.c
@@ -480,3 +480,31 @@ int trusty_atap_read_uuid_str(char **uuid_p)
     }
     return rc;
 }
+
+int trusty_get_mppubk(uint8_t *mppubk, uint32_t *size)
+{
+    int rc = TRUSTY_ERR_GENERIC;
+    struct km_get_mppubk_resp resp;
+
+    rc = km_send_request(KM_GET_MPPUBK, NULL, 0);
+    if (rc < 0) {
+        trusty_error("failed to send km mppubk request\n", rc);
+        return rc;
+    }
+
+    rc = km_read_raw_response(KM_GET_MPPUBK, &resp, sizeof(resp));
+    if (rc < 0) {
+        trusty_error("%s: failed (%d) to read km mppubk response\n", __func__, rc);
+        return rc;
+    }
+
+    if (resp.data_size != 64) {
+        trusty_error("%s: Wrong mppubk size!\n", __func__);
+        return TRUSTY_ERR_GENERIC;
+    } else {
+        *size = resp.data_size;
+    }
+
+    memcpy(mppubk, resp.data, resp.data_size);
+    return TRUSTY_ERR_NONE;
+}