diff options
author | Yu Shan <shanyu@google.com> | 2017-09-11 14:03:44 +0800 |
---|---|---|
committer | Ji Luo <ji.luo@nxp.com> | 2018-08-20 21:25:45 +0800 |
commit | fd9eec336ea44cf6223c2c263bfe6c90a8aa4151 (patch) | |
tree | cf77d0af4da878487c46bcc3aa801ae80b781009 /lib | |
parent | b92b0e1d49778cd31ac33d209fa064caa2bec6ef (diff) |
[iot] Support fastboot oem fuse at-perm-attr command
Support "fastboot oem fuse at-perm-attr" command for
ATX. The perm_attr will be stored into RPMB which
managed by Trusty OS.
Modified permanent_attributes related AVB ops that
support Trusty OS backed RPMB storage.
Change-Id: Id6248570b4294fed3c45270064196bd6b9cf9208
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/avb/fsl/fsl_avbkey.c | 50 |
1 files changed, 49 insertions, 1 deletions
diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c index c3e7ddbe523..97b4f914ccc 100644 --- a/lib/avb/fsl/fsl_avbkey.c +++ b/lib/avb/fsl/fsl_avbkey.c @@ -184,12 +184,19 @@ static int sha256(unsigned char* data, int len, unsigned char* output) { static int permanent_attributes_sha256_hash(unsigned char* output) { AvbAtxPermanentAttributes attributes; +#ifdef CONFIG_IMX_TRUSTY_OS + if(trusty_read_permanent_attributes((uint8_t *)(&attributes), + sizeof(AvbAtxPermanentAttributes))) { + return RESULT_ERROR; + } +#else /* get permanent attributes */ attributes.version = fsl_version; memcpy(attributes.product_root_public_key, fsl_product_root_public_key, sizeof(fsl_product_root_public_key)); memcpy(attributes.product_id, fsl_atx_product_id, sizeof(fsl_atx_product_id)); +#endif /* calculate sha256(permanent attributes) hash */ if (sha256((unsigned char *)&attributes, sizeof(AvbAtxPermanentAttributes), output) == RESULT_ERROR) { @@ -221,6 +228,7 @@ static int init_permanent_attributes_fuse(void) { /* calculate sha256(permanent attributes) */ if (permanent_attributes_sha256_hash(sha256_hash) != RESULT_OK) { + printf("ERROR - calculating permanent attributes SHA256 error!\n"); return RESULT_ERROR; } @@ -236,6 +244,37 @@ static int init_permanent_attributes_fuse(void) { } #endif +#ifdef CONFIG_AVB_ATX +int avb_atx_fuse_perm_attr(uint8_t *staged_buffer, uint32_t size) { + + if (staged_buffer == NULL) { + ERR("Error. Get null staged_buffer\n"); + return -1; + } + if (size != sizeof(AvbAtxPermanentAttributes)) { + ERR("Error. expect perm_attr length %d, but get %d.\n", + sizeof(AvbAtxPermanentAttributes), size); + return -1; + } +#ifdef CONFIG_IMX_TRUSTY_OS + if (trusty_write_permanent_attributes(staged_buffer, size)) { + ERR("Error. Failed to write permanent attributes into secure storage\n"); + return -1; + } + else + return init_permanent_attributes_fuse(); +#else + /* + * TODO: + * Need to handle this when no Trusty OS support. + * But now every Android Things will have Trusty OS support. + */ + ERR("No Trusty OS enabled in bootloader.\n"); + return 0; +#endif +} +#endif + #ifdef AVB_RPMB static int rpmb_read(struct mmc *mmc, uint8_t *buffer, size_t num_bytes, int64_t offset); static int rpmb_write(struct mmc *mmc, uint8_t *buffer, size_t num_bytes, int64_t offset); @@ -481,7 +520,7 @@ int init_avbkey(void) { } if (rpmb_init()) return RESULT_ERROR; -#ifdef CONFIG_AVB_ATX +#if defined(CONFIG_AVB_ATX) && !defined(CONFIG_IMX_TRUSTY_OS) if (init_permanent_attributes_fuse()) return RESULT_ERROR; #endif @@ -1152,6 +1191,14 @@ fail: */ AvbIOResult fsl_read_permanent_attributes( AvbAtxOps* atx_ops, AvbAtxPermanentAttributes* attributes) { +#ifdef CONFIG_IMX_TRUSTY_OS + if (trusty_read_permanent_attributes((uint8_t *)attributes, + sizeof(AvbAtxPermanentAttributes))) { + ERR("Error. Failed to read permanent attributes from secure storage\n"); + return AVB_IO_RESULT_ERROR_IO; + } else + return AVB_IO_RESULT_OK; +#else /* use hard code permanent attributes due to limited fuse and RPMB */ attributes->version = fsl_version; memcpy(attributes->product_root_public_key, fsl_product_root_public_key, @@ -1160,6 +1207,7 @@ AvbIOResult fsl_read_permanent_attributes( sizeof(fsl_atx_product_id)); return AVB_IO_RESULT_OK; +#endif /* CONFIG_IMX_TRUSTY_OS */ } /* Reads a |hash| of permanent attributes. This hash MUST be retrieved from a |