diff options
| author | Ji Luo <ji.luo@nxp.com> | 2018-12-20 16:22:36 +0800 |
|---|---|---|
| committer | Ji Luo <ji.luo@nxp.com> | 2018-12-24 09:13:38 +0800 |
| commit | e05d44f550ca90b899e568eed770a68fba90afcb (patch) | |
| tree | c274154fa7e8f1cc0bf89320972998ddf245fb98 /lib | |
| parent | 4668e8a45e6226801bb8da0571af626d81e981fb (diff) | |
MA-13832 [Trusty] Support random rpmb key set
Sometimes we need to set random rpmb key which is invisible
except for the device.
Generate the random key with hwcrypto interface and support
fastboot command "fastboot oem set-rpmb-random-key" to set it.
Test: build and boot on imx8q.
Change-Id: I44e1b6b091366d8ffceb1159fc65c17610ce5243
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/avb/fsl/fsl_avbkey.c | 39 |
1 files changed, 29 insertions, 10 deletions
diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c index 5b58515fd5..4ef914aa39 100644 --- a/lib/avb/fsl/fsl_avbkey.c +++ b/lib/avb/fsl/fsl_avbkey.c @@ -1034,7 +1034,7 @@ bool rpmbkey_is_set(void) return ret; } -int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) +int do_rpmb_key_set(uint8_t *key, uint32_t key_size) { int ret = 0; int mmcc; @@ -1046,10 +1046,9 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) ALLOC_CACHE_ALIGN_BUFFER(uint8_t, blob, RPMBKEY_LENGTH + CAAM_PAD); - if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) { - printf("ERROR - rpmb magic doesn't match!\n"); - return -1; - } + /* copy rpmb key to cache aligned buffer. */ + memset(rpmb_key, 0, RPMBKEY_LENGTH); + memcpy(rpmb_key, key, RPMBKEY_LENGTH); /* Get current mmc device. */ mmcc = mmc_get_env_dev(); @@ -1070,11 +1069,6 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) desc->hwpart = MMC_PART_RPMB; } - /* Set rpmb key. */ - memset(rpmb_key, 0, RPMBKEY_LENGTH); - memcpy(rpmb_key, - staged_buf + strlen(RPMB_KEY_MAGIC), RPMBKEY_LENGTH); - if (mmc_rpmb_set_key(mmc, rpmb_key)) { printf("ERROR - Key already programmed ?\n"); ret = -1; @@ -1117,6 +1111,7 @@ int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) /* Erase the key buffer. */ memset(rpmb_key, 0, RPMBKEY_LENGTH); + memset(key, 0, RPMBKEY_LENGTH); fail: /* Return to original partition */ @@ -1129,6 +1124,30 @@ fail: return ret; } +int fastboot_set_rpmb_key(uint8_t *staged_buf, uint32_t key_size) +{ + + if (memcmp(staged_buf, RPMB_KEY_MAGIC, strlen(RPMB_KEY_MAGIC))) { + printf("ERROR - rpmb magic doesn't match!\n"); + return -1; + } + + return do_rpmb_key_set(staged_buf + strlen(RPMB_KEY_MAGIC), + RPMBKEY_LENGTH); +} + +int fastboot_set_rpmb_random_key(void) +{ + ALLOC_CACHE_ALIGN_BUFFER(uint8_t, rpmb_key, RPMBKEY_LENGTH); + + if (hwcrypto_gen_rng((ulong)rpmb_key, RPMBKEY_LENGTH)) { + printf("error - can't generate random key!\n"); + return -1; + } + + return do_rpmb_key_set(rpmb_key, RPMBKEY_LENGTH); +} + int avb_set_public_key(uint8_t *staged_buffer, uint32_t size) { if ((staged_buffer == NULL) || (size <= 0)) { |