MA-13904 [Trusty] Pass root trust to keymaster service

Pass the verified boot key hash to keymaster, it will be
treated as the root trust in keymaster service.
Also set the 'initialized' flag after initializing the
keymaster client or set keymaster boot parameters will fail.

Test: Pass CTS cases:
      android.keystore.cts.KeyAttestationTest#testRsaAttestation
      android.keystore.cts.KeyAttestationTest#testEcAttestation

Change-Id: I486b5493826160f42c61a3da0e6cd769df92254d
Signed-off-by: Ji Luo <ji.luo@nxp.com>

2 files changed, 4 insertions, 1 deletions

diff --git a/lib/trusty/ql-tipc/avb.c b/lib/trusty/ql-tipc/avb.c
index b8dab40a4a..95b26fd2f8 100644
--- a/lib/trusty/ql-tipc/avb.c
+++ b/lib/trusty/ql-tipc/avb.c
@@ -230,7 +230,7 @@ int trusty_read_vbmeta_public_key(uint8_t *publickey, uint32_t size)
         return rc;
     }
     /* ensure caller passed size matches size returned by Trusty */
-    if (size != resp_size) {
+    if (size < resp_size) {
         return TRUSTY_ERR_INVALID_ARGS;
     }
     trusty_memcpy(publickey, resp_buf, resp_size);
diff --git a/lib/trusty/ql-tipc/keymaster.c b/lib/trusty/ql-tipc/keymaster.c
index 21e0e6cf4b..eaa43e3874 100644
--- a/lib/trusty/ql-tipc/keymaster.c
+++ b/lib/trusty/ql-tipc/keymaster.c
@@ -290,6 +290,9 @@ int km_tipc_init(struct trusty_ipc_dev *dev)
         return TRUSTY_ERR_GENERIC;
     }
 
+    /* mark as initialized */
+    initialized = true;
+
     return TRUSTY_ERR_NONE;
 }