8 files changed, 131 insertions, 61 deletions

diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig
index 53a82cc4a6..29ffebd1b7 100644
--- a/arch/arm/mach-imx/Kconfig
+++ b/arch/arm/mach-imx/Kconfig
@@ -336,10 +336,40 @@ config ID_ATTESTATION
 	default y
 	depends on IMX_TRUSTY_OS
 
+config ATTESTATION_ID_BRAND
+	string "brand name"
+	depends on IMX_TRUSTY_OS && ID_ATTESTATION
+	default ""
+
+config ATTESTATION_ID_DEVICE
+	string "device name"
+	depends on IMX_TRUSTY_OS && ID_ATTESTATION
+	default ""
+
 config ATTESTATION_ID_PRODUCT
-	string "Product name for ID attestation"
+	string "product name"
+	depends on IMX_TRUSTY_OS && ID_ATTESTATION
+	default ""
+
+config ATTESTATION_ID_IMEI
+	string "IMEI id"
+	depends on IMX_TRUSTY_OS && ID_ATTESTATION
+	default ""
+
+config ATTESTATION_ID_MEID
+	string "MEID id"
+	depends on IMX_TRUSTY_OS && ID_ATTESTATION
+	default ""
+
+config ATTESTATION_ID_MANUFACTURER
+	string "manufacture name"
+	depends on IMX_TRUSTY_OS && ID_ATTESTATION
+	default ""
+
+config ATTESTATION_ID_MODEL
+	string "model name"
 	depends on IMX_TRUSTY_OS && ID_ATTESTATION
-	default SYS_CONFIG_NAME
+	default ""
 
 config SECURE_UNLOCK
 	bool "Enable secure unlock for Android devices, it can only be enabled on HAB closed board"
diff --git a/drivers/fastboot/fb_fsl/fb_fsl_command.c b/drivers/fastboot/fb_fsl/fb_fsl_command.c
index 104e86e496..90dc5f5b16 100644
--- a/drivers/fastboot/fb_fsl/fb_fsl_command.c
+++ b/drivers/fastboot/fb_fsl/fb_fsl_command.c
@@ -682,33 +682,13 @@ static void flashing(char *cmd, char *response)
 		}
 	}
 #ifdef CONFIG_ID_ATTESTATION
-	else if (endswith(cmd, FASTBOOT_APPEND_ATTESTATION_ID)) {
-		if (trusty_append_attestation_id(ATTESTATION_ID_BRAND, strlen(ATTESTATION_ID_BRAND))) {
-			printf("Error append ATTESTATION_ID_BRAND failed!\n");
-			strcpy(response, "FAILAppend ATTESTATION_ID_BRAND failed!");
-		} else if (trusty_append_attestation_id(ATTESTATION_ID_DEVICE, strlen(ATTESTATION_ID_DEVICE))) {
-			printf("Error append ATTESTATION_ID_DEVICE failed!\n");
-			strcpy(response, "FAILAppend ATTESTATION_ID_DEVICE failed!");
-		} else if (trusty_append_attestation_id(CONFIG_ATTESTATION_ID_PRODUCT, strlen(CONFIG_ATTESTATION_ID_PRODUCT))) {
-			printf("Error append ATTESTATION_ID_PRODUCT failed!\n");
-			strcpy(response, "FAILAppend ATTESTATION_ID_PRODUCT failed!");
-		} else if (trusty_append_attestation_id(ATTESTATION_ID_MANUFACTURER, strlen(ATTESTATION_ID_MANUFACTURER))) {
-			printf("Error append ATTESTATION_ID_MANUFACTURER failed!\n");
-			strcpy(response, "FAILAppend ATTESTATION_ID_MANUFACTURER failed!");
-		} else if (trusty_append_attestation_id(ATTESTATION_ID_MODEL, strlen(ATTESTATION_ID_MODEL))) {
-			printf("Error append ATTESTATION_ID_MODEL failed!\n");
-			strcpy(response, "FAILAppend ATTESTATION_ID_MODEL failed!");
+	else if (endswith(cmd, FASTBOOT_SET_ATTESTATION_ID)) {
+		if (trusty_set_attestation_id()) {
+			printf("ERROR set device ids failed!\n");
+			strcpy(response, "FAILSet device ids failed!");
 		} else {
-			char *serial = get_serial();
-
-			if (!serial) {
-				printf("Error Failed to append the serial number!\n");
-				strcpy(response, "FAIL Failed to append the serial number!");
-			} else if (trusty_append_attestation_id(serial, 16)) {
-				printf("Error Failed to append the serial number!\n");
-				strcpy(response, "FAILFailed to append the serial number!");
-			} else
-				strcpy(response, "OKAY");
+			printf("Set device ids successfully!\n");
+			strcpy(response, "OKAY");
 		}
 	}
 #endif
diff --git a/include/fb_fsl.h b/include/fb_fsl.h
index dece725c1b..7c2d6fbc89 100644
--- a/include/fb_fsl.h
+++ b/include/fb_fsl.h
@@ -104,7 +104,7 @@
 #define FASTBOOT_APPEND_EC_ATTESTATION_CERT_ENC  "append-ec-atte-cert-enc"
 #define FASTBOOT_GET_MPPUBK  "get-mppubk"
 #define FASTBOOT_GET_SERIAL_NUMBER  "get-serial-number"
-#define FASTBOOT_APPEND_ATTESTATION_ID "append-device-id"
+#define FASTBOOT_SET_ATTESTATION_ID "set-device-id"
 #define FASTBOOT_WV_PROVISION	"provision-wv-keybox"
 #define FASTBOOT_WV_PROVISION_ENC	"provision-wv-keybox-enc"
 #endif
diff --git a/include/interface/keymaster/keymaster.h b/include/interface/keymaster/keymaster.h
index d60bba6176..a178ee0af8 100644
--- a/include/interface/keymaster/keymaster.h
+++ b/include/interface/keymaster/keymaster.h
@@ -291,10 +291,6 @@ struct km_attestation_data {
     const uint8_t *data;
 } TRUSTY_ATTR_PACKED;
 
-struct km_attestation_id_data {
-    uint32_t data_size;
-    const uint8_t *data;
-} TRUSTY_ATTR_PACKED;
 /**
  * km_raw_buffer - represents a single raw buffer
  *
diff --git a/include/trusty/keymaster.h b/include/trusty/keymaster.h
index 2a5551cce8..d9a7895c07 100644
--- a/include/trusty/keymaster.h
+++ b/include/trusty/keymaster.h
@@ -170,11 +170,8 @@ int trusty_verify_secure_unlock(uint8_t *unlock_credential,
                                 uint8_t *serial, uint32_t serial_size);
 
 /*
- * trusty_append_attestation_id is called to set attestation Device ID.
- *
- * @ data: Device ID string
- * @ data_size: Device ID size
+ * trusty_set_attestation_id is called to set attestation Device ID.
  * */
-int trusty_append_attestation_id(const char *data, uint32_t data_size);
+int trusty_set_attestation_id(void);
 
 #endif /* TRUSTY_KEYMASTER_H_ */
diff --git a/include/trusty/keymaster_serializable.h b/include/trusty/keymaster_serializable.h
index 830c0ba13b..280adda571 100644
--- a/include/trusty/keymaster_serializable.h
+++ b/include/trusty/keymaster_serializable.h
@@ -68,12 +68,11 @@ int km_attestation_data_serialize(const struct km_attestation_data *data,
                                   uint8_t **out, uint32_t *out_size);
 
 /**
- * Serializes a km_attestation_id_data structure. On success, allocates |*out_size|
- * bytes to |*out| and writes the serialized |data| to |*out|. Caller takes
- * ownership of |*out|. Returns one of trusty_err.
+ * Serializes a km_attestation_id_data structure. On success, writes the
+ * serialized |data| to |*out|. Returns one of trusty_err.
  */
-int km_attestation_id_data_serialize(const struct km_attestation_id_data *data,
-                                 uint8_t** out, uint32_t *out_size);
+int km_attestation_id_data_serialize(const uint8_t *data, uint32_t data_size,
+                                     uint8_t** out, uint32_t *out_size);
 
 /**
  * Serializes a km_secure_unlock_data structure. On success, allocates |*out_size|
diff --git a/lib/trusty/ql-tipc/keymaster.c b/lib/trusty/ql-tipc/keymaster.c
index 4880510232..6d287f3f20 100644
--- a/lib/trusty/ql-tipc/keymaster.c
+++ b/lib/trusty/ql-tipc/keymaster.c
@@ -581,21 +581,90 @@ end:
     return rc;
 }
 
-int trusty_append_attestation_id(const char *data, uint32_t data_size)
+char *get_serial(void);
+int trusty_set_attestation_id(void)
 {
-    struct km_attestation_id_data attestation_id_data = {
-        .data_size = data_size,
-        .data = (uint8_t *)data,
-    };
-    uint8_t *req = NULL;
+    uint8_t *req = NULL, *tmp = NULL;
     uint32_t req_size = 0;
-    int rc = km_attestation_id_data_serialize(&attestation_id_data, &req, &req_size);
+    int rc;
 
+    req = trusty_calloc(1024, 1); // 1024 bytes buffer should be enough.
+    tmp = req;
+
+    /* fill in the device ids */
+    /* brand */
+    rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_BRAND,
+                                          strlen(CONFIG_ATTESTATION_ID_BRAND),
+                                          &tmp, &req_size);
     if (rc < 0) {
-        trusty_error("failed (%d) to serialize request\n", rc);
+	trusty_error("%s: failed (%d) to set id brand.\n", __func__, rc);
+        goto end;
+    }
+
+    /* device */
+    rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_DEVICE,
+                                          strlen(CONFIG_ATTESTATION_ID_DEVICE),
+                                          &tmp, &req_size);
+    if (rc < 0) {
+	trusty_error("%s: failed (%d) to set id device.\n", __func__, rc);
         goto end;
     }
-    rc = km_do_tipc(KM_APPEND_ATTESTATION_ID, req, req_size, NULL, NULL);
+
+    /* product */
+    rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_PRODUCT,
+                                          strlen(CONFIG_ATTESTATION_ID_PRODUCT),
+                                          &tmp, &req_size);
+    if (rc < 0) {
+	trusty_error("%s: failed (%d) to set id product.\n", __func__, rc);
+        goto end;
+    }
+
+    /* serial number, bail out when fail because it's a MUST. */
+    char *serial = get_serial();
+    if (serial)
+        km_attestation_id_data_serialize((uint8_t *)serial, 16, &tmp, &req_size);
+    else {
+        trusty_error("%s: failed to get serial number.\n", __func__);
+        goto end;
+    }
+
+    /* IMEI */
+    rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_IMEI,
+                                          strlen(CONFIG_ATTESTATION_ID_IMEI),
+                                          &tmp, &req_size);
+    if (rc < 0) {
+	trusty_error("%s: failed (%d) to set id IMEI.\n", __func__, rc);
+        goto end;
+    }
+
+    /* MEID */
+    rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_MEID,
+                                          strlen(CONFIG_ATTESTATION_ID_MEID),
+                                          &tmp, &req_size);
+    if (rc < 0) {
+	trusty_error("%s: failed (%d) to set id MEID.\n", __func__, rc);
+        goto end;
+    }
+
+    /* manufacturer */
+    rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_MANUFACTURER,
+                                          strlen(CONFIG_ATTESTATION_ID_MANUFACTURER),
+                                          &tmp, &req_size);
+    if (rc < 0) {
+	trusty_error("%s: failed (%d) to set id manufacturer.\n", __func__, rc);
+        goto end;
+    }
+
+    /* model */
+    rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_MODEL,
+                                          strlen(CONFIG_ATTESTATION_ID_MODEL),
+                                          &tmp, &req_size);
+    if (rc < 0) {
+	trusty_error("%s: failed (%d) to set id model.\n", __func__, rc);
+        goto end;
+    }
+
+    rc = km_do_tipc(KM_SET_ATTESTATION_IDS, req, req_size, NULL, NULL);
 
 end:
     if (req) {
diff --git a/lib/trusty/ql-tipc/keymaster_serializable.c b/lib/trusty/ql-tipc/keymaster_serializable.c
index 232a093a9e..eda9efe7bd 100644
--- a/lib/trusty/ql-tipc/keymaster_serializable.c
+++ b/lib/trusty/ql-tipc/keymaster_serializable.c
@@ -97,19 +97,18 @@ int km_attestation_data_serialize(const struct km_attestation_data *data,
     return TRUSTY_ERR_NONE;
 }
 
-int km_attestation_id_data_serialize(const struct km_attestation_id_data *data,
-                                 uint8_t** out, uint32_t *out_size)
+int km_attestation_id_data_serialize(const uint8_t *data, uint32_t data_size,
+                                     uint8_t** out, uint32_t *out_size)
 {
-    if (!out || !data || !out_size) {
+    if (!out || !out_size) {
         return TRUSTY_ERR_INVALID_ARGS;
     }
-    *out_size = (sizeof(data->data_size) + data->data_size);
-    *out = trusty_calloc(*out_size, 1);
-    if (!*out) {
-        return TRUSTY_ERR_NO_MEMORY;
-    }
 
-    append_sized_buf_to_buf(*out, data->data, data->data_size);
+    if (data_size)
+        *out = append_sized_buf_to_buf(*out, data, data_size);
+    else
+        *out = append_uint32_to_buf(*out, data_size);
+    *out_size += (sizeof(data_size) + data_size);
 
     return TRUSTY_ERR_NONE;
 }