diff options
-rw-r--r-- | arch/arm/mach-imx/Kconfig | 34 | ||||
-rw-r--r-- | drivers/fastboot/fb_fsl/fb_fsl_command.c | 32 | ||||
-rw-r--r-- | include/fb_fsl.h | 2 | ||||
-rw-r--r-- | include/interface/keymaster/keymaster.h | 4 | ||||
-rw-r--r-- | include/trusty/keymaster.h | 7 | ||||
-rw-r--r-- | include/trusty/keymaster_serializable.h | 9 | ||||
-rw-r--r-- | lib/trusty/ql-tipc/keymaster.c | 87 | ||||
-rw-r--r-- | lib/trusty/ql-tipc/keymaster_serializable.c | 17 |
8 files changed, 131 insertions, 61 deletions
diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig index 53a82cc4a6..29ffebd1b7 100644 --- a/arch/arm/mach-imx/Kconfig +++ b/arch/arm/mach-imx/Kconfig @@ -336,10 +336,40 @@ config ID_ATTESTATION default y depends on IMX_TRUSTY_OS +config ATTESTATION_ID_BRAND + string "brand name" + depends on IMX_TRUSTY_OS && ID_ATTESTATION + default "" + +config ATTESTATION_ID_DEVICE + string "device name" + depends on IMX_TRUSTY_OS && ID_ATTESTATION + default "" + config ATTESTATION_ID_PRODUCT - string "Product name for ID attestation" + string "product name" + depends on IMX_TRUSTY_OS && ID_ATTESTATION + default "" + +config ATTESTATION_ID_IMEI + string "IMEI id" + depends on IMX_TRUSTY_OS && ID_ATTESTATION + default "" + +config ATTESTATION_ID_MEID + string "MEID id" + depends on IMX_TRUSTY_OS && ID_ATTESTATION + default "" + +config ATTESTATION_ID_MANUFACTURER + string "manufacture name" + depends on IMX_TRUSTY_OS && ID_ATTESTATION + default "" + +config ATTESTATION_ID_MODEL + string "model name" depends on IMX_TRUSTY_OS && ID_ATTESTATION - default SYS_CONFIG_NAME + default "" config SECURE_UNLOCK bool "Enable secure unlock for Android devices, it can only be enabled on HAB closed board" diff --git a/drivers/fastboot/fb_fsl/fb_fsl_command.c b/drivers/fastboot/fb_fsl/fb_fsl_command.c index 104e86e496..90dc5f5b16 100644 --- a/drivers/fastboot/fb_fsl/fb_fsl_command.c +++ b/drivers/fastboot/fb_fsl/fb_fsl_command.c @@ -682,33 +682,13 @@ static void flashing(char *cmd, char *response) } } #ifdef CONFIG_ID_ATTESTATION - else if (endswith(cmd, FASTBOOT_APPEND_ATTESTATION_ID)) { - if (trusty_append_attestation_id(ATTESTATION_ID_BRAND, strlen(ATTESTATION_ID_BRAND))) { - printf("Error append ATTESTATION_ID_BRAND failed!\n"); - strcpy(response, "FAILAppend ATTESTATION_ID_BRAND failed!"); - } else if (trusty_append_attestation_id(ATTESTATION_ID_DEVICE, strlen(ATTESTATION_ID_DEVICE))) { - printf("Error append ATTESTATION_ID_DEVICE failed!\n"); - strcpy(response, "FAILAppend ATTESTATION_ID_DEVICE failed!"); - } else if (trusty_append_attestation_id(CONFIG_ATTESTATION_ID_PRODUCT, strlen(CONFIG_ATTESTATION_ID_PRODUCT))) { - printf("Error append ATTESTATION_ID_PRODUCT failed!\n"); - strcpy(response, "FAILAppend ATTESTATION_ID_PRODUCT failed!"); - } else if (trusty_append_attestation_id(ATTESTATION_ID_MANUFACTURER, strlen(ATTESTATION_ID_MANUFACTURER))) { - printf("Error append ATTESTATION_ID_MANUFACTURER failed!\n"); - strcpy(response, "FAILAppend ATTESTATION_ID_MANUFACTURER failed!"); - } else if (trusty_append_attestation_id(ATTESTATION_ID_MODEL, strlen(ATTESTATION_ID_MODEL))) { - printf("Error append ATTESTATION_ID_MODEL failed!\n"); - strcpy(response, "FAILAppend ATTESTATION_ID_MODEL failed!"); + else if (endswith(cmd, FASTBOOT_SET_ATTESTATION_ID)) { + if (trusty_set_attestation_id()) { + printf("ERROR set device ids failed!\n"); + strcpy(response, "FAILSet device ids failed!"); } else { - char *serial = get_serial(); - - if (!serial) { - printf("Error Failed to append the serial number!\n"); - strcpy(response, "FAIL Failed to append the serial number!"); - } else if (trusty_append_attestation_id(serial, 16)) { - printf("Error Failed to append the serial number!\n"); - strcpy(response, "FAILFailed to append the serial number!"); - } else - strcpy(response, "OKAY"); + printf("Set device ids successfully!\n"); + strcpy(response, "OKAY"); } } #endif diff --git a/include/fb_fsl.h b/include/fb_fsl.h index dece725c1b..7c2d6fbc89 100644 --- a/include/fb_fsl.h +++ b/include/fb_fsl.h @@ -104,7 +104,7 @@ #define FASTBOOT_APPEND_EC_ATTESTATION_CERT_ENC "append-ec-atte-cert-enc" #define FASTBOOT_GET_MPPUBK "get-mppubk" #define FASTBOOT_GET_SERIAL_NUMBER "get-serial-number" -#define FASTBOOT_APPEND_ATTESTATION_ID "append-device-id" +#define FASTBOOT_SET_ATTESTATION_ID "set-device-id" #define FASTBOOT_WV_PROVISION "provision-wv-keybox" #define FASTBOOT_WV_PROVISION_ENC "provision-wv-keybox-enc" #endif diff --git a/include/interface/keymaster/keymaster.h b/include/interface/keymaster/keymaster.h index d60bba6176..a178ee0af8 100644 --- a/include/interface/keymaster/keymaster.h +++ b/include/interface/keymaster/keymaster.h @@ -291,10 +291,6 @@ struct km_attestation_data { const uint8_t *data; } TRUSTY_ATTR_PACKED; -struct km_attestation_id_data { - uint32_t data_size; - const uint8_t *data; -} TRUSTY_ATTR_PACKED; /** * km_raw_buffer - represents a single raw buffer * diff --git a/include/trusty/keymaster.h b/include/trusty/keymaster.h index 2a5551cce8..d9a7895c07 100644 --- a/include/trusty/keymaster.h +++ b/include/trusty/keymaster.h @@ -170,11 +170,8 @@ int trusty_verify_secure_unlock(uint8_t *unlock_credential, uint8_t *serial, uint32_t serial_size); /* - * trusty_append_attestation_id is called to set attestation Device ID. - * - * @ data: Device ID string - * @ data_size: Device ID size + * trusty_set_attestation_id is called to set attestation Device ID. * */ -int trusty_append_attestation_id(const char *data, uint32_t data_size); +int trusty_set_attestation_id(void); #endif /* TRUSTY_KEYMASTER_H_ */ diff --git a/include/trusty/keymaster_serializable.h b/include/trusty/keymaster_serializable.h index 830c0ba13b..280adda571 100644 --- a/include/trusty/keymaster_serializable.h +++ b/include/trusty/keymaster_serializable.h @@ -68,12 +68,11 @@ int km_attestation_data_serialize(const struct km_attestation_data *data, uint8_t **out, uint32_t *out_size); /** - * Serializes a km_attestation_id_data structure. On success, allocates |*out_size| - * bytes to |*out| and writes the serialized |data| to |*out|. Caller takes - * ownership of |*out|. Returns one of trusty_err. + * Serializes a km_attestation_id_data structure. On success, writes the + * serialized |data| to |*out|. Returns one of trusty_err. */ -int km_attestation_id_data_serialize(const struct km_attestation_id_data *data, - uint8_t** out, uint32_t *out_size); +int km_attestation_id_data_serialize(const uint8_t *data, uint32_t data_size, + uint8_t** out, uint32_t *out_size); /** * Serializes a km_secure_unlock_data structure. On success, allocates |*out_size| diff --git a/lib/trusty/ql-tipc/keymaster.c b/lib/trusty/ql-tipc/keymaster.c index 4880510232..6d287f3f20 100644 --- a/lib/trusty/ql-tipc/keymaster.c +++ b/lib/trusty/ql-tipc/keymaster.c @@ -581,21 +581,90 @@ end: return rc; } -int trusty_append_attestation_id(const char *data, uint32_t data_size) +char *get_serial(void); +int trusty_set_attestation_id(void) { - struct km_attestation_id_data attestation_id_data = { - .data_size = data_size, - .data = (uint8_t *)data, - }; - uint8_t *req = NULL; + uint8_t *req = NULL, *tmp = NULL; uint32_t req_size = 0; - int rc = km_attestation_id_data_serialize(&attestation_id_data, &req, &req_size); + int rc; + req = trusty_calloc(1024, 1); // 1024 bytes buffer should be enough. + tmp = req; + + /* fill in the device ids */ + /* brand */ + rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_BRAND, + strlen(CONFIG_ATTESTATION_ID_BRAND), + &tmp, &req_size); if (rc < 0) { - trusty_error("failed (%d) to serialize request\n", rc); + trusty_error("%s: failed (%d) to set id brand.\n", __func__, rc); + goto end; + } + + /* device */ + rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_DEVICE, + strlen(CONFIG_ATTESTATION_ID_DEVICE), + &tmp, &req_size); + if (rc < 0) { + trusty_error("%s: failed (%d) to set id device.\n", __func__, rc); goto end; } - rc = km_do_tipc(KM_APPEND_ATTESTATION_ID, req, req_size, NULL, NULL); + + /* product */ + rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_PRODUCT, + strlen(CONFIG_ATTESTATION_ID_PRODUCT), + &tmp, &req_size); + if (rc < 0) { + trusty_error("%s: failed (%d) to set id product.\n", __func__, rc); + goto end; + } + + /* serial number, bail out when fail because it's a MUST. */ + char *serial = get_serial(); + if (serial) + km_attestation_id_data_serialize((uint8_t *)serial, 16, &tmp, &req_size); + else { + trusty_error("%s: failed to get serial number.\n", __func__); + goto end; + } + + /* IMEI */ + rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_IMEI, + strlen(CONFIG_ATTESTATION_ID_IMEI), + &tmp, &req_size); + if (rc < 0) { + trusty_error("%s: failed (%d) to set id IMEI.\n", __func__, rc); + goto end; + } + + /* MEID */ + rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_MEID, + strlen(CONFIG_ATTESTATION_ID_MEID), + &tmp, &req_size); + if (rc < 0) { + trusty_error("%s: failed (%d) to set id MEID.\n", __func__, rc); + goto end; + } + + /* manufacturer */ + rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_MANUFACTURER, + strlen(CONFIG_ATTESTATION_ID_MANUFACTURER), + &tmp, &req_size); + if (rc < 0) { + trusty_error("%s: failed (%d) to set id manufacturer.\n", __func__, rc); + goto end; + } + + /* model */ + rc = km_attestation_id_data_serialize((uint8_t *)CONFIG_ATTESTATION_ID_MODEL, + strlen(CONFIG_ATTESTATION_ID_MODEL), + &tmp, &req_size); + if (rc < 0) { + trusty_error("%s: failed (%d) to set id model.\n", __func__, rc); + goto end; + } + + rc = km_do_tipc(KM_SET_ATTESTATION_IDS, req, req_size, NULL, NULL); end: if (req) { diff --git a/lib/trusty/ql-tipc/keymaster_serializable.c b/lib/trusty/ql-tipc/keymaster_serializable.c index 232a093a9e..eda9efe7bd 100644 --- a/lib/trusty/ql-tipc/keymaster_serializable.c +++ b/lib/trusty/ql-tipc/keymaster_serializable.c @@ -97,19 +97,18 @@ int km_attestation_data_serialize(const struct km_attestation_data *data, return TRUSTY_ERR_NONE; } -int km_attestation_id_data_serialize(const struct km_attestation_id_data *data, - uint8_t** out, uint32_t *out_size) +int km_attestation_id_data_serialize(const uint8_t *data, uint32_t data_size, + uint8_t** out, uint32_t *out_size) { - if (!out || !data || !out_size) { + if (!out || !out_size) { return TRUSTY_ERR_INVALID_ARGS; } - *out_size = (sizeof(data->data_size) + data->data_size); - *out = trusty_calloc(*out_size, 1); - if (!*out) { - return TRUSTY_ERR_NO_MEMORY; - } - append_sized_buf_to_buf(*out, data->data, data->data_size); + if (data_size) + *out = append_sized_buf_to_buf(*out, data, data_size); + else + *out = append_uint32_to_buf(*out, data_size); + *out_size += (sizeof(data_size) + data_size); return TRUSTY_ERR_NONE; } |