diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/avb/fsl/fsl_avbkey.c | 57 | ||||
-rw-r--r-- | lib/trusty/ql-tipc/keymaster.c | 28 |
2 files changed, 85 insertions, 0 deletions
diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c index 63d51102f3..d9c0a37dd1 100644 --- a/lib/avb/fsl/fsl_avbkey.c +++ b/lib/avb/fsl/fsl_avbkey.c @@ -25,6 +25,9 @@ #include <memalign.h> #include "trusty/hwcrypto.h" #include "fsl_atx_attributes.h" +#include <asm/mach-imx/hab.h> +#include <asm/arch/sys_proto.h> +#include <asm/mach-imx/sci/sci.h> #define INITFLAG_FUSE_OFFSET 0 #define INITFLAG_FUSE_MASK 0x00000001 @@ -1060,6 +1063,28 @@ int at_disable_vboot_unlock(void) #endif /* CONFIG_AVB_ATX */ #if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX) + +DECLARE_GLOBAL_DATA_PTR; +extern struct imx_sec_config_fuse_t const imx_sec_config_fuse; +#define HAB_ENABLED_BIT (is_soc_type(MXC_SOC_IMX8M)? 0x2000000 : 0x2) + +/* Check hab status, this is basically copied from imx_hab_is_enabled() */ +bool hab_is_enabled(void) +{ + struct imx_sec_config_fuse_t *fuse = + (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; + uint32_t reg; + int ret; + + ret = fuse_read(fuse->bank, fuse->word, ®); + if (ret) { + puts("\nSecure boot fuse read error\n"); + return ret; + } + + return (reg & HAB_ENABLED_BIT) == HAB_ENABLED_BIT; +} + int do_rpmb_key_set(uint8_t *key, uint32_t key_size) { int ret = 0; @@ -1188,5 +1213,37 @@ int avb_set_public_key(uint8_t *staged_buffer, uint32_t size) { return 0; } + +int fastboot_get_mppubk(uint8_t *staged_buffer, uint32_t *size) { + +#ifdef CONFIG_ARCH_IMX8 + sc_err_t err; + uint16_t lc; + sc_ipc_t ipcHndl = gd->arch.ipc_channel_handle; + + err = sc_seco_chip_info(ipcHndl, &lc, NULL, NULL, NULL); + if (err != SC_ERR_NONE) { + printf("Error in get lifecycle\n"); + return -1; + } + + if (lc != 0x80) { +#else + if (!hab_is_enabled()) { +#endif + ERR("Error. This command can only be used when hab is closed!!\n"); + return -1; + } + if ((staged_buffer == NULL) || (size == NULL)) { + ERR("Error. Get null staged_buffer!\n"); + return -1; + } + if (trusty_get_mppubk(staged_buffer, size)) { + ERR("Error. Failed to get mppubk!\n"); + return -1; + } + + return 0; +} #endif /* CONFIG_IMX_TRUSTY_OS && !defind(CONFIG_AVB_ATX) */ #endif /* CONFIG_SPL_BUILD */ diff --git a/lib/trusty/ql-tipc/keymaster.c b/lib/trusty/ql-tipc/keymaster.c index eaa43e3874..0826002943 100644 --- a/lib/trusty/ql-tipc/keymaster.c +++ b/lib/trusty/ql-tipc/keymaster.c @@ -480,3 +480,31 @@ int trusty_atap_read_uuid_str(char **uuid_p) } return rc; } + +int trusty_get_mppubk(uint8_t *mppubk, uint32_t *size) +{ + int rc = TRUSTY_ERR_GENERIC; + struct km_get_mppubk_resp resp; + + rc = km_send_request(KM_GET_MPPUBK, NULL, 0); + if (rc < 0) { + trusty_error("failed to send km mppubk request\n", rc); + return rc; + } + + rc = km_read_raw_response(KM_GET_MPPUBK, &resp, sizeof(resp)); + if (rc < 0) { + trusty_error("%s: failed (%d) to read km mppubk response\n", __func__, rc); + return rc; + } + + if (resp.data_size != 64) { + trusty_error("%s: Wrong mppubk size!\n", __func__); + return TRUSTY_ERR_GENERIC; + } else { + *size = resp.data_size; + } + + memcpy(mppubk, resp.data, resp.data_size); + return TRUSTY_ERR_NONE; +} |