summaryrefslogtreecommitdiff
path: root/include/fsl_fastboot.h
AgeCommit message (Collapse)Author
2019-07-16MA-15142 Support secure attestation provisionHaoran.Wang
In host end, need encrypt the attestation keys and certs by manufacture protection public key though AES-128-ECB. Then use below 4 set of commands to provision encrypted RSA attestation and EC attestation: * $fastboot stage atte_rsa_key.bin * $fastboot oem set-rsa-atte-key-enc * $fastboot stage atte_rsa_cert.bin * $fastboot oem append-rsa-atte-cert-enc * $fastboot stage atte_ec_key.bin * $fastboot oem set-ec-atte-key-enc * $fastboot stage atte_ec_cert.bin * $fastboot oem append-ec-atte-cert-enc Change-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346 Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
2019-07-16MA-15019-1 Support Manufacture Protection public key generationJi Luo
Add new keymaster commands to get Manufacure Production key (mppubk). Since the mppubk can only be generated in OEM CLOSED imx8q board, so we can only this command when the board is HAB/AHAB closed. Commands to extract the mppubk: * $fastboot oem get-mppubk * $fastboot get_staged mppubk.bin Test: Generate and dump the mppubk.bin Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4 Signed-off-by: Ji Luo <ji.luo@nxp.com>
2019-07-03MA-15062-2 change mcu firmware partition namefaqiang.zhu
new imx8mn chips have Cortex-M7 inside, not like any other existing multi-core i.MX MPU, users may manually flash mcu firmware with fastboot, partition name need to be specified at the same time, so the mcu firmware partition name need to be changed. related enum and variable names are also modified. Change-Id: Ic7b0f3ff5faaeb92d79ad6f4d9d5546a83b95b5b Signed-off-by: faqiang.zhu <faqiang.zhu@nxp.com>
2019-01-08MA-13906 [Trusty] Support commands to set attestation materialsJi Luo
Keystore attestation requires provision keys and cerificate chains into secure storage. Add commands to support rsa/ecdsa keys and certificate chains provision, each key/certificate should be staged before provision. Usage: Set rsa attestation key: fastboot stage <path-to-rsa-atte-key> fastboot oem set-rsa-atte-key Set ec attestation key: fastboot stage <path-to-ec-atte-key> fastboot oem set-ec-atte-key Append rsa attestation certs: fastboot stage <path-to-rsa-atte-cert> fastboot oem append-rsa-atte-cert Append ec attestation certs: fastboot stage <path-to-ec-atte-cert> fastboot oem append-ec-atte-cert Test: Pass CTS cases: android.keystore.cts.KeyAttestationTest#testRsaAttestation android.keystore.cts.KeyAttestationTest#testEcAttestation Change-Id: Ic3ed87e7e328a39b0f1bfb163356ea9e37d2f4fc Signed-off-by: Ji Luo <ji.luo@nxp.com>
2018-12-24MA-13832 [Trusty] Support random rpmb key setJi Luo
Sometimes we need to set random rpmb key which is invisible except for the device. Generate the random key with hwcrypto interface and support fastboot command "fastboot oem set-rpmb-random-key" to set it. Test: build and boot on imx8q. Change-Id: I44e1b6b091366d8ffceb1159fc65c17610ce5243 Signed-off-by: Ji Luo <ji.luo@nxp.com>
2018-12-12MA-13759-1 imx8mm: Enable trusty supportJi Luo
Open configs to enable trusty for imx8mm_evk and also add new config imx8mm_evk_android_trusty_defconfig based on imx8mm_evk_android_defconfig. Test: Trusty starts ok. Change-Id: Iaea90de21f886ed23082a5e8e8d2fa7fb139a9cb Signed-off-by: Ji Luo <ji.luo@nxp.com>
2018-12-04MA-13629 [Trusty] Add commands to set vbmeta public keyJi Luo
Add commands to write/read vbmeta public key to/from secure storage. The vbmeta public key can only be set once. Comands to set the public key: fastboot stage <path-to-your-public-key> fastboot oem set-public-key Test: build and boot on imx8qxp_mek. Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca Signed-off-by: Ji Luo <ji.luo@nxp.com>
2018-11-12[iot] Support command 'oem at-disable-unlock-vboot'Ji Luo
Device will be locked permanently after disabling the unlcok vboot, store the disable unlock vboot status into fuse. Since the fuse write operation is irreversible so config 'CONFIG_AVB_FUSE' is disabled by default, user need to add this config manually and run this command again. Test: Disable unlock vboot bit is set after enabling "CONFIG_AVB_FUSE", device was locked permanently after running this command. This is verified on both imx7d_pico and AIY. Change-Id: Iad8991a238763b1d662e33cba65f0b9eb44e97ef Signed-off-by: Ji Luo <ji.luo@nxp.com>
2018-11-12[iot] Support lock vboot for Android ThingsJi Luo
Supoort "fastboot oem at-lock-vboot" command for Android Things, this command can only be called after perm-attr have been fused. Test: build and boot ok on imx7d_pico and AIY. Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb Signed-off-by: Ji Luo <ji.luo@nxp.com>
2018-11-12[iot] Support authenticated unlockJi Luo
Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge" and "fastboot oem at-unlock-vboot" to support the authenticated unlock feature for Android Things devices. Use software random numbers generator to generate the 16 bytes random challenge, it should be replaced with hardware encrypted random generator when the TEE part is ready. Test: Generate unlock challenge by: ./avbtool make_atx_unlock_credential --output=atx_unlock_credential.bin --intermediate_key_certificate=atx_pik_certificate.bin --unlock_key_certificate=atx_puk_certificate.bin --challenge=my_generated_challenge.bin --unlock_key=testkey_atx_puk.pem validated the unlock credential successfully on imx7d_pico and AIY. Change-Id: I4b8cee87c9e96924169479b65020a081136681f6 Signed-off-by: Ji Luo <ji.luo@nxp.com>
2018-10-12MA-13048 [AUTO] Support program rpmb key with fastboot commandJi Luo
Add fastboot command "fastboot oem set-rpmb-key" to program the rpmb key which should be staged first. Usage: 1. fastboot stage my-rpmb-key.bin 2. fastboot oem set-rpmb-key Test: rpmb key programed successfully on imx8qxp. Change-Id: I95474a6367eb8ef0db16bb38680975b8c45b84f1 Signed-off-by: Ji Luo <ji.luo@nxp.com>
2018-09-12[iot] Support ARM64 for Trusty OSHaoran.Wang
Align the callback to ARM64 environment for Trusty OS. TEST: AIY-3G & AIY-1G board's TIPC and AVB handler works. Change-Id: I65806f56267a4a9278db04a462e351da181618cb Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
2018-08-20MA-12120 [Android] Enlarge buffer size for partition nameLuo Ji
Some partition name can be larger than 16 bytes like "factory_bootloader", enlage the buffer size to 20 bytes. Change-Id: I266c4e0af02e0ac1d758334aafcd6ed41d072dba Signed-off-by: Luo Ji <ji.luo@nxp.com>
2018-08-20[iot] Correct oem and vendor partition typeHaoran.Wang
Correct oem and vendor partition to ext4. This make it available to use fastboot command to format above two parts. Test: Builds, loads & boots successfully. ext4 file system type displayed for expected partitions in "fastboot getvar all" output.. Change-Id: If6d2c58abfb526a7162fb4cd644b6e1e209f8456 Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
2018-08-20[iot] Support atap in u-boot for imx7dYu Shan
Support Android Things Attestation Protocol in u-boot for imx7d. Change-Id: I0aef8f208cf8e81238248efc8d7dcfdbc09c3119 Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
2018-08-20[iot] Support fastboot oem fuse at-perm-attr commandYu Shan
Support "fastboot oem fuse at-perm-attr" command for ATX. The perm_attr will be stored into RPMB which managed by Trusty OS. Modified permanent_attributes related AVB ops that support Trusty OS backed RPMB storage. Change-Id: Id6248570b4294fed3c45270064196bd6b9cf9208 Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
2018-06-13MLK-18591-6 android: iot: Add boot Trusty OS codes for imx6 and imx7Ye Li
Use trusty_os_init to load Trusty OS from CONFIG_TRUSTY_OS_ENTRY before u-boot ready. Signed-off-by: Ye Li <ye.li@nxp.com> Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
2018-06-13MLK-18591-3 android: Add FSL android fastboot supportYe Li
Porting the FSL android fastboot features from imx u-boot v2017.03 to support all SoCs: imx6/imx7/imx7ulp/imx8/imx8m Signed-off-by: Ye Li <ye.li@nxp.com>
generated by cgit v1.2.3 (git 2.0.4) at 2024-06-28 00:33:08 +0000