Age | Commit message (Collapse) | Author |
|
It can be dangerous to export some hwcrypto commands to Linux,
add commands to limit some commands within bootloader.
Test: hwcrypto commands can't be used after locking boot state.
Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Add new command to generate bkek from trusty.
Test: generate and dump bkek.
Change-Id: I6b2a30b87c755eecd00ced7c53cfb86e432040de
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
In host end, need encrypt the attestation keys and certs
by manufacture protection public key though AES-128-ECB.
Then use below 4 set of commands to provision encrypted
RSA attestation and EC attestation:
* $fastboot stage atte_rsa_key.bin
* $fastboot oem set-rsa-atte-key-enc
* $fastboot stage atte_rsa_cert.bin
* $fastboot oem append-rsa-atte-cert-enc
* $fastboot stage atte_ec_key.bin
* $fastboot oem set-ec-atte-key-enc
* $fastboot stage atte_ec_cert.bin
* $fastboot oem append-ec-atte-cert-enc
Change-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
Add new keymaster commands to get Manufacure Production key (mppubk).
Since the mppubk can only be generated in OEM CLOSED imx8q board, so
we can only this command when the board is HAB/AHAB closed.
Commands to extract the mppubk:
* $fastboot oem get-mppubk
* $fastboot get_staged mppubk.bin
Test: Generate and dump the mppubk.bin
Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Add new hwcrypto command to support rng generation with CAAM.
Test: rng generated on imx8qxp_mek.
Change-Id: I756f3e99423f0f9dfc2bcd30117a3f96e9f5f2f7
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Add commands to write/read vbmeta public key to/from secure
storage. The vbmeta public key can only be set once.
Comands to set the public key:
fastboot stage <path-to-your-public-key>
fastboot oem set-public-key
Test: build and boot on imx8qxp_mek.
Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Test: Modify imx7d bootloader in b/1074236 and test with new
keymaster app.
Bug: 77873456
Change-Id: I0083630fa44c2c9fd0cabba7e7c1553488579d4e
|
|
Add new hwcrypto tipc command and handler to generate blob with
CAAM.
Test: Message exchange with trusty and blob encapsulate/decapsulate ok.
Change-Id: I925b47cb3e22eeddf4c89e84a9c994d2f30423fe
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Add new service 'hwcrypto' to handle CAAM related work
with Trusty OS. Add tipc interface to accelerate hash
calculation with CAAM.
Test: Service connect and message exchange with Trusty OS
are ok.
Change-Id: Ia870c3ad2ff30af987f327a9777a8b32f53593db
Signed-off-by: Ji Luo <ji.luo@nxp.com>
|
|
Add API and IPC calls to read the ATAP certificate UUID from keymaster.
Also rename const local variables to the standard convention.
This cherry-picked the CL 649562 from trusty/external/trusty.
Bug: 76211194
Change-Id: I98ab68180c3855e07884994dc20b879f0b59965d
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
|
|
Update to commit bb39a2b12dce8b6c9df9012faf231648de795e6d
List of changes:
bb39a2b ql-tipc: Support ATAP operations from bootloader
62b8d61 ql-tipc: Move serialization code to keymaster_serializable
8283307 avoid dead loop if tipc is closed by peer
cf3f7f5 [ql-tipc] Refactor U-boot rpmb_storage_send
4b1d74d Make logging more readable
Test: build + manual TIPC tests
Change-Id: Ib2c0e7a4a8313b6e62c1fe4f58b923c0c2d3f695
|
|
The lib provided ql-tipc communication channel with
Trusty OS.
Also the AVB, Keymaster and SecureStorage service
tipc client implement in this lib.
Change-Id: I0ab1ec9ee1b6f272b960c2e944008283c2c9249a
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
(cherry picked from commit 8fb370dd80fbb293b58115d2e7fc4970813773c7)
|