[iot] Use Trusty OS handle RollbackIndex and lock status
Use Trusty OS AVB manager handle RollbackIndex and lock status into RPMB partition. Change-Id: Idfe7234cfa31b2169af59b64e00f028542c49240 Signed-off-by: Haoran.Wang <elven.wang@nxp.com>zero-sugar
Yu Shan
Ji Luo
parent
d2275a5926
commit
b92b0e1d49
|
|
@ -2217,6 +2217,8 @@ dt_read_done:
|
|||
#ifdef CONFIG_IMX_TRUSTY_OS
|
||||
/* Trusty keymaster needs some parameters before it work */
|
||||
trusty_setbootparameter(hdr, avb_result);
|
||||
/* lock the boot status and rollback_idx preventing Linux modify it */
|
||||
trusty_lock_boot_state();
|
||||
/* put ql-tipc to release resource for Linux */
|
||||
trusty_ipc_shutdown();
|
||||
#endif
|
||||
|
|
@ -3132,7 +3134,7 @@ static FbLockState do_fastboot_unlock(bool force)
|
|||
fastboot_wipe_data_partition();
|
||||
printf("Wipe /data completed.\n");
|
||||
|
||||
#ifdef CONFIG_AVB_SUPPORT
|
||||
#if defined(CONFIG_AVB_SUPPORT) && !defined(CONFIG_IMX_TRUSTY_OS)
|
||||
printf("Start stored_rollback_index wipe process....\n");
|
||||
rbkidx_erase();
|
||||
printf("Wipe stored_rollback_index completed.\n");
|
||||
|
|
|
|||
|
|
@ -37,6 +37,9 @@
|
|||
#include <stdlib.h>
|
||||
#include "fastboot_lock_unlock.h"
|
||||
#include <fsl_fastboot.h>
|
||||
#ifdef CONFIG_IMX_TRUSTY_OS
|
||||
#include <trusty/libtipc.h>
|
||||
#endif
|
||||
|
||||
#ifdef FASTBOOT_ENCRYPT_LOCK
|
||||
|
||||
|
|
@ -214,6 +217,30 @@ static inline unsigned char lock_enable_parse(unsigned char* bdata) {
|
|||
}
|
||||
|
||||
static FbLockState g_lockstat = FASTBOOT_UNLOCK;
|
||||
|
||||
#ifdef CONFIG_IMX_TRUSTY_OS
|
||||
FbLockState fastboot_get_lock_stat(void) {
|
||||
uint8_t l_status;
|
||||
int ret;
|
||||
ret = trusty_read_lock_state(&l_status);
|
||||
if (ret < 0)
|
||||
return g_lockstat;
|
||||
else
|
||||
return l_status;
|
||||
|
||||
}
|
||||
|
||||
int fastboot_set_lock_stat(FbLockState lock) {
|
||||
int ret;
|
||||
ret = trusty_write_lock_state(lock);
|
||||
if (ret < 0) {
|
||||
printf("cannot set lock status due Trusty return %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
|
||||
/*
|
||||
* Set status of the lock&unlock to FSL_FASTBOOT_FB_PART
|
||||
* Currently use the very first Byte of FSL_FASTBOOT_FB_PART
|
||||
|
|
@ -306,6 +333,7 @@ fail:
|
|||
free(bdata);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/* Return the last byte of of FSL_FASTBOOT_PR_DATA
|
||||
|
|
|
|||
|
|
@ -16,6 +16,9 @@
|
|||
#include <mapmem.h>
|
||||
|
||||
#include <fsl_avb.h>
|
||||
#ifdef CONFIG_IMX_TRUSTY_OS
|
||||
#include <trusty/libtipc.h>
|
||||
#endif
|
||||
#include "fsl_avbkey.h"
|
||||
#include "fsl_public_key.h"
|
||||
#include "fsl_atx_attributes.h"
|
||||
|
|
@ -968,11 +971,20 @@ AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops,
|
|||
*/
|
||||
AvbIOResult fsl_read_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
|
||||
uint64_t* out_rollback_index) {
|
||||
AvbIOResult ret;
|
||||
#ifdef CONFIG_IMX_TRUSTY_OS
|
||||
if (trusty_read_rollback_index(rollback_index_slot, out_rollback_index)) {
|
||||
ERR("read rollback from Trusty error!");
|
||||
ret = AVB_IO_RESULT_ERROR_IO;
|
||||
} else {
|
||||
ret = AVB_IO_RESULT_OK;
|
||||
}
|
||||
return ret;
|
||||
#else
|
||||
kblb_hdr_t hdr;
|
||||
kblb_tag_t *rbk;
|
||||
uint64_t *extract_idx = NULL;
|
||||
struct mmc *mmc_dev;
|
||||
AvbIOResult ret;
|
||||
#ifdef CONFIG_AVB_ATX
|
||||
static const uint32_t kTypeMask = 0xF000;
|
||||
static const unsigned int kTypeShift = 12;
|
||||
|
|
@ -1016,7 +1028,7 @@ AvbIOResult fsl_read_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot
|
|||
}
|
||||
#else
|
||||
rbk = &hdr.rbk_tags[rollback_index_slot];
|
||||
#endif
|
||||
#endif /* CONFIG_AVB_ATX */
|
||||
extract_idx = malloc(rbk->len);
|
||||
if (extract_idx == NULL)
|
||||
return AVB_IO_RESULT_ERROR_OOM;
|
||||
|
|
@ -1040,6 +1052,7 @@ fail:
|
|||
if (extract_idx != NULL)
|
||||
free(extract_idx);
|
||||
return ret;
|
||||
#endif /* CONFIG_IMX_TRUSTY_OS */
|
||||
}
|
||||
|
||||
/* Sets the rollback index corresponding to the slot given by
|
||||
|
|
@ -1053,11 +1066,20 @@ fail:
|
|||
*/
|
||||
AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
|
||||
uint64_t rollback_index) {
|
||||
AvbIOResult ret;
|
||||
#ifdef CONFIG_IMX_TRUSTY_OS
|
||||
if (trusty_write_rollback_index(rollback_index_slot, rollback_index)) {
|
||||
ERR("write rollback from Trusty error!");
|
||||
ret = AVB_IO_RESULT_ERROR_IO;
|
||||
} else {
|
||||
ret = AVB_IO_RESULT_OK;
|
||||
}
|
||||
return ret;
|
||||
#else
|
||||
kblb_hdr_t hdr;
|
||||
kblb_tag_t *rbk;
|
||||
uint64_t *plain_idx = NULL;
|
||||
struct mmc *mmc_dev;
|
||||
AvbIOResult ret;
|
||||
#ifdef CONFIG_AVB_ATX
|
||||
static const uint32_t kTypeMask = 0xF000;
|
||||
static const unsigned int kTypeShift = 12;
|
||||
|
|
@ -1072,7 +1094,7 @@ AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slo
|
|||
if ((rollback_index_slot & ~kTypeMask) >= AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS)
|
||||
#else
|
||||
if (rollback_index_slot >= AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS)
|
||||
#endif
|
||||
#endif /* CONFIG_AVB_ATX */
|
||||
return AVB_IO_RESULT_ERROR_IO;
|
||||
|
||||
if ((mmc_dev = get_mmc()) == NULL) {
|
||||
|
|
@ -1100,7 +1122,7 @@ AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slo
|
|||
}
|
||||
#else
|
||||
rbk = &hdr.rbk_tags[rollback_index_slot];
|
||||
#endif
|
||||
#endif /* CONFIG_AVB_ATX */
|
||||
plain_idx = malloc(rbk->len);
|
||||
if (plain_idx == NULL)
|
||||
return AVB_IO_RESULT_ERROR_OOM;
|
||||
|
|
@ -1119,6 +1141,7 @@ fail:
|
|||
if (plain_idx != NULL)
|
||||
free(plain_idx);
|
||||
return ret;
|
||||
#endif /* CONFIG_IMX_TRUSTY_OS */
|
||||
}
|
||||
#endif /* CONFIG_FSL_CAAM_KB */
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue