[iot] Support fastboot oem fuse at-perm-attr command
Support "fastboot oem fuse at-perm-attr" command for ATX. The perm_attr will be stored into RPMB which managed by Trusty OS. Modified permanent_attributes related AVB ops that support Trusty OS backed RPMB storage. Change-Id: Id6248570b4294fed3c45270064196bd6b9cf9208 Signed-off-by: Haoran.Wang <elven.wang@nxp.com>zero-sugar
parent
b92b0e1d49
commit
fd9eec336e
|
@ -2983,7 +2983,7 @@ static int get_single_var(char *cmd, char *response)
|
|||
if (s) {
|
||||
strncat(response, s, chars_left);
|
||||
} else {
|
||||
sprintf(response,"FAILunknow variable:%s",cmd);
|
||||
snprintf(response, chars_left, "FAILunknown variable:%s",cmd);
|
||||
printf("WARNING: unknown variable: %s\n", cmd);
|
||||
return -1;
|
||||
}
|
||||
|
@ -3165,46 +3165,59 @@ static FbLockState do_fastboot_lock(void)
|
|||
return FASTBOOT_LOCK;
|
||||
}
|
||||
|
||||
static bool endswith(char* s, char* subs) {
|
||||
if (!s || !subs)
|
||||
return false;
|
||||
uint32_t len = strlen(s);
|
||||
uint32_t sublen = strlen(subs);
|
||||
if (len < sublen) {
|
||||
return false;
|
||||
}
|
||||
if (strncmp(s + len - sublen, subs, sublen)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static void cb_flashing(struct usb_ep *ep, struct usb_request *req)
|
||||
{
|
||||
char *cmd = req->buf;
|
||||
char response[FASTBOOT_RESPONSE_LEN];
|
||||
unsigned char len = strlen(cmd);
|
||||
FbLockState status;
|
||||
FbLockEnableResult result;
|
||||
|
||||
if (endswith(cmd, "lock_critical")) {
|
||||
strcpy(response, "OKAY");
|
||||
}
|
||||
#ifdef CONFIG_AVB_ATX
|
||||
else if (endswith(cmd, FASTBOOT_AVB_AT_PERM_ATTR)) {
|
||||
if (avb_atx_fuse_perm_attr(interface.transfer_buffer, download_bytes))
|
||||
strcpy(response, "FAILInternal error!");
|
||||
else
|
||||
strcpy(response, "OKAY");
|
||||
}
|
||||
#endif /* CONFIG_AVB_ATX */
|
||||
#ifdef CONFIG_ANDROID_THINGS_SUPPORT
|
||||
if (!strncmp(cmd + len - strlen(FASTBOOT_BOOTLOADER_VBOOT_KEY),
|
||||
FASTBOOT_BOOTLOADER_VBOOT_KEY,
|
||||
strlen(FASTBOOT_BOOTLOADER_VBOOT_KEY))) {
|
||||
else if (endswith(cmd, FASTBOOT_BOOTLOADER_VBOOT_KEY)) {
|
||||
strcpy(response, "OKAY");
|
||||
} else if (!strncmp(cmd + len - strlen("unlock_critical"),
|
||||
"unlock_critical", strlen("unlock_critical"))) {
|
||||
#else
|
||||
if (!strncmp(cmd + len - strlen("unlock_critical"),
|
||||
"unlock_critical", strlen("unlock_critical"))) {
|
||||
#endif
|
||||
}
|
||||
#endif /* CONFIG_ANDROID_THINGS_SUPPORT */
|
||||
else if (endswith(cmd, "unlock_critical")) {
|
||||
strcpy(response, "OKAY");
|
||||
} else if (!strncmp(cmd + len - strlen("lock_critical"),
|
||||
"lock_critical", strlen("lock_critical"))) {
|
||||
strcpy(response, "OKAY");
|
||||
} else if (!strncmp(cmd + len - strlen("unlock"),
|
||||
"unlock", strlen("unlock"))) {
|
||||
} else if (endswith(cmd, "unlock")) {
|
||||
printf("flashing unlock.\n");
|
||||
status = do_fastboot_unlock(false);
|
||||
if (status != FASTBOOT_LOCK_ERROR)
|
||||
strcpy(response, "OKAY");
|
||||
else
|
||||
strcpy(response, "FAIL unlock device failed.");
|
||||
} else if (!strncmp(cmd + len - strlen("lock"), "lock", strlen("lock"))) {
|
||||
strcpy(response, "FAILunlock device failed.");
|
||||
} else if (endswith(cmd, "lock")) {
|
||||
printf("flashing lock.\n");
|
||||
status = do_fastboot_lock();
|
||||
if (status != FASTBOOT_LOCK_ERROR)
|
||||
strcpy(response, "OKAY");
|
||||
else
|
||||
strcpy(response, "FAIL lock device failed.");
|
||||
} else if (!strncmp(cmd + len - strlen("get_unlock_ability"),
|
||||
"get_unlock_ability", strlen("get_unlock_ability"))) {
|
||||
strcpy(response, "FAILlock device failed.");
|
||||
} else if (endswith(cmd, "get_unlock_ability")) {
|
||||
result = fastboot_lock_enable();
|
||||
if (result == FASTBOOT_UL_ENABLE) {
|
||||
fastboot_tx_write_more("INFO1");
|
||||
|
@ -3214,15 +3227,19 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req)
|
|||
strcpy(response, "OKAY");
|
||||
} else {
|
||||
printf("flashing get_unlock_ability fail!\n");
|
||||
strcpy(response, "FAIL get unlock ability failed.");
|
||||
strcpy(response, "FAILget unlock ability failed.");
|
||||
}
|
||||
} else {
|
||||
printf("Unknown flashing command:%s\n", cmd);
|
||||
strcpy(response, "FAIL command not defined");
|
||||
strcpy(response, "FAILcommand not defined");
|
||||
}
|
||||
fastboot_tx_write_more(response);
|
||||
}
|
||||
|
||||
#endif /* CONFIG_FASTBOOT_LOCK */
|
||||
|
||||
#ifdef CONFIG_FSL_FASTBOOT
|
||||
#ifdef CONFIG_FASTBOOT_LOCK
|
||||
static int partition_table_valid(void)
|
||||
{
|
||||
int status, mmc_no;
|
||||
|
@ -3236,7 +3253,7 @@ static int partition_table_valid(void)
|
|||
status = -1;
|
||||
return (status == 0);
|
||||
}
|
||||
|
||||
#endif
|
||||
#endif /* CONFIG_FASTBOOT_LOCK */
|
||||
|
||||
#ifdef CONFIG_FASTBOOT_FLASH
|
||||
|
@ -3268,7 +3285,7 @@ static void cb_flash(struct usb_ep *ep, struct usb_request *req)
|
|||
} else if (status == FASTBOOT_LOCK_ERROR) {
|
||||
pr_err("write lock status into device!\n");
|
||||
fastboot_set_lock_stat(FASTBOOT_LOCK);
|
||||
strcpy(response, "FAIL device is locked.");
|
||||
strcpy(response, "FAILdevice is locked.");
|
||||
fastboot_tx_write_str(response);
|
||||
return;
|
||||
}
|
||||
|
@ -3327,7 +3344,7 @@ static void cb_erase(struct usb_ep *ep, struct usb_request *req)
|
|||
} else if (status == FASTBOOT_LOCK_ERROR) {
|
||||
pr_err("write lock status into device!\n");
|
||||
fastboot_set_lock_stat(FASTBOOT_LOCK);
|
||||
strcpy(response, "FAIL device is locked.");
|
||||
strcpy(response, "FAILdevice is locked.");
|
||||
fastboot_tx_write_str(response);
|
||||
return;
|
||||
}
|
||||
|
@ -3786,6 +3803,12 @@ static const struct cmd_dispatch_info cmd_dispatch_info[] = {
|
|||
.cb = cb_oem,
|
||||
},
|
||||
#endif
|
||||
#ifdef CONFIG_AVB_ATX
|
||||
{
|
||||
.cmd = "stage",
|
||||
.cb = cb_download,
|
||||
},
|
||||
#endif
|
||||
};
|
||||
|
||||
static void rx_handler_command(struct usb_ep *ep, struct usb_request *req)
|
||||
|
|
|
@ -219,4 +219,8 @@ AvbABFlowResult avb_single_flow(AvbABOps* ab_ops,
|
|||
AvbSlotVerifyFlags flags,
|
||||
AvbHashtreeErrorMode hashtree_error_mode,
|
||||
AvbSlotVerifyData** out_data);
|
||||
|
||||
/* Program ATX perm_attr into RPMB partition */
|
||||
int avb_atx_fuse_perm_attr(uint8_t *staged_buffer, uint32_t size);
|
||||
|
||||
#endif /* __FSL_AVB_H__ */
|
||||
|
|
|
@ -81,7 +81,10 @@
|
|||
|
||||
#ifdef CONFIG_ANDROID_THINGS_SUPPORT
|
||||
#define FASTBOOT_BOOTLOADER_VBOOT_KEY "fuse at-bootloader-vboot-key"
|
||||
#endif
|
||||
#ifdef CONFIG_AVB_ATX
|
||||
#define FASTBOOT_AVB_AT_PERM_ATTR "fuse at-perm-attr"
|
||||
#endif /* CONFIG_AVB_ATX */
|
||||
#endif /* CONFIG_ANDROID_THINGS_SUPPORT */
|
||||
|
||||
enum {
|
||||
DEV_SATA,
|
||||
|
|
|
@ -184,12 +184,19 @@ static int sha256(unsigned char* data, int len, unsigned char* output) {
|
|||
static int permanent_attributes_sha256_hash(unsigned char* output) {
|
||||
AvbAtxPermanentAttributes attributes;
|
||||
|
||||
#ifdef CONFIG_IMX_TRUSTY_OS
|
||||
if(trusty_read_permanent_attributes((uint8_t *)(&attributes),
|
||||
sizeof(AvbAtxPermanentAttributes))) {
|
||||
return RESULT_ERROR;
|
||||
}
|
||||
#else
|
||||
/* get permanent attributes */
|
||||
attributes.version = fsl_version;
|
||||
memcpy(attributes.product_root_public_key, fsl_product_root_public_key,
|
||||
sizeof(fsl_product_root_public_key));
|
||||
memcpy(attributes.product_id, fsl_atx_product_id,
|
||||
sizeof(fsl_atx_product_id));
|
||||
#endif
|
||||
/* calculate sha256(permanent attributes) hash */
|
||||
if (sha256((unsigned char *)&attributes, sizeof(AvbAtxPermanentAttributes),
|
||||
output) == RESULT_ERROR) {
|
||||
|
@ -221,6 +228,7 @@ static int init_permanent_attributes_fuse(void) {
|
|||
|
||||
/* calculate sha256(permanent attributes) */
|
||||
if (permanent_attributes_sha256_hash(sha256_hash) != RESULT_OK) {
|
||||
printf("ERROR - calculating permanent attributes SHA256 error!\n");
|
||||
return RESULT_ERROR;
|
||||
}
|
||||
|
||||
|
@ -236,6 +244,37 @@ static int init_permanent_attributes_fuse(void) {
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_AVB_ATX
|
||||
int avb_atx_fuse_perm_attr(uint8_t *staged_buffer, uint32_t size) {
|
||||
|
||||
if (staged_buffer == NULL) {
|
||||
ERR("Error. Get null staged_buffer\n");
|
||||
return -1;
|
||||
}
|
||||
if (size != sizeof(AvbAtxPermanentAttributes)) {
|
||||
ERR("Error. expect perm_attr length %d, but get %d.\n",
|
||||
sizeof(AvbAtxPermanentAttributes), size);
|
||||
return -1;
|
||||
}
|
||||
#ifdef CONFIG_IMX_TRUSTY_OS
|
||||
if (trusty_write_permanent_attributes(staged_buffer, size)) {
|
||||
ERR("Error. Failed to write permanent attributes into secure storage\n");
|
||||
return -1;
|
||||
}
|
||||
else
|
||||
return init_permanent_attributes_fuse();
|
||||
#else
|
||||
/*
|
||||
* TODO:
|
||||
* Need to handle this when no Trusty OS support.
|
||||
* But now every Android Things will have Trusty OS support.
|
||||
*/
|
||||
ERR("No Trusty OS enabled in bootloader.\n");
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef AVB_RPMB
|
||||
static int rpmb_read(struct mmc *mmc, uint8_t *buffer, size_t num_bytes, int64_t offset);
|
||||
static int rpmb_write(struct mmc *mmc, uint8_t *buffer, size_t num_bytes, int64_t offset);
|
||||
|
@ -481,7 +520,7 @@ int init_avbkey(void) {
|
|||
}
|
||||
if (rpmb_init())
|
||||
return RESULT_ERROR;
|
||||
#ifdef CONFIG_AVB_ATX
|
||||
#if defined(CONFIG_AVB_ATX) && !defined(CONFIG_IMX_TRUSTY_OS)
|
||||
if (init_permanent_attributes_fuse())
|
||||
return RESULT_ERROR;
|
||||
#endif
|
||||
|
@ -1152,6 +1191,14 @@ fail:
|
|||
*/
|
||||
AvbIOResult fsl_read_permanent_attributes(
|
||||
AvbAtxOps* atx_ops, AvbAtxPermanentAttributes* attributes) {
|
||||
#ifdef CONFIG_IMX_TRUSTY_OS
|
||||
if (trusty_read_permanent_attributes((uint8_t *)attributes,
|
||||
sizeof(AvbAtxPermanentAttributes))) {
|
||||
ERR("Error. Failed to read permanent attributes from secure storage\n");
|
||||
return AVB_IO_RESULT_ERROR_IO;
|
||||
} else
|
||||
return AVB_IO_RESULT_OK;
|
||||
#else
|
||||
/* use hard code permanent attributes due to limited fuse and RPMB */
|
||||
attributes->version = fsl_version;
|
||||
memcpy(attributes->product_root_public_key, fsl_product_root_public_key,
|
||||
|
@ -1160,6 +1207,7 @@ AvbIOResult fsl_read_permanent_attributes(
|
|||
sizeof(fsl_atx_product_id));
|
||||
|
||||
return AVB_IO_RESULT_OK;
|
||||
#endif /* CONFIG_IMX_TRUSTY_OS */
|
||||
}
|
||||
|
||||
/* Reads a |hash| of permanent attributes. This hash MUST be retrieved from a
|
||||
|
|
Loading…
Reference in New Issue