MA-13906 [Trusty] Support commands to set attestation materials

Keystore attestation requires provision keys and cerificate chains into
secure storage. Add commands to support rsa/ecdsa keys and certificate
chains provision, each key/certificate should be staged before provision.
Usage:
  Set rsa attestation key:
      fastboot stage <path-to-rsa-atte-key>
      fastboot oem set-rsa-atte-key
  Set ec attestation key:
      fastboot stage <path-to-ec-atte-key>
      fastboot oem set-ec-atte-key
  Append rsa attestation certs:
      fastboot stage <path-to-rsa-atte-cert>
      fastboot oem append-rsa-atte-cert
  Append ec attestation certs:
      fastboot stage <path-to-ec-atte-cert>
      fastboot oem append-ec-atte-cert

Test: Pass CTS cases:
      android.keystore.cts.KeyAttestationTest#testRsaAttestation
      android.keystore.cts.KeyAttestationTest#testEcAttestation

Change-Id: Ic3ed87e7e328a39b0f1bfb163356ea9e37d2f4fc
Signed-off-by: Ji Luo <ji.luo@nxp.com>

drivers/usb/gadget/f_fastboot.c

@@ -3802,13 +3802,52 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req)
 			strcpy(response, "OKAY");
 		}
 
-	}
-	else if (endswith(cmd, FASTBOOT_SET_CA_RESP)) {
+	} else if (endswith(cmd, FASTBOOT_SET_CA_RESP)) {
 		if (trusty_atap_set_ca_response(interface.transfer_buffer,download_bytes)) {
 			printf("ERROR set_ca_response failed!\n");
 			strcpy(response, "FAILInternal error!");
 		} else
 			strcpy(response, "OKAY");
+	} else if (endswith(cmd, FASTBOOT_SET_RSA_ATTESTATION_KEY)) {
+		if (trusty_set_attestation_key(interface.transfer_buffer,
+						download_bytes,
+						KM_ALGORITHM_RSA)) {
+			printf("ERROR set rsa attestation key failed!\n");
+			strcpy(response, "FAILInternal error!");
+		} else {
+			printf("Set rsa attestation key successfully!\n");
+			strcpy(response, "OKAY");
+		}
+	} else if (endswith(cmd, FASTBOOT_SET_EC_ATTESTATION_KEY)) {
+		if (trusty_set_attestation_key(interface.transfer_buffer,
+						download_bytes,
+						KM_ALGORITHM_EC)) {
+			printf("ERROR set ec attestation key failed!\n");
+			strcpy(response, "FAILInternal error!");
+		} else {
+			printf("Set ec attestation key successfully!\n");
+			strcpy(response, "OKAY");
+		}
+	} else if (endswith(cmd, FASTBOOT_APPEND_RSA_ATTESTATION_CERT)) {
+		if (trusty_append_attestation_cert_chain(interface.transfer_buffer,
+							download_bytes,
+							KM_ALGORITHM_RSA)) {
+			printf("ERROR append rsa attestation cert chain failed!\n");
+			strcpy(response, "FAILInternal error!");
+		} else {
+			printf("Append rsa attestation key successfully!\n");
+			strcpy(response, "OKAY");
+		}
+	}  else if (endswith(cmd, FASTBOOT_APPEND_EC_ATTESTATION_CERT)) {
+		if (trusty_append_attestation_cert_chain(interface.transfer_buffer,
+							download_bytes,
+							KM_ALGORITHM_EC)) {
+			printf("ERROR append ec attestation cert chain failed!\n");
+			strcpy(response, "FAILInternal error!");
+		} else {
+			printf("Append ec attestation key successfully!\n");
+			strcpy(response, "OKAY");
+		}
 	}
 #ifndef CONFIG_AVB_ATX
 	else if (endswith(cmd, FASTBOOT_SET_RPMB_KEY)) {

include/fsl_fastboot.h

@@ -92,6 +92,10 @@
 
 #define FASTBOOT_SET_CA_RESP "at-set-ca-response"
 #define FASTBOOT_GET_CA_REQ  "at-get-ca-request"
+#define FASTBOOT_SET_RSA_ATTESTATION_KEY  "set-rsa-atte-key"
+#define FASTBOOT_SET_EC_ATTESTATION_KEY  "set-ec-atte-key"
+#define FASTBOOT_APPEND_RSA_ATTESTATION_CERT  "append-rsa-atte-cert"
+#define FASTBOOT_APPEND_EC_ATTESTATION_CERT  "append-ec-atte-cert"
 #endif
 
 #ifdef CONFIG_ANDROID_THINGS_SUPPORT