LM
/
u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MA-13904 [Trusty] Pass root trust to keymaster service 

Pass the verified boot key hash to keymaster, it will be
treated as the root trust in keymaster service.
Also set the 'initialized' flag after initializing the
keymaster client or set keymaster boot parameters will fail.

Test: Pass CTS cases:
      android.keystore.cts.KeyAttestationTest#testRsaAttestation
      android.keystore.cts.KeyAttestationTest#testEcAttestation

Change-Id: I486b5493826160f42c61a3da0e6cd769df92254d
Signed-off-by: Ji Luo <ji.luo@nxp.com>
This commit is contained in:
Ji Luo 2019-01-07 17:18:44 +08:00
parent 4bddbabb10
commit e29e4022c5
3 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
drivers/usb/gadget/f_fastboot.c
View File

@ -83,7 +83,7 @@ extern void trusty_os_init(void);
#include "fastboot_lock_unlock.h" #include "fastboot_lock_unlock.h"
#endif #endif
#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_DUAL_BOOTLOADER) #ifdef CONFIG_IMX_TRUSTY_OS
#include "u-boot/sha256.h" #include "u-boot/sha256.h"
#endif #endif
@ -2125,12 +2125,21 @@ int trusty_setbootparameter(struct andr_img_hdr *hdr, AvbABFlowResult avb_result
keymaster_verified_boot_t vbstatus; keymaster_verified_boot_t vbstatus;
FbLockState lock_status = fastboot_get_lock_stat(); FbLockState lock_status = fastboot_get_lock_stat();
uint8_t permanent_attributes_hash[AVB_SHA256_DIGEST_SIZE]; uint8_t boot_key_hash[AVB_SHA256_DIGEST_SIZE];
#ifdef CONFIG_AVB_ATX #ifdef CONFIG_AVB_ATX
if (fsl_read_permanent_attributes_hash(&fsl_avb_atx_ops, permanent_attributes_hash)) { if (fsl_read_permanent_attributes_hash(&fsl_avb_atx_ops, boot_key_hash)) {
printf("ERROR - failed to read permanent attributes hash for keymaster\n"); printf("ERROR - failed to read permanent attributes hash for keymaster\n");
memset(permanent_attributes_hash, 0, AVB_SHA256_DIGEST_SIZE); memset(boot_key_hash, 0, AVB_SHA256_DIGEST_SIZE);
} }
#else
uint8_t public_key_buf[AVB_MAX_BUFFER_LENGTH];
if (trusty_read_vbmeta_public_key(public_key_buf,
AVB_MAX_BUFFER_LENGTH) != 0) {
printf("ERROR - failed to read public key for keymaster\n");
memset(boot_key_hash, 0, AVB_SHA256_DIGEST_SIZE);
} else
sha256_csum_wd((unsigned char *)public_key_buf, AVB_SHA256_DIGEST_SIZE,
(unsigned char *)boot_key_hash, CHUNKSZ_SHA256);
#endif #endif
bool lock = (lock_status == FASTBOOT_LOCK)? true: false; bool lock = (lock_status == FASTBOOT_LOCK)? true: false;
@ -2147,11 +2156,11 @@ int trusty_setbootparameter(struct andr_img_hdr *hdr, AvbABFlowResult avb_result
} }
trusty_set_boot_params(os_ver_km, os_lvl_km, vbstatus, lock, trusty_set_boot_params(os_ver_km, os_lvl_km, vbstatus, lock,
permanent_attributes_hash, AVB_SHA256_DIGEST_SIZE, boot_key_hash, AVB_SHA256_DIGEST_SIZE,
vbh, AVB_SHA256_DIGEST_SIZE); vbh, AVB_SHA256_DIGEST_SIZE);
#else #else
trusty_set_boot_params(os_ver_km, os_lvl_km, vbstatus, lock, trusty_set_boot_params(os_ver_km, os_lvl_km, vbstatus, lock,
permanent_attributes_hash, AVB_SHA256_DIGEST_SIZE, boot_key_hash, AVB_SHA256_DIGEST_SIZE,
NULL, 0); NULL, 0);
#endif #endif

2
lib/trusty/ql-tipc/avb.c
View File

@ -230,7 +230,7 @@ int trusty_read_vbmeta_public_key(uint8_t *publickey, uint32_t size)
return rc; return rc;
} }
/* ensure caller passed size matches size returned by Trusty */ /* ensure caller passed size matches size returned by Trusty */
if (size != resp_size) { if (size < resp_size) {
return TRUSTY_ERR_INVALID_ARGS; return TRUSTY_ERR_INVALID_ARGS;
} }
trusty_memcpy(publickey, resp_buf, resp_size); trusty_memcpy(publickey, resp_buf, resp_size);

3
lib/trusty/ql-tipc/keymaster.c
View File

@ -290,6 +290,9 @@ int km_tipc_init(struct trusty_ipc_dev *dev)
return TRUSTY_ERR_GENERIC; return TRUSTY_ERR_GENERIC;
} }
/* mark as initialized */
initialized = true;
return TRUSTY_ERR_NONE; return TRUSTY_ERR_NONE;
} }