Browse Source

MA-9409-1 enable avb on android things.

Porting below patches from v2015.04_raw_brillo
MA-9095 configs: enable 7d's avb using RPMB
MA-9094 caam: enable 7d's caam
MA-9077 configs: enable fuse program in pico/iopb
MA-9077 libavb: fsl: use rpmb
MA-9077 libavb: fsl: add utils
MA-9077 caam: add hwrng
MA-9077 mmc: support emmc 5.1
MA-9077 configs: add rpmb support
MA-9073 Make uboot into fastboot mode if failed on normal boot
MA-9043 Append the real selected slot in bootargs_sec env
libavb: workaround: do not touch A/B metadata in UNLOCKED
libavb: fsl: use fsl_avb.h as top level header
libavb: update avb
MA-9043 Append the real selected slot in bootargs_sec env
libavb: do not touch a/b metadata in UNLOCK
libavb: fsl: use bootctl to select slot in UNLOCK
MA-8987 imx: imx6ul: picosom: add avb support
MA-9007 fastboot: Remove NULL pointer print
MA-8986 fastboot: use FASTBOOT_PARTITION_AVBKEY instead of "avbkey"
MA-9015 fastboot: fix fastboot unlock return fail
MA-9027 fastboot: support set_active to 'a' 'b'
MA-8986-7 libavb: fsl: use fuse to prevent multiple init avbkey
MA-8986-6 image: android: add secondary cmdline generated by avb
MA-8986-5 fastboot: add fsl_avb support
MA-8986-4 libavb: modify max num of rollback_index slot to 4
MA-8986-3 libavb: fsl: add fsl_avb related functions
MA-8986-2 libavb: fix build libavb
MA-8986-1 libavb: add libavb
MA-8985-3 fastboot: lock/unlock: fix memory leaks
MA-8985-2 fastboot: lock/unlock: use partition name instead of part_index
MA-8985-1 fastboot: lock/unlock: use FbLockState/FbLockEnableResult

Change-Id: I2d9369fc7ac42a8b555c8d12e69eceb9044b8054
Signed-off-by: Winter Wang <wente.wang@nxp.com>
Signed-off-by: zhang sanshan <sanshan.zhang@nxp.com>
zhang sanshan 4 years ago
parent
commit
44834fd12f
65 changed files with 8540 additions and 130 deletions
  1. +8
    -0
      arch/arm/include/asm/arch-mx7/crm_regs.h
  2. +9
    -0
      common/image-android.c
  3. +1
    -1
      configs/picosom-imx6ul_defconfig
  4. +96
    -21
      drivers/crypto/fsl_caam.c
  5. +45
    -45
      drivers/crypto/fsl_caam_internal.h
  6. +5
    -0
      drivers/mmc/mmc.c
  7. +19
    -9
      drivers/usb/gadget/bootctrl.c
  8. +1
    -1
      drivers/usb/gadget/bootctrl.h
  9. +259
    -13
      drivers/usb/gadget/f_fastboot.c
  10. +57
    -32
      drivers/usb/gadget/fastboot_lock_unlock.c
  11. +8
    -8
      drivers/usb/gadget/fastboot_lock_unlock.h
  12. +4
    -0
      include/configs/mx6ul_14x14_evk.h
  13. +8
    -0
      include/configs/mx6ul_14x14_evk_brillo.h
  14. +7
    -0
      include/configs/picosom-imx6ul.h
  15. +174
    -0
      include/fsl_avb.h
  16. +1
    -0
      include/fsl_caam.h
  17. +9
    -0
      include/fsl_fastboot.h
  18. +1
    -0
      lib/Makefile
  19. +14
    -0
      lib/avb/Makefile
  20. +5
    -0
      lib/avb/fsl/Makefile
  21. +35
    -0
      lib/avb/fsl/debug.h
  22. +414
    -0
      lib/avb/fsl/fsl_avb.c
  23. +715
    -0
      lib/avb/fsl/fsl_avbkey.c
  24. +44
    -0
      lib/avb/fsl/fsl_avbkey.h
  25. +176
    -0
      lib/avb/fsl/fsl_bootctl.c
  26. +51
    -0
      lib/avb/fsl/utils.c
  27. +25
    -0
      lib/avb/fsl/utils.h
  28. +17
    -0
      lib/avb/libavb/Makefile
  29. +64
    -0
      lib/avb/libavb/avb_chain_partition_descriptor.c
  30. +72
    -0
      lib/avb/libavb/avb_chain_partition_descriptor.h
  31. +112
    -0
      lib/avb/libavb/avb_crc32.c
  32. +38
    -0
      lib/avb/libavb/avb_crypto.c
  33. +137
    -0
      lib/avb/libavb/avb_crypto.h
  34. +159
    -0
      lib/avb/libavb/avb_descriptor.c
  35. +129
    -0
      lib/avb/libavb/avb_descriptor.h
  36. +54
    -0
      lib/avb/libavb/avb_footer.c
  37. +86
    -0
      lib/avb/libavb/avb_footer.h
  38. +61
    -0
      lib/avb/libavb/avb_hash_descriptor.c
  39. +73
    -0
      lib/avb/libavb/avb_hash_descriptor.h
  40. +69
    -0
      lib/avb/libavb/avb_hashtree_descriptor.c
  41. +83
    -0
      lib/avb/libavb/avb_hashtree_descriptor.h
  42. +57
    -0
      lib/avb/libavb/avb_kernel_cmdline_descriptor.c
  43. +62
    -0
      lib/avb/libavb/avb_kernel_cmdline_descriptor.h
  44. +177
    -0
      lib/avb/libavb/avb_ops.h
  45. +167
    -0
      lib/avb/libavb/avb_property_descriptor.c
  46. +101
    -0
      lib/avb/libavb/avb_property_descriptor.h
  47. +271
    -0
      lib/avb/libavb/avb_rsa.c
  48. +78
    -0
      lib/avb/libavb/avb_rsa.h
  49. +94
    -0
      lib/avb/libavb/avb_sha.h
  50. +384
    -0
      lib/avb/libavb/avb_sha256.c
  51. +380
    -0
      lib/avb/libavb/avb_sha512.c
  52. +857
    -0
      lib/avb/libavb/avb_slot_verify.c
  53. +195
    -0
      lib/avb/libavb/avb_slot_verify.h
  54. +113
    -0
      lib/avb/libavb/avb_sysdeps.h
  55. +64
    -0
      lib/avb/libavb/avb_sysdeps_uboot.c
  56. +319
    -0
      lib/avb/libavb/avb_util.c
  57. +232
    -0
      lib/avb/libavb/avb_util.h
  58. +562
    -0
      lib/avb/libavb/avb_vbmeta_image.c
  59. +240
    -0
      lib/avb/libavb/avb_vbmeta_image.h
  60. +49
    -0
      lib/avb/libavb/libavb.h
  61. +2
    -0
      lib/avb/libavb_ab/Makefile
  62. +447
    -0
      lib/avb/libavb_ab/avb_ab_flow.c
  63. +226
    -0
      lib/avb/libavb_ab/avb_ab_flow.h
  64. +78
    -0
      lib/avb/libavb_ab/avb_ab_ops.h
  65. +40
    -0
      lib/avb/libavb_ab/libavb_ab.h

+ 8
- 0
arch/arm/include/asm/arch-mx7/crm_regs.h View File

@ -1999,6 +1999,14 @@ struct mxc_ccm_anatop_reg {
#define TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR_SHIFT 29
#define TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR(x) (((uint32_t)(((uint32_t)(x))<<TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR_SHIFT))&TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR_MASK)
#define MXC_CCM_CCGR36_CAAM_DOMAIN3_OFFSET 12
#define MXC_CCM_CCGR36_CAAM_DOMAIN3_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN3_OFFSET)
#define MXC_CCM_CCGR36_CAAM_DOMAIN2_OFFSET 8
#define MXC_CCM_CCGR36_CAAM_DOMAIN2_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN2_OFFSET)
#define MXC_CCM_CCGR36_CAAM_DOMAIN1_OFFSET 4
#define MXC_CCM_CCGR36_CAAM_DOMAIN1_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN1_OFFSET)
#define MXC_CCM_CCGR36_CAAM_DOMAIN0_OFFSET 0
#define MXC_CCM_CCGR36_CAAM_DOMAIN0_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN0_OFFSET)
#define CCM_GPR(i) (CCM_BASE_ADDRESS + CCM_GPR0_OFFSET + 0x10 * (i))
#define CCM_OBSERVE(i) (CCM_BASE_ADDRESS + CCM_OBSERVE0_OFFSET + 0x10 * (i))


+ 9
- 0
common/image-android.c View File

@ -135,6 +135,15 @@ int android_image_get_kernel(const struct andr_img_hdr *hdr, int verify,
sprintf(suffixStr, " androidboot.slot_suffix=%s", get_slot_suffix());
strcat(commandline, suffixStr);
#endif
#ifdef CONFIG_AVB_SUPPORT
/* secondary cmdline added by avb */
char *bootargs_sec = getenv("bootargs_sec");
if (bootargs_sec) {
strcat(commandline, " ");
strcat(commandline, bootargs_sec);
}
#endif
setenv("bootargs", commandline);
if (os_data) {


+ 1
- 1
configs/picosom-imx6ul_defconfig View File

@ -1,4 +1,4 @@
CONFIG_SYS_EXTRA_OPTIONS="IMX_CONFIG=board/technexion/picosom-imx6ul/imximage.cfg,ANDROID_SUPPORT,ANDROID_THINGS_SUPPORT,FSL_BOOTCTL"
CONFIG_SYS_EXTRA_OPTIONS="IMX_CONFIG=board/technexion/picosom-imx6ul/imximage.cfg,ANDROID_SUPPORT,ANDROID_THINGS_SUPPORT,AVB_SUPPORT,AVB_FUSE"
CONFIG_ARM=y
CONFIG_ARCH_MX6=y
CONFIG_TARGET_PICOSOM_IMX6UL=y


+ 96
- 21
drivers/crypto/fsl_caam.c View File

@ -68,6 +68,7 @@ uint32_t encap_dsc[] =
ENCAP_BLOB_DESC9
};
uint32_t hwrng_dsc[6] = {0};
uint32_t rng_inst_dsc[] =
{
RNG_INST_DESC1,
@ -87,6 +88,9 @@ static uint8_t skeymod[] = {
};
/* arm v7 need 64 align */
#define ALIGN_MASK 0xffffffc0
/*!
* Secure memory run command.
*
@ -138,14 +142,19 @@ uint32_t caam_decap_blob(uint32_t plain_text, uint32_t blob_addr, uint32_t size)
/* Add job to input ring */
g_input_ring[0] = (uint32_t)decap_dsc;
flush_dcache_range((uint32_t)blob_addr & 0xffffffe0,
((uint32_t)blob_addr & 0xffffffe0) + 2*size);
flush_dcache_range((uint32_t)plain_text & 0xffffffe0,
((uint32_t)plain_text & 0xffffffe0) + 2*size);
flush_dcache_range((uint32_t)decap_dsc & 0xffffffe0,
((uint32_t)decap_dsc & 0xffffffe0) + 128);
flush_dcache_range((uint32_t)g_input_ring & 0xffffffe0,
((uint32_t)g_input_ring & 0xffffffe0) + 128);
flush_dcache_range((uint32_t)decap_dsc & ALIGN_MASK,
((uint32_t)decap_dsc & ALIGN_MASK) + 128);
flush_dcache_range((uint32_t)g_input_ring & ALIGN_MASK,
((uint32_t)g_input_ring & ALIGN_MASK) + 128);
invalidate_dcache_range((uint32_t)decap_dsc & ALIGN_MASK,
((uint32_t)decap_dsc & ALIGN_MASK) + 128);
invalidate_dcache_range((uint32_t)g_input_ring & ALIGN_MASK,
((uint32_t)g_input_ring & ALIGN_MASK) + 128);
invalidate_dcache_range((uint32_t)blob_addr & ALIGN_MASK,
(((uint32_t)blob_addr + 2 * size + 64) & ALIGN_MASK));
invalidate_dcache_range((uint32_t)plain_text & ALIGN_MASK,
(((uint32_t)plain_text + 2 * size + 64) & ALIGN_MASK));
/* Increment jobs added */
__raw_writel(1, CAAM_IRJAR0);
@ -153,7 +162,7 @@ uint32_t caam_decap_blob(uint32_t plain_text, uint32_t blob_addr, uint32_t size)
while(__raw_readl(CAAM_ORSFR0) != 1);
// TODO: check if Secure memory is cacheable.
invalidate_dcache_range((uint32_t)g_output_ring & 0xffffffe0,
flush_dcache_range((uint32_t)g_output_ring & ALIGN_MASK,
((uint32_t)g_output_ring & 0xffffffe0) + 128);
/* check that descriptor address is the one expected in the output ring */
if(g_output_ring[0] == (uint32_t)decap_dsc)
@ -170,8 +179,6 @@ uint32_t caam_decap_blob(uint32_t plain_text, uint32_t blob_addr, uint32_t size)
printf("Error: blob decap job output ring descriptor address does" \
" not match\n");
}
flush_dcache_range((uint32_t)plain_text & 0xffffffe0,
((uint32_t)plain_text & 0xffffffe0) + 2*size);
/* Remove job from Job Ring Output Queue */
@ -213,12 +220,18 @@ uint32_t caam_gen_blob(uint32_t plain_data_addr, uint32_t blob_addr, uint32_t si
/* Add job to input ring */
g_input_ring[0] = (uint32_t)encap_dsc;
flush_dcache_range((uint32_t)plain_data_addr & 0xffffffe0,
((uint32_t)plain_data_addr & 0xffffffe0) + size);
flush_dcache_range((uint32_t)encap_dsc & 0xffffffe0,
((uint32_t)encap_dsc & 0xffffffe0) + 128);
flush_dcache_range((uint32_t)blob & 0xffffffe0,
((uint32_t)g_input_ring & 0xffffffe0) + 2 * size);
flush_dcache_range((uint32_t)encap_dsc & ALIGN_MASK,
((uint32_t)encap_dsc & ALIGN_MASK) + 128);
flush_dcache_range((uint32_t)g_input_ring & ALIGN_MASK,
((uint32_t)g_input_ring & ALIGN_MASK) + 128);
invalidate_dcache_range((uint32_t)encap_dsc & ALIGN_MASK,
((uint32_t)encap_dsc & ALIGN_MASK) + 128);
invalidate_dcache_range((uint32_t)g_input_ring & ALIGN_MASK,
((uint32_t)g_input_ring & ALIGN_MASK) + 128);
invalidate_dcache_range((uint32_t)plain_data_addr & ALIGN_MASK,
(((uint32_t)plain_data_addr + 2 * size + 64) & ALIGN_MASK));
invalidate_dcache_range((uint32_t)blob & ALIGN_MASK,
(((uint32_t)blob + 2 * size + 64) & ALIGN_MASK));
/* Increment jobs added */
__raw_writel(1, CAAM_IRJAR0);
@ -226,9 +239,7 @@ uint32_t caam_gen_blob(uint32_t plain_data_addr, uint32_t blob_addr, uint32_t si
while(__raw_readl(CAAM_ORSFR0) != 1);
// flush cache
invalidate_dcache_range((uint32_t)g_output_ring & 0xffffffe0,
((uint32_t)g_output_ring & 0xffffffe0) + 128);
invalidate_dcache_range((uint32_t)g_output_ring & 0xffffffe0,
flush_dcache_range((uint32_t)g_output_ring & ALIGN_MASK,
((uint32_t)g_output_ring & 0xffffffe0) + 128);
/* check that descriptor address is the one expected in the output ring */
if(g_output_ring[0] == (uint32_t)encap_dsc)
@ -252,22 +263,86 @@ uint32_t caam_gen_blob(uint32_t plain_data_addr, uint32_t blob_addr, uint32_t si
return ret;
}
uint32_t caam_hwrng(uint8_t *output_ptr, uint32_t output_len) {
uint32_t ret = SUCCESS;
/* Buffer to hold the resulting output*/
uint8_t *output = (uint8_t *)output_ptr;
/* initialize the output array */
memset(output,0,output_len);
int n = 0;
hwrng_dsc[n++] = (uint32_t)0xB0800004;
hwrng_dsc[n++] = (uint32_t)0x82500000;
hwrng_dsc[n++] = (uint32_t)0x60340000| (0x0000ffff & output_len);
hwrng_dsc[n++] = (uint32_t)output;
/* Run descriptor with result written to blob buffer */
/* Add job to input ring */
// flush cache
g_input_ring[0] = (uint32_t)hwrng_dsc;
flush_dcache_range((uint32_t)hwrng_dsc & ALIGN_MASK,
((uint32_t)hwrng_dsc & ALIGN_MASK) + 128);
flush_dcache_range((uint32_t)g_input_ring & ALIGN_MASK,
((uint32_t)g_input_ring & ALIGN_MASK) + 128);
invalidate_dcache_range((uint32_t)hwrng_dsc & ALIGN_MASK,
((uint32_t)hwrng_dsc & ALIGN_MASK) + 128);
invalidate_dcache_range((uint32_t)g_input_ring & ALIGN_MASK,
((uint32_t)g_input_ring & ALIGN_MASK) + 128);
invalidate_dcache_range((uint32_t)output & ALIGN_MASK,
(((uint32_t)output + 2 * output_len + 64) & ALIGN_MASK));
/* Increment jobs added */
__raw_writel(1, CAAM_IRJAR0);
/* Wait for job ring to complete the job: 1 completed job expected */
size_t timeout = 100000;
while(__raw_readl(CAAM_ORSFR0) != 1 && timeout--);
flush_dcache_range((uint32_t)g_output_ring & ALIGN_MASK,
((uint32_t)g_output_ring & ALIGN_MASK) + 128);
/* check that descriptor address is the one expected in the output ring */
if(g_output_ring[0] == (uint32_t)hwrng_dsc) {
/* check if any error is reported in the output ring */
if ((g_output_ring[1] & JOB_RING_STS) != 0) {
printf("Error: RNG job completed with errors 0x%X\n",
g_output_ring[1]);
ret = -1;
}
} else {
printf("Error: RNG output ring descriptor address does" \
" not match\n");
ret = -1;
}
/* Remove job from Job Ring Output Queue */
__raw_writel(1, CAAM_ORJRR0);
return ret;
}
/*!
* Initialize the CAAM.
*
*/
void caam_open(void)
{
struct mxc_ccm_reg *mxc_ccm = (struct mxc_ccm_reg *)CCM_BASE_ADDR;
uint32_t temp_reg;
//uint32_t addr;
/* switch on the clock */
#if defined(CONFIG_MX6)
struct mxc_ccm_reg *mxc_ccm = (struct mxc_ccm_reg *)CCM_BASE_ADDR;
temp_reg = __raw_readl(&mxc_ccm->CCGR0);
temp_reg |= MXC_CCM_CCGR0_CAAM_SECURE_MEM_MASK |
MXC_CCM_CCGR0_CAAM_WRAPPER_ACLK_MASK |
MXC_CCM_CCGR0_CAAM_WRAPPER_IPG_MASK;
__raw_writel(temp_reg, &mxc_ccm->CCGR0);
#elif defined(CONFIG_MX7)
HW_CCM_CCGR_SET(36, MXC_CCM_CCGR36_CAAM_DOMAIN0_MASK);
#endif
/* MID for CAAM - already done by HAB in ROM during preconfigure,
* That is JROWN for JR0/1 = 1 (TZ, Secure World, ARM)


+ 45
- 45
drivers/crypto/fsl_caam_internal.h View File

@ -40,55 +40,55 @@
#define SEC_MEM_PAGE3 (CAAM_SEC_RAM_START_ADDR + 0x3000)
/* Configuration and special key registers */
#define CAAM_MCFGR CAAM_BASE_ADDR + 0x0004
#define CAAM_SCFGR CAAM_BASE_ADDR + 0x000c
#define CAAM_JR0MIDR CAAM_BASE_ADDR + 0x0010
#define CAAM_JR1MIDR CAAM_BASE_ADDR + 0x0018
#define CAAM_DECORR CAAM_BASE_ADDR + 0x009c
#define CAAM_DECO0MID CAAM_BASE_ADDR + 0x00a0
#define CAAM_DAR CAAM_BASE_ADDR + 0x0120
#define CAAM_DRR CAAM_BASE_ADDR + 0x0124
#define CAAM_JDKEKR CAAM_BASE_ADDR + 0x0400
#define CAAM_TDKEKR CAAM_BASE_ADDR + 0x0420
#define CAAM_TDSKR CAAM_BASE_ADDR + 0x0440
#define CAAM_SKNR CAAM_BASE_ADDR + 0x04e0
#define CAAM_SMSTA CAAM_BASE_ADDR + 0x0FB4
#define CAAM_STA CAAM_BASE_ADDR + 0x0FD4
#define CAAM_SMPO_0 CAAM_BASE_ADDR + 0x1FBC
#define CAAM_MCFGR CONFIG_SYS_FSL_SEC_ADDR + 0x0004
#define CAAM_SCFGR CONFIG_SYS_FSL_SEC_ADDR + 0x000c
#define CAAM_JR0MIDR CONFIG_SYS_FSL_SEC_ADDR + 0x0010
#define CAAM_JR1MIDR CONFIG_SYS_FSL_SEC_ADDR + 0x0018
#define CAAM_DECORR CONFIG_SYS_FSL_SEC_ADDR + 0x009c
#define CAAM_DECO0MID CONFIG_SYS_FSL_SEC_ADDR + 0x00a0
#define CAAM_DAR CONFIG_SYS_FSL_SEC_ADDR + 0x0120
#define CAAM_DRR CONFIG_SYS_FSL_SEC_ADDR + 0x0124
#define CAAM_JDKEKR CONFIG_SYS_FSL_SEC_ADDR + 0x0400
#define CAAM_TDKEKR CONFIG_SYS_FSL_SEC_ADDR + 0x0420
#define CAAM_TDSKR CONFIG_SYS_FSL_SEC_ADDR + 0x0440
#define CAAM_SKNR CONFIG_SYS_FSL_SEC_ADDR + 0x04e0
#define CAAM_SMSTA CONFIG_SYS_FSL_SEC_ADDR + 0x0FB4
#define CAAM_STA CONFIG_SYS_FSL_SEC_ADDR + 0x0FD4
#define CAAM_SMPO_0 CONFIG_SYS_FSL_SEC_ADDR + 0x1FBC
/* RNG registers */
#define CAAM_RTMCTL CAAM_BASE_ADDR + 0x0600
#define CAAM_RTSDCTL CAAM_BASE_ADDR + 0x0610
#define CAAM_RTFRQMIN CAAM_BASE_ADDR + 0x0618
#define CAAM_RTFRQMAX CAAM_BASE_ADDR + 0x061C
#define CAAM_RTSTATUS CAAM_BASE_ADDR + 0x063C
#define CAAM_RDSTA CAAM_BASE_ADDR + 0x06C0
#define CAAM_RTMCTL CONFIG_SYS_FSL_SEC_ADDR + 0x0600
#define CAAM_RTSDCTL CONFIG_SYS_FSL_SEC_ADDR + 0x0610
#define CAAM_RTFRQMIN CONFIG_SYS_FSL_SEC_ADDR + 0x0618
#define CAAM_RTFRQMAX CONFIG_SYS_FSL_SEC_ADDR + 0x061C
#define CAAM_RTSTATUS CONFIG_SYS_FSL_SEC_ADDR + 0x063C
#define CAAM_RDSTA CONFIG_SYS_FSL_SEC_ADDR + 0x06C0
/* Job Ring 0 registers */
#define CAAM_IRBAR0 CAAM_BASE_ADDR + 0x1004
#define CAAM_IRSR0 CAAM_BASE_ADDR + 0x100c
#define CAAM_IRSAR0 CAAM_BASE_ADDR + 0x1014
#define CAAM_IRJAR0 CAAM_BASE_ADDR + 0x101c
#define CAAM_ORBAR0 CAAM_BASE_ADDR + 0x1024
#define CAAM_ORSR0 CAAM_BASE_ADDR + 0x102c
#define CAAM_ORJRR0 CAAM_BASE_ADDR + 0x1034
#define CAAM_ORSFR0 CAAM_BASE_ADDR + 0x103c
#define CAAM_JRSTAR0 CAAM_BASE_ADDR + 0x1044
#define CAAM_JRINTR0 CAAM_BASE_ADDR + 0x104c
#define CAAM_JRCFGR0_MS CAAM_BASE_ADDR + 0x1050
#define CAAM_JRCFGR0_LS CAAM_BASE_ADDR + 0x1054
#define CAAM_IRRIR0 CAAM_BASE_ADDR + 0x105c
#define CAAM_ORWIR0 CAAM_BASE_ADDR + 0x1064
#define CAAM_JRCR0 CAAM_BASE_ADDR + 0x106c
#define CAAM_SMCJR0 CAAM_BASE_ADDR + 0x10f4
#define CAAM_SMCSJR0 CAAM_BASE_ADDR + 0x10fc
#define CAAM_SMAPJR0(y) (CAAM_BASE_ADDR + 0x1104 + y*16)
#define CAAM_SMAG2JR0(y) (CAAM_BASE_ADDR + 0x1108 + y*16)
#define CAAM_SMAG1JR0(y) (CAAM_BASE_ADDR + 0x110C + y*16)
#define CAAM_SMAPJR0_PRTN1 CAAM_BASE_ADDR + 0x1114
#define CAAM_SMAG2JR0_PRTN1 CAAM_BASE_ADDR + 0x1118
#define CAAM_SMAG1JR0_PRTN1 CAAM_BASE_ADDR + 0x111c
#define CAAM_SMPO CAAM_BASE_ADDR + 0x1fbc
#define CAAM_IRBAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1004
#define CAAM_IRSR0 CONFIG_SYS_FSL_SEC_ADDR + 0x100c
#define CAAM_IRSAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1014
#define CAAM_IRJAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x101c
#define CAAM_ORBAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1024
#define CAAM_ORSR0 CONFIG_SYS_FSL_SEC_ADDR + 0x102c
#define CAAM_ORJRR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1034
#define CAAM_ORSFR0 CONFIG_SYS_FSL_SEC_ADDR + 0x103c
#define CAAM_JRSTAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1044
#define CAAM_JRINTR0 CONFIG_SYS_FSL_SEC_ADDR + 0x104c
#define CAAM_JRCFGR0_MS CONFIG_SYS_FSL_SEC_ADDR + 0x1050
#define CAAM_JRCFGR0_LS CONFIG_SYS_FSL_SEC_ADDR + 0x1054
#define CAAM_IRRIR0 CONFIG_SYS_FSL_SEC_ADDR + 0x105c
#define CAAM_ORWIR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1064
#define CAAM_JRCR0 CONFIG_SYS_FSL_SEC_ADDR + 0x106c
#define CAAM_SMCJR0 CONFIG_SYS_FSL_SEC_ADDR + 0x10f4
#define CAAM_SMCSJR0 CONFIG_SYS_FSL_SEC_ADDR + 0x10fc
#define CAAM_SMAPJR0(y) (CONFIG_SYS_FSL_SEC_ADDR + 0x1104 + y*16)
#define CAAM_SMAG2JR0(y) (CONFIG_SYS_FSL_SEC_ADDR + 0x1108 + y*16)
#define CAAM_SMAG1JR0(y) (CONFIG_SYS_FSL_SEC_ADDR + 0x110C + y*16)
#define CAAM_SMAPJR0_PRTN1 CONFIG_SYS_FSL_SEC_ADDR + 0x1114
#define CAAM_SMAG2JR0_PRTN1 CONFIG_SYS_FSL_SEC_ADDR + 0x1118
#define CAAM_SMAG1JR0_PRTN1 CONFIG_SYS_FSL_SEC_ADDR + 0x111c
#define CAAM_SMPO CONFIG_SYS_FSL_SEC_ADDR + 0x1fbc
#define JRCFG_LS_IMSK 0x00000001 /* Interrupt Mask */
#define JR_MID 2 /* Matches ROM configuration */


+ 5
- 0
drivers/mmc/mmc.c View File

@ -1287,6 +1287,11 @@ static int mmc_startup(struct mmc *mmc)
case 7:
mmc->version = MMC_VERSION_5_0;
break;
case 8:
/* FIXME should be 5.1 but no official support in
* uboot now, rollback to 5.0 */
mmc->version = MMC_VERSION_5_0;
break;
}
/* The partition data may be non-zero but it is only


+ 19
- 9
drivers/usb/gadget/bootctrl.c View File

@ -268,9 +268,11 @@ static unsigned int slotidx_from_suffix(char *suffix)
{
unsigned int slot = -1;
if (!strcmp(suffix, "_a"))
if (!strcmp(suffix, "_a") ||
!strcmp(suffix, "a"))
slot = 0;
else if (!strcmp(suffix, "_b"))
else if (!strcmp(suffix, "_b") ||
!strcmp(suffix, "b"))
slot = 1;
return slot;
@ -290,7 +292,7 @@ bool is_sotvar(char *cmd)
return false;
}
void get_slotvar(char *cmd, char *response, size_t chars_left)
int get_slotvar(char *cmd, char *response, size_t chars_left)
{
int ret;
struct boot_ctl t_bootctl;
@ -300,7 +302,7 @@ void get_slotvar(char *cmd, char *response, size_t chars_left)
if (ret) {
error("get_slotvar, read_bootctl failed\n");
strcpy(response, "get_slotvar read_bootctl failed");
return;
return -1;
}
if (!strcmp_l1("has-slot:", cmd)) {
@ -310,19 +312,24 @@ void get_slotvar(char *cmd, char *response, size_t chars_left)
strncat(response, "yes", chars_left);
else
strncat(response, "no", chars_left);
return 0;
} else if (!strcmp_l1("current-slot", cmd)) {
unsigned int slot = slot_find(&t_bootctl);
if (slot < SLOT_NUM)
strncat(response, g_slot_suffix[slot], chars_left);
else
else {
strncat(response, "no valid slot", chars_left);
return -1;
}
} else if (!strcmp_l1("slot-suffixes", cmd)) {
strncat(response, "_a,_b", chars_left);
return 0;
} else if (!strcmp_l1("slot-successful:", cmd)) {
char *suffix = strchr(cmd, ':') + 1;
unsigned int slot = slotidx_from_suffix(suffix);
if (slot >= SLOT_NUM) {
strncat(response, "no such slot", chars_left);
return -1;
} else {
bool suc = t_bootctl.a_slot_meta[slot].bootsuc;
strncat(response, suc ? "yes" : "no", chars_left);
@ -332,6 +339,7 @@ void get_slotvar(char *cmd, char *response, size_t chars_left)
unsigned int slot = slotidx_from_suffix(suffix);
if (slot >= SLOT_NUM) {
strncat(response, "no such slot", chars_left);
return -1;
} else {
unsigned int pri = t_bootctl.a_slot_meta[slot].priority;
strncat(response, pri ? "no" : "yes", chars_left);
@ -339,16 +347,18 @@ void get_slotvar(char *cmd, char *response, size_t chars_left)
} else if (!strcmp_l1("slot-retry-count:", cmd)) {
char *suffix = strchr(cmd, ':') + 1;
unsigned int slot = slotidx_from_suffix(suffix);
if (slot >= SLOT_NUM)
if (slot >= SLOT_NUM) {
strncat(response, "no such slot", chars_left);
else
sprintf(response, "OKAY%d",
return -1;
} else
sprintf(response, "OKAY %d",
t_bootctl.a_slot_meta[slot].tryremain);
} else {
strncat(response, "no such slot command", chars_left);
return -1;
}
return;
return 0;
}


+ 1
- 1
drivers/usb/gadget/bootctrl.h View File

@ -32,7 +32,7 @@ struct boot_ctl {
char *select_slot(void);
int invalid_curslot(void);
bool is_sotvar(char *cmd);
void get_slotvar(char *cmd, char *response, size_t chars_left);
int get_slotvar(char *cmd, char *response, size_t chars_left);
void cb_set_active(struct usb_ep *ep, struct usb_request *req);
const char *get_slot_suffix(void);
#endif

+ 259
- 13
drivers/usb/gadget/f_fastboot.c View File

@ -54,6 +54,10 @@
#include "bcb.h"
#endif
#ifdef CONFIG_AVB_SUPPORT
#include <fsl_avb.h>
#endif
#define FASTBOOT_VERSION "0.4"
#ifdef CONFIG_FASTBOOT_LOCK
@ -93,6 +97,7 @@ static unsigned int fastboot_flash_session_id;
static unsigned int download_size;
static unsigned int download_bytes;
static bool is_high_speed;
static int strcmp_l1(const char *s1, const char *s2);
static struct usb_endpoint_descriptor fs_ep_in = {
.bLength = USB_DT_ENDPOINT_SIZE,
@ -761,8 +766,7 @@ static void process_flash_sata(const char *cmdbuf, char *response)
/* Next is the partition name */
ptn = fastboot_flash_find_ptn(cmdbuf);
if (ptn == 0) {
printf("Partition:'%s' does not exist\n", ptn->name);
if (ptn == NULL) {
sprintf(response, "FAILpartition does not exist");
} else if ((download_bytes >
ptn->length * MMC_SATA_BLOCK_SIZE) &&
@ -1042,15 +1046,27 @@ void write_sparse_image(block_dev_desc_t *dev_desc,
return;
}
static void process_flash_mmc(const char *cmdbuf, char *response)
{
if (download_bytes) {
struct fastboot_ptentry *ptn;
#ifdef CONFIG_AVB_SUPPORT
if (!strcmp_l1(FASTBOOT_PARTITION_AVBKEY, cmdbuf)) {
printf("pubkey len %d\n", download_bytes);
if (avbkey_init(interface.transfer_buffer, download_bytes) != 0) {
sprintf(response, "FAIL: Write partition");
} else {
printf("init 'avbkey' DONE!\n");
sprintf(response, "OKAY");
}
return;
}
#endif
/* Next is the partition name */
ptn = fastboot_flash_find_ptn(cmdbuf);
if (ptn == 0) {
printf("Partition:'%s' does not exist\n", ptn->name);
if (ptn == NULL) {
sprintf(response, "FAILpartition does not exist");
} else if ((download_bytes >
ptn->length * MMC_SATA_BLOCK_SIZE) &&
@ -1318,6 +1334,9 @@ static int _fastboot_parts_add_ptable_entry(int ptable_index,
#else
strcpy(ptable[ptable_index].name, name);
#endif
#ifdef CONFIG_PARTITION_UUIDS
strcpy(ptable[ptable_index].uuid, (const char *)info.uuid);
#endif
return 0;
}
@ -1862,6 +1881,176 @@ bootimg_print_image_hdr(struct andr_img_hdr *hdr)
static struct andr_img_hdr boothdr __aligned(ARCH_DMA_MINALIGN);
#if defined(CONFIG_AVB_SUPPORT) && defined(CONFIG_MMC)
static AvbABOps fsl_avb_ab_ops = {
.ops = {
.read_from_partition = fsl_read_from_partition_multi,
.write_to_partition = fsl_write_to_partition,
.validate_vbmeta_public_key = fsl_validate_vbmeta_public_key_rpmb,
.read_rollback_index = fsl_read_rollback_index_rpmb,
.write_rollback_index = fsl_write_rollback_index_rpmb,
.read_is_device_unlocked = fsl_read_is_device_unlocked,
.get_unique_guid_for_partition = fsl_get_unique_guid_for_partition
},
.read_ab_metadata = fsl_read_ab_metadata,
.write_ab_metadata = fsl_write_ab_metadata
};
/* we can use avb to verify Trusty if we want */
const char *requested_partitions[] = {"boot", 0};
int do_boota(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) {
ulong addr = 0;
struct andr_img_hdr *hdr = NULL;
struct andr_img_hdr *hdrload;
ulong image_size;
AvbABFlowResult avb_result;
AvbSlotVerifyData *avb_out_data;
AvbPartitionData *avb_loadpart;
AvbOps fsl_avb_ops = fsl_avb_ab_ops.ops;
#ifdef CONFIG_FASTBOOT_LOCK
/* check lock state */
FbLockState lock_status = fastboot_get_lock_stat();
if (lock_status == FASTBOOT_LOCK_ERROR) {
printf("In boota get fastboot lock status error. Set lock status\n");
fastboot_set_lock_stat(FASTBOOT_LOCK);
lock_status = FASTBOOT_LOCK;
}
/* if in lock state, do avb verify */
avb_result = avb_ab_flow(&fsl_avb_ab_ops, requested_partitions, &avb_out_data);
if (avb_result == AVB_AB_FLOW_RESULT_OK) {
assert(avb_out_data != NULL);
/* load the first partition */
avb_loadpart = avb_out_data->loaded_partitions;
assert(avb_loadpart != NULL);
/* we should use avb_part_data->data as boot image */
/* boot image is already read by avb */
hdr = (struct andr_img_hdr *)avb_loadpart->data;
if (android_image_check_header(hdr)) {
printf("boota: bad boot image magic\n");
goto fail;
}
printf(" verify OK, boot '%s%s'\n", avb_loadpart->partition_name, avb_out_data->ab_suffix);
setenv("bootargs_sec", avb_out_data->cmdline);
image_size = avb_loadpart->data_size;
memcpy((void *)load_addr, (void *)hdr, image_size);
} else if (lock_status == FASTBOOT_LOCK) { /* && verify fail */
/* if in lock state, verify enforce fail */
printf(" verify FAIL, state: LOCK\n");
goto fail;
} else { /* lock_status == FASTBOOT_UNLOCK && verify fail */
/* if in unlock state, log the verify state */
printf(" verify FAIL, state: UNLOCK\n");
#endif
/* if lock/unlock not enabled or verify fail
* in unlock state, will try boot */
size_t num_read;
hdr = &boothdr;
char bootimg[8];
char *slot = select_slot(&fsl_avb_ab_ops);
if (slot == NULL) {
printf("boota: no bootable slot\n");
goto fail;
}
sprintf(bootimg, "boot%s", slot);
printf(" boot '%s' still\n", bootimg);
/* maybe we should use bootctl to select a/b
* but libavb doesn't export a/b select */
if (fsl_avb_ops.read_from_partition(&fsl_avb_ops, bootimg,
0, sizeof(boothdr), hdr, &num_read) != AVB_IO_RESULT_OK &&
num_read != sizeof(boothdr)) {
printf("boota: read bootimage head error\n");
goto fail;
}
if (android_image_check_header(hdr)) {
printf("boota: bad boot image magic\n");
goto fail;
}
image_size = android_image_get_end(hdr) - (ulong)hdr;
if (fsl_avb_ops.read_from_partition(&fsl_avb_ops, bootimg,
0, image_size, (void *)load_addr, &num_read) != AVB_IO_RESULT_OK &&
num_read != image_size) {
printf("boota: read boot image error\n");
goto fail;
}
char bootargs_sec[ANDR_BOOT_ARGS_SIZE];
sprintf(bootargs_sec, "androidboot.slot_suffix=%s", slot);
setenv("bootargs_sec", bootargs_sec);
#ifdef CONFIG_FASTBOOT_LOCK
}
#endif
flush_cache((ulong)load_addr, image_size);
addr = load_addr;
hdrload = (struct andr_img_hdr *)load_addr;
ulong img_ramdisk, img_ramdisk_len;
if(android_image_get_ramdisk(hdrload, &img_ramdisk, &img_ramdisk_len) != 0) {
printf("boota: mmc failed to read ramdisk\n");
goto fail;
}
memcpy((void *)hdrload->ramdisk_addr, (void *)img_ramdisk, img_ramdisk_len);
/* flush cache after read */
flush_cache((ulong)hdrload->ramdisk_addr, img_ramdisk_len); /* FIXME */
#ifdef CONFIG_OF_LIBFDT
/* load the dtb file */
if (hdrload->second_size && hdrload->second_addr) {
ulong img_fdt, img_fdt_len;
if (android_image_get_fdt(hdrload, &img_fdt, &img_fdt_len) != 0) {
printf("boota: mmc failed to dtb\n");
goto fail;
}
memcpy((void *)hdrload->second_addr, (void *)img_fdt, img_fdt_len);
/* flush cache after read */
flush_cache((ulong)hdrload->second_addr, img_fdt_len); /* FIXME */
}
#endif /*CONFIG_OF_LIBFDT*/
printf("kernel @ %08x (%d)\n", hdrload->kernel_addr, hdrload->kernel_size);
printf("ramdisk @ %08x (%d)\n", hdrload->ramdisk_addr, hdrload->ramdisk_size);
#ifdef CONFIG_OF_LIBFDT
if (hdrload->second_size)
printf("fdt @ %08x (%d)\n", hdrload->second_addr, hdrload->second_size);
#endif /*CONFIG_OF_LIBFDT*/
char boot_addr_start[12];
char ramdisk_addr[25];
char fdt_addr[12];
char *bootm_args[] = { "bootm", boot_addr_start, ramdisk_addr, fdt_addr};
sprintf(boot_addr_start, "0x%lx", addr);
sprintf(ramdisk_addr, "0x%x:0x%x", hdrload->ramdisk_addr, hdrload->ramdisk_size);
sprintf(fdt_addr, "0x%x", hdrload->second_addr);
if (avb_out_data != NULL)
avb_slot_verify_data_free(avb_out_data);
do_bootm(NULL, 0, 4, bootm_args);
/* This only happens if image is somehow faulty so we start over */
do_reset(NULL, 0, 0, NULL);
return 1;
fail:
/* avb has no recovery */
if (avb_out_data != NULL)
avb_slot_verify_data_free(avb_out_data);
return run_command("fastboot", 0);
}
U_BOOT_CMD(
boota, 2, 1, do_boota,
"boota - boot android bootimg \n",
"boot from current mmc with avb verify\n"
);
#else /* CONFIG_AVB_SUPPORT */
/* boota <addr> [ mmc0 | mmc1 [ <partition> ] ] */
int do_boota(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
@ -2188,12 +2377,11 @@ U_BOOT_CMD(
"\t 'partition' (optional) is the partition id of your device, "
"if no partition give, will going to 'boot' partition\n"
);
#endif /* CONFIG_AVB_SUPPORT */
#endif /* CONFIG_CMD_BOOTA */
#endif
static void rx_handler_command(struct usb_ep *ep, struct usb_request *req);
static int strcmp_l1(const char *s1, const char *s2);
void fastboot_fail(char *response, const char *reason)
{
@ -2500,11 +2688,30 @@ static void cb_getvar(struct usb_ep *ep, struct usb_request *req)
strncat(response, FASTBOOT_VAR_NO, chars_left);
}
}
#endif
#ifdef CONFIG_AVB_SUPPORT
else if (is_slotvar_avb(cmd)) {
if (get_slotvar_avb(&fsl_avb_ab_ops, cmd,
response + strlen(response), chars_left + 1) < 0)
goto fail;
}
#elif CONFIG_FSL_BOOTCTL
else if (is_sotvar(cmd)) {
if (get_slotvar(cmd, response + strlen(response), chars_left + 1) < 0)
goto fail;
}
#endif
else {
strncat(response, "No such var", chars_left);
printf("WARNING: unknown variable: %s\n", cmd);
goto fail;
}
fastboot_tx_write_str(response);
return;
fail:
strncpy(response, "FAIL", 4);
fastboot_tx_write_str(response);
return;
}
static unsigned int rx_bytes_expected(unsigned int maxpacket)
@ -2682,7 +2889,7 @@ static void cb_continue(struct usb_ep *ep, struct usb_request *req)
#ifdef CONFIG_FASTBOOT_LOCK
int do_lock_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) {
int status = fastboot_get_lock_stat();
FbLockState status = fastboot_get_lock_stat();
if (status != FASTBOOT_LOCK_ERROR) {
if (status == FASTBOOT_LOCK)
printf("fastboot lock status: locked.\n");
@ -2707,8 +2914,7 @@ static int do_fastboot_unlock(void)
int status;
if (fastboot_lock_enable() == FASTBOOT_UL_ENABLE) {
printf("It is able to unlock device. %d\n",fastboot_lock_enable());
status = fastboot_get_lock_stat();
if (status == FASTBOOT_UNLOCK) {
if (fastboot_get_lock_stat() == FASTBOOT_UNLOCK) {
printf("The device is already unlocked\n");
return 1;
}
@ -2720,6 +2926,11 @@ static int do_fastboot_unlock(void)
fastboot_wipe_data_partition();
printf("Wipe /data completed.\n");
#ifdef CONFIG_AVB_SUPPORT
printf("Start stored_rollback_index wipe process....\n");
rbkidx_erase();
printf("Wipe stored_rollback_index completed.\n");
#endif
} else {
printf("It is not able to unlock device.");
return -1;
@ -2731,8 +2942,7 @@ static int do_fastboot_unlock(void)
static int do_fastboot_lock(void)
{
int status;
status = fastboot_get_lock_stat();
if (status == FASTBOOT_LOCK) {
if (fastboot_get_lock_stat() == FASTBOOT_LOCK) {
printf("The device is already locked\n");
return 1;
}
@ -2752,7 +2962,7 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req)
char *cmd = req->buf;
char response[FASTBOOT_RESPONSE_LEN];
unsigned char len = strlen(cmd);
int status;
FbLockState status;
if (!strncmp(cmd + len - 15, "unlock_critical", 15)) {
strcpy(response, "OKAY");
} else if (!strncmp(cmd + len - 13, "lock_critical", 13)) {
@ -2884,6 +3094,37 @@ static void cb_erase(struct usb_ep *ep, struct usb_request *req)
}
#endif
#ifdef CONFIG_AVB_SUPPORT
static void cb_set_active_avb(struct usb_ep *ep, struct usb_request *req)
{
AvbIOResult ret;
int slot = 0;
char *cmd = req->buf;
strsep(&cmd, ":");
if (!cmd) {
error("missing slot suffix\n");
fastboot_tx_write_str("FAILmissing slot suffix");
return;
}
slot = slotidx_from_suffix(cmd);
if (slot < 0) {
fastboot_tx_write_str("FAILerr slot suffix");
return;
}
ret = avb_ab_mark_slot_active(&fsl_avb_ab_ops, slot);
if (ret != AVB_IO_RESULT_OK)
fastboot_tx_write_str("avb IO error");
else
fastboot_tx_write_str("OKAY");
return;
}
#endif /*CONFIG_AVB_SUPPORT*/
#ifdef CONFIG_FSL_FASTBOOT
static void cb_reboot_bootloader(struct usb_ep *ep, struct usb_request *req)
{
@ -2944,7 +3185,12 @@ static const struct cmd_dispatch_info cmd_dispatch_info[] = {
.cb = cb_flashing,
},
#endif
#ifdef CONFIG_FSL_BOOTCTL
#ifdef CONFIG_AVB_SUPPORT
{
.cmd = "set_active",
.cb = cb_set_active_avb,
},
#elif CONFIG_FSL_BOOTCTL
{
.cmd = "set_active",
.cb = cb_set_active,


+ 57
- 32
drivers/usb/gadget/fastboot_lock_unlock.c View File

@ -56,16 +56,16 @@
/*
* This will return FASTBOOT_LOCK, FASTBOOT_UNLOCK or FASTBOOT_ERROR
*/
inline unsigned char decrypt_lock_store(unsigned char* bdata) {
static inline unsigned char decrypt_lock_store(unsigned char* bdata) {
return *bdata;
}
inline void encrypt_lock_store(unsigned char lock, unsigned char* bdata) {
static inline void encrypt_lock_store(FbLockState lock, unsigned char* bdata) {
*bdata = lock;
}
#else
int sha1sum(unsigned char* data, int len, unsigned char* output) {
static int sha1sum(unsigned char* data, int len, unsigned char* output) {
struct hash_algo *algo;
void *buf;
if (hash_lookup_algo("sha1", &algo)) {
@ -80,13 +80,13 @@ int sha1sum(unsigned char* data, int len, unsigned char* output) {
}
int generate_salt(unsigned char* salt) {
static int generate_salt(unsigned char* salt) {
unsigned long time = get_timer(0);
return sha1sum((unsigned char *)&time, sizeof(unsigned long), salt);
}
unsigned char decrypt_lock_store(unsigned char *bdata) {
static unsigned char decrypt_lock_store(unsigned char *bdata) {
unsigned char plain_data[ENDATA_LEN];
int p = 0, ret;
@ -127,10 +127,13 @@ unsigned char decrypt_lock_store(unsigned char *bdata) {
}
}
return plain_data[ENDATA_LEN-1];
if (plain_data[ENDATA_LEN - 1] >= FASTBOOT_LOCK_NUM)
return FASTBOOT_LOCK_ERROR;
else
return plain_data[ENDATA_LEN-1];
}
int encrypt_lock_store(unsigned char lock, unsigned char* bdata) {
static int encrypt_lock_store(FbLockState lock, unsigned char* bdata) {
unsigned int p = 0;
int ret;
int salt_len = generate_salt(bdata);
@ -179,7 +182,7 @@ int encrypt_lock_store(unsigned char lock, unsigned char* bdata) {
#endif
static char mmc_dev_part[16];
char* get_mmc_part(int part) {
static char* get_mmc_part(int part) {
u32 dev_no = mmc_get_env_dev();
sprintf(mmc_dev_part,"%x:%x",dev_no, part);
return mmc_dev_part;
@ -188,60 +191,73 @@ char* get_mmc_part(int part) {
/*
* The enabling value is stored in the last byte of target partition.
*/
inline unsigned char lock_enable_parse(unsigned char* bdata) {
static inline unsigned char lock_enable_parse(unsigned char* bdata) {
DEBUG("lock_enable_parse: 0x%x\n", *(bdata + SECTOR_SIZE -1));
return *(bdata + SECTOR_SIZE -1);
if (*(bdata + SECTOR_SIZE -1) >= FASTBOOT_UL_NUM)
return FASTBOOT_UL_ERROR;
else
return *(bdata + SECTOR_SIZE -1);
}
static FbLockState g_lockstat = FASTBOOT_UNLOCK;
/*
* Set status of the lock&unlock to FSL_FASTBOOT_FB_PART
* Currently use the very first Byte of FSL_FASTBOOT_FB_PART
* to store the fastboot lock&unlock status
*/
int fastboot_set_lock_stat(unsigned char lock) {
int fastboot_set_lock_stat(FbLockState lock) {
block_dev_desc_t *fs_dev_desc;
disk_partition_t fs_partition;
unsigned char *bdata;
unsigned int mmc_id;
int status, ret;
bdata = (unsigned char *)memalign(ALIGN_BYTES, SECTOR_SIZE);
if (bdata == NULL)
goto fail2;
memset(bdata, 0, SECTOR_SIZE);
int status;
mmc_id = fastboot_flash_find_index(FASTBOOT_PARTITION_FBMISC);
status = get_device_and_partition(FSL_FASTBOOT_FB_DEV,
get_mmc_part(mmc_id),
&fs_dev_desc, &fs_partition, 1);
if (status < 0) {
printf("%s:error in getdevice partition.\n", __FUNCTION__);
return -1;
goto fail2;
}
DEBUG("%s %s partition.start=%d, size=%d\n",FSL_FASTBOOT_FB_DEV,
get_mmc_part(mmc_id), fs_partition.start, fs_partition.size);
status = encrypt_lock_store(lock, bdata);
if (status < 0)
return -1;
if (status < 0) {
ret = -1;
goto fail;
}
status = fs_dev_desc->block_write(fs_dev_desc, fs_partition.start, 1, bdata);
if (!status) {
printf("%s:error in block write.\n", __FUNCTION__);
return -1;
ret = -1;
goto fail;
}
ret = 0;
fail:
free(bdata);
return ret;
fail2:
g_lockstat = lock;
return 0;
}
unsigned char fastboot_get_lock_stat(void)
{
FbLockState fastboot_get_lock_stat(void) {
block_dev_desc_t *fs_dev_desc;
disk_partition_t fs_partition;
unsigned char *bdata;
unsigned int mmc_id;
FbLockState ret;
bdata = (unsigned char *)memalign(ALIGN_BYTES, SECTOR_SIZE);
if (bdata == NULL)
return g_lockstat;
int status;
mmc_id = fastboot_flash_find_index(FASTBOOT_PARTITION_FBMISC);
@ -251,7 +267,7 @@ unsigned char fastboot_get_lock_stat(void)
if (status < 0) {
printf("%s:error in getdevice partition.\n", __FUNCTION__);
return FASTBOOT_LOCK_ERROR;
return g_lockstat;
}
DEBUG("%s %s partition.start=%d, size=%d\n",FSL_FASTBOOT_FB_DEV,
get_mmc_part(mmc_id), fs_partition.start, fs_partition.size);
@ -259,10 +275,14 @@ unsigned char fastboot_get_lock_stat(void)
status = fs_dev_desc->block_read(fs_dev_desc, fs_partition.start, 1, bdata);
if (!status) {
printf("%s:error in block read.\n", __FUNCTION__);
return FASTBOOT_LOCK_ERROR;
ret = FASTBOOT_LOCK_ERROR;
goto fail;
}
return decrypt_lock_store(bdata);
ret = decrypt_lock_store(bdata);
fail:
free(bdata);
return ret;
}
@ -272,19 +292,20 @@ unsigned char fastboot_get_lock_stat(void)
#ifdef CONFIG_ANDROID_THINGS_SUPPORT
//Brillo has no presist data partition
unsigned char fastboot_lock_enable(void)
{
FbLockEnableResult fastboot_lock_enable(void) {
return FASTBOOT_UL_ENABLE;
}
#else
unsigned char fastboot_lock_enable() {
FbLockEnableResult fastboot_lock_enable() {
block_dev_desc_t *fs_dev_desc;
disk_partition_t fs_partition;
unsigned char *bdata;
unsigned int mmc_id;
FbLockEnableResult ret;
bdata = (unsigned char *)memalign(ALIGN_BYTES, SECTOR_SIZE);
if (bdata == NULL)
return FASTBOOT_UL_ERROR;
int status;
mmc_id = fastboot_flash_find_index(FASTBOOT_PARTITION_PRDATA);
status = get_device_and_partition(FSL_FASTBOOT_FB_DEV,
@ -301,7 +322,8 @@ unsigned char fastboot_lock_enable() {
status = fs_dev_desc->block_read(fs_dev_desc, target_block, 1, bdata);
if (!status) {
printf("%s: error in block read\n", __FUNCTION__);
return FASTBOOT_UL_ERROR;
ret = FASTBOOT_UL_ERROR;
goto fail;
}
int i = 0;
DEBUG("\n PRIST last sector is:\n");
@ -311,12 +333,15 @@ unsigned char fastboot_lock_enable() {
DEBUG("\n");
}
DEBUG("\n");
return lock_enable_parse(bdata);
ret = lock_enable_parse(bdata);
fail:
free(bdata);
return ret;
}
#endif
int display_lock(int lock, int verify) {
int display_lock(FbLockState lock, int verify) {
struct stdio_dev *disp;
disp = stdio_get_by_name("vga");
if (disp != NULL) {


+ 8
- 8
drivers/usb/gadget/fastboot_lock_unlock.h View File

@ -42,27 +42,27 @@
#define DEBUG(format, ...)
#endif
enum {
typedef enum {
FASTBOOT_UNLOCK,
FASTBOOT_LOCK,
FASTBOOT_LOCK_ERROR,
FASTBOOT_LOCK_NUM
};
}FbLockState;
enum {
typedef enum {
FASTBOOT_UL_DISABLE,
FASTBOOT_UL_ENABLE,
FASTBOOT_UL_ERROR,
FASTBOOT_UL_NUM
};
}FbLockEnableResult;
unsigned char fastboot_get_lock_stat(void);
FbLockState fastboot_get_lock_stat(void);
int fastboot_set_lock_stat(unsigned char lock);
int fastboot_set_lock_stat(FbLockState lock);
int fastboot_wipe_data_partition(void);
unsigned char fastboot_lock_enable(void);
FbLockEnableResult fastboot_lock_enable(void);
int display_lock(int lock, int verify);
int display_lock(FbLockState lock, int verify);
#endif

+ 4
- 0
include/configs/mx6ul_14x14_evk.h View File

@ -369,6 +369,10 @@
#define CONFIG_MODULE_FUSE
#define CONFIG_OF_SYSTEM_SETUP
#ifdef CONFIG_AVB_SUPPORT
#define CONFIG_PARTITION_UUIDS
#endif
#if defined(CONFIG_ANDROID_SUPPORT)
#include "mx6ul_14x14_evk_android.h"
#endif


+ 8
- 0
include/configs/mx6ul_14x14_evk_brillo.h View File

@ -20,6 +20,14 @@
#define CONFIG_SHA1
#define CONFIG_SHA256
#ifdef CONFIG_AVB_SUPPORT
#define CONFIG_SUPPORT_EMMC_RPMB
/* fuse bank size in word */
#define CONFIG_AVB_FUSE_BANK_SIZEW 8
#define CONFIG_AVB_FUSE_BANK_START 10
#define CONFIG_AVB_FUSE_BANK_END 15
#endif
#define CONFIG_CMD_FAT
#define CONFIG_DOS_PARTITION


+ 7
- 0
include/configs/picosom-imx6ul.h View File

@ -24,7 +24,11 @@
#endif
/* Size of malloc() pool */
#ifdef CONFIG_AVB_SUPPORT
#define CONFIG_SYS_MALLOC_LEN (32 * SZ_1M)
#else
#define CONFIG_SYS_MALLOC_LEN (16 * SZ_1M)
#endif
#define CONFIG_EFI_PARTITION
#define CONFIG_BOARD_EARLY_INIT_F
@ -266,6 +270,9 @@
#define CONFIG_MMCROOT "/dev/mmcblk1p2" /* USDHC2 */
#define CONFIG_CMD_BMODE
#ifdef CONFIG_AVB_SUPPORT
#define CONFIG_PARTITION_UUIDS
#endif
#ifdef CONFIG_VIDEO
#define CONFIG_CFB_CONSOLE


+ 174
- 0
include/fsl_avb.h View File

@ -0,0 +1,174 @@
/*
* Copyright (C) 2016 Freescale Semiconductor, Inc.
*
* SPDX-License-Identifier: GPL-2.0+
*/
#ifndef __FSL_AVB_H__
#define __FSL_AVB_H__
#include "../lib/avb/libavb_ab/libavb_ab.h"
/* Reads |num_bytes| from offset |offset| from partition with name
* |partition| (NUL-terminated UTF-8 string). If |offset| is
* negative, its absolute value should be interpreted as the number
* of bytes from the end of the partition.
*
* This function returns AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION if
* there is no partition with the given name,
* AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION if the requested
* |offset| is outside the partition, and AVB_IO_RESULT_ERROR_IO if
* there was an I/O error from the underlying I/O subsystem. If the
* operation succeeds as requested AVB_IO_RESULT_OK is returned and
* the data is available in |buffer|.
*
* The only time partial I/O may occur is if reading beyond the end
* of the partition. In this case the value returned in
* |out_num_read| may be smaller than |num_bytes|.
*/
AvbIOResult fsl_read_from_partition(AvbOps* ops, const char* partition,
int64_t offset, size_t num_bytes,
void* buffer, size_t* out_num_read);
/* multi block read version
* */
AvbIOResult fsl_read_from_partition_multi(AvbOps* ops, const char* partition,
int64_t offset, size_t num_bytes,
void* buffer, size_t* out_num_read);
/* Writes |num_bytes| from |bffer| at offset |offset| to partition
* with name |partition| (NUL-terminated UTF-8 string). If |offset|
* is negative, its absolute value should be interpreted as the
* number of bytes from the end of the partition.
*
* This function returns AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION if
* there is no partition with the given name,
* AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION if the requested
* byterange goes outside the partition, and AVB_IO_RESULT_ERROR_IO
* if there was an I/O error from the underlying I/O subsystem. If
* the operation succeeds as requested AVB_IO_RESULT_OK is
* returned.
*
* This function never does any partial I/O, it either transfers all
* of the requested bytes or returns an error.
*/
AvbIOResult fsl_write_to_partition(AvbOps* ops, const char* partition,
int64_t offset, size_t num_bytes,
const void* buffer);
/* Reads A/B metadata from persistent storage. Returned data is
* properly byteswapped. Returns AVB_IO_RESULT_OK on success, error
* code otherwise.
*
* If the data read is invalid (e.g. wrong magic or CRC checksum
* failure), the metadata shoule be reset using avb_ab_data_init()
* and then written to persistent storage.
*
* Implementations will typically want to use avb_ab_data_read()
* here to use the 'misc' partition for persistent storage.
*/
AvbIOResult fsl_read_ab_metadata(AvbABOps* ab_ops, struct AvbABData* data);
/* Writes A/B metadata to persistent storage. This will byteswap and
* update the CRC as needed. Returns AVB_IO_RESULT_OK on success,
* error code otherwise.
*
* Implementations will typically want to use avb_ab_data_write()
* here to use the 'misc' partition for persistent storage.
*/
AvbIOResult fsl_write_ab_metadata(AvbABOps* ab_ops, const struct AvbABData* data);
/* Checks if the given public key used to sign the 'vbmeta'
* partition is trusted. Boot loaders typically compare this with
* embedded key material generated with 'avbtool
* extract_public_key'.
*
* If AVB_IO_RESULT_OK is returned then |out_is_trusted| is set -
* true if trusted or false if untrusted.
*/
AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops,
const uint8_t* public_key_data,
size_t public_key_length,
bool* out_is_trusted);
/* Gets the rollback index corresponding to the slot given by
* |rollback_index_slot|. The value is returned in
* |out_rollback_index|. Returns AVB_IO_RESULT_OK if the rollback
* index was retrieved, otherwise an error code.
*
* A device may have a limited amount of rollback index slots (say,
* one or four) so may error out if |rollback_index_slot| exceeds
* this number.
*/
AvbIOResult fsl_read_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
uint64_t* out_rollback_index);
/* Sets the rollback index corresponding to the slot given by
* |rollback_index_slot| to |rollback_index|. Returns
* AVB_IO_RESULT_OK if the rollback index was set, otherwise an
* error code.
*
* A device may have a limited amount of rollback index slots (say,
* one or four) so may error out if |rollback_index_slot| exceeds
* this number.
*/
AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot,
uint64_t rollback_index);
/* Gets whether the device is unlocked. The value is returned in
* |out_is_unlocked| (true if unlocked, false otherwise). Returns
* AVB_IO_RESULT_OK if the state was retrieved, otherwise an error
* code.
*/
AvbIOResult fsl_read_is_device_unlocked(AvbOps* ops, bool* out_is_unlocked);
/* Gets the unique partition GUID for a partition with name in
* |partition| (NUL-terminated UTF-8 string). The GUID is copied as
* a string into |guid_buf| of size |guid_buf_size| and will be NUL
* terminated. The string must be lower-case and properly
* hyphenated. For example:
*
* 527c1c6d-6361-4593-8842-3c78fcd39219
*
* Returns AVB_IO_RESULT_OK on success, otherwise an error code.
*/
AvbIOResult fsl_get_unique_guid_for_partition(AvbOps* ops,
const char* partition,
char* guid_buf,
size_t guid_buf_size);
/* check if the fastboot getvar cmd is for query [avb] bootctl's slot var
* cmd is the fastboot getvar's cmd in
* return true if it is a bootctl related cmd, false if it's not.
* */
bool is_slotvar_avb(char *cmd);
/* return 0 for the first slot
* return 1 for the second slot
* return -1 for not supported slot
* */
int slotidx_from_suffix(char *suffix);
/* return fastboot's getvar cmd response
* cmd is the fastboot getvar's cmd in
* if return 0, buffer is bootctl's slot var out
* if return -1, buffer is error string
* */
int get_slotvar_avb(AvbABOps *ab_ops, char *cmd, char *buffer, size_t size);
/* reset rollback_index part in avbkey partition
* used in the switch from LOCK to UNLOCK
* return 0 if success, non 0 if fail.
* */
int rbkidx_erase(void);
/* init the avbkey in rpmb partition, include the header/public key/rollback index
* for public key/rollback index part, use caam to do encrypt
* return 0 if success, non 0 if fail.
* */
int avbkey_init(uint8_t *plainkey, uint32_t keylen);
/* read a/b metadata to get curr slot
* return slot suffix '_a'/'_b' or NULL */
char *select_slot(AvbABOps *ab_ops);
#endif /* __FSL_AVB_H__ */

+ 1
- 0
include/fsl_caam.h View File

@ -70,5 +70,6 @@ uint32_t caam_gen_blob(uint32_t plain_data_addr, uint32_t blob_addr, uint32_t si
//! @return ERROR_XXX
////////////////////////////////////////////////////////////////////////////////
uint32_t caam_decap_blob(uint32_t plain_text, uint32_t blob_addr, uint32_t size);
uint32_t caam_hwrng(uint8_t *output_ptr, uint32_t output_len);
#endif /* __CAAM_H__ */

+ 9
- 0
include/fsl_fastboot.h View File

@ -41,6 +41,11 @@
#define FASTBOOT_PARTITION_DATA "userdata"
#define FASTBOOT_PARTITION_BOOT_B "boot_b"
#define FASTBOOT_PARTITION_SYSTEM_B "system_b"
#ifdef CONFIG_AVB_SUPPORT
#define FASTBOOT_PARTITION_VBMETA_A "vbmeta_a"
#define FASTBOOT_PARTITION_VBMETA_B "vbmeta_b"
#define FASTBOOT_PARTITION_AVBKEY "avbkey"
#endif
#define FASTBOOT_PARTITION_MISC "misc"
#define FASTBOOT_PARTITION_GPT "gpt"
#define FASTBOOT_PARTITION_PRDATA "prdata"
@ -151,6 +156,10 @@ struct fastboot_ptentry {
unsigned int partition_id;
/* partition number in block device */
unsigned int partition_index;
/* filesystem UUID as string, if exists */
#ifdef CONFIG_PARTITION_UUIDS
char uuid[37];
#endif
};
struct fastboot_device_info {


+ 1
- 0
lib/Makefile View File

@ -18,6 +18,7 @@ obj-$(CONFIG_OF_LIBFDT) += libfdt/
obj-$(CONFIG_FIT) += libfdt/
obj-$(CONFIG_FIT) += libfdt/
obj-$(CONFIG_CMD_DHRYSTONE) += dhry/
obj-$(CONFIG_AVB_SUPPORT) += avb/
obj-$(CONFIG_AES) += aes.o
obj-$(CONFIG_USB_TTY) += circbuf.o


+ 14
- 0
lib/avb/Makefile View File

@ -0,0 +1,14 @@
subdir-ccflags-y += -D_FILE_OFFSET_BITS=64 \
-D_POSIX_C_SOURCE=199309L \
-Wa,--noexecstack \
-Werror \
-Wall \
-Wextra \
-Wformat=2 \
-Wno-psabi \
-Wno-unused-parameter \
-ffunction-sections \
-std=gnu99
obj-y += libavb/
obj-y += libavb_ab/
obj-y += fsl/

+ 5
- 0
lib/avb/fsl/Makefile View File

@ -0,0 +1,5 @@
ccflags-$(CONFIG_AVB_DEBUG) += -DAVB_DEBUG
obj-y += fsl_avb.o
obj-y += fsl_avbkey.o
obj-y += fsl_bootctl.o
obj-y += utils.o

+ 35
- 0
lib/avb/fsl/debug.h View File

@ -0,0 +1,35 @@
/*
* Copyright (C) 2016 Freescale Semiconductor, Inc.
*
* SPDX-License-Identifier: GPL-2.0+
*/
#ifndef __AVB_DEBUG_H__
#define __AVB_DEBUG_H__
#ifdef AVB_VVDEBUG
#define AVB_VDEBUG
#define VVDEBUG(format, ...) printf(" %s: "format, __func__, ##__VA_ARGS__)
#else
#define VVDEBUG(format, ...)
#endif
#ifdef AVB_VDEBUG
#define AVB_DEBUG
#define VDEBUG(format, ...) printf(" %s: "format, __func__, ##__VA_ARGS__)
#else
#define VDEBUG(format, ...)
#endif
#ifdef AVB_DEBUG
#define DEBUGAVB(format, ...) printf(" %s: "format, __func__, ##__VA_ARGS__)
#else
#define DEBUGAVB(format, ...)
#endif
#define ERR(format, ...) printf("%s: "format, __func__, ##__VA_ARGS__)