git.somdevices.com Git - u-boot.git/commit

author	Ji Luo <ji.luo@nxp.com>
	Fri, 5 Feb 2021 00:43:13 +0000 (08:43 +0800)
committer	Ji Luo <ji.luo@nxp.com>
	Thu, 13 May 2021 01:49:19 +0000 (09:49 +0800)
commit	ca4258ca0702e082ad975e08ee33fd05d518b690
tree	32fa313ed8c60a36ce2ffae57dea8db28695e68e	tree
parent	ff17b410ea60f6450c2ef9342a5b9e55e1929470	commit \| diff

MA-18680-2 Support derive rpmb key from BKEK

The BKEK will bind to the soc chip and we don't need to
store the encapsulated keyslot after using BKEK as the
rpmb key, which reduces the risk of losing the rpmb key.

This commit adds two commands to support derive the rpmb
key from BKEK and erase the rpmb storage (for debug purpose,
need support from trusty):
  $ fastboot oem set-rpmb-hardware-key
  $ fastboot oem erase-rpmb

Legacy keyslot way is still supported and boards programed
with keyslot can still work in compatible way. Command
to set provisioned rpmb key is changed to:
  $ fastboot stage <rpmb-key>
  $ fastboot oem set-rpmb-staged-key

Test: Key set and boot on imx8mn/imx8qxp.

Change-Id: Ifc88010fe8802d3550e42dff0bbd5a5e5ad922a3
Signed-off-by: Ji Luo <ji.luo@nxp.com>
(cherry picked from commit 0fd1b5e41645ac3f5c05ad82258df1645c59fb5a)
(cherry picked from commit 6a5125b9caf4c2e036853d8f53f8398c147758b3)

drivers/fastboot/fb_fsl/fb_fsl_command.c		diff \| blob \| history
include/fb_fsl.h		diff \| blob \| history
include/fsl_avb.h		diff \| blob \| history
include/interface/storage/storage.h		diff \| blob \| history
include/trusty/rpmb.h		diff \| blob \| history
lib/avb/fsl/fsl_avbkey.c		diff \| blob \| history
lib/avb/fsl/fsl_bootctrl.c		diff \| blob \| history
lib/trusty/ql-tipc/ipc.c		diff \| blob \| history
lib/trusty/ql-tipc/libtipc.c		diff \| blob \| history
lib/trusty/ql-tipc/rpmb_proxy.c		diff \| blob \| history