read_keyslot_package(&kp);
if (strcmp(kp.magic, KEYPACK_MAGIC)) {
printf("keyslot package magic error. Will generate new one\n");
+ memset((void *)&kp, 0, sizeof(struct keyslot_package));
gen_rpmb_key(&kp);
}
#ifndef CONFIG_IMX_TRUSTY_OS
printf("RPMB key programed successfully!\n");
/* Generate keyblob with CAAM. */
+ memset((void *)&kp, 0, sizeof(struct keyslot_package));
kp.rpmb_keyblob_len = RPMBKEY_LENGTH + CAAM_PAD;
strcpy(kp.magic, KEYPACK_MAGIC);
if (hwcrypto_gen_blob((uint32_t)(ulong)rpmb_key, RPMBKEY_LENGTH,
memcpy(kp.rpmb_keyblob, blob, kp.rpmb_keyblob_len);
+ /* Reset key after use */
+ memset(rpmb_key, 0, RPMBKEY_LENGTH);
+ memset(key, 0, RPMBKEY_LENGTH);
+
/* Store the rpmb key blob to last block of boot1 partition. */
if (mmc_switch_part(mmc, KEYSLOT_HWPARTITION_ID) != 0) {
printf("ERROR - can't switch to boot1 partition! \n");
goto fail;
}
- /* Erase the key buffer. */
- memset(rpmb_key, 0, RPMBKEY_LENGTH);
- memset(key, 0, RPMBKEY_LENGTH);
-
fail:
/* Return to original partition */
if (desc->hwpart != original_part) {
#define RPMBKEY_LEN (32 + CAAM_PAD)
#define KEYPACK_MAGIC "!KS"
+#define KEYPACK_PAD_LENGTH (512 - 4 * sizeof(char) - sizeof(unsigned int) - RPMBKEY_LEN * sizeof(unsigned char))
struct keyslot_package
{
char magic[4];
unsigned int rpmb_keyblob_len;
unsigned char rpmb_keyblob[RPMBKEY_LEN];
+ // padding keyslot_package to 1 block size
+ unsigned char pad[KEYPACK_PAD_LENGTH];
};
int gen_rpmb_key(struct keyslot_package *kp);
projects / u-boot.git / commitdiff