strcpy(response, "OKAY");
}
}
+#ifdef CONFIG_ID_ATTESTATION
+ else if (endswith(cmd, FASTBOOT_APPEND_ATTESTATION_ID)) {
+ if (trusty_append_attestation_id(ATTESTATION_ID_BRAND, strlen(ATTESTATION_ID_BRAND))) {
+ printf("Error append ATTESTATION_ID_BRAND failed!\n");
+ strcpy(response, "FAILAppend ATTESTATION_ID_BRAND failed!");
+ } else if (trusty_append_attestation_id(ATTESTATION_ID_DEVICE, strlen(ATTESTATION_ID_DEVICE))) {
+ printf("Error append ATTESTATION_ID_DEVICE failed!\n");
+ strcpy(response, "FAILAppend ATTESTATION_ID_DEVICE failed!");
+ } else if (trusty_append_attestation_id(CONFIG_ATTESTATION_ID_PRODUCT, strlen(CONFIG_ATTESTATION_ID_PRODUCT))) {
+ printf("Error append ATTESTATION_ID_PRODUCT failed!\n");
+ strcpy(response, "FAILAppend ATTESTATION_ID_PRODUCT failed!");
+ } else if (trusty_append_attestation_id(ATTESTATION_ID_MANUFACTURER, strlen(ATTESTATION_ID_MANUFACTURER))) {
+ printf("Error append ATTESTATION_ID_MANUFACTURER failed!\n");
+ strcpy(response, "FAILAppend ATTESTATION_ID_MANUFACTURER failed!");
+ } else if (trusty_append_attestation_id(ATTESTATION_ID_MODEL, strlen(ATTESTATION_ID_MODEL))) {
+ printf("Error append ATTESTATION_ID_MODEL failed!\n");
+ strcpy(response, "FAILAppend ATTESTATION_ID_MODEL failed!");
+ } else {
+ char *serial = get_serial();
+
+ if (!serial) {
+ printf("Error Failed to append the serial number!\n");
+ strcpy(response, "FAIL Failed to append the serial number!");
+ } else if (trusty_append_attestation_id(serial, 16)) {
+ printf("Error Failed to append the serial number!\n");
+ strcpy(response, "FAILFailed to append the serial number!");
+ } else
+ strcpy(response, "OKAY");
+ }
+ }
+#endif
#ifndef CONFIG_AVB_ATX
else if (endswith(cmd, FASTBOOT_SET_RPMB_KEY)) {
if (fastboot_set_rpmb_key(fastboot_buf_addr, fastboot_bytes_received)) {
#define KEYSLOT_HWPARTITION_ID 2
#define KEYSLOT_BLKS 0x3FFF
+#ifdef CONFIG_ID_ATTESTATION
+#define ATTESTATION_ID_BRAND "Android"
+#define ATTESTATION_ID_DEVICE "mek_8q"
+#define ATTESTATION_ID_MANUFACTURER "nxp"
+#define ATTESTATION_ID_MODEL "MEK-MX8Q"
+#endif
+
+#endif
+
#ifdef CONFIG_DUAL_BOOTLOADER
#define BOOTLOADER_RBIDX_OFFSET 0x3FE000
#define BOOTLOADER_RBIDX_START 0x3FF000
#define CONFIG_SYS_SPL_PTE_RAM_BASE 0x801F8000
#endif
-#endif
-
#ifdef CONFIG_SPL_BUILD
#undef CONFIG_BLK
#define FASTBOOT_APPEND_EC_ATTESTATION_CERT_ENC "append-ec-atte-cert-enc"
#define FASTBOOT_GET_MPPUBK "get-mppubk"
#define FASTBOOT_GET_SERIAL_NUMBER "get-serial-number"
+#define FASTBOOT_APPEND_ATTESTATION_ID "append-device-id"
#endif
#ifdef CONFIG_ANDROID_THINGS_SUPPORT
KM_SET_ATTESTATION_KEY_ENC = (0xa000 << KEYMASTER_REQ_SHIFT),
KM_APPEND_ATTESTATION_CERT_CHAIN_ENC = (0xb000 << KEYMASTER_REQ_SHIFT),
KM_GET_MPPUBK = (0xc000 << KEYMASTER_REQ_SHIFT),
- KM_VERIFY_SECURE_UNLOCK = (0xd000 << KEYMASTER_REQ_SHIFT)
+ KM_VERIFY_SECURE_UNLOCK = (0xd000 << KEYMASTER_REQ_SHIFT),
+ KM_APPEND_ATTESTATION_ID = (0xe000 << KEYMASTER_REQ_SHIFT)
};
typedef enum {
const uint8_t *data;
} TRUSTY_ATTR_PACKED;
+struct km_attestation_id_data {
+ uint32_t data_size;
+ const uint8_t *data;
+} TRUSTY_ATTR_PACKED;
/**
* km_raw_buffer - represents a single raw buffer
*
uint32_t credential_size,
uint8_t *serial, uint32_t serial_size);
+/*
+ * trusty_append_attestation_id is called to set attestation Device ID.
+ *
+ * @ data: Device ID string
+ * @ data_size: Device ID size
+ * */
+int trusty_append_attestation_id(const char *data, uint32_t data_size);
+
#endif /* TRUSTY_KEYMASTER_H_ */
int km_attestation_data_serialize(const struct km_attestation_data *data,
uint8_t **out, uint32_t *out_size);
+/**
+ * Serializes a km_attestation_id_data structure. On success, allocates |*out_size|
+ * bytes to |*out| and writes the serialized |data| to |*out|. Caller takes
+ * ownership of |*out|. Returns one of trusty_err.
+ */
+int km_attestation_id_data_serialize(const struct km_attestation_id_data *data,
+ uint8_t** out, uint32_t *out_size);
+
/**
* Serializes a km_secure_unlock_data structure. On success, allocates |*out_size|
* bytes to |*out| and writes the serialized |data| to |*out|. Caller takes
default n
depends on IMX_TRUSTY_OS
+config ID_ATTESTATION
+ bool "Support device ID attestation"
+ default n
+ depends on IMX_TRUSTY_OS
+
+config ATTESTATION_ID_PRODUCT
+ string "Product name for ID attestation"
+ depends on IMX_TRUSTY_OS && ID_ATTESTATION
+ default SYS_CONFIG_NAME
+
endmenu
menu "Hashing Support"
}
return rc;
}
+
+int trusty_append_attestation_id(const char *data, uint32_t data_size)
+{
+ struct km_attestation_id_data attestation_id_data = {
+ .data_size = data_size,
+ .data = (uint8_t *)data,
+ };
+ uint8_t *req = NULL;
+ uint32_t req_size = 0;
+ int rc = km_attestation_id_data_serialize(&attestation_id_data, &req, &req_size);
+
+ if (rc < 0) {
+ trusty_error("failed (%d) to serialize request\n", rc);
+ goto end;
+ }
+ rc = km_do_tipc(KM_APPEND_ATTESTATION_ID, req, req_size, NULL, NULL);
+
+end:
+ if (req) {
+ trusty_free(req);
+ }
+ return rc;
+}
return TRUSTY_ERR_NONE;
}
+int km_attestation_id_data_serialize(const struct km_attestation_id_data *data,
+ uint8_t** out, uint32_t *out_size)
+{
+ if (!out || !data || !out_size) {
+ return TRUSTY_ERR_INVALID_ARGS;
+ }
+ *out_size = (sizeof(data->data_size) + data->data_size);
+ *out = trusty_calloc(*out_size, 1);
+ if (!*out) {
+ return TRUSTY_ERR_NO_MEMORY;
+ }
+
+ append_sized_buf_to_buf(*out, data->data, data->data_size);
+
+ return TRUSTY_ERR_NONE;
+}
+
int km_secure_unlock_data_serialize(const struct km_secure_unlock_data *data,
uint8_t** out, uint32_t *out_size)
{
projects / u-boot.git / commitdiff