From d7a760613efbeeea83ca4b8d9949941050e15805 Mon Sep 17 00:00:00 2001 From: Ji Luo Date: Wed, 19 May 2021 13:48:05 +0800 Subject: [PATCH] MA-19065-1 Support widevine keybox provision support widevine keybox provisioning via hwcrypto, the keybox would be wrote into secure storage. This commit supports two kinds of widevine keybox provisioning: plain text keybox and encrypted keybox. Command to provision the plain text keybox: $ fastboot stage $ fastboot oem provision-wv-keybox Command to provision the encrypted text keybox: $ fastboot stage $ fastboot oem provision-wv-keybox-enc Test: plain text/encrypted keybox provisioning on imx8mp. Change-Id: I241afade415fc3e2b0a80d286b3cc4e8d702e620 Signed-off-by: Ji Luo --- drivers/fastboot/fb_fsl/fb_fsl_command.c | 16 ++++++++ include/fb_fsl.h | 2 + include/interface/hwcrypto/hwcrypto.h | 2 + include/trusty/hwcrypto.h | 8 ++++ include/trusty/libtipc.h | 1 + lib/trusty/ql-tipc/hwcrypto.c | 47 ++++++++++++++++++++++++ 6 files changed, 76 insertions(+) diff --git a/drivers/fastboot/fb_fsl/fb_fsl_command.c b/drivers/fastboot/fb_fsl/fb_fsl_command.c index d2eee5e6ed..104e86e496 100644 --- a/drivers/fastboot/fb_fsl/fb_fsl_command.c +++ b/drivers/fastboot/fb_fsl/fb_fsl_command.c @@ -664,6 +664,22 @@ static void flashing(char *cmd, char *response) printf("Serial number generated!\n"); strcpy(response, "OKAY"); } + } else if (endswith(cmd, FASTBOOT_WV_PROVISION)) { + if (hwcrypto_provision_wv_key(fastboot_buf_addr, fastboot_bytes_received)) { + printf("ERROR provision widevine keybox failed!\n"); + strcpy(response, "FAILInternal error!"); + } else { + printf("Provision widevine keybox successfully!\n"); + strcpy(response, "OKAY"); + } + } else if (endswith(cmd, FASTBOOT_WV_PROVISION_ENC)) { + if (hwcrypto_provision_wv_key_enc(fastboot_buf_addr, fastboot_bytes_received)) { + printf("ERROR provision widevine keybox failed!\n"); + strcpy(response, "FAILInternal error!"); + } else { + printf("Provision widevine keybox successfully!\n"); + strcpy(response, "OKAY"); + } } #ifdef CONFIG_ID_ATTESTATION else if (endswith(cmd, FASTBOOT_APPEND_ATTESTATION_ID)) { diff --git a/include/fb_fsl.h b/include/fb_fsl.h index a0018169ef..dece725c1b 100644 --- a/include/fb_fsl.h +++ b/include/fb_fsl.h @@ -105,6 +105,8 @@ #define FASTBOOT_GET_MPPUBK "get-mppubk" #define FASTBOOT_GET_SERIAL_NUMBER "get-serial-number" #define FASTBOOT_APPEND_ATTESTATION_ID "append-device-id" +#define FASTBOOT_WV_PROVISION "provision-wv-keybox" +#define FASTBOOT_WV_PROVISION_ENC "provision-wv-keybox-enc" #endif #ifdef CONFIG_ANDROID_THINGS_SUPPORT diff --git a/include/interface/hwcrypto/hwcrypto.h b/include/interface/hwcrypto/hwcrypto.h index b8afb94aef..0bfb213689 100644 --- a/include/interface/hwcrypto/hwcrypto.h +++ b/include/interface/hwcrypto/hwcrypto.h @@ -41,6 +41,8 @@ enum hwcrypto_command { HWCRYPTO_GEN_RNG = (3 << HWCRYPTO_REQ_SHIFT), HWCRYPTO_GEN_BKEK = (4 << HWCRYPTO_REQ_SHIFT), HWCRYPTO_LOCK_BOOT_STATE = (5 << HWCRYPTO_REQ_SHIFT), + HWCRYPTO_PROVISION_WV_KEY = (6 << HWCRYPTO_REQ_SHIFT), + HWCRYPTO_PROVISION_WV_KEY_ENC = (7 << HWCRYPTO_REQ_SHIFT), }; /** diff --git a/include/trusty/hwcrypto.h b/include/trusty/hwcrypto.h index bf7ae4cd87..e9f0344207 100644 --- a/include/trusty/hwcrypto.h +++ b/include/trusty/hwcrypto.h @@ -89,4 +89,12 @@ int hwcrypto_gen_bkek(uint32_t buf, uint32_t len); * */ int hwcrypto_lock_boot_state(void); +/* Send request to secure side to provision widevine keybox + * */ +int hwcrypto_provision_wv_key(const char *data, uint32_t data_size); + +/* Send request to secure side to provision encrypted widevine keybox + * */ +int hwcrypto_provision_wv_key_enc(const char *data, uint32_t data_size); + #endif /* TRUSTY_HWCRYPTO_H_ */ diff --git a/include/trusty/libtipc.h b/include/trusty/libtipc.h index 69e480104c..4f078bb8ae 100644 --- a/include/trusty/libtipc.h +++ b/include/trusty/libtipc.h @@ -27,6 +27,7 @@ #include #include #include +#include /* * Initialize TIPC library diff --git a/lib/trusty/ql-tipc/hwcrypto.c b/lib/trusty/ql-tipc/hwcrypto.c index dd866e5c2b..21c58826c8 100644 --- a/lib/trusty/ql-tipc/hwcrypto.c +++ b/lib/trusty/ql-tipc/hwcrypto.c @@ -31,6 +31,7 @@ #include "common.h" #include #include +#include #define LOCAL_LOG 0 #define CAAM_KB_HEADER_LEN 48 @@ -280,3 +281,49 @@ int hwcrypto_lock_boot_state(void) { return hwcrypto_do_tipc(HWCRYPTO_LOCK_BOOT_STATE, NULL, 0, NULL, 0); } + +int hwcrypto_provision_wv_key(const char *data, uint32_t data_size) +{ + uint8_t *req = NULL, *tmp; + /* sanity check */ + if (!data || !data_size) + return TRUSTY_ERR_INVALID_ARGS; + + /* serialize the request */ + req = trusty_calloc(data_size + sizeof(data_size), 1); + if (!req) { + return TRUSTY_ERR_NO_MEMORY; + } + tmp = append_sized_buf_to_buf(req, (uint8_t *)data, data_size); + + int rc = hwcrypto_do_tipc(HWCRYPTO_PROVISION_WV_KEY, (void*)req, + data_size + sizeof(data_size), NULL, 0); + + if (req) + trusty_free(req); + + return rc; +} + +int hwcrypto_provision_wv_key_enc(const char *data, uint32_t data_size) +{ + uint8_t *req = NULL, *tmp; + /* sanity check */ + if (!data || !data_size) + return TRUSTY_ERR_INVALID_ARGS; + + /* serialize the request */ + req = trusty_calloc(data_size + sizeof(data_size), 1); + if (!req) { + return TRUSTY_ERR_NO_MEMORY; + } + tmp = append_sized_buf_to_buf(req, (uint8_t *)data, data_size); + + int rc = hwcrypto_do_tipc(HWCRYPTO_PROVISION_WV_KEY_ENC, (void*)req, + data_size + sizeof(data_size), NULL, 0); + + if (req) + trusty_free(req); + + return rc; +} -- 2.17.1