It works only when verification error is allowed, it avoids
AVB workflow to load the full partition which wastes time.
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: Icbcd48b7bf97d826663523099c944e269f17b709
The commit point is updated to google external/avb/
which commit point is 868db2a514bbb02e166fb55b1592b27de8c9680c.
Change-Id: I10f7c0ac356a7666b518b62e59ccb62277668578
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
The avb process have verify next level firmware to ensure its
availability. So there is no need to support lastboot in avb
process.
Change-Id: I1623a2bd93c54802ce0067cad7061ade6cc56313
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Using malloc buffer to load image makes CONFIG_SYS_MALLOC_LEN must be
large enough, sysmem alloc is a better way.
Change-Id: I24e2b86c53b8d3307c0d155fc37cb499c321e1c6
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Since we use the pre-loader public key to verify permanent attribute, then
we do not need to write permanent attribute hash to otp & efuse.
Change-Id: Ic5e19fed2fc9405ab5bc7504dd930fd5f02d847c
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Since the stderr is not used in uboot, use printf to print the
message.
Change-Id: Ib522609e783acf8f407e2f9fb3805b553c543cba
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Do not update the PIK version if it is equal to the value in the storage,
otherwise the error may occur in power failure test.
Change-Id: Ia478d9b404de3982b4de5b185e15d181b37f5fd9
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
- only allow "boot_android" as bootcmd;
- enter rockusb or fastboot when boot failed;
- don't allow ctrl+c to enter hush;
Change-Id: I7a67f4b738ed78370f19fe2c8c920a5abc104b4b
Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
If the item is not existent, trust will return TEE_ERROR_GENERIC
TEE_ERROR_NO_DATA and TEE_ERROR_ITEM_NOT_FOUND. We initialize
the item when return these value.
TEST: fastboot getvar at-vboot-state
ERROR: avb-perm-attr-set=0
avb-locked=
avb-unlock-disabled=
Change-Id: Ie1b4e1ce7d1dc419a0af11e5701b0130f2f7f553
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Bug: Run 'fastboot getvar at-vboot-state', then HANG
in the fastboot without any message.
Cause: The fastboot can not decide the vboot size when
the return information size of vboot state is larger
than the VBOOT_STATE_SIZE. This makes the device will not
response to console.
Solution: 1. Enlarge VBOOT_STATE_SIZE. The max size of
vboot state may be 862, so define VBOOT_STATE_SIZE
to 1000.
2. Use snprintf to get the info.
Change-Id: I2d0fda76ca9034c596993ab27a02cbf2fa550977
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Use the function get_timer to get the random
seed. Then the seed is used by function srand
to initialize the random data.
Change-Id: Iaae6a17d22b8e85fb4d4b6c6247cd11003b64eea
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
according to google lib avb
commit id: 44e07124afb1f46af0d745d83481f49c482900b1
Change-Id: Ie59a7265699e3e6b1673bb64da6d1c7a1e7b6201
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
The bootloader include uboot and trust. The uboot slot index
number is 0. The trust slot number index is 1.
Change-Id: Ia62edbf60486fa4128756458c6312f682a83d0f7
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Acording to google, the avb-min-versions includes the slot number
rather than the image rollback-index stored in the image.
PIK/PSK: use AVB_ATX_PSK_VERSION_LOCATION and AVB_ATX_PIK_VERSION_LOCATION
as slot number.
Change-Id: I06b8d107e27f1e0f136b5e964c1287bc13f80b7c
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
the lib avb use this function to set key version
Change-Id: Id0903b3326a0d6a0eadebd1ce23a19f92102908c
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
The commit point is updated to google external/avb/
which commit point is cf8c56208d2d9643804a7f123b196c7ebc9af276.
Change-Id: I5a10a8a45d3e9e2c9d20d9b3d44946073c9a49ff
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
1.support the permanent attribute verify
2.support the PRK, PIK, PSK certificate verify
and then get the psk public_key, compare it with
public_key in vbmeta.
If the function is required, please open the macro
AVB_VBMETA_PUBLIC_KEY_VALIDATE.
Change-Id: Ifeab776c76f97fadd980671481ce27d203516673
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Load the boot image real size other than the
boot partition size. If not, the uboot can not
malloc a big buffer for the all boot partition.
Change-Id: Ifc8d7cc1f214b94f6018c68cb03e8e9ce89781de
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
The android things require the soc-v key hash to be flashed
using the fastboot. So these function can be used in fastboot
to flash the key hash.
Change-Id: I6e00f2e1e371793b6f0868356ac0a51090adfe5e
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Add a flag to indicate the permanent attributes
have been written or not.
Change-Id: Id0b22158772bdf18466205df5f08cb0ddb820fbf
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
change OpteeClientTest.c to OpteeClientInterface.c
Change-Id: I68b32a2a4757af655bd4eaa723067f024ff112ef
Signed-off-by: Hisping Lin <hisping.lin@rock-chips.com>
There is no need to malloc a space if offset
and num_bytes is multiple of 512 in function
read_from_partition.
The blk_dwrite in write_to_partition do not
return 1 if execute success. So do not need
to judge the return value.
Change-Id: Icd5681815640e86166d05ab3fc74f95d669621c7
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Joseph Chen
Jason Zhu
Cody Xie
Hisping Lin