| author | Mingyen Hung <mingyen.hung@amlogic.com> | 2019-09-16 09:08:43 (GMT) |
|---|---|---|
| committer | Jianxin Pan <jianxin.pan@amlogic.com> | 2019-10-17 04:07:23 (GMT) |
| commit | 093dd677cf5cd94dedbcf7d3100c71eab116e78a (patch) | |
| tree | 78619421860ede02f3a1dbd5e04ca484f24100fc | |
| parent | fa878fc1f466bc04297370e72a5b0790fc9b306b (diff) | |
| download | common-093dd677cf5cd94dedbcf7d3100c71eab116e78a.zip common-093dd677cf5cd94dedbcf7d3100c71eab116e78a.tar.gz common-093dd677cf5cd94dedbcf7d3100c71eab116e78a.tar.bz2 | |
dts: keymaster4: Device ID attestation [2/2]
PD#SWPL-12224
Problem:
Need to add support for device ID attestation
Solution:
1. Add new key slot, attestationdevidbox, to unify keys
Verify:
1. Android Q + Franklin
2. run cts -m CtsKeystoreTestCases \
-t android.keystore.cts.KeyAttestationTest#testDeviceIdAttestation
Change-Id: Ie5f2827462843c1ea2a35f5b60c0a1d6d1f6d2c1
Signed-off-by: Mingyen Hung <mingyen.hung@amlogic.com>
| -rw-r--r-- | arch/arm/boot/dts/amlogic/g12a_s905d2_u200.dts | 8 | ||||
| -rw-r--r-- | arch/arm/boot/dts/amlogic/g12a_s905d2_u200_1g.dts | 8 | ||||
| -rw-r--r-- | arch/arm/boot/dts/amlogic/g12a_s905x2_u212.dts | 8 | ||||
| -rw-r--r-- | arch/arm/boot/dts/amlogic/g12b_a311d_w400.dts | 8 | ||||
| -rw-r--r-- | arch/arm/boot/dts/amlogic/gxl_p212_1g.dts | 9 | ||||
| -rw-r--r-- | arch/arm/boot/dts/amlogic/sm1_s905d3_ac200.dts | 8 | ||||
| -rw-r--r-- | arch/arm/boot/dts/amlogic/sm1_s905x3_ac213.dts | 8 | ||||
| -rw-r--r-- | arch/arm/boot/dts/amlogic/txlx_t962e_r321.dts | 8 | ||||
| -rw-r--r-- | arch/arm64/boot/dts/amlogic/g12a_s905d2_u200.dts | 8 | ||||
| -rw-r--r-- | arch/arm64/boot/dts/amlogic/g12a_s905d2_u200_1g.dts | 8 | ||||
| -rw-r--r-- | arch/arm64/boot/dts/amlogic/g12a_s905x2_u212.dts | 8 | ||||
| -rw-r--r-- | arch/arm64/boot/dts/amlogic/g12b_a311d_w400.dts | 8 | ||||
| -rw-r--r-- | arch/arm64/boot/dts/amlogic/gxl_p212_1g.dts | 8 | ||||
| -rw-r--r-- | arch/arm64/boot/dts/amlogic/sm1_s905d3_ac200.dts | 8 | ||||
| -rw-r--r-- | arch/arm64/boot/dts/amlogic/sm1_s905x3_ac213.dts | 9 | ||||
| -rw-r--r-- | arch/arm64/boot/dts/amlogic/txlx_t962e_r321.dts | 8 |
16 files changed, 113 insertions, 17 deletions
diff --git a/arch/arm/boot/dts/amlogic/g12a_s905d2_u200.dts b/arch/arm/boot/dts/amlogic/g12a_s905d2_u200.dts index b2d9021a7..4f66326e 100644 --- a/arch/arm/boot/dts/amlogic/g12a_s905d2_u200.dts +++ b/arch/arm/boot/dts/amlogic/g12a_s905d2_u200.dts @@ -396,7 +396,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <18>; + unifykey-num = <19>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -415,6 +415,7 @@ unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; unifykey-index-17= <&keysn_17>; + unifykey-index-18= <&keysn_18>; keysn_0: key_0{ key-name = "usid"; @@ -509,6 +510,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_18:key_18{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey efusekey:efusekey{ diff --git a/arch/arm/boot/dts/amlogic/g12a_s905d2_u200_1g.dts b/arch/arm/boot/dts/amlogic/g12a_s905d2_u200_1g.dts index 77c1951..d9e1ae5 100644 --- a/arch/arm/boot/dts/amlogic/g12a_s905d2_u200_1g.dts +++ b/arch/arm/boot/dts/amlogic/g12a_s905d2_u200_1g.dts @@ -400,7 +400,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <18>; + unifykey-num = <19>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -419,6 +419,7 @@ unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; unifykey-index-17= <&keysn_17>; + unifykey-index-18= <&keysn_18>; keysn_0: key_0{ key-name = "usid"; @@ -513,6 +514,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_18:key_18{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey efusekey:efusekey{ diff --git a/arch/arm/boot/dts/amlogic/g12a_s905x2_u212.dts b/arch/arm/boot/dts/amlogic/g12a_s905x2_u212.dts index 26dc198..67521b5 100644 --- a/arch/arm/boot/dts/amlogic/g12a_s905x2_u212.dts +++ b/arch/arm/boot/dts/amlogic/g12a_s905x2_u212.dts @@ -437,7 +437,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <17>; + unifykey-num = <18>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -455,6 +455,7 @@ unifykey-index-14= <&keysn_14>; unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; + unifykey-index-17= <&keysn_17>; keysn_0: key_0{ key-name = "usid"; key-device = "normal"; @@ -543,6 +544,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_17:key_17{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey efusekey:efusekey{ diff --git a/arch/arm/boot/dts/amlogic/g12b_a311d_w400.dts b/arch/arm/boot/dts/amlogic/g12b_a311d_w400.dts index 6cbaf50..bd632299 100644 --- a/arch/arm/boot/dts/amlogic/g12b_a311d_w400.dts +++ b/arch/arm/boot/dts/amlogic/g12b_a311d_w400.dts @@ -360,7 +360,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <17>; + unifykey-num = <18>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -378,6 +378,7 @@ unifykey-index-14= <&keysn_14>; unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; + unifykey-index-17= <&keysn_17>; keysn_0: key_0{ key-name = "usid"; @@ -467,6 +468,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_17:key_17{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey efusekey:efusekey{ diff --git a/arch/arm/boot/dts/amlogic/gxl_p212_1g.dts b/arch/arm/boot/dts/amlogic/gxl_p212_1g.dts index 1188fb3..9e114d5 100644 --- a/arch/arm/boot/dts/amlogic/gxl_p212_1g.dts +++ b/arch/arm/boot/dts/amlogic/gxl_p212_1g.dts @@ -1114,7 +1114,7 @@ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <18>; + unifykey-num = <19>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -1133,7 +1133,7 @@ unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; unifykey-index-17= <&keysn_17>; - + unifykey-index-18= <&keysn_18>; keysn_0: key_0{ key-name = "usid"; @@ -1228,6 +1228,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_18:key_18{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey dvb { compatible = "amlogic, dvb"; diff --git a/arch/arm/boot/dts/amlogic/sm1_s905d3_ac200.dts b/arch/arm/boot/dts/amlogic/sm1_s905d3_ac200.dts index e466bba..f07ef6b 100644 --- a/arch/arm/boot/dts/amlogic/sm1_s905d3_ac200.dts +++ b/arch/arm/boot/dts/amlogic/sm1_s905d3_ac200.dts @@ -416,7 +416,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <18>; + unifykey-num = <19>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -435,6 +435,7 @@ unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; unifykey-index-17= <&keysn_17>; + unifykey-index-18= <&keysn_18>; keysn_0: key_0{ key-name = "usid"; @@ -529,6 +530,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_18:key_18{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey efusekey:efusekey{ diff --git a/arch/arm/boot/dts/amlogic/sm1_s905x3_ac213.dts b/arch/arm/boot/dts/amlogic/sm1_s905x3_ac213.dts index 09f3790..70588ad 100644 --- a/arch/arm/boot/dts/amlogic/sm1_s905x3_ac213.dts +++ b/arch/arm/boot/dts/amlogic/sm1_s905x3_ac213.dts @@ -432,7 +432,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <17>; + unifykey-num = <18>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -450,6 +450,7 @@ unifykey-index-14= <&keysn_14>; unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; + unifykey-index-17= <&keysn_17>; keysn_0: key_0{ key-name = "usid"; key-device = "normal"; @@ -538,6 +539,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_17:key_17{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey efusekey:efusekey{ diff --git a/arch/arm/boot/dts/amlogic/txlx_t962e_r321.dts b/arch/arm/boot/dts/amlogic/txlx_t962e_r321.dts index d89771a..5a5a47c 100644 --- a/arch/arm/boot/dts/amlogic/txlx_t962e_r321.dts +++ b/arch/arm/boot/dts/amlogic/txlx_t962e_r321.dts @@ -786,7 +786,7 @@ compatible = "amlogic, unifykey"; status = "okay"; - unifykey-num = <22>; + unifykey-num = <23>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -809,6 +809,7 @@ unifykey-index-19 = <&keysn_19>; unifykey-index-20 = <&keysn_20>; unifykey-index-21 = <&keysn_21>; + unifykey-index-22 = <&keysn_22>; keysn_0: key_0{ key-name = "usid"; @@ -925,6 +926,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_22:key_22{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; }; /* End unifykey */ cvbsout { diff --git a/arch/arm64/boot/dts/amlogic/g12a_s905d2_u200.dts b/arch/arm64/boot/dts/amlogic/g12a_s905d2_u200.dts index 61f8fc1..846a34f 100644 --- a/arch/arm64/boot/dts/amlogic/g12a_s905d2_u200.dts +++ b/arch/arm64/boot/dts/amlogic/g12a_s905d2_u200.dts @@ -395,7 +395,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <18>; + unifykey-num = <19>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -414,6 +414,7 @@ unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; unifykey-index-17= <&keysn_17>; + unifykey-index-18= <&keysn_18>; keysn_0: key_0{ key-name = "usid"; @@ -508,6 +509,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_18:key_18{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey efusekey:efusekey{ diff --git a/arch/arm64/boot/dts/amlogic/g12a_s905d2_u200_1g.dts b/arch/arm64/boot/dts/amlogic/g12a_s905d2_u200_1g.dts index 1b110d7..0f889c4 100644 --- a/arch/arm64/boot/dts/amlogic/g12a_s905d2_u200_1g.dts +++ b/arch/arm64/boot/dts/amlogic/g12a_s905d2_u200_1g.dts @@ -394,7 +394,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <18>; + unifykey-num = <19>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -413,6 +413,7 @@ unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; unifykey-index-17= <&keysn_17>; + unifykey-index-18= <&keysn_18>; keysn_0: key_0{ key-name = "usid"; @@ -507,6 +508,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_18:key_18{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey efusekey:efusekey{ diff --git a/arch/arm64/boot/dts/amlogic/g12a_s905x2_u212.dts b/arch/arm64/boot/dts/amlogic/g12a_s905x2_u212.dts index 4388185..d417417 100644 --- a/arch/arm64/boot/dts/amlogic/g12a_s905x2_u212.dts +++ b/arch/arm64/boot/dts/amlogic/g12a_s905x2_u212.dts @@ -399,7 +399,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <17>; + unifykey-num = <18>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -417,6 +417,7 @@ unifykey-index-14= <&keysn_14>; unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; + unifykey-index-17= <&keysn_17>; keysn_0: key_0{ key-name = "usid"; key-device = "normal"; @@ -505,6 +506,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_17:key_17{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey efusekey:efusekey{ diff --git a/arch/arm64/boot/dts/amlogic/g12b_a311d_w400.dts b/arch/arm64/boot/dts/amlogic/g12b_a311d_w400.dts index 474e184..0551a62 100644 --- a/arch/arm64/boot/dts/amlogic/g12b_a311d_w400.dts +++ b/arch/arm64/boot/dts/amlogic/g12b_a311d_w400.dts @@ -361,7 +361,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <17>; + unifykey-num = <18>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -379,6 +379,7 @@ unifykey-index-14= <&keysn_14>; unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; + unifykey-index-17= <&keysn_17>; keysn_0: key_0{ key-name = "usid"; @@ -468,6 +469,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_17:key_17{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey efusekey:efusekey{ diff --git a/arch/arm64/boot/dts/amlogic/gxl_p212_1g.dts b/arch/arm64/boot/dts/amlogic/gxl_p212_1g.dts index b92989e..0f01bfd 100644 --- a/arch/arm64/boot/dts/amlogic/gxl_p212_1g.dts +++ b/arch/arm64/boot/dts/amlogic/gxl_p212_1g.dts @@ -1110,7 +1110,7 @@ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <18>; + unifykey-num = <19>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -1129,6 +1129,7 @@ unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; unifykey-index-17= <&keysn_17>; + unifykey-index-18= <&keysn_18>; keysn_0: key_0{ key-name = "usid"; @@ -1223,6 +1224,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_18:key_18{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey }; diff --git a/arch/arm64/boot/dts/amlogic/sm1_s905d3_ac200.dts b/arch/arm64/boot/dts/amlogic/sm1_s905d3_ac200.dts index a7f0ced..ea3c17a 100644 --- a/arch/arm64/boot/dts/amlogic/sm1_s905d3_ac200.dts +++ b/arch/arm64/boot/dts/amlogic/sm1_s905d3_ac200.dts @@ -414,7 +414,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <18>; + unifykey-num = <19>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -433,6 +433,7 @@ unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; unifykey-index-17= <&keysn_17>; + unifykey-index-18= <&keysn_18>; keysn_0: key_0{ key-name = "usid"; @@ -527,6 +528,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_18:key_18{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; };//End unifykey efusekey:efusekey{ diff --git a/arch/arm64/boot/dts/amlogic/sm1_s905x3_ac213.dts b/arch/arm64/boot/dts/amlogic/sm1_s905x3_ac213.dts index 9cc7793..0d0b358 100644 --- a/arch/arm64/boot/dts/amlogic/sm1_s905x3_ac213.dts +++ b/arch/arm64/boot/dts/amlogic/sm1_s905x3_ac213.dts @@ -491,7 +491,7 @@ unifykey{ compatible = "amlogic, unifykey"; status = "ok"; - unifykey-num = <18>; + unifykey-num = <19>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -510,6 +510,7 @@ unifykey-index-15= <&keysn_15>; unifykey-index-16= <&keysn_16>; unifykey-index-17= <&keysn_17>; + unifykey-index-18= <&keysn_18>; keysn_0: key_0{ key-name = "usid"; @@ -604,6 +605,12 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_18:key_18{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; + };//End unifykey efusekey:efusekey{ diff --git a/arch/arm64/boot/dts/amlogic/txlx_t962e_r321.dts b/arch/arm64/boot/dts/amlogic/txlx_t962e_r321.dts index 4601d8b..6338643 100644 --- a/arch/arm64/boot/dts/amlogic/txlx_t962e_r321.dts +++ b/arch/arm64/boot/dts/amlogic/txlx_t962e_r321.dts @@ -785,7 +785,7 @@ compatible = "amlogic, unifykey"; status = "okay"; - unifykey-num = <22>; + unifykey-num = <23>; unifykey-index-0 = <&keysn_0>; unifykey-index-1 = <&keysn_1>; unifykey-index-2 = <&keysn_2>; @@ -808,6 +808,7 @@ unifykey-index-19 = <&keysn_19>; unifykey-index-20 = <&keysn_20>; unifykey-index-21 = <&keysn_21>; + unifykey-index-22 = <&keysn_22>; keysn_0: key_0{ key-name = "usid"; @@ -924,6 +925,11 @@ key-device = "normal"; key-permit = "read","write","del"; }; + keysn_22:key_22{ + key-name = "attestationdevidbox";// attest dev id box + key-device = "secure"; + key-permit = "read","write","del"; + }; }; /* End unifykey */ cvbsout { |