newton: Support AVB2 public key switch during build time [1/1]

PD#SWPL-16016

Problem:
need to support both dev and release keys into bootloader

Solution:
1. Android AVB2 can be used to verify integrity of various partition on
device and vendor kernel verification can become optional.
Use CONFIG_SKIP_KERNEL_DTB_VERIFY config to skip vendor kernel/dtb
verification (e.g. AVB2 enabled and no encryption used).
2. Support AVB2 public key switch during build time
3. to enable this function, please build by:
    Use *DEFAULT* public key: ./mk sm1_ac214_v1
    Use *ONLY* vendor public key:
        CONFIG_AVB2_KPUB_VENDOR=1 ./mk sm1_ac214_v1
    Use *BOTH* vendor *AND* default public key.
        CONFIG_AVB2_KPUB_DEFAULT_VENDOR=1 ./mk sm1_ac214_v1

Verify:
newton

Change-Id: I642a3ef966c80be6672b8243be2e4a3af00193f7
Signed-off-by: Xindong Xu <xindong.xu@amlogic.com>

4 files changed, 50 insertions, 2 deletions

diff --git a/board/amlogic/sm1_ac214_v1/avb2_kpub.c b/board/amlogic/sm1_ac214_v1/avb2_kpub.c
new file mode 100644
index 0000000..0fdb300
--- a/dev/null
+++ b/board/amlogic/sm1_ac214_v1/avb2_kpub.c
@@ -0,0 +1,39 @@
+#ifdef CONFIG_AVB2_KPUB_VENDOR
+const char avb2_kpub_vendor[520] = {
+	0x00,0x00,0x08,0x00,0x91,0xc3,0xd6,0xad,0x8a,0xed,0x01,0x05,0x87,0x93,0x01,0x7d,
+	0x17,0x92,0xba,0x4d,0xa8,0x43,0xdb,0xd0,0x2c,0x2d,0x7f,0x91,0xd4,0x81,0x7e,0x2c,
+	0xdd,0xd2,0x21,0x53,0xc8,0xd8,0x95,0x77,0x9e,0xca,0x50,0x88,0xc2,0xcd,0xf3,0x76,
+	0xb8,0xc2,0x56,0x88,0xbb,0x4d,0x51,0x86,0xbb,0x80,0xaf,0xb5,0x4f,0x13,0x2d,0xf3,
+	0x09,0x05,0x66,0xae,0xb5,0x32,0x86,0xf9,0xeb,0x78,0x66,0x3e,0x5f,0x05,0x6c,0xd9,
+	0xf6,0xa9,0xbe,0x3e,0xfe,0x0f,0xc3,0xb1,0xa7,0x99,0xb2,0xdb,0xa9,0xb4,0x3f,0x4b,
+	0xf6,0x90,0x55,0xb8,0x8c,0x94,0xb2,0x49,0x7c,0x85,0x9d,0xc6,0x14,0xed,0xd7,0x9f,
+	0xd0,0x57,0x5b,0x5f,0x4d,0x02,0x15,0xd8,0x76,0x2e,0x6a,0x53,0x11,0xac,0x5a,0xc2,
+	0x27,0x45,0x2a,0xaa,0x01,0x22,0xf1,0x99,0x5f,0xf3,0x11,0x01,0x85,0x86,0x11,0x15,
+	0x87,0xd6,0x65,0x08,0x4c,0x98,0xba,0x4a,0x9a,0x55,0xa5,0x2e,0x9c,0x40,0xdd,0x91,
+	0xc0,0x00,0x05,0x1a,0x5c,0x69,0x3e,0xb5,0x40,0xec,0x30,0xe5,0x06,0xd9,0x7b,0xc4,
+	0xfc,0x2b,0xf1,0x60,0x57,0x1c,0xf5,0x33,0x3e,0x1e,0x17,0x5a,0x65,0xa6,0x14,0x9a,
+	0x6a,0x1f,0x78,0x4c,0x21,0xb9,0x59,0xcf,0x91,0x15,0xe6,0x79,0x41,0x80,0x13,0xb8,
+	0x1a,0xac,0x28,0xf5,0x3b,0xb7,0xd0,0x40,0x9a,0x7c,0x57,0x05,0xb8,0x40,0x1a,0x24,
+	0xa4,0x29,0x4a,0x48,0xf4,0xb9,0xfd,0x37,0x8d,0x8c,0x2e,0xf4,0x7d,0x47,0xe3,0x41,
+	0x02,0x20,0x99,0x0a,0x85,0x0e,0x28,0xf6,0x01,0x8a,0xba,0x9c,0xca,0x9e,0x3c,0x4d,
+	0x92,0x62,0x2e,0xe6,0x38,0x32,0x02,0xdb,0x62,0xbd,0x26,0x27,0x73,0x8a,0x83,0x15,
+	0x05,0xe9,0x0d,0x0c,0x2c,0xf3,0xeb,0x74,0xa7,0x1a,0xfc,0xa6,0xa0,0x2e,0x4a,0x23,
+	0x0e,0x7b,0x21,0x0d,0x31,0x66,0x7a,0x33,0xc4,0x58,0x94,0xb5,0x6f,0x9b,0x27,0x08,
+	0x8d,0x25,0x1f,0x79,0xab,0xec,0x74,0x55,0x35,0xfb,0x2d,0xe1,0xef,0x25,0xe0,0x87,
+	0xd2,0xe4,0x0c,0x57,0xd9,0x82,0xee,0x02,0x15,0xaf,0x8c,0x7a,0xa5,0xed,0x8b,0xe1,
+	0x77,0x2b,0x32,0xee,0xda,0x06,0x65,0xaa,0x50,0xc3,0xa4,0x44,0x8c,0xe8,0x2f,0x95,
+	0xe2,0x14,0xc0,0x8e,0x90,0x18,0x14,0x87,0x96,0xbd,0x8f,0x43,0xcc,0xc2,0x80,0x91,
+	0x45,0x93,0x77,0x40,0xa3,0x61,0x18,0xba,0x4d,0xe1,0x8c,0xd1,0x16,0x44,0x69,0x16,
+	0xf0,0x30,0x78,0x97,0x88,0xa3,0xdb,0x23,0x18,0x23,0xcc,0x38,0xbc,0x55,0x60,0xe6,
+	0x26,0x9c,0x75,0xf5,0x4b,0xe2,0x57,0xe0,0x22,0xd4,0x1b,0xe8,0xe6,0x12,0x24,0x96,
+	0x40,0x0c,0xe7,0x02,0xac,0x78,0x6a,0x47,0xe3,0x96,0x38,0xb7,0xed,0xca,0x31,0x4f,
+	0xfe,0x84,0x99,0x0b,0x74,0xfa,0x23,0x7d,0x05,0xfc,0xf2,0x01,0x01,0xbf,0xa2,0xd0,
+	0x54,0xa6,0xfa,0x7a,0x76,0xcb,0x27,0x2f,0xed,0x3d,0x06,0x83,0x16,0x50,0x0f,0x71,
+	0x12,0xc7,0x55,0x6c,0x9b,0x84,0x2d,0x5c,0x8c,0xb9,0x13,0x54,0xe8,0x2e,0xe9,0x97,
+	0x59,0x43,0x76,0xfb,0xec,0xa2,0xdf,0x45,0xcc,0xfb,0x07,0xea,0xa5,0xaa,0xe0,0x53,
+	0x4b,0xcd,0x74,0x6e,0x69,0x81,0x68,0x36,0x0d,0x1e,0xd2,0x19,0xc2,0xa3,0x22,0x45,
+	0xaa,0x27,0xe2,0xc9,0xd8,0x1d,0xbc,0xdc
+};
+
+const int avb2_kpub_vendor_len = sizeof(avb2_kpub_vendor) / sizeof(char);
+#endif /* CONFIG_AVB2_KPUB_VENDOR */
diff --git a/board/amlogic/sm1_ac214_v1/config.mk b/board/amlogic/sm1_ac214_v1/config.mk
new file mode 100644
index 0000000..7135e31
--- a/dev/null
+++ b/board/amlogic/sm1_ac214_v1/config.mk
@@ -0,0 +1,8 @@
+ifdef CONFIG_AVB2_KPUB_DEFAULT_VENDOR
+PLATFORM_CPPFLAGS += -DCONFIG_AVB2_KPUB_DEFAULT_VENDOR=1
+PLATFORM_CPPFLAGS += -DCONFIG_AVB2_KPUB_VENDOR=1
+endif
+
+ifdef CONFIG_AVB2_KPUB_VENDOR
+PLATFORM_CPPFLAGS += -DCONFIG_AVB2_KPUB_VENDOR=1
+endif
diff --git a/board/amlogic/sm1_ac214_v1/sm1_ac214_v1.c b/board/amlogic/sm1_ac214_v1/sm1_ac214_v1.c
index e89996f..f2dd5e9 100644
--- a/board/amlogic/sm1_ac214_v1/sm1_ac214_v1.c
+++ b/board/amlogic/sm1_ac214_v1/sm1_ac214_v1.c
@@ -55,6 +55,7 @@
 #include <linux/mtd/partitions.h>
 #include <linux/sizes.h>
 #include <asm-generic/gpio.h>
+#include "avb2_kpub.c"
 #include <dm.h>
 #ifdef CONFIG_AML_SPIFC
 #include <amlogic/spifc.h>
diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c
index 4609cd1..ad122d3 100644
--- a/common/cmd_bootm.c
+++ b/common/cmd_bootm.c
@@ -132,6 +132,8 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 {
         int nRet;
 	char *avb_s;
+	char argv0_new[12] = {0};
+	char *argv_new = (char*)&argv0_new;
 #ifdef CONFIG_NEEDS_MANUAL_RELOC
 	static int relocated = 0;
 
@@ -271,8 +273,6 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 		else
 			nCheckOffset = 0;
 		img_addr += nCheckOffset;
-		char argv0_new[12] = {0};
-		char *argv_new = (char*)&argv0_new;
 		snprintf(argv0_new, sizeof(argv0_new), "%lx", img_addr);
 		argc = 1;
 		argv = (char**)&argv_new;