author | Xindong Xu <xindong.xu@amlogic.com> | 2019-10-30 08:30:54 (GMT) |
---|---|---|
committer | Xindong Xu <xindong.xu@amlogic.com> | 2019-11-28 01:40:53 (GMT) |
commit | ac58c7f7d629cc2cda014e5afe1105ba61cc1f5e (patch) | |
tree | c1c835697b76939b0760dde6f875ed926782d422 | |
parent | a259f9b29de75e4a3a48701eb29a2acda96c14ec (diff) | |
download | uboot-ac58c7f7d629cc2cda014e5afe1105ba61cc1f5e.zip uboot-ac58c7f7d629cc2cda014e5afe1105ba61cc1f5e.tar.gz uboot-ac58c7f7d629cc2cda014e5afe1105ba61cc1f5e.tar.bz2 |
newton: Support AVB2 public key switch during build time [1/1]
PD#SWPL-16016
Problem:
need to support both dev and release keys into bootloader
Solution:
1. Android AVB2 can be used to verify integrity of various partition on
device and vendor kernel verification can become optional.
Use CONFIG_SKIP_KERNEL_DTB_VERIFY config to skip vendor kernel/dtb
verification (e.g. AVB2 enabled and no encryption used).
2. Support AVB2 public key switch during build time
3. to enable this function, please build by:
Use *DEFAULT* public key: ./mk sm1_ac214_v1
Use *ONLY* vendor public key:
CONFIG_AVB2_KPUB_VENDOR=1 ./mk sm1_ac214_v1
Use *BOTH* vendor *AND* default public key.
CONFIG_AVB2_KPUB_DEFAULT_VENDOR=1 ./mk sm1_ac214_v1
Verify:
newton
Change-Id: I642a3ef966c80be6672b8243be2e4a3af00193f7
Signed-off-by: Xindong Xu <xindong.xu@amlogic.com>
-rw-r--r-- | board/amlogic/sm1_ac214_v1/avb2_kpub.c | 39 | ||||
-rw-r--r-- | board/amlogic/sm1_ac214_v1/config.mk | 8 | ||||
-rw-r--r-- | board/amlogic/sm1_ac214_v1/sm1_ac214_v1.c | 1 | ||||
-rw-r--r-- | common/cmd_bootm.c | 4 |
4 files changed, 50 insertions, 2 deletions
diff --git a/board/amlogic/sm1_ac214_v1/avb2_kpub.c b/board/amlogic/sm1_ac214_v1/avb2_kpub.c new file mode 100644 index 0000000..0fdb300 --- a/dev/null +++ b/board/amlogic/sm1_ac214_v1/avb2_kpub.c @@ -0,0 +1,39 @@ +#ifdef CONFIG_AVB2_KPUB_VENDOR +const char avb2_kpub_vendor[520] = { + 0x00,0x00,0x08,0x00,0x91,0xc3,0xd6,0xad,0x8a,0xed,0x01,0x05,0x87,0x93,0x01,0x7d, + 0x17,0x92,0xba,0x4d,0xa8,0x43,0xdb,0xd0,0x2c,0x2d,0x7f,0x91,0xd4,0x81,0x7e,0x2c, + 0xdd,0xd2,0x21,0x53,0xc8,0xd8,0x95,0x77,0x9e,0xca,0x50,0x88,0xc2,0xcd,0xf3,0x76, + 0xb8,0xc2,0x56,0x88,0xbb,0x4d,0x51,0x86,0xbb,0x80,0xaf,0xb5,0x4f,0x13,0x2d,0xf3, + 0x09,0x05,0x66,0xae,0xb5,0x32,0x86,0xf9,0xeb,0x78,0x66,0x3e,0x5f,0x05,0x6c,0xd9, + 0xf6,0xa9,0xbe,0x3e,0xfe,0x0f,0xc3,0xb1,0xa7,0x99,0xb2,0xdb,0xa9,0xb4,0x3f,0x4b, + 0xf6,0x90,0x55,0xb8,0x8c,0x94,0xb2,0x49,0x7c,0x85,0x9d,0xc6,0x14,0xed,0xd7,0x9f, + 0xd0,0x57,0x5b,0x5f,0x4d,0x02,0x15,0xd8,0x76,0x2e,0x6a,0x53,0x11,0xac,0x5a,0xc2, + 0x27,0x45,0x2a,0xaa,0x01,0x22,0xf1,0x99,0x5f,0xf3,0x11,0x01,0x85,0x86,0x11,0x15, + 0x87,0xd6,0x65,0x08,0x4c,0x98,0xba,0x4a,0x9a,0x55,0xa5,0x2e,0x9c,0x40,0xdd,0x91, + 0xc0,0x00,0x05,0x1a,0x5c,0x69,0x3e,0xb5,0x40,0xec,0x30,0xe5,0x06,0xd9,0x7b,0xc4, + 0xfc,0x2b,0xf1,0x60,0x57,0x1c,0xf5,0x33,0x3e,0x1e,0x17,0x5a,0x65,0xa6,0x14,0x9a, + 0x6a,0x1f,0x78,0x4c,0x21,0xb9,0x59,0xcf,0x91,0x15,0xe6,0x79,0x41,0x80,0x13,0xb8, + 0x1a,0xac,0x28,0xf5,0x3b,0xb7,0xd0,0x40,0x9a,0x7c,0x57,0x05,0xb8,0x40,0x1a,0x24, + 0xa4,0x29,0x4a,0x48,0xf4,0xb9,0xfd,0x37,0x8d,0x8c,0x2e,0xf4,0x7d,0x47,0xe3,0x41, + 0x02,0x20,0x99,0x0a,0x85,0x0e,0x28,0xf6,0x01,0x8a,0xba,0x9c,0xca,0x9e,0x3c,0x4d, + 0x92,0x62,0x2e,0xe6,0x38,0x32,0x02,0xdb,0x62,0xbd,0x26,0x27,0x73,0x8a,0x83,0x15, + 0x05,0xe9,0x0d,0x0c,0x2c,0xf3,0xeb,0x74,0xa7,0x1a,0xfc,0xa6,0xa0,0x2e,0x4a,0x23, + 0x0e,0x7b,0x21,0x0d,0x31,0x66,0x7a,0x33,0xc4,0x58,0x94,0xb5,0x6f,0x9b,0x27,0x08, + 0x8d,0x25,0x1f,0x79,0xab,0xec,0x74,0x55,0x35,0xfb,0x2d,0xe1,0xef,0x25,0xe0,0x87, + 0xd2,0xe4,0x0c,0x57,0xd9,0x82,0xee,0x02,0x15,0xaf,0x8c,0x7a,0xa5,0xed,0x8b,0xe1, + 0x77,0x2b,0x32,0xee,0xda,0x06,0x65,0xaa,0x50,0xc3,0xa4,0x44,0x8c,0xe8,0x2f,0x95, + 0xe2,0x14,0xc0,0x8e,0x90,0x18,0x14,0x87,0x96,0xbd,0x8f,0x43,0xcc,0xc2,0x80,0x91, + 0x45,0x93,0x77,0x40,0xa3,0x61,0x18,0xba,0x4d,0xe1,0x8c,0xd1,0x16,0x44,0x69,0x16, + 0xf0,0x30,0x78,0x97,0x88,0xa3,0xdb,0x23,0x18,0x23,0xcc,0x38,0xbc,0x55,0x60,0xe6, + 0x26,0x9c,0x75,0xf5,0x4b,0xe2,0x57,0xe0,0x22,0xd4,0x1b,0xe8,0xe6,0x12,0x24,0x96, + 0x40,0x0c,0xe7,0x02,0xac,0x78,0x6a,0x47,0xe3,0x96,0x38,0xb7,0xed,0xca,0x31,0x4f, + 0xfe,0x84,0x99,0x0b,0x74,0xfa,0x23,0x7d,0x05,0xfc,0xf2,0x01,0x01,0xbf,0xa2,0xd0, + 0x54,0xa6,0xfa,0x7a,0x76,0xcb,0x27,0x2f,0xed,0x3d,0x06,0x83,0x16,0x50,0x0f,0x71, + 0x12,0xc7,0x55,0x6c,0x9b,0x84,0x2d,0x5c,0x8c,0xb9,0x13,0x54,0xe8,0x2e,0xe9,0x97, + 0x59,0x43,0x76,0xfb,0xec,0xa2,0xdf,0x45,0xcc,0xfb,0x07,0xea,0xa5,0xaa,0xe0,0x53, + 0x4b,0xcd,0x74,0x6e,0x69,0x81,0x68,0x36,0x0d,0x1e,0xd2,0x19,0xc2,0xa3,0x22,0x45, + 0xaa,0x27,0xe2,0xc9,0xd8,0x1d,0xbc,0xdc +}; + +const int avb2_kpub_vendor_len = sizeof(avb2_kpub_vendor) / sizeof(char); +#endif /* CONFIG_AVB2_KPUB_VENDOR */ diff --git a/board/amlogic/sm1_ac214_v1/config.mk b/board/amlogic/sm1_ac214_v1/config.mk new file mode 100644 index 0000000..7135e31 --- a/dev/null +++ b/board/amlogic/sm1_ac214_v1/config.mk @@ -0,0 +1,8 @@ +ifdef CONFIG_AVB2_KPUB_DEFAULT_VENDOR +PLATFORM_CPPFLAGS += -DCONFIG_AVB2_KPUB_DEFAULT_VENDOR=1 +PLATFORM_CPPFLAGS += -DCONFIG_AVB2_KPUB_VENDOR=1 +endif + +ifdef CONFIG_AVB2_KPUB_VENDOR +PLATFORM_CPPFLAGS += -DCONFIG_AVB2_KPUB_VENDOR=1 +endif diff --git a/board/amlogic/sm1_ac214_v1/sm1_ac214_v1.c b/board/amlogic/sm1_ac214_v1/sm1_ac214_v1.c index e89996f..f2dd5e9 100644 --- a/board/amlogic/sm1_ac214_v1/sm1_ac214_v1.c +++ b/board/amlogic/sm1_ac214_v1/sm1_ac214_v1.c @@ -55,6 +55,7 @@ #include <linux/mtd/partitions.h> #include <linux/sizes.h> #include <asm-generic/gpio.h> +#include "avb2_kpub.c" #include <dm.h> #ifdef CONFIG_AML_SPIFC #include <amlogic/spifc.h> diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c index 4609cd1..ad122d3 100644 --- a/common/cmd_bootm.c +++ b/common/cmd_bootm.c @@ -132,6 +132,8 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { int nRet; char *avb_s; + char argv0_new[12] = {0}; + char *argv_new = (char*)&argv0_new; #ifdef CONFIG_NEEDS_MANUAL_RELOC static int relocated = 0; @@ -271,8 +273,6 @@ int do_bootm(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) else nCheckOffset = 0; img_addr += nCheckOffset; - char argv0_new[12] = {0}; - char *argv_new = (char*)&argv0_new; snprintf(argv0_new, sizeof(argv0_new), "%lx", img_addr); argc = 1; argv = (char**)&argv_new; |