MA-13629 [Trusty] Add commands to set vbmeta public key

Add commands to write/read vbmeta public key to/from secure
storage. The vbmeta public key can only be set once.
Comands to set the public key:
  fastboot stage <path-to-your-public-key>
  fastboot oem set-public-key

Test: build and boot on imx8qxp_mek.

Change-Id: Id3ad4aa5aacef4fc8443f6a2d6ccb931310970ca
Signed-off-by: Ji Luo <ji.luo@nxp.com>

3 files changed, 58 insertions, 3 deletions

diff --git a/lib/avb/fsl/fsl_avb.c b/lib/avb/fsl/fsl_avb.c
index ee9f34f205..fce01fc439 100644
--- a/lib/avb/fsl/fsl_avb.c
+++ b/lib/avb/fsl/fsl_avb.c
@@ -20,7 +20,7 @@
 #include "fsl_atx_attributes.h"
 
 #define FSL_AVB_DEV "mmc"
-
+#define AVB_MAX_BUFFER_LENGTH 2048
 
 static struct blk_desc *fs_dev_desc = NULL;
 static struct blk_desc *get_mmc_desc(void) {
@@ -604,11 +604,27 @@ AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops,
 	assert(ops != NULL && out_is_trusted != NULL);
 	*out_is_trusted = false;
 
+#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+	uint8_t public_key_buf[AVB_MAX_BUFFER_LENGTH];
+	if (trusty_read_vbmeta_public_key(public_key_buf,
+						public_key_length) != 0) {
+		ERR("Read public key error\n");
+		/* We're not going to return error code here because it will
+		 * abort the following avb verify process even we allow the
+		 * verification error. Return AVB_IO_RESULT_OK and keep the
+		 * 'out_is_trusted' as false, avb will handle the error
+		 * depends on the 'allow_verification_error' flag.
+		 */
+		return AVB_IO_RESULT_OK;
+	}
+
+	if (memcmp(public_key_buf, public_key_data, public_key_length)) {
+#else
 	/* match given public key */
 	if (memcmp(fsl_public_key, public_key_data, public_key_length)) {
-		ret = AVB_IO_RESULT_ERROR_IO;
+#endif
 		ERR("public key not match\n");
-		return AVB_IO_RESULT_ERROR_IO;
+		return AVB_IO_RESULT_OK;
 	}
 
 	*out_is_trusted = true;
diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c
index 890ff71322..85428db029 100644
--- a/lib/avb/fsl/fsl_avbkey.c
+++ b/lib/avb/fsl/fsl_avbkey.c
@@ -15,6 +15,7 @@
 #include <mapmem.h>
 
 #include <fsl_avb.h>
+#include "trusty/avb.h"
 #ifdef CONFIG_IMX_TRUSTY_OS
 #include <trusty/libtipc.h>
 #endif
@@ -1127,5 +1128,20 @@ fail:
 
 	return ret;
 }
+
+int avb_set_public_key(uint8_t *staged_buffer, uint32_t size) {
+
+	if ((staged_buffer == NULL) || (size <= 0)) {
+		ERR("Error. Get null staged_buffer\n");
+		return -1;
+	}
+	if (trusty_write_vbmeta_public_key(staged_buffer, size)) {
+		ERR("Error. Failed to write vbmeta public key into secure storage\n");
+		return -1;
+	} else
+		printf("Set vbmeta public key successfully!\n");
+
+	return 0;
+}
 #endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */
 #endif /* CONFIG_SPL_BUILD */
diff --git a/lib/trusty/ql-tipc/avb.c b/lib/trusty/ql-tipc/avb.c
index 2f2a418a44..b8dab40a4a 100644
--- a/lib/trusty/ql-tipc/avb.c
+++ b/lib/trusty/ql-tipc/avb.c
@@ -220,6 +220,29 @@ int trusty_write_permanent_attributes(uint8_t *attributes, uint32_t size)
                        NULL);
 }
 
+int trusty_read_vbmeta_public_key(uint8_t *publickey, uint32_t size)
+{
+    uint8_t resp_buf[AVB_MAX_BUFFER_LENGTH];
+    uint32_t resp_size = AVB_MAX_BUFFER_LENGTH;
+    int rc = avb_do_tipc(READ_VBMETA_PUBLIC_KEY, NULL, 0, resp_buf,
+                         &resp_size);
+    if (rc != 0) {
+        return rc;
+    }
+    /* ensure caller passed size matches size returned by Trusty */
+    if (size != resp_size) {
+        return TRUSTY_ERR_INVALID_ARGS;
+    }
+    trusty_memcpy(publickey, resp_buf, resp_size);
+    return rc;
+}
+
+int trusty_write_vbmeta_public_key(uint8_t *publickey, uint32_t size)
+{
+    return avb_do_tipc(WRITE_VBMETA_PUBLIC_KEY, publickey, size, NULL,
+                       NULL);
+}
+
 int trusty_read_lock_state(uint8_t *lock_state)
 {
     uint32_t resp_size = sizeof(*lock_state);