Linux_SDK_V2.0.2

Signed-off-by: devops_admin <devops_admin@alibabacloud.com>

cmd/Makefile

@@ -138,6 +138,7 @@ obj-$(CONFIG_CMD_TPM) += tpm-common.o
 obj-$(CONFIG_CMD_TPM_V1) += tpm-v1.o
 obj-$(CONFIG_CMD_TPM_TEST) += tpm_test.o
 obj-$(CONFIG_CMD_TPM_V2) += tpm-v2.o
+obj-$(CONFIG_CMD_MEASURED_BOOT) += mboot.o
 obj-$(CONFIG_CMD_CROS_EC) += cros_ec.o
 obj-$(CONFIG_CMD_TSI148) += tsi148.o
 obj-$(CONFIG_CMD_UBI) += ubi.o

cmd/bootandroid.c

@@ -237,9 +237,15 @@ static int prepare_data_from_vendor_boot(struct andr_img_hdr *hdr, int dtb_start
 			if (ramdisk_entry->ramdisk_type != VENDOR_RAMDISK_TYPE_RECOVERY) {
 				continue;
 			}
-			printf("find recovery from ramdisk table.");
+			printf("find recovery from ramdisk table.\n");
 			int ramdisk_start = env_get_hex(ENV_RAMDISK_ADDR, DEFAULT_RAMDISK_ADDR);
 			int recovery_ramdisk_offset = vendor_boot_pagesize * o + ramdisk_entry->ramdisk_offset;
+
+			printf("ramdisk_start:%x, ramdisk_size:%x, dtb_start:%x\n", ramdisk_start, ramdisk_entry->ramdisk_size, dtb_start);
+			if (ramdisk_start + ramdisk_entry->ramdisk_size > dtb_start) {
+				printf("ramdisk space are overlaped !!!\n");
+			}
+
 			memcpy((void *)(uint64_t)ramdisk_start, vendor_boot_data + recovery_ramdisk_offset,
 													 ramdisk_entry->ramdisk_size);//ramdisk
 			//get bootconfig form vendor_boot.img and append bootconfig to ramdisk
@@ -292,10 +298,10 @@ static void prepare_loaded_parttion_data(const uint8_t* data, bool isRecovery)
 		printf("Boot image kernel_start:%x, kernel_offset:%x, kernel_size:%d\n", kernel_start, kernel_offset, hdr->kernel_size);
 		printf("Boot image ramdisk_start:%x, ramdisk_offset:%x, ramdisk_size:%d\n", ramdisk_start, ramdisk_offset, hdr->ramdisk_size);
 		printf("Boot image page_size:%d\n", hdr->page_size);
-		printf("dtb_offset:%x, dtb_size:%d\n", dtb_offset, hdr->dtb_size);
+		printf("dtb_start:%x, dtb_offset:%x, dtb_size:%d\n", dtb_start, dtb_offset, hdr->dtb_size);
 
- 		if (kernel_start + hdr->kernel_size > ramdisk_start || kernel_start + hdr->kernel_size > dtb_start) {
-			printf("boot.img kernel space and ramdis space are overlaped !!!\n");
+		if (kernel_start + hdr->kernel_size > ramdisk_start || kernel_start + hdr->kernel_size > dtb_start || ramdisk_start + hdr->ramdisk_size > dtb_start) {
+			printf("boot.img kernel space and ramdisk space are overlaped !!!\n");
 		} else {
 			memcpy((void *)(uint64_t)kernel_start, data + kernel_offset, hdr->kernel_size);
 			if (!isRecovery) {

cmd/booti.c

@@ -118,7 +118,7 @@ U_BOOT_CMD(
 
 #endif
 
-#if CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_B) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_ANT_REF) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_LPI4A)
+#if CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_B) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_ANT_REF) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_LPI4A) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_RVBOOK)
 #if CONFIG_IS_ENABLED(LIGHT_SEC_UPGRADE)
 extern int light_secboot(int argc, char * const argv[]);
 #endif
@@ -137,6 +137,91 @@ U_BOOT_CMD(
 	"vimage addr imgname[[tee/tf]	- verify specifed image resides in addr\n"
 );
 
+/* check whether partition numbers are consistent with the slot suffix */
+static int do_light_bootab(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) {
+	char *slot_suffix = env_get("slot_suffix");
+	int teepart = env_get_hex("mmcteepart", 3);
+
+	struct disk_partition part_info;
+	struct blk_desc *dev_desc;
+	int part = 0;
+
+        dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
+	if (dev_desc == NULL) {
+		printf("Failed to find MMC device\n");
+		return 1;
+	}
+
+	if ((strcmp(slot_suffix, "a") == 0) && (teepart != 3)) {
+		part = part_get_info_by_name(dev_desc, "boot_a", &part_info);
+		if (part < 0) {
+			printf("Failed to find MMC device\n");
+			return 1;
+		}
+		env_set_hex("mmcbootpart", part);
+
+		part = part_get_info_by_name(dev_desc, "tee_a", &part_info);
+		if (part < 0) {
+			printf("Failed to find MMC device\n");
+			return 1;
+		}
+		env_set_hex("mmcteepart", part);
+
+		part = part_get_info_by_name(dev_desc, "sbmeta_a", &part_info);
+		if (part < 0) {
+			printf("Failed to find MMC device\n");
+			return 1;
+		}
+		env_set_hex("mmcsbmetapart", part);
+
+		part = part_get_info_by_name(dev_desc, "root_a", &part_info);
+		if (part < 0) {
+			printf("root AB partition is not enabled\n");
+		} else {
+			env_set_hex("mmcpart", part);
+		}
+
+		run_command("env save", 0);
+	} else if ((strcmp(slot_suffix, "b") == 0) && (teepart != 10)) {
+		part = part_get_info_by_name(dev_desc, "boot_b", &part_info);
+		if (part < 0) {
+			printf("Failed to find MMC device\n");
+			return 1;
+		}
+		env_set_hex("mmcbootpart", part);
+
+		part = part_get_info_by_name(dev_desc, "tee_b", &part_info);
+		if (part < 0) {
+			printf("Failed to find MMC device\n");
+			return 1;
+		}
+		env_set_hex("mmcteepart", part);
+
+		part = part_get_info_by_name(dev_desc, "sbmeta_b", &part_info);
+		if (part < 0) {
+			printf("Failed to find MMC device\n");
+			return 1;
+		}
+		env_set_hex("mmcsbmetapart", part);
+
+		part = part_get_info_by_name(dev_desc, "root_b", &part_info);
+		if (part < 0) {
+			printf("root AB partition is not enabled\n");
+		} else {
+			env_set_hex("mmcpart", part);
+		}
+		run_command("env save", 0);
+	}
+	printf("current active slot is:%s\n", slot_suffix);
+	return CMD_RET_SUCCESS;
+}
+
+U_BOOT_CMD(
+	light_bootab, CONFIG_SYS_MAXARGS, 1, do_light_bootab,
+	"Light A/B updates",
+	NULL
+);
+
 #endif
 
 #endif

cmd/mboot.c

@@ -0,0 +1,122 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2018 Bootlin
+ * Author: Miquel Raynal <miquel.raynal@bootlin.com>
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <log.h>
+#include <mapmem.h>
+#include <tpm-common.h>
+#include <tpm-v2.h>
+#include <env.h>
+#include <env_internal.h>
+#include "tpm-user-utils.h"
+#include "sec_library.h"
+
+enum mboot_type {
+	UBOOT_IMAGE = 0,
+	KERNEL_IMAGE,
+	PARTITIONS_STR,
+	MBOOT_TYPE_MAX,
+};
+enum pcr_index {
+	PCR_0 = 0,
+	PCR_1,
+	PCR_2,
+	PCR_3,
+	PCR_4,
+	PCR_5,
+	PCR_6,
+	PCR_7,
+};
+static uint8_t image_digest[32] __attribute__((aligned(64))) = { 0 };
+
+#define CHECK_RET_WITH_RET(x, ret)                                                                 \
+    do {                                                                                           \
+        if (!(x)) {                                                                                \
+            return ret;                                                                            \
+        }                                                                                          \
+    } while (0)
+
+static uint32_t hash_image_sha256(long image_addr, size_t size, void *digest, uint32_t *digest_len)
+{
+	uint32_t ret;
+	sc_sha_t sha;
+	sc_sha_context_t ctx;
+
+	CHECK_RET_WITH_RET(ret = csi_sec_library_init(), ret);
+	CHECK_RET_WITH_RET(ret = sc_sha_init(&sha, 0), ret);
+	CHECK_RET_WITH_RET(ret = sc_sha_start(&sha, &ctx, SC_SHA_MODE_256), ret);
+	CHECK_RET_WITH_RET(ret = sc_sha_trans_config(&sha, &ctx, SC_SHA_DMA_MODE), ret);
+	CHECK_RET_WITH_RET(ret = sc_sha_update(&sha, &ctx, (void *)image_addr, size), ret);
+	CHECK_RET_WITH_RET(ret = sc_sha_finish(&sha, &ctx, digest, digest_len), ret);
+
+	return SC_OK;
+}
+
+static int do_measured_boot(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+	struct udevice *dev;
+	struct tpm_chip_priv *priv;
+	uint32_t index, type;
+	uint32_t rc;
+	int ret;
+	long image_addr = 0;
+	size_t image_size = 0;
+	uint32_t image_digest_len = 0;
+	char *partitions_str = NULL;
+
+	if (argc != 1)
+		return CMD_RET_USAGE;
+
+	ret = get_tpm(&dev);
+	if (ret)
+		return ret;
+
+	tpm_init(dev); /* Initialization TPM2 chip */
+	rc = tpm2_startup(dev, TPM2_SU_CLEAR); /* Startup TPM2 chip with mode TPM_ST_CLEAR*/
+	if (rc)
+		report_return_code(rc);
+
+	priv = dev_get_uclass_priv(dev);
+	if (!priv)
+		return -EINVAL;
+
+	for (type = UBOOT_IMAGE; type < MBOOT_TYPE_MAX; type++) {
+		if (type == UBOOT_IMAGE) { /*U-BOOT Image */
+			index = PCR_0;
+			image_addr = CONFIG_SPL_TEXT_BASE;
+			image_size = CONFIG_SPL_MAX_SIZE+CONFIG_SYS_MONITOR_LEN;
+		} else if (type == KERNEL_IMAGE) { /* KERNEL Image */
+			index = PCR_0;
+			image_addr = 0x00200000;
+			if (fs_set_blk_dev("mmc", "0:2", 2))
+				return -EINVAL;
+			if (fs_size("Image", &image_size) < 0)
+				return -EINVAL;
+		} else if (type == PARTITIONS_STR) { /* PARTITIONS */
+			index = PCR_5;
+			partitions_str = env_get("partitions");
+			image_addr = (long)partitions_str;
+			image_size = strlen(partitions_str);
+		}
+
+		rc = hash_image_sha256(image_addr, image_size, image_digest, &image_digest_len);
+		if (rc)
+			return -EINVAL;
+
+		rc = tpm2_pcr_extend(dev, index, image_digest);
+		if (rc)
+			break;
+	}
+
+	return report_return_code(rc);
+}
+
+U_BOOT_CMD(
+	measured_boot, CONFIG_SYS_MAXARGS, 1, do_measured_boot,
+	"extend hash(u-boot), hash(kernel), hash(partitions str) to pcr0 and pcr5",
+	""
+);