aboot: Add MDTP Firmware Lock support
The MDTP (Mobile Device Theft Prevention) Firmware Lock feature
provides mobile device users with the ability to lock the firmware
on their device past the point already locked by the OEM controlled
secure boot feature.
Once the firmware lock is activated, a different version of the HLOS
will not boot on the device.
MDTP Firmware Lock is typically intended to protect third-party anti-theft
services such as kill switch or remote wipe capabilities from firmware
update attacks.
This commit adds the mechanism in LK which upon boot, verifies the
firmware against a snapshot stored in the Data Integrity Partition (DIP).
This mechanism requires some interaction with the user mainly for showing
messages and indicating verification status.
Change-Id: Id604c6f061b45ea38abe41b601293c7e2bb34179
6 files changed