Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / lk / a956e2671d75b7073ea53ddf75444b6f27786663^! / .
commita956e2671d75b7073ea53ddf75444b6f27786663[log] [tgz]
authorMonika Singh <monising@codeaurora.org>Fri May 24 16:13:49 2019 +0530
committerMonika Singh <monising@codeaurora.org>Thu Aug 01 18:27:58 2019 +0530
tree7b4996d9a22292802caecb8272c8108f0b2a73de
parentec43f677dfa4d4f61fc9b029557a11b52cdbbc69 [diff]
platform: msm_shared: Update rot calculation

Update the public key used to generate the hash
for setting the rot in case of VB2.

Change-Id: I19991eaad111d0ff383a0a9638291248573e840c

diff --git a/platform/msm_shared/boot_verifier.c b/platform/msm_shared/boot_verifier.c
index caee469..4a219f1 100644
--- a/platform/msm_shared/boot_verifier.c
+++ b/platform/msm_shared/boot_verifier.c

@@ -34,6 +34,7 @@
 #include <image_verify.h>
 #include <mmc.h>
 #include <oem_keystore.h>
+#include <avb/OEMPublicKey.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <partition_parser.h>
@@ -449,6 +450,114 @@
 }
 #endif
 
+#if VERIFIED_BOOT_2
+bool send_rot_command(uint32_t is_unlocked)
+{
+	int ret = 0;
+	unsigned char *input = (unsigned char *)OEMPublicKey;
+	unsigned int key_len = sizeof(OEMPublicKey);
+	unsigned char *keystatebuf = NULL;
+	unsigned char digest[SHA256_SIZE] = {0}, final_digest[SHA256_SIZE] = {0};
+	uint32_t auth_algo = CRYPTO_AUTH_ALG_SHA256;
+	uint32_t boot_device_state = boot_verify_get_state();
+	int app_handle = 0;
+	km_set_rot_req_t *read_req = NULL;
+	km_set_rot_rsp_t read_rsp;
+	app_handle = get_secapp_handle();
+	uint32_t version = 0;
+	void *cpy_ptr;
+
+	if( input == NULL || UINT_MAX - 1 < key_len )
+        {
+                dprintf(CRITICAL, "Failed to read ROT key\n");
+                ASSERT(0);
+        }
+	switch (boot_device_state)
+	{
+		case GREEN:
+		case YELLOW:
+			if(!( keystatebuf = malloc( key_len + 1)))
+			{
+				dprintf(CRITICAL, "Failed to allocate memory for ROT digest\n");
+				ASSERT(0);
+			}
+			memscpy(keystatebuf , key_len + 1,  input, key_len);
+			hash_find((unsigned char *)keystatebuf, key_len , (unsigned char *) digest, auth_algo);
+			keystatebuf[key_len] = (unsigned char )is_unlocked;
+			hash_find((unsigned char *)keystatebuf, key_len + 1, (unsigned char *) final_digest, auth_algo);
+			break;
+		case ORANGE:
+			// Unlocked device and no verification done.
+			// Send the hash of boot device state
+			input = NULL;
+			hash_find((unsigned char *) &is_unlocked, sizeof(unsigned char), (unsigned char *)&final_digest, auth_algo);
+                        break;
+		case RED:
+                default:
+			dprintf(CRITICAL, "Invalid state to boot!\n");
+	}
+	dprintf(SPEW, "Digest: ");
+        for(uint8_t i = 0; i < SHA256_SIZE; i++)
+                dprintf(SPEW, "0x%x ", final_digest[i]);
+        dprintf(SPEW, "\n");
+
+	if(!(read_req = malloc(sizeof(km_set_rot_req_t) + sizeof(final_digest))))
+	{
+		dprintf(CRITICAL, "Failed to allocate memory for ROT structure\n");
+		ASSERT(0);
+	}
+
+	cpy_ptr = (uint8_t *) read_req + sizeof(km_set_rot_req_t);
+	read_req->cmd_id = KEYMASTER_SET_ROT;
+	read_req->rot_ofset = (uint32_t) sizeof(km_set_rot_req_t);
+	read_req->rot_size  = sizeof(final_digest);
+	memscpy(cpy_ptr, sizeof(final_digest), (void *) &final_digest, sizeof(final_digest));
+	dprintf(SPEW, "Sending Root of Trust to trustzone: start\n");
+
+	ret = qseecom_send_command(app_handle, (void*) read_req, sizeof(km_set_rot_req_t) + sizeof(final_digest), (void*) &read_rsp, sizeof(read_rsp));
+	if (ret < 0 || read_rsp.status < 0)
+	{
+		dprintf(CRITICAL, "QSEEcom command for Sending Root of Trust returned error: %d\n", read_rsp.status);
+		free(read_req);
+		return false;
+	}
+
+#if OSVERSION_IN_BOOTIMAGE
+	boot_state_info.is_unlocked = is_unlocked;
+	boot_state_info.color = boot_verify_get_state();
+	memscpy(boot_state_info.public_key, sizeof(boot_state_info.public_key), digest, SHA256_SIZE);
+	boot_verify_send_boot_state(&boot_state_info);
+#endif
+	if ( is_secure_boot_enable()
+		&& (dev_boot_state != GREEN))
+	{
+		version = qseecom_get_version();
+		if(allow_set_fuse(version)) {
+			ret = set_tamper_fuse_cmd(HLOS_IMG_TAMPER_FUSE);
+			if (ret) {
+				ret = false;
+				goto err;
+			}
+			ret = set_tamper_fuse_cmd(HLOS_TAMPER_NOTIFY_FUSE);
+			if (ret) {
+				dprintf(CRITICAL, "send_rot_command: set_tamper_fuse_cmd (TZ_HLOS_TAMPER_NOTIFY_FUSE) fails!\n");
+				ret = false;
+				goto err;
+			}
+		} else {
+			dprintf(CRITICAL, "send_rot_command: TZ didn't support this feature! Version: major = %d, minor = %d, patch = %d\n", (version >> 22) & 0x3FF, (version >> 12) & 0x3FF, version & 0x3FF);
+		goto err;
+		}
+	}
+	dprintf(CRITICAL, "Sending Root of Trust to trustzone: end\n");
+	ret = true;
+err:
+	if(keystatebuf)
+		free(keystatebuf);
+        free(read_req);
+        return ret;
+}
+#else
 bool send_rot_command(uint32_t is_unlocked)
 {
 	int ret = 0;
@@ -605,6 +714,7 @@
 	free(rot_input);
 	return ret;
 }
+#endif
 
 unsigned char* get_boot_fingerprint(unsigned int* buf_size)
 {