MA-13759-1 imx8mm: Enable trusty support

Open configs to enable trusty for imx8mm_evk and also add new config imx8mm_evk_android_trusty_defconfig based on imx8mm_evk_android_defconfig. Test: Trusty starts ok. Change-Id: Iaea90de21f886ed23082a5e8e8d2fa7fb139a9cb Signed-off-by: Ji Luo <ji.luo@nxp.com>
author: Ji Luo <ji.luo@nxp.com> 2018-12-10 14:41:23 +0800
committer: Ji Luo <ji.luo@nxp.com> 2018-12-12 21:36:46 +0800
commit: bcb82557f9731d5ea849400832e80e1589b2aeba (patch)
tree: d575fd7477274f69949025581465406928e072e1
parent: 02ae8f8df61540c11b84bd16120ead4a72cd4220 (diff)
10 files changed, 98 insertions, 25 deletions
diff --git a/common/spl/spl_mmc.c b/common/spl/spl_mmc.c
index ae59991824..87e8731130 100644
--- a/common/spl/spl_mmc.c
+++ b/common/spl/spl_mmc.c
@@ -54,7 +54,7 @@ ulong h_spl_load_read(struct spl_load_info *load, ulong sector,
 	return blk_dread(mmc_get_blk_desc(mmc), sector, count, buf);
 }
 
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 /* Pre-declaration of check_rpmb_blob. */
 int check_rpmb_blob(struct mmc *mmc);
 #endif
@@ -109,7 +109,7 @@ int mmc_load_image_raw_sector(struct spl_image_info *spl_image,
 	}
 
 	/* Images loaded, now check the rpmb keyblob for Trusty OS. */
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 	ret = check_rpmb_blob(mmc);
 #endif
 	return ret;
diff --git a/configs/imx8mm_evk_android_trusty_defconfig b/configs/imx8mm_evk_android_trusty_defconfig
new file mode 100755
index 0000000000..6217f623db
--- /dev/null
+++ b/configs/imx8mm_evk_android_trusty_defconfig
@@ -0,0 +1,65 @@
+CONFIG_ARM=y
+CONFIG_ARCH_IMX8M=y
+CONFIG_SYS_TEXT_BASE=0x40200000
+CONFIG_SYS_MALLOC_F_LEN=0x2000
+CONFIG_USB_TCPC=y
+CONFIG_TARGET_IMX8MM_EVK=y
+CONFIG_SYS_EXTRA_OPTIONS="IMX_CONFIG=arch/arm/mach-imx/spl_sd.cfg,SPL_TEXT_BASE=0x7E1000,ANDROID_SUPPORT"
+CONFIG_FIT=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_EFI_PARTITION=y
+CONFIG_ARCH_MISC_INIT=y
+CONFIG_SPL=y
+CONFIG_SPL_BOARD_INIT=y
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_HUSH_PARSER=y
+CONFIG_OF_LIBFDT=y
+CONFIG_FS_FAT=y
+CONFIG_CMD_EXT2=y
+CONFIG_CMD_EXT4=y
+CONFIG_CMD_EXT4_WRITE=y
+CONFIG_CMD_FAT=y
+CONFIG_DEFAULT_DEVICE_TREE="fsl-imx8mm-evk"
+CONFIG_ENV_IS_IN_MMC=y
+CONFIG_CMD_SF=y
+CONFIG_CMD_I2C=y
+CONFIG_CMD_GPIO=y
+CONFIG_CMD_CACHE=y
+CONFIG_CMD_REGULATOR=y
+CONFIG_CMD_MEMTEST=y
+CONFIG_OF_CONTROL=y
+CONFIG_DM_GPIO=y
+CONFIG_DM_I2C=y
+CONFIG_SYS_I2C_MXC=y
+CONFIG_DM_MMC=y
+# CONFIG_DM_PMIC=y
+CONFIG_DM_SPI_FLASH=y
+CONFIG_SPI_FLASH=y
+CONFIG_SPI_FLASH_STMICRO=y
+CONFIG_DM_ETH=y
+CONFIG_PINCTRL=y
+CONFIG_PINCTRL_IMX8M=y
+CONFIG_DM_REGULATOR=y
+CONFIG_DM_REGULATOR_FIXED=y
+CONFIG_DM_REGULATOR_GPIO=y
+CONFIG_DM_SPI=y
+CONFIG_FSL_FSPI=y
+CONFIG_NXP_TMU=y
+CONFIG_DM_THERMAL=y
+CONFIG_USB=y
+CONFIG_DM_USB=y
+CONFIG_USB_EHCI_HCD=y
+CONFIG_LZ4=y
+CONFIG_FLASH_MCUFIRMWARE_SUPPORT=y
+CONFIG_USB_GADGET=y
+CONFIG_USB_GADGET_DOWNLOAD=y
+CONFIG_SDP_LOADADDR=0x40400000
+CONFIG_USB_GADGET_MANUFACTURER="FSL"
+CONFIG_USB_GADGET_VENDOR_NUM=0x0525
+CONFIG_USB_GADGET_PRODUCT_NUM=0xa4a5
+CONFIG_SPL_USB_HOST_SUPPORT=y
+CONFIG_SPL_USB_GADGET_SUPPORT=y
+CONFIG_SPL_USB_SDP_SUPPORT=y
+CONFIG_IMX_TRUSTY_OS=y
+CONFIG_SPL_ENV_SUPPORT=y
+CONFIG_SPL_LIBDISK_SUPPORT=y
diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c
index f853527345..6dc6ced93b 100644
--- a/drivers/usb/gadget/f_fastboot.c
+++ b/drivers/usb/gadget/f_fastboot.c
@@ -3730,7 +3730,6 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req)
 	}
 #endif /* CONFIG_ANDROID_THINGS_SUPPORT */
 #ifdef CONFIG_IMX_TRUSTY_OS
-#if defined(CONFIG_AVB_ATX) || defined(CONFIG_ANDROID_AUTO_SUPPORT)
 	else if (endswith(cmd, FASTBOOT_GET_CA_REQ)) {
 		uint8_t *ca_output;
 		uint32_t ca_length, cp_length;
@@ -3753,8 +3752,7 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req)
 		} else
 			strcpy(response, "OKAY");
 	}
-#endif /* CONFIG_AVB_ATX || CONFIG_ANDROID_AUTO_SUPPORT */
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 	else if (endswith(cmd, FASTBOOT_SET_RPMB_KEY)) {
 		if (fastboot_set_rpmb_key(interface.transfer_buffer, download_bytes)) {
 			printf("ERROR set rpmb key failed!\n");
@@ -3768,7 +3766,7 @@ static void cb_flashing(struct usb_ep *ep, struct usb_request *req)
 		else
 			strcpy(response, "OKAY");
 	}
-#endif /* CONFIG_ANDROID_AUTO_SUPPORT */
+#endif /* !CONFIG_AVB_ATX */
 #endif /* CONFIG_IMX_TRUSTY_OS */
 	else if (endswith(cmd, "unlock_critical")) {
 		strcpy(response, "OKAY");
diff --git a/include/configs/imx8mm_evk_android.h b/include/configs/imx8mm_evk_android.h
index ce039baa45..1bb37cc3bb 100644
--- a/include/configs/imx8mm_evk_android.h
+++ b/include/configs/imx8mm_evk_android.h
@@ -62,4 +62,16 @@
 #endif
 #define AVB_AB_I_UNDERSTAND_LIBAVB_AB_IS_DEPRECATED
 
+#ifdef CONFIG_IMX_TRUSTY_OS
+#define AVB_RPMB
+#define KEYSLOT_HWPARTITION_ID 2
+#define KEYSLOT_BLKS             0x1FFF
+#define NS_ARCH_ARM64 1
+
+#ifdef CONFIG_SPL_BUILD
+#undef CONFIG_BLK
+#endif
+
+#endif
+
 #endif /* IMX8MM_EVK_ANDROID_H */
diff --git a/include/fsl_fastboot.h b/include/fsl_fastboot.h
index 972b54947f..ad0fce6629 100644
--- a/include/fsl_fastboot.h
+++ b/include/fsl_fastboot.h
@@ -84,16 +84,14 @@
 #endif
 
 #ifdef CONFIG_IMX_TRUSTY_OS
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 #define FASTBOOT_SET_RPMB_KEY "set-rpmb-key"
 #define FASTBOOT_SET_VBMETA_PUBLIC_KEY "set-public-key"
 #endif
-#endif
 
-#if defined(CONFIG_AVB_ATX) || defined(CONFIG_ANDROID_AUTO_SUPPORT)
 #define FASTBOOT_SET_CA_RESP "at-set-ca-response"
 #define FASTBOOT_GET_CA_REQ  "at-get-ca-request"
-#endif /* CONFIG_AVB_ATX || CONFIG_ANDROID_AUTO_SUPPORT */
+#endif
 
 #ifdef CONFIG_ANDROID_THINGS_SUPPORT
 #define FASTBOOT_BOOTLOADER_VBOOT_KEY "fuse at-bootloader-vboot-key"
diff --git a/lib/avb/fsl/fsl_avb.c b/lib/avb/fsl/fsl_avb.c
index a70d60a7b8..ff92654e8b 100644
--- a/lib/avb/fsl/fsl_avb.c
+++ b/lib/avb/fsl/fsl_avb.c
@@ -16,7 +16,7 @@
 #include "utils.h"
 #include "debug.h"
 #include "trusty/avb.h"
-#if !defined(CONFIG_IMX_TRUSTY_OS) || !defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if !defined(CONFIG_IMX_TRUSTY_OS)
 #include "fsl_public_key.h"
 #endif
 #include "fsl_atx_attributes.h"
@@ -606,7 +606,7 @@ AvbIOResult fsl_validate_vbmeta_public_key_rpmb(AvbOps* ops,
 	assert(ops != NULL && out_is_trusted != NULL);
 	*out_is_trusted = false;
 
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 	uint8_t public_key_buf[AVB_MAX_BUFFER_LENGTH];
 	if (trusty_read_vbmeta_public_key(public_key_buf,
 						public_key_length) != 0) {
@@ -650,7 +650,7 @@ AvbIOResult fsl_write_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slo
 #ifdef CONFIG_IMX_TRUSTY_OS
 	if (trusty_write_rollback_index(rollback_index_slot, rollback_index)) {
 		ERR("write rollback from Trusty error!\n");
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 		/* Read/write rollback index from rpmb will fail if the rpmb
 		 * key hasn't been set, return AVB_IO_RESULT_OK in this case.
 		 */
@@ -747,7 +747,7 @@ AvbIOResult fsl_read_rollback_index_rpmb(AvbOps* ops, size_t rollback_index_slot
 #ifdef CONFIG_IMX_TRUSTY_OS
 	if (trusty_read_rollback_index(rollback_index_slot, out_rollback_index)) {
 		ERR("read rollback from Trusty error!\n");
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 		if (!rpmbkey_is_set()) {
 			*out_rollback_index = 0;
 			ret = AVB_IO_RESULT_OK;
diff --git a/lib/avb/fsl/fsl_avbkey.c b/lib/avb/fsl/fsl_avbkey.c
index 85428db029..5b58515fd5 100644
--- a/lib/avb/fsl/fsl_avbkey.c
+++ b/lib/avb/fsl/fsl_avbkey.c
@@ -651,7 +651,7 @@ int rbkidx_erase(void) {
 #endif /* AVB_RPMB */
 
 #ifdef CONFIG_SPL_BUILD
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 int check_rpmb_blob(struct mmc *mmc)
 {
 	int ret = 0;
@@ -691,7 +691,7 @@ fail:
 
 	return ret;
 }
-#endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */
+#endif /* CONFIG_IMX_TRUSTY_OS && !defined(CONFIG_AVB_ATX) */
 #else /* CONFIG_SPL_BUILD */
 #ifdef CONFIG_AVB_ATX
 static int fsl_fuse_ops(uint32_t *buffer, uint32_t length, uint32_t offset,
@@ -982,7 +982,7 @@ int at_disable_vboot_unlock(void)
 }
 #endif /* CONFIG_AVB_ATX */
 
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 bool rpmbkey_is_set(void)
 {
 	int mmcc;
@@ -1143,5 +1143,5 @@ int avb_set_public_key(uint8_t *staged_buffer, uint32_t size) {
 
 	return 0;
 }
-#endif /* CONFIG_IMX_TRUSTY_OS && CONFIG_ANDROID_AUTO_SUPPORT */
+#endif /* CONFIG_IMX_TRUSTY_OS && !defind(CONFIG_AVB_ATX) */
 #endif /* CONFIG_SPL_BUILD */
diff --git a/lib/avb/fsl/fsl_avbkey.h b/lib/avb/fsl/fsl_avbkey.h
index ed497a99cb..8dd8746bf3 100644
--- a/lib/avb/fsl/fsl_avbkey.h
+++ b/lib/avb/fsl/fsl_avbkey.h
@@ -40,7 +40,7 @@ struct bl_rbindex_package {
 };
 #endif
 
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 #define RPMB_KEY_MAGIC "RPMB"
 #endif
 
diff --git a/lib/avb/libavb/avb_slot_verify.c b/lib/avb/libavb/avb_slot_verify.c
index 4f2e3ce64f..bcb0357e3a 100644
--- a/lib/avb/libavb/avb_slot_verify.c
+++ b/lib/avb/libavb/avb_slot_verify.c
@@ -33,7 +33,7 @@
 #include "avb_util.h"
 #include "avb_vbmeta_image.h"
 #include "avb_version.h"
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
 #include "trusty/hwcrypto.h"
 #include <memalign.h>
 #endif
@@ -298,7 +298,7 @@ static AvbSlotVerifyResult load_and_verify_hash_partition(
   }
 
   if (avb_strcmp((const char*)hash_desc.hash_algorithm, "sha256") == 0) {
-#if defined(CONFIG_IMX_TRUSTY_OS) && defined(CONFIG_ANDROID_AUTO_SUPPORT)
+#if defined(CONFIG_IMX_TRUSTY_OS) && !defined(CONFIG_AVB_ATX)
     /* DMA requires cache aligned input/output buffer */
     ALLOC_CACHE_ALIGN_BUFFER(uint8_t, hash_out, AVB_SHA256_DIGEST_SIZE);
     uint32_t round_buf_size = ROUND(hash_desc.salt_len + hash_desc.image_size,
diff --git a/lib/trusty/ql-tipc/libtipc.c b/lib/trusty/ql-tipc/libtipc.c
index 33087b8d86..30d4bbf854 100644
--- a/lib/trusty/ql-tipc/libtipc.c
+++ b/lib/trusty/ql-tipc/libtipc.c
@@ -39,7 +39,7 @@ typedef uintptr_t vaddr_t;
 static struct trusty_ipc_dev *_ipc_dev;
 static struct trusty_dev _tdev; /* There should only be one trusty device */
 static void *rpmb_ctx;
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
 bool rpmbkey_is_set(void);
 #endif
 
@@ -52,7 +52,7 @@ void trusty_ipc_shutdown(void)
     (void)avb_tipc_shutdown(_ipc_dev);
     (void)km_tipc_shutdown(_ipc_dev);
 
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
     (void)hwcrypto_tipc_shutdown(_ipc_dev);
 #endif
 
@@ -91,7 +91,7 @@ int trusty_ipc_init(void)
     if (rc != 0) {
         trusty_error("Initlializing RPMB storage proxy service failed (%d)\n",
                      rc);
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
         /* check if rpmb key has been fused. */
         if(rpmbkey_is_set()) {
             /* Go to hang if the key has been destroyed. */
@@ -120,7 +120,7 @@ int trusty_ipc_init(void)
         }
     }
 
-#ifdef CONFIG_ANDROID_AUTO_SUPPORT
+#ifndef CONFIG_AVB_ATX
     trusty_info("Initializing Trusty Hardware Crypto client\n");
     rc = hwcrypto_tipc_init(_ipc_dev);
     if (rc != 0) {
author	Ji Luo <ji.luo@nxp.com>	2018-12-10 14:41:23 +0800
committer	Ji Luo <ji.luo@nxp.com>	2018-12-12 21:36:46 +0800
commit	bcb82557f9731d5ea849400832e80e1589b2aeba (patch)
tree	d575fd7477274f69949025581465406928e072e1
parent	02ae8f8df61540c11b84bd16120ead4a72cd4220 (diff)