diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch index 126e7804f..f16b37ed5 100644 --- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch +++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch @@ -1,31 +1,25 @@ -From: "Diaz de Grenu, Jose" -Date: Tue, 23 Aug 2016 13:05:05 +0200 -Subject: [PATCH 1/4] tools: env: implement support for environment encryption - by CAAM +From: Hector Palacios +Date: Fri, 17 Jul 2020 07:08:50 +0200 +Subject: [PATCH] tools: env: implement support for environment encryption by + CAAM -https://jira.digi.com/browse/DEL-2836 +Use the md5sum of HWID words (on the device tree) as key modifier. Signed-off-by: Diaz de Grenu, Jose Signed-off-by: Gonzalo Ruiz +Signed-off-by: Hector Palacios + +https://jira.digi.com/browse/DEL-7185 +https://jira.digi.com/browse/DEL-2836 --- - configs/sandbox_defconfig | 1 + - tools/env/Makefile | 2 +- - tools/env/caam_keyblob.h | 45 ++++++++++++ - tools/env/fw_env.c | 140 ++++++++++++++++++++++++++++++++++++++ - 4 files changed, 187 insertions(+), 1 deletion(-) + tools/env/Makefile | 2 +- + tools/env/caam_keyblob.h | 45 +++++++++++++ + tools/env/fw_env.c | 141 +++++++++++++++++++++++++++++++++++++++ + 3 files changed, 187 insertions(+), 1 deletion(-) create mode 100644 tools/env/caam_keyblob.h -diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig -index 6894262b89..f01e70b1c4 100644 ---- a/configs/sandbox_defconfig -+++ b/configs/sandbox_defconfig -@@ -219,3 +219,4 @@ CONFIG_TEST_FDTDEC=y - CONFIG_UNIT_TEST=y - CONFIG_UT_TIME=y - CONFIG_UT_DM=y -+CONFIG_MD5=y diff --git a/tools/env/Makefile b/tools/env/Makefile -index b627796e94..fc7c44baa2 100644 +index b627796e949e..fc7c44baa2b7 100644 --- a/tools/env/Makefile +++ b/tools/env/Makefile @@ -24,7 +24,7 @@ hostprogs-y := fw_printenv @@ -39,7 +33,7 @@ index b627796e94..fc7c44baa2 100644 diff --git a/tools/env/caam_keyblob.h b/tools/env/caam_keyblob.h new file mode 100644 -index 0000000000..1cdf3946c1 +index 000000000000..1cdf3946c1ba --- /dev/null +++ b/tools/env/caam_keyblob.h @@ -0,0 +1,45 @@ @@ -89,7 +83,7 @@ index 0000000000..1cdf3946c1 + +#endif /* CAAM_KEYBLOB_H */ diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c -index eef12dd2b7..b804314093 100644 +index a5d75958e1b6..228d11c070e6 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c @@ -24,6 +24,7 @@ @@ -100,7 +94,7 @@ index eef12dd2b7..b804314093 100644 #include #include -@@ -37,9 +38,19 @@ +@@ -37,9 +38,17 @@ #include @@ -114,13 +108,11 @@ index eef12dd2b7..b804314093 100644 + */ +#define BLOB_OVERHEAD 48 +#define CAAM_KEY_DEV "/dev/caam_kb" -+ -+#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) + struct env_opts default_opts = { #ifdef CONFIG_FILE .config_file = CONFIG_FILE -@@ -117,6 +128,7 @@ static struct environment environment = { +@@ -117,6 +126,7 @@ static struct environment environment = { }; static int have_redund_env; @@ -128,7 +120,7 @@ index eef12dd2b7..b804314093 100644 static unsigned char active_flag = 1; /* obsolete_flag must be 0 to efficiently set it on NOR flash without erasing */ -@@ -442,6 +454,103 @@ char *fw_getdefenv(char *name) +@@ -442,6 +452,106 @@ char *fw_getdefenv(char *name) return NULL; } @@ -140,34 +132,37 @@ index eef12dd2b7..b804314093 100644 + caam_encryption_flag = 1; +} + ++#define MAX_HWID_WORDS 4 +static int env_caam_get_keymod(unsigned char output[16]) +{ + int i; + int len; + int fd; -+ char buff[32]; -+ uint32_t ocotp_hwid[2]; -+ const char *ocotp_hwid_file[2] = { -+ "/sys/fsl_otp/HW_OCOTP_MAC0", -+ "/sys/fsl_otp/HW_OCOTP_MAC1" -+ }; ++ uint32_t ocotp_hwid[MAX_HWID_WORDS]; ++ const char dt_prop[32]; + -+ for (i = 0; i < ARRAY_SIZE(ocotp_hwid); i++) { -+ fd = open(ocotp_hwid_file[i], O_RDONLY); -+ if (fd < 0) -+ return fd; -+ len = read(fd, buff, sizeof(buff)); -+ if (len < 0) { ++ for (i = 0; i < MAX_HWID_WORDS; i++) { ++ sprintf(dt_prop, "/proc/device-tree/digi,hwid_%d", i); ++ if (access(dt_prop, F_OK) != -1) { ++ char buf[sizeof(uint32_t)]; ++ ++ fd = open(dt_prop, O_RDONLY); ++ if (fd < 0) ++ return fd; ++ len = read(fd, buf, sizeof(uint32_t)); ++ if (len < 0) { ++ close(fd); ++ return -1; ++ } ++ ocotp_hwid[i] = ntohl(*(uint32_t *)buf); + close(fd); -+ return -1; ++ } else { ++ break; + } -+ /* drop last character (new line) */ -+ buff[len - 1] = '\0'; -+ ocotp_hwid[i] = strtoul(buff, NULL, 0); -+ close(fd); + } + -+ md5((unsigned char *)(&ocotp_hwid), sizeof(ocotp_hwid), output); ++ /* Calculate md5sum on the raw HWID array */ ++ md5((unsigned char *)(&ocotp_hwid), sizeof(uint32_t) * i, output); + + return 0; +} @@ -232,7 +227,7 @@ index eef12dd2b7..b804314093 100644 /* * Print the current definition of one, or more, or all * environment variables -@@ -505,9 +614,20 @@ int fw_printenv(int argc, char *argv[], int value_only, struct env_opts *opts) +@@ -505,9 +615,20 @@ int fw_printenv(int argc, char *argv[], int value_only, struct env_opts *opts) int fw_env_flush(struct env_opts *opts) { @@ -253,7 +248,7 @@ index eef12dd2b7..b804314093 100644 /* * Update CRC */ -@@ -1396,6 +1516,8 @@ int fw_env_open(struct env_opts *opts) +@@ -1396,6 +1517,8 @@ int fw_env_open(struct env_opts *opts) struct env_image_single *single; struct env_image_redundant *redundant; @@ -262,7 +257,7 @@ index eef12dd2b7..b804314093 100644 if (!opts) opts = &default_opts; -@@ -1434,6 +1556,15 @@ int fw_env_open(struct env_opts *opts) +@@ -1434,6 +1557,15 @@ int fw_env_open(struct env_opts *opts) crc0 = crc32(0, (uint8_t *)environment.data, ENV_SIZE); @@ -278,7 +273,7 @@ index eef12dd2b7..b804314093 100644 crc0_ok = (crc0 == *environment.crc); if (!have_redund_env) { if (!crc0_ok) { -@@ -1491,6 +1622,15 @@ int fw_env_open(struct env_opts *opts) +@@ -1491,6 +1623,15 @@ int fw_env_open(struct env_opts *opts) crc1 = crc32(0, (uint8_t *)redundant->data, ENV_SIZE);