From 5403b831df1b5ba0b30b16e6dd6d3ace8ffcb5a0 Mon Sep 17 00:00:00 2001
From: Hector Palacios <hector.palacios@digi.com>
Date: Fri, 17 Jul 2020 11:36:34 +0200
Subject: [PATCH] u-boot-fw-utils: update patch to support encrypted env

The encryption of the U-Boot environment uses the HWID as key
modifier. The HWID was being read using the fsl_otp driver sysfs
entries and over two words. The driver is now deprecated and also
the cc8x and cc8m platforms have different number of HWID words.

This patch modifies the function that reads the HWID words by
using new entries on the device tree 'digi,hwid_X' where X is the
index of the HWID word.

It also removes the need to select CONFIG_MD5 which is already
auto-selected on sandbox_defconfig by other config switches.

Signed-off-by: Hector Palacios <hector.palacios@digi.com>

https://jira.digi.com/browse/DEL-7185
(cherry picked from commit 8ced3627660ac5b443e959cf7ce9747e259dd767)
---
 ...ent-support-for-environment-encrypti.patch | 93 +++++++++----------
 1 file changed, 44 insertions(+), 49 deletions(-)

diff --git a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch
index 126e7804f..f16b37ed5 100644
--- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch
+++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch
@@ -1,31 +1,25 @@
-From: "Diaz de Grenu, Jose" <Jose.DiazdeGrenu@digi.com>
-Date: Tue, 23 Aug 2016 13:05:05 +0200
-Subject: [PATCH 1/4] tools: env: implement support for environment encryption
- by CAAM
+From: Hector Palacios <hector.palacios@digi.com>
+Date: Fri, 17 Jul 2020 07:08:50 +0200
+Subject: [PATCH] tools: env: implement support for environment encryption by
+ CAAM
 
-https://jira.digi.com/browse/DEL-2836
+Use the md5sum of HWID words (on the device tree) as key modifier.
 
 Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
 Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
+Signed-off-by: Hector Palacios <hector.palacios@digi.com>
+
+https://jira.digi.com/browse/DEL-7185
+https://jira.digi.com/browse/DEL-2836
 ---
- configs/sandbox_defconfig |   1 +
- tools/env/Makefile        |   2 +-
- tools/env/caam_keyblob.h  |  45 ++++++++++++
- tools/env/fw_env.c        | 140 ++++++++++++++++++++++++++++++++++++++
- 4 files changed, 187 insertions(+), 1 deletion(-)
+ tools/env/Makefile       |   2 +-
+ tools/env/caam_keyblob.h |  45 +++++++++++++
+ tools/env/fw_env.c       | 141 +++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 187 insertions(+), 1 deletion(-)
  create mode 100644 tools/env/caam_keyblob.h
 
-diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
-index 6894262b89..f01e70b1c4 100644
---- a/configs/sandbox_defconfig
-+++ b/configs/sandbox_defconfig
-@@ -219,3 +219,4 @@ CONFIG_TEST_FDTDEC=y
- CONFIG_UNIT_TEST=y
- CONFIG_UT_TIME=y
- CONFIG_UT_DM=y
-+CONFIG_MD5=y
 diff --git a/tools/env/Makefile b/tools/env/Makefile
-index b627796e94..fc7c44baa2 100644
+index b627796e949e..fc7c44baa2b7 100644
 --- a/tools/env/Makefile
 +++ b/tools/env/Makefile
 @@ -24,7 +24,7 @@ hostprogs-y := fw_printenv
@@ -39,7 +33,7 @@ index b627796e94..fc7c44baa2 100644
 
 diff --git a/tools/env/caam_keyblob.h b/tools/env/caam_keyblob.h
 new file mode 100644
-index 0000000000..1cdf3946c1
+index 000000000000..1cdf3946c1ba
 --- /dev/null
 +++ b/tools/env/caam_keyblob.h
 @@ -0,0 +1,45 @@
@@ -89,7 +83,7 @@ index 0000000000..1cdf3946c1
 +
 +#endif /* CAAM_KEYBLOB_H */
 diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c
-index eef12dd2b7..b804314093 100644
+index a5d75958e1b6..228d11c070e6 100644
 --- a/tools/env/fw_env.c
 +++ b/tools/env/fw_env.c
 @@ -24,6 +24,7 @@
@@ -100,7 +94,7 @@ index eef12dd2b7..b804314093 100644
  #include <unistd.h>
  #include <dirent.h>
 
-@@ -37,9 +38,19 @@
+@@ -37,9 +38,17 @@
 
  #include <mtd/ubi-user.h>
 
@@ -114,13 +108,11 @@ index eef12dd2b7..b804314093 100644
 + */
 +#define BLOB_OVERHEAD	48
 +#define CAAM_KEY_DEV	"/dev/caam_kb"
-+
-+#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
 +
  struct env_opts default_opts = {
  #ifdef CONFIG_FILE
  	.config_file = CONFIG_FILE
-@@ -117,6 +128,7 @@ static struct environment environment = {
+@@ -117,6 +126,7 @@ static struct environment environment = {
  };
 
  static int have_redund_env;
@@ -128,7 +120,7 @@ index eef12dd2b7..b804314093 100644
 
  static unsigned char active_flag = 1;
  /* obsolete_flag must be 0 to efficiently set it on NOR flash without erasing */
-@@ -442,6 +454,103 @@ char *fw_getdefenv(char *name)
+@@ -442,6 +452,106 @@ char *fw_getdefenv(char *name)
  	return NULL;
  }
 
@@ -140,34 +132,37 @@ index eef12dd2b7..b804314093 100644
 +		caam_encryption_flag = 1;
 +}
 +
++#define MAX_HWID_WORDS		4
 +static int env_caam_get_keymod(unsigned char output[16])
 +{
 +	int i;
 +	int len;
 +	int fd;
-+	char buff[32];
-+	uint32_t ocotp_hwid[2];
-+	const char *ocotp_hwid_file[2] = {
-+		"/sys/fsl_otp/HW_OCOTP_MAC0",
-+		"/sys/fsl_otp/HW_OCOTP_MAC1"
-+	};
++	uint32_t ocotp_hwid[MAX_HWID_WORDS];
++	const char dt_prop[32];
 +
-+	for (i = 0; i < ARRAY_SIZE(ocotp_hwid); i++) {
-+		fd = open(ocotp_hwid_file[i], O_RDONLY);
-+		if (fd < 0)
-+			return fd;
-+		len = read(fd, buff, sizeof(buff));
-+		if (len < 0) {
++	for (i = 0; i < MAX_HWID_WORDS; i++) {
++		sprintf(dt_prop, "/proc/device-tree/digi,hwid_%d", i);
++		if (access(dt_prop, F_OK) != -1) {
++			char buf[sizeof(uint32_t)];
++
++			fd = open(dt_prop, O_RDONLY);
++			if (fd < 0)
++				return fd;
++			len = read(fd, buf, sizeof(uint32_t));
++			if (len < 0) {
++				close(fd);
++				return -1;
++			}
++			ocotp_hwid[i] = ntohl(*(uint32_t *)buf);
 +			close(fd);
-+			return -1;
++		} else {
++			break;
 +		}
-+		/* drop last character (new line) */
-+		buff[len - 1] = '\0';
-+		ocotp_hwid[i] = strtoul(buff, NULL, 0);
-+		close(fd);
 +	}
 +
-+	md5((unsigned char *)(&ocotp_hwid), sizeof(ocotp_hwid), output);
++	/* Calculate md5sum on the raw HWID array */
++	md5((unsigned char *)(&ocotp_hwid), sizeof(uint32_t) * i, output);
 +
 +	return 0;
 +}
@@ -232,7 +227,7 @@ index eef12dd2b7..b804314093 100644
  /*
   * Print the current definition of one, or more, or all
   * environment variables
-@@ -505,9 +614,20 @@ int fw_printenv(int argc, char *argv[], int value_only, struct env_opts *opts)
+@@ -505,9 +615,20 @@ int fw_printenv(int argc, char *argv[], int value_only, struct env_opts *opts)
 
  int fw_env_flush(struct env_opts *opts)
  {
@@ -253,7 +248,7 @@ index eef12dd2b7..b804314093 100644
  	/*
  	 * Update CRC
  	 */
-@@ -1396,6 +1516,8 @@ int fw_env_open(struct env_opts *opts)
+@@ -1396,6 +1517,8 @@ int fw_env_open(struct env_opts *opts)
  	struct env_image_single *single;
  	struct env_image_redundant *redundant;
 
@@ -262,7 +257,7 @@ index eef12dd2b7..b804314093 100644
  	if (!opts)
  		opts = &default_opts;
 
-@@ -1434,6 +1556,15 @@ int fw_env_open(struct env_opts *opts)
+@@ -1434,6 +1557,15 @@ int fw_env_open(struct env_opts *opts)
 
  	crc0 = crc32(0, (uint8_t *)environment.data, ENV_SIZE);
 
@@ -278,7 +273,7 @@ index eef12dd2b7..b804314093 100644
  	crc0_ok = (crc0 == *environment.crc);
  	if (!have_redund_env) {
  		if (!crc0_ok) {
-@@ -1491,6 +1622,15 @@ int fw_env_open(struct env_opts *opts)
+@@ -1491,6 +1623,15 @@ int fw_env_open(struct env_opts *opts)
 
  		crc1 = crc32(0, (uint8_t *)redundant->data, ENV_SIZE);