u-boot-fw-utils: update patch to support encrypted env

The encryption of the U-Boot environment uses the HWID as key modifier. The HWID was being read using the fsl_otp driver sysfs entries and over two words. The driver is now deprecated and also the cc8x and cc8m platforms have different number of HWID words. This patch modifies the function that reads the HWID words by using new entries on the device tree 'digi,hwid_X' where X is the index of the HWID word. It also removes the need to select CONFIG_MD5 which is already auto-selected on sandbox_defconfig by other config switches. Signed-off-by: Hector Palacios <hector.palacios@digi.com> https://jira.digi.com/browse/DEL-7185 (cherry picked from commit 8ced362766)
2020-07-17 11:36:34 +02:00 · 2020-07-17 11:36:34 +02:00 · 5403b831df
parent c24d1d96a7
commit 5403b831df
1 changed files with 44 additions and 49 deletions
--- a/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch
+++ b/meta-digi-arm/recipes-bsp/u-boot/u-boot-fw-utils/0001-tools-env-implement-support-for-environment-encrypti.patch
@ -1,31 +1,25 @@
-From: "Diaz de Grenu, Jose" <Jose.DiazdeGrenu@digi.com>
-Date: Tue, 23 Aug 2016 13:05:05 +0200
-Subject: [PATCH 1/4] tools: env: implement support for environment encryption
- by CAAM
+From: Hector Palacios <hector.palacios@digi.com>
+Date: Fri, 17 Jul 2020 07:08:50 +0200
+Subject: [PATCH] tools: env: implement support for environment encryption by
+ CAAM

-https://jira.digi.com/browse/DEL-2836
+Use the md5sum of HWID words (on the device tree) as key modifier.

 Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
 Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
+Signed-off-by: Hector Palacios <hector.palacios@digi.com>
+
+https://jira.digi.com/browse/DEL-7185
+https://jira.digi.com/browse/DEL-2836
 ---
- configs/sandbox_defconfig |   1 +
 tools/env/Makefile       |   2 +-
- tools/env/caam_keyblob.h  |  45 ++++++++++++
- tools/env/fw_env.c        | 140 ++++++++++++++++++++++++++++++++++++++
- 4 files changed, 187 insertions(+), 1 deletion(-)
+ tools/env/caam_keyblob.h |  45 +++++++++++++
+ tools/env/fw_env.c       | 141 +++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 187 insertions(+), 1 deletion(-)
 create mode 100644 tools/env/caam_keyblob.h

-diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
-index 6894262b89..f01e70b1c4 100644
--- a/configs/sandbox_defconfig
-+++ b/configs/sandbox_defconfig
-@@ -219,3 +219,4 @@ CONFIG_TEST_FDTDEC=y
- CONFIG_UNIT_TEST=y
- CONFIG_UT_TIME=y
- CONFIG_UT_DM=y
-+CONFIG_MD5=y
 diff --git a/tools/env/Makefile b/tools/env/Makefile
-index b627796e94..fc7c44baa2 100644
+index b627796e949e..fc7c44baa2b7 100644
 --- a/tools/env/Makefile
 +++ b/tools/env/Makefile
@@ -24,7 +24,7 @@ hostprogs-y := fw_printenv
@ -39,7 +33,7 @@ index b627796e94..fc7c44baa2 100644

 diff --git a/tools/env/caam_keyblob.h b/tools/env/caam_keyblob.h
 new file mode 100644
-index 0000000000..1cdf3946c1
+index 000000000000..1cdf3946c1ba
 --- /dev/null
 +++ b/tools/env/caam_keyblob.h
@@ -0,0 +1,45 @@
@ -89,7 +83,7 @@ index 0000000000..1cdf3946c1
 +
 +#endif /* CAAM_KEYBLOB_H */
 diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c
-index eef12dd2b7..b804314093 100644
+index a5d75958e1b6..228d11c070e6 100644
 --- a/tools/env/fw_env.c
 +++ b/tools/env/fw_env.c
@@ -24,6 +24,7 @@
@ -100,7 +94,7 @@ index eef12dd2b7..b804314093 100644
 #include <unistd.h>
 #include <dirent.h>

-@@ -37,9 +38,19 @@
+@@ -37,9 +38,17 @@

 #include <mtd/ubi-user.h>

@ -114,13 +108,11 @@ index eef12dd2b7..b804314093 100644
 + */
 +#define BLOB_OVERHEAD	48
 +#define CAAM_KEY_DEV	"/dev/caam_kb"
-+
-+#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
 +
 struct env_opts default_opts = {
 #ifdef CONFIG_FILE
 	.config_file = CONFIG_FILE
-@@ -117,6 +128,7 @@ static struct environment environment = {
+@@ -117,6 +126,7 @@ static struct environment environment = {
 };

 static int have_redund_env;
@ -128,7 +120,7 @@ index eef12dd2b7..b804314093 100644

 static unsigned char active_flag = 1;
 /* obsolete_flag must be 0 to efficiently set it on NOR flash without erasing */
-@@ -442,6 +454,103 @@ char *fw_getdefenv(char *name)
+@@ -442,6 +452,106 @@ char *fw_getdefenv(char *name)
 	return NULL;
 }

@ -140,34 +132,37 @@ index eef12dd2b7..b804314093 100644
 +		caam_encryption_flag = 1;
 +}
 +
+#define MAX_HWID_WORDS		4
 +static int env_caam_get_keymod(unsigned char output[16])
 +{
 +	int i;
 +	int len;
 +	int fd;
-+	char buff[32];
-+	uint32_t ocotp_hwid[2];
-+	const char *ocotp_hwid_file[2] = {
-+		"/sys/fsl_otp/HW_OCOTP_MAC0",
-+		"/sys/fsl_otp/HW_OCOTP_MAC1"
-+	};
+	uint32_t ocotp_hwid[MAX_HWID_WORDS];
+	const char dt_prop[32];
 +
-+	for (i = 0; i < ARRAY_SIZE(ocotp_hwid); i++) {
-+		fd = open(ocotp_hwid_file[i], O_RDONLY);
+	for (i = 0; i < MAX_HWID_WORDS; i++) {
+		sprintf(dt_prop, "/proc/device-tree/digi,hwid_%d", i);
+		if (access(dt_prop, F_OK) != -1) {
+			char buf[sizeof(uint32_t)];
+
+			fd = open(dt_prop, O_RDONLY);
 +			if (fd < 0)
 +				return fd;
-+		len = read(fd, buff, sizeof(buff));
+			len = read(fd, buf, sizeof(uint32_t));
 +			if (len < 0) {
 +				close(fd);
 +				return -1;
 +			}
-+		/* drop last character (new line) */
-+		buff[len - 1] = '\0';
-+		ocotp_hwid[i] = strtoul(buff, NULL, 0);
+			ocotp_hwid[i] = ntohl(*(uint32_t *)buf);
 +			close(fd);
+		} else {
+			break;
+		}
 +	}
 +
-+	md5((unsigned char *)(&ocotp_hwid), sizeof(ocotp_hwid), output);
+	/* Calculate md5sum on the raw HWID array */
+	md5((unsigned char *)(&ocotp_hwid), sizeof(uint32_t) * i, output);
 +
 +	return 0;
 +}
@ -232,7 +227,7 @@ index eef12dd2b7..b804314093 100644
 /*
  * Print the current definition of one, or more, or all
  * environment variables
-@@ -505,9 +614,20 @@ int fw_printenv(int argc, char *argv[], int value_only, struct env_opts *opts)
+@@ -505,9 +615,20 @@ int fw_printenv(int argc, char *argv[], int value_only, struct env_opts *opts)

 int fw_env_flush(struct env_opts *opts)
 {
@ -253,7 +248,7 @@ index eef12dd2b7..b804314093 100644
 	/*
 	 * Update CRC
 	 */
-@@ -1396,6 +1516,8 @@ int fw_env_open(struct env_opts *opts)
+@@ -1396,6 +1517,8 @@ int fw_env_open(struct env_opts *opts)
 	struct env_image_single *single;
 	struct env_image_redundant *redundant;

@ -262,7 +257,7 @@ index eef12dd2b7..b804314093 100644
 	if (!opts)
 		opts = &default_opts;

-@@ -1434,6 +1556,15 @@ int fw_env_open(struct env_opts *opts)
+@@ -1434,6 +1557,15 @@ int fw_env_open(struct env_opts *opts)

 	crc0 = crc32(0, (uint8_t *)environment.data, ENV_SIZE);

@ -278,7 +273,7 @@ index eef12dd2b7..b804314093 100644
 	crc0_ok = (crc0 == *environment.crc);
 	if (!have_redund_env) {
 		if (!crc0_ok) {
-@@ -1491,6 +1622,15 @@ int fw_env_open(struct env_opts *opts)
+@@ -1491,6 +1623,15 @@ int fw_env_open(struct env_opts *opts)

 		crc1 = crc32(0, (uint8_t *)redundant->data, ENV_SIZE);