static int secure_object_op_test(void) { unsigned char * tagt ; int LEN = 4096 , retLen ; int ret ; tagt = (unsigned char *)malloc(LEN); if(!tagt){ printf("out of memory\n"); return -1 ; } ret = wrap_secure_object( hdmi_data, "HDMI", ARRAY_SIZE(hdmi_data), tagt, &retLen ) ; if( ret <0){ printf("Error: wrap secure object fail\n"); free(tagt); return -1 ; } ret = sunxi_secure_storage_write( "HDMI" , (void *)tagt, retLen ) ; if(ret <0){ printf("Error: store HDMI object fail\n"); free(tagt); return -1 ; } ret = sunxi_secure_storage_read( "HDMI" , (void *)sec_buf, 4096 , (int *)&retLen ) ; if(ret <0){ printf("Error: store HDMI object read fail\n"); free(tagt); return -1 ; } if( memcmp(tagt, sec_buf, retLen ) !=0 ){ printf("Error: HDMI write/read fail\n"); return -1 ; } printf("HDMI dump:\n"); print_buffer((u32)sec_buf, (void*)sec_buf, 1, retLen, 16); ret = wrap_secure_object(widevine_data, "Widevine", ARRAY_SIZE(widevine_data), tagt, &retLen ) ; if( ret <0){ printf("Error: wrap secure object fail\n"); free(tagt); return -1 ; } ret = sunxi_secure_storage_write( "Widevine" , (void *)tagt, retLen ) ; if(ret <0){ printf("Error: store Widevine object fail\n"); free(tagt); return -1 ; } ret = sunxi_secure_storage_read( "Widevine" , (void *)sec_buf, 4096 , (int *)&retLen ) ; if(ret <0){ printf("Error: store Widevine object read fail\n"); free(tagt); return -1 ; } if( memcmp(tagt, sec_buf, retLen ) !=0 ){ printf("Error: Widevine write/read fail\n"); return -1 ; } printf("Widevine dump:\n"); print_buffer((u32)sec_buf, (void*)sec_buf, 1, retLen, 16); sunxi_secure_storage_exit(); free(tagt); return 0 ; }
/* ************************************************************************************************************ * * function * * name : * * parmeters : * * return : * * note : * * ************************************************************************************************************ */ static int sunxi_pburn_state_loop(void *buffer) { static struct umass_bbb_cbw_t *cbw; static struct umass_bbb_csw_t csw; static uint pburn_flash_start = 0; //static uint pburn_flash_sectors = 0; int ret; sunxi_ubuf_t *sunxi_ubuf = (sunxi_ubuf_t *)buffer; switch(sunxi_usb_pburn_status) { case SUNXI_USB_PBURN_IDLE: if(sunxi_ubuf->rx_ready_for_data == 1) { sunxi_usb_pburn_status = SUNXI_USB_PBURN_SETUP; } break; case SUNXI_USB_PBURN_SETUP: sunxi_usb_dbg("SUNXI_USB_PBURN_SETUP\n"); if(sunxi_ubuf->rx_req_length != sizeof(struct umass_bbb_cbw_t)) { printf("sunxi usb error: received bytes 0x%x is not equal cbw struct size 0x%zx\n", sunxi_ubuf->rx_req_length, sizeof(struct umass_bbb_cbw_t)); sunxi_ubuf->rx_ready_for_data = 0; sunxi_usb_pburn_status = SUNXI_USB_PBURN_IDLE; break; } cbw = (struct umass_bbb_cbw_t *)sunxi_ubuf->rx_req_buffer; if(CBWSIGNATURE != cbw->dCBWSignature) { printf("sunxi usb error: the cbw signature 0x%x is bad, need 0x%x\n", cbw->dCBWSignature, CBWSIGNATURE); sunxi_ubuf->rx_ready_for_data = 0; sunxi_usb_pburn_status = SUNXI_USB_PBURN_IDLE; break; } csw.dCSWSignature = CSWSIGNATURE; csw.dCSWTag = cbw->dCBWTag; #if defined(SUNXI_USB_30) sunxi_usb_pburn_status_enable = 1; #endif sunxi_usb_dbg("usb cbw command = 0x%x\n", cbw->CBWCDB[0]); switch(cbw->CBWCDB[0]) { #ifdef CONFIG_SUNXI_SECURE_STORAGE case 0xf0: //自定义命令,用于烧录用户数据 sunxi_usb_dbg("usb burn secure storage data\n"); printf("usb command = %d\n", cbw->CBWCDB[1]); switch(cbw->CBWCDB[1]) { case 0: //握手 { __usb_handshake_sec_t *handshake = (__usb_handshake_sec_t *)trans_data.base_send_buffer; memset(handshake, 0, sizeof(__usb_handshake_sec_t)); strcpy(handshake->magic, "usb_burn_handshake"); sunxi_usb_pburn_status = SUNXI_USB_PBURN_SEND_DATA; trans_data.act_send_buffer = trans_data.base_send_buffer; trans_data.send_size = min(cbw->dCBWDataTransferLength, sizeof(__usb_handshake_sec_t)); sunxi_usb_burn_from_boot_setup = 1; private_data_ext_buff = (u8 *)malloc(4 * 1024 * 1024); if(private_data_ext_buff == NULL) { printf("there is no memorfy to store all user key data\n"); csw.bCSWStatus = -1; } else { csw.bCSWStatus = 0; sunxi_usb_burn_from_boot_handshake = 1; } private_data_ext_buff_step = private_data_ext_buff; } break; case 1: //小机端接收数据 { trans_data.recv_size = cbw->dCBWDataTransferLength; sunxi_usb_pburn_write_enable = 0; sunxi_udc_start_recv_by_dma(private_data_ext_buff_step, trans_data.recv_size); //start dma to receive data printf("recv_size=%d\n", trans_data.recv_size); sunxi_dump(private_data_ext_buff, trans_data.recv_size); sunxi_usb_pburn_status = SUNXI_USB_PBURN_RECEIVE_NULL; } break; case 2: //工具端声明数据传输已经完毕,要求获取烧录状态 { __usb_handshake_ext_t *handshake = (__usb_handshake_ext_t *)trans_data.base_send_buffer; memset(handshake, 0, sizeof(__usb_handshake_ext_t)); //strcpy(handshake->magic, "usb_burn_receive_data_all"); sunxi_usb_pburn_status = SUNXI_USB_PBURN_SEND_DATA; printf("recv_size=%d\n", trans_data.recv_size); sunxi_dump(private_data_ext_buff, trans_data.recv_size); int ret = __sunxi_burn_key(private_data_ext_buff, trans_data.recv_size); trans_data.act_send_buffer = trans_data.base_send_buffer; trans_data.send_size = min(cbw->dCBWDataTransferLength, sizeof(__usb_handshake_ext_t)); //开始根据数据类型进行烧录动作 if(!ret) //数据烧写成功 { strcpy(handshake->magic, "usb_burn_success"); csw.bCSWStatus = 0; } else //数据烧写失败 { strcpy(handshake->magic, "usb_burn_error"); csw.bCSWStatus = -1; } if(private_data_ext_buff) { free(private_data_ext_buff); } } break; // case 3: //小机端读取每个key // { // uint start, sectors; // uint offset; // // start = *(int *)(cbw->CBWCDB + 4); //读数据的偏移量 // sectors = *(int *)(cbw->CBWCDB + 8); //扇区数; // // trans_data.send_size = min(cbw->dCBWDataTransferLength, sectors * 512); // trans_data.act_send_buffer = (uint)trans_data.base_send_buffer; // // offset = burn_private_start; // ret = sunxi_flash_read(start + offset, sectors, trans_data.base_send_buffer); // if(!ret) // { // printf("sunxi flash read err: start,0x%x sectors 0x%x\n", start, sectors); // // csw.bCSWStatus = 1; // } // else // { // csw.bCSWStatus = 0; // } // // sunxi_usb_pburn_status = SUNXI_USB_PBURN_SEND_DATA; // } // break; case 4: //关闭usb { __usb_handshake_ext_t *handshake = (__usb_handshake_ext_t *)trans_data.base_send_buffer; memset(handshake, 0, sizeof(__usb_handshake_ext_t)); strcpy(handshake->magic, "usb_burn_finish"); trans_data.act_send_buffer = trans_data.base_send_buffer; trans_data.send_size = min(cbw->dCBWDataTransferLength, sizeof(__usb_handshake_ext_t)); sunxi_udc_send_data((void *)trans_data.act_send_buffer, trans_data.send_size); csw.bCSWStatus = 0; sunxi_usb_pburn_status = SUNXI_USB_PBURN_EXIT; } break; case 5: { __usb_handshake_ext_t *handshake = (__usb_handshake_ext_t *)trans_data.base_send_buffer; memset(handshake, 0, sizeof(__usb_handshake_ext_t)); strcpy(handshake->magic, "usb_burn_saved"); trans_data.act_send_buffer = trans_data.base_send_buffer; trans_data.send_size = min(cbw->dCBWDataTransferLength, sizeof(__usb_handshake_ext_t)); csw.bCSWStatus = 0; sunxi_usb_pburn_status = SUNXI_USB_PBURN_SEND_DATA; if(sunxi_secure_storage_write("key_burned_flag", "key_burned", strlen("key_burned"))) { printf("save burned flag err\n"); csw.bCSWStatus = -1; } sunxi_secure_storage_exit(); } break; default: break; } break; #endif case 0xf3: //自定义命令,用于烧录用户数据 sunxi_usb_dbg("usb burn private\n"); printf("usb command = %d\n", cbw->CBWCDB[1]); switch(cbw->CBWCDB[1]) { case 0: //握手 { __usb_handshake_t *handshake = (__usb_handshake_t *)trans_data.base_send_buffer; burn_private_start = sunxi_partition_get_offset_byname("private"); burn_private_len = sunxi_partition_get_size_byname("private"); if(!burn_private_start) { printf("private partition is not exist\n"); csw.bCSWStatus = -1; } else { csw.bCSWStatus = 0; } memset(handshake, 0, sizeof(__usb_handshake_t)); strcpy(handshake->magic, "usb_burn_handshake"); handshake->sizelo = burn_private_len; handshake->sizehi = 0; sunxi_usb_pburn_status = SUNXI_USB_PBURN_SEND_DATA; sunxi_usb_burn_from_boot_setup = 1; sunxi_usb_burn_from_boot_handshake = 1; trans_data.act_send_buffer = trans_data.base_send_buffer; trans_data.send_size = min(cbw->dCBWDataTransferLength, sizeof(__usb_handshake_t)); } break; case 1: //小机端接收数据 { //pburn_flash_sectors = *(int *)(cbw->CBWCDB + 8); //pburn_flash_start = *(int *)(cbw->CBWCDB + 4); memcpy(&pburn_flash_start,(cbw->CBWCDB + 4),4); trans_data.recv_size = cbw->dCBWDataTransferLength; trans_data.act_recv_buffer = trans_data.base_recv_buffer; pburn_flash_start += burn_private_start; sunxi_usb_pburn_write_enable = 0; sunxi_udc_start_recv_by_dma(trans_data.act_recv_buffer, trans_data.recv_size); //start dma to receive data sunxi_usb_pburn_status = SUNXI_USB_PBURN_RECEIVE_DATA; } break; case 3: //小机端发送数据 { uint start, sectors; //start = *(int *)(cbw->CBWCDB + 4); //读数据的偏移量 //sectors = *(int *)(cbw->CBWCDB + 8); //扇区数; memcpy(&start,(cbw->CBWCDB + 4),4); memcpy(§ors,(cbw->CBWCDB + 8),4); printf("start=%d, sectors=%d\n", start, sectors); trans_data.send_size = min(cbw->dCBWDataTransferLength, sectors * 512); trans_data.act_send_buffer = trans_data.base_send_buffer; printf("send size=%d\n", trans_data.send_size); ret = sunxi_flash_read(start + burn_private_start, sectors, trans_data.base_send_buffer); if(!ret) { printf("sunxi flash read err: start,0x%x sectors 0x%x\n", start, sectors); csw.bCSWStatus = 1; } else { csw.bCSWStatus = 0; } sunxi_usb_pburn_status = SUNXI_USB_PBURN_SEND_DATA; } break; case 4: //关闭usb { __usb_handshake_ext_t *handshake = (__usb_handshake_ext_t *)trans_data.base_send_buffer; memset(handshake, 0, sizeof(__usb_handshake_ext_t)); strcpy(handshake->magic, "usb_burn_finish"); trans_data.act_send_buffer = trans_data.base_send_buffer; trans_data.send_size = min(cbw->dCBWDataTransferLength, sizeof(__usb_handshake_ext_t)); sunxi_udc_send_data((void *)trans_data.act_send_buffer, trans_data.send_size); csw.bCSWStatus = 0; sunxi_flash_flush(); sunxi_usb_pburn_status = SUNXI_USB_PBURN_EXIT; } break; case 5: { __usb_handshake_ext_t *handshake = (__usb_handshake_ext_t *)trans_data.base_send_buffer; char buffer[512]; memset(handshake, 0, sizeof(__usb_handshake_ext_t)); strcpy(handshake->magic, "usb_burn_saved"); trans_data.act_send_buffer = trans_data.base_send_buffer; trans_data.send_size = min(cbw->dCBWDataTransferLength, sizeof(__usb_handshake_ext_t)); csw.bCSWStatus = 0; sunxi_usb_pburn_status = SUNXI_USB_PBURN_SEND_DATA; memset(buffer, 0, 512); strcpy(buffer, "key_burned"); if(!sunxi_flash_write(burn_private_start + burn_private_len - (8192+512)/512, 1, buffer)) { printf("save burned flag err\n"); csw.bCSWStatus = -1; } sunxi_flash_flush(); #ifdef CONFIG_SUNXI_SECURE_STORAGE if(sunxi_secure_storage_init()) { printf("init secure storage failed\n"); csw.bCSWStatus = -1; } else { if(sunxi_secure_storage_write("key_burned_flag", "key_burned", strlen("key_burned"))) { printf("save burned flag err\n"); csw.bCSWStatus = -1; } } sunxi_secure_storage_exit(); #endif } break; default: break; } break; default: sunxi_usb_dbg("not supported command 0x%x now\n", cbw->CBWCDB[0]); sunxi_usb_dbg("asked size 0x%x\n", cbw->dCBWDataTransferLength); csw.bCSWStatus = 1; sunxi_usb_pburn_status = SUNXI_USB_PBURN_STATUS; break; } break; case SUNXI_USB_PBURN_SEND_DATA: sunxi_usb_dbg("SUNXI_USB_SEND_DATA\n"); sunxi_usb_pburn_status = SUNXI_USB_PBURN_STATUS; printf("SUNXI_USB_SEND_DATA=%d\n", trans_data.send_size); sunxi_udc_send_data((void *)trans_data.act_send_buffer, trans_data.send_size); #if defined(SUNXI_USB_30) sunxi_usb_pburn_status_enable = 0; #endif break; case SUNXI_USB_PBURN_RECEIVE_DATA: sunxi_usb_dbg("SUNXI_USB_RECEIVE_DATA\n"); if(sunxi_usb_pburn_write_enable == 1) { sunxi_usb_dbg("write flash, start 0x%x, sectors 0x%x\n", pburn_flash_start, trans_data.recv_size/512); ret = sunxi_flash_write(pburn_flash_start, (trans_data.recv_size+511)/512, (void *)trans_data.act_recv_buffer); if(!ret) { printf("sunxi flash write err: start,0x%x sectors 0x%x\n", pburn_flash_start, (trans_data.recv_size+511)/512); csw.bCSWStatus = 1; } else { csw.bCSWStatus = 0; } sunxi_usb_pburn_write_enable = 0; sunxi_usb_pburn_status = SUNXI_USB_PBURN_STATUS; } break; case SUNXI_USB_PBURN_STATUS: sunxi_usb_dbg("SUNXI_USB_PBURN_STATUS\n"); #if defined(SUNXI_USB_30) if(sunxi_usb_pburn_status_enable) #endif { sunxi_usb_pburn_status = SUNXI_USB_PBURN_IDLE; sunxi_ubuf->rx_ready_for_data = 0; __sunxi_pburn_send_status(&csw, sizeof(struct umass_bbb_csw_t)); } break; case SUNXI_USB_PBURN_EXIT: printf("SUNXI_USB_PBURN_EXIT\n"); sunxi_usb_pburn_status = SUNXI_USB_PBURN_IDLE; sunxi_ubuf->rx_ready_for_data = 0; __sunxi_pburn_send_status(&csw, sizeof(struct umass_bbb_csw_t)); printf("Device will shutdown in 3 Secends...\n"); __msdelay(3000); return SUNXI_UPDATE_NEXT_ACTION_SHUTDOWN; case SUNXI_USB_PBURN_RECEIVE_NULL: sunxi_usb_dbg("SUNXI_USB_PBURN_RECEIVE_NULL\n"); if(sunxi_usb_pburn_write_enable == 1) { csw.bCSWStatus = 0; sunxi_usb_pburn_write_enable = 0; sunxi_usb_pburn_status = SUNXI_USB_PBURN_STATUS; } break; default: break; } return 0; }
int sunxi_keydata_burn_by_usb(void) { char buffer[512]; #ifdef CONFIG_SUNXI_SECURE_STORAGE #ifndef SUNXI_SECURESTORAGE_TEST_ERASE int data_len; #endif #endif int ret; uint burn_private_start, burn_private_len; int workmode = uboot_spare_head.boot_data.work_mode; int if_need_burn_key=0; ret = script_parser_fetch("target", "burn_key", &if_need_burn_key, 1); if((ret) || (if_need_burn_key != 1)) { return 0; } if(workmode != WORK_MODE_BOOT) //非启动模式,不执行 { puts("out of usb burn from boot: not boot mode\n"); return 0; } if(gd->vbus_status == SUNXI_VBUS_NOT_EXIST) //vbus不存在,不执行 { puts("out of usb burn from boot: without usb\n"); return 0; } if(gd->power_step_level == BATTERY_RATIO_TOO_LOW_WITH_DCIN) { puts("out of usb burn from boot: not enough energy\n"); return 0; } memset(buffer, 0, 512); #ifdef CONFIG_SUNXI_SECURE_STORAGE if(sunxi_secure_storage_init()) #endif { printf("sunxi secure storage is not supported\n"); burn_private_start = sunxi_partition_get_offset_byname("private"); burn_private_len = sunxi_partition_get_size_byname("private"); if(!burn_private_start) { printf("private partition is not exist\n"); return -1; } else { ret = sunxi_flash_read(burn_private_start + burn_private_len - (8192+512)/512, 1, buffer); if(ret != 1) { printf("cant read private part\n"); return -1; } if(!strcmp(buffer, "key_burned")) { printf("find key burned flag\n"); return 0; } } } #ifdef CONFIG_SUNXI_SECURE_STORAGE else { #ifndef SUNXI_SECURESTORAGE_TEST_ERASE ret = sunxi_secure_storage_read("key_burned_flag", buffer, 512, &data_len); if(ret) { printf("sunxi secure storage has no flag\n"); } else { if(!strcmp(buffer, "key_burned")) { printf("wrn: data has clean\n"); return 0; } } #else if(!sunxi_secure_storage_erase_data_only("key_burned_flag")) sunxi_secure_storage_exit(); return 0; #endif } #endif return do_burn_from_boot(NULL, 0, 0, NULL); }
int __sunxi_burn_key(u8 *buff, uint buff_len) { sunxi_usb_burn_main_info_t *key_main = (sunxi_usb_burn_main_info_t *)buff; sunxi_usb_burn_key_info_t *key_list; #ifdef CONFIG_SUNXI_SECURE_SYSTEM sunxi_efuse_key_info_t efuse_key_info; #endif int key_count; int offset; u8 *p_buff = (u8 *)&key_main->key_info; //比较key主体的信息 if(strcmp((const char *)key_main->magic, "key-group-db")) { printf("key data magic unmatch, err\n"); return -1; } key_count = key_main->count; printf("key_count=%d\n", key_count); if(sunxi_secure_storage_init()) { printf("%s secure storage init failed\n", __func__); return -1; } for(;key_count>0;key_count--, key_list++) { key_list = (sunxi_usb_burn_key_info_t *)p_buff; printf("^^^^^^^^^^^^^^^^^^^\n"); printf("key index=%d\n", key_main->count - key_count); printf("key name=%s\n", key_list->name); printf("key type=%d\n", key_list->type); printf("key len=%d\n", key_list->len); printf("key if_burn=%d\n", key_list->if_burn); printf("key if_replace=%d\n", key_list->if_replace); printf("key if_crypt=%d\n", key_list->if_crypt); printf("key data:\n"); sunxi_dump(key_list->key_data, key_list->len); printf("###################\n"); offset = (sizeof(sunxi_usb_burn_key_info_t)) + ((key_list->len + 15) & (~15)); printf("offset=%d\n", offset); p_buff += offset; #ifdef CONFIG_SUNXI_SECURE_SYSTEM if(!key_list->type) { memset(&efuse_key_info, 0, sizeof(efuse_key_info)); strcpy(efuse_key_info.name, (const char *)key_list->name); efuse_key_info.len = key_list->len; efuse_key_info.key_data = (u8 *)key_list->key_data; if(smc_efuse_writel(&efuse_key_info)) { return -1; } } else #endif { #ifdef CONFIG_SUNXI_HDCP_IN_SECURESTORAGE int ret; if(!strcmp("hdcpkey", key_list->name)) { ret = sunxi_deal_hdcp_key((char *)key_list->key_data, key_list->len); if(ret) { printf("sunxi deal with hdcp key failed\n"); return -1; } } else #endif { if(key_list->if_crypt) smc_set_sst_crypt_name(key_list->name); if(sunxi_secure_object_write(key_list->name, (char *)key_list->key_data, key_list->len)) { return -1; } } } } if(sunxi_secure_storage_exit()) { printf("sunxi_secure_storage_exit err\n"); return -1; } return 0; }