From 4ba7b697627a2c02cd2f33ce2cb0db3b68d2f2a3 Mon Sep 17 00:00:00 2001 From: Joseph Jang Date: Mon, 7 Feb 2022 12:58:32 +0800 Subject: nugget: Add new command to verify GSA and GSC secure channel 1. Add new command to verify GSA-GSC PSK 2. Store GSA-GSC PSK verification state in long-life register Bug: 210925512 Test: fastboot reboot bootloader Change-Id: I0f8908ffc104ff9e3edd2450498b8c5f1b1aae75 Reviewed-on: https://nugget-os-review.googlesource.com/c/host/generic/+/49884 Reviewed-by: Brian Murray Presubmit-Verified: TreeHugger Robot --- nugget/include/app_nugget.h | 78 +++++++++++++++++++++++++++++++++++++++++ nugget/include/citadel_events.h | 4 +++ 2 files changed, 82 insertions(+) diff --git a/nugget/include/app_nugget.h b/nugget/include/app_nugget.h index fbf5ddd..f713299 100644 --- a/nugget/include/app_nugget.h +++ b/nugget/include/app_nugget.h @@ -467,6 +467,84 @@ struct gsa_gsc_psk_persist_storage { * @param reply_len 64 + 32 */ +/** + * enum gsa_gsc_psk_state - GSA-GSC PSK state + * @GSA_GSC_PSK_STATE_UNKNOWN: Unknown state (initial state) + * @GSA_GSC_PSK_STATE_KEY_VERIFY_SUCCESS: GSA and GSC PSK match + * @GSA_GSC_PSK_STATE_KEY_MISMATCH: GSA and GSC PSK mismatch + * @GSA_GSC_PSK_STATE_GSA_INTERNAL_ERROR: GSA has internal error + * @GSA_GSC_PSK_STATE_GSA_HAS_NO_KEY: GSA has no PSK + * @GSA_GSC_PSK_STATE_GSA_CRYPTO_PRNG_FAIL: GSA crypto prng function fail + * @GSA_GSC_PSK_STATE_GSA_CRYPTO_HKDF_FAIL: GSA crypto HKDF function fail + * @GSA_GSC_PSK_STATE_GSA_CRYPTO_HMAC_FAIL: GSA crypto HMAC function fail + * @GSA_GSC_PSK_STATE_GSA_CRYPTO_DONE: GSA crypto operations complete + * @GSA_GSC_PSK_STATE_GSC_HAS_NO_KEY: GSC has no PSK + * @GSA_GSC_PSK_STATE_GSC_NOT_IN_BOOTLOADER: GSC is not in bootloader + * @GSA_GSC_PSK_STATE_GSC_INVALID_PARAMETER: GSC received invalid request data + * @GSA_GSC_PSK_STATE_GSC_INTERNAL_ERROR: GSC has internal error + * @GSA_GSC_PSK_STATE_GSC_CRYPTO_HKDF_FAIL: GSC crypto HKDF function fail + * @GSA_GSC_PSK_STATE_GSC_CRYPTO_HMAC_FAIL: GSC crypto HMAC function fail + * @GSA_GSC_PSK_STATE_GSC_EXCEED_MAX_RETRY_COUNT: exceed max psk verification retry count (100) + * @GSA_GSA_PSK_STATE_GSC_NOS_CALL_FAIL: GSC nos call fail + */ +enum gsa_gsc_psk_state { + GSA_GSC_PSK_STATE_UNKNOWN, + GSA_GSC_PSK_STATE_KEY_VERIFY_SUCCESS, + GSA_GSC_PSK_STATE_KEY_MISMATCH, + GSA_GSC_PSK_STATE_GSA_INTERNAL_ERROR, + GSA_GSC_PSK_STATE_GSA_HAS_NO_KEY, + GSA_GSC_PSK_STATE_GSA_CRYPTO_PRNG_FAIL, + GSA_GSC_PSK_STATE_GSA_CRYPTO_HKDF_FAIL, + GSA_GSC_PSK_STATE_GSA_CRYPTO_HMAC_FAIL, + GSA_GSC_PSK_STATE_GSA_CRYPTO_DONE, + GSA_GSC_PSK_STATE_GSC_HAS_NO_KEY, + GSA_GSC_PSK_STATE_GSC_NOT_IN_BOOTLOADER, + GSA_GSC_PSK_STATE_GSC_INVALID_PARAMETER, + GSA_GSC_PSK_STATE_GSC_INTERNAL_ERROR, + GSA_GSC_PSK_STATE_GSC_CRYPTO_HKDF_FAIL, + GSA_GSC_PSK_STATE_GSC_CRYPTO_HMAC_FAIL, + GSA_GSC_PSK_STATE_GSC_EXCEED_MAX_RETRY_COUNT, + GSA_GSA_PSK_STATE_GSC_NOS_CALL_FAIL, +}; + +#define VERIFY_PSK_REQ_HEADER_SIZE 17 +#define VERIFY_PSK_REQ_VERSION 0 +#define VERIFY_PSK_NONCE_SIZE 32 +#define VERIFY_PSK_HMAC_SIZE 32 +/** + * struct verify_psk_request - verify gsa-gsc pre-shared key request + * @version: struct verify_psk_request version + * @header: header of verify_psk_request + * @nonce: 12 bytes random number + * @gsa_psk_state: GSA pre-shared key state + * @hmac: hmac = HMAC-SHA256(key = derived-psk, data = version || header || + * nonce || gsa_psk_state) + */ +struct verify_psk_request { + char header[VERIFY_PSK_REQ_HEADER_SIZE]; + uint8_t version; + uint8_t nonce[VERIFY_PSK_NONCE_SIZE]; + uint8_t gsa_psk_state; + uint8_t hmac[VERIFY_PSK_HMAC_SIZE]; +}; + +#define VERIFY_SECURE_CHANNEL_RETRY_COUNT_VERSION 0 +struct secure_channel_retry_count_persist_storage { + uint8_t version; + uint8_t verify_psk_retry_count; + uint8_t reserved[2]; +}; + +#define NUGGET_PARAM_VERIFY_GSA_GSC_PSK 0x0018 +/* + * Verify GSA GSC pre-shared key command + * + * @param args struct verify_psk_request + * @param arg_len 63 bytes + * @param reply psk verification result + * @param reply_len 1 bytes + */ + /****************************************************************************/ /* Test related commands */ diff --git a/nugget/include/citadel_events.h b/nugget/include/citadel_events.h index 3e3a33e..24babee 100644 --- a/nugget/include/citadel_events.h +++ b/nugget/include/citadel_events.h @@ -64,6 +64,7 @@ enum event_id { EVENT_REBOOTED = 2, // Device rebooted. EVENT_UPGRADED = 3, // Device has upgraded. EVENT_ALERT_V2 = 4, // Globalsec Alertv2 fired + EVENT_SEC_CH_STATE = 5, // Update GSA-GSC secure channel state. }; /* @@ -103,6 +104,9 @@ struct event_record { uint16_t temp_max; uint32_t bus_err; } alert_v2; + struct { + uint32_t state; + } sec_ch_state; /* uninterpreted */ union { -- cgit v1.2.3 From 4b06530f3afbdf9a07c02be392ebef13f86b8d47 Mon Sep 17 00:00:00 2001 From: Tommy Chiu Date: Wed, 13 Apr 2022 18:02:17 +0800 Subject: proto: Update SetBootStateRequest parameter to refect GKI design We used to treat system_patchlevel as boot_patchlevel. As of Android 9, system_patchlevel and boot_patchlevel are derived from different sources. Bug: 228378192 Test: boot to HOME, NHS work, VtsAidlKeyMintTargetTest Change-Id: If0869b210e7a7e5e010444daeaa7b1babba2749f Reviewed-on: https://nugget-os-review.googlesource.com/c/host/generic/+/51285 Tested-by: Tommy Chiu Reviewed-by: Tommy Chiu Presubmit-Verified: TreeHugger Robot Reviewed-by: Bill Richardson Reviewed-by: Oleg Matcovschi --- nugget/proto/nugget/app/keymaster/keymaster.proto | 1 + 1 file changed, 1 insertion(+) diff --git a/nugget/proto/nugget/app/keymaster/keymaster.proto b/nugget/proto/nugget/app/keymaster/keymaster.proto index 67f464a..89710e6 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster.proto +++ b/nugget/proto/nugget/app/keymaster/keymaster.proto @@ -413,6 +413,7 @@ message SetBootStateRequest { uint32 system_version = 4; // Deprecated. uint32 system_security_level = 5; // Patch level of the boot partition. bytes boot_hash = 6; // This is a SHA256 digest. + uint32 boot_security_level = 7; } message SetBootStateResponse { // Specified in keymaster_defs.proto:ErrorCode -- cgit v1.2.3 From 4b088aed05216a5a64f610b557807e529046d454 Mon Sep 17 00:00:00 2001 From: Alix Date: Mon, 18 Apr 2022 04:06:31 +0000 Subject: Deleted clang property in Android.bp files Deleted deprecated clang property in Android.bp files using bpmodify. Bug: 208980553 Test: treehugger Change-Id: Ic9260ae6856e5d3117d4d368833ee1866e68b794 Reviewed-on: https://nugget-os-review.googlesource.com/c/host/generic/+/51384 Tested-by: Tommy Chiu Reviewed-by: Tommy Chiu Autosubmit: Tommy Chiu Reviewed-by: Chengyou Ho Reviewed-by: Bill Richardson Presubmit-Verified: TreeHugger Robot --- Android.bp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Android.bp b/Android.bp index b789f23..009de4c 100644 --- a/Android.bp +++ b/Android.bp @@ -178,7 +178,7 @@ cc_library_static { // Language and vendor related defaults cc_defaults { name: "nos_cc_defaults", - clang: true, + cflags: [ "-pedantic", "-Wall", -- cgit v1.2.3 From 23f7d0e8b70c9db8f3754da0d049fc6b8dcf5697 Mon Sep 17 00:00:00 2001 From: Tommy Chiu Date: Fri, 29 Apr 2022 18:15:08 +0800 Subject: KM: Update fuse enum for new sku D3M2 Align FUSING_D_PVT_2 to the new D3M2 sku Bug: 226985417 Test: Build pass Change-Id: If2f634132d95f1f4fab780922fdc0fb81e0e1d5a Reviewed-on: https://nugget-os-review.googlesource.com/c/host/generic/+/51564 Reviewed-by: Bill Richardson Presubmit-Verified: TreeHugger Robot --- nugget/proto/nugget/app/keymaster/keymaster_defs.proto | 1 + 1 file changed, 1 insertion(+) diff --git a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto index 66d1801..dfdfeeb 100644 --- a/nugget/proto/nugget/app/keymaster/keymaster_defs.proto +++ b/nugget/proto/nugget/app/keymaster/keymaster_defs.proto @@ -321,6 +321,7 @@ enum ChipFusing { FUSING_PVT_1 = 3; // Strongbox gen v1 certs. FUSING_D_PVT = 4; // Dauntless gen v0 certs. FUSING_D_PVT_1 = 5; // Dauntless gen v1 certs. + FUSING_D_PVT_2 = 6; // Dauntless gen v2 certs (D3M2). } enum CertificateStatus { -- cgit v1.2.3