All the ELF images will load by HLOS and authenticated by Truszone .
Linux Andorid is using the PIL to load the image , PIL has following functions.
struct pil_reset_ops {
int (*init_image)(const u8 *metadata, size_t size);
int (*verify_blob)(u32 phy_addr, size_t size);
int (*auth_and_reset)(void);
int (*shutdown)(void);
};
The init_image will map to TZ api call tzbsp_pil_init_image(), the api will authenticate the hash segment and (elf_header+program header).
TZBSP_DEFINE_SYSCALL(TZBSP_PIL_INIT_ID,
PIL_FLAGS,
tzbsp_pil_init_image,
3, { sizeof(int), sizeof(int), sizeof(int) } );
The auth_and_reset map to tzbsp_pil_auth_reset(),this will verify all the segment except hash segment.
TZBSP_DEFINE_SYSCALL(TZBSP_PIL_AUTH_RESET_ID,
PIL_FLAGS,
tzbsp_pil_auth_reset,
1, { sizeof(int) } );
The hash algorithm is using SHA1
The sw id type in Tzone are, so for MODEM HASH table is=2, LPA QDSP6=4 SPS HASH=11
typedef enum
{
SECBOOT_SBL_SW_TYPE = 0,
SECBOOT_SBL1_SW_TYPE = 0,
SECBOOT_AMSS_SW_TYPE = 1,
SECBOOT_DMSS_SW_TYPE = 1,
SECBOOT_AMSS_HASH_TABLE_SW_TYPE = 2,
SECBOOT_FLASH_PRG_SW_TYPE = 3,
SECBOOT_EHOSTD_SW_TYPE = 3,
SECBOOT_DSP_HASH_TABLE_SW_TYPE = 4,
SECBOOT_SBL2_SW_TYPE = 5,
SECBOOT_SBL3_SW_TYPE = 6,
SECBOOT_TZ_KERNEL_SW_TYPE = 7,
SECBOOT_HOSTDL_SW_TYPE = 8,
SECBOOT_APPSBL_SW_TYPE = 9,
SECBOOT_RPM_FW_SW_TYPE = 10,
SECBOOT_SPS_HASH_TABLE_TYPE = 11,
SECBOOT_MAX_SW_TYPE = 0x7FFFFFFF /* force to 32 bits*/
} secboot_sw_type;
No comments:
Post a Comment