From patchwork Sat Nov 15 18:51:49 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@u-boot.org>
X-Patchwork-Id: 50
Return-Path: <concept-bounces+u-boot-concept=u-boot.org@u-boot.org>
X-Original-To: u-boot-concept@u-boot.org
Delivered-To: u-boot-concept@u-boot.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1763232781;
	bh=dwLycs1keIgiXtr3WN8+opjCay72NabiTn51C6Oj3ck=;
	h=From:To:Date:CC:Subject:List-Id:List-Archive:List-Help:List-Owner:
	 List-Post:List-Subscribe:List-Unsubscribe:From;
	b=QxRzB3du+95feC4L4pkleDP3SNyl7LHumRxWSZenBITFAELUk+cer7jaUvjKd7pT8
	 JJVpxMs0T1KcCoH7UfYDtpZbiEi5R4o80qWD19ySj1ZXAdLh99mDYRAhh+ocSoPcTq
	 pz1z/gkFGvHZt4B/6LM+FUgIw4HJ/E2A4RN2zpcFbyUiAVGNRRr1X4M+NDqQ2Vejsh
	 Lin7vczmhPE6rnHJLLY4WG2mvMOab4WDoiZpGuitxfSmDlcHUXOnDSwiIbCe0uVNSi
	 drHNMbMlQozQJn9AVwo4NEXOA3busj8jbBhGI62+F7g9p+2xJV00VNw5kuw34VmsgZ
	 hP5AjWP8DITdQ==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 2D9E16861A
	for <u-boot-concept@u-boot.org>; Sat, 15 Nov 2025 11:53:01 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id Bh_FV6a6-DH5 for <u-boot-concept@u-boot.org>;
 Sat, 15 Nov 2025 11:53:01 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1763232781;
	bh=dwLycs1keIgiXtr3WN8+opjCay72NabiTn51C6Oj3ck=;
	h=From:To:Date:CC:Subject:List-Id:List-Archive:List-Help:List-Owner:
	 List-Post:List-Subscribe:List-Unsubscribe:From;
	b=QxRzB3du+95feC4L4pkleDP3SNyl7LHumRxWSZenBITFAELUk+cer7jaUvjKd7pT8
	 JJVpxMs0T1KcCoH7UfYDtpZbiEi5R4o80qWD19ySj1ZXAdLh99mDYRAhh+ocSoPcTq
	 pz1z/gkFGvHZt4B/6LM+FUgIw4HJ/E2A4RN2zpcFbyUiAVGNRRr1X4M+NDqQ2Vejsh
	 Lin7vczmhPE6rnHJLLY4WG2mvMOab4WDoiZpGuitxfSmDlcHUXOnDSwiIbCe0uVNSi
	 drHNMbMlQozQJn9AVwo4NEXOA3busj8jbBhGI62+F7g9p+2xJV00VNw5kuw34VmsgZ
	 hP5AjWP8DITdQ==
Received: from mail.u-boot.org (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 1BE77685E8
	for <u-boot-concept@u-boot.org>; Sat, 15 Nov 2025 11:53:01 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1763232776;
	bh=eou2bVpH/db2OWKkbnQPf+ZR5n1Fbjua2KHMbzQE0Ok=;
	h=From:To:Cc:Subject:Date:From;
	b=vQFSL5pgHoJFx7ato8w4Gl0YzlV0NF7DVqHvciGpURgc0zb+MQmwU8payW6qXEoJA
	 CA/lSAlUTfgTwX5MVOFKCNl7+1CGkj3mRZTKnGYrkdTczOR5eWVxRJqlhD1g8yoFMj
	 i78K5sg+kjSeLUdJ3BtH9fLQiFJ5NtfeQBoTRqfGV4478tizt0yn93+3habZqRUAq+
	 LcPeyeSYoy7IhpszfeAdb0kTAd352nOy7ZsbVfLTselD26mgjbcd56MLbqHl/AZaLL
	 EXnVvr+tf97sLUWx11IJr3j0CmhSNMMw3hD3ZBrYhKpEkJ1gxGYHZ/sYHZ4XLbGkzb
	 LnNs7zeTI0QbA==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 0CE77685E5;
	Sat, 15 Nov 2025 11:52:56 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP
 id xqsU57Rn330F; Sat, 15 Nov 2025 11:52:55 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1763232775;
	bh=SWd5JypvAqnmCbesC2vpvqd6tFSaY+lMtFWvk6elUMs=;
	h=From:To:Cc:Subject:Date:From;
	b=n/xXQhs0XxsWHWXfXXjczF3MXKqH2b0yVER5XhC8b0RczxWfvJ6oN7IEq09msI2fJ
	 xS7Z5NTHgQOD2AceNZU8Juc2okVUATnKJq+nOIg/cuP/kzomFIPBo8Swoflx5kWuV/
	 /SosDQq2x95xliKSGpf+ADNwdHtt7UvBuGJpP/Eoi3xZUVIUPj64L8NYpGdHUcgjIk
	 4ERzSsAJvi1/Ah5DOinfx7Zs2zzO0/TFbxdwXvO6u3A8PMoaNiJOQNIp/UJX9nt/jV
	 IoCW1vetYgZx7w2+FmCni0QEIL0aZZhGM8Vycp9lw69LcbCDcAY6VMWQhBCfCfN/HG
	 VGSOSAAfSnfrQ==
Received: from u-boot.org (unknown [73.34.74.121])
	by mail.u-boot.org (Postfix) with ESMTPSA id 51B6D68521;
	Sat, 15 Nov 2025 11:52:55 -0700 (MST)
From: Simon Glass <sjg@u-boot.org>
To: U-Boot Concept <concept@u-boot.org>
Date: Sat, 15 Nov 2025 11:51:49 -0700
Message-ID: <20251115185212.539268-1-sjg@u-boot.org>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
Message-ID-Hash: AIZ44IPC36X3HPADTGJMUQ4S33JHWYRH
X-Message-ID-Hash: AIZ44IPC36X3HPADTGJMUQ4S33JHWYRH
X-MailFrom: sjg@u-boot.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
CC: Simon Glass <simon.glass@canonical.com>
X-Mailman-Version: 3.3.10
Precedence: list
Subject: [Concept] [PATCH 00/16] Continue TKey development
List-Id: Discussion and patches related to U-Boot Concept <concept.u-boot.org>
Archived-At: 
 <https://lists.u-boot.org/archives/list/concept@u-boot.org/message/AIZ44IPC36X3HPADTGJMUQ4S33JHWYRH/>
List-Archive: <https://lists.u-boot.org/archives/list/concept@u-boot.org/>
List-Help: <mailto:concept-request@u-boot.org?subject=help>
List-Owner: <mailto:concept-owner@u-boot.org>
List-Post: <mailto:concept@u-boot.org>
List-Subscribe: <mailto:concept-join@u-boot.org>
List-Unsubscribe: <mailto:concept-leave@u-boot.org>

From: Simon Glass <simon.glass@canonical.com>

This series adds the ability to provide a user-supplied secret to the
TKey and use that to obtain a disk-encryption key.

Expo is enhanced to support password entry and bootflows can now record
whether the root disk is encrypted or not.

Further work will enable the TKey in the UI and actually unlock an
encrypted disk.


Simon Glass (16):
  aes: Use const pointers for read-only parameters
  emulation: Support the bootcmd more generally
  input: Provide a way for tests to register a mouse click
  expo: Support hiding password entry
  expo: Support disk-passphrase entry in the menu
  expo: Allow entering text into textline in non-popup expos
  tkey: Allow modelling the tkey being disconnected
  tkey: Support loading an app with a user-supplied secret
  tkey: Provide some back-door functions for TKey tests
  tkey: Use SHA256 to obtain the disk-encryption key
  tkey: sandbox: Avoid returning -ENODEV from the driver
  tkey: Allow selecting the TKey device by name
  tkey: Provide a real tkey device with test.dts
  boot: Use constants for a few common strings
  boot: Show an indication for encrypted bootflows
  boot: Detect encrypted partitions with extlinux

 arch/sandbox/dts/test.dts         |   5 +
 arch/x86/cpu/qemu/qemu.c          |  28 -----
 board/emulation/common/Makefile   |   3 +
 board/emulation/common/bootcmd.c  |  37 +++++++
 boot/bootflow.c                   |   5 +-
 boot/bootflow_internal.h          |  11 ++
 boot/bootflow_menu.c              |  31 ++++++
 boot/bootmeth_extlinux.c          |  54 ++++++++++
 boot/scene.c                      |  28 ++++-
 cmd/bootflow.c                    |  15 ++-
 cmd/tkey.c                        |  36 ++++++-
 doc/board/emulation/common.rst    |  28 +++++
 doc/board/emulation/index.rst     |   1 +
 doc/board/emulation/qemu-x86.rst  |  18 +---
 doc/usage/cmd/tkey.rst            |  24 ++++-
 drivers/crypto/nuvoton/npcm_aes.c |  22 ++--
 drivers/input/mouse-uclass.c      |  13 +++
 drivers/misc/tkey-uclass.c        | 174 +++++++++++++++++-------------
 drivers/misc/tkey_emul.c          |  82 +++++++++++++-
 drivers/misc/tkey_sandbox.c       |  12 +--
 include/bootflow.h                |   4 +
 include/expo.h                    |   2 +
 include/mouse.h                   |  14 +++
 include/tkey.h                    |  98 +++++++++++++++++
 include/uboot_aes.h               |  42 ++++----
 lib/aes.c                         |  22 ++--
 test/boot/bootflow.c              | 111 +++++++++++++------
 test/boot/cedit.c                 |  11 ++
 test/cmd/tkey.c                   |  11 +-
 test/dm/tkey.c                    |  41 +++----
 30 files changed, 739 insertions(+), 244 deletions(-)
 create mode 100644 board/emulation/common/bootcmd.c
 create mode 100644 doc/board/emulation/common.rst