@@ -18,6 +18,8 @@
#include <linux/kernel.h>
#include <u-boot/blake2.h>
#include <u-boot/schedule.h>
+#include <u-boot/sha256.h>
+#include <hexdump.h>
/* TKey Protocol Constants */
#define TKEY_FRAME_HEADER_SIZE 1
@@ -670,6 +672,7 @@ int tkey_derive_disk_key(struct udevice *dev, const void *app_data,
int app_size, const void *uss, int uss_size,
void *disk_key, void *pubkey, void *key_hash)
{
+ char pubkey_hex[TKEY_PUBKEY_SIZE * 2 + 1];
int ret;
/* Load the signer app with USS */
@@ -693,14 +696,22 @@ int tkey_derive_disk_key(struct udevice *dev, const void *app_data,
log_debug("Public key retrieved\n");
- /* Derive disk encryption key from public key using BLAKE2b */
- ret = blake2b(disk_key, 32, pubkey, 32, NULL, 0);
- if (ret) {
- log_debug("Failed to derive disk key (error %d)\n", ret);
- return ret;
- }
+ /*
+ * Derive disk encryption key from public key using SHA256
+ * Must match Python tkey-fde-key.py implementation which does:
+ * hashlib.sha256(pubkey.encode()).digest()
+ *
+ * This converts the binary public key to hex string,
+ * then hashes the string bytes.
+ */
+ bin2hex(pubkey_hex, pubkey, TKEY_PUBKEY_SIZE);
+
+ sha256_context ctx;
+ sha256_starts(&ctx);
+ sha256_update(&ctx, (const u8 *)pubkey_hex, TKEY_PUBKEY_SIZE * 2);
+ sha256_finish(&ctx, disk_key);
- log_debug("Disk encryption key derived\n");
+ log_debug("Disk encryption key derived using SHA256\n");
/* Generate verification hash if requested */
if (key_hash) {
@@ -53,8 +53,8 @@ static int cmd_test_tkey_sandbox(struct unit_test_state *uts)
/* Test getkey command */
ut_assertok(run_command("tkey getkey testuss", 0));
ut_assert_nextline("Public Key: 505152535455565758595a5b5c5d5e5f505152535455565758595a5b5c5d5e5f");
- ut_assert_nextline("Disk Key: 228b2f6abf8be05649b2417586150bbf3e1b3f669afa1c6151ddc72957933c21");
- ut_assert_nextline("Verification Hash: a72a46b8f8c7ff0824416ada886f62b6c2808896d71201a32814ab432c7a81cf");
+ ut_assert_nextline("Disk Key: e9b0599268ff8b083ef80dbd04be207ce9a19a60a888ccb3fe93710a0a70a34e");
+ ut_assert_nextline("Verification Hash: 8583a08d6c534e84ae81a8518071c16a8030893df05fecb84e514438591ba5ed");
/* After getkey, device should be in app mode */
ut_assertok(run_command("tkey fwmode", 0));
@@ -175,19 +175,19 @@ static int dm_test_tkey_derive_disk_key(struct unit_test_state *uts)
0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
};
- /* Expected disk key: BLAKE2b(pubkey) */
+ /* Expected disk key: SHA256(pubkey) - from emulator */
const u8 expected_disk_key[TKEY_DISK_KEY_SIZE] = {
- 0x22, 0x8b, 0x2f, 0x6a, 0xbf, 0x8b, 0xe0, 0x56,
- 0x49, 0xb2, 0x41, 0x75, 0x86, 0x15, 0x0b, 0xbf,
- 0x3e, 0x1b, 0x3f, 0x66, 0x9a, 0xfa, 0x1c, 0x61,
- 0x51, 0xdd, 0xc7, 0x29, 0x57, 0x93, 0x3c, 0x21,
+ 0xe9, 0xb0, 0x59, 0x92, 0x68, 0xff, 0x8b, 0x08,
+ 0x3e, 0xf8, 0x0d, 0xbd, 0x04, 0xbe, 0x20, 0x7c,
+ 0xe9, 0xa1, 0x9a, 0x60, 0xa8, 0x88, 0xcc, 0xb3,
+ 0xfe, 0x93, 0x71, 0x0a, 0x0a, 0x70, 0xa3, 0x4e,
};
/* Expected key hash: BLAKE2b(disk_key) */
const u8 expected_key_hash[TKEY_HASH_SIZE] = {
- 0xa7, 0x2a, 0x46, 0xb8, 0xf8, 0xc7, 0xff, 0x08,
- 0x24, 0x41, 0x6a, 0xda, 0x88, 0x6f, 0x62, 0xb6,
- 0xc2, 0x80, 0x88, 0x96, 0xd7, 0x12, 0x01, 0xa3,
- 0x28, 0x14, 0xab, 0x43, 0x2c, 0x7a, 0x81, 0xcf,
+ 0x85, 0x83, 0xa0, 0x8d, 0x6c, 0x53, 0x4e, 0x84,
+ 0xae, 0x81, 0xa8, 0x51, 0x80, 0x71, 0xc1, 0x6a,
+ 0x80, 0x30, 0x89, 0x3d, 0xf0, 0x5f, 0xec, 0xb8,
+ 0x4e, 0x51, 0x44, 0x38, 0x59, 0x1b, 0xa5, 0xed,
};
struct udevice *dev;
u8 dummy_app[128];