From: Simon Glass <simon.glass@canonical.com>
The position of the USS in the load-app header is incorrect. Fix it in
the driver and the emulator, so it matches the tkey-sign program.
Co-developed-by: Claude <claude@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
---
drivers/misc/tkey-uclass.c | 16 ++++++++--------
drivers/misc/tkey_emul.c | 9 +++++++--
2 files changed, 15 insertions(+), 10 deletions(-)
@@ -470,12 +470,12 @@ static int tkey_load_app_header(struct udevice *dev, int app_size,
return ret;
}
- /* USS present flag */
- cmd_frame.data[5] = 1;
- /* Copy USS hash (32 bytes) */
- memcpy(&cmd_frame.data[6], uss_hash, 32);
+ log_debug("USS hash: %*ph\n", 32, uss_hash);
+
+ /* Copy USS hash (32 bytes) starting at data[5] */
+ memcpy(&cmd_frame.data[5], uss_hash, 32);
/* Pad remaining bytes with zeros */
- memset(&cmd_frame.data[38], '\0', 128 - 38);
+ memset(&cmd_frame.data[37], '\0', 128 - 37);
log_debug("USS hash included in app header\n");
} else {
@@ -657,9 +657,9 @@ int tkey_get_pubkey(struct udevice *dev, void *pubkey)
return -EIO;
}
- /* Extract public key (32 bytes) from response */
- if (ret >= TKEY_FRAME_HEADER_SIZE + TKEY_PUBKEY_SIZE) {
- memcpy(pubkey, rsp_frame.data, TKEY_PUBKEY_SIZE);
+ /* Extract public key (32 bytes) from response, skip response code byte */
+ if (ret >= TKEY_FRAME_HEADER_SIZE + 1 + TKEY_PUBKEY_SIZE) {
+ memcpy(pubkey, rsp_frame.data + 1, TKEY_PUBKEY_SIZE);
log_debug("Public key retrieved successfully\n");
return 0;
}
@@ -182,8 +182,13 @@ static int handle_firmware_cmd(struct udevice *dev, u8 cmd, const u8 *data)
static int handle_app_get_pubkey(struct tkey_emul_priv *priv)
{
- memcpy(priv->resp, priv->pubkey, 32);
- priv->resp_len = 32;
+ /*
+ * Response format: 1-byte response code (0x02) + 32-byte pubkey
+ * tkey_get_pubkey() expects this format and skips the response code
+ */
+ priv->resp[0] = 0x02; /* Response code for GET_PUBKEY */
+ memcpy(priv->resp + 1, priv->pubkey, 32);
+ priv->resp_len = 33;
log_debug("GET_PUBKEY\n");
return 0;