From patchwork Mon Dec  8 02:32:17 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@u-boot.org>
X-Patchwork-Id: 847
Return-Path: <concept-bounces+u-boot-concept=u-boot.org@u-boot.org>
X-Original-To: u-boot-concept@u-boot.org
Delivered-To: u-boot-concept@u-boot.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765161236;
	bh=8gH06nNu6iEu9wKH9/rM1AOvcnEp4qvkZGidGdF1QSQ=;
	h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id:
	 List-Archive:List-Help:List-Owner:List-Post:List-Subscribe:
	 List-Unsubscribe:From;
	b=KFKYXuVGS7O+r82jzX286FtVCebzkytzHjR+m4F8WPlwOhNBnujsZ8mtfLKTa5yTk
	 YDwtuvKh2AT1Y3c30V0aHni48YGFIqvV4mSSm66fb0xKU397It+Bp4U9CEaGK9k49x
	 m1p4McAxLUYLYXJ9db9CT50S8yK/ScilLseyHI+HVooYlfRv4Z6Xj/RQO4TYEa7+fD
	 6o2/ylleIbKc4bBPkjRORXSsQX8Uq4WFH418LDB83duFLX2OB5aOixd/NsPnwN4ap7
	 buhEjDlqqwwrLqbjl1f7ZQrbCpjP5yfYQM8gYW/KE9tb+YdVrnmZ0Y+Hrq9kC7xmaU
	 3yxWO82LZqUEQ==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 7D156689D3
	for <u-boot-concept@u-boot.org>; Sun,  7 Dec 2025 19:33:56 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id tyirTObK20GE for <u-boot-concept@u-boot.org>;
 Sun,  7 Dec 2025 19:33:56 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765161236;
	bh=8gH06nNu6iEu9wKH9/rM1AOvcnEp4qvkZGidGdF1QSQ=;
	h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id:
	 List-Archive:List-Help:List-Owner:List-Post:List-Subscribe:
	 List-Unsubscribe:From;
	b=KFKYXuVGS7O+r82jzX286FtVCebzkytzHjR+m4F8WPlwOhNBnujsZ8mtfLKTa5yTk
	 YDwtuvKh2AT1Y3c30V0aHni48YGFIqvV4mSSm66fb0xKU397It+Bp4U9CEaGK9k49x
	 m1p4McAxLUYLYXJ9db9CT50S8yK/ScilLseyHI+HVooYlfRv4Z6Xj/RQO4TYEa7+fD
	 6o2/ylleIbKc4bBPkjRORXSsQX8Uq4WFH418LDB83duFLX2OB5aOixd/NsPnwN4ap7
	 buhEjDlqqwwrLqbjl1f7ZQrbCpjP5yfYQM8gYW/KE9tb+YdVrnmZ0Y+Hrq9kC7xmaU
	 3yxWO82LZqUEQ==
Received: from mail.u-boot.org (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 6D94D689C7
	for <u-boot-concept@u-boot.org>; Sun,  7 Dec 2025 19:33:56 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765161234;
	bh=mJXpLPZKQ95qZAxLNyx5J/ozHiz1Jm+KHgQvBNUBwow=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=MpmoGAUxiewHs2yAO4Kw6+Ci7yxgSYr+OJMmDhyS5+yJlySoET1gdU8CRYatSJBRQ
	 1lf3z8JYoUTv/yWNAGg5pt6iRHvy068bqW1HMeIaTKdCDfDYFE3i+N4vuyQioy99eO
	 5YaVEBOSjlBUZrHwX7iRA+LxW3nmD/GGFI32N0Ss4l8u04kqcUW0BtmwqR+ZBfmsSc
	 sB/1vvUojhGdVrb0Nl/HEN5ebs8SfD1uwfRiRvwKp5sciYm1xDC0f7EHhpjKyjUGA5
	 7mUuV6FxFq26QY+9CGh2MSNszI9XQqOV6l4ga0diuaKJwTciAej7lBfg6OKnpvr5wM
	 pJCzgNIc9cJIQ==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 6DED768930;
	Sun,  7 Dec 2025 19:33:54 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP
 id cm-5QFobKU1n; Sun,  7 Dec 2025 19:33:54 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765161229;
	bh=jP1RQKliySvR/6MUlQ8Obp77TQnbb/xCS/eVyaJYDDM=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=wDSLVvxMXaKcsImWf6t8H195EA/mFTRgj1eg2S6P3ydX97ZvNArzC1lkHRxwWe2Xs
	 ffj/o+PFz0oYjwzVWIwdPq+kE0ppr7ZnsEWyrSkzqt/36v2noaRyddRgCRYTheeB53
	 Auc9CL00DqsFjZ5cjjbyMU1mOPvw150Ujx0sahf3MixPeiPEs3D7o2/3KoFsQyvLpM
	 wxJN3avD+1xIlTg80vrcYo+KNRxiboPTXpEDnpqaFpAE8GrOQpUcKQDZH2jAhEFo+0
	 cNE9JNI9d0QZ4VKq6ZdwNlOXwNTuzbjg++gR9mDALe89ApPYU2Li1wy/J2cuvfmpmr
	 ZCvx5yKik85Bw==
Received: from u-boot.org (unknown [73.34.74.121])
	by mail.u-boot.org (Postfix) with ESMTPSA id 3BF31688F0;
	Sun,  7 Dec 2025 19:33:49 -0700 (MST)
From: Simon Glass <sjg@u-boot.org>
To: U-Boot Concept <concept@u-boot.org>
Date: Sun,  7 Dec 2025 19:32:17 -0700
Message-ID: <20251208023229.3929910-15-sjg@u-boot.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251208023229.3929910-1-sjg@u-boot.org>
References: <20251208023229.3929910-1-sjg@u-boot.org>
MIME-Version: 1.0
Message-ID-Hash: CNI5RH6YRO6IICCBZUMZPDADVWBADAJ7
X-Message-ID-Hash: CNI5RH6YRO6IICCBZUMZPDADVWBADAJ7
X-MailFrom: sjg@u-boot.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
CC: Simon Glass <simon.glass@canonical.com>, Claude <claude@anthropic.com>
X-Mailman-Version: 3.3.10
Precedence: list
Subject: [Concept] [PATCH 14/19] tkey: Correct handling of the USS
List-Id: Discussion and patches related to U-Boot Concept <concept.u-boot.org>
Archived-At: 
 <https://lists.u-boot.org/archives/list/concept@u-boot.org/message/CNI5RH6YRO6IICCBZUMZPDADVWBADAJ7/>
List-Archive: <https://lists.u-boot.org/archives/list/concept@u-boot.org/>
List-Help: <mailto:concept-request@u-boot.org?subject=help>
List-Owner: <mailto:concept-owner@u-boot.org>
List-Post: <mailto:concept@u-boot.org>
List-Subscribe: <mailto:concept-join@u-boot.org>
List-Unsubscribe: <mailto:concept-leave@u-boot.org>

From: Simon Glass <simon.glass@canonical.com>

The position of the USS in the load-app header is incorrect. Fix it in
the driver and the emulator, so it matches the tkey-sign program.

Co-developed-by: Claude <claude@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
---

 drivers/misc/tkey-uclass.c | 16 ++++++++--------
 drivers/misc/tkey_emul.c   |  9 +++++++--
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/drivers/misc/tkey-uclass.c b/drivers/misc/tkey-uclass.c
index fad5ffd6534..c0c3bd5a6d3 100644
--- a/drivers/misc/tkey-uclass.c
+++ b/drivers/misc/tkey-uclass.c
@@ -470,12 +470,12 @@ static int tkey_load_app_header(struct udevice *dev, int app_size,
 			return ret;
 		}
 
-		/* USS present flag */
-		cmd_frame.data[5] = 1;
-		/* Copy USS hash (32 bytes) */
-		memcpy(&cmd_frame.data[6], uss_hash, 32);
+		log_debug("USS hash: %*ph\n", 32, uss_hash);
+
+		/* Copy USS hash (32 bytes) starting at data[5] */
+		memcpy(&cmd_frame.data[5], uss_hash, 32);
 		/* Pad remaining bytes with zeros */
-		memset(&cmd_frame.data[38], '\0', 128 - 38);
+		memset(&cmd_frame.data[37], '\0', 128 - 37);
 
 		log_debug("USS hash included in app header\n");
 	} else {
@@ -657,9 +657,9 @@ int tkey_get_pubkey(struct udevice *dev, void *pubkey)
 		return -EIO;
 	}
 
-	/* Extract public key (32 bytes) from response */
-	if (ret >= TKEY_FRAME_HEADER_SIZE + TKEY_PUBKEY_SIZE) {
-		memcpy(pubkey, rsp_frame.data, TKEY_PUBKEY_SIZE);
+	/* Extract public key (32 bytes) from response, skip response code byte */
+	if (ret >= TKEY_FRAME_HEADER_SIZE + 1 + TKEY_PUBKEY_SIZE) {
+		memcpy(pubkey, rsp_frame.data + 1, TKEY_PUBKEY_SIZE);
 		log_debug("Public key retrieved successfully\n");
 		return 0;
 	}
diff --git a/drivers/misc/tkey_emul.c b/drivers/misc/tkey_emul.c
index 403e6e819b9..f67e28bd071 100644
--- a/drivers/misc/tkey_emul.c
+++ b/drivers/misc/tkey_emul.c
@@ -182,8 +182,13 @@ static int handle_firmware_cmd(struct udevice *dev, u8 cmd, const u8 *data)
 
 static int handle_app_get_pubkey(struct tkey_emul_priv *priv)
 {
-	memcpy(priv->resp, priv->pubkey, 32);
-	priv->resp_len = 32;
+	/*
+	 * Response format: 1-byte response code (0x02) + 32-byte pubkey
+	 * tkey_get_pubkey() expects this format and skips the response code
+	 */
+	priv->resp[0] = 0x02;  /* Response code for GET_PUBKEY */
+	memcpy(priv->resp + 1, priv->pubkey, 32);
+	priv->resp_len = 33;
 	log_debug("GET_PUBKEY\n");
 
 	return 0;