rpmb实际就是emmc中的一个独立分区,写rpmb需要rpmb key对包计算mac值,rpmb硬件内部会校验mac值正确才能正常写入数据,可以防止重要数据被破坏
底层rpmb相关函数:
static TEE_Result tee_rpmb_get_dev_info(uint16_t dev_id, struct rpmb_dev_info *dev_info)
获取硬件rpmb信息,包括cid和rpmb大小
static TEE_Result tee_rpmb_write_key(uint16_t dev_id)
若rpmb第一次使用,会调用该函数写入一把rpmb key,该key只能写一次,后续不能改变
static TEE_Result tee_rpmb_read(uint16_t dev_id, uint32_t addr, uint8_t *data,
uint32_t len, const uint8_t *fek,
const TEE_UUID *uuid)
读取rpmb包数据,校验包的mac值合法,解密数据
static TEE_Result tee_rpmb_write_blk(uint16_t dev_id, uint16_t blk_idx,
const uint8_t *data_blks, uint16_t blkcnt,
const uint8_t *fek, const TEE_UUID *uuid)
加密数据,打包数据,计算包的mac值,发送给硬件rpmb写入
static TEE_Result tee_rpmb_init_read_wr_cnt(uint16_t dev_id,
uint32_t *wr_cnt,
uint16_t *op_result)
读取rpmb写入计数器
文件系统结构:
/**
* RPMB_FS partition data
*/
struct rpmb_fs_partition {//offset 0 ; size 128 bytes
uint32_t rpmb_fs_magic;
uint32_t fs_version;
uint32_t write_counter;
uint32_t fat_start_address;
/* Do not use reserved[] for other purpose than partition data. */
uint8_t reserved[112];
};
//128-512预留
struct rpmb_fat_entry {//第一个文件头 offset 512 bytes ; size 256 bytes
uint32_t start_address;//记录第一个文件数据存储地址
uint32_t data_size;//文件大小
uint32_t flags;
uint32_t write_counter;
uint8_t fek[TEE_FS_KM_FEK_SIZE];//加密数据的密钥,该密钥已经被加过密了,可以直接存储
char filename[TEE_RPMB_FS_FILENAME_LENGTH];//文件名,用来查找文件的
};
struct rpmb_fat_entry {//第二个文件头 offset 512+256bytes ; size 256 bytes
uint32_t start_address;
uint32_t data_size;
uint32_t flags;
uint32_t write_counter;
uint8_t fek[TEE_FS_KM_FEK_SIZE];
char filename[TEE_RPMB_FS_FILENAME_LENGTH];
};
............
.............
.............
文件2数据
文件1数据
ps:新增一个文件时,文件头是从上向下增长,对应数据是从rpmb尾部从下向上增长,直到rpmb全部用完为止