From: Simon Glass <simon.glass@canonical.com> The position of the USS in the load-app header is incorrect. Fix it in the driver and the emulator, so it matches the tkey-sign program. Co-developed-by: Claude <claude@anthropic.com> Signed-off-by: Simon Glass <simon.glass@canonical.com> --- drivers/misc/tkey-uclass.c | 16 ++++++++-------- drivers/misc/tkey_emul.c | 9 +++++++-- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/drivers/misc/tkey-uclass.c b/drivers/misc/tkey-uclass.c index fad5ffd6534..c0c3bd5a6d3 100644 --- a/drivers/misc/tkey-uclass.c +++ b/drivers/misc/tkey-uclass.c @@ -470,12 +470,12 @@ static int tkey_load_app_header(struct udevice *dev, int app_size, return ret; } - /* USS present flag */ - cmd_frame.data[5] = 1; - /* Copy USS hash (32 bytes) */ - memcpy(&cmd_frame.data[6], uss_hash, 32); + log_debug("USS hash: %*ph\n", 32, uss_hash); + + /* Copy USS hash (32 bytes) starting at data[5] */ + memcpy(&cmd_frame.data[5], uss_hash, 32); /* Pad remaining bytes with zeros */ - memset(&cmd_frame.data[38], '\0', 128 - 38); + memset(&cmd_frame.data[37], '\0', 128 - 37); log_debug("USS hash included in app header\n"); } else { @@ -657,9 +657,9 @@ int tkey_get_pubkey(struct udevice *dev, void *pubkey) return -EIO; } - /* Extract public key (32 bytes) from response */ - if (ret >= TKEY_FRAME_HEADER_SIZE + TKEY_PUBKEY_SIZE) { - memcpy(pubkey, rsp_frame.data, TKEY_PUBKEY_SIZE); + /* Extract public key (32 bytes) from response, skip response code byte */ + if (ret >= TKEY_FRAME_HEADER_SIZE + 1 + TKEY_PUBKEY_SIZE) { + memcpy(pubkey, rsp_frame.data + 1, TKEY_PUBKEY_SIZE); log_debug("Public key retrieved successfully\n"); return 0; } diff --git a/drivers/misc/tkey_emul.c b/drivers/misc/tkey_emul.c index 403e6e819b9..f67e28bd071 100644 --- a/drivers/misc/tkey_emul.c +++ b/drivers/misc/tkey_emul.c @@ -182,8 +182,13 @@ static int handle_firmware_cmd(struct udevice *dev, u8 cmd, const u8 *data) static int handle_app_get_pubkey(struct tkey_emul_priv *priv) { - memcpy(priv->resp, priv->pubkey, 32); - priv->resp_len = 32; + /* + * Response format: 1-byte response code (0x02) + 32-byte pubkey + * tkey_get_pubkey() expects this format and skips the response code + */ + priv->resp[0] = 0x02; /* Response code for GET_PUBKEY */ + memcpy(priv->resp + 1, priv->pubkey, 32); + priv->resp_len = 33; log_debug("GET_PUBKEY\n"); return 0; -- 2.43.0