u-boot.git/cmd/avb.c, branch v2020.01 Unnamed repository; edit this file 'description' to name the repository. cmd: avb: Support A/B slots 2019-10-31T11:22:53+00:00 Sam Protsenko semen.protsenko@linaro.org 2019-10-21T10:55:16+00:00 965ec3caa8fcaafe3d18ad7c3810a13b09ee8abe Add optional parameter to 'avb verify' sub-command, so that user is able to specify which slot to use, in case when user's partitions are slotted. If that parameter is omitted, the behavior of 'avb verify' will be the same as before, so user API is content. Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org> Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com> Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com> 
Add optional parameter to 'avb verify' sub-command, so that user is able
to specify which slot to use, in case when user's partitions are
slotted. If that parameter is omitted, the behavior of 'avb verify' will
be the same as before, so user API is content.

Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
cmd: avb: Fix requested partitions list 2019-10-31T11:22:53+00:00 Sam Protsenko semen.protsenko@linaro.org 2019-08-15T17:49:47+00:00 bb43c2784704b79eaa383fe38255b2ecf73b46ff The requested_partitions[] array should contain only boot partitions. Usually it's only 'boot' partition, as can be seen in [1]. Also, seems like the requested_partitions[] are only used when there is no 'vbmeta' partition [2], which is not a regular use-case. Make requested_partitions[] contain only 'boot' partition as it was supposed to be, and also make that array to be a local in do_avb_verify_part() function, as nobody else needs that. [1] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/test/avb_slot_verify_unittest.cc#108 [2] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/libavb/avb_slot_verify.c#1461 Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org> Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com> 
The requested_partitions[] array should contain only boot partitions.
Usually it's only 'boot' partition, as can be seen in [1]. Also, seems
like the requested_partitions[] are only used when there is no 'vbmeta'
partition [2], which is not a regular use-case.

Make requested_partitions[] contain only 'boot' partition as it was
supposed to be, and also make that array to be a local in
do_avb_verify_part() function, as nobody else needs that.

[1] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/test/avb_slot_verify_unittest.cc#108
[2] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/libavb/avb_slot_verify.c#1461

Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
env: Move env_set() to env.h 2019-08-11T20:43:41+00:00 Simon Glass sjg@chromium.org 2019-08-01T15:46:51+00:00 9fb625ce05539fe6876a59ce1dcadb76b33c6f6e Move env_set() over to the new header file. Acked-by: Joe Hershberger <joe.hershberger@ni.com> Signed-off-by: Simon Glass <sjg@chromium.org> 
Move env_set() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
cmd: avb: Fix compiler warnings 2019-08-07T19:31:04+00:00 Sam Protsenko semen.protsenko@linaro.org 2019-07-31T16:59:09+00:00 97f3c09706543205f7a2f6fa91e110946c302fcb When building U-Boot with AVB enabled, compiler shows next warnings: cmd/avb.c: In function 'do_avb_read_pvalue': cmd/avb.c:371:18: warning: format '%ld' expects argument of type 'long int', but argument 2 has type 'size_t' {aka 'unsigned int'} [-Wformat=] printf("Read %ld bytes, value = %s\n", bytes_read, ~~^ ~~~~~~~~~~ %d cmd/avb.c: In function 'do_avb_write_pvalue': cmd/avb.c:404:19: warning: format '%ld' expects argument of type 'long int', but argument 2 has type '__kernel_size_t' {aka 'unsigned int'} [-Wformat=] printf("Wrote %ld bytes\n", strlen(value) + 1); ~~^ ~~~~~~~~~~~~~~~~~ %d Fix those by using "%zu" specified. Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org> Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com> 
When building U-Boot with AVB enabled, compiler shows next warnings:

    cmd/avb.c: In function 'do_avb_read_pvalue':
    cmd/avb.c:371:18: warning: format '%ld' expects argument of type
                      'long int', but argument 2 has type 'size_t'
                      {aka 'unsigned int'} [-Wformat=]
       printf("Read %ld bytes, value = %s\n", bytes_read,
                    ~~^                       ~~~~~~~~~~
                    %d

    cmd/avb.c: In function 'do_avb_write_pvalue':
    cmd/avb.c:404:19: warning: format '%ld' expects argument of type
                      'long int', but argument 2 has type '__kernel_size_t'
                      {aka 'unsigned int'} [-Wformat=]
       printf("Wrote %ld bytes\n", strlen(value) + 1);
                     ~~^           ~~~~~~~~~~~~~~~~~
                     %d

Fix those by using "%zu" specified.

Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
avb: add support for named persistent values 2019-04-26T22:58:22+00:00 Igor Opaniuk igor.opaniuk@gmail.com 2019-04-09T13:38:14+00:00 fc1fe01b08cedd77a194bb82fa81af4fe1e39031 AVB 2.0 spec. revision 1.1 introduces support for named persistent values that must be tamper evident and allows AVB to store arbitrary key-value pairs [1]. Introduce implementation of two additional AVB operations read_persistent_value()/write_persistent_value() for retrieving/storing named persistent values. Correspondent pull request in the OP-TEE OS project repo [2]. [1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22 [2]: https://github.com/OP-TEE/optee_os/pull/2699 Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org> Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com> 
AVB 2.0 spec. revision 1.1 introduces support for named persistent values
that must be tamper evident and allows AVB to store arbitrary key-value
pairs [1].

Introduce implementation of two additional AVB operations
read_persistent_value()/write_persistent_value() for retrieving/storing
named persistent values.

Correspondent pull request in the OP-TEE OS project repo [2].

[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699

Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
cmd: avb: print error message if command fails 2018-10-07T14:47:38+00:00 Jens Wiklander jens.wiklander@linaro.org 2018-09-25T14:40:07+00:00 6d89902d7a97bc988595fe471783715245096a9e Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
cmd: avb read_rb: print rb_idx in hexadecimal 2018-10-07T14:47:38+00:00 Jens Wiklander jens.wiklander@linaro.org 2018-09-25T14:40:06+00:00 ab2d738239b0eb009a5cab792275b4c36504f595 Prior to this patch was do_avb_write_rb() reading supplied rb_idx as a hexadecimal number while do_avb_read_rb() printed the read out rb_idx as decimal number. For consistency change do_avb_read_rb() to print rb_idx as a hexadecimal number too. Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
Prior to this patch was do_avb_write_rb() reading supplied rb_idx as a
hexadecimal number while do_avb_read_rb() printed the read out rb_idx as
decimal number. For consistency change do_avb_read_rb() to print rb_idx
as a hexadecimal number too.

Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
avb2.0: add boot states and dm-verity support 2018-06-18T17:55:13+00:00 Igor Opaniuk igor.opaniuk@linaro.org 2018-06-03T18:56:40+00:00 5d4fd8777337134dc1a1270f27569a9ccaece193 1. Add initial support of boot states mode (red, green, yellow) 2. Add functions for enforcing dm-verity configurations Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org> 
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations

Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
cmd: avb2.0: avb command for performing verification 2018-06-18T17:55:13+00:00 Igor Opaniuk igor.opaniuk@linaro.org 2018-06-03T18:56:39+00:00 60b2f9e7b97580b3a71d6fa119fc9c66491d963e Enable a "avb" command to execute Android Verified Boot 2.0 operations. It includes such subcommands: avb init - initialize avb2 subsystem avb read_rb - read rollback index avb write_rb - write rollback index avb is_unlocked - check device lock state avb get_uuid - read and print uuid of a partition avb read_part - read data from partition avb read_part_hex - read data from partition and output to stdout avb write_part - write data to partition avb verify - run full verification chain Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org> 
Enable a "avb" command to execute Android Verified
Boot 2.0 operations. It includes such subcommands:
  avb init - initialize avb2 subsystem
  avb read_rb - read rollback index
  avb write_rb - write rollback index
  avb is_unlocked - check device lock state
  avb get_uuid - read and print uuid of a partition
  avb read_part - read data from partition
  avb read_part_hex - read data from partition and output to stdout
  avb write_part - write data to partition
  avb verify - run full verification chain

Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>