u-boot.git/include/avb_verify.h, branch master Unnamed repository; edit this file 'description' to name the repository. common: avb_verify: add str_avb_io_error/str_avb_slot_error 2024-02-15T09:38:34+00:00 Igor Opaniuk igor.opaniuk@gmail.com 2024-02-09T19:20:43+00:00 fc7ef0f9e780ed45305002609cf920647787bc79 Introduce str_avb_io_error() and str_avb_slot_error() functions, that provide a pointer to AVB runtime error message. Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com> Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com> Link: https://lore.kernel.org/r/20240209192045.3961832-6-igor.opaniuk@foundries.io Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com> 
Introduce str_avb_io_error() and str_avb_slot_error() functions,
that provide a pointer to AVB runtime error message.

Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-6-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
avb: move SPDX license identifiers to the first line 2024-02-15T09:38:34+00:00 Igor Opaniuk igor.opaniuk@gmail.com 2024-02-09T19:20:40+00:00 a14aa59e7e696f9b90d3fe0de55ce50cf0e21dd5 Move SPDX license identifiers to the first line, so it conforms to license placement rule [1]: Placement: The SPDX license identifier in kernel files shall be added at the first possible line in a file which can contain a comment. For the majority of files this is the first line, except for scripts which require the '#!PATH_TO_INTERPRETER' in the first line. For those scripts the SPDX identifier goes into the second line. [1] https://www.kernel.org/doc/Documentation/process/license-rules.rst Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com> Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com> Link: https://lore.kernel.org/r/20240209192045.3961832-3-igor.opaniuk@foundries.io Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com> 
Move SPDX license identifiers to the first line, so it conforms
to license placement rule [1]:

Placement:
The SPDX license identifier in kernel files shall be added at the first
possible line in a file which can contain a comment.  For the majority
of files this is the first line, except for scripts which require the
'#!PATH_TO_INTERPRETER' in the first line.  For those scripts the SPDX
identifier goes into the second line.

[1] https://www.kernel.org/doc/Documentation/process/license-rules.rst

Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-3-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
avb: Make AVB independent of fastboot 2020-08-24T18:11:13+00:00 Usama Arif usama.arif@arm.com 2020-08-11T14:46:03+00:00 e61b41517d2a91080f6416fdfb46efab9e5a55b4 AVB only uses CONFIG_FASTBOOT_BUF_ADDR from fastboot for memory. This memory is used for assigning temporary buffers. This can be assigned a new variable and used as CONFIG_AVB_BUF_ADDR. This is to support future boards that support AVB but dont support USB and therefore dont support FASTBOOT. Signed-off-by: Usama Arif <usama.arif@arm.com> Cc: Igor Opaniuk <igor.opaniuk@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com> [trini: Change defaults] Signed-off-by: Tom Rini <trini@konsulko.com> 
AVB only uses CONFIG_FASTBOOT_BUF_ADDR from fastboot for memory.
This memory is used for assigning temporary buffers.
This can be assigned a new variable and used as CONFIG_AVB_BUF_ADDR.
This is to support future boards that support AVB but dont support
USB and therefore dont support FASTBOOT.

Signed-off-by: Usama Arif <usama.arif@arm.com>
Cc: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
[trini: Change defaults]
Signed-off-by: Tom Rini <trini@konsulko.com>
part: Drop disk_partition_t typedef 2020-05-18T21:33:33+00:00 Simon Glass sjg@chromium.org 2020-05-10T17:39:57+00:00 0528979fa7ab7853faaf2ecf34b7721dd4c0b383 We should not be using typedefs and these make it harder to use forward declarations (to reduce header file inclusions). Drop the typedef. Signed-off-by: Simon Glass <sjg@chromium.org> 
We should not be using typedefs and these make it harder to use
forward declarations (to reduce header file inclusions). Drop the typedef.

Signed-off-by: Simon Glass <sjg@chromium.org>
avb_verify: support sandbox configuration 2018-10-07T15:07:26+00:00 Jens Wiklander jens.wiklander@linaro.org 2018-09-25T14:40:22+00:00 bbddbef998b9bb37917c9340ac5280d06d224703 Change get_sector_buf() to use map_sysmem() to get a pointer to the CONFIG_FASTBOOT_BUF_ADDR in memory. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> 
Change get_sector_buf() to use map_sysmem() to get a pointer to the
CONFIG_FASTBOOT_BUF_ADDR in memory.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
avb_verify: support using OP-TEE TA AVB 2018-10-07T15:07:25+00:00 Jens Wiklander jens.wiklander@linaro.org 2018-09-25T14:40:20+00:00 6663e074780912b01c09afd0c139f29825f7775c With CONFIG_OPTEE_TA_AVB use the trusted application AVB provided by OP-TEE to manage rollback indexes and device-lock status. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
With CONFIG_OPTEE_TA_AVB use the trusted application AVB provided by
OP-TEE to manage rollback indexes and device-lock status.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
avb2.0: add boot states and dm-verity support 2018-06-18T17:55:13+00:00 Igor Opaniuk igor.opaniuk@linaro.org 2018-06-03T18:56:40+00:00 5d4fd8777337134dc1a1270f27569a9ccaece193 1. Add initial support of boot states mode (red, green, yellow) 2. Add functions for enforcing dm-verity configurations Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org> 
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations

Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
avb2.0: implement AVB ops 2018-06-18T17:55:13+00:00 Igor Opaniuk igor.opaniuk@linaro.org 2018-06-03T18:56:38+00:00 3af30e4443aa2c8224bf15ba352a5ef81b02711a Implement AVB ops on top of existing mmc subsystem API. Currently there is a full implementation of such operations, defined by [1] AVB2.0 specification: .read_from_partition() - reads N bytes from a partition identified by a name. .write_to_partition() - Writes N bytes to a partition identified by a name. .validate_vbmeta_public_key() - checks if the given public ‘vbmeta’ partition is trusted. .get_unique_guid_for_partition() - Gets the GUID for a partition identified by a string name. As [1] specification recommends to use tamper-evident storage for storing rollback indexes and device state (LOCKED/UNLOCKED), currently are only stubs instead of full implementation for these ops: .read_rollback_index() - Gets the rollback index for a given index location .write_rollback_index() - Sets the rollback index to a given location .read_is_device_unlocked() - Gets where the device is unlocked [1] https://android.googlesource.com/platform/external/avb/+/master/README.md Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org> 
Implement AVB ops on top of existing mmc subsystem API. Currently there
is a full implementation of such operations, defined by [1]
AVB2.0 specification:

.read_from_partition() - reads N bytes from a partition identified by
a name.
.write_to_partition() - Writes N bytes to a partition identified by a name.
.validate_vbmeta_public_key() - checks if the given public ‘vbmeta’
partition is trusted.
.get_unique_guid_for_partition() - Gets the GUID for a partition identified
by a string name.

As [1] specification recommends to use tamper-evident storage for storing
rollback indexes and device state (LOCKED/UNLOCKED),
currently are only stubs instead of full implementation for these ops:
.read_rollback_index() - Gets the rollback index for a given index location
.write_rollback_index() - Sets the rollback index to a given location
.read_is_device_unlocked() - Gets where the device is unlocked

[1] https://android.googlesource.com/platform/external/avb/+/master/README.md

Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>