| Age | Commit message (Collapse) | Author |
|---|
|
Doing the same as the unittests for libavb [1].
Allows to run 'avb verify' multiple times which can be useful after a
failure to be able to re-flash the partition and try again.
[1]
https://android.googlesource.com/platform/external/avb/+/refs/tags/android-9.0.0_r37/test/avb_slot_verify_unittest.cc#156
Signed-off-by: Gary Bisson <[email protected]>
Reviewed-by: Igor Opaniuk <[email protected]>
|
|
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.
Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.
This requires quite a few header-file additions.
Signed-off-by: Simon Glass <[email protected]>
|
|
Add optional parameter to 'avb verify' sub-command, so that user is able
to specify which slot to use, in case when user's partitions are
slotted. If that parameter is omitted, the behavior of 'avb verify' will
be the same as before, so user API is content.
Signed-off-by: Sam Protsenko <[email protected]>
Reviewed-by: Igor Opaniuk <[email protected]>
Acked-by: Igor Opaniuk <[email protected]>
|
|
The requested_partitions[] array should contain only boot partitions.
Usually it's only 'boot' partition, as can be seen in [1]. Also, seems
like the requested_partitions[] are only used when there is no 'vbmeta'
partition [2], which is not a regular use-case.
Make requested_partitions[] contain only 'boot' partition as it was
supposed to be, and also make that array to be a local in
do_avb_verify_part() function, as nobody else needs that.
[1] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/test/avb_slot_verify_unittest.cc#108
[2] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/libavb/avb_slot_verify.c#1461
Signed-off-by: Sam Protsenko <[email protected]>
Reviewed-by: Igor Opaniuk <[email protected]>
|
|
Move env_set() over to the new header file.
Acked-by: Joe Hershberger <[email protected]>
Signed-off-by: Simon Glass <[email protected]>
|
|
When building U-Boot with AVB enabled, compiler shows next warnings:
cmd/avb.c: In function 'do_avb_read_pvalue':
cmd/avb.c:371:18: warning: format '%ld' expects argument of type
'long int', but argument 2 has type 'size_t'
{aka 'unsigned int'} [-Wformat=]
printf("Read %ld bytes, value = %s\n", bytes_read,
~~^ ~~~~~~~~~~
%d
cmd/avb.c: In function 'do_avb_write_pvalue':
cmd/avb.c:404:19: warning: format '%ld' expects argument of type
'long int', but argument 2 has type '__kernel_size_t'
{aka 'unsigned int'} [-Wformat=]
printf("Wrote %ld bytes\n", strlen(value) + 1);
~~^ ~~~~~~~~~~~~~~~~~
%d
Fix those by using "%zu" specified.
Signed-off-by: Sam Protsenko <[email protected]>
Reviewed-by: Igor Opaniuk <[email protected]>
|
|
AVB 2.0 spec. revision 1.1 introduces support for named persistent values
that must be tamper evident and allows AVB to store arbitrary key-value
pairs [1].
Introduce implementation of two additional AVB operations
read_persistent_value()/write_persistent_value() for retrieving/storing
named persistent values.
Correspondent pull request in the OP-TEE OS project repo [2].
[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Sam Protsenko <[email protected]>
Signed-off-by: Igor Opaniuk <[email protected]>
|
|
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Jens Wiklander <[email protected]>
|
|
Prior to this patch was do_avb_write_rb() reading supplied rb_idx as a
hexadecimal number while do_avb_read_rb() printed the read out rb_idx as
decimal number. For consistency change do_avb_read_rb() to print rb_idx
as a hexadecimal number too.
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Igor Opaniuk <[email protected]>
Signed-off-by: Jens Wiklander <[email protected]>
|
|
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations
Signed-off-by: Igor Opaniuk <[email protected]>
|
|
Enable a "avb" command to execute Android Verified
Boot 2.0 operations. It includes such subcommands:
avb init - initialize avb2 subsystem
avb read_rb - read rollback index
avb write_rb - write rollback index
avb is_unlocked - check device lock state
avb get_uuid - read and print uuid of a partition
avb read_part - read data from partition
avb read_part_hex - read data from partition and output to stdout
avb write_part - write data to partition
avb verify - run full verification chain
Signed-off-by: Igor Opaniuk <[email protected]>
|
