From c2f72d00ab88402038d3c9625124575715acdf4f Mon Sep 17 00:00:00 2001 From: Igor Opaniuk Date: Fri, 9 Feb 2024 20:20:39 +0100 Subject: common: avb_verify: don't call mmc_switch_part for SD mmc_switch_part() is used for switching between hw partitions on eMMC (boot0, boot1, user, rpmb). There is no need to do that for SD card. This fixes the avb command usage on SD cards. Reviewed-by: Mattijs Korpershoek Signed-off-by: Igor Opaniuk Reviewed-by: Dragan Simic Link: https://lore.kernel.org/r/20240209192045.3961832-2-igor.opaniuk@foundries.io Signed-off-by: Mattijs Korpershoek --- common/avb_verify.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'common') diff --git a/common/avb_verify.c b/common/avb_verify.c index 48ba8db51e5..59f2c25e0de 100644 --- a/common/avb_verify.c +++ b/common/avb_verify.c @@ -358,9 +358,11 @@ static struct mmc_part *get_partition(AvbOps *ops, const char *partition) goto err; } - ret = mmc_switch_part(part->mmc, part_num); - if (ret) - goto err; + if (IS_MMC(part->mmc)) { + ret = mmc_switch_part(part->mmc, part_num); + if (ret) + goto err; + } mmc_blk = mmc_get_blk_desc(part->mmc); if (!mmc_blk) { -- cgit v1.3.1 From a14aa59e7e696f9b90d3fe0de55ce50cf0e21dd5 Mon Sep 17 00:00:00 2001 From: Igor Opaniuk Date: Fri, 9 Feb 2024 20:20:40 +0100 Subject: avb: move SPDX license identifiers to the first line Move SPDX license identifiers to the first line, so it conforms to license placement rule [1]: Placement: The SPDX license identifier in kernel files shall be added at the first possible line in a file which can contain a comment. For the majority of files this is the first line, except for scripts which require the '#!PATH_TO_INTERPRETER' in the first line. For those scripts the SPDX identifier goes into the second line. [1] https://www.kernel.org/doc/Documentation/process/license-rules.rst Reviewed-by: Mattijs Korpershoek Signed-off-by: Igor Opaniuk Link: https://lore.kernel.org/r/20240209192045.3961832-3-igor.opaniuk@foundries.io Signed-off-by: Mattijs Korpershoek --- cmd/avb.c | 4 +--- common/avb_verify.c | 3 +-- include/avb_verify.h | 4 +--- test/py/tests/test_android/test_avb.py | 3 +-- 4 files changed, 4 insertions(+), 10 deletions(-) (limited to 'common') diff --git a/cmd/avb.c b/cmd/avb.c index 783f51b8169..ce8b63873f2 100644 --- a/cmd/avb.c +++ b/cmd/avb.c @@ -1,8 +1,6 @@ - +// SPDX-License-Identifier: GPL-2.0+ /* * (C) Copyright 2018, Linaro Limited - * - * SPDX-License-Identifier: GPL-2.0+ */ #include diff --git a/common/avb_verify.c b/common/avb_verify.c index 59f2c25e0de..938a5383b5d 100644 --- a/common/avb_verify.c +++ b/common/avb_verify.c @@ -1,7 +1,6 @@ +// SPDX-License-Identifier: GPL-2.0+ /* * (C) Copyright 2018, Linaro Limited - * - * SPDX-License-Identifier: GPL-2.0+ */ #include diff --git a/include/avb_verify.h b/include/avb_verify.h index 1e787ba6668..2fb850044d9 100644 --- a/include/avb_verify.h +++ b/include/avb_verify.h @@ -1,8 +1,6 @@ - +/* SPDX-License-Identifier: GPL-2.0+ */ /* * (C) Copyright 2018, Linaro Limited - * - * SPDX-License-Identifier: GPL-2.0+ */ #ifndef _AVB_VERIFY_H diff --git a/test/py/tests/test_android/test_avb.py b/test/py/tests/test_android/test_avb.py index 238b48c90fa..865efbca4de 100644 --- a/test/py/tests/test_android/test_avb.py +++ b/test/py/tests/test_android/test_avb.py @@ -1,6 +1,5 @@ -# Copyright (c) 2018, Linaro Limited -# # SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2018, Linaro Limited # # Android Verified Boot 2.0 Test -- cgit v1.3.1 From 0508a7c6678685d46ba7f50ad0a70a1a38245945 Mon Sep 17 00:00:00 2001 From: Igor Opaniuk Date: Fri, 9 Feb 2024 20:20:41 +0100 Subject: common: avb_verify: rework error/debug prints Make error prints more verbose with additional context. Also s/print/debug/g for prints, which might be relevant only for debugging purposes. Reviewed-by: Mattijs Korpershoek Signed-off-by: Igor Opaniuk Link: https://lore.kernel.org/r/20240209192045.3961832-4-igor.opaniuk@foundries.io Signed-off-by: Mattijs Korpershoek --- common/avb_verify.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) (limited to 'common') diff --git a/common/avb_verify.c b/common/avb_verify.c index 938a5383b5d..ed58239cf8a 100644 --- a/common/avb_verify.c +++ b/common/avb_verify.c @@ -279,9 +279,9 @@ static unsigned long mmc_read_and_flush(struct mmc_part *part, * Reading fails on unaligned buffers, so we have to * use aligned temporary buffer and then copy to destination */ - if (unaligned) { - printf("Handling unaligned read buffer..\n"); + debug("%s: handling unaligned read buffer, addr = 0x%p\n", + __func__, buffer); tmp_buf = get_sector_buf(); buf_size = get_sector_buf_size(); if (sectors > buf_size / part->info.blksz) @@ -320,7 +320,8 @@ static unsigned long mmc_write(struct mmc_part *part, lbaint_t start, if (unaligned) { tmp_buf = get_sector_buf(); buf_size = get_sector_buf_size(); - printf("Handling unaligned wrire buffer..\n"); + debug("%s: handling unaligned read buffer, addr = 0x%p\n", + __func__, buffer); if (sectors > buf_size / part->info.blksz) sectors = buf_size / part->info.blksz; @@ -348,30 +349,35 @@ static struct mmc_part *get_partition(AvbOps *ops, const char *partition) dev_num = get_boot_device(ops); part->mmc = find_mmc_device(dev_num); if (!part->mmc) { - printf("No MMC device at slot %x\n", dev_num); + printf("%s: no MMC device at slot %x\n", __func__, dev_num); goto err; } - if (mmc_init(part->mmc)) { - printf("MMC initialization failed\n"); + ret = mmc_init(part->mmc); + if (ret) { + printf("%s: MMC initialization failed, err = %d\n", + __func__, ret); goto err; } if (IS_MMC(part->mmc)) { ret = mmc_switch_part(part->mmc, part_num); - if (ret) + if (ret) { + printf("%s: MMC part switch failed, err = %d\n", + __func__, ret); goto err; + } } mmc_blk = mmc_get_blk_desc(part->mmc); if (!mmc_blk) { - printf("Error - failed to obtain block descriptor\n"); + printf("%s: failed to obtain block descriptor\n", __func__); goto err; } ret = part_get_info_by_name(mmc_blk, partition, &part->info); if (ret < 0) { - printf("Can't find partition '%s'\n", partition); + printf("%s: can't find partition '%s'\n", __func__, partition); goto err; } @@ -684,7 +690,7 @@ static AvbIOResult read_rollback_index(AvbOps *ops, { #ifndef CONFIG_OPTEE_TA_AVB /* For now we always return 0 as the stored rollback index. */ - printf("%s not supported yet\n", __func__); + debug("%s: rollback protection is not implemented\n", __func__); if (out_rollback_index) *out_rollback_index = 0; @@ -730,7 +736,7 @@ static AvbIOResult write_rollback_index(AvbOps *ops, { #ifndef CONFIG_OPTEE_TA_AVB /* For now this is a no-op. */ - printf("%s not supported yet\n", __func__); + debug("%s: rollback protection is not implemented\n", __func__); return AVB_IO_RESULT_OK; #else @@ -766,8 +772,7 @@ static AvbIOResult read_is_device_unlocked(AvbOps *ops, bool *out_is_unlocked) { #ifndef CONFIG_OPTEE_TA_AVB /* For now we always return that the device is unlocked. */ - - printf("%s not supported yet\n", __func__); + debug("%s: device locking is not implemented\n", __func__); *out_is_unlocked = true; -- cgit v1.3.1 From fc7ef0f9e780ed45305002609cf920647787bc79 Mon Sep 17 00:00:00 2001 From: Igor Opaniuk Date: Fri, 9 Feb 2024 20:20:43 +0100 Subject: common: avb_verify: add str_avb_io_error/str_avb_slot_error Introduce str_avb_io_error() and str_avb_slot_error() functions, that provide a pointer to AVB runtime error message. Reviewed-by: Mattijs Korpershoek Signed-off-by: Igor Opaniuk Link: https://lore.kernel.org/r/20240209192045.3961832-6-igor.opaniuk@foundries.io Signed-off-by: Mattijs Korpershoek --- common/avb_verify.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ include/avb_verify.h | 3 ++- 2 files changed, 51 insertions(+), 1 deletion(-) (limited to 'common') diff --git a/common/avb_verify.c b/common/avb_verify.c index ed58239cf8a..cff9117d92f 100644 --- a/common/avb_verify.c +++ b/common/avb_verify.c @@ -119,6 +119,55 @@ static const unsigned char avb_root_pub[1032] = { 0xd8, 0x7e, }; +const char *str_avb_io_error(AvbIOResult res) +{ + switch (res) { + case AVB_IO_RESULT_OK: + return "Requested operation was successful"; + case AVB_IO_RESULT_ERROR_IO: + return "Underlying hardware encountered an I/O error"; + case AVB_IO_RESULT_ERROR_OOM: + return "Unable to allocate memory"; + case AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION: + return "Requested partition does not exist"; + case AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION: + return "Bytes requested is outside the range of partition"; + case AVB_IO_RESULT_ERROR_NO_SUCH_VALUE: + return "Named persistent value does not exist"; + case AVB_IO_RESULT_ERROR_INVALID_VALUE_SIZE: + return "Named persistent value size is not supported"; + case AVB_IO_RESULT_ERROR_INSUFFICIENT_SPACE: + return "Buffer is too small for the requested operation"; + default: + return "Unknown AVB error"; + } +} + +const char *str_avb_slot_error(AvbSlotVerifyResult res) +{ + switch (res) { + case AVB_SLOT_VERIFY_RESULT_OK: + return "Verification passed successfully"; + case AVB_SLOT_VERIFY_RESULT_ERROR_OOM: + return "Allocation of memory failed"; + case AVB_SLOT_VERIFY_RESULT_ERROR_IO: + return "I/O error occurred while trying to load data"; + case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: + return "Digest didn't match or signature checks failed"; + case AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX: + return "Rollback index is less than its stored value"; + case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED: + return "Public keys are not accepted"; + case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA: + return "Metadata is invalid or inconsistent"; + case AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION: + return "Metadata requires a newer version of libavb"; + case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT: + return "Invalid arguments are used"; + default: + return "Unknown AVB slot verification error"; + } +} /** * ============================================================================ * Boot states support (GREEN, YELLOW, ORANGE, RED) and dm_verity diff --git a/include/avb_verify.h b/include/avb_verify.h index 2fb850044d9..5d998b5a302 100644 --- a/include/avb_verify.h +++ b/include/avb_verify.h @@ -52,7 +52,8 @@ char *avb_set_enforce_verity(const char *cmdline); char *avb_set_ignore_corruption(const char *cmdline); char *append_cmd_line(char *cmdline_orig, char *cmdline_new); - +const char *str_avb_io_error(AvbIOResult res); +const char *str_avb_slot_error(AvbSlotVerifyResult res); /** * ============================================================================ * I/O helper inline functions -- cgit v1.3.1