Introduce str_avb_io_error() and str_avb_slot_error() functions,
that provide a pointer to AVB runtime error message.
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-6-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Make error prints more verbose with additional context.
Also s/print/debug/g for prints, which might be relevant only
for debugging purposes.
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-4-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Move SPDX license identifiers to the first line, so it conforms
to license placement rule [1]:
Placement:
The SPDX license identifier in kernel files shall be added at the first
possible line in a file which can contain a comment. For the majority
of files this is the first line, except for scripts which require the
'#!PATH_TO_INTERPRETER' in the first line. For those scripts the SPDX
identifier goes into the second line.
[1] https://www.kernel.org/doc/Documentation/process/license-rules.rst
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-3-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
mmc_switch_part() is used for switching between hw partitions
on eMMC (boot0, boot1, user, rpmb).
There is no need to do that for SD card.
This fixes the avb command usage on SD cards.
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Dragan Simic <dsimic@manjaro.org>
Link: https://lore.kernel.org/r/20240209192045.3961832-2-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
The arg->session is not valid if arg->ret != NULL, so can't be
assigned, correct this.
Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@globallogic.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
part_get_info_by_name will return -1 on error, and >0 on success.
Signed-off-by: schspa <schspa@gmail.com>
Cc: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
AVB only uses CONFIG_FASTBOOT_BUF_ADDR from fastboot for memory.
This memory is used for assigning temporary buffers.
This can be assigned a new variable and used as CONFIG_AVB_BUF_ADDR.
This is to support future boards that support AVB but dont support
USB and therefore dont support FASTBOOT.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Cc: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
[trini: Change defaults]
Signed-off-by: Tom Rini <trini@konsulko.com>
These functions are CPU-related and do not use driver model. Move them to
cpu_func.h
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
When having only these AVB related configs enabled:
CONFIG_AVB_VERIFY=y
CONFIG_CMD_AVB=y
CONFIG_LIBAVB=y
build fails with next errors:
common/avb_verify.c: In function 'read_persistent_value':
common/avb_verify.c:867:6: warning: implicit declaration of function
'get_open_session'
common/avb_verify.c:870:45: error: 'struct AvbOpsData' has no member
named 'tee'
common/avb_verify.c:894:7: warning: implicit declaration of function
'invoke_func'
common/avb_verify.c: In function 'write_persistent_value':
common/avb_verify.c:931:45: error: 'struct AvbOpsData' has no member
named 'tee'
Guard read_persistent_value() and write_persistent_value() functions
by checking if CONFIG_OPTEE_TA_AVB is enabled (as those are only used in
that case) to fix the build with mentioned configuration.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
AVB 2.0 spec. revision 1.1 introduces support for named persistent values
that must be tamper evident and allows AVB to store arbitrary key-value
pairs [1].
Introduce implementation of two additional AVB operations
read_persistent_value()/write_persistent_value() for retrieving/storing
named persistent values.
Correspondent pull request in the OP-TEE OS project repo [2].
[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
With CONFIG_OPTEE_TA_AVB use the trusted application AVB provided by
OP-TEE to manage rollback indexes and device-lock status.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Compiling U-Boot with ubsan/asan libraries and running it in sandbox
may lead to below backtrace:
=> avb init 0
=> avb verify
## Android Verified Boot 2.0 version 1.1.0
read_is_device_unlocked not supported yet
common/avb_verify.c:407:31: runtime error: division by zero
AddressSanitizer:DEADLYSIGNAL
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
=================================================================
==9388==ERROR: AddressSanitizer: FPE on unknown address 0x0000004b467f \
(pc 0x0000004b467f bp 0x000000000000 sp 0x7ffd899fe150 T0)
#0 0x4b467e in mmc_byte_io common/avb_verify.c:407
#1 0x4b4c47 in mmc_byte_io common/avb_verify.c:532
#2 0x4b4c47 in read_from_partition common/avb_verify.c:533
#3 0x69dc0d in load_and_verify_vbmeta lib/libavb/avb_slot_verify.c:560
#4 0x6a1ee6 in avb_slot_verify lib/libavb/avb_slot_verify.c:1139
#5 0x45dabd in do_avb_verify_part cmd/avb.c:245
#6 0x4af77c in cmd_call common/command.c:499
#7 0x4af77c in cmd_process common/command.c:538
#8 0x46bafc in run_pipe_real common/cli_hush.c:1677
#9 0x46bafc in run_list_real common/cli_hush.c:1875
#10 0x46c780 in run_list common/cli_hush.c:2024
#11 0x46c780 in parse_stream_outer common/cli_hush.c:3216
#12 0x46d34b in parse_file_outer common/cli_hush.c:3299
#13 0x4ad609 in cli_loop common/cli.c:217
#14 0x4625ae in main_loop common/main.c:65
#15 0x46f2d1 in run_main_loop common/board_r.c:648
#16 0x640253 in initcall_run_list lib/initcall.c:30
#17 0x46f9d0 in board_init_r common/board_r.c:879
#18 0x40539b in main arch/sandbox/cpu/start.c:321
#19 0x7fa94925f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#20 0x408908 in _start (/srv/R/u-boot-master/u-boot+0x408908)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE common/avb_verify.c:407 in mmc_byte_io
==9388==ABORTING
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Cppcheck (v1.85) reports w/o this patch:
[common/avb_verify.c:738] -> [common/avb_verify.c:741]: (warning) \
Either the condition 'ops' is redundant or there is possible null \
pointer dereference: ops.
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Fix sparse complaint:
common/avb_verify.c:14:21: warning: \
symbol 'avb_root_pub' was not declared. Should it be static?
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Fix below compiler [1] warning:
common/avb_verify.c: In function ‘avb_find_dm_args’:
common/avb_verify.c:179:30: warning: left-hand operand of comma expression has no effect [-Wunused-value]
for (i = 0; i < AVB_MAX_ARGS, args[i]; ++i) {
[1] aarch64-linux-gnu-gcc (Linaro GCC 7.2-2017.11)
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Implement get_size_of_partition() operation,
which is required by the latest upstream libavb [1].
[1] https://android.googlesource.com/platform/external/avb/+/android-p-preview-5
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Acked-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Use blk_dread()/blk_dwrite() in mmc_read()/mmc_write() AVB operation
implementations. This fixes compilation issues when CONFIG_BLK is
enabled.
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Tested-by: Eugeniu Rosca <rosca.eugeniu@gmail.com>
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Implement AVB ops on top of existing mmc subsystem API. Currently there
is a full implementation of such operations, defined by [1]
AVB2.0 specification:
.read_from_partition() - reads N bytes from a partition identified by
a name.
.write_to_partition() - Writes N bytes to a partition identified by a name.
.validate_vbmeta_public_key() - checks if the given public ‘vbmeta’
partition is trusted.
.get_unique_guid_for_partition() - Gets the GUID for a partition identified
by a string name.
As [1] specification recommends to use tamper-evident storage for storing
rollback indexes and device state (LOCKED/UNLOCKED),
currently are only stubs instead of full implementation for these ops:
.read_rollback_index() - Gets the rollback index for a given index location
.write_rollback_index() - Sets the rollback index to a given location
.read_is_device_unlocked() - Gets where the device is unlocked
[1] https://android.googlesource.com/platform/external/avb/+/master/README.md
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
