Commit graph

16 commits

Author SHA1 Message Date
Igor Opaniuk
df3cfceeb1 cmd: avb: rework do_avb_verify_part
Use existing str_avb_slot_error() function for obtaining
verification fail reason details.
Take into account device lock state for setting correct
androidboot.verifiedbootstate kernel cmdline parameter.

Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-7-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-02-15 10:38:34 +01:00
Igor Opaniuk
0ef0825a8c cmd: avb: rework prints
Simplify and add more context for prints where it's needed.

Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-5-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-02-15 10:38:34 +01:00
Igor Opaniuk
a14aa59e7e avb: move SPDX license identifiers to the first line
Move SPDX license identifiers to the first line, so it conforms
to license placement rule [1]:

Placement:
The SPDX license identifier in kernel files shall be added at the first
possible line in a file which can contain a comment.  For the majority
of files this is the first line, except for scripts which require the
'#!PATH_TO_INTERPRETER' in the first line.  For those scripts the SPDX
identifier goes into the second line.

[1] https://www.kernel.org/doc/Documentation/process/license-rules.rst

Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Link: https://lore.kernel.org/r/20240209192045.3961832-3-igor.opaniuk@foundries.io
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
2024-02-15 10:38:34 +01:00
Simon Glass
0b1284eb52 global: Convert simple_strtoul() with decimal to dectoul()
It is a pain to have to specify the value 10 in each call. Add a new
dectoul() function and update the code to use it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Simon Glass
7e5f460ec4 global: Convert simple_strtoul() with hex to hextoul()
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Gary Bisson
b09e1b6149 cmd: avb: free partition buffer upon verify completion
Doing the same as the unittests for libavb [1].

Allows to run 'avb verify' multiple times which can be useful after a
failure to be able to re-flash the partition and try again.

[1]
https://android.googlesource.com/platform/external/avb/+/refs/tags/android-9.0.0_r37/test/avb_slot_verify_unittest.cc#156

Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2020-05-19 14:01:47 -04:00
Simon Glass
0914011310 command: Remove the cmd_tbl_t typedef
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 18:36:55 -04:00
Sam Protsenko
965ec3caa8 cmd: avb: Support A/B slots
Add optional parameter to 'avb verify' sub-command, so that user is able
to specify which slot to use, in case when user's partitions are
slotted. If that parameter is omitted, the behavior of 'avb verify' will
be the same as before, so user API is content.

Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2019-10-31 07:22:53 -04:00
Sam Protsenko
bb43c27847 cmd: avb: Fix requested partitions list
The requested_partitions[] array should contain only boot partitions.
Usually it's only 'boot' partition, as can be seen in [1]. Also, seems
like the requested_partitions[] are only used when there is no 'vbmeta'
partition [2], which is not a regular use-case.

Make requested_partitions[] contain only 'boot' partition as it was
supposed to be, and also make that array to be a local in
do_avb_verify_part() function, as nobody else needs that.

[1] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/test/avb_slot_verify_unittest.cc#108
[2] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/libavb/avb_slot_verify.c#1461

Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2019-10-31 07:22:53 -04:00
Simon Glass
9fb625ce05 env: Move env_set() to env.h
Move env_set() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2019-08-11 16:43:41 -04:00
Sam Protsenko
97f3c09706 cmd: avb: Fix compiler warnings
When building U-Boot with AVB enabled, compiler shows next warnings:

    cmd/avb.c: In function 'do_avb_read_pvalue':
    cmd/avb.c:371:18: warning: format '%ld' expects argument of type
                      'long int', but argument 2 has type 'size_t'
                      {aka 'unsigned int'} [-Wformat=]
       printf("Read %ld bytes, value = %s\n", bytes_read,
                    ~~^                       ~~~~~~~~~~
                    %d

    cmd/avb.c: In function 'do_avb_write_pvalue':
    cmd/avb.c:404:19: warning: format '%ld' expects argument of type
                      'long int', but argument 2 has type '__kernel_size_t'
                      {aka 'unsigned int'} [-Wformat=]
       printf("Wrote %ld bytes\n", strlen(value) + 1);
                     ~~^           ~~~~~~~~~~~~~~~~~
                     %d

Fix those by using "%zu" specified.

Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2019-08-07 15:31:04 -04:00
Igor Opaniuk
fc1fe01b08 avb: add support for named persistent values
AVB 2.0 spec. revision 1.1 introduces support for named persistent values
that must be tamper evident and allows AVB to store arbitrary key-value
pairs [1].

Introduce implementation of two additional AVB operations
read_persistent_value()/write_persistent_value() for retrieving/storing
named persistent values.

Correspondent pull request in the OP-TEE OS project repo [2].

[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699

Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2019-04-26 18:58:22 -04:00
Jens Wiklander
6d89902d7a cmd: avb: print error message if command fails
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2018-10-07 10:47:38 -04:00
Jens Wiklander
ab2d738239 cmd: avb read_rb: print rb_idx in hexadecimal
Prior to this patch was do_avb_write_rb() reading supplied rb_idx as a
hexadecimal number while do_avb_read_rb() printed the read out rb_idx as
decimal number. For consistency change do_avb_read_rb() to print rb_idx
as a hexadecimal number too.

Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2018-10-07 10:47:38 -04:00
Igor Opaniuk
5d4fd87773 avb2.0: add boot states and dm-verity support
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations

Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
2018-06-18 13:55:13 -04:00
Igor Opaniuk
60b2f9e7b9 cmd: avb2.0: avb command for performing verification
Enable a "avb" command to execute Android Verified
Boot 2.0 operations. It includes such subcommands:
  avb init - initialize avb2 subsystem
  avb read_rb - read rollback index
  avb write_rb - write rollback index
  avb is_unlocked - check device lock state
  avb get_uuid - read and print uuid of a partition
  avb read_part - read data from partition
  avb read_part_hex - read data from partition and output to stdout
  avb write_part - write data to partition
  avb verify - run full verification chain

Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
2018-06-18 13:55:13 -04:00