Commit Graph

8 Commits

Author SHA1 Message Date
Sam Protsenko
bb43c27847 cmd: avb: Fix requested partitions list
The requested_partitions[] array should contain only boot partitions.
Usually it's only 'boot' partition, as can be seen in [1]. Also, seems
like the requested_partitions[] are only used when there is no 'vbmeta'
partition [2], which is not a regular use-case.

Make requested_partitions[] contain only 'boot' partition as it was
supposed to be, and also make that array to be a local in
do_avb_verify_part() function, as nobody else needs that.

[1] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/test/avb_slot_verify_unittest.cc#108
[2] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/libavb/avb_slot_verify.c#1461

Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2019-10-31 07:22:53 -04:00
Simon Glass
9fb625ce05 env: Move env_set() to env.h
Move env_set() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2019-08-11 16:43:41 -04:00
Sam Protsenko
97f3c09706 cmd: avb: Fix compiler warnings
When building U-Boot with AVB enabled, compiler shows next warnings:

    cmd/avb.c: In function 'do_avb_read_pvalue':
    cmd/avb.c:371:18: warning: format '%ld' expects argument of type
                      'long int', but argument 2 has type 'size_t'
                      {aka 'unsigned int'} [-Wformat=]
       printf("Read %ld bytes, value = %s\n", bytes_read,
                    ~~^                       ~~~~~~~~~~
                    %d

    cmd/avb.c: In function 'do_avb_write_pvalue':
    cmd/avb.c:404:19: warning: format '%ld' expects argument of type
                      'long int', but argument 2 has type '__kernel_size_t'
                      {aka 'unsigned int'} [-Wformat=]
       printf("Wrote %ld bytes\n", strlen(value) + 1);
                     ~~^           ~~~~~~~~~~~~~~~~~
                     %d

Fix those by using "%zu" specified.

Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2019-08-07 15:31:04 -04:00
Igor Opaniuk
fc1fe01b08 avb: add support for named persistent values
AVB 2.0 spec. revision 1.1 introduces support for named persistent values
that must be tamper evident and allows AVB to store arbitrary key-value
pairs [1].

Introduce implementation of two additional AVB operations
read_persistent_value()/write_persistent_value() for retrieving/storing
named persistent values.

Correspondent pull request in the OP-TEE OS project repo [2].

[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699

Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2019-04-26 18:58:22 -04:00
Jens Wiklander
6d89902d7a cmd: avb: print error message if command fails
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2018-10-07 10:47:38 -04:00
Jens Wiklander
ab2d738239 cmd: avb read_rb: print rb_idx in hexadecimal
Prior to this patch was do_avb_write_rb() reading supplied rb_idx as a
hexadecimal number while do_avb_read_rb() printed the read out rb_idx as
decimal number. For consistency change do_avb_read_rb() to print rb_idx
as a hexadecimal number too.

Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2018-10-07 10:47:38 -04:00
Igor Opaniuk
5d4fd87773 avb2.0: add boot states and dm-verity support
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations

Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
2018-06-18 13:55:13 -04:00
Igor Opaniuk
60b2f9e7b9 cmd: avb2.0: avb command for performing verification
Enable a "avb" command to execute Android Verified
Boot 2.0 operations. It includes such subcommands:
  avb init - initialize avb2 subsystem
  avb read_rb - read rollback index
  avb write_rb - write rollback index
  avb is_unlocked - check device lock state
  avb get_uuid - read and print uuid of a partition
  avb read_part - read data from partition
  avb read_part_hex - read data from partition and output to stdout
  avb write_part - write data to partition
  avb verify - run full verification chain

Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
2018-06-18 13:55:13 -04:00