31 Oct, 2019
2 commits
-
Add optional parameter to 'avb verify' sub-command, so that user is able
to specify which slot to use, in case when user's partitions are
slotted. If that parameter is omitted, the behavior of 'avb verify' will
be the same as before, so user API is content.Signed-off-by: Sam Protsenko
Reviewed-by: Igor Opaniuk
Acked-by: Igor Opaniuk -
The requested_partitions[] array should contain only boot partitions.
Usually it's only 'boot' partition, as can be seen in [1]. Also, seems
like the requested_partitions[] are only used when there is no 'vbmeta'
partition [2], which is not a regular use-case.Make requested_partitions[] contain only 'boot' partition as it was
supposed to be, and also make that array to be a local in
do_avb_verify_part() function, as nobody else needs that.[1] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/test/avb_slot_verify_unittest.cc#108
[2] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/libavb/avb_slot_verify.c#1461Signed-off-by: Sam Protsenko
Reviewed-by: Igor Opaniuk
12 Aug, 2019
1 commit
-
Move env_set() over to the new header file.
Acked-by: Joe Hershberger
Signed-off-by: Simon Glass
08 Aug, 2019
1 commit
-
When building U-Boot with AVB enabled, compiler shows next warnings:
cmd/avb.c: In function 'do_avb_read_pvalue':
cmd/avb.c:371:18: warning: format '%ld' expects argument of type
'long int', but argument 2 has type 'size_t'
{aka 'unsigned int'} [-Wformat=]
printf("Read %ld bytes, value = %s\n", bytes_read,
~~^ ~~~~~~~~~~
%dcmd/avb.c: In function 'do_avb_write_pvalue':
cmd/avb.c:404:19: warning: format '%ld' expects argument of type
'long int', but argument 2 has type '__kernel_size_t'
{aka 'unsigned int'} [-Wformat=]
printf("Wrote %ld bytes\n", strlen(value) + 1);
~~^ ~~~~~~~~~~~~~~~~~
%dFix those by using "%zu" specified.
Signed-off-by: Sam Protsenko
Reviewed-by: Igor Opaniuk
27 Apr, 2019
1 commit
-
AVB 2.0 spec. revision 1.1 introduces support for named persistent values
that must be tamper evident and allows AVB to store arbitrary key-value
pairs [1].Introduce implementation of two additional AVB operations
read_persistent_value()/write_persistent_value() for retrieving/storing
named persistent values.Correspondent pull request in the OP-TEE OS project repo [2].
[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699Reviewed-by: Simon Glass
Reviewed-by: Sam Protsenko
Signed-off-by: Igor Opaniuk
07 Oct, 2018
2 commits
-
Reviewed-by: Simon Glass
Signed-off-by: Jens Wiklander -
Prior to this patch was do_avb_write_rb() reading supplied rb_idx as a
hexadecimal number while do_avb_read_rb() printed the read out rb_idx as
decimal number. For consistency change do_avb_read_rb() to print rb_idx
as a hexadecimal number too.Reviewed-by: Simon Glass
Reviewed-by: Igor Opaniuk
Signed-off-by: Jens Wiklander
19 Jun, 2018
2 commits
-
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurationsSigned-off-by: Igor Opaniuk
-
Enable a "avb" command to execute Android Verified
Boot 2.0 operations. It includes such subcommands:
avb init - initialize avb2 subsystem
avb read_rb - read rollback index
avb write_rb - write rollback index
avb is_unlocked - check device lock state
avb get_uuid - read and print uuid of a partition
avb read_part - read data from partition
avb read_part_hex - read data from partition and output to stdout
avb write_part - write data to partition
avb verify - run full verification chainSigned-off-by: Igor Opaniuk