Eric Lee / smarc-uboot | Embedian Git Server

03 Dec, 2019

1 commit

1eb69ae49 common: Move ARM cache operations out of common.h ... Browse Code »

These functions are CPU-related and do not use driver model. Move them to
cpu_func.h

Signed-off-by: Simon Glass
Reviewed-by: Daniel Schwierzeck
Reviewed-by: Tom Rini

Simon Glass
2019-12-03 07:24:58 +0800

08 Aug, 2019

1 commit

f254bd02a avb: Fix build when CONFIG_OPTEE_TA_AVB is disabled ... Browse Code »

When having only these AVB related configs enabled:

CONFIG_AVB_VERIFY=y
CONFIG_CMD_AVB=y
CONFIG_LIBAVB=y

build fails with next errors:

common/avb_verify.c: In function 'read_persistent_value':
common/avb_verify.c:867:6: warning: implicit declaration of function
'get_open_session'
common/avb_verify.c:870:45: error: 'struct AvbOpsData' has no member
named 'tee'
common/avb_verify.c:894:7: warning: implicit declaration of function
'invoke_func'
common/avb_verify.c: In function 'write_persistent_value':
common/avb_verify.c:931:45: error: 'struct AvbOpsData' has no member
named 'tee'

Guard read_persistent_value() and write_persistent_value() functions
by checking if CONFIG_OPTEE_TA_AVB is enabled (as those are only used in
that case) to fix the build with mentioned configuration.

Signed-off-by: Sam Protsenko
Reviewed-by: Igor Opaniuk

Sam Protsenko
2019-08-08 03:31:04 +0800

27 Apr, 2019

1 commit

fc1fe01b0 avb: add support for named persistent values ... Browse Code »

AVB 2.0 spec. revision 1.1 introduces support for named persistent values
that must be tamper evident and allows AVB to store arbitrary key-value
pairs [1].

Introduce implementation of two additional AVB operations
read_persistent_value()/write_persistent_value() for retrieving/storing
named persistent values.

Correspondent pull request in the OP-TEE OS project repo [2].

[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699

Reviewed-by: Simon Glass
Reviewed-by: Sam Protsenko
Signed-off-by: Igor Opaniuk

Igor Opaniuk
2019-04-27 06:58:22 +0800

07 Oct, 2018

1 commit

6663e0747 avb_verify: support using OP-TEE TA AVB ... Browse Code »

With CONFIG_OPTEE_TA_AVB use the trusted application AVB provided by
OP-TEE to manage rollback indexes and device-lock status.

Reviewed-by: Simon Glass
Signed-off-by: Jens Wiklander

Jens Wiklander
2018-10-07 23:07:25 +0800

25 Aug, 2018

5 commits

e1904f453 common: avb_verify: Fix division by zero in mmc_byte_io() ... Browse Code »

Compiling U-Boot with ubsan/asan libraries and running it in sandbox
may lead to below backtrace:

=> avb init 0
=> avb verify
## Android Verified Boot 2.0 version 1.1.0
read_is_device_unlocked not supported yet
common/avb_verify.c:407:31: runtime error: division by zero
AddressSanitizer:DEADLYSIGNAL
Reviewed-by: Igor Opaniuk

=================================================================
==9388==ERROR: AddressSanitizer: FPE on unknown address 0x0000004b467f \
(pc 0x0000004b467f bp 0x000000000000 sp 0x7ffd899fe150 T0)
#0 0x4b467e in mmc_byte_io common/avb_verify.c:407
#1 0x4b4c47 in mmc_byte_io common/avb_verify.c:532
#2 0x4b4c47 in read_from_partition common/avb_verify.c:533
#3 0x69dc0d in load_and_verify_vbmeta lib/libavb/avb_slot_verify.c:560
#4 0x6a1ee6 in avb_slot_verify lib/libavb/avb_slot_verify.c:1139
#5 0x45dabd in do_avb_verify_part cmd/avb.c:245
#6 0x4af77c in cmd_call common/command.c:499
#7 0x4af77c in cmd_process common/command.c:538
#8 0x46bafc in run_pipe_real common/cli_hush.c:1677
#9 0x46bafc in run_list_real common/cli_hush.c:1875
#10 0x46c780 in run_list common/cli_hush.c:2024
#11 0x46c780 in parse_stream_outer common/cli_hush.c:3216
#12 0x46d34b in parse_file_outer common/cli_hush.c:3299
#13 0x4ad609 in cli_loop common/cli.c:217
#14 0x4625ae in main_loop common/main.c:65
#15 0x46f2d1 in run_main_loop common/board_r.c:648
#16 0x640253 in initcall_run_list lib/initcall.c:30
#17 0x46f9d0 in board_init_r common/board_r.c:879
#18 0x40539b in main arch/sandbox/cpu/start.c:321
#19 0x7fa94925f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#20 0x408908 in _start (/srv/R/u-boot-master/u-boot+0x408908)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE common/avb_verify.c:407 in mmc_byte_io
==9388==ABORTING

Signed-off-by: Eugeniu Rosca

Eugeniu Rosca
2018-08-25 01:19:53 +0800
47e41631b common: avb_verify: Fix never-occurring avb_free(ops_data) ... Browse Code »

Cppcheck (v1.85) reports w/o this patch:

[common/avb_verify.c:738] -> [common/avb_verify.c:741]: (warning) \
Either the condition 'ops' is redundant or there is possible null \
pointer dereference: ops.

Signed-off-by: Eugeniu Rosca
Reviewed-by: Igor Opaniuk

Eugeniu Rosca
2018-08-25 01:19:53 +0800
047bc5c75 common: avb_verify: Fix memory leaks ... Browse Code »

Cppcheck (v1.85) reports w/o this patch:

[common/avb_verify.c:351]: (error) Memory leak: part
[common/avb_verify.c:356]: (error) Memory leak: part
[common/avb_verify.c:361]: (error) Memory leak: part
[common/avb_verify.c:366]: (error) Memory leak: part

Signed-off-by: Eugeniu Rosca
Reviewed-by: Igor Opaniuk

Eugeniu Rosca
2018-08-25 01:19:53 +0800
55d56d234 common: avb_verify: Make local data static ... Browse Code »

Fix sparse complaint:

common/avb_verify.c:14:21: warning: \
symbol 'avb_root_pub' was not declared. Should it be static?

Signed-off-by: Eugeniu Rosca
Reviewed-by: Igor Opaniuk

Eugeniu Rosca
2018-08-25 01:19:53 +0800
2e2067b81 common: avb_verify: Fix invalid 'for' loop condition ... Browse Code »

Fix below compiler [1] warning:

common/avb_verify.c: In function ‘avb_find_dm_args’:
common/avb_verify.c:179:30: warning: left-hand operand of comma expression has no effect [-Wunused-value]
for (i = 0; i < AVB_MAX_ARGS, args[i]; ++i) {

[1] aarch64-linux-gnu-gcc (Linaro GCC 7.2-2017.11)

Signed-off-by: Eugeniu Rosca
Reviewed-by: Igor Opaniuk

Eugeniu Rosca
2018-08-25 01:19:53 +0800

14 Aug, 2018

1 commit

7a5fbfe64 avb2.0: add get_size_of_partition() ... Browse Code »

Implement get_size_of_partition() operation,
which is required by the latest upstream libavb [1].

[1] https://android.googlesource.com/platform/external/avb/+/android-p-preview-5

Signed-off-by: Igor Opaniuk
Acked-by: Andrew F. Davis
Reviewed-by: Sam Protsenko

Igor Opaniuk
2018-08-14 02:03:52 +0800

24 Jul, 2018

1 commit

e9ee7398d avb2.0: use block API in AVB ops ... Browse Code »

Use blk_dread()/blk_dwrite() in mmc_read()/mmc_write() AVB operation
implementations. This fixes compilation issues when CONFIG_BLK is
enabled.

Signed-off-by: Igor Opaniuk
Tested-by: Eugeniu Rosca

Igor Opaniuk
2018-07-24 21:25:23 +0800

19 Jun, 2018

2 commits

5d4fd8777 avb2.0: add boot states and dm-verity support ... Browse Code »

1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations

Signed-off-by: Igor Opaniuk

Igor Opaniuk
2018-06-19 01:55:13 +0800
3af30e444 avb2.0: implement AVB ops ... Browse Code »

Implement AVB ops on top of existing mmc subsystem API. Currently there
is a full implementation of such operations, defined by [1]
AVB2.0 specification:

.read_from_partition() - reads N bytes from a partition identified by
a name.
.write_to_partition() - Writes N bytes to a partition identified by a name.
.validate_vbmeta_public_key() - checks if the given public ‘vbmeta’
partition is trusted.
.get_unique_guid_for_partition() - Gets the GUID for a partition identified
by a string name.

As [1] specification recommends to use tamper-evident storage for storing
rollback indexes and device state (LOCKED/UNLOCKED),
currently are only stubs instead of full implementation for these ops:
.read_rollback_index() - Gets the rollback index for a given index location
.write_rollback_index() - Sets the rollback index to a given location
.read_is_device_unlocked() - Gets where the device is unlocked

[1] https://android.googlesource.com/platform/external/avb/+/master/README.md

Signed-off-by: Igor Opaniuk

Igor Opaniuk
2018-06-19 01:55:13 +0800