[U-Boot] [PATCH 0/8] Initial integration of AVB2.0
Kever Yang
kever.yang at rock-chips.com
Thu Apr 26 03:05:05 UTC 2018
Hi Igor,
It's great to see the patch set to support AVB2.0, the upstream
libavb(from aosp) combine the AVB with A/B which I think should be
two separate feature, are you going to split them?
BTW, do you have plan to update boot_android cmd to support avb?
the command is too weak for use now.
And any plan to add opptee_client/smcc to talk to OPTEE/ATF?
Thanks,
- Kever
On 04/25/2018 09:17 PM, Igor Opaniuk wrote:
> This series of patches introduces support of Android Verified Boot 2.0,
> which provides integrity checking of Android partitions on MMC.
>
> It integrates libavb/libavb_ab into the U-boot, provides implementation of
> AvbOps, subset of `avb` commands to run verification chain (and for debugging
> purposes), and it enables AVB2.0 verification on AM57xx HS SoC by default.
>
> Currently, there is still no support for verification of A/B boot slots
> and no rollback protection (for storing rollback indexes
> there are plans to use eMMC RPMB)
>
> Libavb/libavb_ab will be deviated from AOSP upstream in the future,
> that's why minimal amount of changes were introduced into the lib sources,
> so checkpatch may fail.
>
> For additional details check [1] AVB 2.0 README and doc/README.avb2, which
> is a part of this patchset.
>
> [1] https://android.googlesource.com/platform/external/avb/+/master/README.md
>
> Igor Opaniuk (8):
> avb2.0: add Android Verified Boot 2.0 libraries
> avb2.0: integrate avb 2.0 into the build system
> avb2.0: implement AVB ops
> cmd: avb2.0: avb command for performing verification
> avb2.0: add boot states and dm-verity support
> am57xx_hs: avb2.0: add support of AVB 2.0
> test/py: avb2.0: add tests for avb commands
> doc: avb2.0: add README about AVB2.0 integration
>
> cmd/Kconfig | 15 +
> cmd/Makefile | 3 +
> cmd/avb.c | 366 ++++++++
> common/Makefile | 2 +
> common/avb_verify.c | 748 ++++++++++++++++
> configs/am57xx_hs_evm_defconfig | 3 +
> doc/README.avb2 | 100 +++
> include/avb/avb_ab_flow.h | 235 ++++++
> include/avb/avb_ab_ops.h | 61 ++
> include/avb/avb_chain_partition_descriptor.h | 54 ++
> include/avb/avb_crypto.h | 147 ++++
> include/avb/avb_descriptor.h | 113 +++
> include/avb/avb_footer.h | 68 ++
> include/avb/avb_hash_descriptor.h | 55 ++
> include/avb/avb_hashtree_descriptor.h | 65 ++
> include/avb/avb_kernel_cmdline_descriptor.h | 63 ++
> include/avb/avb_ops.h | 196 +++++
> include/avb/avb_property_descriptor.h | 89 ++
> include/avb/avb_rsa.h | 55 ++
> include/avb/avb_sha.h | 72 ++
> include/avb/avb_slot_verify.h | 239 ++++++
> include/avb/avb_sysdeps.h | 97 +++
> include/avb/avb_util.h | 259 ++++++
> include/avb/avb_vbmeta_image.h | 272 ++++++
> include/avb/avb_version.h | 45 +
> include/avb/libavb.h | 32 +
> include/avb/libavb_ab.h | 22 +
> include/avb_verify.h | 97 +++
> include/configs/am57xx_evm.h | 11 +
> include/environment/ti/boot.h | 15 +
> lib/Kconfig | 20 +
> lib/Makefile | 2 +
> lib/libavb/Makefile | 15 +
> lib/libavb/avb_chain_partition_descriptor.c | 46 +
> lib/libavb/avb_crypto.c | 355 ++++++++
> lib/libavb/avb_descriptor.c | 142 ++++
> lib/libavb/avb_footer.c | 36 +
> lib/libavb/avb_hash_descriptor.c | 43 +
> lib/libavb/avb_hashtree_descriptor.c | 51 ++
> lib/libavb/avb_kernel_cmdline_descriptor.c | 40 +
> lib/libavb/avb_property_descriptor.c | 167 ++++
> lib/libavb/avb_rsa.c | 277 ++++++
> lib/libavb/avb_sha256.c | 364 ++++++++
> lib/libavb/avb_sha512.c | 362 ++++++++
> lib/libavb/avb_slot_verify.c | 1169 ++++++++++++++++++++++++++
> lib/libavb/avb_sysdeps_posix.c | 57 ++
> lib/libavb/avb_util.c | 385 +++++++++
> lib/libavb/avb_vbmeta_image.c | 290 +++++++
> lib/libavb/avb_version.c | 16 +
> lib/libavb_ab/Makefile | 9 +
> lib/libavb_ab/avb_ab_flow.c | 502 +++++++++++
> test/py/tests/test_avb.py | 111 +++
> 52 files changed, 8058 insertions(+)
> create mode 100644 cmd/avb.c
> create mode 100644 common/avb_verify.c
> create mode 100644 doc/README.avb2
> create mode 100644 include/avb/avb_ab_flow.h
> create mode 100644 include/avb/avb_ab_ops.h
> create mode 100644 include/avb/avb_chain_partition_descriptor.h
> create mode 100644 include/avb/avb_crypto.h
> create mode 100644 include/avb/avb_descriptor.h
> create mode 100644 include/avb/avb_footer.h
> create mode 100644 include/avb/avb_hash_descriptor.h
> create mode 100644 include/avb/avb_hashtree_descriptor.h
> create mode 100644 include/avb/avb_kernel_cmdline_descriptor.h
> create mode 100644 include/avb/avb_ops.h
> create mode 100644 include/avb/avb_property_descriptor.h
> create mode 100644 include/avb/avb_rsa.h
> create mode 100644 include/avb/avb_sha.h
> create mode 100644 include/avb/avb_slot_verify.h
> create mode 100644 include/avb/avb_sysdeps.h
> create mode 100644 include/avb/avb_util.h
> create mode 100644 include/avb/avb_vbmeta_image.h
> create mode 100644 include/avb/avb_version.h
> create mode 100644 include/avb/libavb.h
> create mode 100644 include/avb/libavb_ab.h
> create mode 100644 include/avb_verify.h
> create mode 100644 lib/libavb/Makefile
> create mode 100644 lib/libavb/avb_chain_partition_descriptor.c
> create mode 100644 lib/libavb/avb_crypto.c
> create mode 100644 lib/libavb/avb_descriptor.c
> create mode 100644 lib/libavb/avb_footer.c
> create mode 100644 lib/libavb/avb_hash_descriptor.c
> create mode 100644 lib/libavb/avb_hashtree_descriptor.c
> create mode 100644 lib/libavb/avb_kernel_cmdline_descriptor.c
> create mode 100644 lib/libavb/avb_property_descriptor.c
> create mode 100644 lib/libavb/avb_rsa.c
> create mode 100644 lib/libavb/avb_sha256.c
> create mode 100644 lib/libavb/avb_sha512.c
> create mode 100644 lib/libavb/avb_slot_verify.c
> create mode 100644 lib/libavb/avb_sysdeps_posix.c
> create mode 100644 lib/libavb/avb_util.c
> create mode 100644 lib/libavb/avb_vbmeta_image.c
> create mode 100644 lib/libavb/avb_version.c
> create mode 100644 lib/libavb_ab/Makefile
> create mode 100644 lib/libavb_ab/avb_ab_flow.c
> create mode 100644 test/py/tests/test_avb.py
>
More information about the U-Boot
mailing list