[U-Boot] [PATCH 0/8] Initial integration of AVB2.0

Igor Opaniuk igor.opaniuk at linaro.org
Fri Apr 27 09:53:11 UTC 2018 

Hi Alex,

I've replaced licence texts in source file headers to SPDX short
identifiers (suggestion from Tom Rini).
As far as I know that was the only one major change I introduced to
libavb/libavb_ab.
I also did remove crc32() implementation and used existing in U-boot
because of licence ambiguity,
frankly I wasn't sure if it was GPL-2.0 compatible (
https://android.googlesource.com/platform/external/avb/+/master/libavb/avb_crc32.c).

Regarding libavb_ab, I guess I can exclude it for now, as there is no
any functionality implemented for A/B
slots support in this patch-set. And, btw, I've noticed the note in
the latest README.md for AVB2.0
on googlesource "This code is DEPRECATED and you must define
AVB_AB_I_UNDERSTAND_LIBAVB_AB_IS_DEPRECATED  to use it. The code will
be removed Jun 1 2018.".
Does it mean that a/b stuff will be included in libavb instead of
seperate libavb_av lib?

Thanks!

Regards,
Igor

On 26 April 2018 at 19:35, Alex Deymo <deymo+ at google.com> wrote:
> Hi Kever,
>   libavb and libavb_ab are different things, and we split them for a reason.
> Adding libavb is great, but you don't need to add libavb_ab as an A/B
> implementation. The boot_android command referenced by Igor doesn't use that
> as an A/B implementation, but uses the structs already defined in the Boot
> Control Block (BCB) and the android bootloader flow. I would recommend to
> include the libavb only.
>
> Igor,
> What changes did you need to do to libavb to import it to U-Boot? The idea
> with libavb is that it should be easy to integrate into your bootloader
> without changes; and therefore easy to update and integrate new patches when
> we release new versions of libavb. We would like to avoid diverting from it
> to reduce the maintenance cost.
>
> Best regards,
> Alex
>
>
> Le jeu. 26 avr. 2018 à 05:05, Kever Yang <kever.yang at rock-chips.com> a écrit
> :
>>
>> Hi Igor,
>>
>>     It's great to see the patch set to support AVB2.0, the upstream
>> libavb(from aosp) combine the AVB with A/B which I think should be
>> two separate feature, are you going to split them?
>>
>>     BTW, do you have plan to update boot_android cmd to support avb?
>> the command is too weak for use now.
>> And any plan to add opptee_client/smcc to talk to OPTEE/ATF?
>>
>> Thanks,
>> - Kever
>> On 04/25/2018 09:17 PM, Igor Opaniuk wrote:
>> > This series of patches introduces support of Android Verified Boot 2.0,
>> > which provides integrity checking of Android partitions on MMC.
>> >
>> > It integrates libavb/libavb_ab into the U-boot, provides implementation
>> > of
>> > AvbOps, subset of `avb` commands to run verification chain (and for
>> > debugging
>> > purposes), and it enables AVB2.0 verification on AM57xx HS SoC by
>> > default.
>> >
>> > Currently, there is still no support for verification of A/B boot slots
>> > and no rollback protection (for storing rollback indexes
>> > there are plans to use eMMC RPMB)
>> >
>> > Libavb/libavb_ab will be deviated from AOSP upstream in the future,
>> > that's why minimal amount of changes were introduced into the lib
>> > sources,
>> > so checkpatch may fail.
>> >
>> > For additional details check [1] AVB 2.0 README and doc/README.avb2,
>> > which
>> > is a part of this patchset.
>> >
>> > [1]
>> > https://android.googlesource.com/platform/external/avb/+/master/README.md
>> >
>> > Igor Opaniuk (8):
>> >   avb2.0: add Android Verified Boot 2.0 libraries
>> >   avb2.0: integrate avb 2.0 into the build system
>> >   avb2.0: implement AVB ops
>> >   cmd: avb2.0: avb command for performing verification
>> >   avb2.0: add boot states and dm-verity support
>> >   am57xx_hs: avb2.0: add support of AVB 2.0
>> >   test/py: avb2.0: add tests for avb commands
>> >   doc: avb2.0: add README about AVB2.0 integration
>> >
>> >  cmd/Kconfig                                  |   15 +
>> >  cmd/Makefile                                 |    3 +
>> >  cmd/avb.c                                    |  366 ++++++++
>> >  common/Makefile                              |    2 +
>> >  common/avb_verify.c                          |  748 ++++++++++++++++
>> >  configs/am57xx_hs_evm_defconfig              |    3 +
>> >  doc/README.avb2                              |  100 +++
>> >  include/avb/avb_ab_flow.h                    |  235 ++++++
>> >  include/avb/avb_ab_ops.h                     |   61 ++
>> >  include/avb/avb_chain_partition_descriptor.h |   54 ++
>> >  include/avb/avb_crypto.h                     |  147 ++++
>> >  include/avb/avb_descriptor.h                 |  113 +++
>> >  include/avb/avb_footer.h                     |   68 ++
>> >  include/avb/avb_hash_descriptor.h            |   55 ++
>> >  include/avb/avb_hashtree_descriptor.h        |   65 ++
>> >  include/avb/avb_kernel_cmdline_descriptor.h  |   63 ++
>> >  include/avb/avb_ops.h                        |  196 +++++
>> >  include/avb/avb_property_descriptor.h        |   89 ++
>> >  include/avb/avb_rsa.h                        |   55 ++
>> >  include/avb/avb_sha.h                        |   72 ++
>> >  include/avb/avb_slot_verify.h                |  239 ++++++
>> >  include/avb/avb_sysdeps.h                    |   97 +++
>> >  include/avb/avb_util.h                       |  259 ++++++
>> >  include/avb/avb_vbmeta_image.h               |  272 ++++++
>> >  include/avb/avb_version.h                    |   45 +
>> >  include/avb/libavb.h                         |   32 +
>> >  include/avb/libavb_ab.h                      |   22 +
>> >  include/avb_verify.h                         |   97 +++
>> >  include/configs/am57xx_evm.h                 |   11 +
>> >  include/environment/ti/boot.h                |   15 +
>> >  lib/Kconfig                                  |   20 +
>> >  lib/Makefile                                 |    2 +
>> >  lib/libavb/Makefile                          |   15 +
>> >  lib/libavb/avb_chain_partition_descriptor.c  |   46 +
>> >  lib/libavb/avb_crypto.c                      |  355 ++++++++
>> >  lib/libavb/avb_descriptor.c                  |  142 ++++
>> >  lib/libavb/avb_footer.c                      |   36 +
>> >  lib/libavb/avb_hash_descriptor.c             |   43 +
>> >  lib/libavb/avb_hashtree_descriptor.c         |   51 ++
>> >  lib/libavb/avb_kernel_cmdline_descriptor.c   |   40 +
>> >  lib/libavb/avb_property_descriptor.c         |  167 ++++
>> >  lib/libavb/avb_rsa.c                         |  277 ++++++
>> >  lib/libavb/avb_sha256.c                      |  364 ++++++++
>> >  lib/libavb/avb_sha512.c                      |  362 ++++++++
>> >  lib/libavb/avb_slot_verify.c                 | 1169
>> > ++++++++++++++++++++++++++
>> >  lib/libavb/avb_sysdeps_posix.c               |   57 ++
>> >  lib/libavb/avb_util.c                        |  385 +++++++++
>> >  lib/libavb/avb_vbmeta_image.c                |  290 +++++++
>> >  lib/libavb/avb_version.c                     |   16 +
>> >  lib/libavb_ab/Makefile                       |    9 +
>> >  lib/libavb_ab/avb_ab_flow.c                  |  502 +++++++++++
>> >  test/py/tests/test_avb.py                    |  111 +++
>> >  52 files changed, 8058 insertions(+)
>> >  create mode 100644 cmd/avb.c
>> >  create mode 100644 common/avb_verify.c
>> >  create mode 100644 doc/README.avb2
>> >  create mode 100644 include/avb/avb_ab_flow.h
>> >  create mode 100644 include/avb/avb_ab_ops.h
>> >  create mode 100644 include/avb/avb_chain_partition_descriptor.h
>> >  create mode 100644 include/avb/avb_crypto.h
>> >  create mode 100644 include/avb/avb_descriptor.h
>> >  create mode 100644 include/avb/avb_footer.h
>> >  create mode 100644 include/avb/avb_hash_descriptor.h
>> >  create mode 100644 include/avb/avb_hashtree_descriptor.h
>> >  create mode 100644 include/avb/avb_kernel_cmdline_descriptor.h
>> >  create mode 100644 include/avb/avb_ops.h
>> >  create mode 100644 include/avb/avb_property_descriptor.h
>> >  create mode 100644 include/avb/avb_rsa.h
>> >  create mode 100644 include/avb/avb_sha.h
>> >  create mode 100644 include/avb/avb_slot_verify.h
>> >  create mode 100644 include/avb/avb_sysdeps.h
>> >  create mode 100644 include/avb/avb_util.h
>> >  create mode 100644 include/avb/avb_vbmeta_image.h
>> >  create mode 100644 include/avb/avb_version.h
>> >  create mode 100644 include/avb/libavb.h
>> >  create mode 100644 include/avb/libavb_ab.h
>> >  create mode 100644 include/avb_verify.h
>> >  create mode 100644 lib/libavb/Makefile
>> >  create mode 100644 lib/libavb/avb_chain_partition_descriptor.c
>> >  create mode 100644 lib/libavb/avb_crypto.c
>> >  create mode 100644 lib/libavb/avb_descriptor.c
>> >  create mode 100644 lib/libavb/avb_footer.c
>> >  create mode 100644 lib/libavb/avb_hash_descriptor.c
>> >  create mode 100644 lib/libavb/avb_hashtree_descriptor.c
>> >  create mode 100644 lib/libavb/avb_kernel_cmdline_descriptor.c
>> >  create mode 100644 lib/libavb/avb_property_descriptor.c
>> >  create mode 100644 lib/libavb/avb_rsa.c
>> >  create mode 100644 lib/libavb/avb_sha256.c
>> >  create mode 100644 lib/libavb/avb_sha512.c
>> >  create mode 100644 lib/libavb/avb_slot_verify.c
>> >  create mode 100644 lib/libavb/avb_sysdeps_posix.c
>> >  create mode 100644 lib/libavb/avb_util.c
>> >  create mode 100644 lib/libavb/avb_vbmeta_image.c
>> >  create mode 100644 lib/libavb/avb_version.c
>> >  create mode 100644 lib/libavb_ab/Makefile
>> >  create mode 100644 lib/libavb_ab/avb_ab_flow.c
>> >  create mode 100644 test/py/tests/test_avb.py
>> >
>>
>>
>> _______________________________________________
>> U-Boot mailing list
>> U-Boot at lists.denx.de
>> https://lists.denx.de/listinfo/u-boot



-- 
Regards,
Igor Opaniuk

More information about the U-Boot mailing list