[U-Boot] [PATCH v2 0/8] Initial integration of AVB2.0
Igor Opaniuk
igor.opaniuk at linaro.org
Sun Jun 3 18:56:35 UTC 2018
This series of patches introduces support of Android Verified Boot 2.0,
which provides integrity checking of Android partitions on MMC.
It integrates libavb into the U-boot, provides implementation of
AvbOps, subset of `avb` commands to run verification chain (and for debugging
purposes), and it enables AVB2.0 verification on AM57xx HS SoC by default.
Currently, there is still no support for verification of A/B boot slots
and no rollback protection (for storing rollback indexes
there are plans to use eMMC RPMB)
Libavb will be deviated from AOSP upstream in the future,
that's why minimal amount of changes were introduced into the lib sources,
so checkpatch may fail.
For additional details check [1] AVB 2.0 README and doc/README.avb2, which
is a part of this patchset.
[1] https://android.googlesource.com/platform/external/avb/+/master/README.md
Changes for v2:
- Updated libavb from the AOSP upstream
- Removed libavb_ab is it's marked as deprecated
- Added default n to Kconfigs for this feature (both for CONFIG_LIBAVB and
CONFIG_CMD_AVB)
- Minor fixes in avb_find_dm_args
- Replaced "reinvented the wheel" str macro with existing __stringify()
- Updated documentation
- Updated avb_slot_verify invocation, supplying with new AvbHashtreeErrorMode
param
- Fixed array boundary exceeded error when handling bootargs in
avb_find_dm_args
Igor Opaniuk (8):
avb2.0: add Android Verified Boot 2.0 library
avb2.0: integrate avb 2.0 into the build system
avb2.0: implement AVB ops
cmd: avb2.0: avb command for performing verification
avb2.0: add boot states and dm-verity support
am57xx_hs: avb2.0: add support of AVB 2.0
test/py: avb2.0: add tests for avb commands
doc: avb2.0: add README about AVB2.0 integration
cmd/Kconfig | 16 +
cmd/Makefile | 3 +
cmd/avb.c | 372 ++++++++
common/Makefile | 2 +
common/avb_verify.c | 741 +++++++++++++++
doc/README.avb2 | 97 ++
include/avb_verify.h | 96 ++
include/configs/am57xx_evm.h | 11 +
include/environment/ti/boot.h | 15 +
lib/Kconfig | 14 +
lib/Makefile | 1 +
lib/libavb/Makefile | 15 +
lib/libavb/avb_chain_partition_descriptor.c | 46 +
lib/libavb/avb_chain_partition_descriptor.h | 54 ++
lib/libavb/avb_cmdline.c | 422 +++++++++
lib/libavb/avb_cmdline.h | 72 ++
lib/libavb/avb_crypto.c | 354 +++++++
lib/libavb/avb_crypto.h | 156 +++
lib/libavb/avb_descriptor.c | 142 +++
lib/libavb/avb_descriptor.h | 113 +++
lib/libavb/avb_footer.c | 36 +
lib/libavb/avb_footer.h | 68 ++
lib/libavb/avb_hash_descriptor.c | 44 +
lib/libavb/avb_hash_descriptor.h | 70 ++
lib/libavb/avb_hashtree_descriptor.c | 52 +
lib/libavb/avb_hashtree_descriptor.h | 80 ++
lib/libavb/avb_kernel_cmdline_descriptor.c | 40 +
lib/libavb/avb_kernel_cmdline_descriptor.h | 63 ++
lib/libavb/avb_ops.h | 293 ++++++
lib/libavb/avb_property_descriptor.c | 167 ++++
lib/libavb/avb_property_descriptor.h | 89 ++
lib/libavb/avb_rsa.c | 276 ++++++
lib/libavb/avb_rsa.h | 55 ++
lib/libavb/avb_sha.h | 72 ++
lib/libavb/avb_sha256.c | 364 +++++++
lib/libavb/avb_sha512.c | 362 +++++++
lib/libavb/avb_slot_verify.c | 1367 +++++++++++++++++++++++++++
lib/libavb/avb_slot_verify.h | 341 +++++++
lib/libavb/avb_sysdeps.h | 101 ++
lib/libavb/avb_sysdeps_posix.c | 63 ++
lib/libavb/avb_util.c | 412 ++++++++
lib/libavb/avb_util.h | 269 ++++++
lib/libavb/avb_vbmeta_image.c | 290 ++++++
lib/libavb/avb_vbmeta_image.h | 276 ++++++
lib/libavb/avb_version.c | 16 +
lib/libavb/avb_version.h | 41 +
lib/libavb/libavb.h | 32 +
test/py/tests/test_avb.py | 111 +++
48 files changed, 8192 insertions(+)
create mode 100644 cmd/avb.c
create mode 100644 common/avb_verify.c
create mode 100644 doc/README.avb2
create mode 100644 include/avb_verify.h
create mode 100644 lib/libavb/Makefile
create mode 100644 lib/libavb/avb_chain_partition_descriptor.c
create mode 100644 lib/libavb/avb_chain_partition_descriptor.h
create mode 100644 lib/libavb/avb_cmdline.c
create mode 100644 lib/libavb/avb_cmdline.h
create mode 100644 lib/libavb/avb_crypto.c
create mode 100644 lib/libavb/avb_crypto.h
create mode 100644 lib/libavb/avb_descriptor.c
create mode 100644 lib/libavb/avb_descriptor.h
create mode 100644 lib/libavb/avb_footer.c
create mode 100644 lib/libavb/avb_footer.h
create mode 100644 lib/libavb/avb_hash_descriptor.c
create mode 100644 lib/libavb/avb_hash_descriptor.h
create mode 100644 lib/libavb/avb_hashtree_descriptor.c
create mode 100644 lib/libavb/avb_hashtree_descriptor.h
create mode 100644 lib/libavb/avb_kernel_cmdline_descriptor.c
create mode 100644 lib/libavb/avb_kernel_cmdline_descriptor.h
create mode 100644 lib/libavb/avb_ops.h
create mode 100644 lib/libavb/avb_property_descriptor.c
create mode 100644 lib/libavb/avb_property_descriptor.h
create mode 100644 lib/libavb/avb_rsa.c
create mode 100644 lib/libavb/avb_rsa.h
create mode 100644 lib/libavb/avb_sha.h
create mode 100644 lib/libavb/avb_sha256.c
create mode 100644 lib/libavb/avb_sha512.c
create mode 100644 lib/libavb/avb_slot_verify.c
create mode 100644 lib/libavb/avb_slot_verify.h
create mode 100644 lib/libavb/avb_sysdeps.h
create mode 100644 lib/libavb/avb_sysdeps_posix.c
create mode 100644 lib/libavb/avb_util.c
create mode 100644 lib/libavb/avb_util.h
create mode 100644 lib/libavb/avb_vbmeta_image.c
create mode 100644 lib/libavb/avb_vbmeta_image.h
create mode 100644 lib/libavb/avb_version.c
create mode 100644 lib/libavb/avb_version.h
create mode 100644 lib/libavb/libavb.h
create mode 100644 test/py/tests/test_avb.py
--
2.7.4
More information about the U-Boot
mailing list