[U-Boot] [PATCH v4 1/1] avb: add support for named persistent values

Simon Glass sjg at chromium.org
Thu Jan 31 10:04:30 UTC 2019 

Hi Igor,

On Sun, 27 Jan 2019 at 07:34, Igor Opaniuk <igor.opaniuk at linaro.org> wrote:
>
> AVB version 1.1 introduces support for named persistent values
> that must be tamper evident and allows AVB to store arbitrary key-value
> pairs [1].
>
> Introduce implementation of two additional AVB operations
> read_persistent_value()/write_persistent_value() for retrieving/storing
> named persistent values.
>
> Correspondent pull request in the OP-TEE OS project repo [2].
>
> [1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
> [2]: https://github.com/OP-TEE/optee_os/pull/2699
>
> Signed-off-by: Igor Opaniuk <igor.opaniuk at linaro.org>
> ---
>
> v4:
> - extend tee sandbox tee driver to support persistent values
> - fix/re-test avb_persistent test on sandbox configuration:
> $ ./test/py/test.py --bd sandbox --build -s -i avb_per
>
> U-Boot 2019.01-06051-gd01806a-dirty (Jan 27 2019 - 11:56:41 +0200)
>
> Model: sandbox
> DRAM:  128 MiB
> MMC:   MMC probed
> MMC probed
> MMC probed
> mmc2: 2 (SD), mmc1: 1 (SD), mmc0: 0 (SD)
> In:    serial
> Out:   vidconsole
> Err:   vidconsole
> Model: sandbox
> SCSI:
> Net:   eth0: eth at 10002000, eth5: eth at 10003000, eth3: sbe5, eth1: eth at 10004000
> Hit any key to stop autoboot:  0
> => => avb init 1
> => => avb write_pvalue test value_value
> Wrote 12 bytes
> => => avb read_pvalue test 12
> Read 12 bytes, value = value_value
> =>
> test/py/tests/test_avb.py .
>
> ===== 464 tests deselected by '-kavb_per' ======
> === 1 passed, 464 deselected in 0.16 seconds ===
>
> v3:
> - fix possible mem lick in avb_read_persistent/avb_write_persistent
> - add additional sanity checks
> - cover avb read_pvalue/write_pvalue commands with python tests
>
> v2:
> - fix output format for avb read_pvalue/write_pvalue commands
> - fix issue with named value buffer size
>
>  cmd/avb.c                  |  78 ++++++++++++++++++++++++++++
>  common/avb_verify.c        | 125 +++++++++++++++++++++++++++++++++++++++++++++
>  drivers/tee/sandbox.c      |  80 +++++++++++++++++++++++++++++
>  include/tee.h              |   2 +
>  include/tee/optee_ta_avb.h |  16 ++++++
>  test/py/tests/test_avb.py  |  16 ++++++
>  6 files changed, 317 insertions(+)

This looks OK. My only comment is that the variables at the top of the
sandbox driver should really be in a driver-private data struct, using
priv_auto_alloc_size, etc.

Reviewed-by: Simon Glass <sjg at chromium.org>

I'm assuming that this test runs with 'make qcheck'?


- Simon

More information about the U-Boot mailing list