[PATCH 3/9] configs: meson64_android: implement AVB support

[Neil Armstrong]

On 05/08/2021 17:17, Mattijs Korpershoek wrote:
> AVB (Android Verified Boot) is well supported in U-Boot already.
> Add support for it in meson64_android.
> 
> This is controlled by the "force_avb" environment variable and the
> CONFIG_CMD_AVB option.
> 
> Signed-off-by: Guillaume La Roque <glaroque at baylibre.com>
> Signed-off-by: Mattijs Korpershoek <mkorpershoek at baylibre.com>
> ---
>  include/configs/meson64_android.h | 23 +++++++++++++++++++++++
>  1 file changed, 23 insertions(+)
> 
> diff --git a/include/configs/meson64_android.h b/include/configs/meson64_android.h
> index bc3ffb9ca5..48a23b6e41 100644
> --- a/include/configs/meson64_android.h
> +++ b/include/configs/meson64_android.h
> @@ -27,6 +27,25 @@
>  
>  #ifndef RECOVERY_PARTITION
>  #define RECOVERY_PARTITION "recovery"
> +
> +#if defined(CONFIG_CMD_AVB)
> +#define AVB_VERIFY_CHECK \
> +	"if test \"${force_avb}\" -eq 1; then " \
> +		"if run avb_verify; then " \
> +			"echo AVB verification OK.;" \
> +			"setenv bootargs \"$bootargs $avb_bootargs\";" \
> +		"else " \
> +			"echo AVB verification failed.;" \
> +		"exit; fi;" \
> +	"else " \
> +		"setenv bootargs \"$bootargs androidboot.verifiedbootstate=orange\";" \
> +		"echo Running without AVB...; "\
> +	"fi;"
> +
> +#define AVB_VERIFY_CMD "avb_verify=avb init ${mmcdev}; avb verify;\0"
> +#else
> +#define AVB_VERIFY_CHECK ""
> +#define AVB_VERIFY_CMD ""
>  #endif
>  
>  #define BOOTENV_DEV_FASTBOOT(devtypeu, devtypel, instance) \
> @@ -93,6 +112,7 @@
>  			"echo Running Recovery...;" \
>  			"mmc dev ${mmcdev};" \
>  			"setenv bootargs \"${bootargs} androidboot.serialno=${serial#}\";" \
> +			AVB_VERIFY_CHECK \
>  			"part start mmc ${mmcdev} " RECOVERY_PARTITION " boot_start;" \
>  			"part size mmc ${mmcdev} " RECOVERY_PARTITION " boot_size;" \
>  			"if mmc read ${loadaddr} ${boot_start} ${boot_size}; then " \
> @@ -111,6 +131,7 @@
>  		"echo Loading Android " BOOT_PARTITION " partition...;" \
>  		"mmc dev ${mmcdev};" \
>  		"setenv bootargs ${bootargs} androidboot.serialno=${serial#};" \
> +		AVB_VERIFY_CHECK \
>  		"part start mmc ${mmcdev} " BOOT_PARTITION " boot_start;" \
>  		"part size mmc ${mmcdev} " BOOT_PARTITION " boot_size;" \
>  		"if mmc read ${loadaddr} ${boot_start} ${boot_size}; then " \
> @@ -142,6 +163,8 @@
>  #define CONFIG_EXTRA_ENV_SETTINGS                                     \
>  	"partitions=" PARTS_DEFAULT "\0"                              \
>  	"mmcdev=2\0"                                                  \
> +	AVB_VERIFY_CMD                                                \
> +	"force_avb=0\0"                                               \
>  	"gpio_recovery=88\0"                                          \
>  	"check_button=gpio input ${gpio_recovery};test $? -eq 0;\0"   \
>  	"load_logo=" PREBOOT_LOAD_LOGO "\0"			      \
> 

Acked-by: Neil Armstrong <narmstrong at baylibre.com>