[AVB/AB] Overhaul plans

Igor Opaniuk igor.opaniuk at gmail.com
Fri Feb 9 11:14:56 CET 2024


Hi everyone,

I'm currently planning a big overhaul of the current implementation of
AVB/AB in U-Boot during the 2024 year, which I have barely touched since
2019. I used to believe that it was stillborn, but looks like it's
being actively used
now by some SoC vendors and Google folks [1][2].

This is what I have in my todo list:
* Backport latest libavb from AOSP upstream and add support for
   Verified Boot 1.3.0 version
* Sync include/android_bootloader_message.h with AOSP upstream
* Check and backport fixes for AVB in AOSP U-Boot fork if needed [1]
* Get acquainted with a current state of A/B support in AOSP and
   backport all needed changes
* Re-factor libavb, switch to U-Boot existing implementation of
   rsa/sha256/sha512
* Add SHA512 implementation that leverage ARMv8 CE
   (pull it from Linux)
* Enable hw acceleration of SHA256/SHA512 that supports ARMv8
   Crypto Extensions to speed up verification process on ARMv8-based boards.
* AVB support for NAND storage

If someone is already working on anything from the above list -
please feel free to reach out to me, so we can avoid duplication of effort.

Any comments/suggestions are welcome! Thanks!

[1] https://android.googlesource.com/platform/external/u-boot
[2] https://source.android.com/docs/devices/cuttlefish/bootloader-dev
[3] https://android.googlesource.com/platform/bootable/recovery/+/main/bootloader_message/include/bootloader_message/bootloader_message.h

--
Best regards - Atentamente - Meilleures salutations

Igor Opaniuk

mailto: igor.opaniuk at gmail.com
skype: igor.opanyuk
http://ua.linkedin.com/in/iopaniuk


More information about the U-Boot mailing list