Git Browser for ODROID
Code Review Sign In
git.odroid.com / yocto / uboot / refs/heads/odroidc5-v2023.01 / . / cmd / amlogic / cmd_avb.c
blob: b64f3abc37ee5da276635c9d6782b8f91891e7fc [file] [log] [blame] [edit]
// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
/*
* Copyright (c) 2019 Amlogic, Inc. All rights reserved.
*/
#include <common.h>
#include <command.h>
#include <env.h>
#include <malloc.h>
#include <asm/byteorder.h>
#include <config.h>
#include <asm/amlogic/arch/io.h>
#include <amlogic/partition_table.h>
#include <amlogic/libavb/libavb.h>
#include <amlogic/emmc_partitions.h>
#include <amlogic/storage.h>
#include <asm/amlogic/arch/bl31_apis.h>
#if defined(CONFIG_AML_ANTIROLLBACK) || defined(CONFIG_AML_AVB2_ANTIROLLBACK)
#include <amlogic/anti-rollback.h>
#endif
#include <version.h>
#include <amlogic/aml_efuse.h>
#include <amlogic/store_wrapper.h>
#include <fs.h>
#include <fat.h>
#include <factory_provision/factory_provision_utils.h>
#define AVB_USE_TESTKEY
#define MAX_DTB_SIZE (AML_DTB_IMG_MAX_SZ + 512)
#define DTB_PARTITION_SIZE 258048
#define AVB_NUM_SLOT (6)
/* use max nand page size, 4K */
#define NAND_PAGE_SIZE (0x1000)
// The last slot is reserved for recovery partition
#define RECOVERY_ARB_LOCATION (31)
#define CONFIG_AVB2_KPUB_EMBEDDED
#ifdef CONFIG_AVB2_KPUB_VENDOR
extern const char avb2_kpub_vendor[];
extern const int avb2_kpub_vendor_len;
#endif /* CONFIG_AVB_KPUB_VENDOR */
extern const char avb2_kpub_default[];
extern const int avb2_kpub_default_len;
extern const char avb2_kpub_production[];
extern const int avb2_kpub_production_len;
#ifndef CONFIG_AVB2_KPUB_FROM_FIP
#define CONFIG_AVB2_KPUB_FROM_FIP (0)
#endif
#if CONFIG_AVB2_KPUB_FROM_FIP
int compare_avbkey_with_fipkey(const uint8_t* public_key_data, size_t public_key_length);
#endif
void *memory_addr;
AvbOps avb_ops_;
int run_in_recovery;
int recovery_from_memory;
struct avb_part {
char name[16];
u8 *addr;
size_t length;
};
struct avb_part parts[AVB_NUM_SLOT];
u32 avb_part_num;
bool avb_preload = true;
void set_avb_parts(const char *partname, uint8_t *addr, size_t length)
{
struct avb_part *part = NULL;
if (!is_device_unlocked() && avb_preload) {
assert(avb_part_num < AVB_NUM_SLOT);
part = &parts[avb_part_num];
memset(part->name, 0, sizeof(part->name));
strlcpy(part->name, partname, sizeof(part->name));
part->addr = malloc(length);
if (part->addr) {
memcpy(part->addr, addr, length);
part->length = length;
avb_part_num++;
}
}
}
void clear_avb_parts(void)
{
struct avb_part *part = NULL;
u32 i = 0;
if (!is_device_unlocked()) {
for (i = 0; i < avb_part_num; i++) {
part = &parts[i];
memset(part->name, 0, sizeof(part->name));
if (part->addr) {
free(part->addr);
part->addr = NULL;
part->length = 0;
}
}
}
avb_part_num = 0;
}
u64 get_size_avb_footer(const char *partname)
{
AvbFooter footer_src, footer_desc;
u64 rc = 0;
enum boot_type_e type = store_get_type();
u32 read_size = 512;
u8 read_buf[NAND_PAGE_SIZE];
if (!partname)
return 0;
if (type == BOOT_NAND_MTD || type == BOOT_SNAND)
read_size = NAND_PAGE_SIZE;
rc = store_logic_cap(partname);
if (rc > read_size) {
rc = store_logic_read(partname, rc - read_size,
read_size, read_buf);
if (rc) {
printf("failed to read footer from: %s\n", partname);
return 0;
}
memcpy(&footer_src, &read_buf[read_size - AVB_FOOTER_SIZE], AVB_FOOTER_SIZE);
if (avb_footer_validate_and_byteswap(&footer_src, &footer_desc))
return footer_desc.original_image_size;
else
return 0;
} else {
return rc;
}
}
static AvbIOResult read_from_partition(AvbOps *ops, const char *partition, int64_t offset,
size_t num_bytes, void *buffer, size_t *out_num_read)
{
int rc = 0;
uint64_t part_bytes = 0;
AvbIOResult result = AVB_IO_RESULT_OK;
size_t total_bytes = num_bytes;
if (ops->get_size_of_partition(ops, partition, &part_bytes) != AVB_IO_RESULT_OK) {
result = AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
goto out;
}
if (part_bytes < offset) {
result = AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION;
goto out;
}
*out_num_read = 0;
if (!strcmp(partition, "dt_a") || !strcmp(partition, "dt_b") ||
!strcmp(partition, "dt")) {
char *dtb_buf = malloc(MAX_DTB_SIZE);
if (!dtb_buf) {
result = AVB_IO_RESULT_ERROR_OOM;
goto out;
}
/* rc = store_dtb_rw(dtb_buf, MAX_DTB_SIZE, 2); */
memset(dtb_buf, 0x00, MAX_DTB_SIZE);
rc = store_rsv_read("dtb", MAX_DTB_SIZE, (void *)dtb_buf);
if (rc) {
printf("Failed to read dtb\n");
free(dtb_buf);
result = AVB_IO_RESULT_ERROR_IO;
goto out;
} else {
*out_num_read = num_bytes > MAX_DTB_SIZE ? MAX_DTB_SIZE : num_bytes;
memcpy(buffer, dtb_buf, *out_num_read);
free(dtb_buf);
result = AVB_IO_RESULT_OK;
goto out;
}
} else if (!strcmp(partition, "recovery-memory")) {
u32 filesize = simple_strtoul(env_get("filesize"), NULL, 16);
if (memory_addr) {
num_bytes = (filesize - offset >= num_bytes) ? num_bytes :
(filesize - offset);
memcpy(buffer, (uint8_t *)(memory_addr + offset), num_bytes);
*out_num_read = num_bytes;
return AVB_IO_RESULT_OK;
}
return AVB_IO_RESULT_ERROR_IO;
} else {
enum boot_type_e type = store_get_type();
/* There is only 1 recovery partition even in A/B */
if (!strcmp(partition, "recovery_a") ||
!strcmp(partition, "recovery_b") ||
!strcmp(partition, "recovery"))
partition = "recovery";
if (type == BOOT_NAND_MTD || type == BOOT_SNAND) {
if (offset != 0) {
uint8_t *tmp_buf = malloc(NAND_PAGE_SIZE);
int64_t align = offset & ~(NAND_PAGE_SIZE - 1);
int64_t drop_bytes = offset - align;
int32_t valid_data = NAND_PAGE_SIZE - drop_bytes;
if (!tmp_buf) {
printf("failed to allocate tmp buf for nand\n");
result = AVB_IO_RESULT_ERROR_IO;
goto out;
}
rc = store_logic_read(partition, align, NAND_PAGE_SIZE, tmp_buf);
if (rc) {
free(tmp_buf);
printf("part 1: Failed to read %dB from part[%s] at %lld\n",
NAND_PAGE_SIZE, partition, align);
result = AVB_IO_RESULT_ERROR_IO;
goto out;
} else {
if (num_bytes > valid_data) {
memcpy(buffer, tmp_buf + drop_bytes, valid_data);
num_bytes -= valid_data;
buffer = (uint8_t *)buffer + valid_data;
} else {
memcpy(buffer, tmp_buf + drop_bytes, num_bytes);
num_bytes = 0;
}
offset = align + NAND_PAGE_SIZE;
free(tmp_buf);
}
if (num_bytes > 0) {
rc = store_logic_read(partition, offset,
num_bytes, buffer);
printf("Failed to read");
printf("%zdB from part[%s] at %lld\n",
num_bytes, partition, offset);
}
} else {
rc = store_logic_read(partition, 0, num_bytes, buffer);
}
} else {
rc = store_logic_read(partition, offset, num_bytes, buffer);
}
if (rc) {
printf("Part 2 Failed to read %zdB from part[%s] at %lld\n",
num_bytes, partition, offset);
result = AVB_IO_RESULT_ERROR_IO;
goto out;
}
*out_num_read = total_bytes;
}
out:
return result;
}
static AvbIOResult get_preloaded_partition(AvbOps *ops, const char *partition,
size_t num_bytes,
u8 **out_pointer,
size_t *out_num_bytes_preloaded)
{
u32 i = 0;
*out_pointer = NULL;
*out_num_bytes_preloaded = 0;
if (avb_preload) {
for (i = 0; i < avb_part_num; i++) {
if (!strcmp(partition, parts[i].name)) {
if (num_bytes <= parts[i].length) {
*out_pointer = parts[i].addr;
*out_num_bytes_preloaded = num_bytes;
} else {
printf("preload: %s expected: %zd, got: %zd\n",
partition, num_bytes, parts[i].length);
if (parts[i].addr) {
free(parts[i].addr);
parts[i].addr = NULL;
parts[i].length = 0;
memset(parts[i].name, 0, sizeof(parts[i].name));
}
}
return AVB_IO_RESULT_OK;
}
}
printf("cannot find %s in preload, use storage read\n", partition);
}
return AVB_IO_RESULT_OK;
}
static AvbIOResult write_to_partition(AvbOps *ops, const char *partition,
int64_t offset, size_t num_bytes, const void *buffer)
{
int rc = 0;
uint64_t part_bytes = 0;
AvbIOResult result = AVB_IO_RESULT_OK;
const char *recovery = "recovery";
enum boot_type_e type = store_get_type();
if (ops->get_size_of_partition(ops, partition, &part_bytes) != AVB_IO_RESULT_OK) {
result = AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
goto out;
}
if (part_bytes < offset) {
result = AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION;
goto out;
}
if (!strcmp(partition, "dt_a") || !strcmp(partition, "dt_b") ||
!strcmp(partition, "dt")) {
if (offset) {
result = AVB_IO_RESULT_ERROR_IO;
goto out;
}
if (type == BOOT_NAND_MTD || type == BOOT_SNAND) {
rc = store_rsv_erase("dtb");
if (rc) {
printf("Failed to write dtb\n");
result = AVB_IO_RESULT_ERROR_IO;
goto out;
}
}
rc = store_rsv_write("dtb", num_bytes, (void *)buffer);
if (rc) {
printf("Failed to write dtb\n");
result = AVB_IO_RESULT_ERROR_IO;
goto out;
} else {
result = AVB_IO_RESULT_OK;
goto out;
}
} else {
/* There is only 1 recovery partition even in A/B */
if (!strcmp(partition, "recovery_a") ||
!strcmp(partition, "recovery_b") ||
!strcmp(partition, "recovery"))
partition = recovery;
if (type == BOOT_NAND_MTD || type == BOOT_SNAND) {
u8 *local_buf = NULL;
u32 local_size = 0;
local_size = (offset + num_bytes + NAND_PAGE_SIZE - 1);
local_size = local_size / NAND_PAGE_SIZE *
NAND_PAGE_SIZE;
local_buf = malloc(local_size);
if (!local_buf) {
printf("Failed local buf: %u\n", local_size);
result = AVB_IO_RESULT_ERROR_OOM;
goto out;
}
rc = store_logic_read(partition, 0, local_size,
local_buf);
if (rc) {
printf("Failed to read to local buf\n");
result = AVB_IO_RESULT_ERROR_IO;
free(local_buf);
goto out;
}
memcpy(local_buf + offset, buffer, num_bytes);
rc = store_erase(partition, 0, local_size, 0);
if (rc) {
printf("Failed to erase: %s %u\n",
partition, local_size);
result = AVB_IO_RESULT_ERROR_IO;
free(local_buf);
goto out;
}
rc = store_logic_write(partition, 0, local_size, local_buf);
free(local_buf);
} else {
rc = store_logic_write(partition, offset, num_bytes,
(unsigned char *)buffer);
}
if (rc) {
printf("Failed to write %zdB from part[%s] at %lld\n",
num_bytes, partition, offset);
result = AVB_IO_RESULT_ERROR_IO;
goto out;
}
}
out:
return result;
}
static AvbIOResult get_unique_guid_for_partition(AvbOps *ops, const char *partition,
char *guid_buf, size_t guid_buf_size)
{
char *s1;
int ret;
char part_name[128];
memset(guid_buf, 0, guid_buf_size);
s1 = env_get("active_slot");
if (!s1) {
run_command("get_valid_slot;", 0);
s1 = env_get("active_slot");
}
//printf("active_slot is %s\n", s1);
if (!memcmp(partition, "system", strlen("system"))) {
#if CONFIG_IS_ENABLED(MMC_MESON_GX)
if (s1 && (strcmp(s1, "_a") == 0))
ret = get_partition_num_by_name("system_a");
else if (s1 && (strcmp(s1, "_b") == 0))
ret = get_partition_num_by_name("system_b");
else
ret = get_partition_num_by_name("system");
#else
ret = 0;
#endif
if (ret >= 0) {
sprintf(part_name, "/dev/mmcblk0p%d", ret + 1);
strncpy(guid_buf, part_name, guid_buf_size);
} else {
printf("system part isn't exist\n");
return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
}
} else if (!memcmp(partition, "vbmeta", strlen("vbmeta"))) {
strncpy(guid_buf, "/dev/block/vbmeta", guid_buf_size);
}
return AVB_IO_RESULT_OK;
}
static AvbIOResult get_size_of_partition(AvbOps *ops, const char *partition,
uint64_t *out_size_num_bytes)
{
uint64_t rc = 0;
if (!strcmp(partition, "dt_a") || !strcmp(partition, "dt_b") ||
!strcmp(partition, "dt")) {
*out_size_num_bytes = DTB_PARTITION_SIZE;
} else if (!strcmp(partition, "recovery-memory")) {
*out_size_num_bytes = simple_strtoul(env_get("filesize"), NULL, 16);
} else {
/* There is only 1 recovery partition even in A/B */
if (!strcmp(partition, "recovery_a") ||
!strcmp(partition, "recovery_b") ||
!strcmp(partition, "recovery"))
rc = store_logic_cap("recovery");
else
rc = store_logic_cap(partition);
if (rc == 1) {
printf("Failed to get partition[%s] size\n", partition);
return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
}
*out_size_num_bytes = rc;
}
return AVB_IO_RESULT_OK;
}
/**
* normally, we should read vendor avb public key from a virtual partition with the name avb_custom_key.
* Flashing and erasing this partition only works in the UNLOCKED state. Setting the custom key is done like this:
* $ avbtool extract_public_key --key key.pem --output pkmd.bin
* $ fastboot flash avb_custom_key pkmd.bin
*
* Erasing the key is done by erasing the virtual partition:
* $ fastboot erase avb_custom_key
*/
static AvbIOResult validate_vbmeta_public_key(AvbOps *ops, const uint8_t *public_key_data,
size_t public_key_length, const uint8_t *public_key_metadata,
size_t public_key_metadata_length, bool *out_is_trusted)
{
*out_is_trusted = false;
AvbIOResult ret = AVB_IO_RESULT_ERROR_IO;
char *keybuf = NULL;
char *partition = "misc";
AvbKey_t key;
u64 size = 0;
#if CONFIG_AVB2_KPUB_FROM_FIP
int result = 0;
#endif
int i = 0;
#ifdef CONFIG_AVB2_KPUB_VENDOR
printf("AVB2 verifying with vendor kpub\n");
printf("avb2_kpub_vendor_len = %d\n", avb2_kpub_vendor_len);
if (avb2_kpub_vendor_len == public_key_length &&
!avb_safe_memcmp(public_key_data,
avb2_kpub_vendor, avb2_kpub_vendor_len)) {
*out_is_trusted = true;
ret = AVB_IO_RESULT_OK;
}
if (is_device_unlocked())
ret = AVB_IO_RESULT_OK;
#ifdef CONFIG_TESTKEY
if (ret != AVB_IO_RESULT_OK) {
printf("AVB2 re-verify with default kpub\n");
if (avb2_kpub_default_len == public_key_length &&
!avb_safe_memcmp(public_key_data,
avb2_kpub_default, public_key_length)) {
*out_is_trusted = true;
ret = AVB_IO_RESULT_OK;
}
}
#endif
if (ret != AVB_IO_RESULT_OK)
printf("AVB2 key in bootloader does not match with the key in vbmeta\n");
return ret;
#endif
#if CONFIG_AVB2_KPUB_FROM_FIP
printf("AVB2 verifying with fip key\n");
result = compare_avbkey_with_fipkey(public_key_data, public_key_length);
if (result == -2) {
printf("AVB2 verified with fip key failed\n");
*out_is_trusted = false;
ret = AVB_IO_RESULT_OK;
return ret;
} else if (result == -1) {
printf("AVB2 cannot find fip key\n");
} else if (result == 0) {
printf("AVB2 verified with fip key success\n");
*out_is_trusted = true;
ret = AVB_IO_RESULT_OK;
return ret;
}
#endif
/*
* disable AVB custom key and test key
* if device secure boot enabled
*/
if (!IS_FEAT_BOOT_VERIFY()) {
key.size = 0;
keybuf = (char *)malloc(AVB_CUSTOM_KEY_LEN_MAX);
if (keybuf) {
memset(keybuf, 0, AVB_CUSTOM_KEY_LEN_MAX);
size = store_logic_cap(partition);
if (size != 1) {
/* no need workaround for nand. The size is 4K multiple,
* and AVB_CUSTOM_KEY_LEN_MAX is 4K. The offset will lay on
* 4K boundary.
*/
if (store_logic_read((const char *)partition,
size - AVB_CUSTOM_KEY_LEN_MAX,
AVB_CUSTOM_KEY_LEN_MAX,
(unsigned char *)keybuf) >= 0) {
memcpy(&key, keybuf, sizeof(AvbKey_t));
}
}
}
if (keybuf && (strncmp(keybuf, "AVBK", 4) == 0)) {
printf("AVB2 verify with avb_custom_key\n");
if (key.size == public_key_length &&
!avb_safe_memcmp(public_key_data,
keybuf + sizeof(AvbKey_t), public_key_length)) {
*out_is_trusted = true;
ret = AVB_IO_RESULT_OK;
}
if (is_device_unlocked())
ret = AVB_IO_RESULT_OK;
} else {
/**
* When the custom key is set
* and the device is in the LOCKED state
* it will boot images signed with both the built-in key
* as well as the custom key
*/
printf("AVB2 verify with default kpub:%d, vbmeta kpub:%ld\n",
avb2_kpub_default_len, public_key_length);
if (avb2_kpub_default_len == public_key_length &&
!avb_safe_memcmp(public_key_data,
avb2_kpub_default, public_key_length)) {
*out_is_trusted = true;
ret = AVB_IO_RESULT_OK;
}
}
} else {
printf("AVB2 verify with production kpub:%d, vbmeta kpub:%ld\n",
avb2_kpub_production_len, public_key_length);
if (avb2_kpub_production_len == public_key_length &&
!avb_safe_memcmp(public_key_data,
avb2_kpub_production, public_key_length)) {
*out_is_trusted = true;
ret = AVB_IO_RESULT_OK;
}
for (i = 0; i < avb2_kpub_production_len; i++) {
if (avb2_kpub_production[i] != 0)
break;
}
if (i == avb2_kpub_production_len)
printf("ERROR: DID YOU FORGET TO CHANGE AVB2 KEY FOR SECURE BOOT?");
}
if (keybuf)
free(keybuf);
if (ret != AVB_IO_RESULT_OK)
printf("AVB2 key in bootloader does not match with the key in vbmeta\n");
return ret;
}
static AvbIOResult validate_public_key_for_partition(AvbOps *ops,
const char *partition,
const u8 *public_key_data,
size_t public_key_length,
const u8 *public_key_metadata,
size_t public_key_metadata_length,
bool *out_is_trusted,
uint32_t *out_rollback_index_location
)
{
AvbIOResult ret = AVB_IO_RESULT_ERROR_IO;
if (!ops || !partition || !public_key_data || !out_is_trusted ||
!out_rollback_index_location)
return AVB_IO_RESULT_ERROR_INSUFFICIENT_SPACE;
*out_is_trusted = false;
if (!strcmp(partition, "recovery") ||
!strcmp(partition, "recovery-memory")) {
printf("checking for recovery partition\n");
ret = validate_vbmeta_public_key(ops, public_key_data,
public_key_length, public_key_metadata,
public_key_metadata_length,
out_is_trusted);
*out_rollback_index_location = RECOVERY_ARB_LOCATION;
} else {
*out_rollback_index_location = 0;
return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
}
return ret;
}
static AvbIOResult read_rollback_index(AvbOps *ops, size_t rollback_index_location,
uint64_t *out_rollback_index)
{
AvbIOResult result = AVB_IO_RESULT_OK;
#if defined(CONFIG_AML_ANTIROLLBACK) || defined(CONFIG_AML_AVB2_ANTIROLLBACK)
uint32_t version = 0;
#endif
*out_rollback_index = 0;
#if defined(CONFIG_AML_ANTIROLLBACK) || defined(CONFIG_AML_AVB2_ANTIROLLBACK)
if (is_avb_arb_available()) {
if (get_avb_antirollback(rollback_index_location, &version)) {
*out_rollback_index = version;
} else {
printf("failed to read rollback index: %zd\n", rollback_index_location);
result = AVB_IO_RESULT_ERROR_NO_SUCH_VALUE;
}
}
#endif
return result;
}
static AvbIOResult write_rollback_index(AvbOps* ops, size_t rollback_index_location,
uint64_t rollback_index)
{
AvbIOResult result = AVB_IO_RESULT_OK;
#if defined(CONFIG_AML_ANTIROLLBACK) || defined(CONFIG_AML_AVB2_ANTIROLLBACK)
uint32_t version = rollback_index;
if (is_avb_arb_available()) {
if (!set_avb_antirollback(rollback_index_location, version)) {
printf("failed to set rollback index: %zd, version: %u\n",
rollback_index_location, version);
result = AVB_IO_RESULT_ERROR_NO_SUCH_VALUE;
}
}
#endif
return result;
}
static AvbIOResult read_is_device_unlocked(AvbOps* ops, bool* out_is_unlocked)
{
AvbIOResult result = AVB_IO_RESULT_OK;
LockData_t info = { 0 };
#if defined(CONFIG_AML_ANTIROLLBACK) || defined(CONFIG_AML_AVB2_ANTIROLLBACK)
uint32_t lock_state = 0;
#endif
char *lock_s = env_get("lock");
if (!lock_s)
return AVB_IO_RESULT_ERROR_IO;
#if defined(CONFIG_AML_ANTIROLLBACK) || defined(CONFIG_AML_AVB2_ANTIROLLBACK)
if (is_avb_arb_available()) {
if (get_avb_lock_state(&lock_state)) {
*out_is_unlocked = !lock_state;
if (*out_is_unlocked)
lock_s[4] = '0';
else
lock_s[4] = '1';
} else {
printf("failed to read device lock status from rpmb\n");
result = AVB_IO_RESULT_ERROR_IO;
}
return result;
}
#endif
memset(&info, 0, sizeof(struct LockData));
info.version_major = (int)(lock_s[0] - '0');
info.version_minor = (int)(lock_s[1] - '0');
info.lock_state = (int)(lock_s[4] - '0');
info.lock_critical_state = (int)(lock_s[5] - '0');
info.lock_bootloader = (int)(lock_s[6] - '0');
if (info.lock_state == 1)
*out_is_unlocked = false;
else
*out_is_unlocked = true;
return result;
}
#if CONFIG_IS_ENABLED(MMC_MESON_GX)
/* 4K bytes are allocated to store persistent value
* The first 4B is the persistent store magic word "@AVB"
* It is further divided into 132B slots
* Each 132B contains a persistent_value_t structure.
*/
#define AVB_PERSISTENT_MISC_OFFSET (2040 * 1024)
#define AVB_PERSISTENT_SLOT (31)
/* 4100 */
#define AVB_PERSISTENT_SIZE (4 + 4 + 132 * AVB_PERSISTENT_SLOT)
#define AVB_PERSISTENT_MAGIC "@AVB"
#define AVB_PERSISTENT_VERSION (0x0)
#define PERSISTENT_NAME_MAX_LEN (64)
#define PERSISTENT_VALUE_MAX_LEN (64)
#define PERSISTENT_FILENAME "avb_persist"
#define DEV_NAME "mmc"
#define DEV_NO (1)
#define PART_TYPE "user"
#define PART_NAME_RSV "rsv"
#define PART_NAME_FTY "factory"
#define NAND_FTY_MOUNT_PT "mnt"
struct persistent_value {
uint8_t name_length;
uint8_t value_length;
uint16_t rsv;
char name[PERSISTENT_NAME_MAX_LEN];
uint8_t value[PERSISTENT_VALUE_MAX_LEN];
};
static uint8_t *persistent_store(int32_t *is_empty)
{
uint8_t *buf = NULL;
int rc = 0;
loff_t act_read = 0;
/* initialize factory partition */
rc = run_command("factory_provision init", 0);
if (rc) {
printf("init factory partition failed\n");
return NULL;
}
buf = malloc(AVB_PERSISTENT_SIZE);
if (!buf) {
printf("failed to allocate buf for persistent store\n");
return NULL;
}
if (fat_read_file(PERSISTENT_FILENAME, buf, 0,
AVB_PERSISTENT_SIZE, &act_read)) {
printf("failed to read persistent store\n");
goto empty;
} else {
if (act_read != AVB_PERSISTENT_SIZE) {
printf("unexpected size: %lld\n", act_read);
memset(buf, 0, AVB_PERSISTENT_SIZE);
goto empty;
}
}
empty:
if (memcmp(&buf[0], AVB_PERSISTENT_MAGIC, 4)) {
printf("empty persistent store, resetting\n");
memset(buf, 0, AVB_PERSISTENT_SIZE);
memcpy(&buf[0], AVB_PERSISTENT_MAGIC, 4);
if (is_empty)
*is_empty = 1;
} else {
if (is_empty)
*is_empty = 0;
}
return buf;
}
static AvbIOResult persistent_test(AvbOps *ops)
{
AvbIOResult ret = AVB_IO_RESULT_OK;
static const char case_I[] = "smart wolves";
static const char case_II[] = "happy wife";
static const char case_III[] = "lion king";
char case_I_read[sizeof(case_I)] = {0};
char case_II_read[sizeof(case_II)] = {0};
char case_III_read[sizeof(case_III)] = {0};
size_t out_num_bytes_read = 0;
ret = ops->write_persistent_value(ops, "persist test case I",
sizeof(case_I), (const uint8_t *)case_I);
if (ret != AVB_IO_RESULT_OK) {
printf("failed to write case I\n");
return ret;
}
ret = ops->write_persistent_value(ops, "persist test case II",
sizeof(case_II), (const uint8_t *)case_II);
if (ret != AVB_IO_RESULT_OK) {
printf("failed to write case II\n");
return ret;
}
ret = ops->write_persistent_value(ops, "persist test case III",
sizeof(case_III), (const uint8_t *)case_III);
if (ret != AVB_IO_RESULT_OK) {
printf("failed to write case III\n");
return ret;
}
ret = ops->read_persistent_value(ops, "persist test case I",
sizeof(case_I_read), (uint8_t *)case_I_read, &out_num_bytes_read);
if (ret != AVB_IO_RESULT_OK) {
printf("failed to read case I\n");
return ret;
}
if (out_num_bytes_read == sizeof(case_I_read) &&
!strncmp(case_I, case_I_read, sizeof(case_I))) {
printf("case I passed\n");
} else {
printf("case I failed\n");
}
ret = ops->read_persistent_value(ops, "persist test case II",
sizeof(case_II_read), (uint8_t *)case_II_read,
&out_num_bytes_read);
if (ret != AVB_IO_RESULT_OK) {
printf("failed to read case II\n");
return ret;
}
if (out_num_bytes_read == sizeof(case_II_read) &&
!strncmp(case_II, case_II_read, sizeof(case_II))) {
printf("case II passed\n");
} else {
printf("case II failed\n");
}
ret = ops->read_persistent_value(ops, "persist test case III",
sizeof(case_III_read), (uint8_t *)case_III_read,
&out_num_bytes_read);
if (ret != AVB_IO_RESULT_OK) {
printf("failed to read case III\n");
return ret;
}
if (out_num_bytes_read == sizeof(case_III_read) &&
!strncmp(case_III, case_III_read, sizeof(case_III))) {
printf("case III passed\n");
} else {
printf("case III failed\n");
}
return ret;
}
#endif
#if CONFIG_IS_ENABLED(MMC_MESON_GX)
uint32_t create_csrs(void)
{
int part_num = get_partition_num_by_name(PART_NAME_FTY);
char part_name[32] = {0};
char cmd[64] = {0};
uint8_t buf[1] = {0};
if (part_num >= 0)
strcpy(part_name, PART_NAME_FTY);
else
strcpy(part_name, PART_NAME_RSV);
sprintf(cmd, "fatmkdir %s 0x%X:0x%X %s", DEV_NAME, DEV_NO,
get_partition_num_by_name(part_name), "csrs");
if (run_command(cmd, 0)) {
printf("command[%s] failed\n", cmd);
return AVB_IO_RESULT_ERROR_IO;
}
memset(cmd, 0, sizeof(cmd));
sprintf(cmd, "fatwrite %s 0x%X:0x%X 0x%08X %s 0x%X", DEV_NAME, DEV_NO,
get_partition_num_by_name(part_name),
(uint32_t)virt_to_phys((void *)buf), "csrs/csrs.json", 1);
if (run_command(cmd, 0)) {
printf("command[%s] failed\n", cmd);
return AVB_IO_RESULT_ERROR_IO;
}
return AVB_IO_RESULT_OK;
}
#else
uint32_t create_csrs(void)
{
return AVB_IO_RESULT_OK;
}
#endif
#if CONFIG_IS_ENABLED(MMC_MESON_GX)
static AvbIOResult write_persistent_to_factory(uint8_t *buf, uint32_t size)
{
int part_num = get_partition_num_by_name(PART_NAME_FTY);
char part_name[32] = {0};
char cmd[64] = {0};
if (part_num >= 0)
strcpy(part_name, PART_NAME_FTY);
else
strcpy(part_name, PART_NAME_RSV);
sprintf(cmd, "fatwrite %s 0x%X:0x%X 0x%08X %s 0x%X", DEV_NAME, DEV_NO,
get_partition_num_by_name(part_name),
(uint32_t)virt_to_phys((void *)buf), PERSISTENT_FILENAME, size);
if (run_command(cmd, 0)) {
printf("command[%s] failed\n", cmd);
return AVB_IO_RESULT_ERROR_IO;
}
return AVB_IO_RESULT_OK;
}
static AvbIOResult persistent_wipe(void)
{
uint8_t *buf = NULL;
AvbIOResult ret = AVB_IO_RESULT_OK;
buf = persistent_store(NULL);
if (buf) {
memset(buf, 0, AVB_PERSISTENT_SIZE);
memcpy(&buf[0], AVB_PERSISTENT_MAGIC, 4);
*(uint32_t *)&buf[4] = AVB_PERSISTENT_VERSION;
} else {
return AVB_IO_RESULT_ERROR_IO;
}
ret = write_persistent_to_factory(buf, AVB_PERSISTENT_SIZE);
free(buf);
return ret;
}
static AvbIOResult persistent_dump(void)
{
uint8_t *buf = NULL;
int rc = 0;
AvbIOResult ret = AVB_IO_RESULT_OK;
char *name = NULL;
int i = 0;
char cmd[64] = {0};
struct persistent_value *persist = NULL;
buf = persistent_store(NULL);
if (buf) {
printf("persistent store:\n");
/* skip magic word and version */
persist = (struct persistent_value *)(buf + 8);
for (i = 0; i < AVB_PERSISTENT_SLOT; i++) {
printf("%d:\n", i);
if (persist[i].name_length) {
name = malloc(persist[i].name_length);
if (!name) {
printf("failed to allocate name\n");
goto out;
}
strncpy(name, persist[i].name,
persist[i].name_length);
printf("%s\n", name);
free(name);
printf("length = %d\n",
persist[i].value_length);
snprintf(cmd, sizeof(cmd),
"md.b %p %x", persist[i].value,
persist[i].value_length);
rc = run_command(cmd, 0);
if (rc) {
printf("failed to run cmd: %s\n", cmd);
ret = AVB_IO_RESULT_ERROR_IO;
goto out;
}
} else {
printf("empty slot\n");
}
}
} else {
return AVB_IO_RESULT_ERROR_IO;
}
out:
free(buf);
return ret;
}
AvbIOResult read_persistent_value(AvbOps *ops, const char *name,
size_t buffer_size, uint8_t *out_buffer, size_t *out_num_bytes_read)
{
uint8_t *buf = NULL;
uint32_t value_found = 0;
uint32_t i = 0;
struct persistent_value *persist = NULL;
AvbIOResult ret = AVB_IO_RESULT_OK;
AvbIOResult ret_write = AVB_IO_RESULT_OK;
int32_t is_empty = 0;
if (!out_buffer) {
if (!buffer_size)
return AVB_IO_RESULT_OK;
else
return AVB_IO_RESULT_ERROR_IO;
}
buf = persistent_store(&is_empty);
if (buf) {
/* skip magic word and version */
persist = (struct persistent_value *)(buf + 8);
for (i = 0; i < AVB_PERSISTENT_SLOT; i++) {
if (strlen(name) == persist[i].name_length &&
!strncmp(persist[i].name, name, persist[i].name_length)) {
if (buffer_size >= persist[i].value_length) {
memcpy(out_buffer, persist[i].value,
persist[i].value_length);
*out_num_bytes_read = persist[i].value_length;
ret = AVB_IO_RESULT_OK;
} else {
ret = AVB_IO_RESULT_ERROR_INSUFFICIENT_SPACE;
*out_num_bytes_read = persist[i].value_length;
}
value_found = 1;
break;
}
}
if (!value_found)
ret = AVB_IO_RESULT_ERROR_NO_SUCH_VALUE;
} else {
ret = AVB_IO_RESULT_ERROR_IO;
}
/* write storage, if empty */
if (is_empty) {
ret_write = write_persistent_to_factory(buf, AVB_PERSISTENT_SIZE);
if (ret_write != AVB_IO_RESULT_OK)
printf("failed to write empty persistent data\n");
}
free(buf);
return ret;
}
AvbIOResult write_persistent_value(AvbOps *ops, const char *name,
size_t value_size, const uint8_t *value)
{
uint8_t *buf = NULL;
struct persistent_value *empty_slot = NULL;
uint32_t value_found = 0;
uint32_t i = 0;
struct persistent_value *persist = NULL;
AvbIOResult ret = AVB_IO_RESULT_OK;
if (value_size > PERSISTENT_VALUE_MAX_LEN)
return AVB_IO_RESULT_ERROR_INVALID_VALUE_SIZE;
if (strlen(name) > PERSISTENT_NAME_MAX_LEN)
return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE;
buf = persistent_store(NULL);
if (buf) {
/* skip magic word and version */
persist = (struct persistent_value *)(buf + 8);
for (i = 0; i < AVB_PERSISTENT_SLOT; i++) {
if (!persist[i].name_length) {
if (!empty_slot)
empty_slot = &persist[i];
} else {
if (strlen(name) == persist[i].name_length &&
!strncmp(persist[i].name, name,
persist[i].name_length)) {
memset(persist[i].value, 0, sizeof(persist[i].value));
memcpy(persist[i].value, value, value_size);
persist[i].value_length = value_size;
value_found = 1;
break;
}
}
}
if (!value_found) {
if (empty_slot) {
empty_slot->name_length = strlen(name);
memset(empty_slot->name, 0, sizeof(empty_slot->name));
memcpy(empty_slot->name, name, empty_slot->name_length);
memset(empty_slot->value, 0, sizeof(empty_slot->value));
memcpy(empty_slot->value, value, value_size);
empty_slot->value_length = value_size;
} else {
printf("no more slots\n");
ret = AVB_IO_RESULT_ERROR_IO;
goto out;
}
}
} else {
ret = AVB_IO_RESULT_ERROR_IO;
goto out;
}
ret = write_persistent_to_factory(buf, AVB_PERSISTENT_SIZE);
out:
free(buf);
return ret;
}
#endif
static int avb_init(void)
{
int factory_part_num = -1;
#if CONFIG_IS_ENABLED(MMC_MESON_GX)
/* partition name is valid */
if (find_mmc_partition_by_name(PART_NAME_FTY))
factory_part_num = get_partition_num_by_name(PART_NAME_FTY);
#endif
enum boot_type_e type = store_get_type();
memset(&avb_ops_, 0, sizeof(AvbOps));
avb_ops_.read_from_partition = read_from_partition;
avb_ops_.get_preloaded_partition = get_preloaded_partition;
avb_ops_.write_to_partition = write_to_partition;
avb_ops_.validate_vbmeta_public_key = validate_vbmeta_public_key;
avb_ops_.read_rollback_index = read_rollback_index;
avb_ops_.write_rollback_index = write_rollback_index;
avb_ops_.read_is_device_unlocked = read_is_device_unlocked;
avb_ops_.get_unique_guid_for_partition = get_unique_guid_for_partition;
avb_ops_.get_size_of_partition = get_size_of_partition;
avb_ops_.validate_public_key_for_partition = validate_public_key_for_partition;
if (type == BOOT_NAND_MTD || type == BOOT_SNAND || factory_part_num < 0) {
avb_ops_.read_persistent_value = NULL;
avb_ops_.write_persistent_value = NULL;
} else {
#if CONFIG_IS_ENABLED(MMC_MESON_GX)
avb_ops_.read_persistent_value = read_persistent_value;
avb_ops_.write_persistent_value = write_persistent_value;
#else
avb_ops_.read_persistent_value = NULL;
avb_ops_.write_persistent_value = NULL;
#endif
}
return 0;
}
int is_device_unlocked(void)
{
AvbIOResult ret;
bool out_is_unlocked;
ret = read_is_device_unlocked(&avb_ops_, &out_is_unlocked);
if (ret == AVB_IO_RESULT_OK)
return out_is_unlocked;
else
return 0;
}
int avb_verify(AvbSlotVerifyData** out_data)
{
/* The last slot must be NULL */
const char *requested_partitions[AVB_NUM_SLOT + 1] = {"boot", "dt", "dtbo",
"init_boot", "vendor_boot", NULL, NULL};
AvbSlotVerifyResult result = AVB_SLOT_VERIFY_RESULT_OK;
char *s1 = NULL;
char *ab_suffix = NULL;
int factory_part_num = -1;
AvbHashtreeErrorMode hashtree_error_mode =
AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE;
#if CONFIG_IS_ENABLED(MMC_MESON_GX)
/* partition name is valid */
if (find_mmc_partition_by_name(PART_NAME_FTY))
factory_part_num = get_partition_num_by_name(PART_NAME_FTY);
#endif
enum boot_type_e type = store_get_type();
s1 = env_get("active_slot");
if (!s1) {
run_command("get_valid_slot;", 0);
s1 = env_get("active_slot");
}
if (s1) {
printf("active_slot is %s\n", s1);
if (!strcmp(s1, "normal"))
ab_suffix = "";
else
ab_suffix = env_get("active_slot");
}
if (!ab_suffix)
ab_suffix = "";
printf("ab_suffix is %s\n", ab_suffix);
AvbSlotVerifyFlags flags = AVB_SLOT_VERIFY_FLAGS_NONE;
avb_init();
if (is_device_unlocked())
flags |= AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR;
if (!strcmp(ab_suffix, "")) {
printf("recovery: %d\n", run_in_recovery);
if (run_in_recovery) {
flags |= AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION;
memset(requested_partitions, 0, sizeof(requested_partitions));
if (recovery_from_memory)
requested_partitions[0] = "recovery-memory";
else
requested_partitions[0] = "recovery";
recovery_from_memory = 0;
}
}
if (type == BOOT_NAND_MTD || type == BOOT_SNAND || factory_part_num < 0)
hashtree_error_mode =
AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE;
else
hashtree_error_mode =
AVB_HASHTREE_ERROR_MODE_MANAGED_RESTART_AND_EIO;
result = avb_slot_verify(&avb_ops_, requested_partitions, ab_suffix,
flags, hashtree_error_mode, out_data);
clear_avb_parts();
run_in_recovery = 0;
return result;
}
static int do_avb_verify(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
AvbSlotVerifyResult result = AVB_SLOT_VERIFY_RESULT_OK;
AvbSlotVerifyData *out_data = NULL;
uint32_t i = 0;
#if defined(CONFIG_AML_ANTIROLLBACK) || defined(CONFIG_AML_AVB2_ANTIROLLBACK)
uint32_t version = 0;
uint32_t lock_state = 0;
#endif
result = (AvbSlotVerifyResult)avb_verify(&out_data);
printf("result: %d\n", result);
if (result == AVB_SLOT_VERIFY_RESULT_OK && out_data) {
printf("ab_suffix: %s\n", out_data->ab_suffix);
printf("vbmeta: name: %s, size: %zd, result: %d\n",
out_data->vbmeta_images->partition_name,
out_data->vbmeta_images->vbmeta_size,
out_data->vbmeta_images->verify_result);
printf("num of vbmeta: %zd\n", out_data->num_vbmeta_images);
printf("loaded name: %s, size: %zd, preload: %d\n",
out_data->loaded_partitions->partition_name,
out_data->loaded_partitions->data_size,
out_data->loaded_partitions->preloaded);
printf("num of loaded: %zd\n", out_data->num_loaded_partitions);
printf("cmdline: %s\n", out_data->cmdline);
for (i = 0; i < AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS; i++)
printf("rollback(%d) = %llu\n", i, out_data->rollback_indexes[i]);
#if defined(CONFIG_AML_ANTIROLLBACK) || defined(CONFIG_AML_AVB2_ANTIROLLBACK)
if (is_avb_arb_available()) {
for (i = 0; i < AVB_MAX_NUMBER_OF_ROLLBACK_INDEX_LOCATIONS; i++)
if (get_avb_antirollback(i, &version))
printf("rpmb rollback(%d) = %u\n", i, version);
if (get_avb_lock_state(&lock_state))
printf("rpmb lock state: %u\n", lock_state);
}
#endif
avb_slot_verify_data_free(out_data);
}
return result;
}
#if CONFIG_IS_ENABLED(MMC_MESON_GX)
static int do_avb_persist(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
int result = 0;
u32 cmd = 0;
if (argc != 2) {
printf("invalid argc: %d\n", argc);
return -1;
}
avb_init();
if (!strcmp(argv[1], "test")) {
cmd = 0;
} else if (!strcmp(argv[1], "wipe")) {
cmd = 1;
} else if (!strcmp(argv[1], "dump")) {
cmd = 2;
} else {
printf("unknown cmd: %s\n", argv[1]);
return -1;
}
switch (cmd) {
case 0:
printf("persist test\n");
result = persistent_test(&avb_ops_);
break;
case 1:
printf("persist wipe\n");
result = persistent_wipe();
break;
case 2:
printf("persist dump\n");
result = persistent_dump();
break;
}
return result;
}
#endif
static int do_avb_verify_memory(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
if (argc != 3)
return 0;
if (is_device_unlocked())
return CMD_RET_SUCCESS;
#ifndef CONFIG_AVB2
return CMD_RET_SUCCESS;
#else
if (strcmp(argv[1], "recovery"))
return CMD_RET_FAILURE;
memory_addr = (void *)simple_strtoul(argv[2], NULL, 16);
recovery_from_memory = 1;
return CMD_RET_SUCCESS;
#endif
}
static int do_avb_recovery(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
run_in_recovery = 0;
if (argc != 2)
return CMD_RET_FAILURE;
if (is_device_unlocked())
return CMD_RET_SUCCESS;
#ifndef CONFIG_AVB2
return CMD_RET_SUCCESS;
#else
if (!strcmp(argv[1], "1"))
run_in_recovery = 1;
else
run_in_recovery = 0;
return CMD_RET_SUCCESS;
#endif
}
static int do_avb_preload(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
run_in_recovery = 0;
if (argc != 2)
return CMD_RET_FAILURE;
#ifndef CONFIG_AVB2
return CMD_RET_SUCCESS;
#else
if (!strcmp(argv[1], "1"))
avb_preload = 1;
else
avb_preload = 0;
return CMD_RET_SUCCESS;
#endif
}
uint32_t avb_get_boot_patchlevel_from_vbmeta(AvbSlotVerifyData *data)
{
int i, j;
AvbVBMetaData *p;
const char *ret = NULL;
size_t len = 0;
char buff[9];
unsigned long boot_patchlevel;
if (!data)
return 0;
for (i = 0; i < data->num_vbmeta_images; i++) {
p = &data->vbmeta_images[i];
if (strcmp(p->partition_name, "vbmeta") == 0) { /* match */
if (p->verify_result != AVB_VBMETA_VERIFY_RESULT_OK) {
// not verified
printf("vbmeta verify_result %d\n", p->verify_result);
/*device lock, treat as error*/
if (!is_device_unlocked()) {
printf("device lock, but vbmeta verify fail\n");
return 0;
}
}
ret = avb_property_lookup(p->vbmeta_data,
p->vbmeta_size,
"com.android.build.init_boot.security_patch",
0,
&len);
if (ret)
break;
ret = avb_property_lookup(p->vbmeta_data,
p->vbmeta_size,
"com.android.build.boot.security_patch",
0,
&len);
if (ret)
break;
// else
// printf("not found com.android.build.boot.
// security_patch,len = %d\n", (int)len);
}
}
if (ret) {
for (i = 0, j = 0; i < len; i++) {
if (ret[i] != '-' && j < 8)
buff[j++] = ret[i];
}
buff[8] = '\0';
if (!strict_strtoul(buff, 10, &boot_patchlevel))
return (uint32_t)boot_patchlevel;
}
return 0;
}
static cmd_tbl_t cmd_avb_sub[] = {
U_BOOT_CMD_MKENT(verify, 0, 0, do_avb_verify, "", ""),
#if CONFIG_IS_ENABLED(MMC_MESON_GX)
U_BOOT_CMD_MKENT(persist, 2, 0, do_avb_persist, "avb persist test/wipe/dump",
"avb persist test/wipe/dump"),
#endif
U_BOOT_CMD_MKENT(memory, 4, 0, do_avb_verify_memory, "", ""),
U_BOOT_CMD_MKENT(recovery, 2, 0, do_avb_recovery, "", ""),
U_BOOT_CMD_MKENT(preload, 2, 0, do_avb_preload, "", ""),
};
static int do_avb_ops(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
cmd_tbl_t *c;
int ret = CMD_RET_SUCCESS;
/* Strip off leading 'avb' command argument */
argc--;
argv++;
c = find_cmd_tbl(argv[0], &cmd_avb_sub[0], ARRAY_SIZE(cmd_avb_sub));
if (c) {
ret = c->cmd(cmdtp, flag, argc, argv);
} else {
cmd_usage(cmdtp);
ret = CMD_RET_FAILURE;
}
return ret;
}
int do_GetAvbMode(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
{
#ifdef CONFIG_AVB2
env_set("avb2", "1");
#else
env_set("avb2", "0");
#endif
return 0;
}
U_BOOT_CMD
(get_avb_mode, 1, 0, do_GetAvbMode,
"get_avb_mode",
"\nThis command will get avb mode\n"
"So you can execute command: get_avb_mode"
);
U_BOOT_CMD(
avb, 4, 0, do_avb_ops,
"avb",
"\nThis command will trigger related avb operations\n"
);