summaryrefslogtreecommitdiff
path: root/cmd/avb.c
AgeCommit message (Collapse)Author
2020-05-19cmd: avb: free partition buffer upon verify completionGary Bisson
Doing the same as the unittests for libavb [1]. Allows to run 'avb verify' multiple times which can be useful after a failure to be able to re-flash the partition and try again. [1] https://android.googlesource.com/platform/external/avb/+/refs/tags/android-9.0.0_r37/test/avb_slot_verify_unittest.cc#156 Signed-off-by: Gary Bisson <gary.bisson@boundarydevices.com> Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2020-05-18command: Remove the cmd_tbl_t typedefSimon Glass
We should not use typedefs in U-Boot. They cannot be used as forward declarations which means that header files must include the full header to access them. Drop the typedef and rename the struct to remove the _s suffix which is now not useful. This requires quite a few header-file additions. Signed-off-by: Simon Glass <sjg@chromium.org>
2019-10-31cmd: avb: Support A/B slotsSam Protsenko
Add optional parameter to 'avb verify' sub-command, so that user is able to specify which slot to use, in case when user's partitions are slotted. If that parameter is omitted, the behavior of 'avb verify' will be the same as before, so user API is content. Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org> Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com> Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2019-10-31cmd: avb: Fix requested partitions listSam Protsenko
The requested_partitions[] array should contain only boot partitions. Usually it's only 'boot' partition, as can be seen in [1]. Also, seems like the requested_partitions[] are only used when there is no 'vbmeta' partition [2], which is not a regular use-case. Make requested_partitions[] contain only 'boot' partition as it was supposed to be, and also make that array to be a local in do_avb_verify_part() function, as nobody else needs that. [1] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/test/avb_slot_verify_unittest.cc#108 [2] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/libavb/avb_slot_verify.c#1461 Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org> Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2019-08-11env: Move env_set() to env.hSimon Glass
Move env_set() over to the new header file. Acked-by: Joe Hershberger <joe.hershberger@ni.com> Signed-off-by: Simon Glass <sjg@chromium.org>
2019-08-07cmd: avb: Fix compiler warningsSam Protsenko
When building U-Boot with AVB enabled, compiler shows next warnings: cmd/avb.c: In function 'do_avb_read_pvalue': cmd/avb.c:371:18: warning: format '%ld' expects argument of type 'long int', but argument 2 has type 'size_t' {aka 'unsigned int'} [-Wformat=] printf("Read %ld bytes, value = %s\n", bytes_read, ~~^ ~~~~~~~~~~ %d cmd/avb.c: In function 'do_avb_write_pvalue': cmd/avb.c:404:19: warning: format '%ld' expects argument of type 'long int', but argument 2 has type '__kernel_size_t' {aka 'unsigned int'} [-Wformat=] printf("Wrote %ld bytes\n", strlen(value) + 1); ~~^ ~~~~~~~~~~~~~~~~~ %d Fix those by using "%zu" specified. Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org> Reviewed-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2019-04-26avb: add support for named persistent valuesIgor Opaniuk
AVB 2.0 spec. revision 1.1 introduces support for named persistent values that must be tamper evident and allows AVB to store arbitrary key-value pairs [1]. Introduce implementation of two additional AVB operations read_persistent_value()/write_persistent_value() for retrieving/storing named persistent values. Correspondent pull request in the OP-TEE OS project repo [2]. [1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22 [2]: https://github.com/OP-TEE/optee_os/pull/2699 Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Sam Protsenko <semen.protsenko@linaro.org> Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
2018-10-07cmd: avb: print error message if command failsJens Wiklander
Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2018-10-07cmd: avb read_rb: print rb_idx in hexadecimalJens Wiklander
Prior to this patch was do_avb_write_rb() reading supplied rb_idx as a hexadecimal number while do_avb_read_rb() printed the read out rb_idx as decimal number. For consistency change do_avb_read_rb() to print rb_idx as a hexadecimal number too. Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2018-06-18avb2.0: add boot states and dm-verity supportIgor Opaniuk
1. Add initial support of boot states mode (red, green, yellow) 2. Add functions for enforcing dm-verity configurations Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
2018-06-18cmd: avb2.0: avb command for performing verificationIgor Opaniuk
Enable a "avb" command to execute Android Verified Boot 2.0 operations. It includes such subcommands: avb init - initialize avb2 subsystem avb read_rb - read rollback index avb write_rb - write rollback index avb is_unlocked - check device lock state avb get_uuid - read and print uuid of a partition avb read_part - read data from partition avb read_part_hex - read data from partition and output to stdout avb write_part - write data to partition avb verify - run full verification chain Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>