From bb43c2784704b79eaa383fe38255b2ecf73b46ff Mon Sep 17 00:00:00 2001 From: Sam Protsenko Date: Thu, 15 Aug 2019 20:49:47 +0300 Subject: cmd: avb: Fix requested partitions list The requested_partitions[] array should contain only boot partitions. Usually it's only 'boot' partition, as can be seen in [1]. Also, seems like the requested_partitions[] are only used when there is no 'vbmeta' partition [2], which is not a regular use-case. Make requested_partitions[] contain only 'boot' partition as it was supposed to be, and also make that array to be a local in do_avb_verify_part() function, as nobody else needs that. [1] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/test/avb_slot_verify_unittest.cc#108 [2] https://android.googlesource.com/platform/external/avb/+/5fbb42a189aa/libavb/avb_slot_verify.c#1461 Signed-off-by: Sam Protsenko Reviewed-by: Igor Opaniuk --- cmd/avb.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'cmd') diff --git a/cmd/avb.c b/cmd/avb.c index 5bc158252b..d4e8884328 100644 --- a/cmd/avb.c +++ b/cmd/avb.c @@ -15,11 +15,6 @@ #define AVB_BOOTARGS "avb_bootargs" static struct AvbOps *avb_ops; -static const char * const requested_partitions[] = {"boot", - "system", - "vendor", - NULL}; - int do_avb_init(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { unsigned long mmc_dev; @@ -232,6 +227,7 @@ int do_avb_get_uuid(cmd_tbl_t *cmdtp, int flag, int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) { + const char * const requested_partitions[] = {"boot", NULL}; AvbSlotVerifyResult slot_result; AvbSlotVerifyData *out_data; char *cmdline; -- cgit From 965ec3caa8fcaafe3d18ad7c3810a13b09ee8abe Mon Sep 17 00:00:00 2001 From: Sam Protsenko Date: Mon, 21 Oct 2019 13:55:16 +0300 Subject: cmd: avb: Support A/B slots Add optional parameter to 'avb verify' sub-command, so that user is able to specify which slot to use, in case when user's partitions are slotted. If that parameter is omitted, the behavior of 'avb verify' will be the same as before, so user API is content. Signed-off-by: Sam Protsenko Reviewed-by: Igor Opaniuk Acked-by: Igor Opaniuk --- cmd/avb.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'cmd') diff --git a/cmd/avb.c b/cmd/avb.c index d4e8884328..a4de5c40a2 100644 --- a/cmd/avb.c +++ b/cmd/avb.c @@ -232,6 +232,7 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, AvbSlotVerifyData *out_data; char *cmdline; char *extra_args; + char *slot_suffix = ""; bool unlocked = false; int res = CMD_RET_FAILURE; @@ -241,9 +242,12 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, return CMD_RET_FAILURE; } - if (argc != 1) + if (argc < 1 || argc > 2) return CMD_RET_USAGE; + if (argc == 2) + slot_suffix = argv[1]; + printf("## Android Verified Boot 2.0 version %s\n", avb_version_string()); @@ -256,7 +260,7 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, slot_result = avb_slot_verify(avb_ops, requested_partitions, - "", + slot_suffix, unlocked, AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, &out_data); @@ -416,7 +420,7 @@ static cmd_tbl_t cmd_avb[] = { U_BOOT_CMD_MKENT(read_part, 5, 0, do_avb_read_part, "", ""), U_BOOT_CMD_MKENT(read_part_hex, 4, 0, do_avb_read_part_hex, "", ""), U_BOOT_CMD_MKENT(write_part, 5, 0, do_avb_write_part, "", ""), - U_BOOT_CMD_MKENT(verify, 1, 0, do_avb_verify_part, "", ""), + U_BOOT_CMD_MKENT(verify, 2, 0, do_avb_verify_part, "", ""), #ifdef CONFIG_OPTEE_TA_AVB U_BOOT_CMD_MKENT(read_pvalue, 3, 0, do_avb_read_pvalue, "", ""), U_BOOT_CMD_MKENT(write_pvalue, 3, 0, do_avb_write_pvalue, "", ""), @@ -459,6 +463,7 @@ U_BOOT_CMD( "avb read_pvalue - read a persistent value \n" "avb write_pvalue - write a persistent value \n" #endif - "avb verify - run verification process using hash data\n" + "avb verify [slot_suffix] - run verification process using hash data\n" " from vbmeta structure\n" + " [slot_suffix] - _a, _b, etc (if vbmeta partition is slotted)\n" ); -- cgit