From patchwork Sun Jun 3 18:56:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Opaniuk X-Patchwork-Id: 137603 Delivered-To: patch@linaro.org Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp657307lji; Sun, 3 Jun 2018 11:57:03 -0700 (PDT) X-Google-Smtp-Source: ADUXVKL1Zk//ux5bA0vzmK5TH7pfj7DwP9vsB8cGevqe9JskN+irwIvlp+Ppq3YsoUvHvDz6dPRV X-Received: by 2002:a50:e043:: with SMTP id g3-v6mr21022472edl.123.1528052223814; Sun, 03 Jun 2018 11:57:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528052223; cv=none; d=google.com; s=arc-20160816; b=cUBY+ElFZkJnQZ1ACdQZyvnHw9GORIBBjlRN7xbx3qIxMg/HeBWGgNnbqRbbTXsD2a jXlNucw0VsCrYUheqzAGQoASRzEVxoOKg6AI+Tx7whpFoe6K0YlNpRgH3WLGA47UFoe6 zIg10OEDq6TfyN1F2Fs9jY+q1GSE5/7tEdW+3F2VDeqRyuonGA5yafI2NF9yi7d8LruU OVUfCau6JNDfF6cNxIKeQoOKj9cXZPep0x6xs8jUvYtHciVrGDevidRLgtFRzSIrXhyH J9/CHOIpsvZJ5e2s6T+F+HGZQp6DYN38HS+PCBCPCg+El57RmdoZBYZZj17j6ainoJNh SAyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:message-id:date:to:from:dkim-signature :arc-authentication-results; bh=TjloDaiXOfjYlZ2ujtpUqftIE1AN0tSflxl/H3/1L7k=; b=Gm/Y/QvBTu8uEgyy2hY4gTilwicRr2zCxxVsNUPJNBZv8AmGkf7feWuM3evnvDT4dh ttcJUGo37wwY+nvkujU21DcNY4VP3lZWqazi0wCOyokcDCIU+Wr0cc54Nin7DkFA2mmt Jtc5O0mBXQo/Hllyv1hXDDERA4pq6CreGfCdlUxlhHDYqwXPu3CUR1XvGn32k8xtEt70 mcgWsNZWokY6dtIe2qe5O/G3ePIdFKdRPukljRJZqXTq1WyOoXe7tLiLS3RHrXmnyo77 D2BR98JT813KWZz+yX9hfGMi0nzSa7o3sRoSekOMQeUQP2GPEThxtTP5BI0qO2Grag/f hx2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=jqnudKwW; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id m25-v6si1620816edb.388.2018.06.03.11.57.03; Sun, 03 Jun 2018 11:57:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=jqnudKwW; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 5E2E6C21E16; Sun, 3 Jun 2018 18:57:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 99EC1C21D4A; Sun, 3 Jun 2018 18:56:59 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 7AA53C21DFF; Sun, 3 Jun 2018 18:56:46 +0000 (UTC) Received: from mail-lf0-f65.google.com (mail-lf0-f65.google.com [209.85.215.65]) by lists.denx.de (Postfix) with ESMTPS id EC807C21E36 for ; Sun, 3 Jun 2018 18:56:45 +0000 (UTC) Received: by mail-lf0-f65.google.com with SMTP id 36-v6so19901981lfr.11 for ; Sun, 03 Jun 2018 11:56:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=UU06DuZYkH/2+oTm2WQtYRDSQuBuBGMsfK+aM0lMJ5s=; b=jqnudKwWB+3BdouUt/tyVxPfPvQUX8sik4qHWbfwg11f4BT3GjcHINcrnSQ23TL+Gh 6bOB5P4Pwf72Ba1lMVgp+DaDM9X6ouJrdU1Wsx0XO+l8GCRveOYA8mn+BfKoEYcHI/zN 9yJDhawmLQriZw/u9SGCoS1rdF1wj8hVFPWsY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=UU06DuZYkH/2+oTm2WQtYRDSQuBuBGMsfK+aM0lMJ5s=; b=e6B4xcTYlnxCEII8cNMs4SFMKn9UfjjScq5ed8cLmaBlNYfAs6cSpRH4ElWJqAJAH6 LHszWGywR1LVDfwSISVxFYex5YmJUEW3PA+5fpIlViwZsZWDqV4Q44lFYZs8owtMPyVY HYWK2AdpKDgviaANAvsgbEoLK9o31FPwOEfTAL50cVbuRQKFUK48U/EOrCNythjccQRB w3NJoRcXa/63ZmQLjv/a5hKAwYysg0W08/6OLm2M/iZnY0HQ/vNL1CXGHCUYkoFnrC4v sx1laTvVeRC53eALtzbztitCtDkrJGpA8MM9b8czbAj4p9ze3XD4uR3xo77/zBYIZsyM heuA== X-Gm-Message-State: ALKqPwc3Nuoju15aFd6Y6zfc5Su+PTbPereQqVLPnFvUMyTq0PYGvdg7 yoasHymZecI/BVXOtVJ30VQcBYL52QPWRg== X-Received: by 2002:a2e:84d5:: with SMTP id q21-v6mr12851346ljh.126.1528052205104; Sun, 03 Jun 2018 11:56:45 -0700 (PDT) Received: from localhost (host-176-36-145-117.la.net.ua. [176.36.145.117]) by smtp.gmail.com with ESMTPSA id f64-v6sm9997811lfg.63.2018.06.03.11.56.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 03 Jun 2018 11:56:44 -0700 (PDT) From: Igor Opaniuk To: u-boot@lists.denx.de Date: Sun, 3 Jun 2018 21:56:35 +0300 Message-Id: <1528052203-29689-1-git-send-email-igor.opaniuk@linaro.org> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Cc: trini@konsulko.com, praneeth@ti.com, misael.lopez@ti.com, erosca@de.adit-jv.com, joakim.bech@linaro.org Subject: [U-Boot] [PATCH v2 0/8] Initial integration of AVB2.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This series of patches introduces support of Android Verified Boot 2.0, which provides integrity checking of Android partitions on MMC. It integrates libavb into the U-boot, provides implementation of AvbOps, subset of `avb` commands to run verification chain (and for debugging purposes), and it enables AVB2.0 verification on AM57xx HS SoC by default. Currently, there is still no support for verification of A/B boot slots and no rollback protection (for storing rollback indexes there are plans to use eMMC RPMB) Libavb will be deviated from AOSP upstream in the future, that's why minimal amount of changes were introduced into the lib sources, so checkpatch may fail. For additional details check [1] AVB 2.0 README and doc/README.avb2, which is a part of this patchset. [1] https://android.googlesource.com/platform/external/avb/+/master/README.md Changes for v2: - Updated libavb from the AOSP upstream - Removed libavb_ab is it's marked as deprecated - Added default n to Kconfigs for this feature (both for CONFIG_LIBAVB and CONFIG_CMD_AVB) - Minor fixes in avb_find_dm_args - Replaced "reinvented the wheel" str macro with existing __stringify() - Updated documentation - Updated avb_slot_verify invocation, supplying with new AvbHashtreeErrorMode param - Fixed array boundary exceeded error when handling bootargs in avb_find_dm_args Igor Opaniuk (8): avb2.0: add Android Verified Boot 2.0 library avb2.0: integrate avb 2.0 into the build system avb2.0: implement AVB ops cmd: avb2.0: avb command for performing verification avb2.0: add boot states and dm-verity support am57xx_hs: avb2.0: add support of AVB 2.0 test/py: avb2.0: add tests for avb commands doc: avb2.0: add README about AVB2.0 integration cmd/Kconfig | 16 + cmd/Makefile | 3 + cmd/avb.c | 372 ++++++++ common/Makefile | 2 + common/avb_verify.c | 741 +++++++++++++++ doc/README.avb2 | 97 ++ include/avb_verify.h | 96 ++ include/configs/am57xx_evm.h | 11 + include/environment/ti/boot.h | 15 + lib/Kconfig | 14 + lib/Makefile | 1 + lib/libavb/Makefile | 15 + lib/libavb/avb_chain_partition_descriptor.c | 46 + lib/libavb/avb_chain_partition_descriptor.h | 54 ++ lib/libavb/avb_cmdline.c | 422 +++++++++ lib/libavb/avb_cmdline.h | 72 ++ lib/libavb/avb_crypto.c | 354 +++++++ lib/libavb/avb_crypto.h | 156 +++ lib/libavb/avb_descriptor.c | 142 +++ lib/libavb/avb_descriptor.h | 113 +++ lib/libavb/avb_footer.c | 36 + lib/libavb/avb_footer.h | 68 ++ lib/libavb/avb_hash_descriptor.c | 44 + lib/libavb/avb_hash_descriptor.h | 70 ++ lib/libavb/avb_hashtree_descriptor.c | 52 + lib/libavb/avb_hashtree_descriptor.h | 80 ++ lib/libavb/avb_kernel_cmdline_descriptor.c | 40 + lib/libavb/avb_kernel_cmdline_descriptor.h | 63 ++ lib/libavb/avb_ops.h | 293 ++++++ lib/libavb/avb_property_descriptor.c | 167 ++++ lib/libavb/avb_property_descriptor.h | 89 ++ lib/libavb/avb_rsa.c | 276 ++++++ lib/libavb/avb_rsa.h | 55 ++ lib/libavb/avb_sha.h | 72 ++ lib/libavb/avb_sha256.c | 364 +++++++ lib/libavb/avb_sha512.c | 362 +++++++ lib/libavb/avb_slot_verify.c | 1367 +++++++++++++++++++++++++++ lib/libavb/avb_slot_verify.h | 341 +++++++ lib/libavb/avb_sysdeps.h | 101 ++ lib/libavb/avb_sysdeps_posix.c | 63 ++ lib/libavb/avb_util.c | 412 ++++++++ lib/libavb/avb_util.h | 269 ++++++ lib/libavb/avb_vbmeta_image.c | 290 ++++++ lib/libavb/avb_vbmeta_image.h | 276 ++++++ lib/libavb/avb_version.c | 16 + lib/libavb/avb_version.h | 41 + lib/libavb/libavb.h | 32 + test/py/tests/test_avb.py | 111 +++ 48 files changed, 8192 insertions(+) create mode 100644 cmd/avb.c create mode 100644 common/avb_verify.c create mode 100644 doc/README.avb2 create mode 100644 include/avb_verify.h create mode 100644 lib/libavb/Makefile create mode 100644 lib/libavb/avb_chain_partition_descriptor.c create mode 100644 lib/libavb/avb_chain_partition_descriptor.h create mode 100644 lib/libavb/avb_cmdline.c create mode 100644 lib/libavb/avb_cmdline.h create mode 100644 lib/libavb/avb_crypto.c create mode 100644 lib/libavb/avb_crypto.h create mode 100644 lib/libavb/avb_descriptor.c create mode 100644 lib/libavb/avb_descriptor.h create mode 100644 lib/libavb/avb_footer.c create mode 100644 lib/libavb/avb_footer.h create mode 100644 lib/libavb/avb_hash_descriptor.c create mode 100644 lib/libavb/avb_hash_descriptor.h create mode 100644 lib/libavb/avb_hashtree_descriptor.c create mode 100644 lib/libavb/avb_hashtree_descriptor.h create mode 100644 lib/libavb/avb_kernel_cmdline_descriptor.c create mode 100644 lib/libavb/avb_kernel_cmdline_descriptor.h create mode 100644 lib/libavb/avb_ops.h create mode 100644 lib/libavb/avb_property_descriptor.c create mode 100644 lib/libavb/avb_property_descriptor.h create mode 100644 lib/libavb/avb_rsa.c create mode 100644 lib/libavb/avb_rsa.h create mode 100644 lib/libavb/avb_sha.h create mode 100644 lib/libavb/avb_sha256.c create mode 100644 lib/libavb/avb_sha512.c create mode 100644 lib/libavb/avb_slot_verify.c create mode 100644 lib/libavb/avb_slot_verify.h create mode 100644 lib/libavb/avb_sysdeps.h create mode 100644 lib/libavb/avb_sysdeps_posix.c create mode 100644 lib/libavb/avb_util.c create mode 100644 lib/libavb/avb_util.h create mode 100644 lib/libavb/avb_vbmeta_image.c create mode 100644 lib/libavb/avb_vbmeta_image.h create mode 100644 lib/libavb/avb_version.c create mode 100644 lib/libavb/avb_version.h create mode 100644 lib/libavb/libavb.h create mode 100644 test/py/tests/test_avb.py