From patchwork Wed Apr 25 13:17:59 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Igor Opaniuk <igor.opaniuk@linaro.org>
X-Patchwork-Id: 134305
Delivered-To: patch@linaro.org
Received: by 10.46.151.6 with SMTP id r6csp864346lji;
 Wed, 25 Apr 2018 06:25:19 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/4qYLnx4q/DFkkSXwAfC0zSY8DAbcyXXoo3Eovc/EnZsbv9hiKP3q1HLl1eu8T/nKe3Aj9
X-Received: by 10.80.158.141 with SMTP id a13mr32519823edf.78.1524662719228; 
 Wed, 25 Apr 2018 06:25:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524662719; cv=none;
 d=google.com; s=arc-20160816;
 b=wbHegUsNNqt1321MbK+6cChaQ5ROOD2kYZ5pdrtHsTd5dmWT8jVNyZjOGczaBI1Qb4
 kKO1hHQiC6z30gxptSYR9dw+GihICVjuZlkOZ3FNkzSASQ/cZilGnEFol4nAlRefjHEt
 0ttZR/oUV1cKDKkjz+IFLColbPHJvJXYxJqr8mGWS2E2+mtEh73bufWMe/wQLYorfThg
 O8fb1fxFGJwlA6xHmCuYm0j8m/xdNLgLZQAvHXFAgZ6mpq1JgjwjKgDxyQrhYz2KXyXn
 TvxK5YL+UlKvLEpPneWIjQiugVBe+dZWSyQ7IBIH0uSYN4SdZJR8OuotueqsRCfar8GO
 ZM7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:cc:references:in-reply-to:message-id
 :date:to:from:dkim-signature:arc-authentication-results;
 bh=1u5hNs7MQ33Am2KJkYllalZ4mWOxf8U5OfroRMAKnT8=;
 b=LZ0NYaXHZZFZB7WSf1uF/P0dwmgB6/TfTHzQn2NEQZXT59pRkAGD+msobNV0FWBu33
 Iueq0WyYsgDAEMPqJdMJGdw3Bd5DeE9XFVZ82VugvgCH5qezvo+IUcbjhl52Wsc7Ehag
 R7ZlhXfdv3mWxDpS2bIFEEu+vrEbVr5J8yCYVX22JPjiJS2oHfD5gNI2fQUB8kfRw/+5
 zmLo3vxdpDF2z2H6yN+4JqeK4P5YyVOyh2byFGIe1U91F4xWS6blx38Pk7o+cLjnpUq7
 awGXg4KxYIu03CZA43NiKwsTAa/lWuQLF+tgMYRiSasY2nJyO0XAOhSk5TIDFux9d44T
 k9JQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=a+4/T9+g; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from lists.denx.de (dione.denx.de. [81.169.180.215])
 by mx.google.com with ESMTP id
 t24si11152051edm.246.2018.04.25.06.25.18; 
 Wed, 25 Apr 2018 06:25:19 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) client-ip=81.169.180.215; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=a+4/T9+g; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: by lists.denx.de (Postfix, from userid 105)
 id D4059C2202A; Wed, 25 Apr 2018 13:23:44 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3,
 RCVD_IN_MSPIKE_WL,
 T_DKIM_INVALID autolearn=unavailable autolearn_force=no
 version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
 by lists.denx.de (Postfix) with ESMTP id 23A83C22003;
 Wed, 25 Apr 2018 13:21:05 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
 id 68045C21E13; Wed, 25 Apr 2018 13:18:13 +0000 (UTC)
Received: from mail-lf0-f68.google.com (mail-lf0-f68.google.com
 [209.85.215.68])
 by lists.denx.de (Postfix) with ESMTPS id 512E4C21FDF
 for <u-boot@lists.denx.de>; Wed, 25 Apr 2018 13:18:13 +0000 (UTC)
Received: by mail-lf0-f68.google.com with SMTP id q5-v6so25400153lff.12
 for <u-boot@lists.denx.de>; Wed, 25 Apr 2018 06:18:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=6nyYSOjSReBXUJ+Uu4N+xC1Un1eNgAouv2KZOwkEiO0=;
 b=a+4/T9+goV4CXEGRfXd2hwKe67MIUr4otfSqDMbLQ4xl8I6n9WZWWRrw9u1mQdbv6A
 ygovqmtI0vG+SHHy4UTCtkO50rKHLTYBeSO2SM+CVCeElSO2VPQw0pHzxTjzWWQdAcKt
 n/UdkTkxEiYwO9d3tf5K82TFETYmeDzu8Ijsw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=6nyYSOjSReBXUJ+Uu4N+xC1Un1eNgAouv2KZOwkEiO0=;
 b=YoJGe3kWPStJOKMZPxtCONQwaCV2lNoRzda8JSu4lJGBlWGYH6smPsG+73ohxsNzZw
 CNj8CEeA1L10fcvVL0boC4s/z4lrUuQzHxktZDslvuc3UKE9c5U7fhkzVrwr1DLT5vMG
 QKFuug3XZFh5RnmAzAwJ8QJedRnhweYFCJSHH7yTLbxp6rAFQQOziF/+U9gtdqqmxAMr
 Ajc1xp7P5HA0JGupFLJDMs/q7tYqLygYCjOQD6ZIn1VpVO+sqsk/5BFq9WECp1N/GbC7
 XSPobgJAcKrCfrNMT8+edgocqoEaGfrgQyT6NDDf5KkBOYZCER7YcKdbPPTff6LqC9te
 5p3A==
X-Gm-Message-State: ALQs6tAU+i0DHT8WlgoghyslT+WV8Nd6OkdsE7EgQoDaM066CQ2uGpC/
 /Z7brNlFoZiFftz/ryJGYyHgFlPdwl4Nrw==
X-Received: by 2002:a19:d8a5:: with SMTP id
 r37-v6mr14869677lfi.88.1524662292418; 
 Wed, 25 Apr 2018 06:18:12 -0700 (PDT)
Received: from localhost ([195.238.93.36]) by smtp.gmail.com with ESMTPSA id
 f26-v6sm3923480lfl.90.2018.04.25.06.18.11
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 25 Apr 2018 06:18:11 -0700 (PDT)
From: Igor Opaniuk <igor.opaniuk@linaro.org>
To: u-boot@lists.denx.de
Date: Wed, 25 Apr 2018 16:17:59 +0300
Message-Id: <1524662285-19617-3-git-send-email-igor.opaniuk@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1524662285-19617-1-git-send-email-igor.opaniuk@linaro.org>
References: <1524662285-19617-1-git-send-email-igor.opaniuk@linaro.org>
X-Mailman-Approved-At: Wed, 25 Apr 2018 13:20:58 +0000
Cc: trini@konsulko.com, praneeth@ti.com, misael.lopez@ti.com,
 joakim.bech@linaro.org
Subject: [U-Boot] [PATCH 2/8] avb2.0: integrate avb 2.0 into the build system
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Integrate libavb/libavb_ab into the build system. Introduce CONFIG_LIBAVB
and CONFIG_LIBAVB_AVB options for enabling build.

Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
---
 lib/Kconfig            | 20 ++++++++++++++++++++
 lib/Makefile           |  2 ++
 lib/libavb/Makefile    | 15 +++++++++++++++
 lib/libavb_ab/Makefile |  9 +++++++++
 4 files changed, 46 insertions(+)
 create mode 100644 lib/libavb/Makefile
 create mode 100644 lib/libavb_ab/Makefile

diff --git a/lib/Kconfig b/lib/Kconfig
index 436b90f..0429e17 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -142,6 +142,26 @@ config TPM
 
 endmenu
 
+menu "Android Verified Boot"
+
+config LIBAVB
+	bool "Android Verified Boot 2.0 support"
+	depends on ANDROID_BOOT_IMAGE
+	help
+	  This enables support of Android Verified Boot 2.0 which can be used
+	  to assure the end user of the integrity of the software running on a
+	  device. Introduces such features as boot chain of trust, rollback
+	  protection etc.
+
+config LIBAVB_AB
+	bool "Android Verified Boot 2.0 A/B slot support"
+	depends on LIBAVB
+	help
+	  This enables support of Android Verified Boot for A/B slots, that
+	  are used in seamless system updates.
+
+endmenu
+
 menu "Hashing Support"
 
 config SHA1
diff --git a/lib/Makefile b/lib/Makefile
index 35da570..934f8a7 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -55,6 +55,8 @@ obj-$(CONFIG_$(SPL_)ZLIB) += zlib/
 obj-$(CONFIG_$(SPL_)GZIP) += gunzip.o
 obj-$(CONFIG_$(SPL_)LZO) += lzo/
 
+obj-$(CONFIG_LIBAVB) += libavb/
+obj-$(CONFIG_LIBAVB_AB) += libavb_ab/
 
 obj-$(CONFIG_$(SPL_TPL_)SAVEENV) += qsort.o
 obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += libfdt/
diff --git a/lib/libavb/Makefile b/lib/libavb/Makefile
new file mode 100644
index 0000000..0a06a26
--- /dev/null
+++ b/lib/libavb/Makefile
@@ -0,0 +1,15 @@
+#
+# (C) Copyright 2017 Linaro Limited
+#
+# SPDX-License-Identifier:	GPL-2.0+
+#
+
+obj-$(CONFIG_LIBAVB) += avb_chain_partition_descriptor.o avb_crypto.o
+obj-$(CONFIG_LIBAVB) += avb_footer.o avb_hashtree_descriptor.o
+obj-$(CONFIG_LIBAVB) += avb_property_descriptor.o avb_sha256.o
+obj-$(CONFIG_LIBAVB) += avb_slot_verify.o avb_util.o avb_version.o
+obj-$(CONFIG_LIBAVB) += avb_descriptor.o avb_hash_descriptor.o
+obj-$(CONFIG_LIBAVB) += avb_kernel_cmdline_descriptor.o avb_rsa.o avb_sha512.o
+obj-$(CONFIG_LIBAVB) += avb_sysdeps_posix.o avb_vbmeta_image.o
+
+ccflags-y = -DAVB_COMPILATION
diff --git a/lib/libavb_ab/Makefile b/lib/libavb_ab/Makefile
new file mode 100644
index 0000000..f4bd72e
--- /dev/null
+++ b/lib/libavb_ab/Makefile
@@ -0,0 +1,9 @@
+#
+# (C) Copyright 2017 Linaro Limited
+#
+# SPDX-License-Identifier:	GPL-2.0+
+#
+
+obj-$(CONFIG_LIBAVB_AB) += avb_ab_flow.o
+
+ccflags-y = -DAVB_COMPILATION