From patchwork Sun Jun 3 18:56:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Opaniuk X-Patchwork-Id: 137606 Delivered-To: patch@linaro.org Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp659045lji; Sun, 3 Jun 2018 12:00:02 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJfbqO1pY0w0okBq4rcuk/Yz2CMmPxG7B5U+rNBGNpp2e4iwUj12jtn71MrKspCWEBH30vQ X-Received: by 2002:a50:aa5d:: with SMTP id p29-v6mr3720050edc.233.1528052402425; Sun, 03 Jun 2018 12:00:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528052402; cv=none; d=google.com; s=arc-20160816; b=RqYv3fAf/BOAMByyA43tj8QaUjWXSMhyrejl/L6+o/yQC1SX2IWT2MURnjtejEN8uu tFPZy2twkLsr7qTRWGOMY3dh8mNCmqeGcJVCen7IZSK2VvYIaNuHRKftYkVsRunHZ+St cQLxkGr1UugPU0aet+NxmQa7CUSmABQn3KGS2CfjCQi9iIMzZX7E+0Oqt/oFGE2EbcaJ RQQAf6ppktlaJTBqaIyc5tWkfa3Xu3pxg5sjraal/ds9iycHBM+gOjbKMMZSppHUmp6C R9AnZoYyLkwEL8fx0ekX+EArJEYOLMTAOLYC/ddHKUnoGUCOgEEqnCOonJrtna27Ms7e Pmwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:references:in-reply-to:message-id :date:to:from:dkim-signature:arc-authentication-results; bh=TFnQRMws9oejoV/q8tzaRgwcPmu6xcfSa8w4dXzF0vI=; b=u2aQ4DqM/5CItZKVsr0OIczku75FpZJtXUhaQgHUbGSbyrCsyP88KGioomRSZLEXOZ Y4tfvrmaxEFv2TtipTetejQhJHjF5gC7Uck2B1dlN8CXnoLNP+On/Fo0w6F5xOptku8P rKZQedBiVlJ5or1i+eAX+1IWKpwOcsE/ZBa8rFbd+RcZhsIp+ilyMHiGFg/Cq2tC+6eW iMYypPzvK+z0/61YE88CkxAsJziM6jJLa2n6ggLPNyzUDRAJ3C69w8IIVoRb2NGiQLYd O8qONgWsQ8KQKbndat47E5M07ueUHR0HDhlsQpUI6k97ut4eUxhFg/RQM5joSpjSulcp DHYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=F/gTNsR6; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id b25-v6si767882eda.285.2018.06.03.12.00.01; Sun, 03 Jun 2018 12:00:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=F/gTNsR6; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id CB91AC21DFF; Sun, 3 Jun 2018 18:59:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id E5F67C21E31; Sun, 3 Jun 2018 18:57:13 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id CBB00C21DB5; Sun, 3 Jun 2018 18:57:04 +0000 (UTC) Received: from mail-lf0-f66.google.com (mail-lf0-f66.google.com [209.85.215.66]) by lists.denx.de (Postfix) with ESMTPS id 4A2D5C21E2F for ; Sun, 3 Jun 2018 18:57:00 +0000 (UTC) Received: by mail-lf0-f66.google.com with SMTP id v135-v6so21856550lfa.9 for ; Sun, 03 Jun 2018 11:57:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=eocoAhDzJja6wzljq/ZJBcFE6wOfBWSec+Kwzp6Bw3s=; b=F/gTNsR6os+lS7Hger237Sc9DYsn0aq0WXAIm6a+bFICcR1EncHsgYG8TTfX7jQJ+5 QZUvCZv9CgzwPDg02HfhjGpUK3n2m5Wkt+LvapoJhKigdy863LM8fYmhPmDUtOewos/n TqtFBL2fywNCGTFdz84MaOPG+c7XzJqaOliHk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=eocoAhDzJja6wzljq/ZJBcFE6wOfBWSec+Kwzp6Bw3s=; b=NkBz9bidjACSALw9uHEO1ju54deBb3i99C85Vd5HZkLE3Glx21bDpE7xwmw1Qyh9XA zNHm2IfDEEvgT4cuklSDdiy+3LidlBxMvLsaIkq++ENfz3R7uwxqKpvv4P7i0yx4Ma8Y GVLRod7kKZ2esVRXtS4Zpni2ErOy9D8+cJClsz79UwbSkrLSGvEZaMhTReLr7bWdb0Q+ Ts+V3SfACkwF075NS0GYKZcvVbRILFpnBDi1sdZtTOv5o3RCqM+0p6g9fIASysPj6IfD RABSKnMHOaaTcWLcNZAwCSADZc7+o9gNckiJI6GkFWoD27B5sALENiEpWM8cxZGgFa+B xpGA== X-Gm-Message-State: ALKqPwezw4LdOrJ7mVYeQX9ciU2McgAMNxKAU+6jIiekGyTp+XWwFNcb 3wtRJzAwU2aJqeLCuEKG2ppfj5I9iyLhhg== X-Received: by 2002:a19:7:: with SMTP id 7-v6mr11609370lfa.62.1528052219438; Sun, 03 Jun 2018 11:56:59 -0700 (PDT) Received: from localhost (host-176-36-145-117.la.net.ua. [176.36.145.117]) by smtp.gmail.com with ESMTPSA id q35-v6sm979430lfi.68.2018.06.03.11.56.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 03 Jun 2018 11:56:58 -0700 (PDT) From: Igor Opaniuk To: u-boot@lists.denx.de Date: Sun, 3 Jun 2018 21:56:40 +0300 Message-Id: <1528052203-29689-6-git-send-email-igor.opaniuk@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1528052203-29689-1-git-send-email-igor.opaniuk@linaro.org> References: <1528052203-29689-1-git-send-email-igor.opaniuk@linaro.org> Cc: trini@konsulko.com, praneeth@ti.com, misael.lopez@ti.com, erosca@de.adit-jv.com, joakim.bech@linaro.org Subject: [U-Boot] [PATCH v2 5/8] avb2.0: add boot states and dm-verity support X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" 1. Add initial support of boot states mode (red, green, yellow) 2. Add functions for enforcing dm-verity configurations Signed-off-by: Igor Opaniuk --- cmd/avb.c | 17 ++++++- common/avb_verify.c | 137 +++++++++++++++++++++++++++++++++++++++++++++++++-- include/avb_verify.h | 19 ++++++- 3 files changed, 168 insertions(+), 5 deletions(-) diff --git a/cmd/avb.c b/cmd/avb.c index dd389cd..f045a0c 100644 --- a/cmd/avb.c +++ b/cmd/avb.c @@ -218,6 +218,8 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, { AvbSlotVerifyResult slot_result; AvbSlotVerifyData *out_data; + char *cmdline; + char *extra_args; bool unlocked = false; int res = CMD_RET_FAILURE; @@ -249,10 +251,23 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, switch (slot_result) { case AVB_SLOT_VERIFY_RESULT_OK: + /* Until we don't have support of changing unlock states, we + * assume that we are by default in locked state. + * So in this case we can boot only when verification is + * successful; we also supply in cmdline GREEN boot state + */ printf("Verification passed successfully\n"); /* export additional bootargs to AVB_BOOTARGS env var */ - env_set(AVB_BOOTARGS, out_data->cmdline); + + extra_args = avb_set_state(avb_ops, AVB_GREEN); + if (extra_args) + cmdline = append_cmd_line(out_data->cmdline, + extra_args); + else + cmdline = out_data->cmdline; + + env_set(AVB_BOOTARGS, cmdline); res = CMD_RET_SUCCESS; break; diff --git a/common/avb_verify.c b/common/avb_verify.c index a4de168..f9a00f8 100644 --- a/common/avb_verify.c +++ b/common/avb_verify.c @@ -119,6 +119,137 @@ const unsigned char avb_root_pub[1032] = { /** * ============================================================================ + * Boot states support (GREEN, YELLOW, ORANGE, RED) and dm_verity + * ============================================================================ + */ +char *avb_set_state(AvbOps *ops, enum avb_boot_state boot_state) +{ + struct AvbOpsData *data; + char *cmdline = NULL; + + if (!ops) + return NULL; + + data = (struct AvbOpsData *)ops->user_data; + if (!data) + return NULL; + + data->boot_state = boot_state; + switch (boot_state) { + case AVB_GREEN: + cmdline = "androidboot.verifiedbootstate=green"; + break; + case AVB_YELLOW: + cmdline = "androidboot.verifiedbootstate=yellow"; + break; + case AVB_ORANGE: + cmdline = "androidboot.verifiedbootstate=orange"; + case AVB_RED: + break; + } + + return cmdline; +} + +char *append_cmd_line(char *cmdline_orig, char *cmdline_new) +{ + char *cmd_line; + + if (!cmdline_new) + return cmdline_orig; + + if (cmdline_orig) + cmd_line = cmdline_orig; + else + cmd_line = " "; + + cmd_line = avb_strdupv(cmd_line, " ", cmdline_new, NULL); + + return cmd_line; +} + +static int avb_find_dm_args(char **args, char *str) +{ + int i; + + if (!str) + return -1; + + for (i = 0; i < AVB_MAX_ARGS, args[i]; ++i) { + if (strstr(args[i], str)) + return i; + } + + return -1; +} + +static char *avb_set_enforce_option(const char *cmdline, const char *option) +{ + char *cmdarg[AVB_MAX_ARGS]; + char *newargs = NULL; + int i = 0; + int total_args; + + memset(cmdarg, 0, sizeof(cmdarg)); + cmdarg[i++] = strtok((char *)cmdline, " "); + + do { + cmdarg[i] = strtok(NULL, " "); + if (!cmdarg[i]) + break; + + if (++i >= AVB_MAX_ARGS) { + printf("%s: Can't handle more then %d args\n", + __func__, i); + return NULL; + } + } while (true); + + total_args = i; + i = avb_find_dm_args(&cmdarg[0], VERITY_TABLE_OPT_LOGGING); + if (i >= 0) { + cmdarg[i] = (char *)option; + } else { + i = avb_find_dm_args(&cmdarg[0], VERITY_TABLE_OPT_RESTART); + if (i < 0) { + printf("%s: No verity options found\n", __func__); + return NULL; + } + + cmdarg[i] = (char *)option; + } + + for (i = 0; i <= total_args; i++) + newargs = append_cmd_line(newargs, cmdarg[i]); + + return newargs; +} + +char *avb_set_ignore_corruption(const char *cmdline) +{ + char *newargs = NULL; + + newargs = avb_set_enforce_option(cmdline, VERITY_TABLE_OPT_LOGGING); + if (newargs) + newargs = append_cmd_line(newargs, + "androidboot.veritymode=eio"); + + return newargs; +} + +char *avb_set_enforce_verity(const char *cmdline) +{ + char *newargs; + + newargs = avb_set_enforce_option(cmdline, VERITY_TABLE_OPT_RESTART); + if (newargs) + newargs = append_cmd_line(newargs, + "androidboot.veritymode=enforcing"); + return newargs; +} + +/** + * ============================================================================ * IO(mmc) auxiliary functions * ============================================================================ */ @@ -478,7 +609,7 @@ static AvbIOResult read_rollback_index(AvbOps *ops, u64 *out_rollback_index) { /* For now we always return 0 as the stored rollback index. */ - printf("TODO: implement %s.\n", __func__); + printf("%s not supported yet\n", __func__); if (out_rollback_index) *out_rollback_index = 0; @@ -502,7 +633,7 @@ static AvbIOResult write_rollback_index(AvbOps *ops, u64 rollback_index) { /* For now this is a no-op. */ - printf("TODO: implement %s.\n", __func__); + printf("%s not supported yet\n", __func__); return AVB_IO_RESULT_OK; } @@ -522,7 +653,7 @@ static AvbIOResult read_is_device_unlocked(AvbOps *ops, bool *out_is_unlocked) { /* For now we always return that the device is unlocked. */ - printf("TODO: implement %s.\n", __func__); + printf("%s not supported yet\n", __func__); *out_is_unlocked = true; diff --git a/include/avb_verify.h b/include/avb_verify.h index 428c69a..eaa60f5 100644 --- a/include/avb_verify.h +++ b/include/avb_verify.h @@ -11,11 +11,22 @@ #include <../lib/libavb/libavb.h> #include -#define ALLOWED_BUF_ALIGN 8 +#define AVB_MAX_ARGS 1024 +#define VERITY_TABLE_OPT_RESTART "restart_on_corruption" +#define VERITY_TABLE_OPT_LOGGING "ignore_corruption" +#define ALLOWED_BUF_ALIGN 8 + +enum avb_boot_state { + AVB_GREEN, + AVB_YELLOW, + AVB_ORANGE, + AVB_RED, +}; struct AvbOpsData { struct AvbOps ops; int mmc_dev; + enum avb_boot_state boot_state; }; struct mmc_part { @@ -33,6 +44,12 @@ enum mmc_io_type { AvbOps *avb_ops_alloc(int boot_device); void avb_ops_free(AvbOps *ops); +char *avb_set_state(AvbOps *ops, enum avb_boot_state boot_state); +char *avb_set_enforce_verity(const char *cmdline); +char *avb_set_ignore_corruption(const char *cmdline); + +char *append_cmd_line(char *cmdline_orig, char *cmdline_new); + /** * ============================================================================ * I/O helper inline functions