From ceecd5fea6de2781691f9680016d16f24249362f Mon Sep 17 00:00:00 2001 From: Jason Zhu Date: Mon, 23 Oct 2017 10:38:13 +0800 Subject: [PATCH] lib: avb: support the atx and public_key verify 1.support the permanent attribute verify 2.support the PRK, PIK, PSK certificate verify and then get the psk public_key, compare it with public_key in vbmeta. If the function is required, please open the macro AVB_VBMETA_PUBLIC_KEY_VALIDATE. Change-Id: Ifeab776c76f97fadd980671481ce27d203516673 Signed-off-by: Jason Zhu --- include/android_avb/avb_atx_validate.h | 25 +++++++++++++++++++ lib/avb/rk_libavb_atx/avb_atx_validate.c | 31 +++++++++++++++++++++++- lib/avb/rk_libavb_user/avb_ops_user.c | 13 ++++++++++ 3 files changed, 68 insertions(+), 1 deletion(-) diff --git a/include/android_avb/avb_atx_validate.h b/include/android_avb/avb_atx_validate.h index f5804885b9..28d5be030d 100644 --- a/include/android_avb/avb_atx_validate.h +++ b/include/android_avb/avb_atx_validate.h @@ -43,6 +43,31 @@ extern "C" { #define AVB_ATX_PIK_VERSION_LOCATION 0x1000 #define AVB_ATX_PSK_VERSION_LOCATION 0x1001 +/** + * read permanent attributes from rpmb + * + * @param atx_ops + * + * @param attributes The attributes inclue psk_public product id, + * ref:AvbAtxPermanentAttributes. + * + * @return AvbIOResult + */ +AvbIOResult avb_read_perm_attr(AvbAtxOps* atx_ops, + AvbAtxPermanentAttributes* attributes); + +/** + * read permanent attributes hash from efuse + * + * @param atx_ops + * + * @param attributes The attributes inclue psk_public product id, + * ref:AvbAtxPermanentAttributes. + * + * @return AvbIOResult + */ +AvbIOResult avb_read_perm_attr_hash(AvbAtxOps* atx_ops, + uint8_t hash[AVB_SHA256_DIGEST_SIZE]); /* An implementation of validate_vbmeta_public_key for Android Things. See * libavb/avb_ops.h for details on validate_vbmeta_public_key in general. This * implementation uses the metadata expected with Android Things vbmeta images diff --git a/lib/avb/rk_libavb_atx/avb_atx_validate.c b/lib/avb/rk_libavb_atx/avb_atx_validate.c index dbc6769313..4002038273 100644 --- a/lib/avb/rk_libavb_atx/avb_atx_validate.c +++ b/lib/avb/rk_libavb_atx/avb_atx_validate.c @@ -23,11 +23,40 @@ */ #include - #include #include #include #include +#include + +/* read permanent attributes from rpmb */ +AvbIOResult avb_read_perm_attr(AvbAtxOps* atx_ops, + AvbAtxPermanentAttributes* attributes) +{ + if (attributes != NULL) { +#ifdef CONFIG_OPTEE_CLIENT + trusty_read_permanent_attributes((uint8_t *)attributes, + sizeof(struct AvbAtxPermanentAttributes)); + return AVB_IO_RESULT_OK; +#endif + } + + return -1; +} + +/*read permanent attributes hash from efuse */ +AvbIOResult avb_read_perm_attr_hash(AvbAtxOps* atx_ops, + uint8_t hash[AVB_SHA256_DIGEST_SIZE]) +{ +#ifdef CONFIG_OPTEE_CLIENT + if (trusty_read_attribute_hash((uint32_t *)hash, AVB_SHA256_DIGEST_SIZE / 4)) + return -1; +#else + avb_error("Please open the macro!\n"); + return -1; +#endif + return AVB_IO_RESULT_OK; +} /* Computes the SHA256 |hash| of |length| bytes of |data|. */ static void sha256(const uint8_t* data, diff --git a/lib/avb/rk_libavb_user/avb_ops_user.c b/lib/avb/rk_libavb_user/avb_ops_user.c index bf6c293684..887bb6b274 100644 --- a/lib/avb/rk_libavb_user/avb_ops_user.c +++ b/lib/avb/rk_libavb_user/avb_ops_user.c @@ -158,9 +158,20 @@ static AvbIOResult validate_vbmeta_public_key( size_t public_key_metadata_length, bool *out_is_trusted) { +#ifdef AVB_VBMETA_PUBLIC_KEY_VALIDATE + if (out_is_trusted != NULL) { + avb_atx_validate_vbmeta_public_key(ops, + public_key_data, + public_key_length, + public_key_metadata, + public_key_metadata_length, + out_is_trusted); + } +#else if (out_is_trusted != NULL) { *out_is_trusted = true; } +#endif return AVB_IO_RESULT_OK; } @@ -293,6 +304,8 @@ AvbOps* avb_ops_user_new(void) ops->ab_ops->read_ab_metadata = avb_ab_data_read; ops->ab_ops->write_ab_metadata = avb_ab_data_write; ops->ab_ops->init_ab_metadata = avb_ab_data_init; + ops->atx_ops->read_permanent_attributes = avb_read_perm_attr; + ops->atx_ops->read_permanent_attributes_hash = avb_read_perm_attr_hash; out: return ops; }