lib: avb: support the atx and public_key verify

1.support the permanent attribute verify 2.support the PRK, PIK, PSK certificate verify and then get the psk public_key, compare it with public_key in vbmeta. If the function is required, please open the macro AVB_VBMETA_PUBLIC_KEY_VALIDATE. Change-Id: Ifeab776c76f97fadd980671481ce27d203516673 Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
2017-10-23 10:38:13 +08:00 · 2017-10-23 10:38:13 +08:00 · ceecd5fea6
parent 0916e43b54
commit ceecd5fea6
3 changed files with 68 additions and 1 deletions
--- a/include/android_avb/avb_atx_validate.h
+++ b/include/android_avb/avb_atx_validate.h
@ -43,6 +43,31 @@ extern "C" {
 #define AVB_ATX_PIK_VERSION_LOCATION 0x1000
 #define AVB_ATX_PSK_VERSION_LOCATION 0x1001

+/**
+ * read permanent attributes from rpmb
+ *
+ * @param atx_ops
+ *
+ * @param attributes The attributes inclue psk_public product id,
+ * 		     ref:AvbAtxPermanentAttributes.
+ *
+ * @return AvbIOResult
+ */
+AvbIOResult avb_read_perm_attr(AvbAtxOps* atx_ops,
+				      AvbAtxPermanentAttributes* attributes);
+
+/**
+ * read permanent attributes hash from efuse
+ *
+ * @param atx_ops
+ *
+ * @param attributes The attributes inclue psk_public product id,
+ * 		     ref:AvbAtxPermanentAttributes.
+ *
+ * @return AvbIOResult
+ */
+AvbIOResult avb_read_perm_attr_hash(AvbAtxOps* atx_ops,
+					   uint8_t hash[AVB_SHA256_DIGEST_SIZE]);
 /* An implementation of validate_vbmeta_public_key for Android Things. See
 * libavb/avb_ops.h for details on validate_vbmeta_public_key in general. This
 * implementation uses the metadata expected with Android Things vbmeta images
--- a/lib/avb/rk_libavb_atx/avb_atx_validate.c
+++ b/lib/avb/rk_libavb_atx/avb_atx_validate.c
@ -23,11 +23,40 @@
 */

 #include <android_avb/avb_atx_validate.h>
-
 #include <android_avb/avb_rsa.h>
 #include <android_avb/avb_sha.h>
 #include <android_avb/avb_sysdeps.h>
 #include <android_avb/avb_util.h>
+#include <optee_include/OpteeClientInterface.h>
+
+/* read permanent attributes from rpmb */
+AvbIOResult avb_read_perm_attr(AvbAtxOps* atx_ops,
+				      AvbAtxPermanentAttributes* attributes)
+{
+	if (attributes != NULL) {
+#ifdef CONFIG_OPTEE_CLIENT
+		trusty_read_permanent_attributes((uint8_t *)attributes,
+						 sizeof(struct AvbAtxPermanentAttributes));
+		return AVB_IO_RESULT_OK;
+#endif
+	}
+
+	return -1;
+}
+
+/*read permanent attributes hash from efuse */
+AvbIOResult avb_read_perm_attr_hash(AvbAtxOps* atx_ops,
+					   uint8_t hash[AVB_SHA256_DIGEST_SIZE])
+{
+#ifdef CONFIG_OPTEE_CLIENT
+	if (trusty_read_attribute_hash((uint32_t *)hash, AVB_SHA256_DIGEST_SIZE / 4))
+		return -1;
+#else
+	avb_error("Please open the macro!\n");
+	return -1;
+#endif
+	return AVB_IO_RESULT_OK;
+}

 /* Computes the SHA256 |hash| of |length| bytes of |data|. */
 static void sha256(const uint8_t* data,
--- a/lib/avb/rk_libavb_user/avb_ops_user.c
+++ b/lib/avb/rk_libavb_user/avb_ops_user.c
@ -158,9 +158,20 @@ static AvbIOResult validate_vbmeta_public_key(
 	size_t public_key_metadata_length,
 	bool *out_is_trusted)
 {
+#ifdef AVB_VBMETA_PUBLIC_KEY_VALIDATE
+	if (out_is_trusted != NULL) {
+		avb_atx_validate_vbmeta_public_key(ops,
+						   public_key_data,
+						   public_key_length,
+						   public_key_metadata,
+						   public_key_metadata_length,
+						   out_is_trusted);
+	}
+#else
 	if (out_is_trusted != NULL) {
 		*out_is_trusted = true;
 	}
+#endif
 	return AVB_IO_RESULT_OK;
 }

@ -293,6 +304,8 @@ AvbOps* avb_ops_user_new(void)
 	ops->ab_ops->read_ab_metadata = avb_ab_data_read;
 	ops->ab_ops->write_ab_metadata = avb_ab_data_write;
 	ops->ab_ops->init_ab_metadata = avb_ab_data_init;
+	ops->atx_ops->read_permanent_attributes = avb_read_perm_attr;
+	ops->atx_ops->read_permanent_attributes_hash = avb_read_perm_attr_hash;
 out:
 	return ops;
 }