401 lines
12 KiB
C
401 lines
12 KiB
C
/*
|
|
* Copyright (C) 2017 The Android Open Source Project
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person
|
|
* obtaining a copy of this software and associated documentation
|
|
* files (the "Software"), to deal in the Software without
|
|
* restriction, including without limitation the rights to use, copy,
|
|
* modify, merge, publish, distribute, sublicense, and/or sell copies
|
|
* of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be
|
|
* included in all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
* SOFTWARE.
|
|
*/
|
|
|
|
#include <common.h>
|
|
#include <image.h>
|
|
#include <android_image.h>
|
|
#include <malloc.h>
|
|
#include <mapmem.h>
|
|
#include <errno.h>
|
|
#include <command.h>
|
|
#include <mmc.h>
|
|
#include <blk.h>
|
|
#include <part.h>
|
|
#include <android_avb/avb_ops_user.h>
|
|
#include <android_avb/libavb_ab.h>
|
|
#include <android_avb/avb_atx_validate.h>
|
|
#include <android_avb/avb_atx_types.h>
|
|
#include <optee_include/OpteeClientInterface.h>
|
|
#include <optee_include/tee_api_defines.h>
|
|
#include <android_avb/avb_vbmeta_image.h>
|
|
#include <android_avb/avb_atx_validate.h>
|
|
#include <boot_rkimg.h>
|
|
|
|
static void byte_to_block(int64_t *offset,
|
|
size_t *num_bytes,
|
|
lbaint_t *offset_blk,
|
|
lbaint_t *blkcnt)
|
|
{
|
|
*offset_blk = (lbaint_t)(*offset / 512);
|
|
if (*num_bytes % 512 == 0) {
|
|
if (*offset % 512 == 0) {
|
|
*blkcnt = (lbaint_t)(*num_bytes / 512);
|
|
} else {
|
|
*blkcnt = (lbaint_t)(*num_bytes / 512) + 1;
|
|
}
|
|
} else {
|
|
if (*offset % 512 == 0) {
|
|
*blkcnt = (lbaint_t)(*num_bytes / 512) + 1;
|
|
} else {
|
|
if ((*offset % 512) + (*num_bytes % 512) < 512 ||
|
|
(*offset % 512) + (*num_bytes % 512) == 512) {
|
|
*blkcnt = (lbaint_t)(*num_bytes / 512) + 1;
|
|
} else {
|
|
*blkcnt = (lbaint_t)(*num_bytes / 512) + 2;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
static AvbIOResult read_from_partition(AvbOps* ops,
|
|
const char* partition,
|
|
int64_t offset,
|
|
size_t num_bytes,
|
|
void* buffer,
|
|
size_t* out_num_read)
|
|
{
|
|
struct blk_desc *dev_desc;
|
|
lbaint_t offset_blk, blkcnt;
|
|
disk_partition_t part_info;
|
|
|
|
byte_to_block(&offset, &num_bytes, &offset_blk, &blkcnt);
|
|
dev_desc = rockchip_get_bootdev();
|
|
if (!dev_desc) {
|
|
printf("%s: Could not find device\n", __func__);
|
|
return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
|
|
}
|
|
|
|
if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) {
|
|
printf("Could not find \"%s\" partition\n", partition);
|
|
return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
|
|
}
|
|
|
|
if((offset % 512 == 0) && (num_bytes % 512 == 0)) {
|
|
blk_dread(dev_desc, part_info.start + offset_blk, blkcnt, buffer);
|
|
*out_num_read = blkcnt * 512;
|
|
} else {
|
|
char *buffer_temp;
|
|
buffer_temp = malloc(512 * blkcnt);
|
|
if (buffer_temp == NULL) {
|
|
printf("malloc error!\n");
|
|
return AVB_IO_RESULT_ERROR_OOM;
|
|
}
|
|
blk_dread(dev_desc, part_info.start + offset_blk, blkcnt, buffer_temp);
|
|
memcpy(buffer, buffer_temp + (offset % 512), num_bytes);
|
|
*out_num_read = num_bytes;
|
|
free(buffer_temp);
|
|
}
|
|
|
|
return AVB_IO_RESULT_OK;
|
|
}
|
|
|
|
static AvbIOResult write_to_partition(AvbOps* ops,
|
|
const char* partition,
|
|
int64_t offset,
|
|
size_t num_bytes,
|
|
const void* buffer)
|
|
{
|
|
struct blk_desc *dev_desc;
|
|
char *buffer_temp;
|
|
disk_partition_t part_info;
|
|
lbaint_t offset_blk, blkcnt;
|
|
|
|
byte_to_block(&offset, &num_bytes, &offset_blk, &blkcnt);
|
|
buffer_temp = malloc(512 * blkcnt);
|
|
if (buffer_temp == NULL) {
|
|
printf("malloc error!\n");
|
|
return AVB_IO_RESULT_ERROR_OOM;
|
|
}
|
|
memset(buffer_temp, 0, 512 * blkcnt);
|
|
dev_desc = rockchip_get_bootdev();
|
|
if (!dev_desc) {
|
|
printf("%s: Could not find device\n", __func__);
|
|
return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
|
|
}
|
|
|
|
if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) {
|
|
printf("Could not find \"%s\" partition\n", partition);
|
|
return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
|
|
}
|
|
|
|
if ((offset % 512 != 0) && (num_bytes % 512) != 0) {
|
|
blk_dread(dev_desc, part_info.start + offset_blk, blkcnt, buffer_temp);
|
|
}
|
|
|
|
memcpy(buffer_temp, buffer + (offset % 512), num_bytes);
|
|
blk_dwrite(dev_desc, part_info.start + offset_blk, blkcnt, buffer);
|
|
free(buffer_temp);
|
|
|
|
return AVB_IO_RESULT_OK;
|
|
}
|
|
|
|
static AvbIOResult validate_vbmeta_public_key(
|
|
AvbOps *ops,
|
|
const uint8_t *public_key_data,
|
|
size_t public_key_length,
|
|
const uint8_t *public_key_metadata,
|
|
size_t public_key_metadata_length,
|
|
bool *out_is_trusted)
|
|
{
|
|
#ifdef AVB_VBMETA_PUBLIC_KEY_VALIDATE
|
|
if (out_is_trusted != NULL) {
|
|
avb_atx_validate_vbmeta_public_key(ops,
|
|
public_key_data,
|
|
public_key_length,
|
|
public_key_metadata,
|
|
public_key_metadata_length,
|
|
out_is_trusted);
|
|
}
|
|
#else
|
|
if (out_is_trusted != NULL) {
|
|
*out_is_trusted = true;
|
|
}
|
|
#endif
|
|
return AVB_IO_RESULT_OK;
|
|
}
|
|
|
|
static AvbIOResult read_rollback_index(AvbOps *ops,
|
|
size_t rollback_index_location,
|
|
uint64_t *out_rollback_index)
|
|
{
|
|
if (out_rollback_index != NULL) {
|
|
#ifdef CONFIG_OPTEE_CLIENT
|
|
int ret;
|
|
ret = trusty_read_rollback_index(rollback_index_location,
|
|
out_rollback_index);
|
|
if (ret == TEE_ERROR_ITEM_NOT_FOUND) {
|
|
*out_rollback_index = 0;
|
|
ret = trusty_write_rollback_index(rollback_index_location,
|
|
*out_rollback_index);
|
|
if (ret != 0) {
|
|
printf("%s: init rollback index error\n", __FILE__);
|
|
return AVB_IO_RESULT_ERROR_IO;
|
|
}
|
|
ret = trusty_read_rollback_index(rollback_index_location,
|
|
out_rollback_index);
|
|
if (ret == 0)
|
|
return AVB_IO_RESULT_OK;
|
|
} else if (ret == 0) {
|
|
return AVB_IO_RESULT_OK;
|
|
} else {
|
|
printf("trusty_read_rollback_index ret = %x\n", ret);
|
|
return AVB_IO_RESULT_ERROR_IO;
|
|
}
|
|
#endif
|
|
}
|
|
return AVB_IO_RESULT_ERROR_IO;
|
|
}
|
|
|
|
static AvbIOResult write_rollback_index(AvbOps *ops,
|
|
size_t rollback_index_location,
|
|
uint64_t rollback_index)
|
|
{
|
|
#ifdef CONFIG_OPTEE_CLIENT
|
|
if (trusty_write_rollback_index(rollback_index_location, rollback_index)) {
|
|
printf("%s: Fail to write rollback index\n", __FILE__);
|
|
return AVB_IO_RESULT_ERROR_IO;
|
|
}
|
|
return AVB_IO_RESULT_OK;
|
|
#endif
|
|
return AVB_IO_RESULT_ERROR_IO;
|
|
}
|
|
|
|
static AvbIOResult read_is_device_unlocked(AvbOps *ops, bool *out_is_unlocked)
|
|
{
|
|
if (out_is_unlocked != NULL) {
|
|
#ifdef CONFIG_OPTEE_CLIENT
|
|
int ret;
|
|
|
|
ret = trusty_read_lock_state((uint8_t *)out_is_unlocked);
|
|
if (ret == TEE_ERROR_ITEM_NOT_FOUND) {
|
|
*out_is_unlocked = 1;
|
|
if (trusty_write_lock_state(*out_is_unlocked)) {
|
|
printf("%s: init lock state error\n", __FILE__);
|
|
return AVB_IO_RESULT_ERROR_IO;
|
|
}
|
|
|
|
ret = trusty_read_lock_state((uint8_t *)out_is_unlocked);
|
|
if(ret == 0)
|
|
return 0;
|
|
} else if (ret == 0) {
|
|
return AVB_IO_RESULT_OK;
|
|
} else {
|
|
printf("read_is_device_unlocked ret = %x\n", ret);
|
|
return AVB_IO_RESULT_ERROR_IO;
|
|
}
|
|
#endif
|
|
}
|
|
return AVB_IO_RESULT_ERROR_IO;
|
|
}
|
|
|
|
static AvbIOResult write_is_device_unlocked(AvbOps *ops, bool *out_is_unlocked)
|
|
{
|
|
if (out_is_unlocked != NULL) {
|
|
#ifdef CONFIG_OPTEE_CLIENT
|
|
if (trusty_write_lock_state(*out_is_unlocked)) {
|
|
printf("%s: Fail to write lock state\n", __FILE__);
|
|
return AVB_IO_RESULT_ERROR_IO;
|
|
}
|
|
return AVB_IO_RESULT_OK;
|
|
#endif
|
|
}
|
|
return AVB_IO_RESULT_ERROR_IO;
|
|
}
|
|
|
|
static AvbIOResult get_size_of_partition(AvbOps *ops,
|
|
const char *partition,
|
|
uint64_t *out_size_in_bytes)
|
|
{
|
|
struct blk_desc *dev_desc;
|
|
disk_partition_t part_info;
|
|
|
|
dev_desc = rockchip_get_bootdev();
|
|
if (!dev_desc) {
|
|
printf("%s: Could not find device\n", __func__);
|
|
return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
|
|
}
|
|
|
|
if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) {
|
|
printf("Could not find \"%s\" partition\n", partition);
|
|
return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
|
|
}
|
|
*out_size_in_bytes = (part_info.size) * 512;
|
|
return AVB_IO_RESULT_OK;
|
|
}
|
|
|
|
static AvbIOResult get_unique_guid_for_partition(AvbOps *ops,
|
|
const char *partition,
|
|
char *guid_buf,
|
|
size_t guid_buf_size)
|
|
{
|
|
struct blk_desc *dev_desc;
|
|
disk_partition_t part_info;
|
|
dev_desc = rockchip_get_bootdev();
|
|
if (!dev_desc) {
|
|
printf("%s: Could not find device\n", __func__);
|
|
return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
|
|
}
|
|
|
|
if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) {
|
|
printf("Could not find \"%s\" partition\n", partition);
|
|
return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
|
|
}
|
|
if (guid_buf != NULL && guid_buf_size > 0) {
|
|
memcpy(guid_buf, part_info.uuid, guid_buf_size);
|
|
}
|
|
return AVB_IO_RESULT_OK;
|
|
}
|
|
|
|
/* read permanent attributes from rpmb */
|
|
AvbIOResult avb_read_perm_attr(AvbAtxOps* atx_ops,
|
|
AvbAtxPermanentAttributes* attributes)
|
|
{
|
|
if (attributes != NULL) {
|
|
#ifdef CONFIG_OPTEE_CLIENT
|
|
trusty_read_permanent_attributes((uint8_t *)attributes,
|
|
sizeof(struct AvbAtxPermanentAttributes));
|
|
return AVB_IO_RESULT_OK;
|
|
#endif
|
|
}
|
|
|
|
return -1;
|
|
}
|
|
|
|
/*read permanent attributes hash from efuse */
|
|
AvbIOResult avb_read_perm_attr_hash(AvbAtxOps* atx_ops,
|
|
uint8_t hash[AVB_SHA256_DIGEST_SIZE])
|
|
{
|
|
#ifdef CONFIG_OPTEE_CLIENT
|
|
if (trusty_read_attribute_hash((uint32_t *)hash, AVB_SHA256_DIGEST_SIZE / 4))
|
|
return -1;
|
|
#else
|
|
avb_error("Please open the macro!\n");
|
|
return -1;
|
|
#endif
|
|
return AVB_IO_RESULT_OK;
|
|
}
|
|
|
|
static void avb_set_key_version(AvbAtxOps* atx_ops,
|
|
size_t rollback_index_location,
|
|
uint64_t key_version)
|
|
{
|
|
#ifdef CONFIG_OPTEE_CLIENT
|
|
if (trusty_write_rollback_index(rollback_index_location, key_version)) {
|
|
printf("%s: Fail to write rollback index\n", __FILE__);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
AvbOps* avb_ops_user_new(void) {
|
|
AvbOps* ops;
|
|
|
|
ops = calloc(1, sizeof(AvbOps));
|
|
if (ops == NULL) {
|
|
avb_error("Error allocating memory for AvbOps.\n");
|
|
goto out;
|
|
}
|
|
|
|
ops->ab_ops = calloc(1, sizeof(AvbABOps));
|
|
if (ops->ab_ops == NULL) {
|
|
avb_error("Error allocating memory for AvbABOps.\n");
|
|
free(ops);
|
|
goto out;
|
|
}
|
|
|
|
ops->atx_ops = calloc(1, sizeof(AvbAtxOps));
|
|
if (ops->atx_ops == NULL) {
|
|
avb_error("Error allocating memory for AvbAtxOps.\n");
|
|
free(ops->ab_ops);
|
|
free(ops);
|
|
goto out;
|
|
}
|
|
ops->ab_ops->ops = ops;
|
|
ops->atx_ops->ops = ops;
|
|
|
|
ops->read_from_partition = read_from_partition;
|
|
ops->write_to_partition = write_to_partition;
|
|
ops->validate_vbmeta_public_key = validate_vbmeta_public_key;
|
|
ops->read_rollback_index = read_rollback_index;
|
|
ops->write_rollback_index = write_rollback_index;
|
|
ops->read_is_device_unlocked = read_is_device_unlocked;
|
|
ops->write_is_device_unlocked = write_is_device_unlocked;
|
|
ops->get_unique_guid_for_partition = get_unique_guid_for_partition;
|
|
ops->get_size_of_partition = get_size_of_partition;
|
|
ops->ab_ops->read_ab_metadata = avb_ab_data_read;
|
|
ops->ab_ops->write_ab_metadata = avb_ab_data_write;
|
|
ops->atx_ops->read_permanent_attributes = avb_read_perm_attr;
|
|
ops->atx_ops->read_permanent_attributes_hash = avb_read_perm_attr_hash;
|
|
ops->atx_ops->set_key_version = avb_set_key_version;
|
|
|
|
out:
|
|
return ops;
|
|
}
|
|
|
|
|
|
void avb_ops_user_free(AvbOps* ops) {
|
|
free(ops->ab_ops);
|
|
free(ops->atx_ops);
|
|
free(ops);
|
|
}
|