1 /*
2 * (C) Copyright 2017 Rockchip Electronics Co., Ltd
3 *
4 * SPDX-License-Identifier: GPL-2.0+
5 */
6
7 #include <common.h>
8 #include <image.h>
9 #include <android_image.h>
10 #include <malloc.h>
11 #include <mapmem.h>
12 #include <errno.h>
13 #include <command.h>
14 #include <mmc.h>
15 #include <blk.h>
16 #include <part.h>
17 #include <android_avb/avb_ops_user.h>
18 #include <android_avb/libavb_ab.h>
19 #include <android_avb/avb_atx_validate.h>
20 #include <android_avb/avb_atx_types.h>
21 #include <optee_include/OpteeClientInterface.h>
22 #include <optee_include/tee_api_defines.h>
23 #include <android_avb/avb_vbmeta_image.h>
24 #include <android_avb/avb_atx_validate.h>
25 #include <android_avb/rk_avb_ops_user.h>
26 #include <boot_rkimg.h>
27 #include <u-boot/sha256.h>
28 #include <asm/arch/rk_atags.h>
29
30 /* rk used */
rk_avb_get_pub_key(struct rk_pub_key * pub_key)31 int rk_avb_get_pub_key(struct rk_pub_key *pub_key)
32 {
33 struct tag *t = NULL;
34
35 t = atags_get_tag(ATAG_PUB_KEY);
36 if (!t)
37 return -1;
38
39 memcpy(pub_key, t->u.pub_key.data, sizeof(struct rk_pub_key));
40
41 return 0;
42 }
43
rk_avb_get_perm_attr_cer(uint8_t * cer,uint32_t size)44 int rk_avb_get_perm_attr_cer(uint8_t *cer, uint32_t size)
45 {
46 #ifdef CONFIG_OPTEE_CLIENT
47 if (trusty_read_permanent_attributes_cer((uint8_t *)cer, size)) {
48 printf("AVB: perm attr cer is not exist.\n");
49 return -EIO;
50 }
51
52 return 0;
53 #else
54 return -1;
55 #endif
56 }
57
rk_avb_set_perm_attr_cer(uint8_t * cer,uint32_t size)58 int rk_avb_set_perm_attr_cer(uint8_t *cer, uint32_t size)
59 {
60 #ifdef CONFIG_OPTEE_CLIENT
61 if (trusty_write_permanent_attributes_cer((uint8_t *)cer, size))
62 return -EIO;
63
64 return 0;
65 #else
66 return -1;
67 #endif
68 }
69
rk_avb_read_permanent_attributes(uint8_t * attributes,uint32_t size)70 int rk_avb_read_permanent_attributes(uint8_t *attributes, uint32_t size)
71 {
72 #ifdef CONFIG_OPTEE_CLIENT
73 if(trusty_read_permanent_attributes(attributes, size) != 0) {
74 printf("trusty_read_permanent_attributes failed!\n");
75 return -1;
76 }
77
78 return 0;
79 #else
80 return -1;
81 #endif
82 }
83
rk_avb_write_permanent_attributes(uint8_t * attributes,uint32_t size)84 int rk_avb_write_permanent_attributes(uint8_t *attributes, uint32_t size)
85 {
86 #ifdef CONFIG_OPTEE_CLIENT
87 if(trusty_write_permanent_attributes(attributes, size) != 0) {
88 printf("trusty_write_permanent_attributes failed!\n");
89 return -1;
90 }
91
92 return 0;
93 #else
94 return -1;
95 #endif
96 }
97
rk_avb_read_flash_lock_state(uint8_t * flash_lock_state)98 int rk_avb_read_flash_lock_state(uint8_t *flash_lock_state)
99 {
100 #ifdef CONFIG_OPTEE_CLIENT
101 int ret;
102
103 ret = trusty_read_flash_lock_state(flash_lock_state);
104 switch (ret) {
105 case TEE_SUCCESS:
106 break;
107 case TEE_ERROR_GENERIC:
108 case TEE_ERROR_NO_DATA:
109 case TEE_ERROR_ITEM_NOT_FOUND:
110 *flash_lock_state = 1;
111 if (trusty_write_flash_lock_state(*flash_lock_state)) {
112 printf("trusty_write_flash_lock_state error!");
113 ret = -1;
114 } else {
115 ret = trusty_read_flash_lock_state(flash_lock_state);
116 }
117 break;
118 default:
119 printf("%s: trusty_read_flash_lock_state failed\n", __FILE__);
120 }
121
122 return ret;
123 #else
124 *flash_lock_state = 1;
125
126 return 0;
127 #endif
128 }
129
rk_avb_write_flash_lock_state(uint8_t flash_lock_state)130 int rk_avb_write_flash_lock_state(uint8_t flash_lock_state)
131 {
132 #ifdef CONFIG_OPTEE_CLIENT
133 if (trusty_write_flash_lock_state(flash_lock_state)) {
134 printf("trusty_write_flash_lock_state error!\n");
135 return -1;
136 }
137
138 return 0;
139 #else
140 return -1;
141 #endif
142 }
143
rk_avb_write_lock_state(uint8_t lock_state)144 int rk_avb_write_lock_state(uint8_t lock_state)
145 {
146 #ifdef CONFIG_OPTEE_CLIENT
147 if (trusty_write_lock_state(lock_state)) {
148 printf("trusty_write_lock_state error!\n");
149 return -1;
150 }
151
152 return 0;
153 #else
154 return -1;
155 #endif
156 }
157
rk_avb_read_lock_state(uint8_t * lock_state)158 int rk_avb_read_lock_state(uint8_t *lock_state)
159 {
160 #ifdef CONFIG_OPTEE_CLIENT
161 uint8_t vboot_flag = 0;
162 int ret;
163
164 ret = trusty_read_lock_state(lock_state);
165 switch (ret) {
166 case TEE_SUCCESS:
167 break;
168 case TEE_ERROR_GENERIC:
169 case TEE_ERROR_NO_DATA:
170 case TEE_ERROR_ITEM_NOT_FOUND:
171 if (trusty_read_vbootkey_enable_flag(&vboot_flag)) {
172 printf("Can't read vboot flag\n");
173 return -1;
174 }
175
176 if (vboot_flag)
177 *lock_state = 0;
178 else
179 *lock_state = 1;
180
181 if (rk_avb_write_lock_state(*lock_state)) {
182 printf("avb_write_lock_state error!");
183 ret = -1;
184 } else {
185 ret = trusty_read_lock_state(lock_state);
186 }
187 break;
188 default:
189 printf("%s: trusty_read_lock_state failed\n", __FILE__);
190 }
191
192 return ret;
193 #else
194 return -1;
195 #endif
196 }
197
rk_avb_write_perm_attr_flag(uint8_t flag)198 int rk_avb_write_perm_attr_flag(uint8_t flag)
199 {
200 #ifdef CONFIG_OPTEE_CLIENT
201 if (trusty_write_permanent_attributes_flag(flag)) {
202 printf("trusty_write_permanent_attributes_flag error!\n");
203 return -1;
204 }
205
206 return 0;
207 #else
208 return -1;
209 #endif
210 }
211
rk_avb_read_perm_attr_flag(uint8_t * flag)212 int rk_avb_read_perm_attr_flag(uint8_t *flag)
213 {
214 #ifdef CONFIG_OPTEE_CLIENT
215 int ret;
216
217 ret = trusty_read_permanent_attributes_flag(flag);
218 switch (ret) {
219 case TEE_SUCCESS:
220 break;
221 case TEE_ERROR_GENERIC:
222 case TEE_ERROR_NO_DATA:
223 case TEE_ERROR_ITEM_NOT_FOUND:
224 *flag = 0;
225 if (rk_avb_write_perm_attr_flag(*flag)) {
226 printf("avb_write_perm_attr_flag error!");
227 ret = -1;
228 } else {
229 ret = trusty_read_permanent_attributes_flag(flag);
230 }
231 break;
232 default:
233 printf("%s: trusty_read_permanent_attributes_flag failed",
234 __FILE__);
235 }
236
237 return ret;
238 #else
239 return -1;
240 #endif
241 }
242
rk_avb_read_vbootkey_hash(uint8_t * buf,uint8_t length)243 int rk_avb_read_vbootkey_hash(uint8_t *buf, uint8_t length)
244 {
245 #ifdef CONFIG_OPTEE_CLIENT
246 if (trusty_read_vbootkey_hash((uint32_t *)buf,
247 (uint32_t)length / sizeof(uint32_t))) {
248 printf("trusty_read_vbootkey_hash error!\n");
249 return -1;
250 }
251
252 return 0;
253 #else
254 return -1;
255 #endif
256 }
257
rk_avb_write_vbootkey_hash(uint8_t * buf,uint8_t length)258 int rk_avb_write_vbootkey_hash(uint8_t *buf, uint8_t length)
259 {
260 #ifdef CONFIG_OPTEE_CLIENT
261 if (trusty_write_vbootkey_hash((uint32_t *)buf,
262 (uint32_t)length / sizeof(uint32_t))) {
263 printf("trusty_write_vbootkey_hash error!\n");
264 return -1;
265 }
266
267 return 0;
268 #else
269 return -1;
270 #endif
271 }
272
rk_avb_close_optee_client(void)273 int rk_avb_close_optee_client(void)
274 {
275 #ifdef CONFIG_OPTEE_CLIENT
276 if(trusty_notify_optee_uboot_end()) {
277 printf("trusty_notify_optee_uboot_end error!\n");
278 return -1;
279 }
280
281 return 0;
282 #else
283 return -1;
284 #endif
285 }
286
rk_avb_read_attribute_hash(uint8_t * buf,uint8_t length)287 int rk_avb_read_attribute_hash(uint8_t *buf, uint8_t length)
288 {
289 #ifdef CONFIG_OPTEE_CLIENT
290 if (trusty_read_attribute_hash((uint32_t *)buf,
291 (uint32_t)(length/sizeof(uint32_t)))) {
292 printf("trusty_read_attribute_hash error!\n");
293 return -1;
294 }
295
296 return 0;
297 #else
298 return -1;
299 #endif
300 }
301
rk_avb_write_attribute_hash(uint8_t * buf,uint8_t length)302 int rk_avb_write_attribute_hash(uint8_t *buf, uint8_t length)
303 {
304 #ifdef CONFIG_OPTEE_CLIENT
305 if (trusty_write_attribute_hash((uint32_t *)buf,
306 (uint32_t)(length/sizeof(uint32_t)))) {
307 printf("trusty_write_attribute_hash error!\n");
308 return -1;
309 }
310
311 return 0;
312 #else
313 return -1;
314 #endif
315 }
316
rk_avb_read_all_rollback_index(char * buffer)317 int rk_avb_read_all_rollback_index(char *buffer)
318 {
319 AvbOps* ops;
320 uint64_t stored_rollback_index = 0;
321 AvbIOResult io_ret;
322 char temp[ROLLBACK_MAX_SIZE] = {0};
323
324 ops = avb_ops_user_new();
325 if (ops == NULL) {
326 printf("avb_ops_user_new() failed!\n");
327 return -1;
328 }
329
330 /* Actually the rollback_index_location 0 is used. */
331 io_ret = ops->read_rollback_index(ops, 0, &stored_rollback_index);
332 if (io_ret != AVB_IO_RESULT_OK)
333 goto out;
334 snprintf(temp, sizeof(int) + 1, "%d", 0);
335 strncat(buffer, temp, ROLLBACK_MAX_SIZE);
336 strncat(buffer, ":", 1);
337 snprintf(temp, sizeof(uint64_t) + 1, "%lld",
338 stored_rollback_index);
339 strncat(buffer, temp, ROLLBACK_MAX_SIZE);
340 strncat(buffer, ",", 1);
341
342 io_ret =
343 ops->read_rollback_index(ops,
344 AVB_ATX_PIK_VERSION_LOCATION,
345 &stored_rollback_index);
346 if (io_ret != AVB_IO_RESULT_OK) {
347 printf("Failed to read PIK minimum version.\n");
348 goto out;
349 }
350 /* PIK rollback index */
351 snprintf(temp, sizeof(int) + 1, "%d", AVB_ATX_PIK_VERSION_LOCATION);
352 strncat(buffer, temp, ROLLBACK_MAX_SIZE);
353 strncat(buffer, ":", 1);
354 snprintf(temp, sizeof(uint64_t) + 1, "%lld", stored_rollback_index);
355 strncat(buffer, temp, ROLLBACK_MAX_SIZE);
356 strncat(buffer, ",", 1);
357 io_ret = ops->read_rollback_index(ops,
358 AVB_ATX_PSK_VERSION_LOCATION,
359 &stored_rollback_index);
360 if (io_ret != AVB_IO_RESULT_OK) {
361 printf("Failed to read PSK minimum version.\n");
362 goto out;
363 }
364 /* PSK rollback index */
365 snprintf(temp, sizeof(int) + 1, "%d", AVB_ATX_PSK_VERSION_LOCATION);
366 strncat(buffer, temp, ROLLBACK_MAX_SIZE);
367 strncat(buffer, ":", 1);
368 snprintf(temp, sizeof(uint64_t) + 1, "%lld", stored_rollback_index);
369 strncat(buffer, temp, ROLLBACK_MAX_SIZE);
370 debug("%s\n", buffer);
371 avb_ops_user_free(ops);
372
373 return 0;
374 out:
375 avb_ops_user_free(ops);
376
377 return -1;
378 }
379
rk_avb_read_bootloader_locked_flag(uint8_t * flag)380 int rk_avb_read_bootloader_locked_flag(uint8_t *flag)
381 {
382 #ifdef CONFIG_OPTEE_CLIENT
383 if (trusty_read_vbootkey_enable_flag(flag))
384 return -1;
385 #endif
386 return 0;
387 }
388
389 #ifdef CONFIG_SUPPORT_EMMC_RPMB
390 static int curr_device = -1;
391
rk_bootloader_rollback_index_read(uint32_t offset,uint32_t bytes,void * rb_index)392 int rk_bootloader_rollback_index_read(uint32_t offset, uint32_t bytes,
393 void *rb_index)
394 {
395
396 struct mmc *mmc;
397 uint8_t rpmb_buf[256] = {0};
398 uint32_t n;
399 char original_part;
400
401 if ((offset + bytes) > 256)
402 return -1;
403
404 if (curr_device < 0) {
405 if (get_mmc_num() > 0)
406 curr_device = 0;
407 else {
408 printf("No MMC device available");
409 return -1;
410 }
411 }
412
413 mmc = find_mmc_device(curr_device);
414 /* Switch to the RPMB partition */
415 #ifndef CONFIG_BLK
416 original_part = mmc->block_dev.hwpart;
417 #else
418 original_part = mmc_get_blk_desc(mmc)->hwpart;
419 #endif
420 if (blk_select_hwpart_devnum(IF_TYPE_MMC, curr_device, MMC_PART_RPMB) !=
421 0)
422 return -1;
423
424 n = mmc_rpmb_read(mmc, rpmb_buf, RPMB_BASE_ADDR, 1, NULL);
425 if (n != 1)
426 return -1;
427
428 /* Return to original partition */
429 if (blk_select_hwpart_devnum(IF_TYPE_MMC, curr_device, original_part) !=
430 0)
431 return -1;
432
433 memcpy(rb_index, (void*)&rpmb_buf[offset], bytes);
434
435 return 0;
436 }
437
rk_avb_get_bootloader_min_version(char * buffer)438 int rk_avb_get_bootloader_min_version(char *buffer)
439 {
440 uint32_t rb_index;
441 char temp[ROLLBACK_MAX_SIZE] = {0};
442
443 if (rk_bootloader_rollback_index_read(UBOOT_RB_INDEX_OFFSET,
444 sizeof(uint32_t), &rb_index)) {
445 printf("Can not read uboot rollback index");
446 return -1;
447 }
448 snprintf(temp, sizeof(int) + 1, "%d", 0);
449 strncat(buffer, temp, ROLLBACK_MAX_SIZE);
450 strncat(buffer, ":", 1);
451 snprintf(temp, sizeof(uint32_t) + 1, "%d", rb_index);
452 strncat(buffer, temp, ROLLBACK_MAX_SIZE);
453 strncat(buffer, ",", 1);
454
455 if (rk_bootloader_rollback_index_read(TRUST_RB_INDEX_OFFSET,
456 sizeof(uint32_t), &rb_index)) {
457 printf("Can not read trust rollback index");
458 return -1;
459 }
460
461 snprintf(temp, sizeof(int) + 1, "%d", 1);
462 strncat(buffer, temp, ROLLBACK_MAX_SIZE);
463 strncat(buffer, ":", 1);
464 snprintf(temp, sizeof(uint32_t) + 1, "%d", rb_index);
465 strncat(buffer, temp, ROLLBACK_MAX_SIZE);
466
467 return 0;
468 }
469 #endif
470
rk_avb_get_at_vboot_state(char * buf)471 void rk_avb_get_at_vboot_state(char *buf)
472 {
473 char temp_flag = 0;
474 char *lock_val = NULL;
475 char *unlock_dis_val = NULL;
476 char *perm_attr_flag = NULL;
477 char *bootloader_locked_flag = NULL;
478 char *rollback_indices;
479 char min_versions[ROLLBACK_MAX_SIZE + 1] = {0};
480 int n;
481
482 if (rk_avb_read_perm_attr_flag((uint8_t *)&temp_flag)) {
483 printf("Can not read perm_attr_flag!");
484 perm_attr_flag = "";
485 } else {
486 perm_attr_flag = temp_flag ? "1" : "0";
487 }
488
489 temp_flag = 0;
490 if (rk_avb_read_lock_state((uint8_t *)&temp_flag)) {
491 printf("Can not read lock state!");
492 lock_val = "";
493 unlock_dis_val = "";
494 } else {
495 lock_val = (temp_flag & LOCK_MASK) ? "0" : "1";
496 unlock_dis_val = (temp_flag & UNLOCK_DISABLE_MASK) ? "1" : "0";
497 }
498
499 temp_flag = 0;
500 if (rk_avb_read_bootloader_locked_flag((uint8_t *)&temp_flag)) {
501 printf("Can not read bootloader locked flag!");
502 bootloader_locked_flag = "";
503 } else {
504 bootloader_locked_flag = temp_flag ? "1" : "0";
505 }
506
507 rollback_indices = malloc(VBOOT_STATE_SIZE);
508 if (!rollback_indices) {
509 printf("No buff to malloc!");
510 return;
511 }
512
513 memset(rollback_indices, 0, VBOOT_STATE_SIZE);
514 if (rk_avb_read_all_rollback_index(rollback_indices))
515 printf("Can not read avb_min_ver!");
516 #ifdef CONFIG_SUPPORT_EMMC_RPMB
517 /* bootloader-min-versions */
518 if (rk_avb_get_bootloader_min_version(min_versions))
519 printf("Call rk_avb_get_bootloader_min_version error!");
520 #endif
521 n = snprintf(buf, VBOOT_STATE_SIZE - 1,
522 "avb-perm-attr-set=%s\n"
523 "avb-locked=%s\n"
524 "avb-unlock-disabled=%s\n"
525 "bootloader-locked=%s\n"
526 "avb-min-versions=%s\n"
527 "bootloader-min-versions=%s\n",
528 perm_attr_flag,
529 lock_val,
530 unlock_dis_val,
531 bootloader_locked_flag,
532 rollback_indices,
533 min_versions);
534 if (n >= VBOOT_STATE_SIZE) {
535 printf("The VBOOT_STATE buf is truncated\n");
536 buf[VBOOT_STATE_SIZE - 1] = 0;
537 }
538 debug("The vboot state buf is %s\n", buf);
539 free(rollback_indices);
540 }
541
rk_avb_get_ab_info(AvbABData * ab_data)542 int rk_avb_get_ab_info(AvbABData* ab_data)
543 {
544 AvbOps* ops;
545 AvbIOResult io_ret = AVB_IO_RESULT_OK;
546 int ret = 0;
547
548 ops = avb_ops_user_new();
549 if (ops == NULL) {
550 printf("%s: avb_ops_user_new() failed!\n", __FILE__);
551 return -1;
552 }
553
554 io_ret = ops->ab_ops->read_ab_metadata(ops->ab_ops, ab_data);
555 if (io_ret != AVB_IO_RESULT_OK) {
556 printf("I/O error while loading A/B metadata.\n");
557 ret = -1;
558 }
559
560 avb_ops_user_free(ops);
561
562 return ret;
563 }
564
rk_avb_get_part_has_slot_info(const char * base_name)565 int rk_avb_get_part_has_slot_info(const char *base_name)
566 {
567 char *part_name;
568 int part_num;
569 size_t part_name_len;
570 disk_partition_t part_info;
571 struct blk_desc *dev_desc;
572 const char *slot_suffix = "_a";
573
574 dev_desc = rockchip_get_bootdev();
575 if (!dev_desc) {
576 printf("%s: Could not find device!\n", __func__);
577 return -1;
578 }
579
580 if (base_name == NULL) {
581 printf("The base_name is NULL!\n");
582 return -1;
583 }
584
585 part_name_len = strlen(base_name) + 1;
586 part_name_len += strlen(slot_suffix);
587 part_name = malloc(part_name_len);
588 if (!part_name) {
589 printf("%s can not malloc a buffer!\n", __FILE__);
590 return -1;
591 }
592
593 memset(part_name, 0, part_name_len);
594 snprintf(part_name, part_name_len, "%s%s", base_name, slot_suffix);
595 part_num = part_get_info_by_name(dev_desc, part_name, &part_info);
596 if (part_num < 0) {
597 printf("Could not find partition \"%s\"\n", part_name);
598 part_num = -1;
599 }
600
601 free(part_name);
602 return part_num;
603 }
604
rk_auth_unlock(void * buffer,char * out_is_trusted)605 int rk_auth_unlock(void *buffer, char *out_is_trusted)
606 {
607 AvbOps* ops;
608
609 ops = avb_ops_user_new();
610 if (ops == NULL) {
611 printf("avb_ops_user_new() failed!");
612 return -1;
613 }
614
615 if (avb_atx_validate_unlock_credential(ops->atx_ops,
616 (AvbAtxUnlockCredential*)buffer,
617 (bool*)out_is_trusted)) {
618 avb_ops_user_free(ops);
619 return -1;
620 }
621 avb_ops_user_free(ops);
622 if (*out_is_trusted == true)
623 return 0;
624 else
625 return -1;
626 }
627
rk_generate_unlock_challenge(void * buffer,uint32_t * challenge_len)628 int rk_generate_unlock_challenge(void *buffer, uint32_t *challenge_len)
629 {
630 AvbOps* ops;
631 AvbIOResult result = AVB_IO_RESULT_OK;
632
633 ops = avb_ops_user_new();
634 if (ops == NULL) {
635 printf("avb_ops_user_new() failed!");
636 return -1;
637 }
638
639 result = avb_atx_generate_unlock_challenge(ops->atx_ops,
640 (AvbAtxUnlockChallenge *)buffer);
641 avb_ops_user_free(ops);
642 *challenge_len = sizeof(AvbAtxUnlockChallenge);
643 if (result == AVB_IO_RESULT_OK)
644 return 0;
645 else
646 return -1;
647 }
648
rk_avb_init_ab_metadata(void)649 int rk_avb_init_ab_metadata(void)
650 {
651 AvbOps *ops;
652 AvbABData ab_data;
653
654 memset(&ab_data, 0, sizeof(AvbABData));
655 debug("sizeof(AvbABData) = %d\n", (int)(size_t)sizeof(AvbABData));
656
657 ops = avb_ops_user_new();
658 if (ops == NULL) {
659 printf("avb_ops_user_new() failed!\n");
660 return -1;
661 }
662
663 avb_ab_data_init(&ab_data);
664 if (ops->ab_ops->write_ab_metadata(ops->ab_ops, &ab_data) != 0) {
665 printf("do_avb_init_ab_metadata error!\n");
666 avb_ops_user_free(ops);
667 return -1;
668 }
669
670 printf("Initialize ab data to misc partition success.\n");
671 avb_ops_user_free(ops);
672
673 return 0;
674 }
675
676 #define AT_PERM_ATTR_FUSE 1
677 #define AT_PERM_ATTR_CER_FUSE 2
678 #define AT_LOCK_VBOOT 3
679
rk_avb_write_perm_attr(u16 id,void * pbuf,u16 size)680 int rk_avb_write_perm_attr(u16 id, void *pbuf, u16 size)
681 {
682 uint8_t lock_state;
683 #ifndef CONFIG_ROCKCHIP_PRELOADER_PUB_KEY
684 sha256_context ctx;
685 uint8_t digest[SHA256_SUM_LEN] = {0};
686 uint8_t digest_temp[SHA256_SUM_LEN] = {0};
687 uint8_t perm_attr_temp[PERM_ATTR_TOTAL_SIZE] = {0};
688 uint8_t flag = 0;
689 #endif
690
691 switch (id) {
692 case AT_PERM_ATTR_FUSE:
693 if (size != PERM_ATTR_TOTAL_SIZE) {
694 debug("%s Permanent attribute size is not equal!\n", __func__);
695 return -EINVAL;
696 }
697
698 #ifndef CONFIG_ROCKCHIP_PRELOADER_PUB_KEY
699 if (rk_avb_read_perm_attr_flag(&flag)) {
700 debug("%s rk_avb_read_perm_attr_flag error!\n", __func__);
701 return -EIO;
702 }
703
704 if (flag == PERM_ATTR_SUCCESS_FLAG) {
705 if (rk_avb_read_attribute_hash(digest_temp,
706 SHA256_SUM_LEN)) {
707 debug("%s The efuse IO can not be used!\n", __func__);
708 return -EIO;
709 }
710
711 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) {
712 if (rk_avb_read_permanent_attributes(perm_attr_temp,
713 PERM_ATTR_TOTAL_SIZE)) {
714 debug("%s rk_avb_write_permanent_attributes error!\n", __func__);
715 return -EIO;
716 }
717
718 sha256_starts(&ctx);
719 sha256_update(&ctx,
720 (const uint8_t *)perm_attr_temp,
721 PERM_ATTR_TOTAL_SIZE);
722 sha256_finish(&ctx, digest);
723 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) == 0) {
724 debug("%s The hash has been written!\n", __func__);
725 return 0;
726 }
727 }
728
729 if (rk_avb_write_perm_attr_flag(0)) {
730 debug("%s Perm attr flag write failure\n", __func__);
731 return -EIO;
732 }
733 }
734 #endif
735 if (rk_avb_write_permanent_attributes((uint8_t *)
736 pbuf,
737 size)) {
738 if (rk_avb_write_perm_attr_flag(0)) {
739 debug("%s Perm attr flag write failure\n", __func__);
740 return -EIO;
741 }
742
743 debug("%s Perm attr write failed\n", __func__);
744 return -EIO;
745 }
746 #ifndef CONFIG_ROCKCHIP_PRELOADER_PUB_KEY
747 memset(digest, 0, SHA256_SUM_LEN);
748 sha256_starts(&ctx);
749 sha256_update(&ctx, (const uint8_t *)pbuf,
750 PERM_ATTR_TOTAL_SIZE);
751 sha256_finish(&ctx, digest);
752
753 if (rk_avb_write_attribute_hash((uint8_t *)digest,
754 SHA256_SUM_LEN)) {
755 if (rk_avb_read_attribute_hash(digest_temp,
756 SHA256_SUM_LEN)) {
757 debug("%s The efuse IO can not be used!\n", __func__);
758 return -EIO;
759 }
760
761 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) {
762 if (rk_avb_write_perm_attr_flag(0)) {
763 debug("%s Perm attr flag write failure\n", __func__);
764 return -EIO;
765 }
766 debug("%s The hash has been written, but is different!\n", __func__);
767 return -EIO;
768 }
769 }
770 #endif
771 if (rk_avb_write_perm_attr_flag(PERM_ATTR_SUCCESS_FLAG)) {
772 debug("%s, Perm attr flag write failure\n", __func__);
773 return -EIO;
774 }
775
776 break;
777 case AT_PERM_ATTR_CER_FUSE:
778 if (size != 256) {
779 debug("%s Permanent attribute rsahash size is not equal!\n",
780 __func__);
781 return -EINVAL;
782 }
783 if (rk_avb_set_perm_attr_cer((uint8_t *)pbuf, size)) {
784 debug("%s FAILSet perm attr cer fail!\n", __func__);
785 return -EIO;
786 }
787 break;
788 case AT_LOCK_VBOOT:
789 lock_state = 0;
790 if (rk_avb_write_lock_state(lock_state)) {
791 debug("%s FAILwrite lock state failed\n", __func__);
792 return -EIO;
793 } else {
794 debug("%s OKAY\n", __func__);
795 }
796 break;
797 }
798 return 0;
799 }
800
rk_avb_read_perm_attr(u16 id,void * pbuf,u16 size)801 int rk_avb_read_perm_attr(u16 id, void *pbuf, u16 size)
802 {
803 int ret = 0;
804 debug("%s %d\n", __func__, size);
805
806 switch (id) {
807 case AT_PERM_ATTR_FUSE:
808 size = PERM_ATTR_TOTAL_SIZE;
809 ret = rk_avb_read_permanent_attributes((uint8_t *)pbuf, PERM_ATTR_TOTAL_SIZE);
810 break;
811 case AT_PERM_ATTR_CER_FUSE:
812 size = PERM_ATTR_TOTAL_SIZE;
813 ret = rk_avb_get_perm_attr_cer((uint8_t *)pbuf, 256);
814 break;
815 case AT_LOCK_VBOOT:
816 break;
817 }
818
819 return ret;
820 }
821
rk_avb_update_stored_rollback_indexes_for_slot(AvbOps * ops,AvbSlotVerifyData * slot_data)822 int rk_avb_update_stored_rollback_indexes_for_slot(AvbOps* ops, AvbSlotVerifyData* slot_data)
823 {
824 uint64_t rollback_index = slot_data->rollback_indexes[0];
825 uint64_t current_stored_rollback_index;
826 AvbIOResult io_ret;
827
828 if (rollback_index > 0) {
829 io_ret = ops->read_rollback_index(ops, 0, ¤t_stored_rollback_index);
830 if (io_ret != AVB_IO_RESULT_OK)
831 return -1;
832
833 if (rollback_index > current_stored_rollback_index) {
834 io_ret = ops->write_rollback_index(ops, 0, rollback_index);
835 if (io_ret != AVB_IO_RESULT_OK)
836 return -1;
837 }
838 }
839
840 return 0;
841 }
842