1*4882a593Smuzhiyun /* 2*4882a593Smuzhiyun * Copyright (C) 2016 The Android Open Source Project 3*4882a593Smuzhiyun * 4*4882a593Smuzhiyun * Permission is hereby granted, free of charge, to any person 5*4882a593Smuzhiyun * obtaining a copy of this software and associated documentation 6*4882a593Smuzhiyun * files (the "Software"), to deal in the Software without 7*4882a593Smuzhiyun * restriction, including without limitation the rights to use, copy, 8*4882a593Smuzhiyun * modify, merge, publish, distribute, sublicense, and/or sell copies 9*4882a593Smuzhiyun * of the Software, and to permit persons to whom the Software is 10*4882a593Smuzhiyun * furnished to do so, subject to the following conditions: 11*4882a593Smuzhiyun * 12*4882a593Smuzhiyun * The above copyright notice and this permission notice shall be 13*4882a593Smuzhiyun * included in all copies or substantial portions of the Software. 14*4882a593Smuzhiyun * 15*4882a593Smuzhiyun * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16*4882a593Smuzhiyun * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17*4882a593Smuzhiyun * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18*4882a593Smuzhiyun * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19*4882a593Smuzhiyun * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20*4882a593Smuzhiyun * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21*4882a593Smuzhiyun * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22*4882a593Smuzhiyun * SOFTWARE. 23*4882a593Smuzhiyun */ 24*4882a593Smuzhiyun 25*4882a593Smuzhiyun /* 26*4882a593Smuzhiyun #if !defined(AVB_INSIDE_LIBAVB_H) && !defined(AVB_COMPILATION) 27*4882a593Smuzhiyun #error "Never include this file directly, include libavb.h instead." 28*4882a593Smuzhiyun #endif 29*4882a593Smuzhiyun */ 30*4882a593Smuzhiyun 31*4882a593Smuzhiyun #ifndef AVB_OPS_H_ 32*4882a593Smuzhiyun #define AVB_OPS_H_ 33*4882a593Smuzhiyun 34*4882a593Smuzhiyun #include <android_avb/avb_sysdeps.h> 35*4882a593Smuzhiyun 36*4882a593Smuzhiyun #ifdef __cplusplus 37*4882a593Smuzhiyun extern "C" { 38*4882a593Smuzhiyun #endif 39*4882a593Smuzhiyun 40*4882a593Smuzhiyun /* Well-known names of named persistent values. */ 41*4882a593Smuzhiyun #define AVB_NPV_PERSISTENT_DIGEST_PREFIX "avb.persistent_digest." 42*4882a593Smuzhiyun #define AVB_NPV_MANAGED_VERITY_MODE "avb.managed_verity_mode" 43*4882a593Smuzhiyun 44*4882a593Smuzhiyun /* Return codes used for I/O operations. 45*4882a593Smuzhiyun * 46*4882a593Smuzhiyun * AVB_IO_RESULT_OK is returned if the requested operation was 47*4882a593Smuzhiyun * successful. 48*4882a593Smuzhiyun * 49*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_IO is returned if the underlying hardware (disk 50*4882a593Smuzhiyun * or other subsystem) encountered an I/O error. 51*4882a593Smuzhiyun * 52*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_OOM is returned if unable to allocate memory. 53*4882a593Smuzhiyun * 54*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION is returned if the requested 55*4882a593Smuzhiyun * partition does not exist. 56*4882a593Smuzhiyun * 57*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION is returned if the 58*4882a593Smuzhiyun * range of bytes requested to be read or written is outside the range 59*4882a593Smuzhiyun * of the partition. 60*4882a593Smuzhiyun * 61*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_NO_SUCH_VALUE is returned if a named persistent value 62*4882a593Smuzhiyun * does not exist. 63*4882a593Smuzhiyun * 64*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_INVALID_VALUE_SIZE is returned if a named persistent 65*4882a593Smuzhiyun * value size is not supported or does not match the expected size. 66*4882a593Smuzhiyun * 67*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_INSUFFICIENT_SPACE is returned if a buffer is too small 68*4882a593Smuzhiyun * for the requested operation. 69*4882a593Smuzhiyun */ 70*4882a593Smuzhiyun typedef enum { 71*4882a593Smuzhiyun AVB_IO_RESULT_OK, 72*4882a593Smuzhiyun AVB_IO_RESULT_ERROR_OOM, 73*4882a593Smuzhiyun AVB_IO_RESULT_ERROR_IO, 74*4882a593Smuzhiyun AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION, 75*4882a593Smuzhiyun AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION, 76*4882a593Smuzhiyun AVB_IO_RESULT_ERROR_NO_SUCH_VALUE, 77*4882a593Smuzhiyun AVB_IO_RESULT_ERROR_INVALID_VALUE_SIZE, 78*4882a593Smuzhiyun AVB_IO_RESULT_ERROR_INSUFFICIENT_SPACE, 79*4882a593Smuzhiyun } AvbIOResult; 80*4882a593Smuzhiyun 81*4882a593Smuzhiyun struct AvbOps; 82*4882a593Smuzhiyun typedef struct AvbOps AvbOps; 83*4882a593Smuzhiyun 84*4882a593Smuzhiyun /* Forward-declaration of operations in libavb_ab. */ 85*4882a593Smuzhiyun struct AvbABOps; 86*4882a593Smuzhiyun 87*4882a593Smuzhiyun /* Forward-declaration of operations in libavb_atx. */ 88*4882a593Smuzhiyun struct AvbAtxOps; 89*4882a593Smuzhiyun 90*4882a593Smuzhiyun /* High-level operations/functions/methods that are platform 91*4882a593Smuzhiyun * dependent. 92*4882a593Smuzhiyun * 93*4882a593Smuzhiyun * Operations may be added in the future so when implementing it 94*4882a593Smuzhiyun * always make sure to zero out sizeof(AvbOps) bytes of the struct to 95*4882a593Smuzhiyun * ensure that unimplemented operations are set to NULL. 96*4882a593Smuzhiyun */ 97*4882a593Smuzhiyun struct AvbOps { 98*4882a593Smuzhiyun /* This pointer can be used by the application/bootloader using 99*4882a593Smuzhiyun * libavb and is typically used in each operation to get a pointer 100*4882a593Smuzhiyun * to platform-specific resources. It cannot be used by libraries. 101*4882a593Smuzhiyun */ 102*4882a593Smuzhiyun void* user_data; 103*4882a593Smuzhiyun 104*4882a593Smuzhiyun /* If libavb_ab is used, this should point to the 105*4882a593Smuzhiyun * AvbABOps. Otherwise it must be set to NULL. 106*4882a593Smuzhiyun */ 107*4882a593Smuzhiyun struct AvbABOps* ab_ops; 108*4882a593Smuzhiyun 109*4882a593Smuzhiyun /* If libavb_atx is used, this should point to the 110*4882a593Smuzhiyun * AvbAtxOps. Otherwise it must be set to NULL. 111*4882a593Smuzhiyun */ 112*4882a593Smuzhiyun struct AvbAtxOps* atx_ops; 113*4882a593Smuzhiyun 114*4882a593Smuzhiyun /* Reads |num_bytes| from offset |offset| from partition with name 115*4882a593Smuzhiyun * |partition| (NUL-terminated UTF-8 string). If |offset| is 116*4882a593Smuzhiyun * negative, its absolute value should be interpreted as the number 117*4882a593Smuzhiyun * of bytes from the end of the partition. 118*4882a593Smuzhiyun * 119*4882a593Smuzhiyun * This function returns AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION if 120*4882a593Smuzhiyun * there is no partition with the given name, 121*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION if the requested 122*4882a593Smuzhiyun * |offset| is outside the partition, and AVB_IO_RESULT_ERROR_IO if 123*4882a593Smuzhiyun * there was an I/O error from the underlying I/O subsystem. If the 124*4882a593Smuzhiyun * operation succeeds as requested AVB_IO_RESULT_OK is returned and 125*4882a593Smuzhiyun * the data is available in |buffer|. 126*4882a593Smuzhiyun * 127*4882a593Smuzhiyun * The only time partial I/O may occur is if reading beyond the end 128*4882a593Smuzhiyun * of the partition. In this case the value returned in 129*4882a593Smuzhiyun * |out_num_read| may be smaller than |num_bytes|. 130*4882a593Smuzhiyun */ 131*4882a593Smuzhiyun AvbIOResult (*read_from_partition)(AvbOps* ops, 132*4882a593Smuzhiyun const char* partition, 133*4882a593Smuzhiyun int64_t offset, 134*4882a593Smuzhiyun size_t num_bytes, 135*4882a593Smuzhiyun void* buffer, 136*4882a593Smuzhiyun size_t* out_num_read); 137*4882a593Smuzhiyun 138*4882a593Smuzhiyun /* Gets the starting pointer of a partition that is pre-loaded in memory, and 139*4882a593Smuzhiyun * save it to |out_pointer|. The preloaded partition is expected to be 140*4882a593Smuzhiyun * |num_bytes|, where the actual preloaded byte count is returned in 141*4882a593Smuzhiyun * |out_num_bytes_preloaded|. |out_num_bytes_preloaded| must be no larger than 142*4882a593Smuzhiyun * |num_bytes|. 143*4882a593Smuzhiyun * 144*4882a593Smuzhiyun * This provides an alternative way to access a partition that is preloaded 145*4882a593Smuzhiyun * into memory without a full memory copy. When this function pointer is not 146*4882a593Smuzhiyun * set (has value NULL), or when the |out_pointer| is set to NULL as a result, 147*4882a593Smuzhiyun * |read_from_partition| will be used as the fallback. This function is mainly 148*4882a593Smuzhiyun * used for accessing the entire partition content to calculate its hash. 149*4882a593Smuzhiyun * 150*4882a593Smuzhiyun * Preloaded partition data must outlive the lifespan of the 151*4882a593Smuzhiyun * |AvbSlotVerifyData| structure that |avb_slot_verify| outputs. 152*4882a593Smuzhiyun */ 153*4882a593Smuzhiyun AvbIOResult (*get_preloaded_partition)(AvbOps* ops, 154*4882a593Smuzhiyun const char* partition, 155*4882a593Smuzhiyun size_t num_bytes, 156*4882a593Smuzhiyun uint8_t** out_pointer, 157*4882a593Smuzhiyun size_t* out_num_bytes_preloaded, 158*4882a593Smuzhiyun int allow_verification_error); 159*4882a593Smuzhiyun 160*4882a593Smuzhiyun /* Writes |num_bytes| from |bffer| at offset |offset| to partition 161*4882a593Smuzhiyun * with name |partition| (NUL-terminated UTF-8 string). If |offset| 162*4882a593Smuzhiyun * is negative, its absolute value should be interpreted as the 163*4882a593Smuzhiyun * number of bytes from the end of the partition. 164*4882a593Smuzhiyun * 165*4882a593Smuzhiyun * This function returns AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION if 166*4882a593Smuzhiyun * there is no partition with the given name, 167*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION if the requested 168*4882a593Smuzhiyun * byterange goes outside the partition, and AVB_IO_RESULT_ERROR_IO 169*4882a593Smuzhiyun * if there was an I/O error from the underlying I/O subsystem. If 170*4882a593Smuzhiyun * the operation succeeds as requested AVB_IO_RESULT_OK is 171*4882a593Smuzhiyun * returned. 172*4882a593Smuzhiyun * 173*4882a593Smuzhiyun * This function never does any partial I/O, it either transfers all 174*4882a593Smuzhiyun * of the requested bytes or returns an error. 175*4882a593Smuzhiyun */ 176*4882a593Smuzhiyun AvbIOResult (*write_to_partition)(AvbOps* ops, 177*4882a593Smuzhiyun const char* partition, 178*4882a593Smuzhiyun int64_t offset, 179*4882a593Smuzhiyun size_t num_bytes, 180*4882a593Smuzhiyun const void* buffer); 181*4882a593Smuzhiyun 182*4882a593Smuzhiyun /* Checks if the given public key used to sign the 'vbmeta' 183*4882a593Smuzhiyun * partition is trusted. Boot loaders typically compare this with 184*4882a593Smuzhiyun * embedded key material generated with 'avbtool 185*4882a593Smuzhiyun * extract_public_key'. 186*4882a593Smuzhiyun * 187*4882a593Smuzhiyun * The public key is in the array pointed to by |public_key_data| 188*4882a593Smuzhiyun * and is of |public_key_length| bytes. 189*4882a593Smuzhiyun * 190*4882a593Smuzhiyun * If there is no public key metadata (set with the avbtool option 191*4882a593Smuzhiyun * --public_key_metadata) then |public_key_metadata| will be set to 192*4882a593Smuzhiyun * NULL. Otherwise this field points to the data which is 193*4882a593Smuzhiyun * |public_key_metadata_length| bytes long. 194*4882a593Smuzhiyun * 195*4882a593Smuzhiyun * If AVB_IO_RESULT_OK is returned then |out_is_trusted| is set - 196*4882a593Smuzhiyun * true if trusted or false if untrusted. 197*4882a593Smuzhiyun * 198*4882a593Smuzhiyun * NOTE: If AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION is passed to 199*4882a593Smuzhiyun * avb_slot_verify() then this operation is never used. Instead, the 200*4882a593Smuzhiyun * validate_public_key_for_partition() operation is used 201*4882a593Smuzhiyun */ 202*4882a593Smuzhiyun AvbIOResult (*validate_vbmeta_public_key)(AvbOps* ops, 203*4882a593Smuzhiyun const uint8_t* public_key_data, 204*4882a593Smuzhiyun size_t public_key_length, 205*4882a593Smuzhiyun const uint8_t* public_key_metadata, 206*4882a593Smuzhiyun size_t public_key_metadata_length, 207*4882a593Smuzhiyun bool* out_is_trusted); 208*4882a593Smuzhiyun 209*4882a593Smuzhiyun /* Gets the rollback index corresponding to the location given by 210*4882a593Smuzhiyun * |rollback_index_location|. The value is returned in 211*4882a593Smuzhiyun * |out_rollback_index|. Returns AVB_IO_RESULT_OK if the rollback 212*4882a593Smuzhiyun * index was retrieved, otherwise an error code. 213*4882a593Smuzhiyun * 214*4882a593Smuzhiyun * A device may have a limited amount of rollback index locations (say, 215*4882a593Smuzhiyun * one or four) so may error out if |rollback_index_location| exceeds 216*4882a593Smuzhiyun * this number. 217*4882a593Smuzhiyun */ 218*4882a593Smuzhiyun AvbIOResult (*read_rollback_index)(AvbOps* ops, 219*4882a593Smuzhiyun size_t rollback_index_location, 220*4882a593Smuzhiyun uint64_t* out_rollback_index); 221*4882a593Smuzhiyun 222*4882a593Smuzhiyun /* Sets the rollback index corresponding to the location given by 223*4882a593Smuzhiyun * |rollback_index_location| to |rollback_index|. Returns 224*4882a593Smuzhiyun * AVB_IO_RESULT_OK if the rollback index was set, otherwise an 225*4882a593Smuzhiyun * error code. 226*4882a593Smuzhiyun * 227*4882a593Smuzhiyun * A device may have a limited amount of rollback index locations (say, 228*4882a593Smuzhiyun * one or four) so may error out if |rollback_index_location| exceeds 229*4882a593Smuzhiyun * this number. 230*4882a593Smuzhiyun */ 231*4882a593Smuzhiyun AvbIOResult (*write_rollback_index)(AvbOps* ops, 232*4882a593Smuzhiyun size_t rollback_index_location, 233*4882a593Smuzhiyun uint64_t rollback_index); 234*4882a593Smuzhiyun 235*4882a593Smuzhiyun /* Gets whether the device is unlocked. The value is returned in 236*4882a593Smuzhiyun * |out_is_unlocked| (true if unlocked, false otherwise). Returns 237*4882a593Smuzhiyun * AVB_IO_RESULT_OK if the state was retrieved, otherwise an error 238*4882a593Smuzhiyun * code. 239*4882a593Smuzhiyun */ 240*4882a593Smuzhiyun AvbIOResult (*read_is_device_unlocked)(AvbOps* ops, bool* out_is_unlocked); 241*4882a593Smuzhiyun 242*4882a593Smuzhiyun /* write the device lock flag. Returns 243*4882a593Smuzhiyun * AVB_IO_RESULT_OK if the state was retrieved, otherwise an error 244*4882a593Smuzhiyun * code. 245*4882a593Smuzhiyun */ 246*4882a593Smuzhiyun AvbIOResult (*write_is_device_unlocked)(AvbOps* ops, bool* out_is_unlocked); 247*4882a593Smuzhiyun 248*4882a593Smuzhiyun /* Gets the unique partition GUID for a partition with name in 249*4882a593Smuzhiyun * |partition| (NUL-terminated UTF-8 string). The GUID is copied as 250*4882a593Smuzhiyun * a string into |guid_buf| of size |guid_buf_size| and will be NUL 251*4882a593Smuzhiyun * terminated. The string must be lower-case and properly 252*4882a593Smuzhiyun * hyphenated. For example: 253*4882a593Smuzhiyun * 254*4882a593Smuzhiyun * 527c1c6d-6361-4593-8842-3c78fcd39219 255*4882a593Smuzhiyun * 256*4882a593Smuzhiyun * Returns AVB_IO_RESULT_OK on success, otherwise an error code. 257*4882a593Smuzhiyun */ 258*4882a593Smuzhiyun AvbIOResult (*get_unique_guid_for_partition)(AvbOps* ops, 259*4882a593Smuzhiyun const char* partition, 260*4882a593Smuzhiyun char* guid_buf, 261*4882a593Smuzhiyun size_t guid_buf_size); 262*4882a593Smuzhiyun 263*4882a593Smuzhiyun /* Gets the size of a partition with the name in |partition| 264*4882a593Smuzhiyun * (NUL-terminated UTF-8 string). Returns the value in 265*4882a593Smuzhiyun * |out_size_num_bytes|. 266*4882a593Smuzhiyun * 267*4882a593Smuzhiyun * If the partition doesn't exist the AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION 268*4882a593Smuzhiyun * error code should be returned. 269*4882a593Smuzhiyun * 270*4882a593Smuzhiyun * Returns AVB_IO_RESULT_OK on success, otherwise an error code. 271*4882a593Smuzhiyun */ 272*4882a593Smuzhiyun AvbIOResult (*get_size_of_partition)(AvbOps* ops, 273*4882a593Smuzhiyun const char* partition, 274*4882a593Smuzhiyun uint64_t* out_size_num_bytes); 275*4882a593Smuzhiyun 276*4882a593Smuzhiyun /* Reads a persistent value corresponding to the given |name|. The value is 277*4882a593Smuzhiyun * returned in |out_buffer| which must point to |buffer_size| bytes. On 278*4882a593Smuzhiyun * success |out_num_bytes_read| contains the number of bytes read into 279*4882a593Smuzhiyun * |out_buffer|. If AVB_IO_RESULT_ERROR_INSUFFICIENT_SPACE is returned, 280*4882a593Smuzhiyun * |out_num_bytes_read| contains the number of bytes that would have been read 281*4882a593Smuzhiyun * which can be used to allocate a buffer. 282*4882a593Smuzhiyun * 283*4882a593Smuzhiyun * The |buffer_size| may be zero and the |out_buffer| may be NULL, but if 284*4882a593Smuzhiyun * |out_buffer| is NULL then |buffer_size| *must* be zero. 285*4882a593Smuzhiyun * 286*4882a593Smuzhiyun * Returns AVB_IO_RESULT_OK on success, otherwise an error code. 287*4882a593Smuzhiyun * 288*4882a593Smuzhiyun * If the value does not exist, is not supported, or is not populated, returns 289*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_NO_SUCH_VALUE. If |buffer_size| is smaller than the 290*4882a593Smuzhiyun * size of the stored value, returns AVB_IO_RESULT_ERROR_INSUFFICIENT_SPACE. 291*4882a593Smuzhiyun * 292*4882a593Smuzhiyun * This operation is currently only used to support persistent digests or the 293*4882a593Smuzhiyun * AVB_HASHTREE_ERROR_MODE_MANAGED_RESTART_AND_EIO hashtree error mode. If a 294*4882a593Smuzhiyun * device does not use one of these features this function pointer can be set 295*4882a593Smuzhiyun * to NULL. 296*4882a593Smuzhiyun */ 297*4882a593Smuzhiyun AvbIOResult (*read_persistent_value)(AvbOps* ops, 298*4882a593Smuzhiyun const char* name, 299*4882a593Smuzhiyun size_t buffer_size, 300*4882a593Smuzhiyun uint8_t* out_buffer, 301*4882a593Smuzhiyun size_t* out_num_bytes_read); 302*4882a593Smuzhiyun 303*4882a593Smuzhiyun /* Writes a persistent value corresponding to the given |name|. The value is 304*4882a593Smuzhiyun * supplied in |value| which must point to |value_size| bytes. Any existing 305*4882a593Smuzhiyun * value with the same name is overwritten. If |value_size| is zero, future 306*4882a593Smuzhiyun * calls to |read_persistent_value| will return 307*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_NO_SUCH_VALUE. 308*4882a593Smuzhiyun * 309*4882a593Smuzhiyun * Returns AVB_IO_RESULT_OK on success, otherwise an error code. 310*4882a593Smuzhiyun * 311*4882a593Smuzhiyun * If the value |name| is not supported, returns 312*4882a593Smuzhiyun * AVB_IO_RESULT_ERROR_NO_SUCH_VALUE. If the |value_size| is not supported, 313*4882a593Smuzhiyun * returns AVB_IO_RESULT_ERROR_INVALID_VALUE_SIZE. 314*4882a593Smuzhiyun * 315*4882a593Smuzhiyun * This operation is currently only used to support persistent digests or the 316*4882a593Smuzhiyun * AVB_HASHTREE_ERROR_MODE_MANAGED_RESTART_AND_EIO hashtree error mode. If a 317*4882a593Smuzhiyun * device does not use one of these features this function pointer can be set 318*4882a593Smuzhiyun * to NULL. 319*4882a593Smuzhiyun */ 320*4882a593Smuzhiyun AvbIOResult (*write_persistent_value)(AvbOps* ops, 321*4882a593Smuzhiyun const char* name, 322*4882a593Smuzhiyun size_t value_size, 323*4882a593Smuzhiyun const uint8_t* value); 324*4882a593Smuzhiyun 325*4882a593Smuzhiyun /* Like validate_vbmeta_public_key() but for when the flag 326*4882a593Smuzhiyun * AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION is being used. The name of the 327*4882a593Smuzhiyun * partition to get the public key for is passed in |partition_name|. 328*4882a593Smuzhiyun * 329*4882a593Smuzhiyun * Also returns the rollback index location to use for the partition, in 330*4882a593Smuzhiyun * |out_rollback_index_location|. 331*4882a593Smuzhiyun * 332*4882a593Smuzhiyun * Returns AVB_IO_RESULT_OK on success, otherwise an error code. 333*4882a593Smuzhiyun */ 334*4882a593Smuzhiyun AvbIOResult (*validate_public_key_for_partition)( 335*4882a593Smuzhiyun AvbOps* ops, 336*4882a593Smuzhiyun const char* partition, 337*4882a593Smuzhiyun const uint8_t* public_key_data, 338*4882a593Smuzhiyun size_t public_key_length, 339*4882a593Smuzhiyun const uint8_t* public_key_metadata, 340*4882a593Smuzhiyun size_t public_key_metadata_length, 341*4882a593Smuzhiyun bool* out_is_trusted, 342*4882a593Smuzhiyun uint32_t* out_rollback_index_location); 343*4882a593Smuzhiyun }; 344*4882a593Smuzhiyun 345*4882a593Smuzhiyun #ifdef __cplusplus 346*4882a593Smuzhiyun } 347*4882a593Smuzhiyun #endif 348*4882a593Smuzhiyun 349*4882a593Smuzhiyun #endif /* AVB_OPS_H_ */ 350