1 /* 2 * (C) Copyright 2017 Rockchip Electronics Co., Ltd 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #ifndef RK_AVB_OPS_USER_H_ 8 #define RK_AVB_OPS_USER_H_ 9 10 #include <android_avb/avb_ops_user.h> 11 #include <android_avb/libavb_ab.h> 12 13 #ifdef __cplusplus 14 extern "C" { 15 #endif 16 17 /* rk used */ 18 #define PERM_ATTR_DIGEST_SIZE 32 19 #define PERM_ATTR_TOTAL_SIZE 1052 20 #define VBOOT_KEY_HASH_SIZE 32 21 #define ANDROID_VBOOT_LOCK 0 22 #define ANDROID_VBOOT_UNLOCK 1 23 #define SLOT_NUM 2 24 #define CURR_SYSTEM_SLOT_SUFFIX "ab" 25 #define VBMETA_MAX_SIZE 65536 26 #define ROLLBACK_MAX_SIZE 20 27 #define LOCK_MASK (1 << 0) 28 #define UNLOCK_DISABLE_MASK (1 << 1) 29 #define VBOOT_STATE_SIZE 1000 30 #define PERM_ATTR_SUCCESS_FLAG 1 31 /* soc-v use the rsa2048 */ 32 #define VBOOT_KEY_SIZE 256 33 #define RPMB_BASE_ADDR (64*1024/256) 34 #define UBOOT_RB_INDEX_OFFSET 24 35 #define TRUST_RB_INDEX_OFFSET 28 36 #define ROCHCHIP_RSA_PARAMETER_SIZE 64 37 38 struct rk_pub_key { 39 u_int32_t rsa_n[ROCHCHIP_RSA_PARAMETER_SIZE]; 40 u_int32_t rsa_e[ROCHCHIP_RSA_PARAMETER_SIZE]; 41 u_int32_t rsa_c[ROCHCHIP_RSA_PARAMETER_SIZE]; 42 }; 43 44 /** 45 * Provided to fastboot to read how many slot in this system. 46 * 47 * @param slot_count We use parameter slot_count to obtain 48 * how many slots in the system. 49 * 50 * @return 0 if the command succeeded, -1 if it failed 51 */ 52 int rk_avb_read_slot_count(char *slot_count); 53 54 /** 55 * The android things supply many slots, their name like '_a', '_b'. 56 * We can use this function to read current slot is '_a' or '_b'. 57 * 58 * @slot_suffixes read value '_a' or '_b'. 59 * 60 * @return 0 if the command succeeded, -1 if it failed 61 */ 62 int rk_avb_read_slot_suffixes(char *slot_suffixes); 63 64 /** 65 * Use this function to set which slot boot first. 66 * 67 * @param slot_number set '0' or '1' 68 * 69 * @return 0 if the command succeeded, -1 if it failed 70 */ 71 int rk_avb_set_slot_active(unsigned int *slot_number); 72 73 /** 74 * Get current slot: '_a' or '_b'. 75 * 76 * @param select_slot obtain current slot. 77 * 78 * @return 0 if the command succeeded, -1 if it failed 79 */ 80 int rk_avb_get_current_slot(char *select_slot); 81 82 /** 83 * Append current slot to given partition name 84 * 85 * @param part_name partition name 86 * @param slot given slot suffix, auto append current slot if NULL 87 * @param new_name partition name with slot suffix appended 88 * 89 * @return 0 if the command succeeded, -1 if it failed 90 */ 91 int rk_avb_append_part_slot(const char *part_name, char *new_name); 92 93 /** 94 * The android things defines permanent attributes to 95 * store PSK_public, product id. We can use this function 96 * to read them. 97 * 98 * @param attributes PSK_public, product id.... 99 * 100 * @param size The size of attributes. 101 * 102 * @return 0 if the command succeeded, -1 if it failed 103 */ 104 int rk_avb_read_permanent_attributes(uint8_t *attributes, uint32_t size); 105 106 /** 107 * The android things defines permanent attributes to 108 * store PSK_public, product id. We can use this function 109 * to write them. 110 * 111 * @param attributes PSK_public, product id.... 112 * 113 * @param size The size of attributes. 114 * 115 * @return 0 if the command succeeded, -1 if it failed 116 */ 117 int rk_avb_write_permanent_attributes(uint8_t *attributes, uint32_t size); 118 119 /** 120 * The funtion can be use to read the device state to judge 121 * whether the device can be flash. 122 * 123 * @param flash_lock_state A flag indicate the device flash state. 124 * 125 * @return 0 if the command succeeded, -1 if it failed 126 */ 127 int rk_avb_read_flash_lock_state(uint8_t *flash_lock_state); 128 129 /** 130 * The function is provided to write device flash state. 131 * 132 * @param flash_lock_state A flag indicate the device flash state. 133 * 134 * @return 0 if the command succeeded, -1 if it failed 135 */ 136 int rk_avb_write_flash_lock_state(uint8_t flash_lock_state); 137 138 /** 139 * The android things use the flag of lock state to indicate 140 * whether the device can be booted when verified error. 141 * 142 * @param lock_state A flag indicate the device lock state. 143 * 144 * @return 0 if the command succeeded, -1 if it failed 145 */ 146 int rk_avb_read_lock_state(uint8_t *lock_state); 147 148 /** 149 * The android things use the flag of lock state to indicate 150 * whether the device can be booted when verified error. 151 * 152 * @param lock_state A flag indicate the device lock state. 153 * 154 * @return 0 if the command succeeded, -1 if it failed 155 */ 156 int rk_avb_write_lock_state(uint8_t lock_state); 157 158 /** 159 * The android things uses fastboot to flash the permanent attributes. 160 * And if them were written, there must have a flag to indicate. 161 * 162 * @param flag indicate the permanent attributes have been written 163 * or not. 164 * 165 * @return 0 if the command succeeded, -1 if it failed 166 */ 167 int rk_avb_read_perm_attr_flag(uint8_t *flag); 168 169 /** 170 * The android things uses fastboot to flash the permanent attributes. 171 * And if them were written, there must have a flag to indicate. 172 * 173 * @param flag We can call this function to write the flag '1' 174 * to indicate the permanent attributes has been 175 * written. 176 * 177 * @return 0 if the command succeeded, -1 if it failed 178 */ 179 int rk_avb_write_perm_attr_flag(uint8_t flag); 180 181 /** 182 * The android things require the soc-v key hash to be flashed 183 * using the fastboot. So the function can be used in fastboot 184 * to flash the key hash. 185 * 186 * @param buf The vboot key hash data. 187 * 188 * @param length The length of key hash. 189 * 190 * @return 0 if the command succeeded, -1 if it failed 191 */ 192 int rk_avb_read_vbootkey_hash(uint8_t *buf, uint8_t length); 193 194 /** 195 * The android things require the soc-v key hash to be flashed 196 * using the fastboot. So the function can be used in fastboot 197 * to flash the key hash. 198 * 199 * @param buf The vboot key hash data. 200 * 201 * @param length The length of key hash. 202 * 203 * @return 0 if the command succeeded, -1 if it failed 204 */ 205 int rk_avb_write_vbootkey_hash(uint8_t *buf, uint8_t length); 206 207 /** 208 * U-boot close the optee client when start kernel 209 * to prevent the optee client being invoking by other 210 * program. 211 * 212 * @return 0 if the command succeeded, -1 if it failed 213 */ 214 int rk_avb_close_optee_client(void); 215 216 /** 217 * read the permanent attributes hash. 218 * 219 * @param buf The permanent attributes hash data. 220 * 221 * @param length The length of permanent attributes hash. 222 * 223 * @return 0 if the command succeeded, -1 if it failed 224 */ 225 int rk_avb_read_attribute_hash(uint8_t *buf, uint8_t length); 226 227 /** 228 * Write the permanent attributes hash. 229 * 230 * @param buf The permanent attributes hash data. 231 * 232 * @param length The length of permanent attributes hash. 233 * 234 * @return 0 if the command succeeded, -1 if it failed 235 */ 236 int rk_avb_write_attribute_hash(uint8_t *buf, uint8_t length); 237 238 /** 239 * Get the avb vboot state 240 * 241 * @param buf store the vboot state. 242 * 243 * @return 0 if the command succeeded, -1 if it failed 244 */ 245 void rk_avb_get_at_vboot_state(char *buf); 246 247 /** 248 * Get ab information from misc partition 249 * 250 * @param ab_data the struct of ab information 251 * 252 * @return 0 if the command succeeded, -1 if it failed 253 */ 254 int rk_avb_get_ab_info(AvbABData* ab_data); 255 256 /** 257 * Get the information whether the partition has slot 258 * 259 * @param the partition name 260 * 261 * @return 0 if the partition has slot, -1 if not 262 */ 263 int rk_avb_get_part_has_slot_info(const char *base_name); 264 265 AvbABFlowResult rk_avb_ab_slot_select(AvbABOps* ab_ops,char select_slot[]); 266 267 /** 268 * authenticated unlock 269 * 270 * @param buffer: AvbAtxUnlockCredential 271 * 272 * @param out_is_trusted: true or false 273 * 274 * @return 0 if authenticated unlock OK, -1 if not 275 */ 276 int rk_auth_unlock(void *buffer, char *out_is_trusted); 277 278 /** 279 * generate unlock challenge 280 * 281 * @param buffer: AvbAtxUnlockChallenge 282 * 283 * @param challenge_len: Challenge length 284 * 285 * @param out_is_trusted: true or false 286 * 287 * @return 0 if generate unlock challenge OK, -1 if not 288 */ 289 int rk_generate_unlock_challenge(void *buffer, uint32_t *challenge_len); 290 291 /** 292 * Get last boot slot 293 * 294 * @return 0 is slot A; 1 is slot B; -1 is error 295 */ 296 int rk_get_lastboot(void); 297 298 /** 299 * Get permanent attribute certificate 300 * 301 * @param cer: certificate data 302 * 303 * @param size: certificate size 304 */ 305 int rk_avb_get_perm_attr_cer(uint8_t *cer, uint32_t size); 306 307 /** 308 * Set permanent attribute certificate 309 * 310 * @param cer: certificate data 311 * 312 * @param size: certificate size 313 */ 314 int rk_avb_set_perm_attr_cer(uint8_t *cer, uint32_t size); 315 316 /** 317 * Get public key 318 * 319 * @param pub_key: public key data 320 */ 321 int rk_avb_get_pub_key(struct rk_pub_key *pub_key); 322 323 /** 324 * init ab metadata 325 */ 326 int rk_avb_init_ab_metadata(void); 327 328 /** 329 * rockchip avb commands 330 */ 331 int rk_avb_write_perm_attr(uint16_t id, void *pbuf, uint16_t size); 332 int rk_avb_read_perm_attr(uint16_t id, void *pbuf, uint16_t size); 333 334 /** 335 * Do the device have boot slot 336 */ 337 bool rk_avb_ab_have_bootable_slot(void); 338 339 /** 340 * update rollback index 341 */ 342 int rk_avb_update_stored_rollback_indexes_for_slot(AvbOps* ops, AvbSlotVerifyData* slot_data); 343 344 #ifdef __cplusplus 345 } 346 #endif 347 348 #endif /* RK_AVB_OPS_USER_H_ */ 349