xref: /OK3568_Linux_fs/u-boot/lib/avb/libavb_user/avb_user_verity.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /*
2*4882a593Smuzhiyun  * Copyright (C) 2017 The Android Open Source Project
3*4882a593Smuzhiyun  *
4*4882a593Smuzhiyun  * Permission is hereby granted, free of charge, to any person
5*4882a593Smuzhiyun  * obtaining a copy of this software and associated documentation
6*4882a593Smuzhiyun  * files (the "Software"), to deal in the Software without
7*4882a593Smuzhiyun  * restriction, including without limitation the rights to use, copy,
8*4882a593Smuzhiyun  * modify, merge, publish, distribute, sublicense, and/or sell copies
9*4882a593Smuzhiyun  * of the Software, and to permit persons to whom the Software is
10*4882a593Smuzhiyun  * furnished to do so, subject to the following conditions:
11*4882a593Smuzhiyun  *
12*4882a593Smuzhiyun  * The above copyright notice and this permission notice shall be
13*4882a593Smuzhiyun  * included in all copies or substantial portions of the Software.
14*4882a593Smuzhiyun  *
15*4882a593Smuzhiyun  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16*4882a593Smuzhiyun  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17*4882a593Smuzhiyun  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18*4882a593Smuzhiyun  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19*4882a593Smuzhiyun  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20*4882a593Smuzhiyun  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21*4882a593Smuzhiyun  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22*4882a593Smuzhiyun  * SOFTWARE.
23*4882a593Smuzhiyun  */
24*4882a593Smuzhiyun 
25*4882a593Smuzhiyun #include <android_avb/avb_user_verity.h>
26*4882a593Smuzhiyun 
27*4882a593Smuzhiyun /* Maximum allow length (in bytes) of a partition name, including
28*4882a593Smuzhiyun  * ab_suffix.
29*4882a593Smuzhiyun  */
30*4882a593Smuzhiyun #define AVB_PART_NAME_MAX_SIZE 32
31*4882a593Smuzhiyun 
32*4882a593Smuzhiyun /* Loads the toplevel AvbVBMetaImageHeader from the slot denoted by
33*4882a593Smuzhiyun  * |ab_suffix| into |vbmeta_image|. No validation, verification, or
34*4882a593Smuzhiyun  * byteswapping is performed.
35*4882a593Smuzhiyun  *
36*4882a593Smuzhiyun  * If successful, |true| is returned and the partition it was loaded
37*4882a593Smuzhiyun  * from is returned in |out_partition_name| and the offset on said
38*4882a593Smuzhiyun  * partition is returned in |out_vbmeta_offset|.
39*4882a593Smuzhiyun  */
load_top_level_vbmeta_header(AvbOps * ops,const char * ab_suffix,uint8_t vbmeta_image[AVB_VBMETA_IMAGE_HEADER_SIZE],char out_partition_name[AVB_PART_NAME_MAX_SIZE],uint64_t * out_vbmeta_offset)40*4882a593Smuzhiyun static bool load_top_level_vbmeta_header(
41*4882a593Smuzhiyun     AvbOps* ops,
42*4882a593Smuzhiyun     const char* ab_suffix,
43*4882a593Smuzhiyun     uint8_t vbmeta_image[AVB_VBMETA_IMAGE_HEADER_SIZE],
44*4882a593Smuzhiyun     char out_partition_name[AVB_PART_NAME_MAX_SIZE],
45*4882a593Smuzhiyun     uint64_t* out_vbmeta_offset) {
46*4882a593Smuzhiyun   uint64_t vbmeta_offset = 0;
47*4882a593Smuzhiyun   size_t num_read;
48*4882a593Smuzhiyun   bool ret = false;
49*4882a593Smuzhiyun   AvbIOResult io_res;
50*4882a593Smuzhiyun 
51*4882a593Smuzhiyun   /* Construct full partition name. */
52*4882a593Smuzhiyun   if (!avb_str_concat(out_partition_name,
53*4882a593Smuzhiyun                       AVB_PART_NAME_MAX_SIZE,
54*4882a593Smuzhiyun                       "vbmeta",
55*4882a593Smuzhiyun                       6,
56*4882a593Smuzhiyun                       ab_suffix,
57*4882a593Smuzhiyun                       avb_strlen(ab_suffix))) {
58*4882a593Smuzhiyun     avb_error("Partition name and suffix does not fit.\n");
59*4882a593Smuzhiyun     goto out;
60*4882a593Smuzhiyun   }
61*4882a593Smuzhiyun 
62*4882a593Smuzhiyun   /* Only read the header, not the entire struct. */
63*4882a593Smuzhiyun   io_res = ops->read_from_partition(ops,
64*4882a593Smuzhiyun                                     out_partition_name,
65*4882a593Smuzhiyun                                     vbmeta_offset,
66*4882a593Smuzhiyun                                     AVB_VBMETA_IMAGE_HEADER_SIZE,
67*4882a593Smuzhiyun                                     vbmeta_image,
68*4882a593Smuzhiyun                                     &num_read);
69*4882a593Smuzhiyun   if (io_res == AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION) {
70*4882a593Smuzhiyun     AvbFooter footer;
71*4882a593Smuzhiyun 
72*4882a593Smuzhiyun     /* Try looking for the vbmeta struct in 'boot' via the footer. */
73*4882a593Smuzhiyun     if (!avb_str_concat(out_partition_name,
74*4882a593Smuzhiyun                         AVB_PART_NAME_MAX_SIZE,
75*4882a593Smuzhiyun                         "boot",
76*4882a593Smuzhiyun                         4,
77*4882a593Smuzhiyun                         ab_suffix,
78*4882a593Smuzhiyun                         avb_strlen(ab_suffix))) {
79*4882a593Smuzhiyun       avb_error("Partition name and suffix does not fit.\n");
80*4882a593Smuzhiyun       goto out;
81*4882a593Smuzhiyun     }
82*4882a593Smuzhiyun     io_res = ops->read_from_partition(ops,
83*4882a593Smuzhiyun                                       out_partition_name,
84*4882a593Smuzhiyun                                       -AVB_FOOTER_SIZE,
85*4882a593Smuzhiyun                                       AVB_FOOTER_SIZE,
86*4882a593Smuzhiyun                                       &footer,
87*4882a593Smuzhiyun                                       &num_read);
88*4882a593Smuzhiyun     if (io_res != AVB_IO_RESULT_OK) {
89*4882a593Smuzhiyun       avb_errorv("Error loading footer from partition '",
90*4882a593Smuzhiyun                  out_partition_name,
91*4882a593Smuzhiyun                  "'\n",
92*4882a593Smuzhiyun                  NULL);
93*4882a593Smuzhiyun       goto out;
94*4882a593Smuzhiyun     }
95*4882a593Smuzhiyun 
96*4882a593Smuzhiyun     if (avb_memcmp(footer.magic, AVB_FOOTER_MAGIC, AVB_FOOTER_MAGIC_LEN) != 0) {
97*4882a593Smuzhiyun       avb_errorv("Data from '",
98*4882a593Smuzhiyun                  out_partition_name,
99*4882a593Smuzhiyun                  "' does not look like a vbmeta footer.\n",
100*4882a593Smuzhiyun                  NULL);
101*4882a593Smuzhiyun       goto out;
102*4882a593Smuzhiyun     }
103*4882a593Smuzhiyun 
104*4882a593Smuzhiyun     vbmeta_offset = avb_be64toh(footer.vbmeta_offset);
105*4882a593Smuzhiyun     io_res = ops->read_from_partition(ops,
106*4882a593Smuzhiyun                                       out_partition_name,
107*4882a593Smuzhiyun                                       vbmeta_offset,
108*4882a593Smuzhiyun                                       AVB_VBMETA_IMAGE_HEADER_SIZE,
109*4882a593Smuzhiyun                                       vbmeta_image,
110*4882a593Smuzhiyun                                       &num_read);
111*4882a593Smuzhiyun   }
112*4882a593Smuzhiyun 
113*4882a593Smuzhiyun   if (io_res != AVB_IO_RESULT_OK) {
114*4882a593Smuzhiyun     avb_errorv(
115*4882a593Smuzhiyun         "Error loading from partition '", out_partition_name, "'\n", NULL);
116*4882a593Smuzhiyun     goto out;
117*4882a593Smuzhiyun   }
118*4882a593Smuzhiyun 
119*4882a593Smuzhiyun   if (out_vbmeta_offset != NULL) {
120*4882a593Smuzhiyun     *out_vbmeta_offset = vbmeta_offset;
121*4882a593Smuzhiyun   }
122*4882a593Smuzhiyun 
123*4882a593Smuzhiyun   ret = true;
124*4882a593Smuzhiyun 
125*4882a593Smuzhiyun out:
126*4882a593Smuzhiyun   return ret;
127*4882a593Smuzhiyun }
128*4882a593Smuzhiyun 
avb_user_verity_get(AvbOps * ops,const char * ab_suffix,bool * out_verity_enabled)129*4882a593Smuzhiyun bool avb_user_verity_get(AvbOps* ops,
130*4882a593Smuzhiyun                          const char* ab_suffix,
131*4882a593Smuzhiyun                          bool* out_verity_enabled) {
132*4882a593Smuzhiyun   uint8_t vbmeta_image[AVB_VBMETA_IMAGE_HEADER_SIZE]; /* 256 bytes. */
133*4882a593Smuzhiyun   char partition_name[AVB_PART_NAME_MAX_SIZE];        /* 32 bytes. */
134*4882a593Smuzhiyun   AvbVBMetaImageHeader* header;
135*4882a593Smuzhiyun   uint32_t flags;
136*4882a593Smuzhiyun   bool ret = false;
137*4882a593Smuzhiyun 
138*4882a593Smuzhiyun   if (!load_top_level_vbmeta_header(
139*4882a593Smuzhiyun           ops, ab_suffix, vbmeta_image, partition_name, NULL)) {
140*4882a593Smuzhiyun     goto out;
141*4882a593Smuzhiyun   }
142*4882a593Smuzhiyun 
143*4882a593Smuzhiyun   if (avb_memcmp(vbmeta_image, AVB_MAGIC, AVB_MAGIC_LEN) != 0) {
144*4882a593Smuzhiyun     avb_errorv("Data from '",
145*4882a593Smuzhiyun                partition_name,
146*4882a593Smuzhiyun                "' does not look like a vbmeta header.\n",
147*4882a593Smuzhiyun                NULL);
148*4882a593Smuzhiyun     goto out;
149*4882a593Smuzhiyun   }
150*4882a593Smuzhiyun 
151*4882a593Smuzhiyun   /* Set/clear the HASHTREE_DISABLED bit, as requested. */
152*4882a593Smuzhiyun   header = (AvbVBMetaImageHeader*)vbmeta_image;
153*4882a593Smuzhiyun   flags = avb_be32toh(header->flags);
154*4882a593Smuzhiyun 
155*4882a593Smuzhiyun   if (out_verity_enabled != NULL) {
156*4882a593Smuzhiyun     *out_verity_enabled = !(flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED);
157*4882a593Smuzhiyun   }
158*4882a593Smuzhiyun 
159*4882a593Smuzhiyun   ret = true;
160*4882a593Smuzhiyun 
161*4882a593Smuzhiyun out:
162*4882a593Smuzhiyun   return ret;
163*4882a593Smuzhiyun }
164*4882a593Smuzhiyun 
avb_user_verity_set(AvbOps * ops,const char * ab_suffix,bool enable_verity)165*4882a593Smuzhiyun bool avb_user_verity_set(AvbOps* ops,
166*4882a593Smuzhiyun                          const char* ab_suffix,
167*4882a593Smuzhiyun                          bool enable_verity) {
168*4882a593Smuzhiyun   uint8_t vbmeta_image[AVB_VBMETA_IMAGE_HEADER_SIZE]; /* 256 bytes. */
169*4882a593Smuzhiyun   char partition_name[AVB_PART_NAME_MAX_SIZE];        /* 32 bytes. */
170*4882a593Smuzhiyun   uint64_t vbmeta_offset;
171*4882a593Smuzhiyun   AvbIOResult io_res;
172*4882a593Smuzhiyun   AvbVBMetaImageHeader* header;
173*4882a593Smuzhiyun   uint32_t flags;
174*4882a593Smuzhiyun   bool ret = false;
175*4882a593Smuzhiyun 
176*4882a593Smuzhiyun   if (!load_top_level_vbmeta_header(
177*4882a593Smuzhiyun           ops, ab_suffix, vbmeta_image, partition_name, &vbmeta_offset)) {
178*4882a593Smuzhiyun     goto out;
179*4882a593Smuzhiyun   }
180*4882a593Smuzhiyun 
181*4882a593Smuzhiyun   if (avb_memcmp(vbmeta_image, AVB_MAGIC, AVB_MAGIC_LEN) != 0) {
182*4882a593Smuzhiyun     avb_errorv("Data from '",
183*4882a593Smuzhiyun                partition_name,
184*4882a593Smuzhiyun                "' does not look like a vbmeta header.\n",
185*4882a593Smuzhiyun                NULL);
186*4882a593Smuzhiyun     goto out;
187*4882a593Smuzhiyun   }
188*4882a593Smuzhiyun 
189*4882a593Smuzhiyun   /* Set/clear the HASHTREE_DISABLED bit, as requested. */
190*4882a593Smuzhiyun   header = (AvbVBMetaImageHeader*)vbmeta_image;
191*4882a593Smuzhiyun   flags = avb_be32toh(header->flags);
192*4882a593Smuzhiyun   flags &= ~AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED;
193*4882a593Smuzhiyun   if (!enable_verity) {
194*4882a593Smuzhiyun     flags |= AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED;
195*4882a593Smuzhiyun   }
196*4882a593Smuzhiyun   header->flags = avb_htobe32(flags);
197*4882a593Smuzhiyun 
198*4882a593Smuzhiyun   /* Write the header. */
199*4882a593Smuzhiyun   io_res = ops->write_to_partition(ops,
200*4882a593Smuzhiyun                                    partition_name,
201*4882a593Smuzhiyun                                    vbmeta_offset,
202*4882a593Smuzhiyun                                    AVB_VBMETA_IMAGE_HEADER_SIZE,
203*4882a593Smuzhiyun                                    vbmeta_image);
204*4882a593Smuzhiyun   if (io_res != AVB_IO_RESULT_OK) {
205*4882a593Smuzhiyun     avb_errorv("Error writing to partition '", partition_name, "'\n", NULL);
206*4882a593Smuzhiyun     goto out;
207*4882a593Smuzhiyun   }
208*4882a593Smuzhiyun 
209*4882a593Smuzhiyun   ret = true;
210*4882a593Smuzhiyun 
211*4882a593Smuzhiyun out:
212*4882a593Smuzhiyun   return ret;
213*4882a593Smuzhiyun }
214