1*37a7bc39SJason Zhu /* 2*37a7bc39SJason Zhu * (C) Copyright 2017 Rockchip Electronics Co., Ltd 3*37a7bc39SJason Zhu * 4*37a7bc39SJason Zhu * SPDX-License-Identifier: GPL-2.0+ 5*37a7bc39SJason Zhu */ 6*37a7bc39SJason Zhu 7*37a7bc39SJason Zhu #ifndef RK_AVB_OPS_USER_H_ 8*37a7bc39SJason Zhu #define RK_AVB_OPS_USER_H_ 9*37a7bc39SJason Zhu 10*37a7bc39SJason Zhu #ifdef __cplusplus 11*37a7bc39SJason Zhu extern "C" { 12*37a7bc39SJason Zhu #endif 13*37a7bc39SJason Zhu 14*37a7bc39SJason Zhu /* rk used */ 15*37a7bc39SJason Zhu #define PERM_ATTR_DIGEST_SIZE 32 16*37a7bc39SJason Zhu #define PERM_ATTR_TOTAL_SIZE 1052 17*37a7bc39SJason Zhu #define VBOOT_KEY_HASH_SIZE 32 18*37a7bc39SJason Zhu #define ANDROID_VBOOT_LOCK 0 19*37a7bc39SJason Zhu #define ANDROID_VBOOT_UNLOCK 1 20*37a7bc39SJason Zhu #define SLOT_NUM 2 21*37a7bc39SJason Zhu #define CURR_SYSTEM_SLOT_SUFFIX "ab" 22*37a7bc39SJason Zhu #define VBMETA_MAX_SIZE 65536 23*37a7bc39SJason Zhu #define ROLLBACK_MAX_SIZE 20 24*37a7bc39SJason Zhu #define LOCK_MASK 0x1 25*37a7bc39SJason Zhu #define UNLOCK_DISABLE_MASK 0x2 26*37a7bc39SJason Zhu #define VBOOT_STATE_SIZE 300 27*37a7bc39SJason Zhu #define PERM_ATTR_SUCCESS_FLAG 1 28*37a7bc39SJason Zhu /* soc-v use the rsa2048 */ 29*37a7bc39SJason Zhu #define VBOOT_KEY_SIZE 256 30*37a7bc39SJason Zhu 31*37a7bc39SJason Zhu /** 32*37a7bc39SJason Zhu * Provided to fastboot to read how many slot in this system. 33*37a7bc39SJason Zhu * 34*37a7bc39SJason Zhu * @param slot_count We use parameter slot_count to obtain 35*37a7bc39SJason Zhu * how many slots in the system. 36*37a7bc39SJason Zhu * 37*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 38*37a7bc39SJason Zhu */ 39*37a7bc39SJason Zhu int rk_avb_read_slot_count(char *slot_count); 40*37a7bc39SJason Zhu 41*37a7bc39SJason Zhu /** 42*37a7bc39SJason Zhu * The android things supply many slots, their name like '_a', '_b'. 43*37a7bc39SJason Zhu * We can use this function to read current slot is '_a' or '_b'. 44*37a7bc39SJason Zhu * 45*37a7bc39SJason Zhu * @slot_suffixes read value '_a' or '_b'. 46*37a7bc39SJason Zhu * 47*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 48*37a7bc39SJason Zhu */ 49*37a7bc39SJason Zhu int rk_avb_read_slot_suffixes(char *slot_suffixes); 50*37a7bc39SJason Zhu 51*37a7bc39SJason Zhu /** 52*37a7bc39SJason Zhu * Use this function to set which slot boot first. 53*37a7bc39SJason Zhu * 54*37a7bc39SJason Zhu * @param slot_number set '0' or '1' 55*37a7bc39SJason Zhu * 56*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 57*37a7bc39SJason Zhu */ 58*37a7bc39SJason Zhu int rk_avb_set_slot_active(unsigned int *slot_number); 59*37a7bc39SJason Zhu 60*37a7bc39SJason Zhu /** 61*37a7bc39SJason Zhu * Get current slot: '_a' or '_b'. 62*37a7bc39SJason Zhu * 63*37a7bc39SJason Zhu * @param select_slot obtain current slot. 64*37a7bc39SJason Zhu * 65*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 66*37a7bc39SJason Zhu */ 67*37a7bc39SJason Zhu int rk_avb_get_current_slot(char *select_slot); 68*37a7bc39SJason Zhu 69*37a7bc39SJason Zhu /** 70*37a7bc39SJason Zhu * The android things defines permanent attributes to 71*37a7bc39SJason Zhu * store PSK_public, product id. We can use this function 72*37a7bc39SJason Zhu * to read them. 73*37a7bc39SJason Zhu * 74*37a7bc39SJason Zhu * @param attributes PSK_public, product id.... 75*37a7bc39SJason Zhu * 76*37a7bc39SJason Zhu * @param size The size of attributes. 77*37a7bc39SJason Zhu * 78*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 79*37a7bc39SJason Zhu */ 80*37a7bc39SJason Zhu int rk_avb_read_permanent_attributes(uint8_t *attributes, uint32_t size); 81*37a7bc39SJason Zhu 82*37a7bc39SJason Zhu /** 83*37a7bc39SJason Zhu * The android things defines permanent attributes to 84*37a7bc39SJason Zhu * store PSK_public, product id. We can use this function 85*37a7bc39SJason Zhu * to write them. 86*37a7bc39SJason Zhu * 87*37a7bc39SJason Zhu * @param attributes PSK_public, product id.... 88*37a7bc39SJason Zhu * 89*37a7bc39SJason Zhu * @param size The size of attributes. 90*37a7bc39SJason Zhu * 91*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 92*37a7bc39SJason Zhu */ 93*37a7bc39SJason Zhu int rk_avb_write_permanent_attributes(uint8_t *attributes, uint32_t size); 94*37a7bc39SJason Zhu 95*37a7bc39SJason Zhu /** 96*37a7bc39SJason Zhu * The funtion can be use to read the device state to judge 97*37a7bc39SJason Zhu * whether the device can be flash. 98*37a7bc39SJason Zhu * 99*37a7bc39SJason Zhu * @param flash_lock_state A flag indicate the device flash state. 100*37a7bc39SJason Zhu * 101*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 102*37a7bc39SJason Zhu */ 103*37a7bc39SJason Zhu int rk_avb_read_flash_lock_state(uint8_t *flash_lock_state); 104*37a7bc39SJason Zhu 105*37a7bc39SJason Zhu /** 106*37a7bc39SJason Zhu * The function is provided to write device flash state. 107*37a7bc39SJason Zhu * 108*37a7bc39SJason Zhu * @param flash_lock_state A flag indicate the device flash state. 109*37a7bc39SJason Zhu * 110*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 111*37a7bc39SJason Zhu */ 112*37a7bc39SJason Zhu int rk_avb_write_flash_lock_state(uint8_t flash_lock_state); 113*37a7bc39SJason Zhu 114*37a7bc39SJason Zhu /** 115*37a7bc39SJason Zhu * The android things use the flag of lock state to indicate 116*37a7bc39SJason Zhu * whether the device can be booted when verified error. 117*37a7bc39SJason Zhu * 118*37a7bc39SJason Zhu * @param lock_state A flag indicate the device lock state. 119*37a7bc39SJason Zhu * 120*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 121*37a7bc39SJason Zhu */ 122*37a7bc39SJason Zhu int rk_avb_read_lock_state(uint8_t *lock_state); 123*37a7bc39SJason Zhu 124*37a7bc39SJason Zhu /** 125*37a7bc39SJason Zhu * The android things use the flag of lock state to indicate 126*37a7bc39SJason Zhu * whether the device can be booted when verified error. 127*37a7bc39SJason Zhu * 128*37a7bc39SJason Zhu * @param lock_state A flag indicate the device lock state. 129*37a7bc39SJason Zhu * 130*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 131*37a7bc39SJason Zhu */ 132*37a7bc39SJason Zhu int rk_avb_write_lock_state(uint8_t lock_state); 133*37a7bc39SJason Zhu 134*37a7bc39SJason Zhu /** 135*37a7bc39SJason Zhu * The android things uses fastboot to flash the permanent attributes. 136*37a7bc39SJason Zhu * And if them were written, there must have a flag to indicate. 137*37a7bc39SJason Zhu * 138*37a7bc39SJason Zhu * @param flag indicate the permanent attributes have been written 139*37a7bc39SJason Zhu * or not. 140*37a7bc39SJason Zhu * 141*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 142*37a7bc39SJason Zhu */ 143*37a7bc39SJason Zhu int rk_avb_read_perm_attr_flag(uint8_t *flag); 144*37a7bc39SJason Zhu 145*37a7bc39SJason Zhu /** 146*37a7bc39SJason Zhu * The android things uses fastboot to flash the permanent attributes. 147*37a7bc39SJason Zhu * And if them were written, there must have a flag to indicate. 148*37a7bc39SJason Zhu * 149*37a7bc39SJason Zhu * @param flag We can call this function to write the flag '1' 150*37a7bc39SJason Zhu * to indicate the permanent attributes has been 151*37a7bc39SJason Zhu * written. 152*37a7bc39SJason Zhu * 153*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 154*37a7bc39SJason Zhu */ 155*37a7bc39SJason Zhu int rk_avb_write_perm_attr_flag(uint8_t flag); 156*37a7bc39SJason Zhu 157*37a7bc39SJason Zhu /** 158*37a7bc39SJason Zhu * The android things require the soc-v key hash to be flashed 159*37a7bc39SJason Zhu * using the fastboot. So the function can be used in fastboot 160*37a7bc39SJason Zhu * to flash the key hash. 161*37a7bc39SJason Zhu * 162*37a7bc39SJason Zhu * @param buf The vboot key hash data. 163*37a7bc39SJason Zhu * 164*37a7bc39SJason Zhu * @param length The length of key hash. 165*37a7bc39SJason Zhu * 166*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 167*37a7bc39SJason Zhu */ 168*37a7bc39SJason Zhu int rk_avb_read_vbootkey_hash(uint8_t *buf, uint8_t length); 169*37a7bc39SJason Zhu 170*37a7bc39SJason Zhu /** 171*37a7bc39SJason Zhu * The android things require the soc-v key hash to be flashed 172*37a7bc39SJason Zhu * using the fastboot. So the function can be used in fastboot 173*37a7bc39SJason Zhu * to flash the key hash. 174*37a7bc39SJason Zhu * 175*37a7bc39SJason Zhu * @param buf The vboot key hash data. 176*37a7bc39SJason Zhu * 177*37a7bc39SJason Zhu * @param length The length of key hash. 178*37a7bc39SJason Zhu * 179*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 180*37a7bc39SJason Zhu */ 181*37a7bc39SJason Zhu int rk_avb_write_vbootkey_hash(uint8_t *buf, uint8_t length); 182*37a7bc39SJason Zhu 183*37a7bc39SJason Zhu /** 184*37a7bc39SJason Zhu * U-boot close the optee client when start kernel 185*37a7bc39SJason Zhu * to prevent the optee client being invoking by other 186*37a7bc39SJason Zhu * program. 187*37a7bc39SJason Zhu * 188*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 189*37a7bc39SJason Zhu */ 190*37a7bc39SJason Zhu int rk_avb_close_optee_client(void); 191*37a7bc39SJason Zhu 192*37a7bc39SJason Zhu /** 193*37a7bc39SJason Zhu * read the permanent attributes hash. 194*37a7bc39SJason Zhu * 195*37a7bc39SJason Zhu * @param buf The permanent attributes hash data. 196*37a7bc39SJason Zhu * 197*37a7bc39SJason Zhu * @param length The length of permanent attributes hash. 198*37a7bc39SJason Zhu * 199*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 200*37a7bc39SJason Zhu */ 201*37a7bc39SJason Zhu int rk_avb_read_attribute_hash(uint8_t *buf, uint8_t length); 202*37a7bc39SJason Zhu 203*37a7bc39SJason Zhu /** 204*37a7bc39SJason Zhu * Write the permanent attributes hash. 205*37a7bc39SJason Zhu * 206*37a7bc39SJason Zhu * @param buf The permanent attributes hash data. 207*37a7bc39SJason Zhu * 208*37a7bc39SJason Zhu * @param length The length of permanent attributes hash. 209*37a7bc39SJason Zhu * 210*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 211*37a7bc39SJason Zhu */ 212*37a7bc39SJason Zhu int rk_avb_write_attribute_hash(uint8_t *buf, uint8_t length); 213*37a7bc39SJason Zhu 214*37a7bc39SJason Zhu /** 215*37a7bc39SJason Zhu * Get the avb vboot state 216*37a7bc39SJason Zhu * 217*37a7bc39SJason Zhu * @param buf store the vboot state. 218*37a7bc39SJason Zhu * 219*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 220*37a7bc39SJason Zhu */ 221*37a7bc39SJason Zhu void rk_avb_get_at_vboot_state(char *buf); 222*37a7bc39SJason Zhu 223*37a7bc39SJason Zhu /** 224*37a7bc39SJason Zhu * Get ab information from misc partition 225*37a7bc39SJason Zhu * 226*37a7bc39SJason Zhu * @param ab_data the struct of ab information 227*37a7bc39SJason Zhu * 228*37a7bc39SJason Zhu * @return 0 if the command succeeded, -1 if it failed 229*37a7bc39SJason Zhu */ 230*37a7bc39SJason Zhu int rk_avb_get_ab_info(AvbABData* ab_data); 231*37a7bc39SJason Zhu 232*37a7bc39SJason Zhu /** 233*37a7bc39SJason Zhu * Get the information whether the partition has slot 234*37a7bc39SJason Zhu * 235*37a7bc39SJason Zhu * @param the partition name 236*37a7bc39SJason Zhu * 237*37a7bc39SJason Zhu * @return 0 if the partition has slot, -1 if not 238*37a7bc39SJason Zhu */ 239*37a7bc39SJason Zhu int rk_avb_get_part_has_slot_info(const char *base_name); 240*37a7bc39SJason Zhu 241*37a7bc39SJason Zhu AvbABFlowResult rk_avb_ab_slot_select(AvbABOps* ab_ops,char select_slot[]); 242*37a7bc39SJason Zhu 243*37a7bc39SJason Zhu #ifdef __cplusplus 244*37a7bc39SJason Zhu } 245*37a7bc39SJason Zhu #endif 246*37a7bc39SJason Zhu 247*37a7bc39SJason Zhu #endif /* RK_AVB_OPS_USER_H_ */ 248