1 /* 2 * (C) Copyright 2017 Rockchip Electronics Co., Ltd 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #ifndef RK_AVB_OPS_USER_H_ 8 #define RK_AVB_OPS_USER_H_ 9 10 #ifdef __cplusplus 11 extern "C" { 12 #endif 13 14 /* rk used */ 15 #define PERM_ATTR_DIGEST_SIZE 32 16 #define PERM_ATTR_TOTAL_SIZE 1052 17 #define VBOOT_KEY_HASH_SIZE 32 18 #define ANDROID_VBOOT_LOCK 0 19 #define ANDROID_VBOOT_UNLOCK 1 20 #define SLOT_NUM 2 21 #define CURR_SYSTEM_SLOT_SUFFIX "ab" 22 #define VBMETA_MAX_SIZE 65536 23 #define ROLLBACK_MAX_SIZE 20 24 #define LOCK_MASK 0x1 25 #define UNLOCK_DISABLE_MASK 0x2 26 #define VBOOT_STATE_SIZE 1000 27 #define PERM_ATTR_SUCCESS_FLAG 1 28 /* soc-v use the rsa2048 */ 29 #define VBOOT_KEY_SIZE 256 30 #define RPMB_BASE_ADDR (64*1024/256) 31 #define UBOOT_RB_INDEX_OFFSET 24 32 #define TRUST_RB_INDEX_OFFSET 28 33 34 /** 35 * Provided to fastboot to read how many slot in this system. 36 * 37 * @param slot_count We use parameter slot_count to obtain 38 * how many slots in the system. 39 * 40 * @return 0 if the command succeeded, -1 if it failed 41 */ 42 int rk_avb_read_slot_count(char *slot_count); 43 44 /** 45 * The android things supply many slots, their name like '_a', '_b'. 46 * We can use this function to read current slot is '_a' or '_b'. 47 * 48 * @slot_suffixes read value '_a' or '_b'. 49 * 50 * @return 0 if the command succeeded, -1 if it failed 51 */ 52 int rk_avb_read_slot_suffixes(char *slot_suffixes); 53 54 /** 55 * Use this function to set which slot boot first. 56 * 57 * @param slot_number set '0' or '1' 58 * 59 * @return 0 if the command succeeded, -1 if it failed 60 */ 61 int rk_avb_set_slot_active(unsigned int *slot_number); 62 63 /** 64 * Get current slot: '_a' or '_b'. 65 * 66 * @param select_slot obtain current slot. 67 * 68 * @return 0 if the command succeeded, -1 if it failed 69 */ 70 int rk_avb_get_current_slot(char *select_slot); 71 72 /** 73 * The android things defines permanent attributes to 74 * store PSK_public, product id. We can use this function 75 * to read them. 76 * 77 * @param attributes PSK_public, product id.... 78 * 79 * @param size The size of attributes. 80 * 81 * @return 0 if the command succeeded, -1 if it failed 82 */ 83 int rk_avb_read_permanent_attributes(uint8_t *attributes, uint32_t size); 84 85 /** 86 * The android things defines permanent attributes to 87 * store PSK_public, product id. We can use this function 88 * to write them. 89 * 90 * @param attributes PSK_public, product id.... 91 * 92 * @param size The size of attributes. 93 * 94 * @return 0 if the command succeeded, -1 if it failed 95 */ 96 int rk_avb_write_permanent_attributes(uint8_t *attributes, uint32_t size); 97 98 /** 99 * The funtion can be use to read the device state to judge 100 * whether the device can be flash. 101 * 102 * @param flash_lock_state A flag indicate the device flash state. 103 * 104 * @return 0 if the command succeeded, -1 if it failed 105 */ 106 int rk_avb_read_flash_lock_state(uint8_t *flash_lock_state); 107 108 /** 109 * The function is provided to write device flash state. 110 * 111 * @param flash_lock_state A flag indicate the device flash state. 112 * 113 * @return 0 if the command succeeded, -1 if it failed 114 */ 115 int rk_avb_write_flash_lock_state(uint8_t flash_lock_state); 116 117 /** 118 * The android things use the flag of lock state to indicate 119 * whether the device can be booted when verified error. 120 * 121 * @param lock_state A flag indicate the device lock state. 122 * 123 * @return 0 if the command succeeded, -1 if it failed 124 */ 125 int rk_avb_read_lock_state(uint8_t *lock_state); 126 127 /** 128 * The android things use the flag of lock state to indicate 129 * whether the device can be booted when verified error. 130 * 131 * @param lock_state A flag indicate the device lock state. 132 * 133 * @return 0 if the command succeeded, -1 if it failed 134 */ 135 int rk_avb_write_lock_state(uint8_t lock_state); 136 137 /** 138 * The android things uses fastboot to flash the permanent attributes. 139 * And if them were written, there must have a flag to indicate. 140 * 141 * @param flag indicate the permanent attributes have been written 142 * or not. 143 * 144 * @return 0 if the command succeeded, -1 if it failed 145 */ 146 int rk_avb_read_perm_attr_flag(uint8_t *flag); 147 148 /** 149 * The android things uses fastboot to flash the permanent attributes. 150 * And if them were written, there must have a flag to indicate. 151 * 152 * @param flag We can call this function to write the flag '1' 153 * to indicate the permanent attributes has been 154 * written. 155 * 156 * @return 0 if the command succeeded, -1 if it failed 157 */ 158 int rk_avb_write_perm_attr_flag(uint8_t flag); 159 160 /** 161 * The android things require the soc-v key hash to be flashed 162 * using the fastboot. So the function can be used in fastboot 163 * to flash the key hash. 164 * 165 * @param buf The vboot key hash data. 166 * 167 * @param length The length of key hash. 168 * 169 * @return 0 if the command succeeded, -1 if it failed 170 */ 171 int rk_avb_read_vbootkey_hash(uint8_t *buf, uint8_t length); 172 173 /** 174 * The android things require the soc-v key hash to be flashed 175 * using the fastboot. So the function can be used in fastboot 176 * to flash the key hash. 177 * 178 * @param buf The vboot key hash data. 179 * 180 * @param length The length of key hash. 181 * 182 * @return 0 if the command succeeded, -1 if it failed 183 */ 184 int rk_avb_write_vbootkey_hash(uint8_t *buf, uint8_t length); 185 186 /** 187 * U-boot close the optee client when start kernel 188 * to prevent the optee client being invoking by other 189 * program. 190 * 191 * @return 0 if the command succeeded, -1 if it failed 192 */ 193 int rk_avb_close_optee_client(void); 194 195 /** 196 * read the permanent attributes hash. 197 * 198 * @param buf The permanent attributes hash data. 199 * 200 * @param length The length of permanent attributes hash. 201 * 202 * @return 0 if the command succeeded, -1 if it failed 203 */ 204 int rk_avb_read_attribute_hash(uint8_t *buf, uint8_t length); 205 206 /** 207 * Write the permanent attributes hash. 208 * 209 * @param buf The permanent attributes hash data. 210 * 211 * @param length The length of permanent attributes hash. 212 * 213 * @return 0 if the command succeeded, -1 if it failed 214 */ 215 int rk_avb_write_attribute_hash(uint8_t *buf, uint8_t length); 216 217 /** 218 * Get the avb vboot state 219 * 220 * @param buf store the vboot state. 221 * 222 * @return 0 if the command succeeded, -1 if it failed 223 */ 224 void rk_avb_get_at_vboot_state(char *buf); 225 226 /** 227 * Get ab information from misc partition 228 * 229 * @param ab_data the struct of ab information 230 * 231 * @return 0 if the command succeeded, -1 if it failed 232 */ 233 int rk_avb_get_ab_info(AvbABData* ab_data); 234 235 /** 236 * Get the information whether the partition has slot 237 * 238 * @param the partition name 239 * 240 * @return 0 if the partition has slot, -1 if not 241 */ 242 int rk_avb_get_part_has_slot_info(const char *base_name); 243 244 AvbABFlowResult rk_avb_ab_slot_select(AvbABOps* ab_ops,char select_slot[]); 245 246 /** 247 * authenticated unlock 248 * 249 * @param buffer: AvbAtxUnlockCredential 250 * 251 * @param out_is_trusted: true or false 252 * 253 * @return 0 if authenticated unlock OK, -1 if not 254 */ 255 int rk_auth_unlock(void *buffer, char *out_is_trusted); 256 257 /** 258 * generate unlock challenge 259 * 260 * @param buffer: AvbAtxUnlockChallenge 261 * 262 * @param challenge_len: Challenge length 263 * 264 * @param out_is_trusted: true or false 265 * 266 * @return 0 if generate unlock challenge OK, -1 if not 267 */ 268 int rk_generate_unlock_challenge(void *buffer, uint32_t *challenge_len); 269 270 #ifdef __cplusplus 271 } 272 #endif 273 274 #endif /* RK_AVB_OPS_USER_H_ */ 275