1 /* 2 * (C) Copyright 2017 Rockchip Electronics Co., Ltd 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #ifndef RK_AVB_OPS_USER_H_ 8 #define RK_AVB_OPS_USER_H_ 9 10 #ifdef __cplusplus 11 extern "C" { 12 #endif 13 14 /* rk used */ 15 #define PERM_ATTR_DIGEST_SIZE 32 16 #define PERM_ATTR_TOTAL_SIZE 1052 17 #define VBOOT_KEY_HASH_SIZE 32 18 #define ANDROID_VBOOT_LOCK 0 19 #define ANDROID_VBOOT_UNLOCK 1 20 #define SLOT_NUM 2 21 #define CURR_SYSTEM_SLOT_SUFFIX "ab" 22 #define VBMETA_MAX_SIZE 65536 23 #define ROLLBACK_MAX_SIZE 20 24 #define LOCK_MASK 0x1 25 #define UNLOCK_DISABLE_MASK 0x2 26 #define VBOOT_STATE_SIZE 1000 27 #define PERM_ATTR_SUCCESS_FLAG 1 28 /* soc-v use the rsa2048 */ 29 #define VBOOT_KEY_SIZE 256 30 #define RPMB_BASE_ADDR (64*1024/256) 31 #define UBOOT_RB_INDEX_OFFSET 24 32 #define TRUST_RB_INDEX_OFFSET 28 33 #define ROCHCHIP_RSA_PARAMETER_SIZE 64 34 35 struct rk_pub_key { 36 u_int32_t rsa_n[ROCHCHIP_RSA_PARAMETER_SIZE]; 37 u_int32_t rsa_e[ROCHCHIP_RSA_PARAMETER_SIZE]; 38 u_int32_t rsa_c[ROCHCHIP_RSA_PARAMETER_SIZE]; 39 }; 40 41 /** 42 * Provided to fastboot to read how many slot in this system. 43 * 44 * @param slot_count We use parameter slot_count to obtain 45 * how many slots in the system. 46 * 47 * @return 0 if the command succeeded, -1 if it failed 48 */ 49 int rk_avb_read_slot_count(char *slot_count); 50 51 /** 52 * The android things supply many slots, their name like '_a', '_b'. 53 * We can use this function to read current slot is '_a' or '_b'. 54 * 55 * @slot_suffixes read value '_a' or '_b'. 56 * 57 * @return 0 if the command succeeded, -1 if it failed 58 */ 59 int rk_avb_read_slot_suffixes(char *slot_suffixes); 60 61 /** 62 * Use this function to set which slot boot first. 63 * 64 * @param slot_number set '0' or '1' 65 * 66 * @return 0 if the command succeeded, -1 if it failed 67 */ 68 int rk_avb_set_slot_active(unsigned int *slot_number); 69 70 /** 71 * Get current slot: '_a' or '_b'. 72 * 73 * @param select_slot obtain current slot. 74 * 75 * @return 0 if the command succeeded, -1 if it failed 76 */ 77 int rk_avb_get_current_slot(char *select_slot); 78 79 /** 80 * Append current slot to given partition name 81 * 82 * @param part_name partition name 83 * @param slot given slot suffix, auto append current slot if NULL 84 * @param new_name partition name with slot suffix appended 85 * 86 * @return 0 if the command succeeded, -1 if it failed 87 */ 88 int rk_avb_append_part_slot(const char *part_name, char *new_name); 89 90 /** 91 * The android things defines permanent attributes to 92 * store PSK_public, product id. We can use this function 93 * to read them. 94 * 95 * @param attributes PSK_public, product id.... 96 * 97 * @param size The size of attributes. 98 * 99 * @return 0 if the command succeeded, -1 if it failed 100 */ 101 int rk_avb_read_permanent_attributes(uint8_t *attributes, uint32_t size); 102 103 /** 104 * The android things defines permanent attributes to 105 * store PSK_public, product id. We can use this function 106 * to write them. 107 * 108 * @param attributes PSK_public, product id.... 109 * 110 * @param size The size of attributes. 111 * 112 * @return 0 if the command succeeded, -1 if it failed 113 */ 114 int rk_avb_write_permanent_attributes(uint8_t *attributes, uint32_t size); 115 116 /** 117 * The funtion can be use to read the device state to judge 118 * whether the device can be flash. 119 * 120 * @param flash_lock_state A flag indicate the device flash state. 121 * 122 * @return 0 if the command succeeded, -1 if it failed 123 */ 124 int rk_avb_read_flash_lock_state(uint8_t *flash_lock_state); 125 126 /** 127 * The function is provided to write device flash state. 128 * 129 * @param flash_lock_state A flag indicate the device flash state. 130 * 131 * @return 0 if the command succeeded, -1 if it failed 132 */ 133 int rk_avb_write_flash_lock_state(uint8_t flash_lock_state); 134 135 /** 136 * The android things use the flag of lock state to indicate 137 * whether the device can be booted when verified error. 138 * 139 * @param lock_state A flag indicate the device lock state. 140 * 141 * @return 0 if the command succeeded, -1 if it failed 142 */ 143 int rk_avb_read_lock_state(uint8_t *lock_state); 144 145 /** 146 * The android things use the flag of lock state to indicate 147 * whether the device can be booted when verified error. 148 * 149 * @param lock_state A flag indicate the device lock state. 150 * 151 * @return 0 if the command succeeded, -1 if it failed 152 */ 153 int rk_avb_write_lock_state(uint8_t lock_state); 154 155 /** 156 * The android things uses fastboot to flash the permanent attributes. 157 * And if them were written, there must have a flag to indicate. 158 * 159 * @param flag indicate the permanent attributes have been written 160 * or not. 161 * 162 * @return 0 if the command succeeded, -1 if it failed 163 */ 164 int rk_avb_read_perm_attr_flag(uint8_t *flag); 165 166 /** 167 * The android things uses fastboot to flash the permanent attributes. 168 * And if them were written, there must have a flag to indicate. 169 * 170 * @param flag We can call this function to write the flag '1' 171 * to indicate the permanent attributes has been 172 * written. 173 * 174 * @return 0 if the command succeeded, -1 if it failed 175 */ 176 int rk_avb_write_perm_attr_flag(uint8_t flag); 177 178 /** 179 * The android things require the soc-v key hash to be flashed 180 * using the fastboot. So the function can be used in fastboot 181 * to flash the key hash. 182 * 183 * @param buf The vboot key hash data. 184 * 185 * @param length The length of key hash. 186 * 187 * @return 0 if the command succeeded, -1 if it failed 188 */ 189 int rk_avb_read_vbootkey_hash(uint8_t *buf, uint8_t length); 190 191 /** 192 * The android things require the soc-v key hash to be flashed 193 * using the fastboot. So the function can be used in fastboot 194 * to flash the key hash. 195 * 196 * @param buf The vboot key hash data. 197 * 198 * @param length The length of key hash. 199 * 200 * @return 0 if the command succeeded, -1 if it failed 201 */ 202 int rk_avb_write_vbootkey_hash(uint8_t *buf, uint8_t length); 203 204 /** 205 * U-boot close the optee client when start kernel 206 * to prevent the optee client being invoking by other 207 * program. 208 * 209 * @return 0 if the command succeeded, -1 if it failed 210 */ 211 int rk_avb_close_optee_client(void); 212 213 /** 214 * read the permanent attributes hash. 215 * 216 * @param buf The permanent attributes hash data. 217 * 218 * @param length The length of permanent attributes hash. 219 * 220 * @return 0 if the command succeeded, -1 if it failed 221 */ 222 int rk_avb_read_attribute_hash(uint8_t *buf, uint8_t length); 223 224 /** 225 * Write the permanent attributes hash. 226 * 227 * @param buf The permanent attributes hash data. 228 * 229 * @param length The length of permanent attributes hash. 230 * 231 * @return 0 if the command succeeded, -1 if it failed 232 */ 233 int rk_avb_write_attribute_hash(uint8_t *buf, uint8_t length); 234 235 /** 236 * Get the avb vboot state 237 * 238 * @param buf store the vboot state. 239 * 240 * @return 0 if the command succeeded, -1 if it failed 241 */ 242 void rk_avb_get_at_vboot_state(char *buf); 243 244 /** 245 * Get ab information from misc partition 246 * 247 * @param ab_data the struct of ab information 248 * 249 * @return 0 if the command succeeded, -1 if it failed 250 */ 251 int rk_avb_get_ab_info(AvbABData* ab_data); 252 253 /** 254 * Get the information whether the partition has slot 255 * 256 * @param the partition name 257 * 258 * @return 0 if the partition has slot, -1 if not 259 */ 260 int rk_avb_get_part_has_slot_info(const char *base_name); 261 262 AvbABFlowResult rk_avb_ab_slot_select(AvbABOps* ab_ops,char select_slot[]); 263 264 /** 265 * authenticated unlock 266 * 267 * @param buffer: AvbAtxUnlockCredential 268 * 269 * @param out_is_trusted: true or false 270 * 271 * @return 0 if authenticated unlock OK, -1 if not 272 */ 273 int rk_auth_unlock(void *buffer, char *out_is_trusted); 274 275 /** 276 * generate unlock challenge 277 * 278 * @param buffer: AvbAtxUnlockChallenge 279 * 280 * @param challenge_len: Challenge length 281 * 282 * @param out_is_trusted: true or false 283 * 284 * @return 0 if generate unlock challenge OK, -1 if not 285 */ 286 int rk_generate_unlock_challenge(void *buffer, uint32_t *challenge_len); 287 288 /** 289 * Get last boot slot 290 * 291 * @return 0 is slot A; 1 is slot B; -1 is error 292 */ 293 int rk_get_lastboot(void); 294 295 /** 296 * Get permanent attribute certificate 297 * 298 * @param cer: certificate data 299 * 300 * @param size: certificate size 301 */ 302 int rk_avb_get_perm_attr_cer(uint8_t *cer, uint32_t size); 303 304 /** 305 * Set permanent attribute certificate 306 * 307 * @param cer: certificate data 308 * 309 * @param size: certificate size 310 */ 311 int rk_avb_set_perm_attr_cer(uint8_t *cer, uint32_t size); 312 313 /** 314 * Get public key 315 * 316 * @param pub_key: public key data 317 */ 318 int rk_avb_get_pub_key(struct rk_pub_key *pub_key); 319 320 /** 321 * init ab metadata 322 */ 323 int rk_avb_init_ab_metadata(void); 324 325 #ifdef __cplusplus 326 } 327 #endif 328 329 #endif /* RK_AVB_OPS_USER_H_ */ 330