1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Permission is hereby granted, free of charge, to any person 5 * obtaining a copy of this software and associated documentation 6 * files (the "Software"), to deal in the Software without 7 * restriction, including without limitation the rights to use, copy, 8 * modify, merge, publish, distribute, sublicense, and/or sell copies 9 * of the Software, and to permit persons to whom the Software is 10 * furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be 13 * included in all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 25 #include <common.h> 26 #include <image.h> 27 #include <android_image.h> 28 #include <malloc.h> 29 #include <mapmem.h> 30 #include <errno.h> 31 #include <command.h> 32 #include <mmc.h> 33 #include <blk.h> 34 #include <part.h> 35 #include <stdio.h> 36 #include <android_avb/avb_ops_user.h> 37 #include <android_avb/libavb_ab.h> 38 #include <android_avb/avb_atx_validate.h> 39 #include <android_avb/avb_atx_types.h> 40 #include <optee_include/OpteeClientInterface.h> 41 #include <optee_include/tee_api_defines.h> 42 #include <android_avb/avb_vbmeta_image.h> 43 #include <android_avb/avb_atx_validate.h> 44 #include <boot_rkimg.h> 45 46 static void byte_to_block(int64_t *offset, 47 size_t *num_bytes, 48 lbaint_t *offset_blk, 49 lbaint_t *blkcnt) 50 { 51 *offset_blk = (lbaint_t)(*offset / 512); 52 if (*num_bytes % 512 == 0) { 53 if (*offset % 512 == 0) 54 *blkcnt = (lbaint_t)(*num_bytes / 512); 55 else 56 *blkcnt = (lbaint_t)(*num_bytes / 512) + 1; 57 } else { 58 if (*offset % 512 == 0) { 59 *blkcnt = (lbaint_t)(*num_bytes / 512) + 1; 60 } else { 61 if ((*offset % 512) + (*num_bytes % 512) < 512 || 62 (*offset % 512) + (*num_bytes % 512) == 512) { 63 *blkcnt = (lbaint_t)(*num_bytes / 512) + 1; 64 } else { 65 *blkcnt = (lbaint_t)(*num_bytes / 512) + 2; 66 } 67 } 68 } 69 } 70 71 static AvbIOResult get_size_of_partition(AvbOps *ops, 72 const char *partition, 73 uint64_t *out_size_in_bytes) 74 { 75 struct blk_desc *dev_desc; 76 disk_partition_t part_info; 77 78 dev_desc = rockchip_get_bootdev(); 79 if (!dev_desc) { 80 printf("%s: Could not find device\n", __func__); 81 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 82 } 83 84 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 85 printf("Could not find \"%s\" partition\n", partition); 86 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 87 } 88 *out_size_in_bytes = (part_info.size) * 512; 89 return AVB_IO_RESULT_OK; 90 } 91 92 static AvbIOResult read_from_partition(AvbOps *ops, 93 const char *partition, 94 int64_t offset, 95 size_t num_bytes, 96 void *buffer, 97 size_t *out_num_read) 98 { 99 struct blk_desc *dev_desc; 100 lbaint_t offset_blk, blkcnt; 101 disk_partition_t part_info; 102 uint64_t partition_size; 103 104 if (offset < 0) { 105 if (get_size_of_partition(ops, partition, &partition_size)) 106 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 107 108 if (-offset > partition_size) 109 return AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION; 110 111 offset = partition_size - (-offset); 112 } 113 114 byte_to_block(&offset, &num_bytes, &offset_blk, &blkcnt); 115 dev_desc = rockchip_get_bootdev(); 116 if (!dev_desc) { 117 printf("%s: Could not find device\n", __func__); 118 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 119 } 120 121 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 122 printf("Could not find \"%s\" partition\n", partition); 123 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 124 } 125 126 if ((offset % 512 == 0) && (num_bytes % 512 == 0)) { 127 blk_dread(dev_desc, part_info.start + offset_blk, 128 blkcnt, buffer); 129 *out_num_read = blkcnt * 512; 130 } else { 131 char *buffer_temp; 132 133 buffer_temp = malloc(512 * blkcnt); 134 if (!buffer_temp) { 135 printf("malloc error!\n"); 136 return AVB_IO_RESULT_ERROR_OOM; 137 } 138 blk_dread(dev_desc, part_info.start + offset_blk, 139 blkcnt, buffer_temp); 140 memcpy(buffer, buffer_temp + (offset % 512), num_bytes); 141 *out_num_read = num_bytes; 142 free(buffer_temp); 143 } 144 145 return AVB_IO_RESULT_OK; 146 } 147 148 static AvbIOResult write_to_partition(AvbOps *ops, 149 const char *partition, 150 int64_t offset, 151 size_t num_bytes, 152 const void *buffer) 153 { 154 struct blk_desc *dev_desc; 155 char *buffer_temp; 156 disk_partition_t part_info; 157 lbaint_t offset_blk, blkcnt; 158 159 byte_to_block(&offset, &num_bytes, &offset_blk, &blkcnt); 160 buffer_temp = malloc(512 * blkcnt); 161 if (!buffer_temp) { 162 printf("malloc error!\n"); 163 return AVB_IO_RESULT_ERROR_OOM; 164 } 165 memset(buffer_temp, 0, 512 * blkcnt); 166 dev_desc = rockchip_get_bootdev(); 167 if (!dev_desc) { 168 printf("%s: Could not find device\n", __func__); 169 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 170 } 171 172 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 173 printf("Could not find \"%s\" partition\n", partition); 174 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 175 } 176 177 if ((offset % 512 != 0) && (num_bytes % 512) != 0) 178 blk_dread(dev_desc, part_info.start + offset_blk, 179 blkcnt, buffer_temp); 180 181 memcpy(buffer_temp, buffer + (offset % 512), num_bytes); 182 blk_dwrite(dev_desc, part_info.start + offset_blk, blkcnt, buffer); 183 free(buffer_temp); 184 185 return AVB_IO_RESULT_OK; 186 } 187 188 static AvbIOResult 189 validate_vbmeta_public_key(AvbOps *ops, 190 const uint8_t *public_key_data, 191 size_t public_key_length, 192 const uint8_t *public_key_metadata, 193 size_t public_key_metadata_length, 194 bool *out_is_trusted) 195 { 196 /* remain AVB_VBMETA_PUBLIC_KEY_VALIDATE to compatible legacy code */ 197 #if defined(CONFIG_AVB_VBMETA_PUBLIC_KEY_VALIDATE) || \ 198 defined(AVB_VBMETA_PUBLIC_KEY_VALIDATE) 199 if (out_is_trusted) { 200 avb_atx_validate_vbmeta_public_key(ops, 201 public_key_data, 202 public_key_length, 203 public_key_metadata, 204 public_key_metadata_length, 205 out_is_trusted); 206 } 207 #else 208 if (out_is_trusted) 209 *out_is_trusted = true; 210 #endif 211 return AVB_IO_RESULT_OK; 212 } 213 214 static AvbIOResult read_rollback_index(AvbOps *ops, 215 size_t rollback_index_location, 216 uint64_t *out_rollback_index) 217 { 218 if (out_rollback_index) { 219 #ifdef CONFIG_OPTEE_CLIENT 220 int ret; 221 222 ret = trusty_read_rollback_index(rollback_index_location, 223 out_rollback_index); 224 switch (ret) { 225 case TEE_SUCCESS: 226 ret = AVB_IO_RESULT_OK; 227 break; 228 case TEE_ERROR_GENERIC: 229 case TEE_ERROR_NO_DATA: 230 case TEE_ERROR_ITEM_NOT_FOUND: 231 *out_rollback_index = 0; 232 ret = trusty_write_rollback_index(rollback_index_location, 233 *out_rollback_index); 234 if (ret) { 235 printf("%s: init rollback index error\n", 236 __FILE__); 237 ret = AVB_IO_RESULT_ERROR_IO; 238 } else { 239 ret = 240 trusty_read_rollback_index(rollback_index_location, 241 out_rollback_index); 242 if (ret) 243 ret = AVB_IO_RESULT_ERROR_IO; 244 else 245 ret = AVB_IO_RESULT_OK; 246 } 247 break; 248 default: 249 ret = AVB_IO_RESULT_ERROR_IO; 250 printf("%s: trusty_read_rollback_index failed", 251 __FILE__); 252 } 253 254 return ret; 255 #else 256 *out_rollback_index = 0; 257 258 return AVB_IO_RESULT_OK; 259 #endif 260 } 261 262 return AVB_IO_RESULT_ERROR_IO; 263 } 264 265 static AvbIOResult write_rollback_index(AvbOps *ops, 266 size_t rollback_index_location, 267 uint64_t rollback_index) 268 { 269 #ifdef CONFIG_OPTEE_CLIENT 270 if (trusty_write_rollback_index(rollback_index_location, 271 rollback_index)) { 272 printf("%s: Fail to write rollback index\n", __FILE__); 273 return AVB_IO_RESULT_ERROR_IO; 274 } 275 return AVB_IO_RESULT_OK; 276 #endif 277 return AVB_IO_RESULT_ERROR_IO; 278 } 279 280 static AvbIOResult read_is_device_unlocked(AvbOps *ops, bool *out_is_unlocked) 281 { 282 if (out_is_unlocked) { 283 #ifdef CONFIG_OPTEE_CLIENT 284 int ret; 285 286 ret = trusty_read_lock_state((uint8_t *)out_is_unlocked); 287 switch (ret) { 288 case TEE_SUCCESS: 289 ret = AVB_IO_RESULT_OK; 290 break; 291 case TEE_ERROR_GENERIC: 292 case TEE_ERROR_NO_DATA: 293 case TEE_ERROR_ITEM_NOT_FOUND: 294 *out_is_unlocked = 1; 295 if (trusty_write_lock_state(*out_is_unlocked)) { 296 printf("%s: init lock state error\n", __FILE__); 297 ret = AVB_IO_RESULT_ERROR_IO; 298 } else { 299 ret = 300 trusty_read_lock_state((uint8_t *)out_is_unlocked); 301 if (ret == 0) 302 ret = AVB_IO_RESULT_OK; 303 else 304 ret = AVB_IO_RESULT_ERROR_IO; 305 } 306 break; 307 default: 308 ret = AVB_IO_RESULT_ERROR_IO; 309 printf("%s: trusty_read_lock_state failed\n", __FILE__); 310 } 311 return ret; 312 #else 313 *out_is_unlocked = 1; 314 315 return AVB_IO_RESULT_OK; 316 #endif 317 } 318 return AVB_IO_RESULT_ERROR_IO; 319 } 320 321 static AvbIOResult write_is_device_unlocked(AvbOps *ops, bool *out_is_unlocked) 322 { 323 if (out_is_unlocked) { 324 #ifdef CONFIG_OPTEE_CLIENT 325 if (trusty_write_lock_state(*out_is_unlocked)) { 326 printf("%s: Fail to write lock state\n", __FILE__); 327 return AVB_IO_RESULT_ERROR_IO; 328 } 329 return AVB_IO_RESULT_OK; 330 #endif 331 } 332 return AVB_IO_RESULT_ERROR_IO; 333 } 334 335 static AvbIOResult get_unique_guid_for_partition(AvbOps *ops, 336 const char *partition, 337 char *guid_buf, 338 size_t guid_buf_size) 339 { 340 struct blk_desc *dev_desc; 341 disk_partition_t part_info; 342 343 dev_desc = rockchip_get_bootdev(); 344 if (!dev_desc) { 345 printf("%s: Could not find device\n", __func__); 346 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 347 } 348 349 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 350 printf("Could not find \"%s\" partition\n", partition); 351 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 352 } 353 if (guid_buf && guid_buf_size > 0) 354 memcpy(guid_buf, part_info.uuid, guid_buf_size); 355 356 return AVB_IO_RESULT_OK; 357 } 358 359 /* read permanent attributes from rpmb */ 360 AvbIOResult avb_read_perm_attr(AvbAtxOps *atx_ops, 361 AvbAtxPermanentAttributes *attributes) 362 { 363 if (attributes) { 364 #ifdef CONFIG_OPTEE_CLIENT 365 trusty_read_permanent_attributes((uint8_t *)attributes, 366 sizeof(struct AvbAtxPermanentAttributes)); 367 return AVB_IO_RESULT_OK; 368 #endif 369 } 370 371 return -1; 372 } 373 374 /*read permanent attributes hash from efuse */ 375 AvbIOResult avb_read_perm_attr_hash(AvbAtxOps *atx_ops, 376 uint8_t hash[AVB_SHA256_DIGEST_SIZE]) 377 { 378 #ifndef CONFIG_ROCKCHIP_PRELOADER_PUB_KEY 379 #ifdef CONFIG_OPTEE_CLIENT 380 if (trusty_read_attribute_hash((uint32_t *)hash, 381 AVB_SHA256_DIGEST_SIZE / 4)) 382 return -1; 383 #else 384 avb_error("Please open the macro!\n"); 385 return -1; 386 #endif 387 #endif 388 return AVB_IO_RESULT_OK; 389 } 390 391 static void avb_set_key_version(AvbAtxOps *atx_ops, 392 size_t rollback_index_location, 393 uint64_t key_version) 394 { 395 #ifdef CONFIG_OPTEE_CLIENT 396 uint64_t key_version_temp = 0; 397 398 if (trusty_read_rollback_index(rollback_index_location, &key_version_temp)) 399 printf("%s: Fail to read rollback index\n", __FILE__); 400 if (key_version_temp == key_version) 401 return; 402 if (trusty_write_rollback_index(rollback_index_location, key_version)) 403 printf("%s: Fail to write rollback index\n", __FILE__); 404 #endif 405 } 406 407 AvbIOResult rk_get_random(AvbAtxOps *atx_ops, 408 size_t num_bytes, 409 uint8_t *output) 410 { 411 int i; 412 unsigned int seed; 413 414 seed = (unsigned int)get_timer(0); 415 for (i = 0; i < num_bytes; i++) { 416 srand(seed); 417 output[i] = (uint8_t)(rand()); 418 seed = (unsigned int)(output[i]); 419 } 420 421 return 0; 422 } 423 424 #ifdef CONFIG_ANDROID_BOOT_IMAGE 425 static AvbIOResult get_preloaded_partition(AvbOps* ops, 426 const char* partition, 427 size_t num_bytes, 428 uint8_t** out_pointer, 429 size_t* out_num_bytes_preloaded, 430 int allow_verification_error) 431 { 432 struct blk_desc *dev_desc; 433 ulong load_addr; 434 int ret; 435 436 /* no need go further */ 437 if (!allow_verification_error) 438 return AVB_IO_RESULT_OK; 439 440 printf("get image from preloaded partition...\n"); 441 dev_desc = rockchip_get_bootdev(); 442 if (!dev_desc) 443 return AVB_SLOT_VERIFY_RESULT_ERROR_IO; 444 445 load_addr = env_get_ulong("kernel_addr_r", 16, 0); 446 if (!load_addr) 447 return AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT; 448 449 ret = android_image_load_by_partname(dev_desc, partition, &load_addr); 450 if (!ret) { 451 *out_pointer = (u8 *)load_addr; 452 *out_num_bytes_preloaded = num_bytes; /* return what it expects */ 453 ret = AVB_SLOT_VERIFY_RESULT_OK; 454 } else { 455 ret = AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 456 } 457 458 return ret; 459 } 460 #endif 461 462 AvbIOResult validate_public_key_for_partition(AvbOps *ops, 463 const char *partition, 464 const uint8_t *public_key_data, 465 size_t public_key_length, 466 const uint8_t *public_key_metadata, 467 size_t public_key_metadata_length, 468 bool *out_is_trusted, 469 uint32_t *out_rollback_index_location) 470 { 471 /* remain AVB_VBMETA_PUBLIC_KEY_VALIDATE to compatible legacy code */ 472 #if defined(CONFIG_AVB_VBMETA_PUBLIC_KEY_VALIDATE) || \ 473 defined(AVB_VBMETA_PUBLIC_KEY_VALIDATE) 474 if (out_is_trusted) { 475 avb_atx_validate_vbmeta_public_key(ops, 476 public_key_data, 477 public_key_length, 478 public_key_metadata, 479 public_key_metadata_length, 480 out_is_trusted); 481 } 482 #else 483 if (out_is_trusted) 484 *out_is_trusted = true; 485 #endif 486 *out_rollback_index_location = 0; 487 return AVB_IO_RESULT_OK; 488 } 489 490 AvbOps *avb_ops_user_new(void) 491 { 492 AvbOps *ops; 493 494 ops = calloc(1, sizeof(AvbOps)); 495 if (!ops) { 496 printf("Error allocating memory for AvbOps.\n"); 497 goto out; 498 } 499 ops->ab_ops = calloc(1, sizeof(AvbABOps)); 500 if (!ops->ab_ops) { 501 printf("Error allocating memory for AvbABOps.\n"); 502 free(ops); 503 goto out; 504 } 505 506 ops->atx_ops = calloc(1, sizeof(AvbAtxOps)); 507 if (!ops->atx_ops) { 508 printf("Error allocating memory for AvbAtxOps.\n"); 509 free(ops->ab_ops); 510 free(ops); 511 goto out; 512 } 513 ops->ab_ops->ops = ops; 514 ops->atx_ops->ops = ops; 515 516 ops->read_from_partition = read_from_partition; 517 ops->write_to_partition = write_to_partition; 518 ops->validate_vbmeta_public_key = validate_vbmeta_public_key; 519 ops->read_rollback_index = read_rollback_index; 520 ops->write_rollback_index = write_rollback_index; 521 ops->read_is_device_unlocked = read_is_device_unlocked; 522 ops->write_is_device_unlocked = write_is_device_unlocked; 523 ops->get_unique_guid_for_partition = get_unique_guid_for_partition; 524 ops->get_size_of_partition = get_size_of_partition; 525 #ifdef CONFIG_ANDROID_BOOT_IMAGE 526 ops->get_preloaded_partition = get_preloaded_partition; 527 #endif 528 ops->validate_public_key_for_partition = validate_public_key_for_partition; 529 ops->ab_ops->read_ab_metadata = avb_ab_data_read; 530 ops->ab_ops->write_ab_metadata = avb_ab_data_write; 531 ops->atx_ops->read_permanent_attributes = avb_read_perm_attr; 532 ops->atx_ops->read_permanent_attributes_hash = avb_read_perm_attr_hash; 533 ops->atx_ops->set_key_version = avb_set_key_version; 534 ops->atx_ops->get_random = rk_get_random; 535 536 out: 537 return ops; 538 } 539 540 void avb_ops_user_free(AvbOps *ops) 541 { 542 free(ops->ab_ops); 543 free(ops->atx_ops); 544 free(ops); 545 } 546