1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Permission is hereby granted, free of charge, to any person 5 * obtaining a copy of this software and associated documentation 6 * files (the "Software"), to deal in the Software without 7 * restriction, including without limitation the rights to use, copy, 8 * modify, merge, publish, distribute, sublicense, and/or sell copies 9 * of the Software, and to permit persons to whom the Software is 10 * furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be 13 * included in all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 25 #include <common.h> 26 #include <image.h> 27 #include <android_image.h> 28 #include <malloc.h> 29 #include <mapmem.h> 30 #include <errno.h> 31 #include <command.h> 32 #include <mmc.h> 33 #include <blk.h> 34 #include <part.h> 35 #include <android_avb/avb_ops_user.h> 36 #include <android_avb/libavb_ab.h> 37 #include <android_avb/avb_atx_validate.h> 38 #include <android_avb/avb_atx_types.h> 39 #include <optee_include/OpteeClientInterface.h> 40 #include <optee_include/tee_api_defines.h> 41 #include <android_avb/avb_vbmeta_image.h> 42 #include <android_avb/avb_atx_validate.h> 43 #include <boot_rkimg.h> 44 45 static void byte_to_block(int64_t *offset, 46 size_t *num_bytes, 47 lbaint_t *offset_blk, 48 lbaint_t *blkcnt) 49 { 50 *offset_blk = (lbaint_t)(*offset / 512); 51 if (*num_bytes % 512 == 0) { 52 if (*offset % 512 == 0) 53 *blkcnt = (lbaint_t)(*num_bytes / 512); 54 else 55 *blkcnt = (lbaint_t)(*num_bytes / 512) + 1; 56 } else { 57 if (*offset % 512 == 0) { 58 *blkcnt = (lbaint_t)(*num_bytes / 512) + 1; 59 } else { 60 if ((*offset % 512) + (*num_bytes % 512) < 512 || 61 (*offset % 512) + (*num_bytes % 512) == 512) { 62 *blkcnt = (lbaint_t)(*num_bytes / 512) + 1; 63 } else { 64 *blkcnt = (lbaint_t)(*num_bytes / 512) + 2; 65 } 66 } 67 } 68 } 69 70 static AvbIOResult read_from_partition(AvbOps *ops, 71 const char *partition, 72 int64_t offset, 73 size_t num_bytes, 74 void *buffer, 75 size_t *out_num_read) 76 { 77 struct blk_desc *dev_desc; 78 lbaint_t offset_blk, blkcnt; 79 disk_partition_t part_info; 80 81 byte_to_block(&offset, &num_bytes, &offset_blk, &blkcnt); 82 dev_desc = rockchip_get_bootdev(); 83 if (!dev_desc) { 84 printf("%s: Could not find device\n", __func__); 85 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 86 } 87 88 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 89 printf("Could not find \"%s\" partition\n", partition); 90 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 91 } 92 93 if ((offset % 512 == 0) && (num_bytes % 512 == 0)) { 94 blk_dread(dev_desc, part_info.start + offset_blk, 95 blkcnt, buffer); 96 *out_num_read = blkcnt * 512; 97 } else { 98 char *buffer_temp; 99 100 buffer_temp = malloc(512 * blkcnt); 101 if (!buffer_temp) { 102 printf("malloc error!\n"); 103 return AVB_IO_RESULT_ERROR_OOM; 104 } 105 blk_dread(dev_desc, part_info.start + offset_blk, 106 blkcnt, buffer_temp); 107 memcpy(buffer, buffer_temp + (offset % 512), num_bytes); 108 *out_num_read = num_bytes; 109 free(buffer_temp); 110 } 111 112 return AVB_IO_RESULT_OK; 113 } 114 115 static AvbIOResult write_to_partition(AvbOps *ops, 116 const char *partition, 117 int64_t offset, 118 size_t num_bytes, 119 const void *buffer) 120 { 121 struct blk_desc *dev_desc; 122 char *buffer_temp; 123 disk_partition_t part_info; 124 lbaint_t offset_blk, blkcnt; 125 126 byte_to_block(&offset, &num_bytes, &offset_blk, &blkcnt); 127 buffer_temp = malloc(512 * blkcnt); 128 if (!buffer_temp) { 129 printf("malloc error!\n"); 130 return AVB_IO_RESULT_ERROR_OOM; 131 } 132 memset(buffer_temp, 0, 512 * blkcnt); 133 dev_desc = rockchip_get_bootdev(); 134 if (!dev_desc) { 135 printf("%s: Could not find device\n", __func__); 136 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 137 } 138 139 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 140 printf("Could not find \"%s\" partition\n", partition); 141 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 142 } 143 144 if ((offset % 512 != 0) && (num_bytes % 512) != 0) 145 blk_dread(dev_desc, part_info.start + offset_blk, 146 blkcnt, buffer_temp); 147 148 memcpy(buffer_temp, buffer + (offset % 512), num_bytes); 149 blk_dwrite(dev_desc, part_info.start + offset_blk, blkcnt, buffer); 150 free(buffer_temp); 151 152 return AVB_IO_RESULT_OK; 153 } 154 155 static AvbIOResult 156 validate_vbmeta_public_key(AvbOps *ops, 157 const uint8_t *public_key_data, 158 size_t public_key_length, 159 const uint8_t *public_key_metadata, 160 size_t public_key_metadata_length, 161 bool *out_is_trusted) 162 { 163 /* remain AVB_VBMETA_PUBLIC_KEY_VALIDATE to compatible legacy code */ 164 #if defined(CONFIG_AVB_VBMETA_PUBLIC_KEY_VALIDATE) || \ 165 defined(AVB_VBMETA_PUBLIC_KEY_VALIDATE) 166 if (out_is_trusted) { 167 avb_atx_validate_vbmeta_public_key(ops, 168 public_key_data, 169 public_key_length, 170 public_key_metadata, 171 public_key_metadata_length, 172 out_is_trusted); 173 } 174 #else 175 if (out_is_trusted) 176 *out_is_trusted = true; 177 #endif 178 return AVB_IO_RESULT_OK; 179 } 180 181 static AvbIOResult read_rollback_index(AvbOps *ops, 182 size_t rollback_index_location, 183 uint64_t *out_rollback_index) 184 { 185 if (out_rollback_index) { 186 #ifdef CONFIG_OPTEE_CLIENT 187 int ret; 188 189 ret = trusty_read_rollback_index(rollback_index_location, 190 out_rollback_index); 191 switch (ret) { 192 case TEE_SUCCESS: 193 ret = AVB_IO_RESULT_OK; 194 break; 195 case TEE_ERROR_GENERIC: 196 case TEE_ERROR_NO_DATA: 197 case TEE_ERROR_ITEM_NOT_FOUND: 198 *out_rollback_index = 0; 199 ret = trusty_write_rollback_index(rollback_index_location, 200 *out_rollback_index); 201 if (ret) { 202 printf("%s: init rollback index error\n", 203 __FILE__); 204 ret = AVB_IO_RESULT_ERROR_IO; 205 } else { 206 ret = 207 trusty_read_rollback_index(rollback_index_location, 208 out_rollback_index); 209 if (ret) 210 ret = AVB_IO_RESULT_ERROR_IO; 211 else 212 ret = AVB_IO_RESULT_OK; 213 } 214 break; 215 default: 216 ret = AVB_IO_RESULT_ERROR_IO; 217 printf("%s: trusty_read_rollback_index failed", 218 __FILE__); 219 } 220 221 return ret; 222 #endif 223 } 224 return AVB_IO_RESULT_ERROR_IO; 225 } 226 227 static AvbIOResult write_rollback_index(AvbOps *ops, 228 size_t rollback_index_location, 229 uint64_t rollback_index) 230 { 231 #ifdef CONFIG_OPTEE_CLIENT 232 if (trusty_write_rollback_index(rollback_index_location, 233 rollback_index)) { 234 printf("%s: Fail to write rollback index\n", __FILE__); 235 return AVB_IO_RESULT_ERROR_IO; 236 } 237 return AVB_IO_RESULT_OK; 238 #endif 239 return AVB_IO_RESULT_ERROR_IO; 240 } 241 242 static AvbIOResult read_is_device_unlocked(AvbOps *ops, bool *out_is_unlocked) 243 { 244 if (out_is_unlocked) { 245 #ifdef CONFIG_OPTEE_CLIENT 246 int ret; 247 248 ret = trusty_read_lock_state((uint8_t *)out_is_unlocked); 249 switch (ret) { 250 case TEE_SUCCESS: 251 ret = AVB_IO_RESULT_OK; 252 break; 253 case TEE_ERROR_GENERIC: 254 case TEE_ERROR_NO_DATA: 255 case TEE_ERROR_ITEM_NOT_FOUND: 256 *out_is_unlocked = 1; 257 if (trusty_write_lock_state(*out_is_unlocked)) { 258 printf("%s: init lock state error\n", __FILE__); 259 ret = AVB_IO_RESULT_ERROR_IO; 260 } else { 261 ret = 262 trusty_read_lock_state((uint8_t *)out_is_unlocked); 263 if (ret == 0) 264 ret = AVB_IO_RESULT_OK; 265 else 266 ret = AVB_IO_RESULT_ERROR_IO; 267 } 268 break; 269 default: 270 ret = AVB_IO_RESULT_ERROR_IO; 271 printf("%s: trusty_read_lock_state failed\n", __FILE__); 272 } 273 return ret; 274 #endif 275 } 276 return AVB_IO_RESULT_ERROR_IO; 277 } 278 279 static AvbIOResult write_is_device_unlocked(AvbOps *ops, bool *out_is_unlocked) 280 { 281 if (out_is_unlocked) { 282 #ifdef CONFIG_OPTEE_CLIENT 283 if (trusty_write_lock_state(*out_is_unlocked)) { 284 printf("%s: Fail to write lock state\n", __FILE__); 285 return AVB_IO_RESULT_ERROR_IO; 286 } 287 return AVB_IO_RESULT_OK; 288 #endif 289 } 290 return AVB_IO_RESULT_ERROR_IO; 291 } 292 293 static AvbIOResult get_size_of_partition(AvbOps *ops, 294 const char *partition, 295 uint64_t *out_size_in_bytes) 296 { 297 struct blk_desc *dev_desc; 298 disk_partition_t part_info; 299 300 dev_desc = rockchip_get_bootdev(); 301 if (!dev_desc) { 302 printf("%s: Could not find device\n", __func__); 303 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 304 } 305 306 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 307 printf("Could not find \"%s\" partition\n", partition); 308 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 309 } 310 *out_size_in_bytes = (part_info.size) * 512; 311 return AVB_IO_RESULT_OK; 312 } 313 314 static AvbIOResult get_unique_guid_for_partition(AvbOps *ops, 315 const char *partition, 316 char *guid_buf, 317 size_t guid_buf_size) 318 { 319 struct blk_desc *dev_desc; 320 disk_partition_t part_info; 321 322 dev_desc = rockchip_get_bootdev(); 323 if (!dev_desc) { 324 printf("%s: Could not find device\n", __func__); 325 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 326 } 327 328 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 329 printf("Could not find \"%s\" partition\n", partition); 330 return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION; 331 } 332 if (guid_buf && guid_buf_size > 0) 333 memcpy(guid_buf, part_info.uuid, guid_buf_size); 334 335 return AVB_IO_RESULT_OK; 336 } 337 338 /* read permanent attributes from rpmb */ 339 AvbIOResult avb_read_perm_attr(AvbAtxOps *atx_ops, 340 AvbAtxPermanentAttributes *attributes) 341 { 342 if (attributes) { 343 #ifdef CONFIG_OPTEE_CLIENT 344 trusty_read_permanent_attributes((uint8_t *)attributes, 345 sizeof(struct AvbAtxPermanentAttributes)); 346 return AVB_IO_RESULT_OK; 347 #endif 348 } 349 350 return -1; 351 } 352 353 /*read permanent attributes hash from efuse */ 354 AvbIOResult avb_read_perm_attr_hash(AvbAtxOps *atx_ops, 355 uint8_t hash[AVB_SHA256_DIGEST_SIZE]) 356 { 357 #ifndef CONFIG_ROCKCHIP_PRELOADER_PUB_KEY 358 #ifdef CONFIG_OPTEE_CLIENT 359 if (trusty_read_attribute_hash((uint32_t *)hash, 360 AVB_SHA256_DIGEST_SIZE / 4)) 361 return -1; 362 #else 363 avb_error("Please open the macro!\n"); 364 return -1; 365 #endif 366 #endif 367 return AVB_IO_RESULT_OK; 368 } 369 370 static void avb_set_key_version(AvbAtxOps *atx_ops, 371 size_t rollback_index_location, 372 uint64_t key_version) 373 { 374 #ifdef CONFIG_OPTEE_CLIENT 375 uint64_t key_version_temp = 0; 376 377 if (trusty_read_rollback_index(rollback_index_location, &key_version_temp)) 378 printf("%s: Fail to read rollback index\n", __FILE__); 379 if (key_version_temp == key_version) 380 return; 381 if (trusty_write_rollback_index(rollback_index_location, key_version)) 382 printf("%s: Fail to write rollback index\n", __FILE__); 383 #endif 384 } 385 386 AvbIOResult rk_get_random(AvbAtxOps *atx_ops, 387 size_t num_bytes, 388 uint8_t *output) 389 { 390 int i; 391 unsigned int seed; 392 393 seed = (unsigned int)get_timer(0); 394 for (i = 0; i < num_bytes; i++) { 395 srand(seed); 396 output[i] = (uint8_t)(rand()); 397 seed = (unsigned int)(output[i]); 398 } 399 400 return 0; 401 } 402 403 #ifdef CONFIG_ANDROID_BOOT_IMAGE 404 static AvbIOResult get_preloaded_partition(AvbOps* ops, 405 const char* partition, 406 size_t num_bytes, 407 uint8_t** out_pointer, 408 size_t* out_num_bytes_preloaded, 409 int allow_verification_error) 410 { 411 struct blk_desc *dev_desc; 412 ulong load_addr; 413 int ret; 414 415 /* no need go further */ 416 if (!allow_verification_error) 417 return AVB_IO_RESULT_OK; 418 419 printf("get image from preloaded partition...\n"); 420 dev_desc = rockchip_get_bootdev(); 421 if (!dev_desc) 422 return AVB_SLOT_VERIFY_RESULT_ERROR_IO; 423 424 load_addr = env_get_ulong("kernel_addr_r", 16, 0); 425 if (!load_addr) 426 return AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT; 427 428 ret = android_image_load_by_partname(dev_desc, partition, &load_addr); 429 if (!ret) { 430 *out_pointer = (u8 *)load_addr; 431 *out_num_bytes_preloaded = num_bytes; /* return what it expects */ 432 ret = AVB_SLOT_VERIFY_RESULT_OK; 433 } else { 434 ret = AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 435 } 436 437 return ret; 438 } 439 #endif 440 441 AvbOps *avb_ops_user_new(void) 442 { 443 AvbOps *ops; 444 445 ops = calloc(1, sizeof(AvbOps)); 446 if (!ops) { 447 avb_error("Error allocating memory for AvbOps.\n"); 448 goto out; 449 } 450 ops->ab_ops = calloc(1, sizeof(AvbABOps)); 451 if (!ops->ab_ops) { 452 avb_error("Error allocating memory for AvbABOps.\n"); 453 free(ops); 454 goto out; 455 } 456 457 ops->atx_ops = calloc(1, sizeof(AvbAtxOps)); 458 if (!ops->atx_ops) { 459 avb_error("Error allocating memory for AvbAtxOps.\n"); 460 free(ops->ab_ops); 461 free(ops); 462 goto out; 463 } 464 ops->ab_ops->ops = ops; 465 ops->atx_ops->ops = ops; 466 467 ops->read_from_partition = read_from_partition; 468 ops->write_to_partition = write_to_partition; 469 ops->validate_vbmeta_public_key = validate_vbmeta_public_key; 470 ops->read_rollback_index = read_rollback_index; 471 ops->write_rollback_index = write_rollback_index; 472 ops->read_is_device_unlocked = read_is_device_unlocked; 473 ops->write_is_device_unlocked = write_is_device_unlocked; 474 ops->get_unique_guid_for_partition = get_unique_guid_for_partition; 475 ops->get_size_of_partition = get_size_of_partition; 476 #ifdef CONFIG_ANDROID_BOOT_IMAGE 477 ops->get_preloaded_partition = get_preloaded_partition; 478 #endif 479 ops->ab_ops->read_ab_metadata = avb_ab_data_read; 480 ops->ab_ops->write_ab_metadata = avb_ab_data_write; 481 ops->atx_ops->read_permanent_attributes = avb_read_perm_attr; 482 ops->atx_ops->read_permanent_attributes_hash = avb_read_perm_attr_hash; 483 ops->atx_ops->set_key_version = avb_set_key_version; 484 ops->atx_ops->get_random = rk_get_random; 485 486 out: 487 return ops; 488 } 489 490 void avb_ops_user_free(AvbOps *ops) 491 { 492 free(ops->ab_ops); 493 free(ops->atx_ops); 494 free(ops); 495 } 496