1 /* 2 * (C) Copyright 2017 Rockchip Electronics Co., Ltd 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #include <common.h> 8 #include <image.h> 9 #include <android_image.h> 10 #include <malloc.h> 11 #include <mapmem.h> 12 #include <errno.h> 13 #include <command.h> 14 #include <mmc.h> 15 #include <blk.h> 16 #include <part.h> 17 #include <android_avb/avb_ops_user.h> 18 #include <android_avb/libavb_ab.h> 19 #include <android_avb/avb_atx_validate.h> 20 #include <android_avb/avb_atx_types.h> 21 #include <optee_include/OpteeClientInterface.h> 22 #include <optee_include/tee_api_defines.h> 23 #include <android_avb/avb_vbmeta_image.h> 24 #include <android_avb/avb_atx_validate.h> 25 #include <android_avb/rk_avb_ops_user.h> 26 #include <boot_rkimg.h> 27 #include <u-boot/sha256.h> 28 #include <asm/arch/rk_atags.h> 29 30 /* rk used */ 31 int rk_avb_get_pub_key(struct rk_pub_key *pub_key) 32 { 33 struct tag *t = NULL; 34 35 t = atags_get_tag(ATAG_PUB_KEY); 36 if (!t) 37 return -1; 38 39 memcpy(pub_key, t->u.pub_key.data, sizeof(struct rk_pub_key)); 40 41 return 0; 42 } 43 44 int rk_avb_get_perm_attr_cer(uint8_t *cer, uint32_t size) 45 { 46 #ifdef CONFIG_OPTEE_CLIENT 47 if (trusty_read_permanent_attributes_cer((uint8_t *)cer, size)) { 48 printf("AVB: perm attr cer is not exist.\n"); 49 return -EIO; 50 } 51 52 return 0; 53 #else 54 return -1; 55 #endif 56 } 57 58 int rk_avb_set_perm_attr_cer(uint8_t *cer, uint32_t size) 59 { 60 #ifdef CONFIG_OPTEE_CLIENT 61 if (trusty_write_permanent_attributes_cer((uint8_t *)cer, size)) 62 return -EIO; 63 64 return 0; 65 #else 66 return -1; 67 #endif 68 } 69 70 int rk_avb_read_permanent_attributes(uint8_t *attributes, uint32_t size) 71 { 72 #ifdef CONFIG_OPTEE_CLIENT 73 if(trusty_read_permanent_attributes(attributes, size) != 0) { 74 printf("trusty_read_permanent_attributes failed!\n"); 75 return -1; 76 } 77 78 return 0; 79 #else 80 return -1; 81 #endif 82 } 83 84 int rk_avb_write_permanent_attributes(uint8_t *attributes, uint32_t size) 85 { 86 #ifdef CONFIG_OPTEE_CLIENT 87 if(trusty_write_permanent_attributes(attributes, size) != 0) { 88 printf("trusty_write_permanent_attributes failed!\n"); 89 return -1; 90 } 91 92 return 0; 93 #else 94 return -1; 95 #endif 96 } 97 98 int rk_avb_read_flash_lock_state(uint8_t *flash_lock_state) 99 { 100 #ifdef CONFIG_OPTEE_CLIENT 101 int ret; 102 103 ret = trusty_read_flash_lock_state(flash_lock_state); 104 switch (ret) { 105 case TEE_SUCCESS: 106 break; 107 case TEE_ERROR_GENERIC: 108 case TEE_ERROR_NO_DATA: 109 case TEE_ERROR_ITEM_NOT_FOUND: 110 *flash_lock_state = 1; 111 if (trusty_write_flash_lock_state(*flash_lock_state)) { 112 avb_error("trusty_write_flash_lock_state error!"); 113 ret = -1; 114 } else { 115 ret = trusty_read_flash_lock_state(flash_lock_state); 116 } 117 break; 118 default: 119 printf("%s: trusty_read_flash_lock_state failed\n", __FILE__); 120 } 121 122 return ret; 123 #else 124 *flash_lock_state = 1; 125 126 return 0; 127 #endif 128 } 129 130 int rk_avb_write_flash_lock_state(uint8_t flash_lock_state) 131 { 132 #ifdef CONFIG_OPTEE_CLIENT 133 if (trusty_write_flash_lock_state(flash_lock_state)) { 134 printf("trusty_write_flash_lock_state error!\n"); 135 return -1; 136 } 137 138 return 0; 139 #else 140 return -1; 141 #endif 142 } 143 144 int rk_avb_write_lock_state(uint8_t lock_state) 145 { 146 #ifdef CONFIG_OPTEE_CLIENT 147 if (trusty_write_lock_state(lock_state)) { 148 printf("trusty_write_lock_state error!\n"); 149 return -1; 150 } 151 152 return 0; 153 #else 154 return -1; 155 #endif 156 } 157 158 int rk_avb_read_lock_state(uint8_t *lock_state) 159 { 160 #ifdef CONFIG_OPTEE_CLIENT 161 int ret; 162 163 ret = trusty_read_lock_state(lock_state); 164 switch (ret) { 165 case TEE_SUCCESS: 166 break; 167 case TEE_ERROR_GENERIC: 168 case TEE_ERROR_NO_DATA: 169 case TEE_ERROR_ITEM_NOT_FOUND: 170 *lock_state = 1; 171 if (rk_avb_write_lock_state(*lock_state)) { 172 avb_error("avb_write_lock_state error!"); 173 ret = -1; 174 } else { 175 ret = trusty_read_lock_state(lock_state); 176 } 177 break; 178 default: 179 printf("%s: trusty_read_lock_state failed\n", __FILE__); 180 } 181 182 return ret; 183 #else 184 return -1; 185 #endif 186 } 187 188 int rk_avb_write_perm_attr_flag(uint8_t flag) 189 { 190 #ifdef CONFIG_OPTEE_CLIENT 191 if (trusty_write_permanent_attributes_flag(flag)) { 192 printf("trusty_write_permanent_attributes_flag error!\n"); 193 return -1; 194 } 195 196 return 0; 197 #else 198 return -1; 199 #endif 200 } 201 202 int rk_avb_read_perm_attr_flag(uint8_t *flag) 203 { 204 #ifdef CONFIG_OPTEE_CLIENT 205 int ret; 206 207 ret = trusty_read_permanent_attributes_flag(flag); 208 switch (ret) { 209 case TEE_SUCCESS: 210 break; 211 case TEE_ERROR_GENERIC: 212 case TEE_ERROR_NO_DATA: 213 case TEE_ERROR_ITEM_NOT_FOUND: 214 *flag = 0; 215 if (rk_avb_write_perm_attr_flag(*flag)) { 216 avb_error("avb_write_perm_attr_flag error!"); 217 ret = -1; 218 } else { 219 ret = trusty_read_permanent_attributes_flag(flag); 220 } 221 break; 222 default: 223 printf("%s: trusty_read_permanent_attributes_flag failed", 224 __FILE__); 225 } 226 227 return ret; 228 #else 229 return -1; 230 #endif 231 } 232 233 int rk_avb_read_vbootkey_hash(uint8_t *buf, uint8_t length) 234 { 235 #ifdef CONFIG_OPTEE_CLIENT 236 if (trusty_read_vbootkey_hash((uint32_t *)buf, 237 (uint32_t)length / sizeof(uint32_t))) { 238 printf("trusty_read_vbootkey_hash error!\n"); 239 return -1; 240 } 241 242 return 0; 243 #else 244 return -1; 245 #endif 246 } 247 248 int rk_avb_write_vbootkey_hash(uint8_t *buf, uint8_t length) 249 { 250 #ifdef CONFIG_OPTEE_CLIENT 251 if (trusty_write_vbootkey_hash((uint32_t *)buf, 252 (uint32_t)length / sizeof(uint32_t))) { 253 printf("trusty_write_vbootkey_hash error!\n"); 254 return -1; 255 } 256 257 return 0; 258 #else 259 return -1; 260 #endif 261 } 262 263 int rk_avb_close_optee_client(void) 264 { 265 #ifdef CONFIG_OPTEE_CLIENT 266 if(trusty_notify_optee_uboot_end()) { 267 printf("trusty_notify_optee_uboot_end error!\n"); 268 return -1; 269 } 270 271 return 0; 272 #else 273 return -1; 274 #endif 275 } 276 277 int rk_avb_read_attribute_hash(uint8_t *buf, uint8_t length) 278 { 279 #ifdef CONFIG_OPTEE_CLIENT 280 if (trusty_read_attribute_hash((uint32_t *)buf, 281 (uint32_t)(length/sizeof(uint32_t)))) { 282 printf("trusty_read_attribute_hash error!\n"); 283 return -1; 284 } 285 286 return 0; 287 #else 288 return -1; 289 #endif 290 } 291 292 int rk_avb_write_attribute_hash(uint8_t *buf, uint8_t length) 293 { 294 #ifdef CONFIG_OPTEE_CLIENT 295 if (trusty_write_attribute_hash((uint32_t *)buf, 296 (uint32_t)(length/sizeof(uint32_t)))) { 297 printf("trusty_write_attribute_hash error!\n"); 298 return -1; 299 } 300 301 return 0; 302 #else 303 return -1; 304 #endif 305 } 306 307 int rk_avb_read_all_rollback_index(char *buffer) 308 { 309 AvbOps* ops; 310 uint64_t stored_rollback_index = 0; 311 AvbIOResult io_ret; 312 char temp[ROLLBACK_MAX_SIZE] = {0}; 313 314 ops = avb_ops_user_new(); 315 if (ops == NULL) { 316 printf("avb_ops_user_new() failed!\n"); 317 return -1; 318 } 319 320 /* Actually the rollback_index_location 0 is used. */ 321 io_ret = ops->read_rollback_index(ops, 0, &stored_rollback_index); 322 if (io_ret != AVB_IO_RESULT_OK) 323 goto out; 324 snprintf(temp, sizeof(int) + 1, "%d", 0); 325 strncat(buffer, temp, ROLLBACK_MAX_SIZE); 326 strncat(buffer, ":", 1); 327 snprintf(temp, sizeof(uint64_t) + 1, "%lld", 328 stored_rollback_index); 329 strncat(buffer, temp, ROLLBACK_MAX_SIZE); 330 strncat(buffer, ",", 1); 331 332 io_ret = 333 ops->read_rollback_index(ops, 334 AVB_ATX_PIK_VERSION_LOCATION, 335 &stored_rollback_index); 336 if (io_ret != AVB_IO_RESULT_OK) { 337 avb_error("Failed to read PIK minimum version.\n"); 338 goto out; 339 } 340 /* PIK rollback index */ 341 snprintf(temp, sizeof(int) + 1, "%d", AVB_ATX_PIK_VERSION_LOCATION); 342 strncat(buffer, temp, ROLLBACK_MAX_SIZE); 343 strncat(buffer, ":", 1); 344 snprintf(temp, sizeof(uint64_t) + 1, "%lld", stored_rollback_index); 345 strncat(buffer, temp, ROLLBACK_MAX_SIZE); 346 strncat(buffer, ",", 1); 347 io_ret = ops->read_rollback_index(ops, 348 AVB_ATX_PSK_VERSION_LOCATION, 349 &stored_rollback_index); 350 if (io_ret != AVB_IO_RESULT_OK) { 351 avb_error("Failed to read PSK minimum version.\n"); 352 goto out; 353 } 354 /* PSK rollback index */ 355 snprintf(temp, sizeof(int) + 1, "%d", AVB_ATX_PSK_VERSION_LOCATION); 356 strncat(buffer, temp, ROLLBACK_MAX_SIZE); 357 strncat(buffer, ":", 1); 358 snprintf(temp, sizeof(uint64_t) + 1, "%lld", stored_rollback_index); 359 strncat(buffer, temp, ROLLBACK_MAX_SIZE); 360 debug("%s\n", buffer); 361 avb_ops_user_free(ops); 362 363 return 0; 364 out: 365 avb_ops_user_free(ops); 366 367 return -1; 368 } 369 370 int rk_avb_read_bootloader_locked_flag(uint8_t *flag) 371 { 372 #ifdef CONFIG_OPTEE_CLIENT 373 if (trusty_read_vbootkey_enable_flag(flag)) 374 return -1; 375 #endif 376 return 0; 377 } 378 379 #ifdef CONFIG_SUPPORT_EMMC_RPMB 380 static int curr_device = -1; 381 382 int rk_bootloader_rollback_index_read(uint32_t offset, uint32_t bytes, 383 void *rb_index) 384 { 385 386 struct mmc *mmc; 387 uint8_t rpmb_buf[256] = {0}; 388 uint32_t n; 389 char original_part; 390 391 if ((offset + bytes) > 256) 392 return -1; 393 394 if (curr_device < 0) { 395 if (get_mmc_num() > 0) 396 curr_device = 0; 397 else { 398 avb_error("No MMC device available"); 399 return -1; 400 } 401 } 402 403 mmc = find_mmc_device(curr_device); 404 /* Switch to the RPMB partition */ 405 #ifndef CONFIG_BLK 406 original_part = mmc->block_dev.hwpart; 407 #else 408 original_part = mmc_get_blk_desc(mmc)->hwpart; 409 #endif 410 if (blk_select_hwpart_devnum(IF_TYPE_MMC, curr_device, MMC_PART_RPMB) != 411 0) 412 return -1; 413 414 n = mmc_rpmb_read(mmc, rpmb_buf, RPMB_BASE_ADDR, 1, NULL); 415 if (n != 1) 416 return -1; 417 418 /* Return to original partition */ 419 if (blk_select_hwpart_devnum(IF_TYPE_MMC, curr_device, original_part) != 420 0) 421 return -1; 422 423 memcpy(rb_index, (void*)&rpmb_buf[offset], bytes); 424 425 return 0; 426 } 427 428 int rk_avb_get_bootloader_min_version(char *buffer) 429 { 430 uint32_t rb_index; 431 char temp[ROLLBACK_MAX_SIZE] = {0}; 432 433 if (rk_bootloader_rollback_index_read(UBOOT_RB_INDEX_OFFSET, 434 sizeof(uint32_t), &rb_index)) { 435 avb_error("Can not read uboot rollback index"); 436 return -1; 437 } 438 snprintf(temp, sizeof(int) + 1, "%d", 0); 439 strncat(buffer, temp, ROLLBACK_MAX_SIZE); 440 strncat(buffer, ":", 1); 441 snprintf(temp, sizeof(uint32_t) + 1, "%d", rb_index); 442 strncat(buffer, temp, ROLLBACK_MAX_SIZE); 443 strncat(buffer, ",", 1); 444 445 if (rk_bootloader_rollback_index_read(TRUST_RB_INDEX_OFFSET, 446 sizeof(uint32_t), &rb_index)) { 447 avb_error("Can not read trust rollback index"); 448 return -1; 449 } 450 451 snprintf(temp, sizeof(int) + 1, "%d", 1); 452 strncat(buffer, temp, ROLLBACK_MAX_SIZE); 453 strncat(buffer, ":", 1); 454 snprintf(temp, sizeof(uint32_t) + 1, "%d", rb_index); 455 strncat(buffer, temp, ROLLBACK_MAX_SIZE); 456 457 return 0; 458 } 459 #endif 460 461 void rk_avb_get_at_vboot_state(char *buf) 462 { 463 char temp_flag = 0; 464 char *lock_val = NULL; 465 char *unlock_dis_val = NULL; 466 char *perm_attr_flag = NULL; 467 char *bootloader_locked_flag = NULL; 468 char *rollback_indices; 469 char min_versions[ROLLBACK_MAX_SIZE + 1] = {0}; 470 int n; 471 472 if (rk_avb_read_perm_attr_flag((uint8_t *)&temp_flag)) { 473 avb_error("Can not read perm_attr_flag!"); 474 perm_attr_flag = ""; 475 } else { 476 perm_attr_flag = temp_flag ? "1" : "0"; 477 } 478 479 temp_flag = 0; 480 if (rk_avb_read_lock_state((uint8_t *)&temp_flag)) { 481 avb_error("Can not read lock state!"); 482 lock_val = ""; 483 unlock_dis_val = ""; 484 } else { 485 lock_val = (temp_flag & LOCK_MASK) ? "0" : "1"; 486 unlock_dis_val = (temp_flag & UNLOCK_DISABLE_MASK) ? "1" : "0"; 487 } 488 489 temp_flag = 0; 490 if (rk_avb_read_bootloader_locked_flag((uint8_t *)&temp_flag)) { 491 avb_error("Can not read bootloader locked flag!"); 492 bootloader_locked_flag = ""; 493 } else { 494 bootloader_locked_flag = temp_flag ? "1" : "0"; 495 } 496 497 rollback_indices = malloc(VBOOT_STATE_SIZE); 498 if (!rollback_indices) { 499 avb_error("No buff to malloc!"); 500 return; 501 } 502 503 memset(rollback_indices, 0, VBOOT_STATE_SIZE); 504 if (rk_avb_read_all_rollback_index(rollback_indices)) 505 avb_error("Can not read avb_min_ver!"); 506 #ifdef CONFIG_SUPPORT_EMMC_RPMB 507 /* bootloader-min-versions */ 508 if (rk_avb_get_bootloader_min_version(min_versions)) 509 avb_error("Call rk_avb_get_bootloader_min_version error!"); 510 #endif 511 n = snprintf(buf, VBOOT_STATE_SIZE - 1, 512 "avb-perm-attr-set=%s\n" 513 "avb-locked=%s\n" 514 "avb-unlock-disabled=%s\n" 515 "bootloader-locked=%s\n" 516 "avb-min-versions=%s\n" 517 "bootloader-min-versions=%s\n", 518 perm_attr_flag, 519 lock_val, 520 unlock_dis_val, 521 bootloader_locked_flag, 522 rollback_indices, 523 min_versions); 524 if (n >= VBOOT_STATE_SIZE) { 525 avb_error("The VBOOT_STATE buf is truncated\n"); 526 buf[VBOOT_STATE_SIZE - 1] = 0; 527 } 528 debug("The vboot state buf is %s\n", buf); 529 free(rollback_indices); 530 } 531 532 int rk_avb_get_ab_info(AvbABData* ab_data) 533 { 534 AvbOps* ops; 535 AvbIOResult io_ret = AVB_IO_RESULT_OK; 536 int ret = 0; 537 538 ops = avb_ops_user_new(); 539 if (ops == NULL) { 540 printf("%s: avb_ops_user_new() failed!\n", __FILE__); 541 return -1; 542 } 543 544 io_ret = ops->ab_ops->read_ab_metadata(ops->ab_ops, ab_data); 545 if (io_ret != AVB_IO_RESULT_OK) { 546 avb_error("I/O error while loading A/B metadata.\n"); 547 ret = -1; 548 } 549 550 avb_ops_user_free(ops); 551 552 return ret; 553 } 554 555 int rk_avb_get_part_has_slot_info(const char *base_name) 556 { 557 char *part_name; 558 int part_num; 559 size_t part_name_len; 560 disk_partition_t part_info; 561 struct blk_desc *dev_desc; 562 const char *slot_suffix = "_a"; 563 564 dev_desc = rockchip_get_bootdev(); 565 if (!dev_desc) { 566 printf("%s: Could not find device!\n", __func__); 567 return -1; 568 } 569 570 if (base_name == NULL) { 571 printf("The base_name is NULL!\n"); 572 return -1; 573 } 574 575 part_name_len = strlen(base_name) + 1; 576 part_name_len += strlen(slot_suffix); 577 part_name = malloc(part_name_len); 578 if (!part_name) { 579 printf("%s can not malloc a buffer!\n", __FILE__); 580 return -1; 581 } 582 583 memset(part_name, 0, part_name_len); 584 snprintf(part_name, part_name_len, "%s%s", base_name, slot_suffix); 585 part_num = part_get_info_by_name(dev_desc, part_name, &part_info); 586 if (part_num < 0) { 587 printf("Could not find partition \"%s\"\n", part_name); 588 part_num = -1; 589 } 590 591 free(part_name); 592 return part_num; 593 } 594 595 int rk_auth_unlock(void *buffer, char *out_is_trusted) 596 { 597 AvbOps* ops; 598 599 ops = avb_ops_user_new(); 600 if (ops == NULL) { 601 avb_error("avb_ops_user_new() failed!"); 602 return -1; 603 } 604 605 if (avb_atx_validate_unlock_credential(ops->atx_ops, 606 (AvbAtxUnlockCredential*)buffer, 607 (bool*)out_is_trusted)) { 608 avb_ops_user_free(ops); 609 return -1; 610 } 611 avb_ops_user_free(ops); 612 if (*out_is_trusted == true) 613 return 0; 614 else 615 return -1; 616 } 617 618 int rk_generate_unlock_challenge(void *buffer, uint32_t *challenge_len) 619 { 620 AvbOps* ops; 621 AvbIOResult result = AVB_IO_RESULT_OK; 622 623 ops = avb_ops_user_new(); 624 if (ops == NULL) { 625 avb_error("avb_ops_user_new() failed!"); 626 return -1; 627 } 628 629 result = avb_atx_generate_unlock_challenge(ops->atx_ops, 630 (AvbAtxUnlockChallenge *)buffer); 631 avb_ops_user_free(ops); 632 *challenge_len = sizeof(AvbAtxUnlockChallenge); 633 if (result == AVB_IO_RESULT_OK) 634 return 0; 635 else 636 return -1; 637 } 638 639 int rk_avb_init_ab_metadata(void) 640 { 641 AvbOps *ops; 642 AvbABData ab_data; 643 644 memset(&ab_data, 0, sizeof(AvbABData)); 645 debug("sizeof(AvbABData) = %d\n", (int)(size_t)sizeof(AvbABData)); 646 647 ops = avb_ops_user_new(); 648 if (ops == NULL) { 649 printf("avb_ops_user_new() failed!\n"); 650 return -1; 651 } 652 653 avb_ab_data_init(&ab_data); 654 if (ops->ab_ops->write_ab_metadata(ops->ab_ops, &ab_data) != 0) { 655 printf("do_avb_init_ab_metadata error!\n"); 656 avb_ops_user_free(ops); 657 return -1; 658 } 659 660 printf("Initialize ab data to misc partition success.\n"); 661 avb_ops_user_free(ops); 662 663 return 0; 664 } 665 666 #define AT_PERM_ATTR_FUSE 1 667 #define AT_PERM_ATTR_CER_FUSE 2 668 #define AT_LOCK_VBOOT 3 669 670 int rk_avb_write_perm_attr(u16 id, void *pbuf, u16 size) 671 { 672 uint8_t lock_state; 673 #ifndef CONFIG_ROCKCHIP_PRELOADER_PUB_KEY 674 sha256_context ctx; 675 uint8_t digest[SHA256_SUM_LEN] = {0}; 676 uint8_t digest_temp[SHA256_SUM_LEN] = {0}; 677 uint8_t perm_attr_temp[PERM_ATTR_TOTAL_SIZE] = {0}; 678 uint8_t flag = 0; 679 #endif 680 681 switch (id) { 682 case AT_PERM_ATTR_FUSE: 683 if (size != PERM_ATTR_TOTAL_SIZE) { 684 debug("%s Permanent attribute size is not equal!\n", __func__); 685 return -EINVAL; 686 } 687 688 #ifndef CONFIG_ROCKCHIP_PRELOADER_PUB_KEY 689 if (rk_avb_read_perm_attr_flag(&flag)) { 690 debug("%s rk_avb_read_perm_attr_flag error!\n", __func__); 691 return -EIO; 692 } 693 694 if (flag == PERM_ATTR_SUCCESS_FLAG) { 695 if (rk_avb_read_attribute_hash(digest_temp, 696 SHA256_SUM_LEN)) { 697 debug("%s The efuse IO can not be used!\n", __func__); 698 return -EIO; 699 } 700 701 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) { 702 if (rk_avb_read_permanent_attributes(perm_attr_temp, 703 PERM_ATTR_TOTAL_SIZE)) { 704 debug("%s rk_avb_write_permanent_attributes error!\n", __func__); 705 return -EIO; 706 } 707 708 sha256_starts(&ctx); 709 sha256_update(&ctx, 710 (const uint8_t *)perm_attr_temp, 711 PERM_ATTR_TOTAL_SIZE); 712 sha256_finish(&ctx, digest); 713 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) == 0) { 714 debug("%s The hash has been written!\n", __func__); 715 return 0; 716 } 717 } 718 719 if (rk_avb_write_perm_attr_flag(0)) { 720 debug("%s Perm attr flag write failure\n", __func__); 721 return -EIO; 722 } 723 } 724 #endif 725 if (rk_avb_write_permanent_attributes((uint8_t *) 726 pbuf, 727 size)) { 728 if (rk_avb_write_perm_attr_flag(0)) { 729 debug("%s Perm attr flag write failure\n", __func__); 730 return -EIO; 731 } 732 733 debug("%s Perm attr write failed\n", __func__); 734 return -EIO; 735 } 736 #ifndef CONFIG_ROCKCHIP_PRELOADER_PUB_KEY 737 memset(digest, 0, SHA256_SUM_LEN); 738 sha256_starts(&ctx); 739 sha256_update(&ctx, (const uint8_t *)pbuf, 740 PERM_ATTR_TOTAL_SIZE); 741 sha256_finish(&ctx, digest); 742 743 if (rk_avb_write_attribute_hash((uint8_t *)digest, 744 SHA256_SUM_LEN)) { 745 if (rk_avb_read_attribute_hash(digest_temp, 746 SHA256_SUM_LEN)) { 747 debug("%s The efuse IO can not be used!\n", __func__); 748 return -EIO; 749 } 750 751 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) { 752 if (rk_avb_write_perm_attr_flag(0)) { 753 debug("%s Perm attr flag write failure\n", __func__); 754 return -EIO; 755 } 756 debug("%s The hash has been written, but is different!\n", __func__); 757 return -EIO; 758 } 759 } 760 #endif 761 if (rk_avb_write_perm_attr_flag(PERM_ATTR_SUCCESS_FLAG)) { 762 debug("%s, Perm attr flag write failure\n", __func__); 763 return -EIO; 764 } 765 766 break; 767 case AT_PERM_ATTR_CER_FUSE: 768 if (size != 256) { 769 debug("%s Permanent attribute rsahash size is not equal!\n", 770 __func__); 771 return -EINVAL; 772 } 773 if (rk_avb_set_perm_attr_cer((uint8_t *)pbuf, size)) { 774 debug("%s FAILSet perm attr cer fail!\n", __func__); 775 return -EIO; 776 } 777 break; 778 case AT_LOCK_VBOOT: 779 lock_state = 0; 780 if (rk_avb_write_lock_state(lock_state)) { 781 debug("%s FAILwrite lock state failed\n", __func__); 782 return -EIO; 783 } else { 784 debug("%s OKAY\n", __func__); 785 } 786 break; 787 } 788 return 0; 789 } 790 791 int rk_avb_read_perm_attr(u16 id, void *pbuf, u16 size) 792 { 793 int ret = 0; 794 debug("%s %d\n", __func__, size); 795 796 switch (id) { 797 case AT_PERM_ATTR_FUSE: 798 size = PERM_ATTR_TOTAL_SIZE; 799 ret = rk_avb_read_permanent_attributes((uint8_t *)pbuf, PERM_ATTR_TOTAL_SIZE); 800 break; 801 case AT_PERM_ATTR_CER_FUSE: 802 size = PERM_ATTR_TOTAL_SIZE; 803 ret = rk_avb_get_perm_attr_cer((uint8_t *)pbuf, 256); 804 break; 805 case AT_LOCK_VBOOT: 806 break; 807 } 808 809 return ret; 810 } 811 812 int rk_avb_update_stored_rollback_indexes_for_slot(AvbOps* ops, AvbSlotVerifyData* slot_data) 813 { 814 uint64_t rollback_index = slot_data->rollback_indexes[0]; 815 uint64_t current_stored_rollback_index; 816 AvbIOResult io_ret; 817 818 if (rollback_index > 0) { 819 io_ret = ops->read_rollback_index(ops, 0, ¤t_stored_rollback_index); 820 if (io_ret != AVB_IO_RESULT_OK) 821 return -1; 822 823 if (rollback_index > current_stored_rollback_index) { 824 io_ret = ops->write_rollback_index(ops, 0, rollback_index); 825 if (io_ret != AVB_IO_RESULT_OK) 826 return -1; 827 } 828 } 829 830 return 0; 831 } 832