349 lines
8.7 KiB
C
349 lines
8.7 KiB
C
/*
|
|
* (C) Copyright 2017 Rockchip Electronics Co., Ltd
|
|
*
|
|
* SPDX-License-Identifier: GPL-2.0+
|
|
*/
|
|
|
|
#ifndef RK_AVB_OPS_USER_H_
|
|
#define RK_AVB_OPS_USER_H_
|
|
|
|
#include <android_avb/avb_ops_user.h>
|
|
#include <android_avb/libavb_ab.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/* rk used */
|
|
#define PERM_ATTR_DIGEST_SIZE 32
|
|
#define PERM_ATTR_TOTAL_SIZE 1052
|
|
#define VBOOT_KEY_HASH_SIZE 32
|
|
#define ANDROID_VBOOT_LOCK 0
|
|
#define ANDROID_VBOOT_UNLOCK 1
|
|
#define SLOT_NUM 2
|
|
#define CURR_SYSTEM_SLOT_SUFFIX "ab"
|
|
#define VBMETA_MAX_SIZE 65536
|
|
#define ROLLBACK_MAX_SIZE 20
|
|
#define LOCK_MASK (1 << 0)
|
|
#define UNLOCK_DISABLE_MASK (1 << 1)
|
|
#define VBOOT_STATE_SIZE 1000
|
|
#define PERM_ATTR_SUCCESS_FLAG 1
|
|
/* soc-v use the rsa2048 */
|
|
#define VBOOT_KEY_SIZE 256
|
|
#define RPMB_BASE_ADDR (64*1024/256)
|
|
#define UBOOT_RB_INDEX_OFFSET 24
|
|
#define TRUST_RB_INDEX_OFFSET 28
|
|
#define ROCHCHIP_RSA_PARAMETER_SIZE 64
|
|
|
|
struct rk_pub_key {
|
|
u_int32_t rsa_n[ROCHCHIP_RSA_PARAMETER_SIZE];
|
|
u_int32_t rsa_e[ROCHCHIP_RSA_PARAMETER_SIZE];
|
|
u_int32_t rsa_c[ROCHCHIP_RSA_PARAMETER_SIZE];
|
|
};
|
|
|
|
/**
|
|
* Provided to fastboot to read how many slot in this system.
|
|
*
|
|
* @param slot_count We use parameter slot_count to obtain
|
|
* how many slots in the system.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_read_slot_count(char *slot_count);
|
|
|
|
/**
|
|
* The android things supply many slots, their name like '_a', '_b'.
|
|
* We can use this function to read current slot is '_a' or '_b'.
|
|
*
|
|
* @slot_suffixes read value '_a' or '_b'.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_read_slot_suffixes(char *slot_suffixes);
|
|
|
|
/**
|
|
* Use this function to set which slot boot first.
|
|
*
|
|
* @param slot_number set '0' or '1'
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_set_slot_active(unsigned int *slot_number);
|
|
|
|
/**
|
|
* Get current slot: '_a' or '_b'.
|
|
*
|
|
* @param select_slot obtain current slot.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_get_current_slot(char *select_slot);
|
|
|
|
/**
|
|
* Append current slot to given partition name
|
|
*
|
|
* @param part_name partition name
|
|
* @param slot given slot suffix, auto append current slot if NULL
|
|
* @param new_name partition name with slot suffix appended
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_append_part_slot(const char *part_name, char *new_name);
|
|
|
|
/**
|
|
* The android things defines permanent attributes to
|
|
* store PSK_public, product id. We can use this function
|
|
* to read them.
|
|
*
|
|
* @param attributes PSK_public, product id....
|
|
*
|
|
* @param size The size of attributes.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_read_permanent_attributes(uint8_t *attributes, uint32_t size);
|
|
|
|
/**
|
|
* The android things defines permanent attributes to
|
|
* store PSK_public, product id. We can use this function
|
|
* to write them.
|
|
*
|
|
* @param attributes PSK_public, product id....
|
|
*
|
|
* @param size The size of attributes.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_write_permanent_attributes(uint8_t *attributes, uint32_t size);
|
|
|
|
/**
|
|
* The funtion can be use to read the device state to judge
|
|
* whether the device can be flash.
|
|
*
|
|
* @param flash_lock_state A flag indicate the device flash state.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_read_flash_lock_state(uint8_t *flash_lock_state);
|
|
|
|
/**
|
|
* The function is provided to write device flash state.
|
|
*
|
|
* @param flash_lock_state A flag indicate the device flash state.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_write_flash_lock_state(uint8_t flash_lock_state);
|
|
|
|
/**
|
|
* The android things use the flag of lock state to indicate
|
|
* whether the device can be booted when verified error.
|
|
*
|
|
* @param lock_state A flag indicate the device lock state.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_read_lock_state(uint8_t *lock_state);
|
|
|
|
/**
|
|
* The android things use the flag of lock state to indicate
|
|
* whether the device can be booted when verified error.
|
|
*
|
|
* @param lock_state A flag indicate the device lock state.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_write_lock_state(uint8_t lock_state);
|
|
|
|
/**
|
|
* The android things uses fastboot to flash the permanent attributes.
|
|
* And if them were written, there must have a flag to indicate.
|
|
*
|
|
* @param flag indicate the permanent attributes have been written
|
|
* or not.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_read_perm_attr_flag(uint8_t *flag);
|
|
|
|
/**
|
|
* The android things uses fastboot to flash the permanent attributes.
|
|
* And if them were written, there must have a flag to indicate.
|
|
*
|
|
* @param flag We can call this function to write the flag '1'
|
|
* to indicate the permanent attributes has been
|
|
* written.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_write_perm_attr_flag(uint8_t flag);
|
|
|
|
/**
|
|
* The android things require the soc-v key hash to be flashed
|
|
* using the fastboot. So the function can be used in fastboot
|
|
* to flash the key hash.
|
|
*
|
|
* @param buf The vboot key hash data.
|
|
*
|
|
* @param length The length of key hash.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_read_vbootkey_hash(uint8_t *buf, uint8_t length);
|
|
|
|
/**
|
|
* The android things require the soc-v key hash to be flashed
|
|
* using the fastboot. So the function can be used in fastboot
|
|
* to flash the key hash.
|
|
*
|
|
* @param buf The vboot key hash data.
|
|
*
|
|
* @param length The length of key hash.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_write_vbootkey_hash(uint8_t *buf, uint8_t length);
|
|
|
|
/**
|
|
* U-boot close the optee client when start kernel
|
|
* to prevent the optee client being invoking by other
|
|
* program.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_close_optee_client(void);
|
|
|
|
/**
|
|
* read the permanent attributes hash.
|
|
*
|
|
* @param buf The permanent attributes hash data.
|
|
*
|
|
* @param length The length of permanent attributes hash.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_read_attribute_hash(uint8_t *buf, uint8_t length);
|
|
|
|
/**
|
|
* Write the permanent attributes hash.
|
|
*
|
|
* @param buf The permanent attributes hash data.
|
|
*
|
|
* @param length The length of permanent attributes hash.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_write_attribute_hash(uint8_t *buf, uint8_t length);
|
|
|
|
/**
|
|
* Get the avb vboot state
|
|
*
|
|
* @param buf store the vboot state.
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
void rk_avb_get_at_vboot_state(char *buf);
|
|
|
|
/**
|
|
* Get ab information from misc partition
|
|
*
|
|
* @param ab_data the struct of ab information
|
|
*
|
|
* @return 0 if the command succeeded, -1 if it failed
|
|
*/
|
|
int rk_avb_get_ab_info(AvbABData* ab_data);
|
|
|
|
/**
|
|
* Get the information whether the partition has slot
|
|
*
|
|
* @param the partition name
|
|
*
|
|
* @return 0 if the partition has slot, -1 if not
|
|
*/
|
|
int rk_avb_get_part_has_slot_info(const char *base_name);
|
|
|
|
AvbABFlowResult rk_avb_ab_slot_select(AvbABOps* ab_ops,char select_slot[]);
|
|
|
|
/**
|
|
* authenticated unlock
|
|
*
|
|
* @param buffer: AvbAtxUnlockCredential
|
|
*
|
|
* @param out_is_trusted: true or false
|
|
*
|
|
* @return 0 if authenticated unlock OK, -1 if not
|
|
*/
|
|
int rk_auth_unlock(void *buffer, char *out_is_trusted);
|
|
|
|
/**
|
|
* generate unlock challenge
|
|
*
|
|
* @param buffer: AvbAtxUnlockChallenge
|
|
*
|
|
* @param challenge_len: Challenge length
|
|
*
|
|
* @param out_is_trusted: true or false
|
|
*
|
|
* @return 0 if generate unlock challenge OK, -1 if not
|
|
*/
|
|
int rk_generate_unlock_challenge(void *buffer, uint32_t *challenge_len);
|
|
|
|
/**
|
|
* Get last boot slot
|
|
*
|
|
* @return 0 is slot A; 1 is slot B; -1 is error
|
|
*/
|
|
int rk_get_lastboot(void);
|
|
|
|
/**
|
|
* Get permanent attribute certificate
|
|
*
|
|
* @param cer: certificate data
|
|
*
|
|
* @param size: certificate size
|
|
*/
|
|
int rk_avb_get_perm_attr_cer(uint8_t *cer, uint32_t size);
|
|
|
|
/**
|
|
* Set permanent attribute certificate
|
|
*
|
|
* @param cer: certificate data
|
|
*
|
|
* @param size: certificate size
|
|
*/
|
|
int rk_avb_set_perm_attr_cer(uint8_t *cer, uint32_t size);
|
|
|
|
/**
|
|
* Get public key
|
|
*
|
|
* @param pub_key: public key data
|
|
*/
|
|
int rk_avb_get_pub_key(struct rk_pub_key *pub_key);
|
|
|
|
/**
|
|
* init ab metadata
|
|
*/
|
|
int rk_avb_init_ab_metadata(void);
|
|
|
|
/**
|
|
* rockchip avb commands
|
|
*/
|
|
int rk_avb_write_perm_attr(uint16_t id, void *pbuf, uint16_t size);
|
|
int rk_avb_read_perm_attr(uint16_t id, void *pbuf, uint16_t size);
|
|
|
|
/**
|
|
* Do the device have boot slot
|
|
*/
|
|
bool rk_avb_ab_have_bootable_slot(void);
|
|
|
|
/**
|
|
* update rollback index
|
|
*/
|
|
int rk_avb_update_stored_rollback_indexes_for_slot(AvbOps* ops, AvbSlotVerifyData* slot_data);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* RK_AVB_OPS_USER_H_ */
|