1.support the permanent attribute verify
2.support the PRK, PIK, PSK certificate verify
and then get the psk public_key, compare it with
public_key in vbmeta.
If the function is required, please open the macro
AVB_VBMETA_PUBLIC_KEY_VALIDATE.
Change-Id: Ifeab776c76f97fadd980671481ce27d203516673
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Load the boot image real size other than the
boot partition size. If not, the uboot can not
malloc a big buffer for the all boot partition.
Change-Id: Ifc8d7cc1f214b94f6018c68cb03e8e9ce89781de
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
The android things require the soc-v key hash to be flashed
using the fastboot. So these function can be used in fastboot
to flash the key hash.
Change-Id: I6e00f2e1e371793b6f0868356ac0a51090adfe5e
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Add a flag to indicate the permanent attributes
have been written or not.
Change-Id: Id0b22158772bdf18466205df5f08cb0ddb820fbf
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
change OpteeClientTest.c to OpteeClientInterface.c
Change-Id: I68b32a2a4757af655bd4eaa723067f024ff112ef
Signed-off-by: Hisping Lin <hisping.lin@rock-chips.com>
There is no need to malloc a space if offset
and num_bytes is multiple of 512 in function
read_from_partition.
The blk_dwrite in write_to_partition do not
return 1 if execute success. So do not need
to judge the return value.
Change-Id: Icd5681815640e86166d05ab3fc74f95d669621c7
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
In the avb process, the pub_key must be verified
by some permanent attributes.The permanent attributes
is written by fastboot. So the write_permanent_attributes
function is provided to write permanent attributes.
the read_permanent_attributes functions is provided to
verified the data.
Change-Id: Ib448c31062e34ce7f15fc32ab141793755bacf8a
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
In the avb_ops_user.c file, we use some
functions provided by tipc, so excute the
functions may depend on tipc. If the config
is not enable, it may compile fail.
Change-Id: I323f7e8d675407f2ec2f9f5358d1696b3b118880
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
The libavb_user provide some fuctions to get
a/b and avb information from misc or vbmeta
partitions, which can be use in libavb...
It also can use to enable or disable the verification
function by using avb_user_verity_set in the file
avb_user_verify.c.
Since we use fastboot to program our firmware,
some necessary function is provided to fastboot
to get useful information, like slot number, current
slot and so on.
Some functions in the avb_ops_user.c, like read_rollback_index,
depend on the OpteeClientTest.h.
Change-Id: I94f77db30d5c7896724b5da3d218041ebdc1f46a
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Android Things requires specific public key
metadata and verification logic to correctly
verify vbmeta public keys.
This commit provide fuction avb_atx_validate_vbmeta_public_key
to verify the vbmeta.
Change-Id: I227e93b342671b4395cbaa7dea2121cbf0d7234b
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
This commit is based on google avb, and it
can be getted by https://android.googlesource.com/platform/external/avb.
This new rk_libavb_ab depend on rk_libavb.
This commit provide some useful functions.
The function of avb_ab_flow can be use to
chose a/b system and flow.The other functions
can be used to debug.
Change-Id: I768272286898b36e9a64749ff30bc6ff0cb019a1
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
The avb lib is provided by google, and it must be
used in the android things to boot and verify
android system. It can be getted in
https://android.googlesource.com/platform/external/avb.
Then we can use the functions suported by avb to program
the a/b and avb code.
Change-Id: I09371fe53cd50233a69533cfa09d5ebca5b10871
Signed-off-by: Jason Zhu <jason.zhu@rock-chips.com>
Cody Xie
Jason Zhu
Hisping Lin