Re: [PATCH v1 6/7] cmd: avb: rework do_avb_verify_part

Hi Igor,

Thank you for the patch.

On mar., févr. 06, 2024 at 23:31, Igor Opaniuk igor.opaniuk@foundries.io wrote:

From: Igor Opaniuk igor.opaniuk@gmail.com

Use existing str_avb_slot_error() function for obtaining verification fail reason details. Take into account device lock state for setting correct androidboot.verifiedbootstate kernel cmdline parameter.

Signed-off-by: Igor Opaniuk igor.opaniuk@gmail.com

Reviewed-by: Mattijs Korpershoek mkorpershoek@baylibre.com

Nitpick: the error handling migration could have been part of PATCH 5/7 but it's fine to keep as is.

---

cmd/avb.c | 50 +++++++++++++++++--------------------------------- 1 file changed, 17 insertions(+), 33 deletions(-)

diff --git a/cmd/avb.c b/cmd/avb.c index ae0012c0e79..e5fc202121f 100644 --- a/cmd/avb.c +++ b/cmd/avb.c @@ -239,6 +239,7 @@ int do_avb_verify_part(struct cmd_tbl *cmdtp, int flag, const char * const requested_partitions[] = {"boot", NULL}; AvbSlotVerifyResult slot_result; AvbSlotVerifyData *out_data;

• enum avb_boot_state boot_state; char *cmdline; char *extra_args; char *slot_suffix = "";

@@ -273,18 +274,23 @@ int do_avb_verify_part(struct cmd_tbl *cmdtp, int flag, AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, &out_data);

• switch (slot_result) {
• case AVB_SLOT_VERIFY_RESULT_OK:

• /* Until we don't have support of changing unlock states, we
  

•  * assume that we are by default in locked state.
  

•  * So in this case we can boot only when verification is
  

•  * successful; we also supply in cmdline GREEN boot state
  

•  */
  

• /*

• * LOCKED devices with custom root of trust setup is not supported (YELLOW)
  

• */
  

• if (slot_result == AVB_SLOT_VERIFY_RESULT_OK) { printf("Verification passed successfully\n");

• /* export additional bootargs to AVB_BOOTARGS env var */
  

• /*
  

•  * ORANGE state indicates that device may be freely modified.
  

•  * Device integrity is left to the user to verify out-of-band.
  

•  */
  

• if (unlocked)
  

• 	boot_state = AVB_ORANGE;
  

• else
  

• 	boot_state = AVB_GREEN;
  
  

• extra_args = avb_set_state(avb_ops, AVB_GREEN);
  

• /* export boot state to AVB_BOOTARGS env var */
  

• extra_args = avb_set_state(avb_ops, boot_state);
  

  if (extra_args) cmdline = append_cmd_line(out_data->cmdline, extra_args);

@@ -294,30 +300,8 @@ int do_avb_verify_part(struct cmd_tbl *cmdtp, int flag, env_set(AVB_BOOTARGS, cmdline);

res = CMD_RET_SUCCESS;

• break;
  

• case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION:

• printf("Verification failed\n");
  

• break;
  

• case AVB_SLOT_VERIFY_RESULT_ERROR_IO:

• printf("I/O error occurred during verification\n");
  

• break;
  

• case AVB_SLOT_VERIFY_RESULT_ERROR_OOM:

• printf("OOM error occurred during verification\n");
  

• break;
  

• case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA:

• printf("Corrupted dm-verity metadata detected\n");
  

• break;
  

• case AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION:

• printf("Unsupported version of avbtool was used\n");
  

• break;
  

• case AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX:

• printf("Rollback index check failed\n");
  

• break;
  

• case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED:

• printf("Public key was rejected\n");
  

• break;
  

• default:

• printf("Unknown error occurred\n");
  

• } else {

• printf("Verification failed, reason: %s\n", str_avb_slot_error(slot_result));
  

  }

  if (out_data)

-- 2.34.1