Hi Alex,
I've replaced licence texts in source file headers to SPDX short identifiers (suggestion from Tom Rini). As far as I know that was the only one major change I introduced to libavb/libavb_ab. I also did remove crc32() implementation and used existing in U-boot because of licence ambiguity, frankly I wasn't sure if it was GPL-2.0 compatible ( https://android.googlesource.com/platform/external/avb/+/master/libavb/avb_c...).
Regarding libavb_ab, I guess I can exclude it for now, as there is no any functionality implemented for A/B slots support in this patch-set. And, btw, I've noticed the note in the latest README.md for AVB2.0 on googlesource "This code is DEPRECATED and you must define AVB_AB_I_UNDERSTAND_LIBAVB_AB_IS_DEPRECATED to use it. The code will be removed Jun 1 2018.". Does it mean that a/b stuff will be included in libavb instead of seperate libavb_av lib?
Thanks!
Regards, Igor
On 26 April 2018 at 19:35, Alex Deymo deymo+@google.com wrote:
Hi Kever, libavb and libavb_ab are different things, and we split them for a reason. Adding libavb is great, but you don't need to add libavb_ab as an A/B implementation. The boot_android command referenced by Igor doesn't use that as an A/B implementation, but uses the structs already defined in the Boot Control Block (BCB) and the android bootloader flow. I would recommend to include the libavb only.
Igor, What changes did you need to do to libavb to import it to U-Boot? The idea with libavb is that it should be easy to integrate into your bootloader without changes; and therefore easy to update and integrate new patches when we release new versions of libavb. We would like to avoid diverting from it to reduce the maintenance cost.
Best regards, Alex
Le jeu. 26 avr. 2018 à 05:05, Kever Yang kever.yang@rock-chips.com a écrit :
Hi Igor,
It's great to see the patch set to support AVB2.0, the upstreamlibavb(from aosp) combine the AVB with A/B which I think should be two separate feature, are you going to split them?
BTW, do you have plan to update boot_android cmd to support avb?the command is too weak for use now. And any plan to add opptee_client/smcc to talk to OPTEE/ATF?
Thanks,
- Kever
On 04/25/2018 09:17 PM, Igor Opaniuk wrote:
This series of patches introduces support of Android Verified Boot 2.0, which provides integrity checking of Android partitions on MMC.
It integrates libavb/libavb_ab into the U-boot, provides implementation of AvbOps, subset of `avb` commands to run verification chain (and for debugging purposes), and it enables AVB2.0 verification on AM57xx HS SoC by default.
Currently, there is still no support for verification of A/B boot slots and no rollback protection (for storing rollback indexes there are plans to use eMMC RPMB)
Libavb/libavb_ab will be deviated from AOSP upstream in the future, that's why minimal amount of changes were introduced into the lib sources, so checkpatch may fail.
For additional details check [1] AVB 2.0 README and doc/README.avb2, which is a part of this patchset.
[1] https://android.googlesource.com/platform/external/avb/+/master/README.md
Igor Opaniuk (8): avb2.0: add Android Verified Boot 2.0 libraries avb2.0: integrate avb 2.0 into the build system avb2.0: implement AVB ops cmd: avb2.0: avb command for performing verification avb2.0: add boot states and dm-verity support am57xx_hs: avb2.0: add support of AVB 2.0 test/py: avb2.0: add tests for avb commands doc: avb2.0: add README about AVB2.0 integration
cmd/Kconfig | 15 + cmd/Makefile | 3 + cmd/avb.c | 366 ++++++++ common/Makefile | 2 + common/avb_verify.c | 748 ++++++++++++++++ configs/am57xx_hs_evm_defconfig | 3 + doc/README.avb2 | 100 +++ include/avb/avb_ab_flow.h | 235 ++++++ include/avb/avb_ab_ops.h | 61 ++ include/avb/avb_chain_partition_descriptor.h | 54 ++ include/avb/avb_crypto.h | 147 ++++ include/avb/avb_descriptor.h | 113 +++ include/avb/avb_footer.h | 68 ++ include/avb/avb_hash_descriptor.h | 55 ++ include/avb/avb_hashtree_descriptor.h | 65 ++ include/avb/avb_kernel_cmdline_descriptor.h | 63 ++ include/avb/avb_ops.h | 196 +++++ include/avb/avb_property_descriptor.h | 89 ++ include/avb/avb_rsa.h | 55 ++ include/avb/avb_sha.h | 72 ++ include/avb/avb_slot_verify.h | 239 ++++++ include/avb/avb_sysdeps.h | 97 +++ include/avb/avb_util.h | 259 ++++++ include/avb/avb_vbmeta_image.h | 272 ++++++ include/avb/avb_version.h | 45 + include/avb/libavb.h | 32 + include/avb/libavb_ab.h | 22 + include/avb_verify.h | 97 +++ include/configs/am57xx_evm.h | 11 + include/environment/ti/boot.h | 15 + lib/Kconfig | 20 + lib/Makefile | 2 + lib/libavb/Makefile | 15 + lib/libavb/avb_chain_partition_descriptor.c | 46 + lib/libavb/avb_crypto.c | 355 ++++++++ lib/libavb/avb_descriptor.c | 142 ++++ lib/libavb/avb_footer.c | 36 + lib/libavb/avb_hash_descriptor.c | 43 + lib/libavb/avb_hashtree_descriptor.c | 51 ++ lib/libavb/avb_kernel_cmdline_descriptor.c | 40 + lib/libavb/avb_property_descriptor.c | 167 ++++ lib/libavb/avb_rsa.c | 277 ++++++ lib/libavb/avb_sha256.c | 364 ++++++++ lib/libavb/avb_sha512.c | 362 ++++++++ lib/libavb/avb_slot_verify.c | 1169 ++++++++++++++++++++++++++ lib/libavb/avb_sysdeps_posix.c | 57 ++ lib/libavb/avb_util.c | 385 +++++++++ lib/libavb/avb_vbmeta_image.c | 290 +++++++ lib/libavb/avb_version.c | 16 + lib/libavb_ab/Makefile | 9 + lib/libavb_ab/avb_ab_flow.c | 502 +++++++++++ test/py/tests/test_avb.py | 111 +++ 52 files changed, 8058 insertions(+) create mode 100644 cmd/avb.c create mode 100644 common/avb_verify.c create mode 100644 doc/README.avb2 create mode 100644 include/avb/avb_ab_flow.h create mode 100644 include/avb/avb_ab_ops.h create mode 100644 include/avb/avb_chain_partition_descriptor.h create mode 100644 include/avb/avb_crypto.h create mode 100644 include/avb/avb_descriptor.h create mode 100644 include/avb/avb_footer.h create mode 100644 include/avb/avb_hash_descriptor.h create mode 100644 include/avb/avb_hashtree_descriptor.h create mode 100644 include/avb/avb_kernel_cmdline_descriptor.h create mode 100644 include/avb/avb_ops.h create mode 100644 include/avb/avb_property_descriptor.h create mode 100644 include/avb/avb_rsa.h create mode 100644 include/avb/avb_sha.h create mode 100644 include/avb/avb_slot_verify.h create mode 100644 include/avb/avb_sysdeps.h create mode 100644 include/avb/avb_util.h create mode 100644 include/avb/avb_vbmeta_image.h create mode 100644 include/avb/avb_version.h create mode 100644 include/avb/libavb.h create mode 100644 include/avb/libavb_ab.h create mode 100644 include/avb_verify.h create mode 100644 lib/libavb/Makefile create mode 100644 lib/libavb/avb_chain_partition_descriptor.c create mode 100644 lib/libavb/avb_crypto.c create mode 100644 lib/libavb/avb_descriptor.c create mode 100644 lib/libavb/avb_footer.c create mode 100644 lib/libavb/avb_hash_descriptor.c create mode 100644 lib/libavb/avb_hashtree_descriptor.c create mode 100644 lib/libavb/avb_kernel_cmdline_descriptor.c create mode 100644 lib/libavb/avb_property_descriptor.c create mode 100644 lib/libavb/avb_rsa.c create mode 100644 lib/libavb/avb_sha256.c create mode 100644 lib/libavb/avb_sha512.c create mode 100644 lib/libavb/avb_slot_verify.c create mode 100644 lib/libavb/avb_sysdeps_posix.c create mode 100644 lib/libavb/avb_util.c create mode 100644 lib/libavb/avb_vbmeta_image.c create mode 100644 lib/libavb/avb_version.c create mode 100644 lib/libavb_ab/Makefile create mode 100644 lib/libavb_ab/avb_ab_flow.c create mode 100644 test/py/tests/test_avb.py
U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot