Hi Kever, libavb and libavb_ab are different things, and we split them for a reason. Adding libavb is great, but you don't need to add libavb_ab as an A/B implementation. The boot_android command referenced by Igor doesn't use that as an A/B implementation, but uses the structs already defined in the Boot Control Block (BCB) and the android bootloader flow. I would recommend to include the libavb only.
Igor, What changes did you need to do to libavb to import it to U-Boot? The idea with libavb is that it should be easy to integrate into your bootloader without changes; and therefore easy to update and integrate new patches when we release new versions of libavb. We would like to avoid diverting from it to reduce the maintenance cost.
Best regards, Alex
Le jeu. 26 avr. 2018 à 05:05, Kever Yang kever.yang@rock-chips.com a écrit :
Hi Igor,
It's great to see the patch set to support AVB2.0, the upstreamlibavb(from aosp) combine the AVB with A/B which I think should be two separate feature, are you going to split them?
BTW, do you have plan to update boot_android cmd to support avb?the command is too weak for use now. And any plan to add opptee_client/smcc to talk to OPTEE/ATF?
Thanks,
- Kever
On 04/25/2018 09:17 PM, Igor Opaniuk wrote:
This series of patches introduces support of Android Verified Boot 2.0, which provides integrity checking of Android partitions on MMC.
It integrates libavb/libavb_ab into the U-boot, provides implementation
of
AvbOps, subset of `avb` commands to run verification chain (and for
debugging
purposes), and it enables AVB2.0 verification on AM57xx HS SoC by
default.
Currently, there is still no support for verification of A/B boot slots and no rollback protection (for storing rollback indexes there are plans to use eMMC RPMB)
Libavb/libavb_ab will be deviated from AOSP upstream in the future, that's why minimal amount of changes were introduced into the lib
sources,
so checkpatch may fail.
For additional details check [1] AVB 2.0 README and doc/README.avb2,
which
is a part of this patchset.
[1]
https://android.googlesource.com/platform/external/avb/+/master/README.md
Igor Opaniuk (8): avb2.0: add Android Verified Boot 2.0 libraries avb2.0: integrate avb 2.0 into the build system avb2.0: implement AVB ops cmd: avb2.0: avb command for performing verification avb2.0: add boot states and dm-verity support am57xx_hs: avb2.0: add support of AVB 2.0 test/py: avb2.0: add tests for avb commands doc: avb2.0: add README about AVB2.0 integration
cmd/Kconfig | 15 + cmd/Makefile | 3 + cmd/avb.c | 366 ++++++++ common/Makefile | 2 + common/avb_verify.c | 748 ++++++++++++++++ configs/am57xx_hs_evm_defconfig | 3 + doc/README.avb2 | 100 +++ include/avb/avb_ab_flow.h | 235 ++++++ include/avb/avb_ab_ops.h | 61 ++ include/avb/avb_chain_partition_descriptor.h | 54 ++ include/avb/avb_crypto.h | 147 ++++ include/avb/avb_descriptor.h | 113 +++ include/avb/avb_footer.h | 68 ++ include/avb/avb_hash_descriptor.h | 55 ++ include/avb/avb_hashtree_descriptor.h | 65 ++ include/avb/avb_kernel_cmdline_descriptor.h | 63 ++ include/avb/avb_ops.h | 196 +++++ include/avb/avb_property_descriptor.h | 89 ++ include/avb/avb_rsa.h | 55 ++ include/avb/avb_sha.h | 72 ++ include/avb/avb_slot_verify.h | 239 ++++++ include/avb/avb_sysdeps.h | 97 +++ include/avb/avb_util.h | 259 ++++++ include/avb/avb_vbmeta_image.h | 272 ++++++ include/avb/avb_version.h | 45 + include/avb/libavb.h | 32 + include/avb/libavb_ab.h | 22 + include/avb_verify.h | 97 +++ include/configs/am57xx_evm.h | 11 + include/environment/ti/boot.h | 15 + lib/Kconfig | 20 + lib/Makefile | 2 + lib/libavb/Makefile | 15 + lib/libavb/avb_chain_partition_descriptor.c | 46 + lib/libavb/avb_crypto.c | 355 ++++++++ lib/libavb/avb_descriptor.c | 142 ++++ lib/libavb/avb_footer.c | 36 + lib/libavb/avb_hash_descriptor.c | 43 + lib/libavb/avb_hashtree_descriptor.c | 51 ++ lib/libavb/avb_kernel_cmdline_descriptor.c | 40 + lib/libavb/avb_property_descriptor.c | 167 ++++ lib/libavb/avb_rsa.c | 277 ++++++ lib/libavb/avb_sha256.c | 364 ++++++++ lib/libavb/avb_sha512.c | 362 ++++++++ lib/libavb/avb_slot_verify.c | 1169
++++++++++++++++++++++++++
lib/libavb/avb_sysdeps_posix.c | 57 ++ lib/libavb/avb_util.c | 385 +++++++++ lib/libavb/avb_vbmeta_image.c | 290 +++++++ lib/libavb/avb_version.c | 16 + lib/libavb_ab/Makefile | 9 + lib/libavb_ab/avb_ab_flow.c | 502 +++++++++++ test/py/tests/test_avb.py | 111 +++ 52 files changed, 8058 insertions(+) create mode 100644 cmd/avb.c create mode 100644 common/avb_verify.c create mode 100644 doc/README.avb2 create mode 100644 include/avb/avb_ab_flow.h create mode 100644 include/avb/avb_ab_ops.h create mode 100644 include/avb/avb_chain_partition_descriptor.h create mode 100644 include/avb/avb_crypto.h create mode 100644 include/avb/avb_descriptor.h create mode 100644 include/avb/avb_footer.h create mode 100644 include/avb/avb_hash_descriptor.h create mode 100644 include/avb/avb_hashtree_descriptor.h create mode 100644 include/avb/avb_kernel_cmdline_descriptor.h create mode 100644 include/avb/avb_ops.h create mode 100644 include/avb/avb_property_descriptor.h create mode 100644 include/avb/avb_rsa.h create mode 100644 include/avb/avb_sha.h create mode 100644 include/avb/avb_slot_verify.h create mode 100644 include/avb/avb_sysdeps.h create mode 100644 include/avb/avb_util.h create mode 100644 include/avb/avb_vbmeta_image.h create mode 100644 include/avb/avb_version.h create mode 100644 include/avb/libavb.h create mode 100644 include/avb/libavb_ab.h create mode 100644 include/avb_verify.h create mode 100644 lib/libavb/Makefile create mode 100644 lib/libavb/avb_chain_partition_descriptor.c create mode 100644 lib/libavb/avb_crypto.c create mode 100644 lib/libavb/avb_descriptor.c create mode 100644 lib/libavb/avb_footer.c create mode 100644 lib/libavb/avb_hash_descriptor.c create mode 100644 lib/libavb/avb_hashtree_descriptor.c create mode 100644 lib/libavb/avb_kernel_cmdline_descriptor.c create mode 100644 lib/libavb/avb_property_descriptor.c create mode 100644 lib/libavb/avb_rsa.c create mode 100644 lib/libavb/avb_sha256.c create mode 100644 lib/libavb/avb_sha512.c create mode 100644 lib/libavb/avb_slot_verify.c create mode 100644 lib/libavb/avb_sysdeps_posix.c create mode 100644 lib/libavb/avb_util.c create mode 100644 lib/libavb/avb_vbmeta_image.c create mode 100644 lib/libavb/avb_version.c create mode 100644 lib/libavb_ab/Makefile create mode 100644 lib/libavb_ab/avb_ab_flow.c create mode 100644 test/py/tests/test_avb.py
U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot