[U-Boot] [PATCH 0/2] avb 2.0: fix multiple compilation issues in sandbox

Igor Opaniuk

13 Jul 2018 13 Jul '18

6:03 p.m.

This series of two patches fixes compilation issues when AVB 2.0 is enabled for the 'sandbox' architecture:

1. Since libavb library alone is highly portable, it introduce dedicated Kconfig symbol for AVB compiler-dependent operations, so it's possible to build libavb separately. 2. Add CONFIG_FASTBOOT dependency, as fastboot buffer is re-used in partition verification operations. 3. Use blk_dread()/blk_dwrite() in mmc_read()/mmc_write() AVB operation implementations. This fixes compilation issues when CONFIG_BLK is enabled.

Igor Opaniuk (2): avb2.0: add proper dependencies avb2.0: use block API in AVB ops

cmd/Kconfig | 2 +- common/Kconfig | 7 +++++++ common/avb_verify.c | 9 +++++---- doc/README.avb2 | 1 + 4 files changed, 14 insertions(+), 5 deletions(-)

-- 2.7.4

Show replies by date

Igor Opaniuk

13 Jul 13 Jul

6:03 p.m.

New subject: [U-Boot] [PATCH 1/2] avb2.0: add proper dependencies

1. Since libavb library alone is highly portable, introduce dedicated Kconfig symbol for AVB compiler-dependent operations, so it's possible to build libavb separately. 2. Add CONFIG_FASTBOOT dependency, as fastboot buffer is re-used in partition verification operations.

Reported-by: Eugeniu Rosca rosca.eugeniu@gmail.com Signed-off-by: Igor Opaniuk igor.opaniuk@linaro.org --- cmd/Kconfig | 2 +- common/Kconfig | 7 +++++++ doc/README.avb2 | 1 + 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/cmd/Kconfig b/cmd/Kconfig index aec2090..b3e030c 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -1771,7 +1771,7 @@ config CMD_TRACE

config CMD_AVB bool "avb - Android Verified Boot 2.0 operations" - depends on LIBAVB + depends on AVB_VERIFY default n help Enables a "avb" command to perform verification of partitions using diff --git a/common/Kconfig b/common/Kconfig index 4c7a1a9..1d31f9b 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -631,6 +631,13 @@ config HASH and the algorithms it supports are defined in common/hash.c. See also CMD_HASH for command-line access.

+config AVB_VERIFY + bool "Build Android Verified Boot operations" + depends on LIBAVB && FASTBOOT + help + This option enables compilation of bootloader-dependent operations, + used by Android Verified Boot 2.0 library (libavb). + endmenu

menu "Update support" diff --git a/doc/README.avb2 b/doc/README.avb2 index 67784b5..120279f 100644 --- a/doc/README.avb2 +++ b/doc/README.avb2 @@ -58,6 +58,7 @@ Slot verification result: ERROR_IO ----------------------------------- The following options must be enabled: CONFIG_LIBAVB=y +CONFIG_AVB_VERIFY=y CONFIG_CMD_AVB=y

-- 2.7.4

Eugeniu Rosca

14 Jul 14 Jul

3:52 p.m.

New subject: [U-Boot] [PATCH 1/2] avb2.0: add proper dependencies

Hi Igor,

On Fri, Jul 13, 2018 at 07:03:26PM +0300, Igor Opaniuk wrote:

...

Since libavb library alone is highly portable, introduce dedicated

Kconfig symbol for AVB compiler-dependent operations, so it's possible

Commit description says "compiler-dependent" while AVB_VERIFY description says "bootloader-dependent". IMO none of the two terms provides a clear description of what is actually the role of avb_verify.c.

Looking into the code myself, I see three categories of functions: * Helpers to process strings in order to build OS bootargs. * Helpers to access MMC, similar to drivers/fastboot/fb_mmc.c. * Helpers to alloc/init/free avb ops.

Maybe it's subjective, but as a user of this component, I would like to see this stated in Kconfig/commit description.

...

to build libavb separately. 2. Add CONFIG_FASTBOOT dependency, as fastboot buffer is re-used in partition verification operations.

Reported-by: Eugeniu Rosca rosca.eugeniu@gmail.com Signed-off-by: Igor Opaniuk igor.opaniuk@linaro.org

cmd/Kconfig | 2 +- common/Kconfig | 7 +++++++ doc/README.avb2 | 1 + 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/cmd/Kconfig b/cmd/Kconfig index aec2090..b3e030c 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -1771,7 +1771,7 @@ config CMD_TRACE

config CMD_AVB bool "avb - Android Verified Boot 2.0 operations"

depends on LIBAVB

depends on AVB_VERIFY default n help Enables a "avb" command to perform verification of partitions using

diff --git a/common/Kconfig b/common/Kconfig index 4c7a1a9..1d31f9b 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -631,6 +631,13 @@ config HASH and the algorithms it supports are defined in common/hash.c. See also CMD_HASH for command-line access.

+config AVB_VERIFY
bool "Build Android Verified Boot operations"

depends on LIBAVB && FASTBOOT

help
 This option enables compilation of bootloader-dependent operations,
 used by Android Verified Boot 2.0 library (libavb).
endmenu

menu "Update support" diff --git a/doc/README.avb2 b/doc/README.avb2 index 67784b5..120279f 100644 --- a/doc/README.avb2 +++ b/doc/README.avb2 @@ -58,6 +58,7 @@ Slot verification result: ERROR_IO

The following options must be enabled: CONFIG_LIBAVB=y +CONFIG_AVB_VERIFY=y CONFIG_CMD_AVB=y

I think this patch misses:

diff --git a/common/Makefile b/common/Makefile index 66584f8f48be..7100541ece00 100644 --- a/common/Makefile +++ b/common/Makefile @@ -121,4 +121,4 @@ obj-$(CONFIG_$(SPL_)LOG_CONSOLE) += log_console.o obj-y += s_record.o obj-y += xyzModem.o

-obj-$(CONFIG_LIBAVB) += avb_verify.o +obj-$(CONFIG_AVB_VERIFY) += avb_verify.o

Because of that, I still see that the build system attempts/fails to compile common/avb_verify.c after just enabling CONFIG_LIBAVB.

The rest looks fine to me.

Thanks, Eugeniu.

Igor Opaniuk

13 Jul 13 Jul

6:03 p.m.

New subject: [U-Boot] [PATCH 2/2] avb2.0: use block API in AVB ops

Use blk_dread()/blk_dwrite() in mmc_read()/mmc_write() AVB operation implementations. This fixes compilation issues when CONFIG_BLK is enabled.

Signed-off-by: Igor Opaniuk igor.opaniuk@linaro.org --- common/avb_verify.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/common/avb_verify.c b/common/avb_verify.c index f9a00f8..20e35ad 100644 --- a/common/avb_verify.c +++ b/common/avb_verify.c @@ -5,6 +5,7 @@ */

#include <avb_verify.h> +#include <blk.h> #include <fastboot.h> #include <image.h> #include <malloc.h> @@ -288,8 +289,8 @@ static unsigned long mmc_read_and_flush(struct mmc_part *part, tmp_buf = buffer; }

- blks = part->mmc->block_dev.block_read(part->mmc_blk, - start, sectors, tmp_buf); + blks = blk_dread(part->mmc_blk, + start, sectors, tmp_buf); /* flush cache after read */ flush_cache((ulong)tmp_buf, sectors * part->info.blksz);

@@ -327,8 +328,8 @@ static unsigned long mmc_write(struct mmc_part *part, lbaint_t start, tmp_buf = buffer; }

- return part->mmc->block_dev.block_write(part->mmc_blk, - start, sectors, tmp_buf); + return blk_dwrite(part->mmc_blk, + start, sectors, tmp_buf); }

static struct mmc_part *get_partition(AvbOps *ops, const char *partition)

-- 2.7.4

2491

Age (days ago)

2492

Last active (days ago)

List overview

Download

3 comments

2 participants

tags (0)

participants (2)

Eugeniu Rosca
Igor Opaniuk