[U-Boot] [PATCH] cmd: avb: Support A/B slots
Add optional parameter to 'avb verify' sub-command, so that user is able to specify which slot to use, in case when user's partitions are slotted. If that parameter is omitted, the behavior of 'avb verify' will be the same as before, so user API is content.
Signed-off-by: Sam Protsenko semen.protsenko@linaro.org --- cmd/avb.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/cmd/avb.c b/cmd/avb.c index 3f6fd763a0..d1942d6605 100644 --- a/cmd/avb.c +++ b/cmd/avb.c @@ -235,6 +235,7 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, AvbSlotVerifyData *out_data; char *cmdline; char *extra_args; + char *slot_suffix = "";
bool unlocked = false; int res = CMD_RET_FAILURE; @@ -244,9 +245,12 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, return CMD_RET_FAILURE; }
- if (argc != 1) + if (argc < 1 || argc > 2) return CMD_RET_USAGE;
+ if (argc == 2) + slot_suffix = argv[1]; + printf("## Android Verified Boot 2.0 version %s\n", avb_version_string());
@@ -259,7 +263,7 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, slot_result = avb_slot_verify(avb_ops, requested_partitions, - "", + slot_suffix, unlocked, AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, &out_data); @@ -419,7 +423,7 @@ static cmd_tbl_t cmd_avb[] = { U_BOOT_CMD_MKENT(read_part, 5, 0, do_avb_read_part, "", ""), U_BOOT_CMD_MKENT(read_part_hex, 4, 0, do_avb_read_part_hex, "", ""), U_BOOT_CMD_MKENT(write_part, 5, 0, do_avb_write_part, "", ""), - U_BOOT_CMD_MKENT(verify, 1, 0, do_avb_verify_part, "", ""), + U_BOOT_CMD_MKENT(verify, 2, 0, do_avb_verify_part, "", ""), #ifdef CONFIG_OPTEE_TA_AVB U_BOOT_CMD_MKENT(read_pvalue, 3, 0, do_avb_read_pvalue, "", ""), U_BOOT_CMD_MKENT(write_pvalue, 3, 0, do_avb_write_pvalue, "", ""), @@ -462,6 +466,7 @@ U_BOOT_CMD( "avb read_pvalue <name> <bytes> - read a persistent value <name>\n" "avb write_pvalue <name> <value> - write a persistent value <name>\n" #endif - "avb verify - run verification process using hash data\n" + "avb verify [slot_suffix] - run verification process using hash data\n" " from vbmeta structure\n" + " [slot_suffix] - _a, _b, etc (if vbmeta partition is slotted)\n" );
Hi Sam,
On Fri, Aug 9, 2019 at 3:38 PM Sam Protsenko semen.protsenko@linaro.org wrote:
Add optional parameter to 'avb verify' sub-command, so that user is able to specify which slot to use, in case when user's partitions are slotted. If that parameter is omitted, the behavior of 'avb verify' will be the same as before, so user API is content.
Signed-off-by: Sam Protsenko semen.protsenko@linaro.org
cmd/avb.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/cmd/avb.c b/cmd/avb.c index 3f6fd763a0..d1942d6605 100644 --- a/cmd/avb.c +++ b/cmd/avb.c @@ -235,6 +235,7 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, AvbSlotVerifyData *out_data; char *cmdline; char *extra_args;
char *slot_suffix = ""; bool unlocked = false; int res = CMD_RET_FAILURE;@@ -244,9 +245,12 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, return CMD_RET_FAILURE; }
if (argc != 1)
if (argc < 1 || argc > 2) return CMD_RET_USAGE;if (argc == 2)slot_suffix = argv[1];printf("## Android Verified Boot 2.0 version %s\n", avb_version_string());@@ -259,7 +263,7 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, slot_result = avb_slot_verify(avb_ops, requested_partitions,
"",
slot_suffix, unlocked, AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, &out_data);@@ -419,7 +423,7 @@ static cmd_tbl_t cmd_avb[] = { U_BOOT_CMD_MKENT(read_part, 5, 0, do_avb_read_part, "", ""), U_BOOT_CMD_MKENT(read_part_hex, 4, 0, do_avb_read_part_hex, "", ""), U_BOOT_CMD_MKENT(write_part, 5, 0, do_avb_write_part, "", ""),
U_BOOT_CMD_MKENT(verify, 1, 0, do_avb_verify_part, "", ""),
U_BOOT_CMD_MKENT(verify, 2, 0, do_avb_verify_part, "", ""),#ifdef CONFIG_OPTEE_TA_AVB U_BOOT_CMD_MKENT(read_pvalue, 3, 0, do_avb_read_pvalue, "", ""), U_BOOT_CMD_MKENT(write_pvalue, 3, 0, do_avb_write_pvalue, "", ""), @@ -462,6 +466,7 @@ U_BOOT_CMD( "avb read_pvalue <name> <bytes> - read a persistent value <name>\n" "avb write_pvalue <name> <value> - write a persistent value <name>\n" #endif
"avb verify - run verification process using hash data\n"
"avb verify [slot_suffix] - run verification process using hash data\n" " from vbmeta structure\n"" [slot_suffix] - _a, _b, etc (if vbmeta partition is slotted)\n" );-- 2.20.1
Please don't forget to also adjust AVB documentation [1] (command usage/extend section "ENABLE ON YOUR BOARD", adding information about AVB+AB setups)
Apart from that, Reviewed-by: Igor Opaniuk igor.opaniuk@gmail.com
Thanks!
[1] doc/android/avb2.txt
Thanks, will send v2 soon.
On Wed, Oct 16, 2019 at 12:47 PM Igor Opaniuk igor.opaniuk@gmail.com wrote:
Hi Sam,
On Fri, Aug 9, 2019 at 3:38 PM Sam Protsenko semen.protsenko@linaro.org wrote:
Add optional parameter to 'avb verify' sub-command, so that user is able to specify which slot to use, in case when user's partitions are slotted. If that parameter is omitted, the behavior of 'avb verify' will be the same as before, so user API is content.
Signed-off-by: Sam Protsenko semen.protsenko@linaro.org
cmd/avb.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/cmd/avb.c b/cmd/avb.c index 3f6fd763a0..d1942d6605 100644 --- a/cmd/avb.c +++ b/cmd/avb.c @@ -235,6 +235,7 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, AvbSlotVerifyData *out_data; char *cmdline; char *extra_args;
char *slot_suffix = ""; bool unlocked = false; int res = CMD_RET_FAILURE;@@ -244,9 +245,12 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, return CMD_RET_FAILURE; }
if (argc != 1)
if (argc < 1 || argc > 2) return CMD_RET_USAGE;if (argc == 2)slot_suffix = argv[1];printf("## Android Verified Boot 2.0 version %s\n", avb_version_string());@@ -259,7 +263,7 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, slot_result = avb_slot_verify(avb_ops, requested_partitions,
"",
slot_suffix, unlocked, AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, &out_data);@@ -419,7 +423,7 @@ static cmd_tbl_t cmd_avb[] = { U_BOOT_CMD_MKENT(read_part, 5, 0, do_avb_read_part, "", ""), U_BOOT_CMD_MKENT(read_part_hex, 4, 0, do_avb_read_part_hex, "", ""), U_BOOT_CMD_MKENT(write_part, 5, 0, do_avb_write_part, "", ""),
U_BOOT_CMD_MKENT(verify, 1, 0, do_avb_verify_part, "", ""),
U_BOOT_CMD_MKENT(verify, 2, 0, do_avb_verify_part, "", ""),#ifdef CONFIG_OPTEE_TA_AVB U_BOOT_CMD_MKENT(read_pvalue, 3, 0, do_avb_read_pvalue, "", ""), U_BOOT_CMD_MKENT(write_pvalue, 3, 0, do_avb_write_pvalue, "", ""), @@ -462,6 +466,7 @@ U_BOOT_CMD( "avb read_pvalue <name> <bytes> - read a persistent value <name>\n" "avb write_pvalue <name> <value> - write a persistent value <name>\n" #endif
"avb verify - run verification process using hash data\n"
"avb verify [slot_suffix] - run verification process using hash data\n" " from vbmeta structure\n"" [slot_suffix] - _a, _b, etc (if vbmeta partition is slotted)\n" );-- 2.20.1
Please don't forget to also adjust AVB documentation [1] (command usage/extend section "ENABLE ON YOUR BOARD", adding information about AVB+AB setups)
Apart from that, Reviewed-by: Igor Opaniuk igor.opaniuk@gmail.com
Thanks!
[1] doc/android/avb2.txt
-- Best regards - Freundliche Grüsse - Meilleures salutations
Igor Opaniuk
mailto: igor.opaniuk@gmail.com skype: igor.opanyuk +380 (93) 836 40 67 http://ua.linkedin.com/in/iopaniuk
participants (2)
-
Igor Opaniuk -
Sam Protsenko