/* * (C) Copyright 2017 Rockchip Electronics Co., Ltd * * SPDX-License-Identifier: GPL-2.0+ */ #ifndef RK_AVB_OPS_USER_H_ #define RK_AVB_OPS_USER_H_ #include #include #ifdef __cplusplus extern "C" { #endif /* rk used */ #define PERM_ATTR_DIGEST_SIZE 32 #define PERM_ATTR_TOTAL_SIZE 1052 #define VBOOT_KEY_HASH_SIZE 32 #define ANDROID_VBOOT_LOCK 0 #define ANDROID_VBOOT_UNLOCK 1 #define SLOT_NUM 2 #define CURR_SYSTEM_SLOT_SUFFIX "ab" #define VBMETA_MAX_SIZE 65536 #define ROLLBACK_MAX_SIZE 20 #define LOCK_MASK (1 << 0) #define UNLOCK_DISABLE_MASK (1 << 1) #define VBOOT_STATE_SIZE 1000 #define PERM_ATTR_SUCCESS_FLAG 1 /* soc-v use the rsa2048 */ #define VBOOT_KEY_SIZE 256 #define RPMB_BASE_ADDR (64*1024/256) #define UBOOT_RB_INDEX_OFFSET 24 #define TRUST_RB_INDEX_OFFSET 28 #define ROCHCHIP_RSA_PARAMETER_SIZE 64 struct rk_pub_key { u_int32_t rsa_n[ROCHCHIP_RSA_PARAMETER_SIZE]; u_int32_t rsa_e[ROCHCHIP_RSA_PARAMETER_SIZE]; u_int32_t rsa_c[ROCHCHIP_RSA_PARAMETER_SIZE]; }; /** * Provided to fastboot to read how many slot in this system. * * @param slot_count We use parameter slot_count to obtain * how many slots in the system. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_read_slot_count(char *slot_count); /** * The android things supply many slots, their name like '_a', '_b'. * We can use this function to read current slot is '_a' or '_b'. * * @slot_suffixes read value '_a' or '_b'. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_read_slot_suffixes(char *slot_suffixes); /** * Use this function to set which slot boot first. * * @param slot_number set '0' or '1' * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_set_slot_active(unsigned int *slot_number); /** * Get current slot: '_a' or '_b'. * * @param select_slot obtain current slot. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_get_current_slot(char *select_slot); /** * Append current slot to given partition name * * @param part_name partition name * @param slot given slot suffix, auto append current slot if NULL * @param new_name partition name with slot suffix appended * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_append_part_slot(const char *part_name, char *new_name); /** * The android things defines permanent attributes to * store PSK_public, product id. We can use this function * to read them. * * @param attributes PSK_public, product id.... * * @param size The size of attributes. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_read_permanent_attributes(uint8_t *attributes, uint32_t size); /** * The android things defines permanent attributes to * store PSK_public, product id. We can use this function * to write them. * * @param attributes PSK_public, product id.... * * @param size The size of attributes. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_write_permanent_attributes(uint8_t *attributes, uint32_t size); /** * The funtion can be use to read the device state to judge * whether the device can be flash. * * @param flash_lock_state A flag indicate the device flash state. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_read_flash_lock_state(uint8_t *flash_lock_state); /** * The function is provided to write device flash state. * * @param flash_lock_state A flag indicate the device flash state. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_write_flash_lock_state(uint8_t flash_lock_state); /** * The android things use the flag of lock state to indicate * whether the device can be booted when verified error. * * @param lock_state A flag indicate the device lock state. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_read_lock_state(uint8_t *lock_state); /** * The android things use the flag of lock state to indicate * whether the device can be booted when verified error. * * @param lock_state A flag indicate the device lock state. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_write_lock_state(uint8_t lock_state); /** * The android things uses fastboot to flash the permanent attributes. * And if them were written, there must have a flag to indicate. * * @param flag indicate the permanent attributes have been written * or not. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_read_perm_attr_flag(uint8_t *flag); /** * The android things uses fastboot to flash the permanent attributes. * And if them were written, there must have a flag to indicate. * * @param flag We can call this function to write the flag '1' * to indicate the permanent attributes has been * written. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_write_perm_attr_flag(uint8_t flag); /** * The android things require the soc-v key hash to be flashed * using the fastboot. So the function can be used in fastboot * to flash the key hash. * * @param buf The vboot key hash data. * * @param length The length of key hash. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_read_vbootkey_hash(uint8_t *buf, uint8_t length); /** * The android things require the soc-v key hash to be flashed * using the fastboot. So the function can be used in fastboot * to flash the key hash. * * @param buf The vboot key hash data. * * @param length The length of key hash. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_write_vbootkey_hash(uint8_t *buf, uint8_t length); /** * U-boot close the optee client when start kernel * to prevent the optee client being invoking by other * program. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_close_optee_client(void); /** * read the permanent attributes hash. * * @param buf The permanent attributes hash data. * * @param length The length of permanent attributes hash. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_read_attribute_hash(uint8_t *buf, uint8_t length); /** * Write the permanent attributes hash. * * @param buf The permanent attributes hash data. * * @param length The length of permanent attributes hash. * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_write_attribute_hash(uint8_t *buf, uint8_t length); /** * Get the avb vboot state * * @param buf store the vboot state. * * @return 0 if the command succeeded, -1 if it failed */ void rk_avb_get_at_vboot_state(char *buf); /** * Get ab information from misc partition * * @param ab_data the struct of ab information * * @return 0 if the command succeeded, -1 if it failed */ int rk_avb_get_ab_info(AvbABData* ab_data); /** * Get the information whether the partition has slot * * @param the partition name * * @return 0 if the partition has slot, -1 if not */ int rk_avb_get_part_has_slot_info(const char *base_name); AvbABFlowResult rk_avb_ab_slot_select(AvbABOps* ab_ops,char select_slot[]); /** * authenticated unlock * * @param buffer: AvbAtxUnlockCredential * * @param out_is_trusted: true or false * * @return 0 if authenticated unlock OK, -1 if not */ int rk_auth_unlock(void *buffer, char *out_is_trusted); /** * generate unlock challenge * * @param buffer: AvbAtxUnlockChallenge * * @param challenge_len: Challenge length * * @param out_is_trusted: true or false * * @return 0 if generate unlock challenge OK, -1 if not */ int rk_generate_unlock_challenge(void *buffer, uint32_t *challenge_len); /** * Get last boot slot * * @return 0 is slot A; 1 is slot B; -1 is error */ int rk_get_lastboot(void); /** * Get permanent attribute certificate * * @param cer: certificate data * * @param size: certificate size */ int rk_avb_get_perm_attr_cer(uint8_t *cer, uint32_t size); /** * Set permanent attribute certificate * * @param cer: certificate data * * @param size: certificate size */ int rk_avb_set_perm_attr_cer(uint8_t *cer, uint32_t size); /** * Get public key * * @param pub_key: public key data */ int rk_avb_get_pub_key(struct rk_pub_key *pub_key); /** * init ab metadata */ int rk_avb_init_ab_metadata(void); /** * rockchip avb commands */ int rk_avb_write_perm_attr(uint16_t id, void *pbuf, uint16_t size); int rk_avb_read_perm_attr(uint16_t id, void *pbuf, uint16_t size); /** * Do the device have boot slot */ bool rk_avb_ab_have_bootable_slot(void); /** * update rollback index */ int rk_avb_update_stored_rollback_indexes_for_slot(AvbOps* ops, AvbSlotVerifyData* slot_data); #ifdef __cplusplus } #endif #endif /* RK_AVB_OPS_USER_H_ */