store the Omaha update channel
> + * if update_engine is compiled with Omaha support.
> + */
> +struct andr_bl_msg_ab {
> + struct andr_bl_msg message;
> + char slot_suffix[32];
> + char update_channel[128];
> +
> + /* Round up the entire struct to 4
stance 'dev' and store the
> active\n"
> + " slot in the 'slot_var_name' variable. This also updates
> the\n"
> + " Android slot metadata with a boot attempt, which can
> cause\n"
> + " successive calls to this function to return a different
> result\n"
> + " if the returned slot runs out of boot attempts.\n"
> + "- If 'part_name' is passed, preceded with a # instead of :,
> the\n"
> + " partition name whose label is 'part_name' will be looked up
> in\n"
> + " the partition table. This is commonly the \"misc\"
> partition.\n"
> +);
> --
> 2.7.4
>
With/without my minor comments addressed:
Reviewed-by: Igor Opaniuk
--
Regards,
Igor Opaniuk
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Reviewed-by: Igor Opaniuk
On Wed, 12 Dec 2018 at 19:12, Ruslan Trofymenko
wrote:
>
> Add a short documentation for A/B enablement and 'ab_select' command
> usage.
>
> Signed-off-by: Ruslan Trofymenko
> Reviewed-by: Alistair Strachan
> Reviewed-by: Sam P
Reviewed-by: Igor Opaniuk
On Wed, 12 Dec 2018 at 19:12, Ruslan Trofymenko
wrote:
>
> This sub-command serves for getting the partition index from
> partition name. Also it can be used to test the existence of specified
> partition.
>
> Signed-off-by: Ruslan Trofymenko
>
ok, np. will send in v3 patch
On Thu, 27 Dec 2018 at 17:12, Simon Glass wrote:
>
> Hi Igor,
>
> On Thu, 27 Dec 2018 at 07:50, Igor Opaniuk wrote:
> >
> > Hi Simon,
> >
> > Could you please point me to the update test you mean? (I assume it's
> >
Hi Simon,
Could you please point me to the update test you mean? (I assume it's
"test_avb.py"?)
Thanks
BR,
Igor
On Sat, 22 Dec 2018 at 22:52, Simon Glass wrote:
>
> Hi Igor,
>
> On Fri, 14 Dec 2018 at 10:45, Igor Opaniuk wrote:
> >
> > AVB v
Update: Patch for OP-TEE AVB trusted application (which introduces
implementation for persistent named values support on secure world
side) was successfully merged [1].
[1]: https://github.com/OP-TEE/optee_os/pull/2699
On Fri, 14 Dec 2018 at 19:45, Igor Opaniuk wrote:
>
> AVB versi
values.
Correspondent pull request in the OP-TEE OS project repo [2].
[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699
Signed-off-by: Igor Opaniuk
---
Changes in v2:
- fix output format for avb read_pvalue/write_pvalue
values.
Correspondent pull request in the OP-TEE OS project repo [2].
[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699
Signed-off-by: Igor Opaniuk
---
cmd/avb.c | 78
request in the OP-TEE OS project repo [2].
[1]: https://android.googlesource.com/platform/external/avb/+/android-9.0.0_r22
[2]: https://github.com/OP-TEE/optee_os/pull/2699
Signed-off-by: Igor Opaniuk
---
cmd/avb.c | 78 +
common/avb_verify.c
Hi Shawn,
Thanks, that fixes the problem!
Reviewed-by: Igor Opaniuk
Tested-by: Igor Opaniuk
On Wed, 12 Dec 2018 at 09:25, Shawn Guo wrote:
>
> Commit 4687919684e0 ("serial: Remove DM_FLAG_PRE_RELOC flag in various
> drivers") essentially drops flag DM_FLAG_PRE_RELOC from se
FIG_IS_ENABLED(OF_CONTROL)
> .flags = DM_FLAG_PRE_RELOC,
> +#endif
> };
>
> #ifdef CONFIG_DEBUG_UART_STM32
> diff --git a/drivers/serial/serial_xuartlite.c
> b/drivers/serial/serial_xuartlite.c
> index cead3c6..1be777b 100644
> --- a/drivers/serial/serial_xuartlite.c
> +++ b/drivers/serial/serial_xuartlite.c
> @@ -109,7 +109,6 @@ U_BOOT_DRIVER(serial_uartlite) = {
> .platdata_auto_alloc_size = sizeof(struct uartlite_platdata),
> .probe = uartlite_serial_probe,
> .ops= &uartlite_serial_ops,
> - .flags = DM_FLAG_PRE_RELOC,
> };
>
> #ifdef CONFIG_DEBUG_UART_UARTLITE
> diff --git a/drivers/serial/serial_zynq.c b/drivers/serial/serial_zynq.c
> index f689015..7e486a6 100644
> --- a/drivers/serial/serial_zynq.c
> +++ b/drivers/serial/serial_zynq.c
> @@ -210,7 +210,6 @@ U_BOOT_DRIVER(serial_zynq) = {
> .platdata_auto_alloc_size = sizeof(struct zynq_uart_platdata),
> .probe = zynq_serial_probe,
> .ops= &zynq_serial_ops,
> - .flags = DM_FLAG_PRE_RELOC,
> };
>
> #ifdef CONFIG_DEBUG_UART_ZYNQ
> --
> 2.7.4
>
> ___
> U-Boot mailing list
> U-Boot@lists.denx.de
> https://lists.denx.de/listinfo/u-boot
--
Regards,
Igor Opaniuk
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
/lib/libutee/tee_api_objects.c#L419
[2]:
https://globalplatform.org/wp-content/uploads/2018/06/GPD_TEE_Internal_Core_API_Specification_v1.1.2.50_PublicReview.pdf
Signed-off-by: Igor Opaniuk
---
drivers/tee/optee/supplicant.c | 4 ++--
include/tee.h | 1 +
2 files changed, 3
.h
>>>
>>> --
>>> 2.17.1
>>>
>>
>> I missed the Android Verified Boot stuff going in. I did see the v1
>> patch but not the v2.
>>
>> Was there discussion of coding style for lib/libavb?
>
> I d
Reviewed-by: Igor Opaniuk
On 16 August 2018 at 15:22, Igor Opaniuk wrote:
> Tested-by: Igor Opaniuk
>
> On 13 August 2018 at 18:53, Jens Wiklander wrote:
>> Adds configuration option OPTEE_TA_AVB and a header file describing the
>> interface to the AVB trusted applicati
Hi Eugeniu,
Makes sense, thanks for the explanation.
Reviewed-by: Igor Opaniuk
On 16 August 2018 at 21:25, Eugeniu Rosca wrote:
> Hi Igor,
>
> First, thanks for the reviews!
>
> On Thu, Aug 16, 2018 at 11:38:18AM +0300, Igor Opaniuk wrote:
>> Hi Eugeniu,
>>
>>
Tested-by: Igor Opaniuk
On 13 August 2018 at 18:53, Jens Wiklander wrote:
> Adds support in optee supplicant to route signed (MACed) RPMB frames
> from OP-TEE Secure OS to MMC and vice versa to manipulate the RPMB
> partition.
>
> Signed-off-by: Jens Wiklander
> ---
&g
Tested-by: Igor Opaniuk
On 13 August 2018 at 18:53, Jens Wiklander wrote:
> Adds configuration option OPTEE_TA_AVB and a header file describing the
> interface to the AVB trusted application provided by OP-TEE.
>
> Signed-off-by: Jens Wiklander
> ---
> MAINTAINERS
Tested-by: Igor Opaniuk
On 13 August 2018 at 18:53, Jens Wiklander wrote:
> Adds a OP-TEE driver.
>
> * Targets ARM and ARM64
> * Supports using any u-boot memory as shared memory
> * Probes OP-TEE version using SMCs
> * Uses OPTEE message protocol version 2 to communicate
Rollback index: 4
Otherwise:
Tested-by: Igor Opaniuk
On 14 August 2018 at 14:20, Igor Opaniuk wrote:
> Hi Jens,
>
> Could you please also add info about CONFIG_OPTEE_TA_AVB to the
> existing doc/README.avb2 and more description of
> how/where rollback indexes/device lock state are st
Tested this on Poplar:
Tested-by: Igor Opaniuk
On 13 August 2018 at 18:53, Jens Wiklander wrote:
> Adds a uclass to interface with a TEE (Trusted Execution Environment).
>
> A TEE driver is a driver that interfaces with a trusted OS running in
> some secure environment, for exampl
As I didn't have any available Hikey board, tested this on Poplar:
Tested-by: Igor Opaniuk
BTW, we've had it up for discussion already, but just to clarify and summarize:
As ID of eMMC is hardcoded in the OP-TEE OS core (CFG_RPMB_FS_DEV_ID),
we will probably have issues on some platfo
Reviewed-by: Igor Opaniuk
On 14 August 2018 at 03:43, Eugeniu Rosca wrote:
> Cppcheck (v1.85) reports w/o this patch:
>
> [common/avb_verify.c:351]: (error) Memory leak: part
> [common/avb_verify.c:356]: (error) Memory leak: part
> [common/avb_verify.c:361]: (error) Memory leak:
iewed-by: Igor Opaniuk
On 14 August 2018 at 03:43, Eugeniu Rosca wrote:
> Fix sparse complaint:
>
> common/avb_verify.c:14:21: warning: \
> symbol 'avb_root_pub' was not declared. Should it be static?
>
> Signed-off-by: Eugeniu Rosca
> ---
> common/avb_verify.
perations"
> depends on LIBAVB && FASTBOOT
> + depends on PARTITION_UUIDS
> help
> This option enables compilation of bootloader-dependent operations,
> used by Android Verified Boot 2.0 library (libavb). Includes:
> --
> 2.18.0
>
--
Regards,
Igor Opaniuk
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Reviewed-by: Igor Opaniuk
On 14 August 2018 at 03:43, Eugeniu Rosca wrote:
> Fix below compiler [1] warning:
>
> common/avb_verify.c: In function ‘avb_find_dm_args’:
> common/avb_verify.c:179:30: warning: left-hand operand of comma expression
> has no effect [-Wunused-value]
&g
Reviewed-by: Igor Opaniuk
On 14 August 2018 at 03:43, Eugeniu Rosca wrote:
> From: Ievgen Maliarenko
>
> Exit with AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT
> when hashtree_error_mode value passed to avb_append_options()
> is unknown (not from AvbHashtreeErrorMode enum)
Thanks for fixing this!
Reviewed-by: Igor Opaniuk
On 14 August 2018 at 03:43, Eugeniu Rosca wrote:
> Compiling U-Boot with ubsan/asan libraries and running it in sandbox
> may lead to below backtrace:
>
> => avb init 0
> => avb verify
> ## Android Verifie
Thanks for fixing this!
Reviewed-by: Igor Opaniuk
On 14 August 2018 at 03:43, Eugeniu Rosca wrote:
> Cppcheck (v1.85) reports w/o this patch:
>
> [common/avb_verify.c:738] -> [common/avb_verify.c:741]: (warning) \
> Either the condition 'ops' is redundant
Typo in the commit message "hexadeciaml number", otherwise:
Reviewed-by: Igor Opaniuk
On 13 August 2018 at 18:53, Jens Wiklander wrote:
> Prior to this patch was do_avb_write_rb() reading supplied rb_idx as a
> hexadecimal number while do_avb_read_rb() printed the read out rb_
B_CMD_READ_LOCK_STATE, 1,
> ¶m);
> + if (rc)
> + return rc;
> + *out_is_unlocked = !param.u.value.a;
> + return AVB_IO_RESULT_OK;
> +#endif
> }
>
> /**
> @@ -737,6 +862,11 @@ void avb_ops_free(AvbOps *ops)
>
>
Sam,
Could you please double-check this patch and confirm that your tag can
be still applied?
Thanks!
On 10 August 2018 at 17:06, Andrew F. Davis wrote:
> On 08/10/2018 08:59 AM, Igor Opaniuk wrote:
>> Implement get_size_of_partition() operation,
>> which is required by the
Implement get_size_of_partition() operation,
which is required by the latest upstream libavb [1].
[1] https://android.googlesource.com/platform/external/avb/+/android-p-preview-5
Signed-off-by: Igor Opaniuk
---
Changes for v3:
- reword commit message, added avblib repository link, that stick
Implement get_size_of_partition() operation,
which is required by the latest upstream libavb [1].
[1] https://android.googlesource.com/platform/external/avb/+/master/README.md
Signed-off-by: Igor Opaniuk
---
Changes for v2:
- changed the return code for the case when out_size_num_bytes is NULL
Use blk_dread()/blk_dwrite() in mmc_read()/mmc_write() AVB operation
implementations. This fixes compilation issues when CONFIG_BLK is
enabled.
Signed-off-by: Igor Opaniuk
---
common/avb_verify.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/common/avb_verify.c b
rs to access MMC, similar to drivers/fastboot/fb_mmc.c.
* Helpers to alloc/init/free avb ops.
2. Add CONFIG_FASTBOOT dependency, as fastboot buffer is
re-used in partition verification operations.
Reported-by: Eugeniu Rosca
Signed-off-by: Igor Opaniuk
---
cmd/Kconfig | 2 +-
common/Kconfig
t;avb2.0: add proper dependencies")
commit message (added more details).
- Extended description of AVB_VERIFY Kconfig symbol.
- Replaced CONFIG_LIBAVB to CONFIG_AVB_VERIFY in common/Makefile.
Igor Opaniuk (2):
avb2.0: add proper dependencies
avb2.0: use block API in AVB ops
cmd/Kconfig
Hi Andrew,
Sorry I missed your message.
On 9 July 2018 at 18:21, Andrew F. Davis wrote:
> On 07/09/2018 09:52 AM, Sam Protsenko wrote:
>> On Mon, Jul 9, 2018 at 3:15 PM, Igor Opaniuk wrote:
>>> Implement get_size_of_partition() operation,
>>> which is required by th
geniu Rosca
Signed-off-by: Igor Opaniuk
---
cmd/Kconfig | 2 +-
common/Kconfig | 7 +++
doc/README.avb2 | 1 +
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig
index aec2090..b3e030c 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -1771,7 +1771,7 @@ c
Use blk_dread()/blk_dwrite() in mmc_read()/mmc_write() AVB operation
implementations. This fixes compilation issues when CONFIG_BLK is
enabled.
Signed-off-by: Igor Opaniuk
---
common/avb_verify.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/common/avb_verify.c b
arately.
2. Add CONFIG_FASTBOOT dependency, as fastboot buffer is
re-used in partition verification operations.
3. Use blk_dread()/blk_dwrite() in mmc_read()/mmc_write() AVB operation
implementations. This fixes compilation issues when CONFIG_BLK is
enabled.
Igor Opaniuk (2):
avb2.0: add proper dependencie
Hi Eugeniu,
Makes sense, will re-send this patch soon with changes based on your
suggestions. Thanks
Regards,
Igor
On 12 July 2018 at 12:27, Eugeniu Rosca wrote:
> Hi Igor,
>
> Thanks for the fix. See my comments below.
>
> On Thu, Jul 12, 2018 at 10:34:24AM +0300, Igo
geniu Rosca
Signed-off-by: Igor Opaniuk
---
lib/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index a77bf1c..4780e7e 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -191,7 +191,7 @@ menu "Android Verified Boot"
config LIBAVB
CONFIG_FASTBOOT_BUF_SIZE)
The problem is that both CONFIG_FASTBOOT_BUF_ADDR and CONFIG_FASTBOOT_BUF_SIZE
are defined for most platforms, and this is how I missed this issue.
Will fix today and re-test,
Thanks
On 9 July 2018 at 18:33, Eugeniu Rosca wrote:
> On Mon, Jul 09, 2018 at 03:15:54PM +0300, Igor Opan
Implement get_size_of_partition() operation,
which is required by the latest upstream libavb [1].
[1] https://android.googlesource.com/platform/external/avb/+/master/README.md
Signed-off-by: Igor Opaniuk
---
common/avb_verify.c | 33 -
1 file changed, 32
Contains:
1. Overview of Android Verified Boot 2.0
2. Description of avb subset of commands
3. Examples of errors when boot/vendor/system/vbmeta partitions
are tampered
4. Examples of enabling AVB2.0 on your setup
Signed-off-by: Igor Opaniuk
---
doc/README.avb2 | 97
1. Run AVB 2.0 full verification chain, avb verify
2. Check if 'avb get_uuid' works, compare results with
'part list mmc 1' output
3. Test `avb read` commands, which reads N bytes from a partition
identified by a name
Signed-off-by: Igor Opaniuk
---
test/py/tes
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations
Signed-off-by: Igor Opaniuk
---
cmd/avb.c| 17 ++-
common/avb_verify.c | 137 +--
include/avb_verify.h | 19
1. Add vbmeta partition info to android partition layout for am57xx SoC
2. Add support of AVB 2.0 (including avb subset of commands) for am57xx HS
Signed-off-by: Igor Opaniuk
---
include/configs/am57xx_evm.h | 11 +++
include/environment/ti/boot.h | 15 +++
2 files changed
nt uuid of a partition
avb read_part - read data from partition
avb read_part_hex - read data from partition and output to stdout
avb write_part - write data to partition
avb verify - run full verification chain
Signed-off-by: Igor Opaniuk
---
cmd/Kconfig | 16 +++
cmd/Makefile | 3 +
Integrate libavb into the build system. Introduce CONFIG_LIBAVB
build option.
Signed-off-by: Igor Opaniuk
---
lib/Kconfig | 14 ++
lib/Makefile| 1 +
lib/libavb/Makefile | 15 +++
3 files changed, 30 insertions(+)
create mode 100644 lib/libavb/Makefile
unlocked
[1] https://android.googlesource.com/platform/external/avb/+/master/README.md
Signed-off-by: Igor Opaniuk
---
common/Makefile | 2 +
common/avb_verify.c | 610 +++
include/avb_verify.h | 79 +++
3 files changed, 691 insertions
pdated documentation
- Updated avb_slot_verify invocation, supplying with new AvbHashtreeErrorMode
param
- Fixed array boundary exceeded error when handling bootargs in
avb_find_dm_args
Igor Opaniuk (8):
avb2.0: add Android Verified Boot 2.0 library
avb2.0: integrate avb 2.0 into the build system
Hi Sam,
Thanks, will include this notice in the v2 patchset
Regards,
Igor
On 2 May 2018 at 22:12, Sam Protsenko wrote:
> On 25 April 2018 at 16:18, Igor Opaniuk wrote:
>> Contains:
>> 1. Overview of Android Verified Boot 2.0
>> 2. Description of avb subset of commands
>
ing style
Thanks
[1]
https://android.googlesource.com/platform/external/avb/+/master/README.md#system-dependencies
[2]
https://android.googlesource.com/platform/external/avb/+/master/libavb/avb_cmdline.c#71
On 15 May 2018 at 21:28, Simon Glass wrote:
> (Tom can you please comment on th
On 15 May 2018 at 19:26, Simon Glass wrote:
> Hi Igor,
>
> On 16 May 2018 at 01:44, Igor Opaniuk wrote:
>> Hi Simon,
>>
>> I've dug into DriverModel documentation and even created a PoC for
>> existing avb commands. The problem is that (maybe I missed out
lib/libavb/avb_chain_partition_descriptor.h"
> #include "../../lib/libavb/avb_crypto.h"
> #include "../../lib/libavb/avb_descriptor.h"
> #include "../../lib/libavb/avb_footer.h"
> #include "../../lib/libavb/avb_hash_descriptor.h"
> ---<-snip->---
>
> And with that, various consumers (mainly libavb_avb?) would do:
> #include
>
> As said, this would make integration of new libavb versions much easier.
> Would appreciate your thoughts.
>
> Best regards,
> Eugeniu.
--
Regards,
Igor Opaniuk
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
an be used within the same uclass in this case?
Could you please explain in detail.
Thanks
Hi Sam,
Thanks, will fix!
On 3 May 2018 at 05:31, Simon Glass wrote:
> Hi Igor,
>
> On 25 April 2018 at 07:18, Igor Opaniuk wrote:
>> Enable a "avb" command to execute Android
I think should be
>> two separate feature, are you going to split them?
>>
>> BTW, do you have plan to update boot_android cmd to support avb?
>> the command is too weak for use now.
>> And any plan to add opptee_client/smcc to talk to OPTEE/ATF?
>>
>&g
Best regards,
Igor
>
> Thanks,
> - Kever
> On 04/25/2018 09:17 PM, Igor Opaniuk wrote:
>> This series of patches introduces support of Android Verified Boot 2.0,
>> which provides integrity checking of Android partitions on MMC.
>>
>> It integrates libavb/l
1. Run AVB 2.0 full verification chain, avb verify
2. Check if 'avb get_uuid' works, compare results with
'part list mmc 1' output
3. Test `avb read` commands, which reads N bytes from a partition
identified by a name
Signed-off-by: Igor Opaniuk
---
test/py/tes
nt uuid of a partition
avb read_part - read data from partition
avb read_part_hex - read data from partition and output to stdout
avb write_part - write data to partition
avb verify - run full verification chain
Signed-off-by: Igor Opaniuk
---
cmd/Kconfig | 15 +++
cmd/Makefile | 3 +
Contains:
1. Overview of Android Verified Boot 2.0
2. Description of avb subset of commands
3. Examples of errors when boot/vendor/system/vbmeta partitions
are tampered
4. Examples of enabling AVB2.0 on your setup
Signed-off-by: Igor Opaniuk
---
doc/README.avb2 | 100
Integrate libavb/libavb_ab into the build system. Introduce CONFIG_LIBAVB
and CONFIG_LIBAVB_AVB options for enabling build.
Signed-off-by: Igor Opaniuk
---
lib/Kconfig| 20
lib/Makefile | 2 ++
lib/libavb/Makefile| 15 +++
lib
future,
that's why minimal amount of changes were introduced into the lib sources,
so checkpatch may fail.
For additional details check [1] AVB 2.0 README and doc/README.avb2, which
is a part of this patchset.
[1] https://android.googlesource.com/platform/external/avb/+/master/README.md
Igor Op
unlocked
[1] https://android.googlesource.com/platform/external/avb/+/master/README.md
Signed-off-by: Igor Opaniuk
---
common/Makefile | 2 +
common/avb_verify.c | 614 +++
include/avb_verify.h | 80 +++
3 files changed, 696 insertions
1. Add vbmeta partition info to android partition layout for am57xx SoC
2. Add support of AVB 2.0 (including avb subset of commands) for am57xx HS
Signed-off-by: Igor Opaniuk
---
configs/am57xx_hs_evm_defconfig | 3 +++
include/configs/am57xx_evm.h| 11 +++
include/environment/ti
1. Add initial support of boot states mode (red, green, yellow)
2. Add functions for enforcing dm-verity configurations
Signed-off-by: Igor Opaniuk
---
cmd/avb.c| 17 ++-
common/avb_verify.c | 140 +--
include/avb_verify.h | 19
901 - 968 of 968 matches
Mail list logo