platform: msm_shared: Add changes as per AVB2.0 specs
As per the requirement of AVB2.0 current call flow aboot_init
is updated to make sure that device is booting with AVB2.0
enable.Fix kernel cmdline for recovery and add checks to verify
the boot image.
Change-Id: Icfb250eac71edf07ea6f6123ddd15c6aaaa1629f
diff --git a/platform/msm_shared/include/verifiedboot.h b/platform/msm_shared/include/verifiedboot.h
new file mode 100644
index 0000000..9e16982
--- /dev/null
+++ b/platform/msm_shared/include/verifiedboot.h
@@ -0,0 +1,170 @@
+/* Copyright (c) 2018, The Linux Foundation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of The Linux Foundation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef __VERIFIEDBOOT_H__
+#define __VERIFIEDBOOT_H__
+
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <sys/types.h>
+#include <mmc.h>
+#include <platform.h>
+#include <devinfo.h>
+#include <meta_format.h>
+#include <boot_device.h>
+#include <boot_verifier.h>
+#include <target.h>
+
+typedef enum {
+ NO_AVB = 0,
+ AVB_1,
+ AVB_2,
+ AVB_LE
+} avb_versions;
+
+#define VB_SHA256_SIZE 32
+#define LE_BOOTIMG_SIG_SIZE 256
+#define abort() ASSERT(false);
+#define MAX_PATH_SIZE 64
+
+#define EFIERR(_a) (-1 * (_a))
+
+#define EFI_SUCCESS 0
+#define EFI_LOAD_ERROR EFIERR (1)
+#define EFI_INVALID_PARAMETER EFIERR (2)
+#define EFI_UNSUPPORTED EFIERR (3)
+#define EFI_BAD_BUFFER_SIZE EFIERR (4)
+#define EFI_BUFFER_TOO_SMALL EFIERR (5)
+#define EFI_NOT_READY EFIERR (6)
+#define EFI_DEVICE_ERROR EFIERR (7)
+#define EFI_WRITE_PROTECTED EFIERR (8)
+#define EFI_OUT_OF_RESOURCES EFIERR (9)
+#define EFI_VOLUME_CORRUPTED EFIERR (10)
+#define EFI_VOLUME_FULL EFIERR (11)
+#define EFI_NO_MEDIA EFIERR (12)
+#define EFI_MEDIA_CHANGED EFIERR (13)
+#define EFI_NOT_FOUND EFIERR (14)
+#define EFI_ACCESS_DENIED EFIERR (15)
+#define EFI_NO_RESPONSE EFIERR (16)
+#define EFI_NO_MAPPING EFIERR (17)
+#define EFI_TIMEOUT EFIERR (18)
+#define EFI_NOT_STARTED EFIERR (19)
+#define EFI_ALREADY_STARTED EFIERR (20)
+#define EFI_ABORTED EFIERR (21)
+#define EFI_ICMP_ERROR EFIERR (22)
+
+#define EFI_TFTP_ERROR EFIERR (23)
+#define EFI_PROTOCOL_ERROR EFIERR (24)
+#define EFI_INCOMPATIBLE_VERSION EFIERR (25)
+#define EFI_SECURITY_VIOLATION EFIERR (26)
+#define EFI_CRC_ERROR EFIERR (27)
+#define EFI_END_OF_MEDIA EFIERR (28)
+#define EFI_END_OF_FILE EFIERR (31)
+#define EFI_INVALID_LANGUAGE EFIERR (32)
+
+#define EFI_WARN_UNKNOWN_GLYPH EFIWARN (1)
+#define EFI_WARN_DELETE_FAILURE EFIWARN (2)
+#define EFI_WARN_WRITE_FAILURE EFIWARN (3)
+#define EFI_WARN_BUFFER_TOO_SMALL EFIWARN (4)
+
+typedef int EFI_STATUS;
+typedef bool BOOLEAN;
+typedef char CHAR8;
+typedef int16_t CHAR16;
+typedef void VOID;
+typedef uint8_t UINT8;
+typedef uint16_t UINT16;
+typedef uint32_t UINT32;
+typedef uint64_t UINT64;
+typedef int16_t INT16;
+typedef int32_t INT32;
+typedef int64_t INT64;
+typedef uintptr_t UINTN;
+
+typedef enum {
+ VB_UNDEFINED_HASH = 0,
+ VB_SHA1,
+ VB_SHA256,
+ VB_UNSUPPORTED_HASH,
+ VB_RESERVED_HASH = 0x7fffffff /* force to 32 bits */
+} vb_hash;
+
+#define GUARD(code) \
+ do { \
+ Status = (code); \
+ if (Status != EFI_SUCCESS) { \
+ dprintf(CRITICAL, "Err: line:%d %s() status: %d\n", __LINE__, \
+ __FUNCTION__, Status); \
+ return Status; \
+ } \
+ } while (0)
+
+#define GUARD_OUT(code) \
+ do { \
+ Status = (code); \
+ if (Status != EFI_SUCCESS) { \
+ dprintf(CRITICAL, "Err: line:%d %s() status: %d\n", __LINE__, \
+ __FUNCTION__, Status); \
+ goto out; \
+ } \
+ } while (0)
+
+/* forward declare bootinfo */
+typedef struct bootinfo bootinfo;
+
+BOOLEAN VerifiedBootEnabled();
+
+/**
+ * @return 0 - AVB disabled
+ * 1 - VB 1.0
+ * 2 - VB 2.0
+ * 3 - LE VB
+ */
+UINT32 GetAVBVersion();
+
+/**
+ * Authenticates and loads boot image in
+ * Info->Images on EFI_SUCCESS.
+ * Also provides Verified Boot command
+ * arguments (if any) in Info->vbcmdline
+ *
+ * @return EFI_STATUS
+ */
+int load_image_and_auth(bootinfo *Info);
+
+/**
+ * Free resources/memory allocated by
+ * verified boot, image_buffer, vbcmdline
+ * VBData...
+ *
+ * @return VOID
+ */
+void free_verified_boot_resource(bootinfo *Info);
+
+#endif /* __VERIFIEDBOOT_H__ */