Make it possible to include public key metadata.
A new option --public_key_metadata can be used at image build time to
include a "public key metadata" blob in the vbmeta struct and this
data is passed to the validate_vbmeta_public_key() AvbOps operation
along with the public key.
The use-case for this option is a device where the root-of-trust
embedded in the device is different from the key used to sign AVB
metadata. Specifically, the public key metadata blob can be data
signed by the device root-of-trust and the data could assert the trust
chain between this root-of-trust and the AVB public key used to sign
the AVB metadata.
(This change breaks the on-disk image format but that's OK because
we're still pre-1.0 with respect to image format stability
guarantees.)
Bug: 32736356
Test: New unit tests and all unit tests pass.
Test: Tested in UEFI-based bootloader in qemu.
Change-Id: I7b9c3bf2f9326b5bb5659b2a431a59a5c9016aff
diff --git a/test/fake_avb_ops.h b/test/fake_avb_ops.h
index 2a81e17..76d452d 100644
--- a/test/fake_avb_ops.h
+++ b/test/fake_avb_ops.h
@@ -51,6 +51,11 @@
expected_public_key_ = expected_public_key;
}
+ void set_expected_public_key_metadata(
+ const std::string& expected_public_key_metadata) {
+ expected_public_key_metadata_ = expected_public_key_metadata;
+ }
+
void set_stored_rollback_indexes(
const std::vector<uint64_t>& stored_rollback_indexes) {
stored_rollback_indexes_ = stored_rollback_indexes;
@@ -74,6 +79,8 @@
AvbIOResult validate_vbmeta_public_key(AvbOps* ops,
const uint8_t* public_key_data,
size_t public_key_length,
+ const uint8_t* public_key_metadata,
+ size_t public_key_metadata_length,
bool* out_key_is_trusted);
AvbIOResult read_rollback_index(AvbOps* ops, size_t rollback_index_slot,
@@ -95,6 +102,7 @@
base::FilePath partition_dir_;
std::string expected_public_key_;
+ std::string expected_public_key_metadata_;
std::vector<uint64_t> stored_rollback_indexes_;