| // Copyright 2019-2020 Google LLC |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| syntax = "proto3"; |
| |
| package aftl; |
| option go_package = "proto"; |
| |
| import "trillian.proto"; |
| |
| message InclusionProof { |
| trillian.Proof proof = 1; |
| trillian.SignedLogRoot sth = 2; |
| } |
| |
| message AddVBMetaRequest { |
| // VBMeta structure as described in |
| // https://android.googlesource.com/platform/external/avb/+/master/README.md. |
| // In case of chained partitions, each VBMeta is added via a separate call. |
| // The default size for gRPC payload is about 4MB. We expect vbmeta to be |
| // in the order of 64kB. |
| bytes vbmeta = 1; |
| |
| // Serialized SignedVBMetaPrimaryAnnotation. This annotation contains the hash |
| // of the vbmeta structure. It is signed using the manufacturer key. |
| // See types/types.go. |
| bytes signed_vbmeta_primary_annotation = 2; |
| } |
| |
| message AddVBMetaResponse { |
| // Inclusion proof and the leaf that was added to the log, which contains |
| // the annotation on VBMeta. |
| // It is required to have the complete leaf to validate the inclusion proof. |
| // For on-device verification, only these first 2 fields are required to |
| // validate the inclusion. |
| InclusionProof annotation_proof = 1; |
| bytes annotation_leaf = 2; |
| |
| // Inclusion proof and leaf that was added to the log, which contains the full |
| // vbmeta partition. |
| // These fields are NOT required for validation but can still be recorded by a |
| // vendor to prove that the complete VBMeta was submitted. |
| InclusionProof vbmeta_proof = 3; |
| bytes vbmeta_leaf = 4; |
| } |
| |
| message AnnotateVBMetaWithBuildRequest { |
| // Serialized SignedVBMetaBuildAnnotation. This annotation contains the hash |
| // of the full build image. See types/types.go. |
| bytes signed_vbmeta_build_annotation = 1; |
| |
| // Bytes of the binary images. The hash value of the concatenation of these |
| // chunk is contained in SignedVBMetaBuildAnnotation. |
| // This is ignored if any of the requests origin_url is set. |
| bytes image_chunk = 2; |
| |
| // Origin location of image. It is used to get a copy of the binary image |
| // from another server (e.g., Google Cloud Storage). |
| string origin_url = 3; |
| } |
| |
| message AnnotateVBMetaWithBuildResponse { |
| // Inclusion proof and leaf for the firmware image. The leaf contains the URL |
| // where the image was stored. |
| // It is not required for vendors to keep this information. However, this can |
| // be used for their records to ensure the correctness of the log. |
| InclusionProof annotation_proof = 1; |
| bytes annotation_leaf = 2; |
| } |
| |
| service AFTLog { |
| |
| // Insert a new VBMeta structure into the log. |
| // This request will effectively create 2 log entries: |
| // - VBMeta itself |
| // - Vendor annotations, which includes a reference to the VBMeta. |
| rpc AddVBMeta(AddVBMetaRequest) returns (AddVBMetaResponse) {} |
| |
| // Upload (or copy) the complete firmware image. |
| rpc AnnotateVBMetaWithBuild(stream AnnotateVBMetaWithBuildResponse) returns (AnnotateVBMetaWithBuildResponse) {} |
| |
| // TODO(tweek): GetProofByHash, GetSthConsistency, GetEntries, GetRootKeys |
| } |