fs_mgr: support using libavb to enable dm-verity
external/avb/libavb provides the new Android Verified Boot (AVB) flow.
It has different verity metadata format than previous formats in
fs_mgr_verity.cpp fs_mgr should support using libavb to read the metadata
(a.k.a. HASHTREE descriptor in AVB) to enable dm-verity in kernel.
Two important files in this commit:
- fs_mgr_avb_ops.c: an implementation of struct AvbOps* for libavb to do
platform dependent I/O operations, e.g., read_from_partition.
- fs_mgr_avb.cpp: it reads the metadata (a.k.a. vbmeta images in AVB) from
all partitions, verifies its integrity against the values of
androidboot.vbmeta.{hash_alg, size, digest} passed from bootloader in
kernel command line. Then enable dm-verity for partitions having the
corresponding HASHTREE descriptor and with an 'avb' fstab flag.
Bug: 31264231
Test: Enable dm-verity on /system partition
Test: Enable dm-verity with FEC on /system partition
Change-Id: I4652806984fe5a30c61be0839135b5ca78323d38
diff --git a/fs_mgr/fs_mgr_priv_sha.h b/fs_mgr/fs_mgr_priv_sha.h
new file mode 100644
index 0000000..1abc273
--- /dev/null
+++ b/fs_mgr/fs_mgr_priv_sha.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __CORE_FS_MGR_PRIV_SHA_H
+#define __CORE_FS_MGR_PRIV_SHA_H
+
+#include <openssl/sha.h>
+
+class SHA256Hasher
+{
+ private:
+ SHA256_CTX sha256_ctx;
+ uint8_t hash[SHA256_DIGEST_LENGTH];
+
+ public:
+ enum { DIGEST_SIZE = SHA256_DIGEST_LENGTH };
+
+ SHA256Hasher()
+ {
+ SHA256_Init(&sha256_ctx);
+ }
+
+ void update(const void *data, size_t data_size)
+ {
+ SHA256_Update(&sha256_ctx, data, data_size);
+ }
+
+ const uint8_t *finalize()
+ {
+ SHA256_Final(hash, &sha256_ctx);
+ return hash;
+ }
+};
+
+class SHA512Hasher
+{
+ private:
+ SHA512_CTX sha512_ctx;
+ uint8_t hash[SHA512_DIGEST_LENGTH];
+
+ public:
+ enum { DIGEST_SIZE = SHA512_DIGEST_LENGTH };
+
+ SHA512Hasher()
+ {
+ SHA512_Init(&sha512_ctx);
+ }
+
+ void update(const uint8_t *data, size_t data_size)
+ {
+ SHA512_Update(&sha512_ctx, data, data_size);
+ }
+
+ const uint8_t *finalize()
+ {
+ SHA512_Final(hash, &sha512_ctx);
+ return hash;
+ }
+};
+
+#endif /* __CORE_FS_MGR_PRIV_SHA_H */