Hi Igor, It's great to see the patch set to support AVB2.0, the upstream libavb(from aosp) combine the AVB with A/B which I think should be two separate feature, are you going to split them?
BTW, do you have plan to update boot_android cmd to support avb? the command is too weak for use now. And any plan to add opptee_client/smcc to talk to OPTEE/ATF? Thanks, - Kever On 04/25/2018 09:17 PM, Igor Opaniuk wrote: > This series of patches introduces support of Android Verified Boot 2.0, > which provides integrity checking of Android partitions on MMC. > > It integrates libavb/libavb_ab into the U-boot, provides implementation of > AvbOps, subset of `avb` commands to run verification chain (and for debugging > purposes), and it enables AVB2.0 verification on AM57xx HS SoC by default. > > Currently, there is still no support for verification of A/B boot slots > and no rollback protection (for storing rollback indexes > there are plans to use eMMC RPMB) > > Libavb/libavb_ab will be deviated from AOSP upstream in the future, > that's why minimal amount of changes were introduced into the lib sources, > so checkpatch may fail. > > For additional details check [1] AVB 2.0 README and doc/README.avb2, which > is a part of this patchset. > > [1] https://android.googlesource.com/platform/external/avb/+/master/README.md > > Igor Opaniuk (8): > avb2.0: add Android Verified Boot 2.0 libraries > avb2.0: integrate avb 2.0 into the build system > avb2.0: implement AVB ops > cmd: avb2.0: avb command for performing verification > avb2.0: add boot states and dm-verity support > am57xx_hs: avb2.0: add support of AVB 2.0 > test/py: avb2.0: add tests for avb commands > doc: avb2.0: add README about AVB2.0 integration > > cmd/Kconfig | 15 + > cmd/Makefile | 3 + > cmd/avb.c | 366 ++++++++ > common/Makefile | 2 + > common/avb_verify.c | 748 ++++++++++++++++ > configs/am57xx_hs_evm_defconfig | 3 + > doc/README.avb2 | 100 +++ > include/avb/avb_ab_flow.h | 235 ++++++ > include/avb/avb_ab_ops.h | 61 ++ > include/avb/avb_chain_partition_descriptor.h | 54 ++ > include/avb/avb_crypto.h | 147 ++++ > include/avb/avb_descriptor.h | 113 +++ > include/avb/avb_footer.h | 68 ++ > include/avb/avb_hash_descriptor.h | 55 ++ > include/avb/avb_hashtree_descriptor.h | 65 ++ > include/avb/avb_kernel_cmdline_descriptor.h | 63 ++ > include/avb/avb_ops.h | 196 +++++ > include/avb/avb_property_descriptor.h | 89 ++ > include/avb/avb_rsa.h | 55 ++ > include/avb/avb_sha.h | 72 ++ > include/avb/avb_slot_verify.h | 239 ++++++ > include/avb/avb_sysdeps.h | 97 +++ > include/avb/avb_util.h | 259 ++++++ > include/avb/avb_vbmeta_image.h | 272 ++++++ > include/avb/avb_version.h | 45 + > include/avb/libavb.h | 32 + > include/avb/libavb_ab.h | 22 + > include/avb_verify.h | 97 +++ > include/configs/am57xx_evm.h | 11 + > include/environment/ti/boot.h | 15 + > lib/Kconfig | 20 + > lib/Makefile | 2 + > lib/libavb/Makefile | 15 + > lib/libavb/avb_chain_partition_descriptor.c | 46 + > lib/libavb/avb_crypto.c | 355 ++++++++ > lib/libavb/avb_descriptor.c | 142 ++++ > lib/libavb/avb_footer.c | 36 + > lib/libavb/avb_hash_descriptor.c | 43 + > lib/libavb/avb_hashtree_descriptor.c | 51 ++ > lib/libavb/avb_kernel_cmdline_descriptor.c | 40 + > lib/libavb/avb_property_descriptor.c | 167 ++++ > lib/libavb/avb_rsa.c | 277 ++++++ > lib/libavb/avb_sha256.c | 364 ++++++++ > lib/libavb/avb_sha512.c | 362 ++++++++ > lib/libavb/avb_slot_verify.c | 1169 > ++++++++++++++++++++++++++ > lib/libavb/avb_sysdeps_posix.c | 57 ++ > lib/libavb/avb_util.c | 385 +++++++++ > lib/libavb/avb_vbmeta_image.c | 290 +++++++ > lib/libavb/avb_version.c | 16 + > lib/libavb_ab/Makefile | 9 + > lib/libavb_ab/avb_ab_flow.c | 502 +++++++++++ > test/py/tests/test_avb.py | 111 +++ > 52 files changed, 8058 insertions(+) > create mode 100644 cmd/avb.c > create mode 100644 common/avb_verify.c > create mode 100644 doc/README.avb2 > create mode 100644 include/avb/avb_ab_flow.h > create mode 100644 include/avb/avb_ab_ops.h > create mode 100644 include/avb/avb_chain_partition_descriptor.h > create mode 100644 include/avb/avb_crypto.h > create mode 100644 include/avb/avb_descriptor.h > create mode 100644 include/avb/avb_footer.h > create mode 100644 include/avb/avb_hash_descriptor.h > create mode 100644 include/avb/avb_hashtree_descriptor.h > create mode 100644 include/avb/avb_kernel_cmdline_descriptor.h > create mode 100644 include/avb/avb_ops.h > create mode 100644 include/avb/avb_property_descriptor.h > create mode 100644 include/avb/avb_rsa.h > create mode 100644 include/avb/avb_sha.h > create mode 100644 include/avb/avb_slot_verify.h > create mode 100644 include/avb/avb_sysdeps.h > create mode 100644 include/avb/avb_util.h > create mode 100644 include/avb/avb_vbmeta_image.h > create mode 100644 include/avb/avb_version.h > create mode 100644 include/avb/libavb.h > create mode 100644 include/avb/libavb_ab.h > create mode 100644 include/avb_verify.h > create mode 100644 lib/libavb/Makefile > create mode 100644 lib/libavb/avb_chain_partition_descriptor.c > create mode 100644 lib/libavb/avb_crypto.c > create mode 100644 lib/libavb/avb_descriptor.c > create mode 100644 lib/libavb/avb_footer.c > create mode 100644 lib/libavb/avb_hash_descriptor.c > create mode 100644 lib/libavb/avb_hashtree_descriptor.c > create mode 100644 lib/libavb/avb_kernel_cmdline_descriptor.c > create mode 100644 lib/libavb/avb_property_descriptor.c > create mode 100644 lib/libavb/avb_rsa.c > create mode 100644 lib/libavb/avb_sha256.c > create mode 100644 lib/libavb/avb_sha512.c > create mode 100644 lib/libavb/avb_slot_verify.c > create mode 100644 lib/libavb/avb_sysdeps_posix.c > create mode 100644 lib/libavb/avb_util.c > create mode 100644 lib/libavb/avb_vbmeta_image.c > create mode 100644 lib/libavb/avb_version.c > create mode 100644 lib/libavb_ab/Makefile > create mode 100644 lib/libavb_ab/avb_ab_flow.c > create mode 100644 test/py/tests/test_avb.py > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
