1 /*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use, copy,
8 * modify, merge, publish, distribute, sublicense, and/or sell copies
9 * of the Software, and to permit persons to whom the Software is
10 * furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include "avb_user_verification.h"
26
27 /* Maximum allow length (in bytes) of a partition name, including
28 * ab_suffix.
29 */
30 #define AVB_PART_NAME_MAX_SIZE 32
31
32 /* Loads the toplevel AvbVBMetaImageHeader from the slot denoted by
33 * |ab_suffix| into |vbmeta_image|. No validation, verification, or
34 * byteswapping is performed.
35 *
36 * If successful, |true| is returned and the partition it was loaded
37 * from is returned in |out_partition_name| and the offset on said
38 * partition is returned in |out_vbmeta_offset|.
39 */
load_top_level_vbmeta_header(AvbOps * ops,const char * ab_suffix,uint8_t vbmeta_image[AVB_VBMETA_IMAGE_HEADER_SIZE],char out_partition_name[AVB_PART_NAME_MAX_SIZE],uint64_t * out_vbmeta_offset)40 static bool load_top_level_vbmeta_header(
41 AvbOps* ops,
42 const char* ab_suffix,
43 uint8_t vbmeta_image[AVB_VBMETA_IMAGE_HEADER_SIZE],
44 char out_partition_name[AVB_PART_NAME_MAX_SIZE],
45 uint64_t* out_vbmeta_offset) {
46 uint64_t vbmeta_offset = 0;
47 size_t num_read;
48 bool ret = false;
49 AvbIOResult io_res;
50
51 /* Construct full partition name. */
52 if (!avb_str_concat(out_partition_name,
53 AVB_PART_NAME_MAX_SIZE,
54 "vbmeta",
55 6,
56 ab_suffix,
57 avb_strlen(ab_suffix))) {
58 avb_error("Partition name and suffix does not fit.\n");
59 goto out;
60 }
61
62 /* Only read the header, not the entire struct. */
63 io_res = ops->read_from_partition(ops,
64 out_partition_name,
65 vbmeta_offset,
66 AVB_VBMETA_IMAGE_HEADER_SIZE,
67 vbmeta_image,
68 &num_read);
69 if (io_res == AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION) {
70 AvbFooter footer;
71
72 /* Try looking for the vbmeta struct in 'boot' via the footer. */
73 if (!avb_str_concat(out_partition_name,
74 AVB_PART_NAME_MAX_SIZE,
75 "boot",
76 4,
77 ab_suffix,
78 avb_strlen(ab_suffix))) {
79 avb_error("Partition name and suffix does not fit.\n");
80 goto out;
81 }
82 io_res = ops->read_from_partition(ops,
83 out_partition_name,
84 -AVB_FOOTER_SIZE,
85 AVB_FOOTER_SIZE,
86 &footer,
87 &num_read);
88 if (io_res != AVB_IO_RESULT_OK) {
89 avb_error(
90 "Error loading footer from partition '", out_partition_name, "'\n");
91 goto out;
92 }
93
94 if (avb_memcmp(footer.magic, AVB_FOOTER_MAGIC, AVB_FOOTER_MAGIC_LEN) != 0) {
95 avb_error("Data from '",
96 out_partition_name,
97 "' does not look like a vbmeta footer.\n");
98 goto out;
99 }
100
101 vbmeta_offset = avb_be64toh(footer.vbmeta_offset);
102 io_res = ops->read_from_partition(ops,
103 out_partition_name,
104 vbmeta_offset,
105 AVB_VBMETA_IMAGE_HEADER_SIZE,
106 vbmeta_image,
107 &num_read);
108 }
109
110 if (io_res != AVB_IO_RESULT_OK) {
111 avb_error("Error loading from partition '", out_partition_name, "'\n");
112 goto out;
113 }
114
115 if (out_vbmeta_offset != NULL) {
116 *out_vbmeta_offset = vbmeta_offset;
117 }
118
119 ret = true;
120
121 out:
122 return ret;
123 }
124
avb_user_verification_get(AvbOps * ops,const char * ab_suffix,bool * out_verification_enabled)125 bool avb_user_verification_get(AvbOps* ops,
126 const char* ab_suffix,
127 bool* out_verification_enabled) {
128 uint8_t vbmeta_image[AVB_VBMETA_IMAGE_HEADER_SIZE]; /* 256 bytes. */
129 char partition_name[AVB_PART_NAME_MAX_SIZE]; /* 32 bytes. */
130 AvbVBMetaImageHeader* header;
131 uint32_t flags;
132 bool ret = false;
133
134 if (!load_top_level_vbmeta_header(
135 ops, ab_suffix, vbmeta_image, partition_name, NULL)) {
136 goto out;
137 }
138
139 if (avb_memcmp(vbmeta_image, AVB_MAGIC, AVB_MAGIC_LEN) != 0) {
140 avb_error("Data from '",
141 partition_name,
142 "' does not look like a vbmeta header.\n");
143 goto out;
144 }
145
146 /* Set/clear the VERIFICATION_DISABLED bit, as requested. */
147 header = (AvbVBMetaImageHeader*)vbmeta_image;
148 flags = avb_be32toh(header->flags);
149
150 if (out_verification_enabled != NULL) {
151 *out_verification_enabled =
152 !(flags & AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED);
153 }
154
155 ret = true;
156
157 out:
158 return ret;
159 }
160
avb_user_verification_set(AvbOps * ops,const char * ab_suffix,bool enable_verification)161 bool avb_user_verification_set(AvbOps* ops,
162 const char* ab_suffix,
163 bool enable_verification) {
164 uint8_t vbmeta_image[AVB_VBMETA_IMAGE_HEADER_SIZE]; /* 256 bytes. */
165 char partition_name[AVB_PART_NAME_MAX_SIZE]; /* 32 bytes. */
166 uint64_t vbmeta_offset;
167 AvbIOResult io_res;
168 AvbVBMetaImageHeader* header;
169 uint32_t flags;
170 bool ret = false;
171
172 if (!load_top_level_vbmeta_header(
173 ops, ab_suffix, vbmeta_image, partition_name, &vbmeta_offset)) {
174 goto out;
175 }
176
177 if (avb_memcmp(vbmeta_image, AVB_MAGIC, AVB_MAGIC_LEN) != 0) {
178 avb_error("Data from '",
179 partition_name,
180 "' does not look like a vbmeta header.\n");
181 goto out;
182 }
183
184 /* Set/clear the VERIFICATION_DISABLED bit, as requested. */
185 header = (AvbVBMetaImageHeader*)vbmeta_image;
186 flags = avb_be32toh(header->flags);
187 flags &= ~AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED;
188 if (!enable_verification) {
189 flags |= AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED;
190 }
191 header->flags = avb_htobe32(flags);
192
193 /* Write the header. */
194 io_res = ops->write_to_partition(ops,
195 partition_name,
196 vbmeta_offset,
197 AVB_VBMETA_IMAGE_HEADER_SIZE,
198 vbmeta_image);
199 if (io_res != AVB_IO_RESULT_OK) {
200 avb_error("Error writing to partition '", partition_name, "'\n");
201 goto out;
202 }
203
204 ret = true;
205
206 out:
207 return ret;
208 }
209