1 /* 2 * Copyright (C) 2024 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 // This is a custom protocol introduced by GBL. 18 // See gbl/docs/gbl_efi_avb_protocol.md for details. 19 20 #ifndef __GBL_AVB_PROTOCOL_H__ 21 #define __GBL_AVB_PROTOCOL_H__ 22 23 #include "types.h" 24 25 // Os boot state color. 26 // 27 // https://source.android.com/docs/security/features/verifiedboot/boot-flow#communicating-verified-boot-state-to-users 28 typedef enum GBL_EFI_AVB_BOOT_STATE_COLOR { 29 GREEN, 30 YELLOW, 31 ORANGE, 32 RED_EIO, 33 RED, 34 } GblEfiAvbBootStateColor; 35 36 // Vbmeta key validation status. 37 // 38 // https://source.android.com/docs/security/features/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust 39 typedef enum GBL_EFI_AVB_KEY_VALIDATION_STATUS { 40 VALID, 41 VALID_CUSTOM_KEY, 42 INVALID, 43 } GblEfiAvbKeyValidationStatus; 44 45 typedef struct { 46 // GblEfiAvbBootStateColor 47 uint32_t color; 48 49 // Pointer to nul-terminated ASCII hex digest calculated by libavb. May be 50 // null in case of verification failed (RED boot state color). 51 const char8_t* digest; 52 53 // Pointers to nul-terminated os versions and security_patches for different 54 // boot components. NULL is provided in case value isn't presented in the boot 55 // artifacts or fatal AVB failure. 56 // https://source.android.com/docs/core/architecture/bootloader/version-info-avb 57 const char8_t* boot_version; 58 const char8_t* boot_security_patch; 59 const char8_t* system_version; 60 const char8_t* system_security_patch; 61 const char8_t* vendor_version; 62 const char8_t* vendor_security_patch; 63 } GblEfiAvbVerificationResult; 64 65 typedef struct GblEfiAvbProtocol { 66 uint64_t revision; 67 68 EfiStatus (*validate_vbmeta_public_key)( 69 struct GblEfiAvbProtocol* self, const uint8_t* public_key_data, 70 size_t public_key_length, const uint8_t* public_key_metadata, 71 size_t public_key_metadata_length, 72 /* GblEfiAvbKeyValidationStatus */ uint32_t* validation_status); 73 74 EfiStatus (*read_is_device_unlocked)(struct GblEfiAvbProtocol* self, 75 bool* is_unlocked); 76 77 EfiStatus (*read_rollback_index)(struct GblEfiAvbProtocol* self, 78 size_t index_location, 79 uint64_t* rollback_index); 80 81 EfiStatus (*write_rollback_index)(struct GblEfiAvbProtocol* self, 82 size_t index_location, 83 uint64_t rollback_index); 84 85 EfiStatus (*read_persistent_value)(struct GblEfiAvbProtocol* self, 86 const char* name, uint8_t* value, 87 size_t* value_size); 88 89 EfiStatus (*write_persistent_value)(struct GblEfiAvbProtocol* self, 90 const char* name, const uint8_t* value, 91 size_t value_size); 92 93 EfiStatus (*handle_verification_result)( 94 struct GblEfiAvbProtocol* self, 95 const GblEfiAvbVerificationResult* result); 96 97 } GblEfiAvbProtocol; 98 99 #endif //__GBL_AVB_PROTOCOL_H__ 100