From patchwork Wed Apr 25 13:18:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Opaniuk X-Patchwork-Id: 904236 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="N+rDAP8k"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 40WLXy2L3Hz9s1s for ; Wed, 25 Apr 2018 23:25:22 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id E8561C22027; Wed, 25 Apr 2018 13:23:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 01686C21FF5; Wed, 25 Apr 2018 13:21:03 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 1B4E8C21FA0; Wed, 25 Apr 2018 13:18:24 +0000 (UTC) Received: from mail-lf0-f52.google.com (mail-lf0-f52.google.com [209.85.215.52]) by lists.denx.de (Postfix) with ESMTPS id E76E6C21FEA for ; Wed, 25 Apr 2018 13:18:23 +0000 (UTC) Received: by mail-lf0-f52.google.com with SMTP id r125-v6so25426894lfe.2 for ; Wed, 25 Apr 2018 06:18:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=UgAdpsw+QYt/xasjU+PqcUk5sinzqlCbtnTwsjfNmuY=; b=N+rDAP8kcN8YHDPRTuhZnLPTiQOQBS4gFo3co9hGZgweuW+q0YXVwbA3CrheEJfNRV SsC2EP0sxfSVeB6I4jDQ4G3pupiDs72zyJPVckIpDJwh/TtQ8EGsMvCR6E1DKjqqA1YO D0q4jW4AWILdWmgstqcPdaj93gW4DmbwQbUDI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=UgAdpsw+QYt/xasjU+PqcUk5sinzqlCbtnTwsjfNmuY=; b=nmc7A60WRuGFVKf74gNcs+4ZZafeS4dwrSY3YuqdSx7jznZOsOreG7j3RLH/mAf5bn /4gwSJK+qOkBX8XFXCCIHQe+3Y/mORoD4v7WFJDnkQj+nG1voLTWTKYdhl2KChw8k4na 2GpJ3v1QvOfzFNtzvly5kbnGcGppd3424MpwG/TjinVarOqAdvyFXn6BSAxSXMr2ujwM hm+lKMe0PSrvAH0A49V+HS1j1GE1jJ17/btggq0EnXxpZtsF154vAppLlm2AjoZUFrKu xgv0QQn8HKlm2AoVKtyGg7e+4oy5RGOBHUwaHJVrd1sjQcLbbU4JOmfVjDoArudkpPrT ngGA== X-Gm-Message-State: ALQs6tC8z9FLwuGuUOsL/nJovi34rnHd+Z2zBsuC4g3i4WwN78YlTEpY Zd2E91FWIcl+KH2gwZrKzeEidALbhRViLQ== X-Google-Smtp-Source: AB8JxZpi/14qqOLlWWv7LBPf4qbEMF+jVaPjfZIpWUPyAIrY1pv5UFrZfXDGj9WUn6MOpNjhTMwWZw== X-Received: by 2002:a19:c905:: with SMTP id z5-v6mr14819974lff.37.1524662302935; Wed, 25 Apr 2018 06:18:22 -0700 (PDT) Received: from localhost ([195.238.93.36]) by smtp.gmail.com with ESMTPSA id y11sm3309542ljj.95.2018.04.25.06.18.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Apr 2018 06:18:22 -0700 (PDT) From: Igor Opaniuk To: u-boot@lists.denx.de Date: Wed, 25 Apr 2018 16:18:05 +0300 Message-Id: <1524662285-19617-9-git-send-email-igor.opaniuk@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1524662285-19617-1-git-send-email-igor.opaniuk@linaro.org> References: <1524662285-19617-1-git-send-email-igor.opaniuk@linaro.org> X-Mailman-Approved-At: Wed, 25 Apr 2018 13:20:57 +0000 Cc: trini@konsulko.com, praneeth@ti.com, misael.lopez@ti.com, joakim.bech@linaro.org Subject: [U-Boot] [PATCH 8/8] doc: avb2.0: add README about AVB2.0 integration X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Contains: 1. Overview of Android Verified Boot 2.0 2. Description of avb subset of commands 3. Examples of errors when boot/vendor/system/vbmeta partitions are tampered 4. Examples of enabling AVB2.0 on your setup Signed-off-by: Igor Opaniuk --- doc/README.avb2 | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 doc/README.avb2 diff --git a/doc/README.avb2 b/doc/README.avb2 new file mode 100644 index 0000000..40db7c5 --- /dev/null +++ b/doc/README.avb2 @@ -0,0 +1,100 @@ +Android Verified Boot 2.0 + +This file contains information about the current support of Android Verified +Boot 2.0 in U-boot + +1. OVERVIEW +--------------------------------- +Verified Boot establishes a chain of trust from the bootloader to system images +* Provides integrity checking for: + - Android Boot image: Linux kernel + ramdisk. RAW hashing of the whole + partition is done and the hash is compared with the one stored in + the VBMeta image + - system/vendor partitions: verifying root hash of dm-verity hashtrees. +* Provides capabilities for rollback protection. + +Integrity of the bootloader (U-boot BLOB and environment) is out of scope. + +For additional details check: +https://android.googlesource.com/platform/external/avb/+/master/README.md + + +2. AVB 2.0 U-BOOT SHELL COMMANDS +----------------------------------- +Provides CLI interface to invoke AVB 2.0 verification + misc. commands for +different testing purposes: + +avb init - initialize avb 2.0 for +avb verify - run verification process using hash data from vbmeta structure +avb read_rb - read rollback index at location +avb write_rb - write rollback index to +avb is_unlocked - returns unlock status of the device +avb get_uuid - read and print uuid of partition +avb read_part - read bytes from +partition to buffer +avb write_part - write bytes to + by using data from + + +3. PARTITIONS TAMPERING (EXAMPLE) +----------------------------------- +Boot or system/vendor (dm-verity metadata section) is tampered: +=> avb init 1 +=> avb verify +avb_slot_verify.c:175: ERROR: boot: Hash of data does not match digest in +descriptor. +Slot verification result: ERROR_IO + +Vbmeta partition is tampered: +=> avb init 1 +=> avb verify +avb_vbmeta_image.c:206: ERROR: Hash does not match! +avb_slot_verify.c:388: ERROR: vbmeta: Error verifying vbmeta image: +HASH_MISMATCH +Slot verification result: ERROR_IO + + +4. ENABLE ON YOUR BOARD +----------------------------------- +The following options must be enabled: +CONFIG_LIBAVB=y +CONFIG_LIBAVB_AB=y +CONFIG_CMD_AVB=y + + +Then add `avb verify` invocation to your android boot sequence of commands, +e.g.: + +=> avb_verify=avb init $mmcdev; avb verify; +=> if run avb_verify; then \ + echo AVB verification OK. Continue boot; \ + set bootargs $bootargs $avb_bootargs; \ + else \ + echo AVB verification failed; \ + exit; \ + fi; \ + +=> emmc_android_boot= \ + echo Trying to boot Android from eMMC ...; \ + ... \ + run avb_verify; \ + mmc read ${fdtaddr} ${fdt_start} ${fdt_size}; \ + mmc read ${loadaddr} ${boot_start} ${boot_size}; \ + bootm $loadaddr $loadaddr $fdtaddr; \ + + +To switch on automatic generation of vbmeta partition in AOSP build, add these +lines to device configuration mk file: + +BOARD_AVB_ENABLE := true +BOARD_AVB_ALGORITHM := SHA512_RSA4096 +BOARD_BOOTIMAGE_PARTITION_SIZE := + +After flashing U-boot don't forget to update environment and write new +partition table: +=> env default -f -a +=> setenv partitions $partitions_android +=> env save +=> fas 1 + +$ fastboot oem format