diff mbox series

[3/9] configs: meson64_android: implement AVB support

Message ID 20210805151728.422329-4-mkorpershoek@baylibre.com
State Accepted, archived
Commit e6c782b502467af6337d32a786d5bdfd5b104229
Delegated to: Neil Armstrong
Headers show
Series meson64_android: Android boot flow using abootimg | expand

Commit Message

Mattijs Korpershoek Aug. 5, 2021, 3:17 p.m. UTC 
AVB (Android Verified Boot) is well supported in U-Boot already.
Add support for it in meson64_android.

This is controlled by the "force_avb" environment variable and the
CONFIG_CMD_AVB option.

Signed-off-by: Guillaume La Roque <glaroque@baylibre.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
---
 include/configs/meson64_android.h | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

Comments

Neil Armstrong Aug. 5, 2021, 4:20 p.m. UTC | #1 
On 05/08/2021 17:17, Mattijs Korpershoek wrote:
> AVB (Android Verified Boot) is well supported in U-Boot already.
> Add support for it in meson64_android.
> 
> This is controlled by the "force_avb" environment variable and the
> CONFIG_CMD_AVB option.
> 
> Signed-off-by: Guillaume La Roque <glaroque@baylibre.com>
> Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
> ---
>  include/configs/meson64_android.h | 23 +++++++++++++++++++++++
>  1 file changed, 23 insertions(+)
> 
> diff --git a/include/configs/meson64_android.h b/include/configs/meson64_android.h
> index bc3ffb9ca5..48a23b6e41 100644
> --- a/include/configs/meson64_android.h
> +++ b/include/configs/meson64_android.h
> @@ -27,6 +27,25 @@
>  
>  #ifndef RECOVERY_PARTITION
>  #define RECOVERY_PARTITION "recovery"
> +
> +#if defined(CONFIG_CMD_AVB)
> +#define AVB_VERIFY_CHECK \
> +	"if test \"${force_avb}\" -eq 1; then " \
> +		"if run avb_verify; then " \
> +			"echo AVB verification OK.;" \
> +			"setenv bootargs \"$bootargs $avb_bootargs\";" \
> +		"else " \
> +			"echo AVB verification failed.;" \
> +		"exit; fi;" \
> +	"else " \
> +		"setenv bootargs \"$bootargs androidboot.verifiedbootstate=orange\";" \
> +		"echo Running without AVB...; "\
> +	"fi;"
> +
> +#define AVB_VERIFY_CMD "avb_verify=avb init ${mmcdev}; avb verify;\0"
> +#else
> +#define AVB_VERIFY_CHECK ""
> +#define AVB_VERIFY_CMD ""
>  #endif
>  
>  #define BOOTENV_DEV_FASTBOOT(devtypeu, devtypel, instance) \
> @@ -93,6 +112,7 @@
>  			"echo Running Recovery...;" \
>  			"mmc dev ${mmcdev};" \
>  			"setenv bootargs \"${bootargs} androidboot.serialno=${serial#}\";" \
> +			AVB_VERIFY_CHECK \
>  			"part start mmc ${mmcdev} " RECOVERY_PARTITION " boot_start;" \
>  			"part size mmc ${mmcdev} " RECOVERY_PARTITION " boot_size;" \
>  			"if mmc read ${loadaddr} ${boot_start} ${boot_size}; then " \
> @@ -111,6 +131,7 @@
>  		"echo Loading Android " BOOT_PARTITION " partition...;" \
>  		"mmc dev ${mmcdev};" \
>  		"setenv bootargs ${bootargs} androidboot.serialno=${serial#};" \
> +		AVB_VERIFY_CHECK \
>  		"part start mmc ${mmcdev} " BOOT_PARTITION " boot_start;" \
>  		"part size mmc ${mmcdev} " BOOT_PARTITION " boot_size;" \
>  		"if mmc read ${loadaddr} ${boot_start} ${boot_size}; then " \
> @@ -142,6 +163,8 @@
>  #define CONFIG_EXTRA_ENV_SETTINGS                                     \
>  	"partitions=" PARTS_DEFAULT "\0"                              \
>  	"mmcdev=2\0"                                                  \
> +	AVB_VERIFY_CMD                                                \
> +	"force_avb=0\0"                                               \
>  	"gpio_recovery=88\0"                                          \
>  	"check_button=gpio input ${gpio_recovery};test $? -eq 0;\0"   \
>  	"load_logo=" PREBOOT_LOAD_LOGO "\0"			      \
> 

Acked-by: Neil Armstrong <narmstrong@baylibre.com>
diff mbox series

Patch

diff --git a/include/configs/meson64_android.h b/include/configs/meson64_android.h
index bc3ffb9ca5..48a23b6e41 100644
--- a/include/configs/meson64_android.h
+++ b/include/configs/meson64_android.h
@@ -27,6 +27,25 @@ 
 
 #ifndef RECOVERY_PARTITION
 #define RECOVERY_PARTITION "recovery"
+
+#if defined(CONFIG_CMD_AVB)
+#define AVB_VERIFY_CHECK \
+	"if test \"${force_avb}\" -eq 1; then " \
+		"if run avb_verify; then " \
+			"echo AVB verification OK.;" \
+			"setenv bootargs \"$bootargs $avb_bootargs\";" \
+		"else " \
+			"echo AVB verification failed.;" \
+		"exit; fi;" \
+	"else " \
+		"setenv bootargs \"$bootargs androidboot.verifiedbootstate=orange\";" \
+		"echo Running without AVB...; "\
+	"fi;"
+
+#define AVB_VERIFY_CMD "avb_verify=avb init ${mmcdev}; avb verify;\0"
+#else
+#define AVB_VERIFY_CHECK ""
+#define AVB_VERIFY_CMD ""
 #endif
 
 #define BOOTENV_DEV_FASTBOOT(devtypeu, devtypel, instance) \
@@ -93,6 +112,7 @@ 
 			"echo Running Recovery...;" \
 			"mmc dev ${mmcdev};" \
 			"setenv bootargs \"${bootargs} androidboot.serialno=${serial#}\";" \
+			AVB_VERIFY_CHECK \
 			"part start mmc ${mmcdev} " RECOVERY_PARTITION " boot_start;" \
 			"part size mmc ${mmcdev} " RECOVERY_PARTITION " boot_size;" \
 			"if mmc read ${loadaddr} ${boot_start} ${boot_size}; then " \
@@ -111,6 +131,7 @@ 
 		"echo Loading Android " BOOT_PARTITION " partition...;" \
 		"mmc dev ${mmcdev};" \
 		"setenv bootargs ${bootargs} androidboot.serialno=${serial#};" \
+		AVB_VERIFY_CHECK \
 		"part start mmc ${mmcdev} " BOOT_PARTITION " boot_start;" \
 		"part size mmc ${mmcdev} " BOOT_PARTITION " boot_size;" \
 		"if mmc read ${loadaddr} ${boot_start} ${boot_size}; then " \
@@ -142,6 +163,8 @@ 
 #define CONFIG_EXTRA_ENV_SETTINGS                                     \
 	"partitions=" PARTS_DEFAULT "\0"                              \
 	"mmcdev=2\0"                                                  \
+	AVB_VERIFY_CMD                                                \
+	"force_avb=0\0"                                               \
 	"gpio_recovery=88\0"                                          \
 	"check_button=gpio input ${gpio_recovery};test $? -eq 0;\0"   \
 	"load_logo=" PREBOOT_LOAD_LOGO "\0"			      \