Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 34742973 authored by Bowgo Tsai's avatar Bowgo Tsai
Browse files

fs_mg: allow getting VBMeta Digest from device-tree 

fs_mgr gets androidboot.vbmeta.{size, hash_alg, digest} from kernel
cmdline to assure the integrity of all vbmeta structs. This CL Allows
fs_mgr to get those parameters from device tree because they're only
consumed by userland instead of kernel.

  https://android.googlesource.com/platform/external/avb/+/master#The-VBMeta-Digest

Bootloader could construct a device tree overlay at run time then merge
it into main device tree. e.g.,

    firmware {
        android {
            vbmeta.size = "5245";
            vbmeta.hash_alg = "sha256";
            vbmeta.digest = "0c51233ca3ecaa...63c6d912e79b709";
        };
    };

Bug: 80168311
Test: boot a device using AVB

Change-Id: I6cf151713af04e6cf554d593e9f0b43e9e214d8c
parent 158dd05b

fs_mgr/fs_mgr_avb.cpp

+3 −3
Original line number Diff line number Diff line
@@ -146,7 +146,7 @@ std::unique_ptr<FsManagerAvbVerifier> FsManagerAvbVerifier::Create() { 
    }



    std::string value;

    if (!fs_mgr_get_boot_config_from_kernel_cmdline("vbmeta.size", &value) ||

    if (!fs_mgr_get_boot_config("vbmeta.size", &value) ||

        !android::base::ParseUint(value.c_str(), &avb_verifier->vbmeta_size_)) {

        LERROR << "Invalid hash size: " << value.c_str();

        return nullptr;
@@ -155,7 +155,7 @@ std::unique_ptr<FsManagerAvbVerifier> FsManagerAvbVerifier::Create() { 
    // Reads hash algorithm.

    size_t expected_digest_size = 0;

    std::string hash_alg;

    fs_mgr_get_boot_config_from_kernel_cmdline("vbmeta.hash_alg", &hash_alg);

    fs_mgr_get_boot_config("vbmeta.hash_alg", &hash_alg);

    if (hash_alg == "sha256") {

        expected_digest_size = SHA256_DIGEST_LENGTH * 2;

        avb_verifier->hash_alg_ = kSHA256;
@@ -169,7 +169,7 @@ std::unique_ptr<FsManagerAvbVerifier> FsManagerAvbVerifier::Create() { 


    // Reads digest.

    std::string digest;

    fs_mgr_get_boot_config_from_kernel_cmdline("vbmeta.digest", &digest);

    fs_mgr_get_boot_config("vbmeta.digest", &digest);

    if (digest.size() != expected_digest_size) {

        LERROR << "Unexpected digest size: " << digest.size()

               << " (expected: " << expected_digest_size << ")";