configs: meson64_android: implement AVB support
authorMattijs Korpershoek <mkorpershoek@baylibre.com>
Thu, 5 Aug 2021 15:17:22 +0000 (17:17 +0200)
committerNeil Armstrong <narmstrong@baylibre.com>
Tue, 10 Aug 2021 08:43:54 +0000 (10:43 +0200)
AVB (Android Verified Boot) is well supported in U-Boot already.
Add support for it in meson64_android.

This is controlled by the "force_avb" environment variable and the
CONFIG_CMD_AVB option.

Signed-off-by: Guillaume La Roque <glaroque@baylibre.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
include/configs/meson64_android.h

index bc3ffb9ca5d122b10894fd47000b483394c63d86..48a23b6e41c42ef81ede83c0c917a119252bf78d 100644 (file)
 
 #ifndef RECOVERY_PARTITION
 #define RECOVERY_PARTITION "recovery"
+
+#if defined(CONFIG_CMD_AVB)
+#define AVB_VERIFY_CHECK \
+       "if test \"${force_avb}\" -eq 1; then " \
+               "if run avb_verify; then " \
+                       "echo AVB verification OK.;" \
+                       "setenv bootargs \"$bootargs $avb_bootargs\";" \
+               "else " \
+                       "echo AVB verification failed.;" \
+               "exit; fi;" \
+       "else " \
+               "setenv bootargs \"$bootargs androidboot.verifiedbootstate=orange\";" \
+               "echo Running without AVB...; "\
+       "fi;"
+
+#define AVB_VERIFY_CMD "avb_verify=avb init ${mmcdev}; avb verify;\0"
+#else
+#define AVB_VERIFY_CHECK ""
+#define AVB_VERIFY_CMD ""
 #endif
 
 #define BOOTENV_DEV_FASTBOOT(devtypeu, devtypel, instance) \
                        "echo Running Recovery...;" \
                        "mmc dev ${mmcdev};" \
                        "setenv bootargs \"${bootargs} androidboot.serialno=${serial#}\";" \
+                       AVB_VERIFY_CHECK \
                        "part start mmc ${mmcdev} " RECOVERY_PARTITION " boot_start;" \
                        "part size mmc ${mmcdev} " RECOVERY_PARTITION " boot_size;" \
                        "if mmc read ${loadaddr} ${boot_start} ${boot_size}; then " \
                "echo Loading Android " BOOT_PARTITION " partition...;" \
                "mmc dev ${mmcdev};" \
                "setenv bootargs ${bootargs} androidboot.serialno=${serial#};" \
+               AVB_VERIFY_CHECK \
                "part start mmc ${mmcdev} " BOOT_PARTITION " boot_start;" \
                "part size mmc ${mmcdev} " BOOT_PARTITION " boot_size;" \
                "if mmc read ${loadaddr} ${boot_start} ${boot_size}; then " \
 #define CONFIG_EXTRA_ENV_SETTINGS                                     \
        "partitions=" PARTS_DEFAULT "\0"                              \
        "mmcdev=2\0"                                                  \
+       AVB_VERIFY_CMD                                                \
+       "force_avb=0\0"                                               \
        "gpio_recovery=88\0"                                          \
        "check_button=gpio input ${gpio_recovery};test $? -eq 0;\0"   \
        "load_logo=" PREBOOT_LOAD_LOGO "\0"                           \