blob: 7941c705ea5ce2cc14f18f64407656fd1c098d14 [file] [log] [blame]
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#pragma once
#include <ostream>
#include <string>
#include <vector>
#include <fstab/fstab.h>
#include <libavb/libavb.h>
#include <libdm/dm.h>
#include "fs_avb/types.h"
namespace android {
namespace fs_mgr {
struct ChainInfo {
std::string partition_name;
std::string public_key_blob;
ChainInfo(const std::string& chain_partition_name, const std::string& chain_public_key_blob)
: partition_name(chain_partition_name), public_key_blob(chain_public_key_blob) {}
};
// AvbHashtreeDescriptor to dm-verity table setup.
std::unique_ptr<FsAvbHashtreeDescriptor> GetHashtreeDescriptor(
const std::string& partition_name, const std::vector<VBMetaData>& vbmeta_images);
bool ConstructVerityTable(const FsAvbHashtreeDescriptor& hashtree_desc,
const std::string& blk_device, android::dm::DmTable* table);
bool HashtreeDmVeritySetup(FstabEntry* fstab_entry, const FsAvbHashtreeDescriptor& hashtree_desc,
bool wait_for_verity_dev);
// Searches a Avb hashtree descriptor in vbmeta_images for fstab_entry, to enable dm-verity.
bool LoadAvbHashtreeToEnableVerity(FstabEntry* fstab_entry, bool wait_for_verity_dev,
const std::vector<VBMetaData>& vbmeta_images,
const std::string& ab_suffix, const std::string& ab_other_suffix);
// Converts AVB partition name to a device partition name.
std::string AvbPartitionToDevicePatition(const std::string& avb_partition_name,
const std::string& ab_suffix,
const std::string& ab_other_suffix);
// Converts by-name symlink to AVB partition name.
std::string DeriveAvbPartitionName(const FstabEntry& fstab_entry, const std::string& ab_suffix,
const std::string& ab_other_suffix);
// AvbFooter and AvbMetaImage maninpulations.
off64_t GetTotalSize(int fd);
std::unique_ptr<AvbFooter> GetAvbFooter(int fd);
std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partition_name,
const std::string& expected_public_key_blob,
std::string* out_public_key_data,
VBMetaVerifyResult* out_verify_result);
VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta,
const std::string& expected_public_key_blob,
std::string* out_public_key_data);
bool ValidatePublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob);
bool ValidatePublicKeyBlob(const std::string& key_blob_to_validate,
const std::vector<std::string>& expected_key_paths);
// Detects if whether a partition contains a rollback image.
bool RollbackDetected(const std::string& partition_name, uint64_t rollback_index);
// Extracts chain partition info.
std::vector<ChainInfo> GetChainPartitionInfo(const VBMetaData& vbmeta, bool* fatal_error);
// Loads the single vbmeta from a given path.
std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath(
const std::string& image_path, const std::string& partition_name,
const std::string& expected_public_key_blob, bool allow_verification_error,
bool rollback_protection, bool is_chained_vbmeta, std::string* out_public_key_data,
bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result);
// Loads the top-level vbmeta and all its chained vbmeta images.
// The actual device path is constructed at runtime by:
// partition_name, ab_suffix, ab_other_suffix, and device_path_constructor.
VBMetaVerifyResult LoadAndVerifyVbmetaByPartition(
const std::string& partition_name, const std::string& ab_suffix,
const std::string& ab_other_suffix, const std::string& expected_public_key_blob,
bool allow_verification_error, bool load_chained_vbmeta, bool rollback_protection,
std::function<std::string(const std::string&)> device_path_constructor, bool is_chained_vbmeta,
std::vector<VBMetaData>* out_vbmeta_images);
} // namespace fs_mgr
} // namespace android