| // Copyright 2019 Google LLC |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| syntax = "proto3"; |
| |
| package aftl; |
| option go_package = "proto"; |
| |
| import "aftl.proto"; |
| |
| message AddFirmwareInfoRequest { |
| // VBMeta structure as described in |
| // https://android.googlesource.com/platform/external/avb/+/master/README.md. |
| // In case of chained partitions, each VBMeta is added via a separate call. |
| // The default size for gRPC payload is about 4MB. We expect vbmeta to be |
| // in the order of 1kB. |
| bytes vbmeta = 1; |
| |
| SignedFirmwareInfo fw_info = 2; |
| } |
| |
| message AddFirmwareInfoResponse { |
| // Inclusion proof and the leaf that was added to the log, which contains |
| // information on the firmware. |
| // It is required to have the complete leaf to validate the inclusion proof. |
| // For on-device verification, only these first 2 fields are required to |
| // validate the inclusion. |
| InclusionProof fw_info_proof = 1; |
| bytes fw_info_leaf = 2; |
| |
| // Inclusion proof and leaf that was added to the log, which contains the full |
| // vbmeta partition. |
| // These fields are NOT required for validation but can still be recorded by a |
| // vendor to prove that the complete VBMeta was submitted. |
| InclusionProof vbmeta_proof = 3; |
| bytes vbmeta_leaf = 4; |
| } |
| |
| message AddFirmwareImageRequest { |
| |
| SignedFirmwareImageInfo fw_image_info = 1; |
| |
| // Bytes of the binary images. These are not signed as their final |
| // hash value is already signed in fw_image_info.hash |
| // This is ignored if any of the requests origin_url is set. |
| bytes image_chunk = 2; |
| |
| // Origin location of image. It is used to get a copy of the binary image |
| // from another server (e.g., Google Cloud Storage). |
| string origin_url = 3; |
| } |
| |
| message AddFirmwareImageResponse { |
| |
| // Inclusion proof and leaf for the firmware image. The leaf contains the URL |
| // where the image was stored. |
| // It is not required for vendors to keep this information. However, this can |
| // be used for their records to ensure the correctness of the log. |
| InclusionProof fw_image_info_proof = 1; |
| Leaf fw_image_info_leaf = 2; |
| } |
| |
| service AFTLog { |
| |
| // Insert a new VBMeta structure into the log. |
| // This request will effectively create 2 log entries: |
| // - VBMeta itself |
| // - Vendor annotations, including a reference to the VBMeta leaf. |
| rpc AddFirmwareInfo(AddFirmwareInfoRequest) returns (AddFirmwareInfoResponse) {} |
| |
| // Upload (or copy) the complete firmware image. |
| rpc AddFirmwareImage(stream AddFirmwareImageRequest) returns (AddFirmwareImageResponse) {} |
| |
| // TODO GetProofByHash, GetSthConsistency, GetEntries, GetRootKeys |
| } |
| |