blob: bd3798357fd3e5c9b53b671234736bb14b664052 [file] [log] [blame]
/*
* Copyright (c) 2019 The Fuchsia Authors
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef _ZIRCON_VBOOT_H_
#define _ZIRCON_VBOOT_H_
#include <abr/abr.h>
#include <libavb/libavb.h>
#include <libavb_atx/libavb_atx.h>
typedef enum {
AVB_ATX_LOCKED,
AVB_ATX_UNLOCKED,
} AvbAtxLockState;
typedef enum {
AVB_ATX_SLOT_MARKED_SUCCESSFUL,
AVB_ATX_SLOT_NOT_MARKED_SUCCESSFUL,
} AvbAtxSlotState;
/* Add extra zbi items from vbmeta into |zbi| container */
int zircon_vboot_add_extra_zbi_items(zbi_header_t *zbi, size_t capacity);
/**
* Loads zircon image using A/B/R scheme.
*
* @loadaddr: address at which to load the Zircon image.
* @loadsize: size of the load buffer.
* @force_recovery: trigger a force boot into recovery (R slot).
*
* Return: 0 if successful, negative value on failure.
*/
int zircon_vboot_img_load(unsigned char *loadaddr, size_t loadsize,
bool force_recovery);
/* Performs a full load + verification of the indicated slot.
*
* @loadaddr: address at which to load the Zircon image.
* @loadsize: size of the load buffer.
* @requested_partitions: partitions to verify.
* @ab_suffix: slot suffix to load and verify.
* @lock_state: if AVB_ATX_UNLOCKED, verification errors will be allowed (see
* AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR for details).
* @slot_state: if AVB_ATX_SLOT_MARKED_SUCCESSFUL, minimum rollback index values
* will be bumped to match the values in the verified slot (on
* success).
* @verify_data: see |out_data| for avb_slot_verify().
*/
AvbSlotVerifyResult
zircon_vboot_slot_verify(unsigned char *loadaddr, size_t loadsize,
const char *const *requested_partitions,
const char *ab_suffix, AvbAtxLockState lock_state,
AvbAtxSlotState slot_state,
AvbSlotVerifyData **verify_data);
/* Get current slot to boot */
const char *zircon_vboot_get_current_slot(void);
/* Get slot info for |slot_number| slot.
*
* Returns > 0 if an error occured.
*/
int zircon_vboot_get_slot_info(int slot_number, AbrSlotInfo *info);
/* Set slot active */
int zircon_vboot_set_slot_active(int slot_number);
/* Generate unlock challenge */
int zircon_vboot_generate_unlock_challenge(AvbAtxUnlockChallenge *out);
/* Validate unlock credential */
int zircon_vboot_validate_unlock_credential(AvbAtxUnlockCredential *in,
bool *out_is_trusted);
/* True if ZVB is enabled */
bool zircon_is_vboot_enabled(void);
/* Fills |hash| with the permanent attributes SHA256 hash. */
AvbIOResult
avb_read_permanent_attributes_hash(AvbAtxOps *atx_ops,
uint8_t hash[AVB_SHA256_DIGEST_SIZE]);
#if defined(CONFIG_ZIRCON_VBOOT_UNLOCK)
/* True if ZVB unlock feature is enabled */
bool zircon_is_vboot_unlock_enabled(void);
/* Permanently disable ZVB unlock feature */
int zircon_vboot_disable_vboot_unlock(void);
/* set ZVB unlock state */
int zircon_vboot_set_unlock(bool unlock);
#endif /* CONFIG_ZIRCON_VBOOT_UNLOCK */
#endif // _ZIRCON_VBOOT_H_