| /* |
| * Copyright (c) 2019 The Fuchsia Authors |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| |
| #include <common.h> |
| #include <libavb/libavb.h> |
| #include <libavb_atx/libavb_atx.h> |
| #include <tee/ta_vx_helper.h> |
| #include <u-boot/sha256.h> |
| |
| #ifdef DEV_BUILD_CONFIG |
| #include "avb_dev_attrs/atx_permanent_attrs.h" |
| #elif defined(DOGFOOD_BUILD_CONFIG) |
| #include "avb_dogfood_attrs/atx_permanent_attrs.h" |
| #elif defined(PROD_BUILD_CONFIG) |
| #include "avb_prod_attrs/atx_permanent_attrs.h" |
| #else |
| #error "Unknown build config" |
| #endif |
| |
| _Static_assert(sizeof(avb_atx_permanent_attributes_hash) == |
| AVB_SHA256_DIGEST_SIZE, |
| "AVB digest size mismatch"); |
| |
| AvbIOResult avb_read_permanent_attributes(AvbAtxOps *atx_ops, |
| AvbAtxPermanentAttributes *attributes) |
| { |
| size_t bytes_read = 0; |
| int ret = ta_vx_read_perm_attr(attributes, sizeof(*attributes), |
| &bytes_read); |
| if (ret != 0) { |
| printf("Failed to read perm attrs from VX TA (error 0x%X)\n", |
| ret); |
| return AVB_IO_RESULT_ERROR_IO; |
| } |
| if (bytes_read != sizeof(*attributes)) { |
| printf("VX TA perm attr size error (expected %zu, got %zu)\n", |
| sizeof(*attributes), bytes_read); |
| return AVB_IO_RESULT_ERROR_INVALID_VALUE_SIZE; |
| } |
| return AVB_IO_RESULT_OK; |
| } |
| |
| AvbIOResult |
| avb_read_permanent_attributes_hash(AvbAtxOps *atx_ops, |
| uint8_t hash[AVB_SHA256_DIGEST_SIZE]) |
| { |
| /* Even though the VX TA could provide the permanent attribute hash as |
| * well, keeping it here has two purposes: |
| * 1. Ensures matching VX/u-boot builds; libavb will refuse to validate |
| * if the hash doesn't match the attributes. |
| * 2. We use the presence of the hash bytestring in a u-boot image to |
| * determine what variant that image is, which is necessary to |
| * validate that we're signing the right one. */ |
| memcpy(hash, avb_atx_permanent_attributes_hash, AVB_SHA256_DIGEST_SIZE); |
| return AVB_IO_RESULT_OK; |
| } |