| /* |
| * Copyright (c) 2019 The Fuchsia Authors |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| |
| #ifndef _ZIRCON_UBOOT_VBOOT_H_ |
| #define _ZIRCON_UBOOT_VBOOT_H_ |
| |
| #include <libavb_atx/libavb_atx.h> |
| #include <zircon/boot/image.h> |
| |
| /** |
| * zircon_vboot_slot_verify() - Verifies a preloaded kernel if the device is locked. |
| * If unlocked, this returns 0. |
| * |
| * @loadaddr: The address of the preloaded kernel. |
| * @img_size: The size in bytes of the preloaded kernel. |
| * @ab_suffix: The slot suffix of the loaded kernel (eg. "_a", "_r", etc.) |
| * @has_successfully_booted: True if this image has successfully booted in the past |
| * The rollback indices are only updated if this is true. |
| * @zbi: The primary zbi header. This is used to add zbi items contained in the |
| * vbmeta to the loaded zbi if verification succeeds, regardless of unlock state. |
| * Normally, this will be the same addr as |loadaddr|, but may differ if |
| * the image contains a device specific header before the zbi. |
| * If set to NULL, zbi items from the vbmeta are not added. |
| * @capacity: The max size the given ZBI container can grow to. |
| * |
| * Returns: 0 on successful verification / device unlocked, -1 otherwise. |
| */ |
| int zircon_vboot_slot_verify(unsigned char *loadaddr, uint64_t img_size, |
| const char *ab_suffix, |
| bool has_successfully_booted, zbi_header_t *zbi, |
| size_t capacity); |
| |
| /** |
| * zircon_vboot_preloaded_img_verify() - Verifies a preloaded kernel + vbmeta. |
| * If unlocked, this returns 0. This also extracts zbi items from the vbmeta |
| * and appends them to the zbi. |
| * |
| * @zbi: The primary zbi header, which should be identical to the preloaded |
| * kernel address. This function does not support the Amlogic signing |
| * header. zbi items contained in the vbmeta will be appended to this |
| * image, regardless of the zbi header type. |
| * @zbi_size: The size in bytes of the preloaded kernel. |
| * @capacity: The max size the given ZBI container can grow to. |
| * @vbmeta: The address of the preloaded vbmeta. |
| * @vbmeta_size: The size in bytes of the preloaded vbmeta. |
| * |
| * Returns: 0 on successful verification / device unlocked, non-zero value otherwise. |
| */ |
| int zircon_vboot_preloaded_img_verify(zbi_header_t *zbi, size_t zbi_size, |
| size_t capacity, unsigned char *vbmeta, |
| size_t vbmeta_size); |
| |
| /** |
| * zircon_vboot_generate_unlock_challenge() - Generates an unlock challenge. |
| * |
| * @out_unlock_challenge: The output unlock challenge. |
| * |
| * Returns: 0 on success, -1 otherwise. |
| */ |
| int zircon_vboot_generate_unlock_challenge( |
| AvbAtxUnlockChallenge *out_unlock_challenge); |
| |
| /** |
| * zircon_vboot_validate_unlock_credential() - Validates an unlock credential. |
| * |
| * @unlock_credential: The credential to validate. |
| * @out_is_trusted: Set to true if the credential is trusted, false otherwise. |
| * |
| * Returns: 0 on success, -1 otherwise. |
| */ |
| int zircon_vboot_validate_unlock_credential( |
| AvbAtxUnlockCredential *unlock_credential, bool *out_is_trusted); |
| |
| /** |
| * zircon_vboot_is_unlocked() - Get the current lock/unlock state. |
| * |
| * @unlocked: True if the device is unlocked |
| * |
| * Returns: 0 on success, -1 otherwise. |
| */ |
| int zircon_vboot_is_unlocked(bool *unlocked); |
| |
| #endif // _ZIRCON_UBOOT_VBOOT_H_ |