Age | Commit message (Collapse) | Author |
|
Implement `cert_validate_unlock_credential()`.
Bug: b/320543206
Test: atest libavb_rs_test libavb_rs_uuid_test libavb_rs_unittest libavb_rs_uuid_unittest
Change-Id: If2e44d40f88081f43bf97b799c25b32ebf77230a
|
|
Implement `cert_generate_unlock_challenge()`.
Bug: b/320543206
Test: atest libavb_rs_test libavb_rs_uuid_test libavb_rs_unittest libavb_rs_uuid_unittest
Change-Id: I0ad0302cd230f9d19b60cb3c8ff693d933db9633
|
|
Implements the callbacks and API required for key validation and
testing.
Authenticated unlock APIs are still unimplemented for the time being.
Bug: b/320543206
Test: atest libavb_rs_test libavb_rs_uuid_test libavb_rs_unittest libavb_rs_uuid_unittest
Change-Id: Id9b999706de476f0da75885af239decd59381a95
|
|
Refactor test utilities and data so that common code can be shared for
the upcoming cert tests.
Bug: b/320543206
Test: atest libavb_rs_test libavb_rs_uuid_test libavb_rs_unittest libavb_rs_uuid_unittest
Change-Id: I2fb0710bad8c2de84608c23a9092a6fc85544294
|
|
CertOps is now a separate trait rather than a supertrait of Ops, which
is a little simpler and allows more usage flexibility at the cost of
runtime checking for cert support rather than compile-time.
Additionally, cleans up the internal bookkeeping mechanisms to simplify
`ScopedAvbOps` and `UserData` into a single `OpsBridge` struct.
Bug: b/320543206
Test: atest libavb_rs_test libavb_rs_uuid_test libavb_rs_unittest libavb_rs_uuid_unittest
Change-Id: I2f4ba35f55a8610929dcb57d96dcd133b06a7aea
|
|
It looks like the tests have been stable long enough, switch to
presubmit to catch any breakages ahead of time.
Bug: b/334175579
Test: m
Change-Id: I4c418ec6b77b0560a60c0ff2c3bc71444699d47f
|
|
Refactors the certificate usage strings:
* pulls them into constants
* adds a bit of documentation
* adds a `--usage_for_unlock` arg to `avbtool make_certificate`
The intent here is to avoid users having to deal with the usage strings
directly, and to provide some context for why they contain the
substrings "android.things" even though they aren't specific to the
Android Things project.
In addition, the usage hash values are now pre-calculated in the
libavb_cert implementation. This isn't directly related to the
"android.things" string, but seems worth doing while we're here:
* reduces .a artifact sizes by 1-2KiB
* should reduce runtime stack usage by 32 bytes for the cert APIs
Bug: b/333078493
Test: atest libavb_host_unittest
Change-Id: I041b7f1b45e14657da1c3897085bdcc249498f52
|
|
Exposes a few more test files to be used by the libavb_rs Rust library.
Bug: b/320543206
Test: build
Change-Id: I20c62bedc009d3266231d9bde321ce99c106fdd2
|
|
ATX (Android Things eXtensions) is a misleading name because it is still
useful outside the deprecated Android Things project. It isn't tied to
anything AT-specific but is instead a general certificate-based
authorization mechanism that could be valuable to many AVB users.
To better represent this, rename "ATX" to "cert" to better describe its
purpose and functionality.
No functional changes have been made here, it's purely renaming and
reformatting.
Bug: b/333078493
Test: atest libavb_host_unittest (-2 pre-existing veritysetup errors)
Test: atest libavb_rs_test
Test: Fuchsia cert tests pass with new avbtool on old libavb firmware
Change-Id: I5d2f981a894db92dbd268cb0fcb53c21edf4e986
|
|
The Rust libavb is adding support for ATX, and it will be useful to test
with these existing ATX keys.
Bug: b/320543206
Test: mm
Change-Id: Iaffc7796270dc18d3bcddf9ddd8ed5ce98327cee
|
|
|
|
Adds libavb_atx and libavb_baremetal_atx which include the ATX source
files.
Bug: b/320543206
Test: mm
Change-Id: I8de572289a88209b67fddb243cee61306896a6df
|
|
Adds ATX documentation and defines the top-level API and callback
trait to implement.
Not yet functional, this is just the definition.
Bug: b/320543206
Test: atest libavb_rs_test libavb_rs_uuid_test libavb_rs_unittest libavb_rs_uuid_unittest
Change-Id: Ib7554b2c3638204f4b9cc566d1ff2706198096c2
|
|
Previously we required that the Ops object and the preloaded partition
data it wrapped had the same lifetime. This created a bit of awkwardness
because the preloaded data gets passed into the verification result,
which means the verification result also carried an (unnecessary) borrow
of the entire Ops object.
This CL splits the preloaded data into its own lifetime. This allows the
verification result to not care about the Ops object, and only borrow
the preloaded data, giving the caller much more flexibility.
Bug: b/330335215
Test: atest libavb_rs_test libavb_rs_uuid_test libavb_rs_unittest libavb_rs_uuid_unittest
Test: `mm` with the compile-fail test included fails to build as expected
Change-Id: If5a1f3f0ca7235532b511143e39abf4b551fc0f9
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2960022
Change-Id: Ie80e5048bfdba290028565ff866ac5a72d18272a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
The `add_hash_footer` command normally adds the hash descriptor into the
image directly, except when the `--do_not_append_vbmeta_image` flag is
given. In this case we don't touch the input image so can open it
read-only.
An example use case is:
1. Android source tree is checked out read-only (e.g. infra bots)
2. Some test image is checked into the tree as a binary
3. We want to call `add_hash_footer` on test image as a build rule
In this case, `avbtool` will fail during build if it attempts to open
the read-only test image as writable, so must open it read-only.
Bug: b/324451620
Test: atest libavb_host_unittest
Change-Id: I438030fed51244769100f305fcec7116fc679f4f
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2927530
Change-Id: I058e6616e2e89c98462b0e33017080054e7f1ca6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Test: atest
Bug: 318750335
Change-Id: Ib92e8dd6cfcabc7f10f613d62b22f56286479497
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2912603
Change-Id: I36fd7643758c666daec68b65e32e253758330217
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Adds the ChainPartitionDescriptor struct which provides a safe API to
access chain partition descriptors.
Bug: b/290110273
Test: atest libavb_rs_test libavb_rs_uuid_test libavb_rs_unittest libavb_rs_uuid_unittest
Change-Id: I1fb08e71515a97192a1c0246b90e94b62d3e65af
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2912602
Change-Id: Ic07f1f2ccaaeab654fbf40375e7c492ea07eaa99
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2912222
Change-Id: I38f2ee2d4b268820811f5dc9493aaaab007b21ee
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Adds the KernelCommandlineDescriptor struct which provides a safe API
to access kernel commandline descriptors.
Bug: b/290110273
Test: atest libavb_rs_test libavb_rs_uuid_test libavb_rs_unittest libavb_rs_uuid_unittest
Change-Id: I92095a17033a5018121030b5ba2de3cd7cb792c0
|
|
Adds the HashtreeDescriptor struct which provides a safe API to access
hash tree descriptors.
Bug: b/290110273
Test: atest libavb_rs_test libavb_rs_uuid_test libavb_rs_unittest libavb_rs_uuid_unittest
Change-Id: Ia1634feca54c566f6d5aa203ef3696b6318b413e
|
|
ed3b0fb71e
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2908979
Change-Id: I4779c55677a585a7246cd38e0fb7b32f05be853b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2908979
Change-Id: Ifc2e91cdc250faa3ed89e10fb10a638b0100b082
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2908979
Change-Id: Ifc295082debc7b9481c4e518594454851e771b6e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Adds the PropertyDescriptor struct which provides a safe API to access
property descriptors.
Bug: b/290110273
Test: atest libavb_rs_test libavb_rs_uuid_test libavb_rs_unittest libavb_rs_uuid_unittest
Change-Id: I45ae9f1c2a79a509ab15b6f6551322c91bb2716c
|
|
b39f815a90
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2857728
Change-Id: I5964eccb146156201b485af0029e5a743b6b6dd7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2857728
Change-Id: Ibdc346c62a341c0721dca7251eae74e305be093f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2857728
Change-Id: Iaeef32277ae245ae996d773d69f5e55b03ab17f7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Adds the HashDescriptor struct which provides a safe API to access hash
descriptors.
Bug: b/290110273
Test: atest
Change-Id: Ie920b9d5358c45b7f6fdb3c5793826014f4084b8
|
|
82fbb05de3 am: 452642a245
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2857727
Change-Id: Iac72c1c99eee369cc809c96685fe05f62d9a747d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
82fbb05de3
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2857727
Change-Id: I90ac61d79bd2f4ac73c1d3019c3960557ed4a305
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2857727
Change-Id: I94d18b00513c61c3421091099a8da802907d7df2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
Adds support for extractubg the descriptors contained in a vbmeta
image. The descriptor data isn't usable yet, will come in a follow-up
CL.
Bug: b/290110273
Test: atest
Change-Id: I5e5dada9412b0784374da83d54e60b2a592c1ff6
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2853571
Change-Id: I5a9767b5f96035dfca531f1355a866fa899f8750
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2853571
Change-Id: I3e683e9d728ace18b80d1464b29d7b0dd953e500
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2853571
Change-Id: I94db359b51c2f42554c657d7e7a3d94bf5137567
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2853571
Change-Id: I11bc3e9ea9af104d28b446b937c5b2fdd7a5c2a6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2853571
Change-Id: I91a5098004979be61a50054b7efa1ef9e6e493dd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2853571
Change-Id: I794b7322045a2d8e087b9b1b5dbd3f64aa96a0ba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Looks like the standard Android lints are not enabled in external/ by
default; explicitly turn them on and fix resulting lint errors.
Also deletes a few public APIs which are no longer needed outside this
library.
Bug: b/290110273
Test: `mm` and `atest`
Change-Id: I2abfddf8c398812cd3a547d1b1a67b46aead0945
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2851526
Change-Id: I5e3f96e655cc1eece3145f49180cb3d7fef01ab7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2851526
Change-Id: If1d2f5001a9908c0d119fe933373644e0ee13634
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2851526
Change-Id: Ib07d4bb89ae515a3f2c41c1d5562ccef856d07c0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2851526
Change-Id: Ifece79505db8c971f263e33c978e32c58a15fb4e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2851526
Change-Id: Iefb524860ebf5c55bea9be00ca0ea7858eb07061
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/avb/+/2851526
Change-Id: I318abb4c0b02cb969d5a4cbb425a2330be137618
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|