8681a33e249cb68c5159ebccb50b55c56867fcdf |
|
23-Nov-2016 |
David Zeuthen <zeuthen@google.com> |
libavb: Pass all vbmeta images in AvbSlotVerifyData, not just 'vbmeta'. Right now AvbSlotVerifyData only exposes the vbmeta struct from the 'vbmeta' partition and not from any chained partition. This is problematic as applications (bootloader, fs_mgr, etc.) may need to access descriptors no matter where they are stored. Of course such applications could just reimplement avb_slot_verify() themselves but this is error-prone and unnecessary. Instead, just make avb_slot_verify() export what is needed. Additionally, make androidboot.vbmeta.{hash_alg, size, digest} be a digest of all these images, not just the root. Before this change, user-space actually had no way to properly verify vbmeta images in non-vbmeta partitions because it lacks access to stored_rollback_indexes[] for comparison. Now, however, user-space can use avb_slot_verify() for verification with an AvbOps struct where validate_vbmeta_public_key() and read_rollback_index() will pass any image. After this, all that is needed is comparing androidboot.vbmeta.{hash_alg, size, digest} against the value computed over vbmeta_images[] in AvbSlotVerifyData. Additionally, all descriptors from all vbmeta images are now easily available which is a feature which is needed in fs_mgr to set up non-rootfs dm-verity partitions. Bug: 31264231 Test: New unit tests + unit tests pass. Test: Manually tested on UEFI based bootloader. Change-Id: I8df1de246dba0b41cb3c9a7bfc93587bb55a666c
/external/avb/test/avb_unittest_util.cc
|