blob: 8133dab83a6a74b356484f67b9b990eb1fedffa5 [file] [log] [blame]
/* Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
* * Neither the name of The Linux Foundation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "VerifiedBoot.h"
#include "BootLinux.h"
#include "KeymasterClient.h"
#include "libavb/libavb.h"
#include <Library/MenuKeysDetection.h>
#include <Library/VerifiedBootMenu.h>
STATIC CONST CHAR8 *VerityMode = " androidboot.veritymode=";
STATIC CONST CHAR8 *VerifiedState = " androidboot.verifiedbootstate=";
STATIC CONST CHAR8 *KeymasterLoadState = " androidboot.keymaster=1";
STATIC CONST CHAR8 *DmVerityCmd = " root=/dev/dm-0 dm=\"system none ro,0 1 "
"android-verity";
STATIC CONST CHAR8 *Space = " ";
STATIC struct verified_boot_verity_mode VbVm[] = {
{FALSE, "logging"},
{TRUE, "enforcing"},
};
STATIC struct verified_boot_state_name VbSn[] = {
{GREEN, "green"},
{ORANGE, "orange"},
{YELLOW, "yellow"},
{RED, "red"},
};
struct boolean_string {
BOOLEAN value;
CHAR8 *name;
};
STATIC struct boolean_string BooleanString[] = {
{FALSE, "false"},
{TRUE, "true"}
};
typedef struct {
AvbOps *Ops;
AvbSlotVerifyData *SlotData;
} VB2Data;
UINT32
GetAVBVersion ()
{
#if VERIFIED_BOOT_2
return 2;
#elif VERIFIED_BOOT
return 1;
#else
return 0;
#endif
}
BOOLEAN
VerifiedBootEnbled ()
{
return (GetAVBVersion () > NO_AVB);
}
STATIC EFI_STATUS
AppendVBCmdLine (BootInfo *Info, CONST CHAR8 *Src)
{
EFI_STATUS Status = EFI_SUCCESS;
INT32 SrcLen = AsciiStrLen (Src);
CHAR8 *Dst = Info->VBCmdLine + Info->VBCmdLineFilledLen;
INT32 DstLen = Info->VBCmdLineLen - Info->VBCmdLineFilledLen;
GUARD (AsciiStrnCatS (Dst, DstLen, Src, SrcLen));
Info->VBCmdLineFilledLen += SrcLen;
return EFI_SUCCESS;
}
STATIC EFI_STATUS
AppendVBCommonCmdLine (BootInfo *Info)
{
EFI_STATUS Status = EFI_SUCCESS;
if (Info->VbIntf->Revision >= QCOM_VERIFIEDBOOT_PROTOCOL_REVISION) {
GUARD (AppendVBCmdLine (Info, VerifiedState));
GUARD (AppendVBCmdLine (Info, VbSn[Info->BootState].name));
}
GUARD (AppendVBCmdLine (Info, KeymasterLoadState));
GUARD (AppendVBCmdLine (Info, Space));
return EFI_SUCCESS;
}
STATIC EFI_STATUS
NoAVBLoadDtboImage (BootInfo *Info, VOID **DtboImage,
UINT32 *DtboSize, CHAR16 *Pname)
{
EFI_STATUS Status = EFI_SUCCESS;
Slot CurrentSlot;
*DtboSize = (UINT32) DTBO_MAX_SIZE_ALLOWED;
*DtboImage = AllocatePool (DTBO_MAX_SIZE_ALLOWED);
GUARD ( StrnCpyS (Pname,
(UINTN)MAX_GPT_NAME_SIZE,
(CONST CHAR16 *)L"dtbo",
StrLen (L"dtbo")));
if (Info->MultiSlotBoot) {
CurrentSlot = GetCurrentSlotSuffix ();
GUARD ( StrnCatS (Pname, MAX_GPT_NAME_SIZE,
CurrentSlot.Suffix, StrLen (CurrentSlot.Suffix)));
}
Status = LoadImageFromPartition (*DtboImage, DtboSize, Pname);
return Status;
}
STATIC EFI_STATUS
VBCommonInit (BootInfo *Info)
{
EFI_STATUS Status = EFI_SUCCESS;
/* AVB 2.0 requires multi slot */
if (GetAVBVersion () >= AVB_2 && !Info->MultiSlotBoot) {
DEBUG ((EFI_D_ERROR, "AVB requires multislot support!\n"));
return EFI_LOAD_ERROR;
}
Info->BootState = RED;
Status = gBS->LocateProtocol (&gEfiQcomVerifiedBootProtocolGuid, NULL,
(VOID **)&(Info->VbIntf));
if (Status != EFI_SUCCESS) {
DEBUG ((EFI_D_ERROR, "Unable to locate VB protocol: %r\n", Status));
return Status;
}
return Status;
}
/*
* Ensure Info->Pname is already updated before this function is called.
* If Command line already has "root=", return TRUE, else FALSE.
*/
STATIC EFI_STATUS
VBAllocateCmdLine (BootInfo *Info)
{
EFI_STATUS Status = EFI_SUCCESS;
/* allocate VB command line*/
Info->VBCmdLine = AllocatePool (DTB_PAD_SIZE);
if (Info->VBCmdLine == NULL) {
DEBUG ((EFI_D_ERROR, "VB CmdLine allocation failed!\n"));
Status = EFI_OUT_OF_RESOURCES;
return Status;
}
Info->VBCmdLineLen = DTB_PAD_SIZE;
Info->VBCmdLineFilledLen = 0;
Info->VBCmdLine[Info->VBCmdLineFilledLen] = '\0';
return Status;
}
STATIC
BOOLEAN
IsRootCmdLineUpdated (BootInfo *Info)
{
CHAR8* ImageCmdLine = NULL;
ImageCmdLine =
(CHAR8*) & (((boot_img_hdr*) (Info->Images[0].ImageBuffer))->cmdline[0]);
ImageCmdLine[BOOT_ARGS_SIZE - 1] = '\0';
if (AsciiStrStr (ImageCmdLine, "root=")) {
return TRUE;
} else {
return FALSE;
}
}
STATIC EFI_STATUS
LoadImageNoAuth (BootInfo *Info)
{
EFI_STATUS Status = EFI_SUCCESS;
CHAR16 Pname[MAX_GPT_NAME_SIZE];
if (Info->Images[0].ImageBuffer != NULL && Info->Images[0].ImageSize > 0) {
/* fastboot boot option image already loaded */
return Status;
}
Status = LoadImage (Info->Pname, (VOID **)&(Info->Images[0].ImageBuffer),
(UINT32 *)&(Info->Images[0].ImageSize));
if (Status != EFI_SUCCESS) {
DEBUG ((EFI_D_ERROR, "ERROR: Failed to load image from partition: %r\n",
Status));
return EFI_LOAD_ERROR;
}
Info->NumLoadedImages = 1;
Info->Images[0].Name = AllocatePool (StrLen (Info->Pname) + 1);
UnicodeStrToAsciiStr (Info->Pname, Info->Images[0].Name);
/*load dt overlay when avb is disabled*/
Status = NoAVBLoadDtboImage (Info, (VOID **)&(Info->Images[1].ImageBuffer),
(UINT32 *)&(Info->Images[1].ImageSize), Pname);
if (Status == EFI_NO_MEDIA) {
DEBUG ((EFI_D_ERROR, "No dtbo partition is found, Skip dtbo\n"));
FreePool (Info->Images[1].ImageBuffer);
return EFI_SUCCESS;
}
else if (Status != EFI_SUCCESS) {
DEBUG ((EFI_D_ERROR,
"ERROR: Failed to load dtbo from partition: %r\n", Status));
FreePool (Info->Images[1].ImageBuffer);
return EFI_LOAD_ERROR;
}
Info-> NumLoadedImages = 2;
Info-> Images[1].Name = AllocatePool (StrLen (Pname) + 1);
UnicodeStrToAsciiStr (Pname, Info->Images[1].Name);
return Status;
}
STATIC EFI_STATUS
LoadImageNoAuthWrapper (BootInfo *Info)
{
EFI_STATUS Status = EFI_SUCCESS;
CHAR8 *SystemPath = NULL;
UINT32 SystemPathLen = 0;
GUARD (VBAllocateCmdLine (Info));
GUARD (LoadImageNoAuth (Info));
if (!IsRootCmdLineUpdated (Info)) {
SystemPathLen = GetSystemPath (&SystemPath);
if (SystemPathLen == 0 || SystemPath == NULL) {
DEBUG ((EFI_D_ERROR, "GetSystemPath failed!\n"));
return EFI_LOAD_ERROR;
}
GUARD (AppendVBCmdLine (Info, SystemPath));
}
return Status;
}
STATIC EFI_STATUS
LoadImageAndAuthVB1 (BootInfo *Info)
{
EFI_STATUS Status = EFI_SUCCESS;
CHAR8 StrPnameAscii[MAX_GPT_NAME_SIZE]; /* partition name starting with
/ and no suffix */
CHAR8 PnameAscii[MAX_GPT_NAME_SIZE];
CHAR8 *SystemPath = NULL;
UINT32 SystemPathLen = 0;
CHAR8 *Temp = NULL;
GUARD (VBCommonInit (Info));
GUARD (VBAllocateCmdLine (Info));
GUARD (LoadImageNoAuth (Info));
device_info_vb_t DevInfo_vb;
DevInfo_vb.is_unlocked = IsUnlocked ();
DevInfo_vb.is_unlock_critical = IsUnlockCritical ();
Status = Info->VbIntf->VBDeviceInit (Info->VbIntf,
(device_info_vb_t *)&DevInfo_vb);
if (Status != EFI_SUCCESS) {
DEBUG ((EFI_D_ERROR, "Error during VBDeviceInit: %r\n", Status));
return Status;
}
AsciiStrnCpyS (StrPnameAscii, ARRAY_SIZE (StrPnameAscii), "/",
AsciiStrLen ("/"));
UnicodeStrToAsciiStr (Info->Pname, PnameAscii);
if (Info->MultiSlotBoot) {
AsciiStrnCatS (StrPnameAscii, ARRAY_SIZE (StrPnameAscii), PnameAscii,
AsciiStrLen (PnameAscii) - (MAX_SLOT_SUFFIX_SZ - 1));
} else {
AsciiStrnCatS (StrPnameAscii, ARRAY_SIZE (StrPnameAscii), PnameAscii,
AsciiStrLen (PnameAscii));
}
Status =
Info->VbIntf->VBVerifyImage (Info->VbIntf, (UINT8 *)StrPnameAscii,
(UINT8 *)Info->Images[0].ImageBuffer,
Info->Images[0].ImageSize, &Info->BootState);
if (Status != EFI_SUCCESS || Info->BootState == BOOT_STATE_MAX) {
DEBUG ((EFI_D_ERROR, "VBVerifyImage failed with: %r\n", Status));
return Status;
}
Status = Info->VbIntf->VBSendRot (Info->VbIntf);
if (Status != EFI_SUCCESS) {
DEBUG ((EFI_D_ERROR, "Error sending Rot : %r\n", Status));
return Status;
}
if (!IsRootCmdLineUpdated (Info)) {
SystemPathLen = GetSystemPath (&SystemPath);
if (SystemPathLen == 0 || SystemPath == NULL) {
DEBUG ((EFI_D_ERROR, "GetSystemPath failed!\n"));
return EFI_LOAD_ERROR;
}
GUARD (AppendVBCmdLine (Info, DmVerityCmd));
/* Copy only the portion after "root=" in the SystemPath */
Temp = AsciiStrStr (SystemPath, "root=");
if (Temp) {
CopyMem (Temp, SystemPath + AsciiStrLen ("root=") + 1,
SystemPathLen - AsciiStrLen ("root=") - 1);
SystemPath[SystemPathLen - AsciiStrLen ("root=")] = '\0';
}
GUARD (AppendVBCmdLine (Info, SystemPath));
GUARD (AppendVBCmdLine (Info, "\""));
}
GUARD (AppendVBCommonCmdLine (Info));
GUARD (AppendVBCmdLine (Info, VerityMode));
GUARD (AppendVBCmdLine (Info, VbVm[IsEnforcing ()].name));
Info->VBData = NULL;
return Status;
}
STATIC BOOLEAN
ResultShouldContinue (AvbSlotVerifyResult Result)
{
switch (Result) {
case AVB_SLOT_VERIFY_RESULT_ERROR_OOM:
case AVB_SLOT_VERIFY_RESULT_ERROR_IO:
case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA:
case AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION:
case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT:
return FALSE;
case AVB_SLOT_VERIFY_RESULT_OK:
case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION:
case AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX:
case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED:
return TRUE;
}
return FALSE;
}
STATIC EFI_STATUS
LoadImageAndAuthVB2 (BootInfo *Info)
{
EFI_STATUS Status = EFI_SUCCESS;
AvbSlotVerifyResult Result;
AvbSlotVerifyData *SlotData = NULL;
VB2Data *VBData = NULL;
AvbOpsUserData *UserData = NULL;
AvbOps *Ops = NULL;
CHAR8 PnameAscii[MAX_GPT_NAME_SIZE] = {0};
CHAR8 *SlotSuffix = NULL;
BOOLEAN AllowVerificationError = IsUnlocked ();
CONST CHAR8 *RequestedPartitionAll[] = {"boot", "dtbo", NULL};
CONST CHAR8 *CONST *RequestedPartition = NULL;
UINTN NumRequestedPartition = 0;
UINT32 ImageHdrSize = 0;
UINT32 PageSize = 0;
UINT32 ImageSizeActual = 0;
VOID *ImageBuffer = NULL;
UINTN ImageSize = 0;
KMRotAndBootState Data = {0};
CONST boot_img_hdr *BootImgHdr = NULL;
AvbSlotVerifyFlags VerifyFlags =
AllowVerificationError ? AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR
: AVB_SLOT_VERIFY_FLAGS_NONE;
AvbHashtreeErrorMode VerityFlags =
AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE;
Info->BootState = RED;
GUARD (VBCommonInit (Info));
GUARD (VBAllocateCmdLine (Info));
UserData = avb_calloc (sizeof (AvbOpsUserData));
if (UserData == NULL) {
DEBUG ((EFI_D_ERROR, "ERROR: Failed to allocate AvbOpsUserData\n"));
Status = EFI_OUT_OF_RESOURCES;
goto out;
}
Ops = AvbOpsNew (UserData);
if (Ops == NULL) {
DEBUG ((EFI_D_ERROR, "ERROR: Failed to allocate AvbOps\n"));
Status = EFI_OUT_OF_RESOURCES;
goto out;
}
UnicodeStrToAsciiStr (Info->Pname, PnameAscii);
if ((MAX_SLOT_SUFFIX_SZ + 1) > AsciiStrLen (PnameAscii)) {
DEBUG ((EFI_D_ERROR, "ERROR: Can not determine slot suffix\n"));
Status = EFI_INVALID_PARAMETER;
goto out;
}
SlotSuffix = &PnameAscii[AsciiStrLen (PnameAscii) - MAX_SLOT_SUFFIX_SZ + 1];
DEBUG ((EFI_D_VERBOSE, "Slot: %a, allow verification error: %a\n", SlotSuffix,
BooleanString[AllowVerificationError].name));
RequestedPartition = RequestedPartitionAll;
NumRequestedPartition = ARRAY_SIZE (RequestedPartitionAll) - 1;
if (Info->NumLoadedImages) {
/* fastboot boot option, skip Index 0, as boot image already
* loaded */
RequestedPartition = &RequestedPartitionAll[1];
NumRequestedPartition--;
}
if (FixedPcdGetBool (AllowEio)) {
VerityFlags = IsEnforcing () ? AVB_HASHTREE_ERROR_MODE_RESTART
: AVB_HASHTREE_ERROR_MODE_EIO;
} else {
VerityFlags = AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE;
}
Result = avb_slot_verify (Ops, RequestedPartition, SlotSuffix, VerifyFlags,
VerityFlags, &SlotData);
if (AllowVerificationError && ResultShouldContinue (Result)) {
DEBUG ((EFI_D_ERROR, "State: Unlocked, AvbSlotVerify returned "
"%a, continue boot\n",
avb_slot_verify_result_to_string (Result)));
} else if (Result != AVB_SLOT_VERIFY_RESULT_OK) {
DEBUG ((EFI_D_ERROR, "ERROR: Device State %a, AvbSlotVerify returned %a\n",
AllowVerificationError ? "Unlocked" : "Locked",
avb_slot_verify_result_to_string (Result)));
Status = EFI_LOAD_ERROR;
Info->BootState = RED;
goto out;
}
for (UINTN ReqIndex = 0; ReqIndex < NumRequestedPartition; ReqIndex++) {
DEBUG ((EFI_D_VERBOSE, "Requested Partition: %a\n",
RequestedPartition[ReqIndex]));
for (UINTN LoadedIndex = 0; LoadedIndex < SlotData->num_loaded_partitions;
LoadedIndex++) {
DEBUG ((EFI_D_VERBOSE, "Loaded Partition: %a\n",
SlotData->loaded_partitions[LoadedIndex].partition_name));
if (!AsciiStrnCmp (
RequestedPartition[ReqIndex],
SlotData->loaded_partitions[LoadedIndex].partition_name,
AsciiStrLen (
SlotData->loaded_partitions[LoadedIndex].partition_name))) {
if (Info->NumLoadedImages >= ARRAY_SIZE (Info->Images)) {
DEBUG ((EFI_D_ERROR, "NumLoadedPartition"
"(%d) too large "
"max images(%d)\n",
Info->NumLoadedImages, ARRAY_SIZE (Info->Images)));
Status = EFI_LOAD_ERROR;
Info->BootState = RED;
goto out;
}
Info->Images[Info->NumLoadedImages].Name =
SlotData->loaded_partitions[LoadedIndex].partition_name;
Info->Images[Info->NumLoadedImages].ImageBuffer =
SlotData->loaded_partitions[LoadedIndex].data;
Info->Images[Info->NumLoadedImages].ImageSize =
SlotData->loaded_partitions[LoadedIndex].data_size;
Info->NumLoadedImages++;
break;
}
}
}
if (Info->NumLoadedImages < (ARRAY_SIZE (RequestedPartitionAll) - 1)) {
DEBUG ((EFI_D_ERROR, "ERROR: AvbSlotVerify slot data error: num of "
"loaded partitions %d, requested %d\n",
Info->NumLoadedImages, ARRAY_SIZE (RequestedPartitionAll) - 1));
Status = EFI_LOAD_ERROR;
goto out;
}
DEBUG ((EFI_D_VERBOSE, "Total loaded partition %d\n", Info->NumLoadedImages));
VBData = (VB2Data *)avb_calloc (sizeof (VB2Data));
if (VBData == NULL) {
DEBUG ((EFI_D_ERROR, "ERROR: Failed to allocate VB2Data\n"));
Status = EFI_OUT_OF_RESOURCES;
goto out;
}
VBData->Ops = Ops;
VBData->SlotData = SlotData;
Info->VBData = (VOID *)VBData;
GetPageSize (&ImageHdrSize);
GUARD_OUT (GetImage (Info, &ImageBuffer, &ImageSize, "boot"));
Status =
CheckImageHeader (ImageBuffer, ImageHdrSize, &ImageSizeActual, &PageSize);
if (Status != EFI_SUCCESS) {
DEBUG ((EFI_D_ERROR, "Invalid boot image header:%r\n", Status));
goto out;
}
if (ImageSizeActual > ImageSize) {
Status = EFI_BUFFER_TOO_SMALL;
DEBUG ((EFI_D_ERROR, "Boot size in vbmeta less than actual boot image size "
"flash corresponding vbmeta.img\n"));
goto out;
}
if (AllowVerificationError) {
Info->BootState = ORANGE;
} else {
if (UserData->IsUserKey) {
Info->BootState = YELLOW;
} else {
Info->BootState = GREEN;
}
}
/* command line */
GUARD_OUT (AppendVBCommonCmdLine (Info));
GUARD_OUT (AppendVBCmdLine (Info, SlotData->cmdline));
/* Set Rot & Boot State*/
Data.Color = Info->BootState;
Data.IsUnlocked = AllowVerificationError;
Data.PublicKeyLength = UserData->PublicKeyLen;
Data.PublicKey = UserData->PublicKey;
BootImgHdr = (struct boot_img_hdr *)ImageBuffer;
Data.SystemSecurityLevel = (BootImgHdr->os_version & 0x7FF);
Data.SystemVersion = (BootImgHdr->os_version & 0xFFFFF800) >> 11;
GUARD_OUT (KeyMasterSetRotAndBootState (&Data));
DEBUG ((EFI_D_INFO, "VB2: Authenticate complete! boot state is: %a\n",
VbSn[Info->BootState].name));
out:
if (Status != EFI_SUCCESS) {
if (SlotData != NULL) {
avb_slot_verify_data_free (SlotData);
}
if (Ops != NULL) {
AvbOpsFree (Ops);
}
if (UserData != NULL) {
avb_free (UserData);
}
if (VBData != NULL) {
avb_free (VBData);
}
Info->BootState = RED;
HandleActiveSlotUnbootable ();
/* HandleActiveSlotUnbootable should have swapped slots and
* reboot the device. If no bootable slot found, enter fastboot */
DEBUG ((EFI_D_WARN, "No bootable slots found enter fastboot mode\n"));
}
DEBUG ((EFI_D_ERROR, "VB2: boot state: %a(%d)\n", VbSn[Info->BootState].name,
Info->BootState));
return Status;
}
STATIC EFI_STATUS
DisplayVerifiedBootScreen (BootInfo *Info)
{
EFI_STATUS Status = EFI_SUCCESS;
CHAR8 FfbmStr[FFBM_MODE_BUF_SIZE] = {'\0'};
if (GetAVBVersion () < AVB_1) {
return EFI_SUCCESS;
}
if (!StrnCmp (Info->Pname, L"boot", StrLen (L"boot"))) {
Status = GetFfbmCommand (FfbmStr, FFBM_MODE_BUF_SIZE);
if (Status != EFI_SUCCESS) {
DEBUG ((EFI_D_VERBOSE, "No Ffbm cookie found, ignore: %r\n", Status));
FfbmStr[0] = '\0';
}
}
DEBUG ((EFI_D_VERBOSE, "Boot State is : %d\n", Info->BootState));
switch (Info->BootState) {
case RED:
Status = DisplayVerifiedBootMenu (DISPLAY_MENU_RED);
if (Status != EFI_SUCCESS) {
DEBUG ((EFI_D_INFO,
"Your device is corrupt. It can't be trusted and will not boot."
"\nYour device will shutdown in 30s\n"));
}
MicroSecondDelay (30000000);
ShutdownDevice ();
break;
case YELLOW:
Status = DisplayVerifiedBootMenu (DISPLAY_MENU_YELLOW);
if (Status == EFI_SUCCESS) {
WaitForExitKeysDetection ();
} else {
DEBUG ((EFI_D_INFO, "Your device has loaded a different operating system."
"\nWait for 5 seconds before proceeding\n"));
MicroSecondDelay (5000000);
}
break;
case ORANGE:
if (FfbmStr[0] != '\0' && !TargetBuildVariantUser ()) {
DEBUG ((EFI_D_VERBOSE, "Device will boot into FFBM mode\n"));
} else {
Status = DisplayVerifiedBootMenu (DISPLAY_MENU_ORANGE);
if (Status == EFI_SUCCESS) {
WaitForExitKeysDetection ();
} else {
DEBUG (
(EFI_D_INFO, "Device is unlocked, Skipping boot verification\n"));
MicroSecondDelay (5000000);
}
}
break;
default:
break;
}
return EFI_SUCCESS;
}
EFI_STATUS
LoadImageAndAuth (BootInfo *Info)
{
EFI_STATUS Status = EFI_SUCCESS;
BOOLEAN MdtpActive = FALSE;
QCOM_MDTP_PROTOCOL *MdtpProtocol;
UINT32 AVBVersion = NO_AVB;
if (Info == NULL) {
DEBUG ((EFI_D_ERROR, "Invalid parameter Info\n"));
return EFI_INVALID_PARAMETER;
}
/* Get Partition Name*/
if (!Info->MultiSlotBoot) {
if (Info->BootIntoRecovery) {
DEBUG ((EFI_D_INFO, "Booting Into Recovery Mode\n"));
StrnCpyS (Info->Pname, ARRAY_SIZE (Info->Pname), L"recovery",
StrLen (L"recovery"));
} else {
DEBUG ((EFI_D_INFO, "Booting Into Mission Mode\n"));
StrnCpyS (Info->Pname, ARRAY_SIZE (Info->Pname), L"boot",
StrLen (L"boot"));
}
} else {
Slot CurrentSlot = {{0}};
GUARD (FindBootableSlot (&CurrentSlot));
if (IsSuffixEmpty (&CurrentSlot)) {
DEBUG ((EFI_D_ERROR, "No bootable slot\n"));
return EFI_LOAD_ERROR;
}
GUARD (StrnCpyS (Info->Pname, ARRAY_SIZE (Info->Pname), L"boot",
StrLen (L"boot")));
GUARD (StrnCatS (Info->Pname, ARRAY_SIZE (Info->Pname), CurrentSlot.Suffix,
StrLen (CurrentSlot.Suffix)));
}
DEBUG ((EFI_D_VERBOSE, "MultiSlot %a, partition name %s\n",
BooleanString[Info->MultiSlotBoot].name, Info->Pname));
if (FixedPcdGetBool (EnableMdtpSupport)) {
Status = IsMdtpActive (&MdtpActive);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "Failed to get activation state for MDTP, "
"Status=%r."
" Considering MDTP as active and continuing \n",
Status));
if (Status != EFI_NOT_FOUND)
MdtpActive = TRUE;
}
}
AVBVersion = GetAVBVersion ();
DEBUG ((EFI_D_VERBOSE, "AVB version %d\n", AVBVersion));
/* Load and Authenticate */
switch (AVBVersion) {
case NO_AVB:
return LoadImageNoAuthWrapper (Info);
break;
case AVB_1:
Status = LoadImageAndAuthVB1 (Info);
break;
case AVB_2:
Status = LoadImageAndAuthVB2 (Info);
break;
default:
DEBUG ((EFI_D_ERROR, "Unsupported AVB version %d\n", AVBVersion));
Status = EFI_UNSUPPORTED;
}
// if MDTP is active Display Recovery UI
if (Status != EFI_SUCCESS && MdtpActive) {
Status = gBS->LocateProtocol (&gQcomMdtpProtocolGuid, NULL,
(VOID **)&MdtpProtocol);
if (EFI_ERROR (Status)) {
DEBUG (
(EFI_D_ERROR, "Failed to locate MDTP protocol, Status=%r\n", Status));
return Status;
}
/* Perform Local Deactivation of MDTP */
Status = MdtpProtocol->MdtpDeactivate (MdtpProtocol, FALSE);
}
if (IsUnlocked () && Status != EFI_SUCCESS) {
DEBUG ((EFI_D_ERROR, "LoadImageAndAuth failed %r\n", Status));
return Status;
}
DisplayVerifiedBootScreen (Info);
DEBUG ((EFI_D_VERBOSE, "Sending Milestone Call\n"));
Status = Info->VbIntf->VBSendMilestone (Info->VbIntf);
if (Status != EFI_SUCCESS) {
DEBUG ((EFI_D_ERROR, "Error sending milestone call to TZ\n"));
return Status;
}
return Status;
}
VOID
FreeVerifiedBootResource (BootInfo *Info)
{
DEBUG ((EFI_D_VERBOSE, "FreeVerifiedBootResource\n"));
if (Info == NULL) {
return;
}
VB2Data *VBData = Info->VBData;
if (VBData != NULL) {
AvbOps *Ops = VBData->Ops;
if (Ops != NULL) {
if (Ops->user_data != NULL) {
avb_free (Ops->user_data);
}
AvbOpsFree (Ops);
}
AvbSlotVerifyData *SlotData = VBData->SlotData;
if (SlotData != NULL) {
avb_slot_verify_data_free (SlotData);
}
avb_free (VBData);
}
if (Info->VBCmdLine != NULL) {
FreePool (Info->VBCmdLine);
}
return;
}
EFI_STATUS
GetCertFingerPrint (UINT8 *FingerPrint,
UINTN FingerPrintLen,
UINTN *FingerPrintLenOut)
{
EFI_STATUS Status = EFI_SUCCESS;
if (FingerPrint == NULL || FingerPrintLenOut == NULL ||
FingerPrintLen < AVB_SHA256_DIGEST_SIZE) {
DEBUG ((EFI_D_ERROR, "GetCertFingerPrint: Invalid parameters\n"));
return EFI_INVALID_PARAMETER;
}
if (GetAVBVersion () == AVB_1) {
QCOM_VERIFIEDBOOT_PROTOCOL *VbIntf = NULL;
Status = gBS->LocateProtocol (&gEfiQcomVerifiedBootProtocolGuid, NULL,
(VOID **)&VbIntf);
if (Status != EFI_SUCCESS) {
DEBUG ((EFI_D_ERROR, "Unable to locate VerifiedBoot Protocol\n"));
return Status;
}
if (VbIntf->Revision < QCOM_VERIFIEDBOOT_PROTOCOL_REVISION) {
DEBUG ((EFI_D_ERROR, "GetCertFingerPrint: VB1: not "
"supported for this revision\n"));
return EFI_UNSUPPORTED;
}
Status = VbIntf->VBGetCertFingerPrint (VbIntf, FingerPrint, FingerPrintLen,
FingerPrintLenOut);
if (Status != EFI_SUCCESS) {
DEBUG ((EFI_D_ERROR, "Failed Reading CERT FingerPrint\n"));
return Status;
}
} else if (GetAVBVersion () == AVB_2) {
CHAR8 *UserKeyBuffer = NULL;
UINT32 UserKeyLength = 0;
AvbSHA256Ctx UserKeyCtx = {{0}};
CHAR8 *UserKeyDigest = NULL;
GUARD (GetUserKey (&UserKeyBuffer, &UserKeyLength));
avb_sha256_init (&UserKeyCtx);
avb_sha256_update (&UserKeyCtx, (UINT8 *)UserKeyBuffer, UserKeyLength);
UserKeyDigest = (CHAR8 *)avb_sha256_final (&UserKeyCtx);
CopyMem (FingerPrint, UserKeyDigest, AVB_SHA256_DIGEST_SIZE);
*FingerPrintLenOut = AVB_SHA256_DIGEST_SIZE;
} else {
DEBUG ((EFI_D_ERROR, "GetCertFingerPrint: not supported\n"));
return EFI_UNSUPPORTED;
}
return Status;
}