Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_bootable_bootloader_edk2 / 543b389202d098ac2f6146016627716f8ee6f076^! / .
commit543b389202d098ac2f6146016627716f8ee6f076[log] [tgz]
authorAlexander Martinz <amartinz@shiftphones.com>Mon May 23 15:45:44 2022 +0200
committerAlexander Martinz <amartinz@shiftphones.com>Mon May 23 16:02:12 2022 +0200
tree2df9ae5d35ed20df0879fd4d3492299fb5e1d4f1
parentf8a3eb4364872f28019d0b8d3e66b8240b5e56e7 [diff]
FastbootCmds: oem device-info: check if user public key is set

It is possible to flash to a virtual partition `avb_custom_key` to
set a custom AVB key.

1) generate a custom avb private key

openssl genpkey -algorithm RSA \
  -pkeyopt rsa_keygen_bits:4096 \
  -outform PEM \
  -out key_rsa4096.pem

2) Extract public key usingprivate key
  - avbtool extract_public_key --key key_rsa4096.pem --output key_rsa4096.pub

The resulting `key_rsa4096.pub` can be flashed using fastboot:
  - fastboot flash avb_custom_key key_ras4096.pub

Afterwards verify that the custom AVB key is set using:
  - fastboot oem device-info

You can also use the official AVB repo as reference:
  - https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later

Change-Id: I6f65c58dd7f7cbdacfa02464d94815e5e3e6918f
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>

diff --git a/QcomModulePkg/Include/Library/DeviceInfo.h b/QcomModulePkg/Include/Library/DeviceInfo.h
index c24d802..f07e81c 100644
--- a/QcomModulePkg/Include/Library/DeviceInfo.h
+++ b/QcomModulePkg/Include/Library/DeviceInfo.h

@@ -72,6 +72,7 @@
 BOOLEAN IsUnlockCritical (VOID);
 BOOLEAN IsEnforcing (VOID);
 BOOLEAN IsChargingScreenEnable (VOID);
+BOOLEAN IsUserPublicKeySet (VOID);
 VOID
 GetBootloaderVersion (CHAR8 *BootloaderVersion, UINT32 Len);
 VOID

diff --git a/QcomModulePkg/Library/BootLib/DeviceInfo.c b/QcomModulePkg/Library/BootLib/DeviceInfo.c
index 074b970..da517d0 100644
--- a/QcomModulePkg/Library/BootLib/DeviceInfo.c
+++ b/QcomModulePkg/Library/BootLib/DeviceInfo.c

@@ -57,6 +57,22 @@
   return DevInfo.is_charger_screen_enabled;
 }
 
+BOOLEAN IsUserPublicKeySet (VOID)
+{
+  CHAR8 *UserKeyBuffer = NULL;
+  UINT32 UserKeyLength = 0;
+  EFI_STATUS Status = EFI_SUCCESS;
+
+  Status = GetUserKey(&UserKeyBuffer, &UserKeyLength);
+  if (Status != EFI_SUCCESS) {
+    DEBUG((EFI_D_ERROR, "GetUserKey failed!, %r\n", Status));
+    return FALSE;
+  }
+
+  DEBUG((EFI_D_INFO, "GetUserKey - public key length: %d\n", UserKeyLength));
+  return UserKeyLength > 0;
+}
+
 VOID
 GetDevInfo (DeviceInfo **DevInfoPtr)
 {

diff --git a/QcomModulePkg/Library/FastbootLib/FastbootCmds.c b/QcomModulePkg/Library/FastbootLib/FastbootCmds.c
index 3b1e624..bbc4790 100644
--- a/QcomModulePkg/Library/FastbootLib/FastbootCmds.c
+++ b/QcomModulePkg/Library/FastbootLib/FastbootCmds.c

@@ -3251,6 +3251,10 @@
                IsChargingScreenEnable () ? "true" : "false");
   FastbootInfo (DeviceInfo);
   WaitForTransferComplete ();
+  AsciiSPrint (DeviceInfo, sizeof (DeviceInfo), "User public key set: %a",
+               IsUserPublicKeySet () ? "true" : "false");
+  FastbootInfo (DeviceInfo);
+  WaitForTransferComplete ();
   FastbootOkay ("");
 }