Re: [PATCH v2 2/2] bootstd: android: Allow boot with AVB failures when unlocked

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Julien Masson <jmasson@baylibre.com>
To: Mattijs Korpershoek <mkorpershoek@baylibre.com>,
	Simon Glass <sjg@chromium.org>, Tom Rini <trini@konsulko.com>,
	Guillaume La Roque <glaroque@baylibre.com>
Cc: <u-boot@lists.denx.de>, Mattijs Korpershoek <mkorpershoek@baylibre.com>
Subject: Re: [PATCH v2 2/2] bootstd: android: Allow boot with AVB failures when unlocked
Date: Thu, 23 Jan 2025 14:40:20 +0100	[thread overview]
Message-ID: <871pwtd4xn.fsf@baylibre.com> (raw)
In-Reply-To: <20250108-avb-disable-verif-v2-2-ba7d3b0d5b6a@baylibre.com>


On Thu 23 Jan 2025 at 14:40, Mattijs Korpershoek <mkorpershoek@baylibre.com> wrote:

> When the bootloader is UNLOCKED, it should be possible to boot Android
> even if AVB reports verification errors [1].
> 
> This allows developers to flash modified partitions on
> userdebug/engineering builds.
> 
> Developers can do so on unlocked devices with:
> $ fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
> 
> In such case, bootmeth_android refuses to boot.
> 
> Allow the boot to continue when the device is UNLOCKED and AVB reports
> verification errors.
> 
> [1] https://source.android.com/docs/security/features/verifiedboot/boot-flow#unlocked-devices
> Fixes: 125d9f3306ea ("bootstd: Add a bootmeth for Android")
> Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
> ---
>  boot/bootmeth_android.c | 37 ++++++++++++++++++++++++-------------
>  1 file changed, 24 insertions(+), 13 deletions(-)
> 
> diff --git a/boot/bootmeth_android.c b/boot/bootmeth_android.c
> index 2cd167f80280801618a317a65e93a10e70a0d9ee..dc9aad1633bb7a6d577013bfa0f939343f2e066b 100644
> --- a/boot/bootmeth_android.c
> +++ b/boot/bootmeth_android.c
> @@ -407,17 +407,26 @@ static int run_avb_verification(struct bootflow *bflow)
>  				 AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE,
>  				 &out_data);
>  
> -	if (result != AVB_SLOT_VERIFY_RESULT_OK) {
> -		printf("Verification failed, reason: %s\n",
> -		       str_avb_slot_error(result));
> -		avb_slot_verify_data_free(out_data);
> -		return log_msg_ret("avb verify", -EIO);
> -	}
> -
> -	if (unlocked)
> -		boot_state = AVB_ORANGE;
> -	else
> +	if (!unlocked) {
> +		/* When device is locked, we only accept AVB_SLOT_VERIFY_RESULT_OK */
> +		if (result != AVB_SLOT_VERIFY_RESULT_OK) {
> +			printf("Verification failed, reason: %s\n",
> +			       str_avb_slot_error(result));
> +			avb_slot_verify_data_free(out_data);
> +			return log_msg_ret("avb verify", -EIO);
> +		}
>  		boot_state = AVB_GREEN;
> +	} else {
> +		/* When device is unlocked, we also accept verification errors */
> +		if (result != AVB_SLOT_VERIFY_RESULT_OK &&
> +		    result != AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION) {
> +			printf("Unlocked verification failed, reason: %s\n",
> +			       str_avb_slot_error(result));
> +			avb_slot_verify_data_free(out_data);
> +			return log_msg_ret("avb verify unlocked", -EIO);
> +		}
> +		boot_state = AVB_ORANGE;
> +	}
>  
>  	extra_args = avb_set_state(avb_ops, boot_state);
>  	if (extra_args) {
> @@ -427,9 +436,11 @@ static int run_avb_verification(struct bootflow *bflow)
>  			goto free_out_data;
>  	}
>  
> -	ret = avb_append_commandline(bflow, out_data->cmdline);
> -	if (ret < 0)
> -		goto free_out_data;
> +	if (result == AVB_SLOT_VERIFY_RESULT_OK) {
> +		ret = avb_append_commandline(bflow, out_data->cmdline);
> +		if (ret < 0)
> +			goto free_out_data;
> +	}
>  
>  	return 0;
>  
> 
> -- 
> 2.47.1
> 

Reviewed-by: Julien Masson <jmasson@baylibre.com>

next prev parent reply	other threads:[~2025-01-23 13:40 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-08 14:38 [PATCH v2 0/2] bootstd: android: Allow booting with AVB failures when unlocked Mattijs Korpershoek
2025-01-08 14:38 ` [PATCH v2 1/2] bootstd: android: Add missing NULL in the avb partition list Mattijs Korpershoek
2025-01-23 13:39   ` Julien Masson
2025-01-08 14:38 ` [PATCH v2 2/2] bootstd: android: Allow boot with AVB failures when unlocked Mattijs Korpershoek
2025-01-23 13:40   ` Julien Masson [this message]
2025-01-23 14:23 ` [PATCH v2 0/2] bootstd: android: Allow booting " Mattijs Korpershoek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=871pwtd4xn.fsf@baylibre.com \
    --to=jmasson@baylibre.com \
    --cc=glaroque@baylibre.com \
    --cc=mkorpershoek@baylibre.com \
    --cc=sjg@chromium.org \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.