Re: [AVB/AB] Overhaul plans

[Mattijs Korpershoek <mkorpershoek@baylibre.com>]

Hi Igor,

On ven., févr. 09, 2024 at 11:14, Igor Opaniuk <igor.opaniuk@gmail.com> wrote:

> Hi everyone,
>
> I'm currently planning a big overhaul of the current implementation of
> AVB/AB in U-Boot during the 2024 year, which I have barely touched since
> 2019. I used to believe that it was stillborn, but looks like it's
> being actively used
> now by some SoC vendors and Google folks [1][2].

This is great news! I am not aware of any development related to the
above but I'm looking forward to this.

I can't speak for all vendors but I know that TI uses both the AVB and
AB implementation on their AM62x Android solution.

>
> This is what I have in my todo list:
> * Backport latest libavb from AOSP upstream and add support for
>    Verified Boot 1.3.0 version
> * Sync include/android_bootloader_message.h with AOSP upstream
> * Check and backport fixes for AVB in AOSP U-Boot fork if needed [1]
> * Get acquainted with a current state of A/B support in AOSP and
>    backport all needed changes
> * Re-factor libavb, switch to U-Boot existing implementation of
>    rsa/sha256/sha512
> * Add SHA512 implementation that leverage ARMv8 CE
>    (pull it from Linux)
> * Enable hw acceleration of SHA256/SHA512 that supports ARMv8
>    Crypto Extensions to speed up verification process on ARMv8-based boards.
> * AVB support for NAND storage

I know that this has been send but I don't think Alistair has send any
follow-up on this:
https://patchwork.ozlabs.org/project/uboot/patch/20220926220211.868968-1-adelva@google.com/

>
> If someone is already working on anything from the above list -
> please feel free to reach out to me, so we can avoid duplication of effort.
>
> Any comments/suggestions are welcome! Thanks!

From my understanding, the AOSP version of U-Boot has quite a different
bootflow since it relies on the (out-of-tree) boot_android command [3]

[3] https://android.googlesource.com/platform/external/u-boot/+/refs/heads/main/cmd/boot_android.c

Please keep me in the loop with your progress. If you want, you can
reach me on IRC as well (libera: #u-boot, nick: mkorpershoek)

>
> [1] https://android.googlesource.com/platform/external/u-boot
> [2] https://source.android.com/docs/devices/cuttlefish/bootloader-dev
> [3] https://android.googlesource.com/platform/bootable/recovery/+/main/bootloader_message/include/bootloader_message/bootloader_message.h
>
> --
> Best regards - Atentamente - Meilleures salutations
>
> Igor Opaniuk
>
> mailto: igor.opaniuk@gmail.com
> skype: igor.opanyuk
> http://ua.linkedin.com/in/iopaniuk