Re: [PATCH v1 6/7] cmd: avb: rework do_avb_verify_part

[Mattijs Korpershoek <mkorpershoek@baylibre.com>]

Hi Igor,

Thank you for the patch.

On mar., févr. 06, 2024 at 23:31, Igor Opaniuk <igor.opaniuk@foundries.io> wrote:

> From: Igor Opaniuk <igor.opaniuk@gmail.com>
>
> Use existing str_avb_slot_error() function for obtaining
> verification fail reason details.
> Take into account device lock state for setting correct
> androidboot.verifiedbootstate kernel cmdline parameter.
>
> Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>

Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>

Nitpick: the error handling migration could have been part of PATCH 5/7
but it's fine to keep as is.

> ---
>
>  cmd/avb.c | 50 +++++++++++++++++---------------------------------
>  1 file changed, 17 insertions(+), 33 deletions(-)
>
> diff --git a/cmd/avb.c b/cmd/avb.c
> index ae0012c0e79..e5fc202121f 100644
> --- a/cmd/avb.c
> +++ b/cmd/avb.c
> @@ -239,6 +239,7 @@ int do_avb_verify_part(struct cmd_tbl *cmdtp, int flag,
>  	const char * const requested_partitions[] = {"boot", NULL};
>  	AvbSlotVerifyResult slot_result;
>  	AvbSlotVerifyData *out_data;
> +	enum avb_boot_state boot_state;
>  	char *cmdline;
>  	char *extra_args;
>  	char *slot_suffix = "";
> @@ -273,18 +274,23 @@ int do_avb_verify_part(struct cmd_tbl *cmdtp, int flag,
>  				AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE,
>  				&out_data);
>  
> -	switch (slot_result) {
> -	case AVB_SLOT_VERIFY_RESULT_OK:
> -		/* Until we don't have support of changing unlock states, we
> -		 * assume that we are by default in locked state.
> -		 * So in this case we can boot only when verification is
> -		 * successful; we also supply in cmdline GREEN boot state
> -		 */
> +	/*
> +	 * LOCKED devices with custom root of trust setup is not supported (YELLOW)
> +	 */
> +	if (slot_result == AVB_SLOT_VERIFY_RESULT_OK) {
>  		printf("Verification passed successfully\n");
>  
> -		/* export additional bootargs to AVB_BOOTARGS env var */
> +		/*
> +		 * ORANGE state indicates that device may be freely modified.
> +		 * Device integrity is left to the user to verify out-of-band.
> +		 */
> +		if (unlocked)
> +			boot_state = AVB_ORANGE;
> +		else
> +			boot_state = AVB_GREEN;
>  
> -		extra_args = avb_set_state(avb_ops, AVB_GREEN);
> +		/* export boot state to AVB_BOOTARGS env var */
> +		extra_args = avb_set_state(avb_ops, boot_state);
>  		if (extra_args)
>  			cmdline = append_cmd_line(out_data->cmdline,
>  						  extra_args);
> @@ -294,30 +300,8 @@ int do_avb_verify_part(struct cmd_tbl *cmdtp, int flag,
>  		env_set(AVB_BOOTARGS, cmdline);
>  
>  		res = CMD_RET_SUCCESS;
> -		break;
> -	case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION:
> -		printf("Verification failed\n");
> -		break;
> -	case AVB_SLOT_VERIFY_RESULT_ERROR_IO:
> -		printf("I/O error occurred during verification\n");
> -		break;
> -	case AVB_SLOT_VERIFY_RESULT_ERROR_OOM:
> -		printf("OOM error occurred during verification\n");
> -		break;
> -	case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA:
> -		printf("Corrupted dm-verity metadata detected\n");
> -		break;
> -	case AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION:
> -		printf("Unsupported version of avbtool was used\n");
> -		break;
> -	case AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX:
> -		printf("Rollback index check failed\n");
> -		break;
> -	case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED:
> -		printf("Public key was rejected\n");
> -		break;
> -	default:
> -		printf("Unknown error occurred\n");
> +	} else {
> +		printf("Verification failed, reason: %s\n", str_avb_slot_error(slot_result));
>  	}
>  
>  	if (out_data)
> -- 
> 2.34.1