pvmfw: use libavb_rs for verification
Use libavb_rs for slot verification. This shouldn't cause any
functionality changes.
Test: atest libpvmfw_avb.integration_test
Change-Id: I06039d91084d392bdbac257702b10fc7e3ade5bb
diff --git a/pvmfw/avb/src/descriptor/collection.rs b/pvmfw/avb/src/descriptor/collection.rs
index f47bfbd..6784758 100644
--- a/pvmfw/avb/src/descriptor/collection.rs
+++ b/pvmfw/avb/src/descriptor/collection.rs
@@ -18,11 +18,11 @@
use super::hash::HashDescriptor;
use super::property::PropertyDescriptor;
use crate::partition::PartitionName;
-use crate::utils::{self, is_not_null, to_usize, usize_checked_add};
+use crate::utils::{to_usize, usize_checked_add};
use crate::PvmfwVerifyError;
+use avb::{IoError, IoResult, SlotVerifyError, SlotVerifyNoDataResult, VbmetaData};
use avb_bindgen::{
avb_descriptor_foreach, avb_descriptor_validate_and_byteswap, AvbDescriptor, AvbDescriptorTag,
- AvbVBMetaData,
};
use core::{ffi::c_void, mem::size_of, slice};
use tinyvec::ArrayVec;
@@ -36,24 +36,16 @@
}
impl<'a> Descriptors<'a> {
- /// Builds `Descriptors` from `AvbVBMetaData`.
- /// Returns an error if the given `AvbVBMetaData` contains non-hash descriptor, hash
+ /// Builds `Descriptors` from `VbmetaData`.
+ /// Returns an error if the given `VbmetaData` contains non-hash descriptor, hash
/// descriptor of unknown `PartitionName` or duplicated hash descriptors.
- ///
- /// # Safety
- ///
- /// Behavior is undefined if any of the following conditions are violated:
- /// * `vbmeta.vbmeta_data` must be non-null and points to a valid VBMeta.
- /// * `vbmeta.vbmeta_data` must be valid for reading `vbmeta.vbmeta_size` bytes.
- pub(crate) unsafe fn from_vbmeta(vbmeta: AvbVBMetaData) -> Result<Self, PvmfwVerifyError> {
- is_not_null(vbmeta.vbmeta_data).map_err(|_| avb::SlotVerifyError::Io)?;
- let mut res: Result<Self, avb::IoError> = Ok(Self::default());
- // SAFETY: It is safe as the raw pointer `vbmeta.vbmeta_data` is a non-null pointer and
- // points to a valid VBMeta structure.
+ pub(crate) fn from_vbmeta(vbmeta: &'a VbmetaData) -> Result<Self, PvmfwVerifyError> {
+ let mut res: IoResult<Self> = Ok(Self::default());
+ // SAFETY: It is safe as `vbmeta.data()` contains a valid VBMeta structure.
let output = unsafe {
avb_descriptor_foreach(
- vbmeta.vbmeta_data,
- vbmeta.vbmeta_size,
+ vbmeta.data().as_ptr(),
+ vbmeta.data().len(),
Some(check_and_save_descriptor),
&mut res as *mut _ as *mut c_void,
)
@@ -61,7 +53,7 @@
if output == res.is_ok() {
res.map_err(PvmfwVerifyError::InvalidDescriptors)
} else {
- Err(avb::SlotVerifyError::InvalidMetadata.into())
+ Err(SlotVerifyError::InvalidMetadata.into())
}
}
@@ -74,11 +66,11 @@
pub(crate) fn find_hash_descriptor(
&self,
partition_name: PartitionName,
- ) -> Result<&HashDescriptor, avb::SlotVerifyError> {
+ ) -> SlotVerifyNoDataResult<&HashDescriptor> {
self.hash_descriptors
.iter()
.find(|d| d.partition_name == partition_name)
- .ok_or(avb::SlotVerifyError::InvalidMetadata)
+ .ok_or(SlotVerifyError::InvalidMetadata)
}
pub(crate) fn has_property_descriptor(&self) -> bool {
@@ -89,27 +81,24 @@
self.prop_descriptor.as_ref().filter(|desc| desc.key == key).map(|desc| desc.value)
}
- fn push(&mut self, descriptor: Descriptor<'a>) -> utils::Result<()> {
+ fn push(&mut self, descriptor: Descriptor<'a>) -> IoResult<()> {
match descriptor {
Descriptor::Hash(d) => self.push_hash_descriptor(d),
Descriptor::Property(d) => self.push_property_descriptor(d),
}
}
- fn push_hash_descriptor(&mut self, descriptor: HashDescriptor<'a>) -> utils::Result<()> {
+ fn push_hash_descriptor(&mut self, descriptor: HashDescriptor<'a>) -> IoResult<()> {
if self.hash_descriptors.iter().any(|d| d.partition_name == descriptor.partition_name) {
- return Err(avb::IoError::Io);
+ return Err(IoError::Io);
}
self.hash_descriptors.push(descriptor);
Ok(())
}
- fn push_property_descriptor(
- &mut self,
- descriptor: PropertyDescriptor<'a>,
- ) -> utils::Result<()> {
+ fn push_property_descriptor(&mut self, descriptor: PropertyDescriptor<'a>) -> IoResult<()> {
if self.prop_descriptor.is_some() {
- return Err(avb::IoError::Io);
+ return Err(IoError::Io);
}
self.prop_descriptor.replace(descriptor);
Ok(())
@@ -120,8 +109,7 @@
///
/// Behavior is undefined if any of the following conditions are violated:
/// * The `descriptor` pointer must be non-null and points to a valid `AvbDescriptor` struct.
-/// * The `user_data` pointer must be non-null, points to a valid
-/// `Result<Descriptors, avb::IoError>`
+/// * The `user_data` pointer must be non-null, points to a valid `IoResult<Descriptors>`
/// struct and is initialized.
unsafe extern "C" fn check_and_save_descriptor(
descriptor: *const AvbDescriptor,
@@ -129,8 +117,7 @@
) -> bool {
// SAFETY: It is safe because the caller ensures that `user_data` points to a valid struct and
// is initialized.
- let Some(res) = (unsafe { (user_data as *mut Result<Descriptors, avb::IoError>).as_mut() })
- else {
+ let Some(res) = (unsafe { (user_data as *mut IoResult<Descriptors>).as_mut() }) else {
return false;
};
let Ok(descriptors) = res else {
@@ -154,7 +141,7 @@
unsafe fn try_check_and_save_descriptor(
descriptor: *const AvbDescriptor,
descriptors: &mut Descriptors,
-) -> utils::Result<()> {
+) -> IoResult<()> {
// SAFETY: It is safe because the caller ensures that `descriptor` is a non-null pointer
// pointing to a valid struct.
let descriptor = unsafe { Descriptor::from_descriptor_ptr(descriptor)? };
@@ -171,7 +158,7 @@
///
/// Behavior is undefined if any of the following conditions are violated:
/// * The `descriptor` pointer must be non-null and point to a valid `AvbDescriptor`.
- unsafe fn from_descriptor_ptr(descriptor: *const AvbDescriptor) -> utils::Result<Self> {
+ unsafe fn from_descriptor_ptr(descriptor: *const AvbDescriptor) -> IoResult<Self> {
let avb_descriptor =
// SAFETY: It is safe as the raw pointer `descriptor` is non-null and points to
// a valid `AvbDescriptor`.
@@ -197,7 +184,7 @@
unsafe { PropertyDescriptor::from_descriptor_ptr(descriptor, data)? };
Ok(Self::Property(descriptor))
}
- _ => Err(avb::IoError::NoSuchValue),
+ _ => Err(IoError::NoSuchValue),
}
}
}
diff --git a/pvmfw/avb/src/descriptor/common.rs b/pvmfw/avb/src/descriptor/common.rs
index 31ee0a5..6063a7c 100644
--- a/pvmfw/avb/src/descriptor/common.rs
+++ b/pvmfw/avb/src/descriptor/common.rs
@@ -14,7 +14,8 @@
//! Structs and functions used by all the descriptors.
-use crate::utils::{self, is_not_null};
+use crate::utils::is_not_null;
+use avb::{IoError, IoResult};
use core::mem::MaybeUninit;
/// # Safety
@@ -24,14 +25,14 @@
pub(super) unsafe fn get_valid_descriptor<T>(
descriptor_ptr: *const T,
descriptor_validate_and_byteswap: unsafe extern "C" fn(src: *const T, dest: *mut T) -> bool,
-) -> utils::Result<T> {
+) -> IoResult<T> {
is_not_null(descriptor_ptr)?;
// SAFETY: It is safe because the caller ensures that `descriptor_ptr` is a non-null pointer
// pointing to a valid struct.
let descriptor = unsafe {
let mut desc = MaybeUninit::uninit();
if !descriptor_validate_and_byteswap(descriptor_ptr, desc.as_mut_ptr()) {
- return Err(avb::IoError::Io);
+ return Err(IoError::Io);
}
desc.assume_init()
};
diff --git a/pvmfw/avb/src/descriptor/hash.rs b/pvmfw/avb/src/descriptor/hash.rs
index 089268f..35db66d 100644
--- a/pvmfw/avb/src/descriptor/hash.rs
+++ b/pvmfw/avb/src/descriptor/hash.rs
@@ -16,7 +16,8 @@
use super::common::get_valid_descriptor;
use crate::partition::PartitionName;
-use crate::utils::{self, to_usize, usize_checked_add};
+use crate::utils::{to_usize, usize_checked_add};
+use avb::{IoError, IoResult};
use avb_bindgen::{
avb_hash_descriptor_validate_and_byteswap, AvbDescriptor, AvbHashDescriptor,
AVB_SHA256_DIGEST_SIZE,
@@ -47,19 +48,19 @@
pub(super) unsafe fn from_descriptor_ptr(
descriptor: *const AvbDescriptor,
data: &'a [u8],
- ) -> utils::Result<Self> {
+ ) -> IoResult<Self> {
// SAFETY: It is safe as the raw pointer `descriptor` is non-null and points to
// a valid `AvbDescriptor`.
let h = unsafe { HashDescriptorHeader::from_descriptor_ptr(descriptor)? };
let partition_name = data
.get(h.partition_name_range()?)
- .ok_or(avb::IoError::RangeOutsidePartition)?
+ .ok_or(IoError::RangeOutsidePartition)?
.try_into()?;
let digest = data
.get(h.digest_range()?)
- .ok_or(avb::IoError::RangeOutsidePartition)?
+ .ok_or(IoError::RangeOutsidePartition)?
.try_into()
- .map_err(|_| avb::IoError::InvalidValueSize)?;
+ .map_err(|_| IoError::InvalidValueSize)?;
Ok(Self { partition_name, digest })
}
}
@@ -71,7 +72,7 @@
///
/// Behavior is undefined if any of the following conditions are violated:
/// * The `descriptor` pointer must be non-null and point to a valid `AvbDescriptor`.
- unsafe fn from_descriptor_ptr(descriptor: *const AvbDescriptor) -> utils::Result<Self> {
+ unsafe fn from_descriptor_ptr(descriptor: *const AvbDescriptor) -> IoResult<Self> {
// SAFETY: It is safe as the raw pointer `descriptor` is non-null and points to
// a valid `AvbDescriptor`.
unsafe {
@@ -83,16 +84,16 @@
}
}
- fn partition_name_end(&self) -> utils::Result<usize> {
+ fn partition_name_end(&self) -> IoResult<usize> {
usize_checked_add(size_of::<AvbHashDescriptor>(), to_usize(self.0.partition_name_len)?)
}
- fn partition_name_range(&self) -> utils::Result<Range<usize>> {
+ fn partition_name_range(&self) -> IoResult<Range<usize>> {
let start = size_of::<AvbHashDescriptor>();
Ok(start..(self.partition_name_end()?))
}
- fn digest_range(&self) -> utils::Result<Range<usize>> {
+ fn digest_range(&self) -> IoResult<Range<usize>> {
let start = usize_checked_add(self.partition_name_end()?, to_usize(self.0.salt_len)?)?;
let end = usize_checked_add(start, to_usize(self.0.digest_len)?)?;
Ok(start..end)
diff --git a/pvmfw/avb/src/descriptor/property.rs b/pvmfw/avb/src/descriptor/property.rs
index 336623a..8145d64 100644
--- a/pvmfw/avb/src/descriptor/property.rs
+++ b/pvmfw/avb/src/descriptor/property.rs
@@ -15,7 +15,8 @@
//! Structs and functions relating to the property descriptor.
use super::common::get_valid_descriptor;
-use crate::utils::{self, to_usize, usize_checked_add};
+use crate::utils::{to_usize, usize_checked_add};
+use avb::{IoError, IoResult};
use avb_bindgen::{
avb_property_descriptor_validate_and_byteswap, AvbDescriptor, AvbPropertyDescriptor,
};
@@ -34,7 +35,7 @@
pub(super) unsafe fn from_descriptor_ptr(
descriptor: *const AvbDescriptor,
data: &'a [u8],
- ) -> utils::Result<Self> {
+ ) -> IoResult<Self> {
// SAFETY: It is safe as the raw pointer `descriptor` is non-null and points to
// a valid `AvbDescriptor`.
let h = unsafe { PropertyDescriptorHeader::from_descriptor_ptr(descriptor)? };
@@ -43,12 +44,12 @@
Ok(Self { key, value })
}
- fn get_valid_slice(data: &[u8], start: usize, end: usize) -> utils::Result<&[u8]> {
+ fn get_valid_slice(data: &[u8], start: usize, end: usize) -> IoResult<&[u8]> {
const NUL_BYTE: u8 = b'\0';
match data.get(end) {
- Some(&NUL_BYTE) => data.get(start..end).ok_or(avb::IoError::RangeOutsidePartition),
- _ => Err(avb::IoError::NoSuchValue),
+ Some(&NUL_BYTE) => data.get(start..end).ok_or(IoError::RangeOutsidePartition),
+ _ => Err(IoError::NoSuchValue),
}
}
}
@@ -60,7 +61,7 @@
///
/// Behavior is undefined if any of the following conditions are violated:
/// * The `descriptor` pointer must be non-null and point to a valid `AvbDescriptor`.
- unsafe fn from_descriptor_ptr(descriptor: *const AvbDescriptor) -> utils::Result<Self> {
+ unsafe fn from_descriptor_ptr(descriptor: *const AvbDescriptor) -> IoResult<Self> {
// SAFETY: It is safe as the raw pointer `descriptor` is non-null and points to
// a valid `AvbDescriptor`.
unsafe {
@@ -76,16 +77,16 @@
size_of::<AvbPropertyDescriptor>()
}
- fn key_end(&self) -> utils::Result<usize> {
+ fn key_end(&self) -> IoResult<usize> {
usize_checked_add(self.key_start(), to_usize(self.0.key_num_bytes)?)
}
- fn value_start(&self) -> utils::Result<usize> {
+ fn value_start(&self) -> IoResult<usize> {
// There is a NUL byte between key and value.
usize_checked_add(self.key_end()?, 1)
}
- fn value_end(&self) -> utils::Result<usize> {
+ fn value_end(&self) -> IoResult<usize> {
usize_checked_add(self.value_start()?, to_usize(self.0.value_num_bytes)?)
}
}
diff --git a/pvmfw/avb/src/error.rs b/pvmfw/avb/src/error.rs
index 0f052e8..4e3f27e 100644
--- a/pvmfw/avb/src/error.rs
+++ b/pvmfw/avb/src/error.rs
@@ -15,22 +15,23 @@
//! This module contains the error thrown by the payload verification API
//! and other errors used in the library.
+use avb::{IoError, SlotVerifyError};
use core::fmt;
-/// Wrapper around `avb::SlotVerifyError` to add custom pvmfw errors.
+/// Wrapper around `SlotVerifyError` to add custom pvmfw errors.
/// It is the error thrown by the payload verification API `verify_payload()`.
#[derive(Debug, PartialEq, Eq)]
pub enum PvmfwVerifyError {
- /// Passthrough `avb::SlotVerifyError` with no `SlotVerifyData`.
- AvbError(avb::SlotVerifyError<'static>),
+ /// Passthrough `SlotVerifyError` with no `SlotVerifyData`.
+ AvbError(SlotVerifyError<'static>),
/// VBMeta has invalid descriptors.
- InvalidDescriptors(avb::IoError),
+ InvalidDescriptors(IoError),
/// Unknown vbmeta property.
UnknownVbmetaProperty,
}
-impl From<avb::SlotVerifyError<'_>> for PvmfwVerifyError {
- fn from(error: avb::SlotVerifyError) -> Self {
+impl From<SlotVerifyError<'_>> for PvmfwVerifyError {
+ fn from(error: SlotVerifyError) -> Self {
// We don't use verification data on failure, drop it to get a `'static` lifetime.
Self::AvbError(error.without_verify_data())
}
diff --git a/pvmfw/avb/src/ops.rs b/pvmfw/avb/src/ops.rs
index aee93c8..9711f72 100644
--- a/pvmfw/avb/src/ops.rs
+++ b/pvmfw/avb/src/ops.rs
@@ -12,22 +12,14 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-//! Structs and functions relating to `AvbOps`.
+//! Structs and functions relating to AVB callback operations.
use crate::partition::PartitionName;
-use crate::utils::{self, as_ref, is_not_null, to_nonnull, write};
-use avb::internal::{result_to_io_enum, slot_verify_enum_to_result};
-use avb_bindgen::{
- avb_slot_verify, avb_slot_verify_data_free, AvbHashtreeErrorMode, AvbIOResult, AvbOps,
- AvbPartitionData, AvbSlotVerifyData, AvbSlotVerifyFlags, AvbVBMetaData,
+use avb::{
+ slot_verify, HashtreeErrorMode, IoError, IoResult, PublicKeyForPartitionInfo, SlotVerifyData,
+ SlotVerifyFlags, SlotVerifyResult,
};
-use core::{
- ffi::{c_char, c_void, CStr},
- mem::MaybeUninit,
- ptr, slice,
-};
-
-const NULL_BYTE: &[u8] = b"\0";
+use core::ffi::CStr;
pub(crate) struct Payload<'a> {
kernel: &'a [u8],
@@ -35,15 +27,6 @@
trusted_public_key: &'a [u8],
}
-impl<'a> AsRef<Payload<'a>> for AvbOps {
- fn as_ref(&self) -> &Payload<'a> {
- let payload = self.user_data as *const Payload;
- // SAFETY: It is safe to cast the `AvbOps.user_data` to Payload as we have saved a
- // pointer to a valid value of Payload in user_data when creating AvbOps.
- unsafe { &*payload }
- }
-}
-
impl<'a> Payload<'a> {
pub(crate) fn new(
kernel: &'a [u8],
@@ -53,148 +36,116 @@
Self { kernel, initrd, trusted_public_key }
}
- fn get_partition(&self, partition_name: *const c_char) -> Result<&[u8], avb::IoError> {
+ fn get_partition(&self, partition_name: &CStr) -> IoResult<&[u8]> {
match partition_name.try_into()? {
PartitionName::Kernel => Ok(self.kernel),
PartitionName::InitrdNormal | PartitionName::InitrdDebug => {
- self.initrd.ok_or(avb::IoError::NoSuchPartition)
+ self.initrd.ok_or(IoError::NoSuchPartition)
}
}
}
}
-/// `Ops` wraps the class `AvbOps` in libavb. It provides pvmfw customized
-/// operations used in the verification.
-pub(crate) struct Ops(AvbOps);
-
-impl<'a> From<&mut Payload<'a>> for Ops {
- fn from(payload: &mut Payload<'a>) -> Self {
- let avb_ops = AvbOps {
- user_data: payload as *mut _ as *mut c_void,
- ab_ops: ptr::null_mut(),
- atx_ops: ptr::null_mut(),
- read_from_partition: Some(read_from_partition),
- get_preloaded_partition: Some(get_preloaded_partition),
- write_to_partition: None,
- validate_vbmeta_public_key: Some(validate_vbmeta_public_key),
- read_rollback_index: Some(read_rollback_index),
- write_rollback_index: None,
- read_is_device_unlocked: Some(read_is_device_unlocked),
- get_unique_guid_for_partition: Some(get_unique_guid_for_partition),
- get_size_of_partition: Some(get_size_of_partition),
- read_persistent_value: None,
- write_persistent_value: None,
- validate_public_key_for_partition: None,
- };
- Self(avb_ops)
- }
+/// Pvmfw customized operations used in the verification.
+pub(crate) struct Ops<'a> {
+ payload: &'a Payload<'a>,
}
-impl Ops {
+impl<'a> Ops<'a> {
+ pub(crate) fn new(payload: &'a Payload<'a>) -> Self {
+ Self { payload }
+ }
+
pub(crate) fn verify_partition(
&mut self,
partition_name: &CStr,
- ) -> Result<AvbSlotVerifyDataWrap, avb::SlotVerifyError<'static>> {
- let requested_partitions = [partition_name.as_ptr(), ptr::null()];
- let ab_suffix = CStr::from_bytes_with_nul(NULL_BYTE).unwrap();
- let mut out_data = MaybeUninit::uninit();
- // SAFETY: It is safe to call `avb_slot_verify()` as the pointer arguments (`ops`,
- // `requested_partitions` and `ab_suffix`) passed to the method are all valid and
- // initialized.
- let result = unsafe {
- avb_slot_verify(
- &mut self.0,
- requested_partitions.as_ptr(),
- ab_suffix.as_ptr(),
- AvbSlotVerifyFlags::AVB_SLOT_VERIFY_FLAGS_NONE,
- AvbHashtreeErrorMode::AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE,
- out_data.as_mut_ptr(),
- )
- };
- slot_verify_enum_to_result(result)?;
- // SAFETY: This is safe because `out_data` has been properly initialized after
- // calling `avb_slot_verify` and it returns OK.
- let out_data = unsafe { out_data.assume_init() };
- out_data.try_into()
+ ) -> SlotVerifyResult<SlotVerifyData> {
+ slot_verify(
+ self,
+ &[partition_name],
+ None, // No partition slot suffix.
+ SlotVerifyFlags::AVB_SLOT_VERIFY_FLAGS_NONE,
+ HashtreeErrorMode::AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE,
+ )
}
}
-extern "C" fn read_is_device_unlocked(
- _ops: *mut AvbOps,
- out_is_unlocked: *mut bool,
-) -> AvbIOResult {
- result_to_io_enum(write(out_is_unlocked, false))
+impl<'a> avb::Ops for Ops<'a> {
+ fn read_from_partition(
+ &mut self,
+ partition: &CStr,
+ offset: i64,
+ buffer: &mut [u8],
+ ) -> IoResult<usize> {
+ let partition = self.payload.get_partition(partition)?;
+ copy_data_to_dst(partition, offset, buffer)?;
+ Ok(buffer.len())
+ }
+
+ fn get_preloaded_partition(&mut self, partition: &CStr) -> IoResult<&[u8]> {
+ self.payload.get_partition(partition)
+ }
+
+ fn validate_vbmeta_public_key(
+ &mut self,
+ public_key: &[u8],
+ _public_key_metadata: Option<&[u8]>,
+ ) -> IoResult<bool> {
+ // The public key metadata is not used when we build the VBMeta.
+ Ok(self.payload.trusted_public_key == public_key)
+ }
+
+ fn read_rollback_index(&mut self, _rollback_index_location: usize) -> IoResult<u64> {
+ // TODO(291213394) : Refine this comment once capability for rollback protection is defined.
+ // pvmfw does not compare stored_rollback_index with rollback_index for Antirollback
+ // protection. Hence, we set `out_rollback_index` to 0 to ensure that the rollback_index
+ // (including default: 0) is never smaller than it, thus the rollback index check will pass.
+ Ok(0)
+ }
+
+ fn write_rollback_index(
+ &mut self,
+ _rollback_index_location: usize,
+ _index: u64,
+ ) -> IoResult<()> {
+ Err(IoError::NotImplemented)
+ }
+
+ fn read_is_device_unlocked(&mut self) -> IoResult<bool> {
+ Ok(false)
+ }
+
+ fn get_size_of_partition(&mut self, partition: &CStr) -> IoResult<u64> {
+ let partition = self.payload.get_partition(partition)?;
+ u64::try_from(partition.len()).map_err(|_| IoError::InvalidValueSize)
+ }
+
+ fn read_persistent_value(&mut self, _name: &CStr, _value: &mut [u8]) -> IoResult<usize> {
+ Err(IoError::NotImplemented)
+ }
+
+ fn write_persistent_value(&mut self, _name: &CStr, _value: &[u8]) -> IoResult<()> {
+ Err(IoError::NotImplemented)
+ }
+
+ fn erase_persistent_value(&mut self, _name: &CStr) -> IoResult<()> {
+ Err(IoError::NotImplemented)
+ }
+
+ fn validate_public_key_for_partition(
+ &mut self,
+ _partition: &CStr,
+ _public_key: &[u8],
+ _public_key_metadata: Option<&[u8]>,
+ ) -> IoResult<PublicKeyForPartitionInfo> {
+ Err(IoError::NotImplemented)
+ }
}
-extern "C" fn get_preloaded_partition(
- ops: *mut AvbOps,
- partition: *const c_char,
- num_bytes: usize,
- out_pointer: *mut *mut u8,
- out_num_bytes_preloaded: *mut usize,
-) -> AvbIOResult {
- result_to_io_enum(try_get_preloaded_partition(
- ops,
- partition,
- num_bytes,
- out_pointer,
- out_num_bytes_preloaded,
- ))
-}
-
-fn try_get_preloaded_partition(
- ops: *mut AvbOps,
- partition: *const c_char,
- num_bytes: usize,
- out_pointer: *mut *mut u8,
- out_num_bytes_preloaded: *mut usize,
-) -> utils::Result<()> {
- let ops = as_ref(ops)?;
- let partition = ops.as_ref().get_partition(partition)?;
- write(out_pointer, partition.as_ptr() as *mut u8)?;
- write(out_num_bytes_preloaded, partition.len().min(num_bytes))
-}
-
-extern "C" fn read_from_partition(
- ops: *mut AvbOps,
- partition: *const c_char,
- offset: i64,
- num_bytes: usize,
- buffer: *mut c_void,
- out_num_read: *mut usize,
-) -> AvbIOResult {
- result_to_io_enum(try_read_from_partition(
- ops,
- partition,
- offset,
- num_bytes,
- buffer,
- out_num_read,
- ))
-}
-
-fn try_read_from_partition(
- ops: *mut AvbOps,
- partition: *const c_char,
- offset: i64,
- num_bytes: usize,
- buffer: *mut c_void,
- out_num_read: *mut usize,
-) -> utils::Result<()> {
- let ops = as_ref(ops)?;
- let partition = ops.as_ref().get_partition(partition)?;
- let buffer = to_nonnull(buffer)?;
- // SAFETY: It is safe to copy the requested number of bytes to `buffer` as `buffer`
- // is created to point to the `num_bytes` of bytes in memory.
- let buffer_slice = unsafe { slice::from_raw_parts_mut(buffer.as_ptr() as *mut u8, num_bytes) };
- copy_data_to_dst(partition, offset, buffer_slice)?;
- write(out_num_read, buffer_slice.len())
-}
-
-fn copy_data_to_dst(src: &[u8], offset: i64, dst: &mut [u8]) -> utils::Result<()> {
- let start = to_copy_start(offset, src.len()).ok_or(avb::IoError::InvalidValueSize)?;
- let end = start.checked_add(dst.len()).ok_or(avb::IoError::InvalidValueSize)?;
- dst.copy_from_slice(src.get(start..end).ok_or(avb::IoError::RangeOutsidePartition)?);
+fn copy_data_to_dst(src: &[u8], offset: i64, dst: &mut [u8]) -> IoResult<()> {
+ let start = to_copy_start(offset, src.len()).ok_or(IoError::InvalidValueSize)?;
+ let end = start.checked_add(dst.len()).ok_or(IoError::InvalidValueSize)?;
+ dst.copy_from_slice(src.get(start..end).ok_or(IoError::RangeOutsidePartition)?);
Ok(())
}
@@ -203,143 +154,3 @@
.ok()
.or_else(|| isize::try_from(offset).ok().and_then(|v| len.checked_add_signed(v)))
}
-
-extern "C" fn get_size_of_partition(
- ops: *mut AvbOps,
- partition: *const c_char,
- out_size_num_bytes: *mut u64,
-) -> AvbIOResult {
- result_to_io_enum(try_get_size_of_partition(ops, partition, out_size_num_bytes))
-}
-
-fn try_get_size_of_partition(
- ops: *mut AvbOps,
- partition: *const c_char,
- out_size_num_bytes: *mut u64,
-) -> utils::Result<()> {
- let ops = as_ref(ops)?;
- let partition = ops.as_ref().get_partition(partition)?;
- let partition_size =
- u64::try_from(partition.len()).map_err(|_| avb::IoError::InvalidValueSize)?;
- write(out_size_num_bytes, partition_size)
-}
-
-extern "C" fn read_rollback_index(
- _ops: *mut AvbOps,
- _rollback_index_location: usize,
- out_rollback_index: *mut u64,
-) -> AvbIOResult {
- // This method is used by `avb_slot_verify()` to read the stored_rollback_index at
- // rollback_index_location.
-
- // TODO(291213394) : Refine this comment once capability for rollback protection is defined.
- // pvmfw does not compare stored_rollback_index with rollback_index for Antirollback protection
- // Hence, we set `out_rollback_index` to 0 to ensure that the
- // rollback_index (including default: 0) is never smaller than it,
- // thus the rollback index check will pass.
- result_to_io_enum(write(out_rollback_index, 0))
-}
-
-extern "C" fn get_unique_guid_for_partition(
- _ops: *mut AvbOps,
- _partition: *const c_char,
- _guid_buf: *mut c_char,
- _guid_buf_size: usize,
-) -> AvbIOResult {
- // TODO(b/256148034): Check if it's possible to throw an error here instead of having
- // an empty method.
- // This method is required by `avb_slot_verify()`.
- AvbIOResult::AVB_IO_RESULT_OK
-}
-
-extern "C" fn validate_vbmeta_public_key(
- ops: *mut AvbOps,
- public_key_data: *const u8,
- public_key_length: usize,
- public_key_metadata: *const u8,
- public_key_metadata_length: usize,
- out_is_trusted: *mut bool,
-) -> AvbIOResult {
- result_to_io_enum(try_validate_vbmeta_public_key(
- ops,
- public_key_data,
- public_key_length,
- public_key_metadata,
- public_key_metadata_length,
- out_is_trusted,
- ))
-}
-
-fn try_validate_vbmeta_public_key(
- ops: *mut AvbOps,
- public_key_data: *const u8,
- public_key_length: usize,
- _public_key_metadata: *const u8,
- _public_key_metadata_length: usize,
- out_is_trusted: *mut bool,
-) -> utils::Result<()> {
- // The public key metadata is not used when we build the VBMeta.
- is_not_null(public_key_data)?;
- // SAFETY: It is safe to create a slice with the given pointer and length as
- // `public_key_data` is a valid pointer and it points to an array of length
- // `public_key_length`.
- let public_key = unsafe { slice::from_raw_parts(public_key_data, public_key_length) };
- let ops = as_ref(ops)?;
- let trusted_public_key = ops.as_ref().trusted_public_key;
- write(out_is_trusted, public_key == trusted_public_key)
-}
-
-pub(crate) struct AvbSlotVerifyDataWrap(*mut AvbSlotVerifyData);
-
-impl TryFrom<*mut AvbSlotVerifyData> for AvbSlotVerifyDataWrap {
- type Error = avb::SlotVerifyError<'static>;
-
- fn try_from(data: *mut AvbSlotVerifyData) -> Result<Self, Self::Error> {
- is_not_null(data).map_err(|_| avb::SlotVerifyError::Io)?;
- Ok(Self(data))
- }
-}
-
-impl Drop for AvbSlotVerifyDataWrap {
- fn drop(&mut self) {
- // SAFETY: This is safe because `self.0` is checked nonnull when the
- // instance is created. We can free this pointer when the instance is
- // no longer needed.
- unsafe {
- avb_slot_verify_data_free(self.0);
- }
- }
-}
-
-impl AsRef<AvbSlotVerifyData> for AvbSlotVerifyDataWrap {
- fn as_ref(&self) -> &AvbSlotVerifyData {
- // This is safe because `self.0` is checked nonnull when the instance is created.
- as_ref(self.0).unwrap()
- }
-}
-
-impl AvbSlotVerifyDataWrap {
- pub(crate) fn vbmeta_images(&self) -> Result<&[AvbVBMetaData], avb::SlotVerifyError> {
- let data = self.as_ref();
- is_not_null(data.vbmeta_images).map_err(|_| avb::SlotVerifyError::Io)?;
- let vbmeta_images =
- // SAFETY: It is safe as the raw pointer `data.vbmeta_images` is a nonnull pointer.
- unsafe { slice::from_raw_parts(data.vbmeta_images, data.num_vbmeta_images) };
- Ok(vbmeta_images)
- }
-
- pub(crate) fn loaded_partitions(&self) -> Result<&[AvbPartitionData], avb::SlotVerifyError> {
- let data = self.as_ref();
- is_not_null(data.loaded_partitions).map_err(|_| avb::SlotVerifyError::Io)?;
- let loaded_partitions =
- // SAFETY: It is safe as the raw pointer `data.loaded_partitions` is a nonnull pointer and
- // is guaranteed by libavb to point to a valid `AvbPartitionData` array as part of the
- // `AvbSlotVerifyData` struct.
- unsafe { slice::from_raw_parts(data.loaded_partitions, data.num_loaded_partitions) };
- Ok(loaded_partitions)
- }
-
- pub(crate) fn rollback_indexes(&self) -> &[u64] {
- &self.as_ref().rollback_indexes
- }
-}
diff --git a/pvmfw/avb/src/partition.rs b/pvmfw/avb/src/partition.rs
index ca450c9..3fe9479 100644
--- a/pvmfw/avb/src/partition.rs
+++ b/pvmfw/avb/src/partition.rs
@@ -14,8 +14,8 @@
//! Struct and functions relating to well-known partition names.
-use crate::utils::is_not_null;
-use core::ffi::{c_char, CStr};
+use avb::IoError;
+use core::ffi::CStr;
#[derive(Clone, Copy, Debug, Default, PartialEq, Eq)]
pub(crate) enum PartitionName {
@@ -51,39 +51,28 @@
}
}
-impl TryFrom<*const c_char> for PartitionName {
- type Error = avb::IoError;
-
- fn try_from(partition_name: *const c_char) -> Result<Self, Self::Error> {
- is_not_null(partition_name)?;
- // SAFETY: It is safe as the raw pointer `partition_name` is a nonnull pointer.
- let partition_name = unsafe { CStr::from_ptr(partition_name) };
- partition_name.try_into()
- }
-}
-
impl TryFrom<&CStr> for PartitionName {
- type Error = avb::IoError;
+ type Error = IoError;
fn try_from(partition_name: &CStr) -> Result<Self, Self::Error> {
match partition_name.to_bytes_with_nul() {
Self::KERNEL_PARTITION_NAME => Ok(Self::Kernel),
Self::INITRD_NORMAL_PARTITION_NAME => Ok(Self::InitrdNormal),
Self::INITRD_DEBUG_PARTITION_NAME => Ok(Self::InitrdDebug),
- _ => Err(avb::IoError::NoSuchPartition),
+ _ => Err(IoError::NoSuchPartition),
}
}
}
impl TryFrom<&[u8]> for PartitionName {
- type Error = avb::IoError;
+ type Error = IoError;
fn try_from(non_null_terminated_name: &[u8]) -> Result<Self, Self::Error> {
match non_null_terminated_name {
x if x == Self::Kernel.as_non_null_terminated_bytes() => Ok(Self::Kernel),
x if x == Self::InitrdNormal.as_non_null_terminated_bytes() => Ok(Self::InitrdNormal),
x if x == Self::InitrdDebug.as_non_null_terminated_bytes() => Ok(Self::InitrdDebug),
- _ => Err(avb::IoError::NoSuchPartition),
+ _ => Err(IoError::NoSuchPartition),
}
}
}
diff --git a/pvmfw/avb/src/utils.rs b/pvmfw/avb/src/utils.rs
index f4f15e1..b4f099b 100644
--- a/pvmfw/avb/src/utils.rs
+++ b/pvmfw/avb/src/utils.rs
@@ -14,42 +14,20 @@
//! Common utility functions.
-use core::ptr::NonNull;
-use core::result;
+use avb::{IoError, IoResult};
-pub(crate) type Result<T> = result::Result<T, avb::IoError>;
-
-pub(crate) fn write<T>(ptr: *mut T, value: T) -> Result<()> {
- let ptr = to_nonnull(ptr)?;
- // SAFETY: It is safe as the raw pointer `ptr` is a non-null pointer.
- unsafe {
- *ptr.as_ptr() = value;
- }
- Ok(())
-}
-
-pub(crate) fn as_ref<'a, T>(ptr: *mut T) -> Result<&'a T> {
- let ptr = to_nonnull(ptr)?;
- // SAFETY: It is safe as the raw pointer `ptr` is a non-null pointer.
- unsafe { Ok(ptr.as_ref()) }
-}
-
-pub(crate) fn to_nonnull<T>(ptr: *mut T) -> Result<NonNull<T>> {
- NonNull::new(ptr).ok_or(avb::IoError::NoSuchValue)
-}
-
-pub(crate) fn is_not_null<T>(ptr: *const T) -> Result<()> {
+pub(crate) fn is_not_null<T>(ptr: *const T) -> IoResult<()> {
if ptr.is_null() {
- Err(avb::IoError::NoSuchValue)
+ Err(IoError::NoSuchValue)
} else {
Ok(())
}
}
-pub(crate) fn to_usize<T: TryInto<usize>>(num: T) -> Result<usize> {
- num.try_into().map_err(|_| avb::IoError::InvalidValueSize)
+pub(crate) fn to_usize<T: TryInto<usize>>(num: T) -> IoResult<usize> {
+ num.try_into().map_err(|_| IoError::InvalidValueSize)
}
-pub(crate) fn usize_checked_add(x: usize, y: usize) -> Result<usize> {
- x.checked_add(y).ok_or(avb::IoError::InvalidValueSize)
+pub(crate) fn usize_checked_add(x: usize, y: usize) -> IoResult<usize> {
+ x.checked_add(y).ok_or(IoError::InvalidValueSize)
}
diff --git a/pvmfw/avb/src/verify.rs b/pvmfw/avb/src/verify.rs
index 3274033..ac015e0 100644
--- a/pvmfw/avb/src/verify.rs
+++ b/pvmfw/avb/src/verify.rs
@@ -20,10 +20,9 @@
use crate::PvmfwVerifyError;
use alloc::vec;
use alloc::vec::Vec;
-use avb_bindgen::{AvbPartitionData, AvbVBMetaData};
-use core::ffi::c_char;
+use avb::{PartitionData, SlotVerifyError, SlotVerifyNoDataResult, VbmetaData};
-// We use this for the rollback_index field if AvbSlotVerifyDataWrap has empty rollback_indexes
+// We use this for the rollback_index field if SlotVerifyData has empty rollback_indexes
const DEFAULT_ROLLBACK_INDEX: u64 = 0;
/// Verified data returned when the payload verification succeeds.
@@ -84,7 +83,7 @@
_ => return Err(PvmfwVerifyError::UnknownVbmetaProperty),
};
if res.contains(&cap) {
- return Err(avb::SlotVerifyError::InvalidMetadata.into());
+ return Err(SlotVerifyError::InvalidMetadata.into());
}
res.push(cap);
}
@@ -92,55 +91,51 @@
}
}
-fn verify_only_one_vbmeta_exists(
- vbmeta_images: &[AvbVBMetaData],
-) -> Result<(), avb::SlotVerifyError<'static>> {
- if vbmeta_images.len() == 1 {
+fn verify_only_one_vbmeta_exists(vbmeta_data: &[VbmetaData]) -> SlotVerifyNoDataResult<()> {
+ if vbmeta_data.len() == 1 {
Ok(())
} else {
- Err(avb::SlotVerifyError::InvalidMetadata)
+ Err(SlotVerifyError::InvalidMetadata)
}
}
-fn verify_vbmeta_is_from_kernel_partition(
- vbmeta_image: &AvbVBMetaData,
-) -> Result<(), avb::SlotVerifyError<'static>> {
- match (vbmeta_image.partition_name as *const c_char).try_into() {
+fn verify_vbmeta_is_from_kernel_partition(vbmeta_image: &VbmetaData) -> SlotVerifyNoDataResult<()> {
+ match vbmeta_image.partition_name().try_into() {
Ok(PartitionName::Kernel) => Ok(()),
- _ => Err(avb::SlotVerifyError::InvalidMetadata),
+ _ => Err(SlotVerifyError::InvalidMetadata),
}
}
fn verify_vbmeta_has_only_one_hash_descriptor(
descriptors: &Descriptors,
-) -> Result<(), avb::SlotVerifyError<'static>> {
+) -> SlotVerifyNoDataResult<()> {
if descriptors.num_hash_descriptor() == 1 {
Ok(())
} else {
- Err(avb::SlotVerifyError::InvalidMetadata)
+ Err(SlotVerifyError::InvalidMetadata)
}
}
fn verify_loaded_partition_has_expected_length(
- loaded_partitions: &[AvbPartitionData],
+ loaded_partitions: &[PartitionData],
partition_name: PartitionName,
expected_len: usize,
-) -> Result<(), avb::SlotVerifyError<'static>> {
+) -> SlotVerifyNoDataResult<()> {
if loaded_partitions.len() != 1 {
// Only one partition should be loaded in each verify result.
- return Err(avb::SlotVerifyError::Io);
+ return Err(SlotVerifyError::Io);
}
- let loaded_partition = loaded_partitions[0];
- if !PartitionName::try_from(loaded_partition.partition_name as *const c_char)
+ let loaded_partition = &loaded_partitions[0];
+ if !PartitionName::try_from(loaded_partition.partition_name())
.map_or(false, |p| p == partition_name)
{
// Only the requested partition should be loaded.
- return Err(avb::SlotVerifyError::Io);
+ return Err(SlotVerifyError::Io);
}
- if loaded_partition.data_size == expected_len {
+ if loaded_partition.data().len() == expected_len {
Ok(())
} else {
- Err(avb::SlotVerifyError::Verification(None))
+ Err(SlotVerifyError::Verification(None))
}
}
@@ -158,28 +153,40 @@
.and_then(Capability::get_capabilities)
}
+/// Verifies the given initrd partition, and checks that the resulting contents looks like expected.
+fn verify_initrd(
+ ops: &mut Ops,
+ partition_name: PartitionName,
+ expected_initrd: &[u8],
+) -> SlotVerifyNoDataResult<()> {
+ let result =
+ ops.verify_partition(partition_name.as_cstr()).map_err(|e| e.without_verify_data())?;
+ verify_loaded_partition_has_expected_length(
+ result.partition_data(),
+ partition_name,
+ expected_initrd.len(),
+ )
+}
+
/// Verifies the payload (signed kernel + initrd) against the trusted public key.
pub fn verify_payload<'a>(
kernel: &[u8],
initrd: Option<&[u8]>,
trusted_public_key: &'a [u8],
) -> Result<VerifiedBootData<'a>, PvmfwVerifyError> {
- let mut payload = Payload::new(kernel, initrd, trusted_public_key);
- let mut ops = Ops::from(&mut payload);
+ let payload = Payload::new(kernel, initrd, trusted_public_key);
+ let mut ops = Ops::new(&payload);
let kernel_verify_result = ops.verify_partition(PartitionName::Kernel.as_cstr())?;
- let vbmeta_images = kernel_verify_result.vbmeta_images()?;
+ let vbmeta_images = kernel_verify_result.vbmeta_data();
// TODO(b/302093437): Use explicit rollback_index_location instead of default
// location (first element).
let rollback_index =
*kernel_verify_result.rollback_indexes().first().unwrap_or(&DEFAULT_ROLLBACK_INDEX);
verify_only_one_vbmeta_exists(vbmeta_images)?;
- let vbmeta_image = vbmeta_images[0];
- verify_vbmeta_is_from_kernel_partition(&vbmeta_image)?;
- // SAFETY: It is safe because the `vbmeta_image` is collected from `AvbSlotVerifyData`,
- // which is returned by `avb_slot_verify()` when the verification succeeds. It is
- // guaranteed by libavb to be non-null and to point to a valid VBMeta structure.
- let descriptors = unsafe { Descriptors::from_vbmeta(vbmeta_image)? };
+ let vbmeta_image = &vbmeta_images[0];
+ verify_vbmeta_is_from_kernel_partition(vbmeta_image)?;
+ let descriptors = Descriptors::from_vbmeta(vbmeta_image)?;
let capabilities = verify_property_and_get_capabilities(&descriptors)?;
let kernel_descriptor = descriptors.find_hash_descriptor(PartitionName::Kernel)?;
@@ -196,20 +203,15 @@
}
let initrd = initrd.unwrap();
- let (debug_level, initrd_verify_result, initrd_partition_name) =
- if let Ok(result) = ops.verify_partition(PartitionName::InitrdNormal.as_cstr()) {
- (DebugLevel::None, result, PartitionName::InitrdNormal)
- } else if let Ok(result) = ops.verify_partition(PartitionName::InitrdDebug.as_cstr()) {
- (DebugLevel::Full, result, PartitionName::InitrdDebug)
+ let mut initrd_ops = Ops::new(&payload);
+ let (debug_level, initrd_partition_name) =
+ if verify_initrd(&mut initrd_ops, PartitionName::InitrdNormal, initrd).is_ok() {
+ (DebugLevel::None, PartitionName::InitrdNormal)
+ } else if verify_initrd(&mut initrd_ops, PartitionName::InitrdDebug, initrd).is_ok() {
+ (DebugLevel::Full, PartitionName::InitrdDebug)
} else {
- return Err(avb::SlotVerifyError::Verification(None).into());
+ return Err(SlotVerifyError::Verification(None).into());
};
- let loaded_partitions = initrd_verify_result.loaded_partitions()?;
- verify_loaded_partition_has_expected_length(
- loaded_partitions,
- initrd_partition_name,
- initrd.len(),
- )?;
let initrd_descriptor = descriptors.find_hash_descriptor(initrd_partition_name)?;
Ok(VerifiedBootData {
debug_level,
diff --git a/pvmfw/avb/tests/api_test.rs b/pvmfw/avb/tests/api_test.rs
index 84f83c2..6dc5a0a 100644
--- a/pvmfw/avb/tests/api_test.rs
+++ b/pvmfw/avb/tests/api_test.rs
@@ -17,6 +17,7 @@
mod utils;
use anyhow::{anyhow, Result};
+use avb::{IoError, SlotVerifyError};
use avb_bindgen::{AvbFooter, AvbVBMetaImageHeader};
use pvmfw_avb::{verify_payload, Capability, DebugLevel, PvmfwVerifyError, VerifiedBootData};
use std::{fs, mem::size_of, ptr};
@@ -87,7 +88,7 @@
&fs::read(TEST_IMG_WITH_NON_INITRD_HASHDESC_PATH)?,
/* initrd= */ None,
&load_trusted_public_key()?,
- PvmfwVerifyError::InvalidDescriptors(avb::IoError::NoSuchPartition),
+ PvmfwVerifyError::InvalidDescriptors(IoError::NoSuchPartition),
)
}
@@ -97,7 +98,7 @@
&fs::read(TEST_IMG_WITH_INITRD_AND_NON_INITRD_DESC_PATH)?,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- PvmfwVerifyError::InvalidDescriptors(avb::IoError::NoSuchPartition),
+ PvmfwVerifyError::InvalidDescriptors(IoError::NoSuchPartition),
)
}
@@ -141,7 +142,7 @@
&fs::read(TEST_IMG_WITH_MULTIPLE_PROPS_PATH)?,
/* initrd= */ None,
&load_trusted_public_key()?,
- PvmfwVerifyError::InvalidDescriptors(avb::IoError::Io),
+ PvmfwVerifyError::InvalidDescriptors(IoError::Io),
)
}
@@ -151,7 +152,7 @@
&fs::read(TEST_IMG_WITH_DUPLICATED_CAP_PATH)?,
/* initrd= */ None,
&load_trusted_public_key()?,
- avb::SlotVerifyError::InvalidMetadata.into(),
+ SlotVerifyError::InvalidMetadata.into(),
)
}
@@ -171,7 +172,7 @@
&load_latest_signed_kernel()?,
/* initrd= */ None,
&load_trusted_public_key()?,
- avb::SlotVerifyError::InvalidMetadata.into(),
+ SlotVerifyError::InvalidMetadata.into(),
)
}
@@ -181,7 +182,7 @@
&load_latest_signed_kernel()?,
&load_latest_initrd_normal()?,
/* trusted_public_key= */ &[0u8; 0],
- avb::SlotVerifyError::PublicKeyRejected.into(),
+ SlotVerifyError::PublicKeyRejected.into(),
)
}
@@ -191,7 +192,7 @@
&load_latest_signed_kernel()?,
&load_latest_initrd_normal()?,
/* trusted_public_key= */ &[0u8; 512],
- avb::SlotVerifyError::PublicKeyRejected.into(),
+ SlotVerifyError::PublicKeyRejected.into(),
)
}
@@ -201,7 +202,7 @@
&load_latest_signed_kernel()?,
&load_latest_initrd_normal()?,
&fs::read(PUBLIC_KEY_RSA2048_PATH)?,
- avb::SlotVerifyError::PublicKeyRejected.into(),
+ SlotVerifyError::PublicKeyRejected.into(),
)
}
@@ -211,7 +212,7 @@
&load_latest_signed_kernel()?,
/* initrd= */ &fs::read(UNSIGNED_TEST_IMG_PATH)?,
&load_trusted_public_key()?,
- avb::SlotVerifyError::Verification(None).into(),
+ SlotVerifyError::Verification(None).into(),
)
}
@@ -221,7 +222,7 @@
&fs::read(UNSIGNED_TEST_IMG_PATH)?,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- avb::SlotVerifyError::Io.into(),
+ SlotVerifyError::Io.into(),
)
}
@@ -234,7 +235,7 @@
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- avb::SlotVerifyError::Verification(None).into(),
+ SlotVerifyError::Verification(None).into(),
)
}
@@ -272,7 +273,7 @@
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- avb::SlotVerifyError::Io.into(),
+ SlotVerifyError::Io.into(),
)?;
}
Ok(())
@@ -288,7 +289,7 @@
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- avb::SlotVerifyError::InvalidMetadata.into(),
+ SlotVerifyError::InvalidMetadata.into(),
)
}
@@ -301,7 +302,7 @@
&load_latest_signed_kernel()?,
&initrd,
&load_trusted_public_key()?,
- avb::SlotVerifyError::Verification(None).into(),
+ SlotVerifyError::Verification(None).into(),
)
}
@@ -317,7 +318,7 @@
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- avb::SlotVerifyError::InvalidMetadata.into(),
+ SlotVerifyError::InvalidMetadata.into(),
)
}
@@ -340,13 +341,13 @@
&kernel,
&load_latest_initrd_normal()?,
&empty_public_key,
- avb::SlotVerifyError::Verification(None).into(),
+ SlotVerifyError::Verification(None).into(),
)?;
assert_payload_verification_with_initrd_fails(
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- avb::SlotVerifyError::Verification(None).into(),
+ SlotVerifyError::Verification(None).into(),
)
}
@@ -384,7 +385,7 @@
&kernel,
&load_latest_initrd_normal()?,
&load_trusted_public_key()?,
- avb::SlotVerifyError::Verification(None).into(),
+ SlotVerifyError::Verification(None).into(),
)
}