1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Permission is hereby granted, free of charge, to any person
5  * obtaining a copy of this software and associated documentation
6  * files (the "Software"), to deal in the Software without
7  * restriction, including without limitation the rights to use, copy,
8  * modify, merge, publish, distribute, sublicense, and/or sell copies
9  * of the Software, and to permit persons to whom the Software is
10  * furnished to do so, subject to the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #ifndef AVB_ATX_SLOT_VERIFY_H_
26 #define AVB_ATX_SLOT_VERIFY_H_
27 
28 #include <libavb_atx/libavb_atx.h>
29 
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33 
34 typedef enum {
35   AVB_ATX_LOCKED,
36   AVB_ATX_UNLOCKED,
37 } AvbAtxLockState;
38 
39 typedef enum {
40   AVB_ATX_SLOT_MARKED_SUCCESSFUL,
41   AVB_ATX_SLOT_NOT_MARKED_SUCCESSFUL,
42 } AvbAtxSlotState;
43 
44 typedef enum {
45   AVB_ATX_OEM_DATA_USED,
46   AVB_ATX_OEM_DATA_NOT_USED,
47 } AvbAtxOemDataState;
48 
49 /* Performs a full verification of the slot identified by |ab_suffix|. If
50  * |lock_state| indicates verified boot is unlocked then verification errors
51  * will be allowed (see AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR for more
52  * details.
53  *
54  * If |slot_state| indicates the slot identified by |ab_suffix| has been marked
55  * successful then minimum rollback index values will be bumped to match the
56  * values in the verified slot (on success).
57  *
58  * If |oem_data_state| indicates that OEM-specific data is not being used, then
59  * verification of the 'oem_bootloader' partition will be skipped and it will
60  * not be represented in |out_data|.
61  *
62  * The semantics of |out_data| are the same as for avb_slot_verify().
63  *
64  * On success, an Android Things |vbh_extension| is populated. This value must
65  * be extended into the Verified Boot Hash value accumulated from earlier boot
66  * stages.
67  *
68  * All of the function pointers in |ops| must be valid except for
69  * set_key_version, which will be ignored and may be NULL.
70  */
71 AvbSlotVerifyResult avb_atx_slot_verify(
72     AvbAtxOps* ops,
73     const char* ab_suffix,
74     AvbAtxLockState lock_state,
75     AvbAtxSlotState slot_state,
76     AvbAtxOemDataState oem_data_state,
77     AvbSlotVerifyData** verify_data,
78     uint8_t vbh_extension[AVB_SHA256_DIGEST_SIZE]);
79 
80 #ifdef __cplusplus
81 }
82 #endif
83 
84 #endif /* AVB_SLOT_VERIFY_H_ */
85