1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17syntax = "proto3";
18
19package nugget.app.avb;
20
21import "nugget/protobuf/options.proto";
22
23service Avb {
24  option (nugget.protobuf.app_id) = "AVB";
25  option (nugget.protobuf.app_name) = "Android Verified Boot";
26  option (nugget.protobuf.app_version) = 1;
27  option (nugget.protobuf.request_buffer_size) = 2200;
28  option (nugget.protobuf.response_buffer_size) = 640;
29
30  rpc GetState (GetStateRequest) returns (GetStateResponse);
31  rpc Load (LoadRequest) returns (LoadResponse);
32  rpc Store (StoreRequest) returns (StoreResponse);
33  rpc GetLock (GetLockRequest) returns (GetLockResponse);
34  rpc CarrierLock (CarrierLockRequest) returns (CarrierLockResponse);
35  rpc CarrierUnlock (CarrierUnlockRequest) returns (CarrierUnlockResponse);
36  rpc SetDeviceLock (SetDeviceLockRequest) returns (SetDeviceLockResponse);
37  rpc SetBootLock (SetBootLockRequest) returns (SetBootLockResponse);
38  rpc SetOwnerLock (SetOwnerLockRequest) returns (SetOwnerLockResponse);
39  rpc SetProduction (SetProductionRequest) returns (SetProductionResponse);
40  rpc CarrierLockTest (CarrierLockTestRequest) returns (CarrierLockTestResponse);
41  rpc Reset (ResetRequest) returns (ResetResponse);
42  rpc BootloaderDone (BootloaderDoneRequest) returns (BootloaderDoneResponse);
43  rpc GetOwnerKey (GetOwnerKeyRequest) returns (GetOwnerKeyResponse);
44  rpc GetResetChallenge (GetResetChallengeRequest) returns (GetResetChallengeResponse);
45  rpc ProductionResetTest (ProductionResetTestRequest) returns (ProductionResetTestResponse);
46}
47
48enum LockIndex {
49  CARRIER = 0;
50  DEVICE = 1;
51  BOOT = 2;
52  OWNER = 3;
53}
54
55// GetState
56message GetStateRequest {}
57message GetStateResponse {
58  uint64 version = 1;
59  bool bootloader = 2;
60  bool production = 3;
61  uint32 number_of_locks = 4;
62  bytes locks = 5;
63}
64
65// Load
66message LoadRequest {
67  uint32 slot = 1;
68}
69message LoadResponse {
70  uint64 version = 1;
71}
72
73// Store
74message StoreRequest {
75  uint32 slot = 1;
76  uint64 version = 2;
77}
78message StoreResponse {}
79
80// GetLock
81message GetLockRequest {
82  LockIndex lock = 1;
83}
84message GetLockResponse {
85  uint32 locked = 1;
86}
87
88message CarrierUnlock {
89  uint64 version = 1;
90  uint64 nonce = 2;
91  bytes signature = 3;
92}
93
94// Carrier lock
95message CarrierLockRequest {
96  uint32 locked = 1;
97  bytes device_data = 2;
98}
99message CarrierLockResponse {}
100
101message CarrierUnlockRequest {
102  CarrierUnlock token = 1;
103}
104message CarrierUnlockResponse {}
105
106// Device lock
107message SetDeviceLockRequest {
108  uint32 locked = 1;
109}
110message SetDeviceLockResponse {}
111
112// Boot lock
113message SetBootLockRequest {
114  uint32 locked = 1;
115}
116message SetBootLockResponse {}
117
118// Owner lock
119message SetOwnerLockRequest {
120  uint32 locked = 1;
121  bytes key = 2;
122}
123message SetOwnerLockResponse {}
124
125message GetOwnerKeyRequest {
126  uint32 offset = 1;
127  uint32 size = 2;
128}
129message GetOwnerKeyResponse {
130  bytes chunk = 1;
131}
132
133// SetProduction
134message SetProductionRequest {
135  bool production = 1;
136  bytes device_data = 2;
137}
138message SetProductionResponse {}
139
140// CarrierLockTest
141message CarrierLockTestRequest {
142  uint64 last_nonce = 1;
143  uint64 version = 2;
144  bytes device_data = 3;
145  CarrierUnlock token = 4;
146}
147
148message CarrierLockTestResponse {}
149
150// Reset
151message ResetToken {
152  enum Selectors {
153    INVALID = 0;
154    CURRENT = 1;
155  };
156  uint32 selector = 1;
157  bytes signature = 2;
158}
159
160message ResetRequest {
161  enum ResetKind {
162    PRODUCTION = 0;
163    LOCKS = 1;
164  };
165
166  ResetKind kind = 1;
167  ResetToken token = 2; // optional
168}
169message ResetResponse {}
170
171// GetResetChallenge
172message GetResetChallengeRequest {}
173message GetResetChallengeResponse {
174  uint32 selector = 1;
175  uint64 nonce = 2;
176  bytes device_data = 3;
177}
178
179// ProductionResetTest
180message ProductionResetTestRequest {
181  uint32 selector = 1;
182  uint64 nonce = 2;
183  bytes device_data = 3;
184  bytes signature = 4;
185}
186message ProductionResetTestResponse {}
187
188// BootloaderDone
189message BootloaderDoneRequest {}
190
191message BootloaderDoneResponse {}
192