From e6c782b502467af6337d32a786d5bdfd5b104229 Mon Sep 17 00:00:00 2001
From: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Date: Thu, 5 Aug 2021 17:17:22 +0200
Subject: configs: meson64_android: implement AVB support

AVB (Android Verified Boot) is well supported in U-Boot already.
Add support for it in meson64_android.

This is controlled by the "force_avb" environment variable and the
CONFIG_CMD_AVB option.

Signed-off-by: Guillaume La Roque <glaroque@baylibre.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 include/configs/meson64_android.h | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'include/configs/meson64_android.h')

diff --git a/include/configs/meson64_android.h b/include/configs/meson64_android.h
index bc3ffb9ca5..48a23b6e41 100644
--- a/include/configs/meson64_android.h
+++ b/include/configs/meson64_android.h
@@ -27,6 +27,25 @@
 
 #ifndef RECOVERY_PARTITION
 #define RECOVERY_PARTITION "recovery"
+
+#if defined(CONFIG_CMD_AVB)
+#define AVB_VERIFY_CHECK \
+	"if test \"${force_avb}\" -eq 1; then " \
+		"if run avb_verify; then " \
+			"echo AVB verification OK.;" \
+			"setenv bootargs \"$bootargs $avb_bootargs\";" \
+		"else " \
+			"echo AVB verification failed.;" \
+		"exit; fi;" \
+	"else " \
+		"setenv bootargs \"$bootargs androidboot.verifiedbootstate=orange\";" \
+		"echo Running without AVB...; "\
+	"fi;"
+
+#define AVB_VERIFY_CMD "avb_verify=avb init ${mmcdev}; avb verify;\0"
+#else
+#define AVB_VERIFY_CHECK ""
+#define AVB_VERIFY_CMD ""
 #endif
 
 #define BOOTENV_DEV_FASTBOOT(devtypeu, devtypel, instance) \
@@ -93,6 +112,7 @@
 			"echo Running Recovery...;" \
 			"mmc dev ${mmcdev};" \
 			"setenv bootargs \"${bootargs} androidboot.serialno=${serial#}\";" \
+			AVB_VERIFY_CHECK \
 			"part start mmc ${mmcdev} " RECOVERY_PARTITION " boot_start;" \
 			"part size mmc ${mmcdev} " RECOVERY_PARTITION " boot_size;" \
 			"if mmc read ${loadaddr} ${boot_start} ${boot_size}; then " \
@@ -111,6 +131,7 @@
 		"echo Loading Android " BOOT_PARTITION " partition...;" \
 		"mmc dev ${mmcdev};" \
 		"setenv bootargs ${bootargs} androidboot.serialno=${serial#};" \
+		AVB_VERIFY_CHECK \
 		"part start mmc ${mmcdev} " BOOT_PARTITION " boot_start;" \
 		"part size mmc ${mmcdev} " BOOT_PARTITION " boot_size;" \
 		"if mmc read ${loadaddr} ${boot_start} ${boot_size}; then " \
@@ -142,6 +163,8 @@
 #define CONFIG_EXTRA_ENV_SETTINGS                                     \
 	"partitions=" PARTS_DEFAULT "\0"                              \
 	"mmcdev=2\0"                                                  \
+	AVB_VERIFY_CMD                                                \
+	"force_avb=0\0"                                               \
 	"gpio_recovery=88\0"                                          \
 	"check_button=gpio input ${gpio_recovery};test $? -eq 0;\0"   \
 	"load_logo=" PREBOOT_LOAD_LOGO "\0"			      \
-- 
cgit v1.2.3