avb_verify: Remove KVDB related verfications by JianyuWang0623 · Pull Request #7 · open-vela/frameworks_system_ota

JianyuWang0623 · 2025-02-12T10:39:36Z

WARNING: Has NOT committed to gerrit yet

Summary

It`s unsafe to store values to KVDB.

The options "-c" was removed, please use "-U"(upgrade verfication) instead.

Comparing rollback index to prevent duplicate installation
The parameters of INTERNAL used function avb_verify was updated:

-int avb_verify(const char* partition, const char* key, const char* suffix, AvbSlotVerifyFlags flags)
+int avb_verify(struct avb_params_t* params)

Impact

frameworks/system/ota/verify/avb_verify

Testing

    dd if=/dev/random of=1MB_1.1 bs=1MB count=1
    ../tools/avb_sign.sh 1MB_1.1 0 -P $(pwd)/1MB -o --dynamic_partition_size -o "--rollback_index_location 1" -o "--rollback_index 1"

    dd if=/dev/random of=1MB_1.2 bs=1MB count=1
    ../tools/avb_sign.sh 1MB_1.2 0 -P $(pwd)/1MB -o --dynamic_partition_size -o "--rollback_index_location 1" -o "--rollback_index 2"

    ./avb_verify -I 1MB_1.1
    ./avb_verify -I 1MB_1.2

    ./avb_verify -U 1MB_1.2 1MB_1.1 ../tools/keys/key.avb && echo PASSED || echo FAILED
    ./avb_verify -U 1MB_1.2 1MB_1.2 ../tools/keys/key.avb && echo PASSED || echo FAILED
    ./avb_verify -U 1MB_1.1 1MB_1.2 ../tools/keys/key.avb && echo FAILED || echo PASSED

    rm -v 1MB_1.1 1MB_1.2

Result

$     ./avb_verify -U 1MB_1.2 1MB_1.1 ../tools/keys/key.avb && echo PASSED || echo FAILED
PASSED
$     ./avb_verify -U 1MB_1.2 1MB_1.2 ../tools/keys/key.avb && echo PASSED || echo FAILED
PASSED
$     ./avb_verify -U 1MB_1.1 1MB_1.2 ../tools/keys/key.avb && echo FAILED || echo PASSED
avb_slot_verify.c:945: ERROR: 1MB_1.1: Image rollback index is less than the stored rollback index.
./avb_verify verify 1MB_1.1 error 4
PASSED

JianyuWang0623 · 2025-02-12T10:43:21Z

@Donny9 @gneworld Could you review this PR please?

verify/avb_main.c

verify/avb_verify.h

It`s unsafe to store values to KVDB. 1. The options "-c" was removed, please use "-U"(upgrade verfication) instead. Comparing rollback index to prevent duplicate installation 2. The parameters of INTERNAL used function `avb_verify` was updated: -int avb_verify(const char* partition, const char* key, const char* suffix, AvbSlotVerifyFlags flags) +int avb_verify(struct avb_params_t* params) Test dd if=/dev/random of=1MB_1.1 bs=1MB count=1 ../tools/avb_sign.sh 1MB_1.1 0 -P $(pwd)/1MB -o --dynamic_partition_size -o "--rollback_index_location 1" -o "--rollback_index 1" dd if=/dev/random of=1MB_1.2 bs=1MB count=1 ../tools/avb_sign.sh 1MB_1.2 0 -P $(pwd)/1MB -o --dynamic_partition_size -o "--rollback_index_location 1" -o "--rollback_index 2" ./avb_verify -I 1MB_1.1 ./avb_verify -I 1MB_1.2 ./avb_verify -U 1MB_1.2 1MB_1.1 ../tools/keys/key.avb && echo PASSED || echo FAILED ./avb_verify -U 1MB_1.2 1MB_1.2 ../tools/keys/key.avb && echo PASSED || echo FAILED ./avb_verify -U 1MB_1.1 1MB_1.2 ../tools/keys/key.avb && echo FAILED || echo PASSED rm -v 1MB_1.1 1MB_1.2 Signed-off-by: wangjianyu3 <wangjianyu3@xiaomi.com>

xiaoxiang781216 · 2025-02-13T06:36:06Z

@JianyuWang0623 ci fail.

JianyuWang0623 · 2025-02-13T06:47:01Z

@JianyuWang0623 ci fail.

"Parse PR Description for Dependencies" failed,
@zhangning21 @liujinye-sys Could you take a look please?

openvela-robot · 2025-02-13T07:22:22Z

@JianyuWang0623 ci fail.

"Parse PR Description for Dependencies" failed, @zhangning21 @liujinye-sys Could you take a look please?

The inclusion of '$' in the body caused a parsing exception, which has been fixed

JianyuWang0623 requested review from GUIDINGLI and xiaoxiang781216 as code owners February 12, 2025 10:39

xiaoxiang781216 reviewed Feb 13, 2025

View reviewed changes

verify/avb_main.c Outdated Show resolved Hide resolved

verify/avb_verify.h Outdated Show resolved Hide resolved

JianyuWang0623 force-pushed the br_wjy_system_ota_avb_rm_kvdb_related_250212_openvela branch 2 times, most recently from 3435088 to 03af071 Compare February 13, 2025 04:31

JianyuWang0623 force-pushed the br_wjy_system_ota_avb_rm_kvdb_related_250212_openvela branch from 03af071 to c774428 Compare February 13, 2025 04:34

xiaoxiang781216 approved these changes Feb 13, 2025

View reviewed changes

JianyuWang0623 requested a review from xiaoxiang781216 February 25, 2025 12:45

xiaoxiang781216 approved these changes Feb 25, 2025

View reviewed changes

xiaoxiang781216 merged commit d45317e into open-vela:dev Feb 25, 2025
4 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

avb_verify: Remove KVDB related verfications#7

avb_verify: Remove KVDB related verfications#7
xiaoxiang781216 merged 1 commit intoopen-vela:devfrom
JianyuWang0623:br_wjy_system_ota_avb_rm_kvdb_related_250212_openvela

JianyuWang0623 commented Feb 12, 2025

Uh oh!

JianyuWang0623 commented Feb 12, 2025

Uh oh!

Uh oh!

Uh oh!

xiaoxiang781216 commented Feb 13, 2025

Uh oh!

JianyuWang0623 commented Feb 13, 2025

Uh oh!

openvela-robot commented Feb 13, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

JianyuWang0623 commented Feb 12, 2025

Summary

Impact

Testing

Uh oh!

JianyuWang0623 commented Feb 12, 2025

Uh oh!

Uh oh!

Uh oh!

xiaoxiang781216 commented Feb 13, 2025

Uh oh!

JianyuWang0623 commented Feb 13, 2025

Uh oh!

openvela-robot commented Feb 13, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants