1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dm_verity.h"
17 #include "fs_hvb.h"
18 #include "hvb_cmdline.h"
19 #include "securec.h"
20 #include "beget_ext.h"
21 #include <stdbool.h>
22
23 #ifdef __cplusplus
24 #if __cplusplus
25 extern "C" {
26 #endif
27 #endif
28
29 #define HVB_VB_STATE_STR_MAX_LEN 32
30 #define HVB_FORCE_ENABLE_STR_MAX_LEN 16
31 #define HVB_CMDLINE_HVB_FORCE_ENABLE "ohos.boot.hvb.oem_swtype"
32
33 #define DM_VERITY_RETURN_ERR_IF_NULL(__ptr) \
34 do { \
35 if ((__ptr) == NULL) { \
36 BEGET_LOGE("error, %s is NULL\n", #__ptr); \
37 return -1; \
38 } \
39 } while (0)
40
HvbDmVerityIsEnable(void)41 static bool HvbDmVerityIsEnable(void)
42 {
43 int rc;
44 char forceEnable[HVB_FORCE_ENABLE_STR_MAX_LEN] = {0};
45 char vBState[HVB_VB_STATE_STR_MAX_LEN] = {0};
46
47 rc = FsHvbGetValueFromCmdLine(&forceEnable[0], sizeof(forceEnable), HVB_CMDLINE_HVB_FORCE_ENABLE);
48 if (rc == 0 && strcmp(&forceEnable[0], "factory") == 0) {
49 return true;
50 }
51
52 rc = FsHvbGetValueFromCmdLine(&vBState[0], sizeof(vBState), HVB_CMDLINE_VB_STATE);
53
54 if (rc != 0) {
55 BEGET_LOGE("error 0x%x, get verifed boot state", rc);
56 return false;
57 }
58
59 if (strcmp(&vBState[0], "false") == 0 || strcmp(&vBState[0], "FALSE") == 0) {
60 return false;
61 }
62
63 if (strcmp(&vBState[0], "orange") == 0 || strcmp(&vBState[0], "ORANGE") == 0) {
64 return false;
65 }
66
67 return true;
68 }
69
HvbDmVerityinit(const Fstab * fstab)70 int HvbDmVerityinit(const Fstab *fstab)
71 {
72 int rc;
73 FstabItem *p = NULL;
74
75 if (!HvbDmVerityIsEnable()) {
76 BEGET_LOGI("hvb not enable, not init");
77 return 0;
78 }
79
80 for (p = fstab->head; p != NULL; p = p->next) {
81 if (p->fsManagerFlags & FS_MANAGER_HVB)
82 break;
83 }
84
85 if (p == NULL) {
86 BEGET_LOGI("no need init fs hvb");
87 return 0;
88 }
89
90 rc = FsHvbInit();
91 if (rc != 0) {
92 BEGET_LOGE("init fs hvb error, ret=%d", rc);
93 return rc;
94 }
95
96 return rc;
97 }
98
HvbDmVeritySetUp(FstabItem * fsItem)99 int HvbDmVeritySetUp(FstabItem *fsItem)
100 {
101 int rc;
102
103 if (!HvbDmVerityIsEnable()) {
104 BEGET_LOGI("hvb not enable, not setup");
105 return 0;
106 }
107
108 DM_VERITY_RETURN_ERR_IF_NULL(fsItem);
109
110 if ((fsItem->fsManagerFlags & FS_MANAGER_HVB) == 0) {
111 BEGET_LOGW("device %s not need hvb", fsItem->deviceName ? fsItem->deviceName : "none");
112 return 0;
113 }
114
115 rc = FsHvbSetupHashtree(fsItem);
116 if (rc != 0) {
117 BEGET_LOGE("error, setup hashtree fail, ret=%d", rc);
118 }
119
120 return rc;
121 }
122
HvbDmVerityFinal(void)123 void HvbDmVerityFinal(void)
124 {
125 int rc;
126
127 if (!HvbDmVerityIsEnable()) {
128 BEGET_LOGI("hvb not enable, not final");
129 return;
130 }
131
132 rc = FsHvbFinal();
133 if (rc != 0) {
134 BEGET_LOGE("final fs hvb error, ret=%d", rc);
135 return;
136 }
137 }
138
139 #ifdef __cplusplus
140 #if __cplusplus
141 }
142 #endif
143 #endif
144