From 6faf0265c9b58db2c15b53f6d29025629d52f882 Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Thu, 9 Jun 2016 14:09:39 -0700 Subject: Verify wipe package when wiping A/B device in recovery. To increase the security of wiping A/B devices, let uncrypt write wipe package in misc partition. Then recovery verifies the wipe package before wiping the device. Bug: 29159185 Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168 --- bootloader.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'bootloader.h') diff --git a/bootloader.h b/bootloader.h index 742a4abfb..88d54a5cb 100644 --- a/bootloader.h +++ b/bootloader.h @@ -17,6 +17,17 @@ #ifndef _RECOVERY_BOOTLOADER_H #define _RECOVERY_BOOTLOADER_H +#include + +// Spaces used by misc partition are as below: +// 0 - 2K Bootloader Message +// 2K - 16K Used by Vendor's bootloader +// 16K - 64K Used by uncrypt and recovery to store wipe_package for A/B devices +// Note that these offsets are admitted by bootloader,recovery and uncrypt, so they +// are not configurable without changing all of them. +static const size_t BOOTLOADER_MESSAGE_OFFSET_IN_MISC = 0; +static const size_t WIPE_PACKAGE_OFFSET_IN_MISC = 16 * 1024; + /* Bootloader Message * * This structure describes the content of a block in flash @@ -68,4 +79,11 @@ struct bootloader_message { int get_bootloader_message(struct bootloader_message *out); int set_bootloader_message(const struct bootloader_message *in); +#ifdef __cplusplus + +#include + +bool read_wipe_package(size_t size, std::string* out); +#endif + #endif -- cgit v1.2.3