1*5c4dab75SAndroid Build Coastguard Worker# Verified Boot Storage Applet for AVB 2.0 2*5c4dab75SAndroid Build Coastguard Worker 3*5c4dab75SAndroid Build Coastguard Worker - Status: Draft as of April 6, 2017 4*5c4dab75SAndroid Build Coastguard Worker 5*5c4dab75SAndroid Build Coastguard Worker## Introduction 6*5c4dab75SAndroid Build Coastguard Worker 7*5c4dab75SAndroid Build Coastguard WorkerThe application and support libraries in this directory provide 8*5c4dab75SAndroid Build Coastguard Workera mechanism for a device's bootloader, using [AVB](https://android.googlesource.com/platform/external/avb/), 9*5c4dab75SAndroid Build Coastguard Workerto store sensitive information. For a bootloader, sensitive information 10*5c4dab75SAndroid Build Coastguard Workerincludes whether the device is unlocked or locked, whether it is unlockable, 11*5c4dab75SAndroid Build Coastguard Workerand what the minimum version of the OS/kernel is allowed to be booted. It 12*5c4dab75SAndroid Build Coastguard Workermay also store other sensitive flags. 13*5c4dab75SAndroid Build Coastguard Worker 14*5c4dab75SAndroid Build Coastguard WorkerThe verified boot storage applet provides a mechanism to store this 15*5c4dab75SAndroid Build Coastguard Workerdata in a way that enforceѕ the expected policies even if the higher level 16*5c4dab75SAndroid Build Coastguard Workeroperating system is compromised or operates in an unexpected fashion. 17*5c4dab75SAndroid Build Coastguard Worker 18*5c4dab75SAndroid Build Coastguard Worker 19*5c4dab75SAndroid Build Coastguard Worker## Design Overview 20*5c4dab75SAndroid Build Coastguard Worker 21*5c4dab75SAndroid Build Coastguard WorkerThe Verified Boot Storage Applet, VBSA, provides three purpose-built 22*5c4dab75SAndroid Build Coastguard Workerinterfaces: 23*5c4dab75SAndroid Build Coastguard Worker 24*5c4dab75SAndroid Build Coastguard Worker - Lock storage and policy enforcement 25*5c4dab75SAndroid Build Coastguard Worker - Rollback index storage 26*5c4dab75SAndroid Build Coastguard Worker - Applet state 27*5c4dab75SAndroid Build Coastguard Worker 28*5c4dab75SAndroid Build Coastguard WorkerEach will be detailed below. 29*5c4dab75SAndroid Build Coastguard Worker 30*5c4dab75SAndroid Build Coastguard Worker### Locks 31*5c4dab75SAndroid Build Coastguard Worker 32*5c4dab75SAndroid Build Coastguard WorkerThere are four supported lock types: 33*5c4dab75SAndroid Build Coastguard Worker 34*5c4dab75SAndroid Build Coastguard Worker - `LOCK_CARRIER` 35*5c4dab75SAndroid Build Coastguard Worker - `LOCK_DEVICE` 36*5c4dab75SAndroid Build Coastguard Worker - `LOCK_BOOT` 37*5c4dab75SAndroid Build Coastguard Worker - `LOCK_OWNER` 38*5c4dab75SAndroid Build Coastguard Worker 39*5c4dab75SAndroid Build Coastguard WorkerEach lock has a single byte of "lock" storage. If that byte is 0x0, then it is 40*5c4dab75SAndroid Build Coastguard Workerunlocked, or cleared. If it is non-zero, then the lock is locked. Any 41*5c4dab75SAndroid Build Coastguard Workernon-zero value is valid and may be used by the bootloader if any additional 42*5c4dab75SAndroid Build Coastguard Workerinternal flagging is necessary. 43*5c4dab75SAndroid Build Coastguard Worker 44*5c4dab75SAndroid Build Coastguard WorkerIn addition, a lock may have associated metadata which must be supplied during 45*5c4dab75SAndroid Build Coastguard Workerlock or unlock, or both. 46*5c4dab75SAndroid Build Coastguard Worker 47*5c4dab75SAndroid Build Coastguard WorkerSee `ese_boot_lock_*` in include/ese/app/boot.h for the specific interfaces. 48*5c4dab75SAndroid Build Coastguard Worker 49*5c4dab75SAndroid Build Coastguard Worker 50*5c4dab75SAndroid Build Coastguard Worker#### LOCK\_CARRIER 51*5c4dab75SAndroid Build Coastguard Worker 52*5c4dab75SAndroid Build Coastguard WorkerThe Carrier Lock implements a lock which can only be set when the device is not 53*5c4dab75SAndroid Build Coastguard Workerin production and can only be unlocked if provided a cryptographic signature. 54*5c4dab75SAndroid Build Coastguard Worker 55*5c4dab75SAndroid Build Coastguard WorkerThis lock is available for use to implement "sim locking" or "phone locking" 56*5c4dab75SAndroid Build Coastguard Workersuch that the carrier can determine if the device is allowed to boot an 57*5c4dab75SAndroid Build Coastguard Workerunsigned or unknown system image. 58*5c4dab75SAndroid Build Coastguard Worker 59*5c4dab75SAndroid Build Coastguard WorkerTo provision this lock, device-specific data must be provided in an exact 60*5c4dab75SAndroid Build Coastguard Workerformat. An example of this can be found in 61*5c4dab75SAndroid Build Coastguard Worker`'ese-boot-tool.cpp':collect_device_data()`. This data is then provided to 62*5c4dab75SAndroid Build Coastguard Workerthe applet using `ese_boot_lock_xset()`. 63*5c4dab75SAndroid Build Coastguard Worker 64*5c4dab75SAndroid Build Coastguard Worker##### Metadata format for locking/provisioning 65*5c4dab75SAndroid Build Coastguard Worker 66*5c4dab75SAndroid Build Coastguard WorkerThe following system attributes must be collected in the given order: 67*5c4dab75SAndroid Build Coastguard Worker 68*5c4dab75SAndroid Build Coastguard Worker - ro.product.brand 69*5c4dab75SAndroid Build Coastguard Worker - ro.product.device 70*5c4dab75SAndroid Build Coastguard Worker - ro.build.product 71*5c4dab75SAndroid Build Coastguard Worker - ro.serialno 72*5c4dab75SAndroid Build Coastguard Worker - [Modem ID: MEID or IMEI] 73*5c4dab75SAndroid Build Coastguard Worker - ro.product.manufacturer 74*5c4dab75SAndroid Build Coastguard Worker - ro.product.model 75*5c4dab75SAndroid Build Coastguard Worker 76*5c4dab75SAndroid Build Coastguard WorkerThe data is serialized as follows: 77*5c4dab75SAndroid Build Coastguard Worker 78*5c4dab75SAndroid Build Coastguard Worker \[length||string\]\[...\] 79*5c4dab75SAndroid Build Coastguard Worker 80*5c4dab75SAndroid Build Coastguard WorkerThe length is a `uint8_t` and the value is appended as a stream of 81*5c4dab75SAndroid Build Coastguard Worker`uint8_t` values. 82*5c4dab75SAndroid Build Coastguard Worker 83*5c4dab75SAndroid Build Coastguard WorkerThis data is then prefixed with the desired non-zero lock value before 84*5c4dab75SAndroid Build Coastguard Workerbeing submitted to the applet. If successful, the applet will have 85*5c4dab75SAndroid Build Coastguard Workerstored a SHA256 hash of the device data 86*5c4dab75SAndroid Build Coastguard Worker 87*5c4dab75SAndroid Build Coastguard WorkerNote, `LOCK_CARRIER` can only be locked (non-zero lock value) when the 88*5c4dab75SAndroid Build Coastguard Workerapplet is not in 'production' mode. 89*5c4dab75SAndroid Build Coastguard Worker 90*5c4dab75SAndroid Build Coastguard Worker##### Clearing/unlocking 91*5c4dab75SAndroid Build Coastguard Worker 92*5c4dab75SAndroid Build Coastguard WorkerIf `LOCK_CARRIER` is set to a non-zero value and the applet is in 93*5c4dab75SAndroid Build Coastguard Workerproduction mode, then clearing the lock value requires authorization. 94*5c4dab75SAndroid Build Coastguard Worker 95*5c4dab75SAndroid Build Coastguard WorkerAuthorization comes in the form of a `RSA_SHA256-PKCS#1` signature over 96*5c4dab75SAndroid Build Coastguard Workerthe provisioned device data SHA256 hash and a supplied montonically 97*5c4dab75SAndroid Build Coastguard Workerincreasing "nonce". 98*5c4dab75SAndroid Build Coastguard Worker 99*5c4dab75SAndroid Build Coastguard WorkerThe nonce value must be higher than the last seen nonce value and the 100*5c4dab75SAndroid Build Coastguard Workersignature must validate using public key internally stored in the 101*5c4dab75SAndroid Build Coastguard Workerapplet (`CarrierLock.java:PK_MOD`). 102*5c4dab75SAndroid Build Coastguard Worker 103*5c4dab75SAndroid Build Coastguard WorkerTo perform a clear, `ese_boot_lock_xset()` must be called with lock 104*5c4dab75SAndroid Build Coastguard Workerdata that begins with 0x0, to clear the lock, and then contains data of 105*5c4dab75SAndroid Build Coastguard Workerthe following format: 106*5c4dab75SAndroid Build Coastguard Worker 107*5c4dab75SAndroid Build Coastguard Worker``` 108*5c4dab75SAndroid Build Coastguard Worker unlockToken = VERSION || NONCE || SIGNATURE 109*5c4dab75SAndroid Build Coastguard Worker 110*5c4dab75SAndroid Build Coastguard Worker SIGNATURE = RSA_Sign(SHA256(deviceData)) 111*5c4dab75SAndroid Build Coastguard Worker``` 112*5c4dab75SAndroid Build Coastguard Worker 113*5c4dab75SAndroid Build Coastguard Worker - The version is a little endian `uint64_t` (8 bytes). 114*5c4dab75SAndroid Build Coastguard Worker - The nonce is a little endian `uint64_t` (8 bytes). 115*5c4dab75SAndroid Build Coastguard Worker - The signature is a RSA 2048-bit with SHA-256 PKCS#1 v1.5 (256 bytes). 116*5c4dab75SAndroid Build Coastguard Worker 117*5c4dab75SAndroid Build Coastguard WorkerOn unlock, the device data hash is cleared. 118*5c4dab75SAndroid Build Coastguard Worker 119*5c4dab75SAndroid Build Coastguard Worker##### Testing 120*5c4dab75SAndroid Build Coastguard Worker 121*5c4dab75SAndroid Build Coastguard WorkerIt is possible to test the key with a valid signature but a fake 122*5c4dab75SAndroid Build Coastguard Workerinternal nonce and fake internal device data using 123*5c4dab75SAndroid Build Coastguard Worker`ese_boot_carrier_lock_test()`. When using this interface, it 124*5c4dab75SAndroid Build Coastguard Workerexpects the same unlock token as in the prior but prefixes with the 125*5c4dab75SAndroid Build Coastguard Workerfake data: 126*5c4dab75SAndroid Build Coastguard Worker 127*5c4dab75SAndroid Build Coastguard Worker``` 128*5c4dab75SAndroid Build Coastguard Worker testVector = LAST_NONCE || DEVICE_DATA || unlockToken 129*5c4dab75SAndroid Build Coastguard Worker``` 130*5c4dab75SAndroid Build Coastguard Worker 131*5c4dab75SAndroid Build Coastguard Worker - The last nonce is the value the nonce is compared against (8 bytes). 132*5c4dab75SAndroid Build Coastguard Worker - Device data is a replacement for the internally stored SHA-256 133*5c4dab75SAndroid Build Coastguard Worker hash of the deviec data. (32 bytes). 134*5c4dab75SAndroid Build Coastguard Worker 135*5c4dab75SAndroid Build Coastguard Worker#### LOCK\_DEVICE 136*5c4dab75SAndroid Build Coastguard Worker 137*5c4dab75SAndroid Build Coastguard WorkerThe device lock is one of the setting used by the bootloader to 138*5c4dab75SAndroid Build Coastguard Workerdetermine if the boot lock can be changed. It may only be set by the 139*5c4dab75SAndroid Build Coastguard Workeroperating system and is meant to protect the device from being reflashed 140*5c4dab75SAndroid Build Coastguard Workerby someone that cannot unlock or access the OS. This may also be used 141*5c4dab75SAndroid Build Coastguard Workerby an enterprise administrator to control lock policy for managed 142*5c4dab75SAndroid Build Coastguard Workerdevices. 143*5c4dab75SAndroid Build Coastguard Worker 144*5c4dab75SAndroid Build Coastguard WorkerAs `LOCK_DEVICE` has not metadata, it can be set and retrieved using 145*5c4dab75SAndroid Build Coastguard Worker`ese_boot_lock_set()` and `ese_boot_lock_get()`. 146*5c4dab75SAndroid Build Coastguard Worker 147*5c4dab75SAndroid Build Coastguard Worker#### LOCK\_BOOT 148*5c4dab75SAndroid Build Coastguard Worker 149*5c4dab75SAndroid Build Coastguard WorkerThe boot lock is used by the bootloader to control whether it should 150*5c4dab75SAndroid Build Coastguard Workeronly boot verified system software or not. When the lock value 151*5c4dab75SAndroid Build Coastguard Workeris cleared (0x0), the bootloader will boot anything. When the lock 152*5c4dab75SAndroid Build Coastguard Workervalue is non-zero, it should only boot software that is signed by a key 153*5c4dab75SAndroid Build Coastguard Workerstored in the bootloader except if `LOCK_OWNER` is set. Discussion of 154*5c4dab75SAndroid Build Coastguard Worker`LOCK_OWNER` will follow. 155*5c4dab75SAndroid Build Coastguard Worker 156*5c4dab75SAndroid Build Coastguard Worker`LOCK_BOOT` can only be toggled when in the bootloader/fastboot and if 157*5c4dab75SAndroid Build Coastguard Workerboth `LOCK_CARRIER` and `LOCK_DEVICE` are cleared/unlocked. 158*5c4dab75SAndroid Build Coastguard Worker 159*5c4dab75SAndroid Build Coastguard WorkerAs with `LOCK_DEVICE`, `LOCK_BOOT` has no metadata so it does not need the 160*5c4dab75SAndroid Build Coastguard Workerextended accessors. 161*5c4dab75SAndroid Build Coastguard Worker 162*5c4dab75SAndroid Build Coastguard Worker#### LOCK\_OWNER 163*5c4dab75SAndroid Build Coastguard Worker 164*5c4dab75SAndroid Build Coastguard WorkerThe owner lock is used by the bootloader to support an alternative 165*5c4dab75SAndroid Build Coastguard WorkerOS signing key provided by the device owner. `LOCK_OWNER` can only be 166*5c4dab75SAndroid Build Coastguard Workertoggled if `LOCK_BOOT` is cleared. `LOCK_OWNER` does not require 167*5c4dab75SAndroid Build Coastguard Workerany metadata to unlock, but to lock, it requires a blob of up to 2048 168*5c4dab75SAndroid Build Coastguard Workerbytes be provided. This is just secure storage for use by the 169*5c4dab75SAndroid Build Coastguard Workerbootloader. `LOCK_OWNER` may be toggled in the bootloader or the 170*5c4dab75SAndroid Build Coastguard Workeroperating system. This allows an unlocked device (`LOCK_BOOT=0x0`) to 171*5c4dab75SAndroid Build Coastguard Workerinstall an owner key using fastboot or using software on the operating 172*5c4dab75SAndroid Build Coastguard Workersystem itself. 173*5c4dab75SAndroid Build Coastguard Worker 174*5c4dab75SAndroid Build Coastguard WorkerBefore `LOCK_OWNER`'s key should be honored by the bootloader, `LOCK_BOOT` 175*5c4dab75SAndroid Build Coastguard Workershould be set (in the bootloader) to enforce use of the key and to keep 176*5c4dab75SAndroid Build Coastguard Workermalicious software in the operating system from changing it. 177*5c4dab75SAndroid Build Coastguard Worker 178*5c4dab75SAndroid Build Coastguard Worker(Note, that the owner key should not be treated as equivalent to the 179*5c4dab75SAndroid Build Coastguard Workerbootloader's internally stored key in that the device user should have a 180*5c4dab75SAndroid Build Coastguard Workermeans of knowing if an owner key is in use, but the requirement for the 181*5c4dab75SAndroid Build Coastguard Workerdevice to be unlocked implies both physical access the `LOCK_DEVICE` 182*5c4dab75SAndroid Build Coastguard Workerbeing cleared.) 183*5c4dab75SAndroid Build Coastguard Worker 184*5c4dab75SAndroid Build Coastguard Worker 185*5c4dab75SAndroid Build Coastguard Worker### Rollback storage 186*5c4dab75SAndroid Build Coastguard Worker 187*5c4dab75SAndroid Build Coastguard WorkerVerifying an operating system kernel and image is useful both for system 188*5c4dab75SAndroid Build Coastguard Workerreliability and for ensuring that the software has not been modified by 189*5c4dab75SAndroid Build Coastguard Workera malicious party. However, if the system software is updated, 190*5c4dab75SAndroid Build Coastguard Workermalicious software may attempt to "roll" a device back to an older 191*5c4dab75SAndroid Build Coastguard Workerversion in order to take advantage of mistakes in the older, verified 192*5c4dab75SAndroid Build Coastguard Workercode. 193*5c4dab75SAndroid Build Coastguard Worker 194*5c4dab75SAndroid Build Coastguard WorkerRollback index values, or versions, may be stored securely by the bootloader 195*5c4dab75SAndroid Build Coastguard Workerto prevent these problems. The Verified Boot Storage applet provides 196*5c4dab75SAndroid Build Coastguard Workereight 64-bit slots for storing a value. They may be read at any time, 197*5c4dab75SAndroid Build Coastguard Workerbut they may only be written to when the device is in the bootloader (or 198*5c4dab75SAndroid Build Coastguard Workerfastboot). 199*5c4dab75SAndroid Build Coastguard Worker 200*5c4dab75SAndroid Build Coastguard WorkerRollback storage is written to using 201*5c4dab75SAndroid Build Coastguard Worker`ese_boot_rollback_index_write()` and read using 202*5c4dab75SAndroid Build Coastguard Worker`ese_boot_rollback_index_read()`. 203*5c4dab75SAndroid Build Coastguard Worker 204*5c4dab75SAndroid Build Coastguard Worker### Applet state 205*5c4dab75SAndroid Build Coastguard Worker 206*5c4dab75SAndroid Build Coastguard WorkerThe applet supports two operational states: 207*5c4dab75SAndroid Build Coastguard Worker 208*5c4dab75SAndroid Build Coastguard Worker - production=true 209*5c4dab75SAndroid Build Coastguard Worker - production=false 210*5c4dab75SAndroid Build Coastguard Worker 211*5c4dab75SAndroid Build Coastguard WorkerOn initial installation, production is false. When the applet is not 212*5c4dab75SAndroid Build Coastguard Workerin production mode, it does not enforce a number of security boundaries, 213*5c4dab75SAndroid Build Coastguard Workersuch as requiring bootloader or hlos mode for lock toggling or 214*5c4dab75SAndroid Build Coastguard WorkerCarrierLock verification. This allows the factory tools to run in any 215*5c4dab75SAndroid Build Coastguard Workermode and properly configure a default lock state. 216*5c4dab75SAndroid Build Coastguard Worker 217*5c4dab75SAndroid Build Coastguard WorkerTo transition to "production", a call to `ese_boot_set_production(true)` 218*5c4dab75SAndroid Build Coastguard Workeris necessary. 219*5c4dab75SAndroid Build Coastguard Worker 220*5c4dab75SAndroid Build Coastguard WorkerTo check the state and collect debugging information, the call 221*5c4dab75SAndroid Build Coastguard Worker`ese_boot_get_state()` will return the current bootloader value, 222*5c4dab75SAndroid Build Coastguard Workerthe production state, any errors codes from lock initialization, and the 223*5c4dab75SAndroid Build Coastguard Workercontents of lock storage. 224*5c4dab75SAndroid Build Coastguard Worker 225*5c4dab75SAndroid Build Coastguard Worker#### Example applet provisioning 226*5c4dab75SAndroid Build Coastguard Worker 227*5c4dab75SAndroid Build Coastguard WorkerAfter the applet is installed, a flow as follows would prepare the 228*5c4dab75SAndroid Build Coastguard Workerapplet for use: 229*5c4dab75SAndroid Build Coastguard Worker 230*5c4dab75SAndroid Build Coastguard Worker - `ese_boot_session_init();` 231*5c4dab75SAndroid Build Coastguard Worker - `ese_boot_session_open();` 232*5c4dab75SAndroid Build Coastguard Worker - `ese_boot_session_lock_xset(LOCK_OWNER, {0, ...});` 233*5c4dab75SAndroid Build Coastguard Worker - `ese_boot_session_lock_set(LOCK_BOOT, 0x1);` 234*5c4dab75SAndroid Build Coastguard Worker - `ese_boot_session_lock_set(LOCK_DEVICE, 0x1);` 235*5c4dab75SAndroid Build Coastguard Worker - [collect device data] 236*5c4dab75SAndroid Build Coastguard Worker - `ese_boot_session_lock_set(LOCK_CARRIER, {1, deviceData});` 237*5c4dab75SAndroid Build Coastguard Worker - `ese_boot_session_set_production(true);` 238*5c4dab75SAndroid Build Coastguard Worker - `ese_boot_session_close();` 239*5c4dab75SAndroid Build Coastguard Worker 240*5c4dab75SAndroid Build Coastguard Worker### Additional details 241*5c4dab75SAndroid Build Coastguard Worker 242*5c4dab75SAndroid Build Coastguard Worker#### Bootloader mode 243*5c4dab75SAndroid Build Coastguard Worker 244*5c4dab75SAndroid Build Coastguard WorkerBootloader mode detection depends on hardware support to signal the 245*5c4dab75SAndroid Build Coastguard Workerapplet that the application processor has been reset. Additionally, 246*5c4dab75SAndroid Build Coastguard Workerthere is a mechanism for the bootloader to indicate that is loading the 247*5c4dab75SAndroid Build Coastguard Workermain OS where it flips the value. This signal provides the assurances 248*5c4dab75SAndroid Build Coastguard Workeraround when storage is mutable or not during the time a device is 249*5c4dab75SAndroid Build Coastguard Workerpowered on. 250*5c4dab75SAndroid Build Coastguard Worker 251*5c4dab75SAndroid Build Coastguard Worker#### Error results 252*5c4dab75SAndroid Build Coastguard Worker 253*5c4dab75SAndroid Build Coastguard WorkerEseAppResult is an enum that all `ese_boot_*` functions return. The 254*5c4dab75SAndroid Build Coastguard Workerenum only covers the lower 16-bits. The upper 16-bits are reserved for 255*5c4dab75SAndroid Build Coastguard Workerpassing applet and secure element OS status for debugging and analysis. 256*5c4dab75SAndroid Build Coastguard WorkerWhen the lower 16-bits are `ESE_APP_RESULT_ERROR_APPLET`, then the 257*5c4dab75SAndroid Build Coastguard Workerupper bytes will be the applet code. That code can then be 258*5c4dab75SAndroid Build Coastguard Workercross-referenced in the applet by function and code. If the lower 259*5c4dab75SAndroid Build Coastguard Workerbytes are `ESE_APP_RESULT_ERROR_OS`, then the status code are the 260*5c4dab75SAndroid Build Coastguard WorkerISO7816 code from an uncaught exception or OS-level error. 261*5c4dab75SAndroid Build Coastguard Worker 262*5c4dab75SAndroid Build Coastguard Worker##### Cooldown 263*5c4dab75SAndroid Build Coastguard Worker 264*5c4dab75SAndroid Build Coastguard Worker`ESE_APP_RESULT_ERROR_COOLDOWN` indicates that the secure element needs to 265*5c4dab75SAndroid Build Coastguard Workerstay powered on for a period of time -- either at the end of use or before the 266*5c4dab75SAndroid Build Coastguard Workerrequested command can be serviced. As the behavior is implementation specific, 267*5c4dab75SAndroid Build Coastguard Workerthe only effective option is to keep the secure element powered for the number of 268*5c4dab75SAndroid Build Coastguard Workerseconds specified by the response `uint32_t`. 269*5c4dab75SAndroid Build Coastguard Worker 270*5c4dab75SAndroid Build Coastguard WorkerFor chips that support it, like the one this applet is being tested on, the 271*5c4dab75SAndroid Build Coastguard Workercooldown time can be requested with a special APDU to `ese_transceive()`: 272*5c4dab75SAndroid Build Coastguard Worker 273*5c4dab75SAndroid Build Coastguard Worker``` 274*5c4dab75SAndroid Build Coastguard Worker FFE10000 275*5c4dab75SAndroid Build Coastguard Worker``` 276*5c4dab75SAndroid Build Coastguard Worker 277*5c4dab75SAndroid Build Coastguard WorkerIn response, a 6 byte response will contain a `uint32_t` and a successful status 278*5c4dab75SAndroid Build Coastguard Workercode (`90 00`). The unsigned little-endian integer indicates how many seconds 279*5c4dab75SAndroid Build Coastguard Workerthe chip needs to stay powered and unused to cooldown. If this happens before 280*5c4dab75SAndroid Build Coastguard Workerthe locks or rollback storage can be read, the bootloader will need to 281*5c4dab75SAndroid Build Coastguard Workerdetermine a safe delay or recovery path until boot can proceed securely. 282*5c4dab75SAndroid Build Coastguard Worker 283*5c4dab75SAndroid Build Coastguard Worker## Examples 284*5c4dab75SAndroid Build Coastguard Worker 285*5c4dab75SAndroid Build Coastguard WorkerThere are many ways to integrate this library and the associated applet. 286*5c4dab75SAndroid Build Coastguard WorkerBelow are some concrete examples to guide standard approach. 287*5c4dab75SAndroid Build Coastguard Worker 288*5c4dab75SAndroid Build Coastguard Worker### Configuration in factory 289*5c4dab75SAndroid Build Coastguard Worker 290*5c4dab75SAndroid Build Coastguard Worker- Install configure the secure element and install the applets 291*5c4dab75SAndroid Build Coastguard Worker(outside of the scope of this document). 292*5c4dab75SAndroid Build Coastguard Worker- Boot to an environment to run the ese-boot-tool. 293*5c4dab75SAndroid Build Coastguard Worker- Leave the inBootloader() signal asserted (recommended but not required). 294*5c4dab75SAndroid Build Coastguard Worker- Configure the desired lock states: 295*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool lock set carrier 1 modem-imei-string` 296*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool lock set device 1` 297*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool lock set boot 1` 298*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool lock set owner 0` 299*5c4dab75SAndroid Build Coastguard Worker- To move from factory mode to production mode call: 300*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool production set true` 301*5c4dab75SAndroid Build Coastguard Worker 302*5c4dab75SAndroid Build Coastguard Worker### Configuration during repair 303*5c4dab75SAndroid Build Coastguard Worker 304*5c4dab75SAndroid Build Coastguard Worker- Boot to an environment to run the ese-boot-tool. 305*5c4dab75SAndroid Build Coastguard Worker- Leave inBootloader() signal asserted or implement the steps below in 306*5c4dab75SAndroid Build Coastguard Worker the bootloader. 307*5c4dab75SAndroid Build Coastguard Worker- Transition out of production mode: 308*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool production set false` 309*5c4dab75SAndroid Build Coastguard Worker- If a `LOCK_CARRIER` problem is being repaired, it is possible to reset the 310*5c4dab75SAndroid Build Coastguard Worker internal nonce counter and all lock state with the command below. A full 311*5c4dab75SAndroid Build Coastguard Worker lock reset is not expected in most cases. 312*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool lock reset` 313*5c4dab75SAndroid Build Coastguard Worker- Reconfigure the lock states: 314*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool lock set carrier 1 modem-imei-string` 315*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool lock set device 1` 316*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool lock set boot 1` 317*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool lock set owner 0` 318*5c4dab75SAndroid Build Coastguard Worker (To clear data from the owner lock, set owner 1 must be called with 319*5c4dab75SAndroid Build Coastguard Worker 4096 00s.) 320*5c4dab75SAndroid Build Coastguard Worker- Then move back to production mode: 321*5c4dab75SAndroid Build Coastguard Worker - `# ese-boot-tool production set true` 322*5c4dab75SAndroid Build Coastguard Worker 323*5c4dab75SAndroid Build Coastguard Worker### Use during boot 324*5c4dab75SAndroid Build Coastguard Worker 325*5c4dab75SAndroid Build Coastguard WorkerDo not load any non-repair or non-factory OS without clearing the inBootloader 326*5c4dab75SAndroid Build Coastguard Workersignal as the applet may be transitioned out of production mode and/or the 327*5c4dab75SAndroid Build Coastguard Workerrollback state may be changed. 328*5c4dab75SAndroid Build Coastguard Worker 329*5c4dab75SAndroid Build Coastguard Worker#### Checking rollback values 330*5c4dab75SAndroid Build Coastguard Worker 331*5c4dab75SAndroid Build Coastguard Worker- Read and write rollback values as per libavb using the API 332*5c4dab75SAndroid Build Coastguard Worker - `ese_boot_rollback_index_write()` 333*5c4dab75SAndroid Build Coastguard Worker - `ese_boot_rollback_index_read()` 334*5c4dab75SAndroid Build Coastguard Worker- Prior to leaving the bootloader, clear the inBootloader signal. 335*5c4dab75SAndroid Build Coastguard Worker 336*5c4dab75SAndroid Build Coastguard WorkerAs rollback index values can only be written when inBootloader signal is set, 337*5c4dab75SAndroid Build Coastguard Workerit is critical to clear it when leaving the bootloader. 338*5c4dab75SAndroid Build Coastguard Worker 339*5c4dab75SAndroid Build Coastguard Worker#### Checking locks 340*5c4dab75SAndroid Build Coastguard Worker 341*5c4dab75SAndroid Build Coastguard WorkerThe pseudo-code and comments below should outline the basic algorithm, but it 342*5c4dab75SAndroid Build Coastguard Workerdoes not include integration into libavb or include use of rollback index 343*5c4dab75SAndroid Build Coastguard Workervalue checking: 344*5c4dab75SAndroid Build Coastguard Worker 345*5c4dab75SAndroid Build Coastguard Worker``` 346*5c4dab75SAndroid Build Coastguard Worker// Read LOCK_BOOT 347*5c4dab75SAndroid Build Coastguard Workerese_boot_lock_get(session, kEseBootLockIdBoot, &lockBoot); 348*5c4dab75SAndroid Build Coastguard Worker 349*5c4dab75SAndroid Build Coastguard Workerif (lockBoot != 0x0) { // Boot is LOCKED. 350*5c4dab75SAndroid Build Coastguard Worker // Read the LOCK_OWNER 351*5c4dab75SAndroid Build Coastguard Worker ese_boot_lock_xget(session, kEseBootLockIdOwner, &lockOwner); 352*5c4dab75SAndroid Build Coastguard Worker if (lockOwner != 0x0) { // Owner is LOCKED 353*5c4dab75SAndroid Build Coastguard Worker // Get the lock owner value with metadata. 354*5c4dab75SAndroid Build Coastguard Worker // This is done as a second stage to avoid wasted copying when it 355*5c4dab75SAndroid Build Coastguard Worker // is not locked. 356*5c4dab75SAndroid Build Coastguard Worker uint8_t ownerData[kEseBootOwnerKeyMax + 1]; 357*5c4dab75SAndroid Build Coastguard Worker ese_boot_lock_xget(session, kEseBootLockIdOwner, ownerData 358*5c4dab75SAndroid Build Coastguard Worker sizeof(ownerData), &ownerDataUsed); 359*5c4dab75SAndroid Build Coastguard Worker // lockOwner == ownerData[0] 360*5c4dab75SAndroid Build Coastguard Worker // Parse the stored metadata into a key as per your bootloader 361*5c4dab75SAndroid Build Coastguard Worker // design. 362*5c4dab75SAndroid Build Coastguard Worker SomeBootKey key; 363*5c4dab75SAndroid Build Coastguard Worker parseDeviceOwnerKeyForBooting(ownerData + 1, ownerDataUsed, &key); 364*5c4dab75SAndroid Build Coastguard Worker // Boot using the supplied owner key 365*5c4dab75SAndroid Build Coastguard Worker // (E.g., as part of avb_validate_vbmeta_public_key()) 366*5c4dab75SAndroid Build Coastguard Worker setDeviceOwnerKeyForBooting(&key); 367*5c4dab75SAndroid Build Coastguard Worker continueBootFlow(); 368*5c4dab75SAndroid Build Coastguard Worker} else { // Boot is UNLOCKED (0x0) 369*5c4dab75SAndroid Build Coastguard Worker // Perform the boot flow. 370*5c4dab75SAndroid Build Coastguard Worker setBootIsUnverified(); 371*5c4dab75SAndroid Build Coastguard Worker continueBootFlow(); 372*5c4dab75SAndroid Build Coastguard Worker} 373*5c4dab75SAndroid Build Coastguard Worker``` 374*5c4dab75SAndroid Build Coastguard Worker 375*5c4dab75SAndroid Build Coastguard Worker### In fastboot 376*5c4dab75SAndroid Build Coastguard Worker 377*5c4dab75SAndroid Build Coastguard Worker- `LOCK_BOOT` may be toggled by a fastboot command. If the conditions of 378*5c4dab75SAndroid Build Coastguard Worker unlock are not allowed by applet policy, it will fail. 379*5c4dab75SAndroid Build Coastguard Worker- `LOCK_OWNER`may be toggled and set a boot key from a fastboot command 380*5c4dab75SAndroid Build Coastguard Worker or from an unlocked OS image. 381*5c4dab75SAndroid Build Coastguard Worker- If the verified boot design dictates that rollback indices are clear on 382*5c4dab75SAndroid Build Coastguard Worker lock/unlock, this can be done by calling 383*5c4dab75SAndroid Build Coastguard Worker - `ese_boot_rollback_index_write()` on each slot with the value of 0. 384*5c4dab75SAndroid Build Coastguard Worker 385*5c4dab75SAndroid Build Coastguard WorkerNote, `LOCK_DEVICE` and `LOCK_CARRIER` should not need to be used by fastboot. 386*5c4dab75SAndroid Build Coastguard Worker 387*5c4dab75SAndroid Build Coastguard WorkerFor debugging and support, it may be desirable to connect the 388*5c4dab75SAndroid Build Coastguard Worker`ese_boot_get_state()` to allow fastboot to return the current value of 389*5c4dab75SAndroid Build Coastguard Workerproduction, inbootloader, and the lock metadata. 390*5c4dab75SAndroid Build Coastguard Worker 391