Merge "trusty: Add nvram-wipe utility."
diff --git a/trusty/nvram/Android.mk b/trusty/nvram/Android.mk
index 18c54d5..44e2212 100644
--- a/trusty/nvram/Android.mk
+++ b/trusty/nvram/Android.mk
@@ -22,9 +22,22 @@
LOCAL_MODULE_RELATIVE_PATH := hw
LOCAL_SRC_FILES := \
module.c \
+ trusty_nvram_device.cpp \
trusty_nvram_implementation.cpp
LOCAL_MODULE_TAGS := optional
LOCAL_CFLAGS := -Wall -Werror -Wextra -fvisibility=hidden
LOCAL_STATIC_LIBRARIES := libnvram-hal
LOCAL_SHARED_LIBRARIES := libtrusty libnvram-messages liblog
include $(BUILD_SHARED_LIBRARY)
+
+# nvram-wipe is a helper tool for clearing NVRAM state.
+include $(CLEAR_VARS)
+LOCAL_MODULE := nvram-wipe
+LOCAL_SRC_FILES := \
+ nvram_wipe.cpp \
+ trusty_nvram_implementation.cpp
+LOCAL_MODULE_TAGS := optional
+LOCAL_CFLAGS := -Wall -Werror -Wextra -fvisibility=hidden
+LOCAL_STATIC_LIBRARIES := libnvram-hal
+LOCAL_SHARED_LIBRARIES := libtrusty libnvram-messages liblog
+include $(BUILD_EXECUTABLE)
diff --git a/trusty/nvram/module.c b/trusty/nvram/module.c
index 06819c0..a2e64d3 100644
--- a/trusty/nvram/module.c
+++ b/trusty/nvram/module.c
@@ -16,7 +16,7 @@
#include <hardware/nvram.h>
-// This function is defined in trusty_nvram_implementation.cpp.
+// This function is defined in trusty_nvram_device.cpp.
int trusty_nvram_open(const hw_module_t* module,
const char* device_id,
hw_device_t** device_ptr);
diff --git a/trusty/nvram/nvram_wipe.cpp b/trusty/nvram/nvram_wipe.cpp
new file mode 100644
index 0000000..d0f4fad
--- /dev/null
+++ b/trusty/nvram/nvram_wipe.cpp
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <nvram/messages/nvram_messages.h>
+
+#include "trusty_nvram_implementation.h"
+
+void usage(const char* program_name) {
+ fprintf(stderr, "Usage: %s [status|disable|wipe]\n", program_name);
+ exit(-1);
+}
+
+int main(int argc, char* argv[]) {
+ if (argc < 2) {
+ usage(argv[0]);
+ }
+
+ nvram::TrustyNvramImplementation nvram_proxy;
+ nvram::Request request;
+ nvram::Response response;
+
+ if (!strcmp(argv[1], "status")) {
+ request.payload.Activate<nvram::COMMAND_GET_INFO>();
+ nvram_proxy.Execute(request, &response);
+ const nvram::GetInfoResponse* get_info_response =
+ response.payload.get<nvram::COMMAND_GET_INFO>();
+ if (response.result == NV_RESULT_SUCCESS) {
+ int status = get_info_response && get_info_response->wipe_disabled;
+ printf("Wiping disabled: %d\n", status);
+ return status;
+ }
+ } else if (!strcmp(argv[1], "disable")) {
+ request.payload.Activate<nvram::COMMAND_DISABLE_WIPE>();
+ nvram_proxy.Execute(request, &response);
+ } else if (!strcmp(argv[1], "wipe")) {
+ request.payload.Activate<nvram::COMMAND_WIPE_STORAGE>();
+ nvram_proxy.Execute(request, &response);
+ } else {
+ usage(argv[0]);
+ }
+
+ if (response.result != NV_RESULT_SUCCESS) {
+ fprintf(stderr, "Command execution failure: %u\n", response.result);
+ return -1;
+ }
+
+ return 0;
+}
+
diff --git a/trusty/nvram/trusty_nvram_device.cpp b/trusty/nvram/trusty_nvram_device.cpp
new file mode 100644
index 0000000..2c50915
--- /dev/null
+++ b/trusty/nvram/trusty_nvram_device.cpp
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <nvram/hal/nvram_device_adapter.h>
+
+#include "trusty_nvram_implementation.h"
+
+extern "C" int trusty_nvram_open(const hw_module_t* module,
+ const char* device_id,
+ hw_device_t** device_ptr) {
+ if (strcmp(NVRAM_HARDWARE_DEVICE_ID, device_id) != 0) {
+ return -EINVAL;
+ }
+
+ nvram::NvramDeviceAdapter* adapter = new nvram::NvramDeviceAdapter(
+ module, new nvram::TrustyNvramImplementation);
+ *device_ptr = adapter->as_device();
+ return 0;
+}
diff --git a/trusty/nvram/trusty_nvram_implementation.cpp b/trusty/nvram/trusty_nvram_implementation.cpp
index 39496b4..041c1bd 100644
--- a/trusty/nvram/trusty_nvram_implementation.cpp
+++ b/trusty/nvram/trusty_nvram_implementation.cpp
@@ -14,6 +14,8 @@
* limitations under the License.
*/
+#include "trusty_nvram_implementation.h"
+
#include <errno.h>
#include <string.h>
@@ -23,10 +25,9 @@
#define LOG_TAG "TrustyNVRAM"
#include <log/log.h>
-#include <nvram/hal/nvram_device_adapter.h>
#include <nvram/messages/blob.h>
-#include <nvram/messages/nvram_messages.h>
+namespace nvram {
namespace {
// Character device to open for Trusty IPC connections.
@@ -35,35 +36,7 @@
// App identifier of the NVRAM app.
const char kTrustyNvramAppId[] = "com.android.trusty.nvram";
-// |TrustyNvramImplementation| proxies requests to the Trusty NVRAM app. It
-// serializes the request objects, sends it to the Trusty app and finally reads
-// back the result and decodes it.
-class TrustyNvramImplementation : public nvram::NvramImplementation {
- public:
- ~TrustyNvramImplementation() override;
-
- void Execute(const nvram::Request& request,
- nvram::Response* response) override;
-
- private:
- // Connects the IPC channel to the Trusty app if it is not already open.
- // Returns true if the channel is open, false on errors.
- bool Connect();
-
- // Dispatches a command to the trust app. Returns true if successful (note
- // that the response may still indicate an error on the Trusty side), false if
- // there are any I/O or encoding/decoding errors.
- bool SendRequest(const nvram::Request& request,
- nvram::Response* response);
-
- // The file descriptor for the IPC connection to the Trusty app.
- int tipc_nvram_fd_ = -1;
-
- // Response buffer. This puts a hard size limit on the responses from the
- // Trusty app. 4096 matches the maximum IPC message size currently supported
- // by Trusty.
- uint8_t response_buffer_[4096];
-};
+} // namespace
TrustyNvramImplementation::~TrustyNvramImplementation() {
if (tipc_nvram_fd_ != -1) {
@@ -136,17 +109,4 @@
return true;
}
-} // namespace
-
-extern "C" int trusty_nvram_open(const hw_module_t* module,
- const char* device_id,
- hw_device_t** device_ptr) {
- if (strcmp(NVRAM_HARDWARE_DEVICE_ID, device_id) != 0) {
- return -EINVAL;
- }
-
- nvram::NvramDeviceAdapter* adapter =
- new nvram::NvramDeviceAdapter(module, new TrustyNvramImplementation);
- *device_ptr = adapter->as_device();
- return 0;
-}
+} // namespace nvram
diff --git a/trusty/nvram/trusty_nvram_implementation.h b/trusty/nvram/trusty_nvram_implementation.h
new file mode 100644
index 0000000..60758f7
--- /dev/null
+++ b/trusty/nvram/trusty_nvram_implementation.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TRUSTY_NVRAM_TRUSTY_NVRAM_IMPLEMENTATION_H_
+#define TRUSTY_NVRAM_TRUSTY_NVRAM_IMPLEMENTATION_H_
+
+#include <stdint.h>
+
+#include <nvram/hal/nvram_device_adapter.h>
+#include <nvram/messages/nvram_messages.h>
+
+namespace nvram {
+
+// |TrustyNvramImplementation| proxies requests to the Trusty NVRAM app. It
+// serializes the request objects, sends it to the Trusty app and finally reads
+// back the result and decodes it.
+class TrustyNvramImplementation : public nvram::NvramImplementation {
+ public:
+ ~TrustyNvramImplementation() override;
+
+ void Execute(const nvram::Request& request,
+ nvram::Response* response) override;
+
+ private:
+ // Connects the IPC channel to the Trusty app if it is not already open.
+ // Returns true if the channel is open, false on errors.
+ bool Connect();
+
+ // Dispatches a command to the trust app. Returns true if successful (note
+ // that the response may still indicate an error on the Trusty side), false if
+ // there are any I/O or encoding/decoding errors.
+ bool SendRequest(const nvram::Request& request,
+ nvram::Response* response);
+
+ // The file descriptor for the IPC connection to the Trusty app.
+ int tipc_nvram_fd_ = -1;
+
+ // Response buffer. This puts a hard size limit on the responses from the
+ // Trusty app. 4096 matches the maximum IPC message size currently supported
+ // by Trusty.
+ uint8_t response_buffer_[4096];
+};
+
+} // namespace nvram
+
+#endif // TRUSTY_NVRAM_TRUSTY_NVRAM_IMPLEMENTATION_H_
