1// Copyright 2019 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package aftl; 18option go_package = "proto"; 19 20import "trillian.proto"; 21import "crypto/sigpb/sigpb.proto"; 22import "google/protobuf/timestamp.proto"; 23 24// These messages are used both by the frontend API and the Trillian log. 25message FirmwareInfo { 26 // This is the SHA256 hash of vbmeta. 27 bytes vbmeta_hash = 1; 28 29 // Subcomponent of the build fingerprint as defined at 30 // https://source.android.com/compatibility/android-cdd#3_2_2_build_parameters. 31 // For example, a Pixel device with the following build fingerprint 32 // google/crosshatch/crosshatch:9/PQ3A.190605.003/5524043:user/release-keys, 33 // would have 5524043 for the version incremental. 34 string version_incremental = 2; 35 36 // Public key of the platform. This is the same key used to sign the vbmeta. 37 bytes platform_key = 3; 38 39 // SHA256 of the manufacturer public key (DER-encoded, x509 40 // subjectPublicKeyInfo format). The public key MUST already be in the list 41 // of root keys known and trusted by the AFTL. 42 // Internal: This field is required to be able to identify which manufacturer 43 // this request is coming from. 44 bytes manufacturer_key_hash = 4; 45 46 // Free form description field. It can be used to annotate this message with 47 // further context on the build (e.g., carrier specific build). 48 string description = 5; 49} 50 51message SignedFirmwareInfo { 52 FirmwareInfo info = 1; 53 54 // Signature of the info field, using manufacturer_pub_key. 55 // For the signature, info is first serialized to JSON. It is not 56 // expected to be able to reconstruct the info field from scratch. 57 // When verifying the inclusion proof associated with the info, it is 58 // expected that the leaf is provided. 59 sigpb.DigitallySigned info_signature = 2; 60} 61 62message FirmwareImageInfo { 63 // This is the SHA256 hash of vbmeta. 64 bytes vbmeta_hash = 1; 65 66 // SHA256 hash of the complete binary image. In case of Pixel, this would be 67 // the hash of the ZIP file that is offered for download at: 68 // https://developers.google.com/android/images 69 bytes hash = 2; 70 71 // Build fingerprint, e.g. in case of Pixel 72 // google/crosshatch/crosshatch:9/PQ3A.190605.003/5524043:user/release-keys 73 // See https://source.android.com/compatibility/android-cdd.html#3_2_2_build_parameters 74 // for the expected format of this field. 75 string build_fingerprint = 3; 76} 77 78message SignedFirmwareImageInfo { 79 FirmwareImageInfo image_info = 1; 80 sigpb.DigitallySigned image_info_signature = 2; 81} 82 83 84message InclusionProof { 85 trillian.Proof proof = 1; 86 trillian.SignedLogRoot sth = 2; 87} 88 89// Trillian-specific data types 90message Leaf { 91 int32 version = 1; 92 93 // Timestamp when the entry was added to the log. 94 google.protobuf.Timestamp timestamp = 2; 95 96 oneof value { 97 bytes vbmeta = 3; 98 FirmwareInfoAnnotation fw_info = 4; 99 FirmwareImageInfoAnnotation fw_image_info = 5; 100 } 101} 102 103message FirmwareInfoAnnotation { 104 SignedFirmwareInfo info = 1; 105} 106 107message FirmwareImageInfoAnnotation { 108 SignedFirmwareImageInfo info = 1; 109 110 // URL of the firmware image in the Cloud Storage bucket populated by AFTL. 111 string url = 2; 112} 113