• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2019 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package aftl;
18option go_package = "proto";
19
20import "aftl.proto";
21
22message AddFirmwareInfoRequest {
23  // VBMeta structure as described in
24  // https://android.googlesource.com/platform/external/avb/+/master/README.md.
25  // In case of chained partitions, each VBMeta is added via a separate call.
26  // The default size for gRPC payload is about 4MB. We expect vbmeta to be
27  // in the order of 1kB.
28  bytes vbmeta = 1;
29
30  SignedFirmwareInfo fw_info = 2;
31}
32
33message AddFirmwareInfoResponse {
34  // Inclusion proof and the leaf that was added to the log, which contains
35  // information on the firmware.
36  // It is required to have the complete leaf to validate the inclusion proof.
37  // For on-device verification, only these first 2 fields are required to
38  // validate the inclusion.
39  InclusionProof fw_info_proof = 1;
40  bytes          fw_info_leaf = 2;
41
42  // Inclusion proof and leaf that was added to the log, which contains the full
43  // vbmeta partition.
44  // These fields are NOT required for validation but can still be recorded by a
45  // vendor to prove that the complete VBMeta was submitted.
46  InclusionProof vbmeta_proof = 3;
47  bytes          vbmeta_leaf = 4;
48}
49
50message AddFirmwareImageRequest {
51
52  SignedFirmwareImageInfo fw_image_info = 1;
53
54  // Bytes of the binary images. These are not signed as their final
55  // hash value is already signed in fw_image_info.hash
56  // This is ignored if any of the requests origin_url is set.
57  bytes image_chunk = 2;
58
59  // Origin location of image. It is used to get a copy of the binary image
60  // from another server (e.g., Google Cloud Storage).
61  string origin_url = 3;
62}
63
64message AddFirmwareImageResponse {
65
66  // Inclusion proof and leaf for the firmware image. The leaf contains the URL
67  // where the image was stored.
68  // It is not required for vendors to keep this information. However, this can
69  // be used for their records to ensure the correctness of the log.
70  InclusionProof fw_image_info_proof = 1;
71  Leaf           fw_image_info_leaf = 2;
72}
73
74service AFTLog {
75
76  // Insert a new VBMeta structure into the log.
77  // This request will effectively create 2 log entries:
78  //  - VBMeta itself
79  //  - Vendor annotations, including a reference to the VBMeta leaf.
80  rpc AddFirmwareInfo(AddFirmwareInfoRequest) returns (AddFirmwareInfoResponse) {}
81
82  // Upload (or copy) the complete firmware image.
83  rpc AddFirmwareImage(stream AddFirmwareImageRequest) returns (AddFirmwareImageResponse) {}
84
85  // TODO GetProofByHash, GetSthConsistency, GetEntries, GetRootKeys
86}
87
88