1/* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17syntax = "proto3"; 18 19package nugget.app.avb; 20 21import "nugget/protobuf/options.proto"; 22 23service Avb { 24 option (nugget.protobuf.app_id) = "AVB"; 25 option (nugget.protobuf.app_name) = "Android Verified Boot"; 26 option (nugget.protobuf.app_version) = 1; 27 option (nugget.protobuf.request_buffer_size) = 2200; 28 option (nugget.protobuf.response_buffer_size) = 640; 29 30 rpc GetState (GetStateRequest) returns (GetStateResponse); 31 rpc Load (LoadRequest) returns (LoadResponse); 32 rpc Store (StoreRequest) returns (StoreResponse); 33 rpc GetLock (GetLockRequest) returns (GetLockResponse); 34 rpc CarrierLock (CarrierLockRequest) returns (CarrierLockResponse); 35 rpc CarrierUnlock (CarrierUnlockRequest) returns (CarrierUnlockResponse); 36 rpc SetDeviceLock (SetDeviceLockRequest) returns (SetDeviceLockResponse); 37 rpc SetBootLock (SetBootLockRequest) returns (SetBootLockResponse); 38 rpc SetOwnerLock (SetOwnerLockRequest) returns (SetOwnerLockResponse); 39 rpc SetProduction (SetProductionRequest) returns (SetProductionResponse); 40 rpc CarrierLockTest (CarrierLockTestRequest) returns (CarrierLockTestResponse); 41 rpc Reset (ResetRequest) returns (ResetResponse); 42 rpc BootloaderDone (BootloaderDoneRequest) returns (BootloaderDoneResponse); 43 rpc GetOwnerKey (GetOwnerKeyRequest) returns (GetOwnerKeyResponse); 44 rpc GetResetChallenge (GetResetChallengeRequest) returns (GetResetChallengeResponse); 45 rpc ProductionResetTest (ProductionResetTestRequest) returns (ProductionResetTestResponse); 46} 47 48enum LockIndex { 49 CARRIER = 0; 50 DEVICE = 1; 51 BOOT = 2; 52 OWNER = 3; 53} 54 55// GetState 56message GetStateRequest {} 57message GetStateResponse { 58 uint64 version = 1; 59 bool bootloader = 2; 60 bool production = 3; 61 uint32 number_of_locks = 4; 62 bytes locks = 5; 63} 64 65// Load 66message LoadRequest { 67 uint32 slot = 1; 68} 69message LoadResponse { 70 uint64 version = 1; 71} 72 73// Store 74message StoreRequest { 75 uint32 slot = 1; 76 uint64 version = 2; 77} 78message StoreResponse {} 79 80// GetLock 81message GetLockRequest { 82 LockIndex lock = 1; 83} 84message GetLockResponse { 85 uint32 locked = 1; 86} 87 88message CarrierUnlock { 89 uint64 version = 1; 90 uint64 nonce = 2; 91 bytes signature = 3; 92} 93 94// Carrier lock 95message CarrierLockRequest { 96 uint32 locked = 1; 97 bytes device_data = 2; 98} 99message CarrierLockResponse {} 100 101message CarrierUnlockRequest { 102 CarrierUnlock token = 1; 103} 104message CarrierUnlockResponse {} 105 106// Device lock 107message SetDeviceLockRequest { 108 uint32 locked = 1; 109} 110message SetDeviceLockResponse {} 111 112// Boot lock 113message SetBootLockRequest { 114 uint32 locked = 1; 115} 116message SetBootLockResponse {} 117 118// Owner lock 119message SetOwnerLockRequest { 120 uint32 locked = 1; 121 bytes key = 2; 122} 123message SetOwnerLockResponse {} 124 125message GetOwnerKeyRequest { 126 uint32 offset = 1; 127 uint32 size = 2; 128} 129message GetOwnerKeyResponse { 130 bytes chunk = 1; 131} 132 133// SetProduction 134message SetProductionRequest { 135 bool production = 1; 136 bytes device_data = 2; 137} 138message SetProductionResponse {} 139 140// CarrierLockTest 141message CarrierLockTestRequest { 142 uint64 last_nonce = 1; 143 uint64 version = 2; 144 bytes device_data = 3; 145 CarrierUnlock token = 4; 146} 147 148message CarrierLockTestResponse {} 149 150// Reset 151message ResetToken { 152 enum Selectors { 153 INVALID = 0; 154 CURRENT = 1; 155 }; 156 uint32 selector = 1; 157 bytes signature = 2; 158} 159 160message ResetRequest { 161 enum ResetKind { 162 PRODUCTION = 0; 163 LOCKS = 1; 164 }; 165 166 ResetKind kind = 1; 167 ResetToken token = 2; // optional 168} 169message ResetResponse {} 170 171// GetResetChallenge 172message GetResetChallengeRequest {} 173message GetResetChallengeResponse { 174 uint32 selector = 1; 175 uint64 nonce = 2; 176 bytes device_data = 3; 177} 178 179// ProductionResetTest 180message ProductionResetTestRequest { 181 uint32 selector = 1; 182 uint64 nonce = 2; 183 bytes device_data = 3; 184 bytes signature = 4; 185} 186message ProductionResetTestResponse {} 187 188// BootloaderDone 189message BootloaderDoneRequest {} 190 191message BootloaderDoneResponse {} 192