1// Copyright 2019-2020 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package aftl; 18option go_package = "proto"; 19 20import "trillian.proto"; 21 22message InclusionProof { 23 trillian.Proof proof = 1; 24 trillian.SignedLogRoot sth = 2; 25} 26 27message AddVBMetaRequest { 28 // VBMeta structure as described in 29 // https://android.googlesource.com/platform/external/avb/+/master/README.md. 30 // In case of chained partitions, each VBMeta is added via a separate call. 31 // The default size for gRPC payload is about 4MB. We expect vbmeta to be 32 // in the order of 64kB. 33 bytes vbmeta = 1; 34 35 // Serialized SignedVBMetaPrimaryAnnotation. This annotation contains the hash 36 // of the vbmeta structure. It is signed using the manufacturer key. 37 // See types/types.go. 38 bytes signed_vbmeta_primary_annotation = 2; 39} 40 41message AddVBMetaResponse { 42 // Inclusion proof and the leaf that was added to the log, which contains 43 // the annotation on VBMeta. 44 // It is required to have the complete leaf to validate the inclusion proof. 45 // For on-device verification, only these first 2 fields are required to 46 // validate the inclusion. 47 InclusionProof annotation_proof = 1; 48 bytes annotation_leaf = 2; 49 50 // Inclusion proof and leaf that was added to the log, which contains the full 51 // vbmeta partition. 52 // These fields are NOT required for validation but can still be recorded by a 53 // vendor to prove that the complete VBMeta was submitted. 54 InclusionProof vbmeta_proof = 3; 55 bytes vbmeta_leaf = 4; 56} 57 58message AnnotateVBMetaWithBuildRequest { 59 // Serialized SignedVBMetaBuildAnnotation. This annotation contains the hash 60 // of the full build image. See types/types.go. 61 bytes signed_vbmeta_build_annotation = 1; 62 63 // Bytes of the binary images. The hash value of the concatenation of these 64 // chunk is contained in SignedVBMetaBuildAnnotation. 65 // This is ignored if any of the requests origin_url is set. 66 bytes image_chunk = 2; 67 68 // Origin location of image. It is used to get a copy of the binary image 69 // from another server (e.g., Google Cloud Storage). 70 string origin_url = 3; 71} 72 73message AnnotateVBMetaWithBuildResponse { 74 // Inclusion proof and leaf for the firmware image. The leaf contains the URL 75 // where the image was stored. 76 // It is not required for vendors to keep this information. However, this can 77 // be used for their records to ensure the correctness of the log. 78 InclusionProof annotation_proof = 1; 79 bytes annotation_leaf = 2; 80} 81 82service AFTLog { 83 84 // Insert a new VBMeta structure into the log. 85 // This request will effectively create 2 log entries: 86 // - VBMeta itself 87 // - Vendor annotations, which includes a reference to the VBMeta. 88 rpc AddVBMeta(AddVBMetaRequest) returns (AddVBMetaResponse) {} 89 90 // Upload (or copy) the complete firmware image. 91 rpc AnnotateVBMetaWithBuild(stream AnnotateVBMetaWithBuildResponse) returns (AnnotateVBMetaWithBuildResponse) {} 92 93 // TODO(tweek): GetProofByHash, GetSthConsistency, GetEntries, GetRootKeys 94} 95