Add android VBMeta partition format

Signed-off-by: Denis Efremov <[email protected]>

security/android_vbmeta.ksy

@@ -0,0 +1,173 @@
+meta:
+  id: android_vbmeta
+  title: Android VBMeta
+  license: CC0-1.0
+  file-extension: img
+  endian: be
+
+doc: |
+  Verified boot is the process of assuring the end user of the
+  integrity of the software running on a device. The central data
+  structure used in android verified boot is the VBMeta struct.
+  This data structure contains a number of descriptors (and other
+  metadata) and all of this data is cryptographically signed.
+  Descriptors are used for image hashes, image hashtree metadata,
+  and so-called chained partitions. VBMEta struct is stored on a
+  special vbmeta partition on a device.
+
+
+doc-ref:
+  - https://android.googlesource.com/platform/external/avb/
+  - https://android.googlesource.com/platform/external/avb/+/refs/tags/android-11.0.0_r31/libavb/avb_vbmeta_image.h#125
+
+seq:
+  - id: header
+    type: vbmeta_header
+    size: 256
+  - id: authentication_data
+    type: vbmeta_authentication_data
+    size: header.authentication_data_block_size
+  - id: auxiliary_data
+    type: vbmeta_auxiliary_data
+    size: header.auxiliary_data_block_size
+
+types:
+  position:
+    seq:
+      - id: offset
+        type: u8
+      - id: size
+        type: u8
+  vbmeta_version:
+    seq:
+      - id: major
+        type: u4
+        doc: The major version of libavb required for this header.
+      - id: minor
+        type: u4
+        doc: The minor version of libavb required for this header.
+  vbmeta_header:
+    seq:
+      - id: magic
+        contents: AVB0
+        size: 4
+      - id: version
+        type: vbmeta_version
+      - id: authentication_data_block_size
+        type: u8
+        doc: The size of the signature block
+      - id: auxiliary_data_block_size
+        type: u8
+      - id: algorithm_type
+        type: u4
+        enum: algorithm_types
+        doc:  The verification algorithm used, see |AvbAlgorithmType| enum.
+      - id: hash
+        type: position
+        doc: Position of hash data in "Authentication data" block.
+      - id: signature
+        type: position
+        doc: Position of signature data in "Authentication data" block.
+      - id: public_key
+        type: position
+        doc: Position of public key in "Auxiliary data" block.
+      - id: public_key_metadata
+        type: position
+        doc: Position of public key metadata in "Auxiliary data" block.
+      - id: descriptors
+        type: position
+        doc: Position of descriptor data in "Auxiliary data" block.
+      - id: rollback_index
+        type: u8
+        doc: |
+          The rollback index which can be used to prevent rollback to
+          older versions.
+      - id: flags
+        type: u4
+        doc: |
+          Flags from the AvbVBMetaImageFlags enumeration. This must be
+          set to zero if the vbmeta image is not a top-level image.
+      - id: reserved0
+        contents: [0, 0, 0, 0]
+        doc: |
+          Reserved to ensure |release_string| start on a 16-byte boundary.
+          Must be set to zeroes.
+      - id: release_string
+        type: strz
+        size: 48
+        encoding: ASCII
+        doc: |
+          The release string from avbtool, e.g. "avbtool 1.0.0" or
+          "avbtool 1.0.0 xyz_board Git-234abde89". Is guaranteed to be NUL
+          terminated. Applications must not make assumptions about how this
+          string is formatted.
+      - id: reserved
+        size: 80
+        doc: |
+          Padding to ensure struct is size AVB_VBMETA_IMAGE_HEADER_SIZE
+          bytes. This must be set to zeroes.
+    instances:
+      hashtree_disabled:
+        value: flags & (1 << 0)
+      verification_disabled:
+        value: flags & (1 << 1)
+  vbmeta_public_key_header:
+    doc: The header for a serialized RSA public key
+    seq:
+      - id: key_num_bits
+        type: u4
+        doc: The size of the key in bits
+      - id: n0inv
+        type: u4
+        doc: Precomputed value for optimization of verification.
+  vbmeta_descriptor:
+    seq:
+      - id: tag
+        type: u8
+        enum: descriptor_types
+      - id: num_bytes_following
+        type: u8
+      - id: data
+        size: num_bytes_following
+  vbmeta_descriptors:
+    seq:
+      - id: descriptors
+        type: vbmeta_descriptor
+        repeat: eos
+  vbmeta_authentication_data:
+    instances:
+      hash_body:
+        pos: _root.header.hash.offset
+        size: _root.header.hash.size
+      signature_body:
+        pos: _root.header.signature.offset
+        size: _root.header.signature.size
+  vbmeta_auxiliary_data:
+    instances:
+      public_key_body:
+        pos: _root.header.public_key.offset
+        size: _root.header.public_key.size
+        type: vbmeta_public_key_header
+      public_key_metadata_body:
+        pos: _root.header.public_key_metadata.offset
+        size: _root.header.public_key_metadata.size
+      descriptors_body:
+        pos: _root.header.descriptors.offset
+        size: _root.header.descriptors.size
+        type: vbmeta_descriptors
+
+enums:
+  algorithm_types:
+    0: none
+    1: sha256_rsa2048
+    2: sha256_rsa4096
+    3: sha256_rsa8192
+    4: sha512_rsa2048
+    5: sha512_rsa4096
+    6: sha512_rsa8192
+  descriptor_types:
+    0: avb_descriptor_tag_property
+    1: avb_descriptor_tag_hashtree
+    2: avb_descriptor_tag_hash
+    3: avb_descriptor_tag_kernel_cmdline
+    4: avb_descriptor_tag_chain_partition