blob: 7c99e81a8884eb59317b1113255a7757bc20b577 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
/* Copyright 2015 The ChromiumOS Authors
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#ifndef __CROS_EC_SIGNED_HEADER_H
#define __CROS_EC_SIGNED_HEADER_H
#include "compile_time_macros.h"
#include "stdint.h"
#define FUSE_PADDING 0x55555555 /* baked in hw! */
#define FUSE_IGNORE 0xa3badaac /* baked in rom! */
#define FUSE_MAX 128 /* baked in rom! */
#define INFO_MAX 128 /* baked in rom! */
#define INFO_IGNORE 0xaa3c55c3 /* baked in rom! */
#define MAGIC_HAVEN 0xFFFFFFFF
#define MAGIC_DAUNTLESS 0xFFFFFFFD
/* Default value for _pad[] words */
#define SIGNED_HEADER_PADDING 0x33333333
struct SignedHeader {
uint32_t magic; /* -1 (thanks, boot_sys!) */
uint32_t signature[96];
uint32_t img_chk_; /* top 32 bit of expected img_hash */
/* --------------------- everything below is part of img_hash */
uint32_t tag[7]; /* words 0-6 of RWR/FWR */
uint32_t keyid; /* word 7 of RWR */
uint32_t key[96]; /* public key to verify signature with */
uint32_t image_size;
uint32_t ro_base; /* readonly region */
uint32_t ro_max;
uint32_t rx_base; /* executable region */
uint32_t rx_max;
uint32_t fusemap[FUSE_MAX / (8 * sizeof(uint32_t))];
uint32_t infomap[INFO_MAX / (8 * sizeof(uint32_t))];
uint32_t epoch_; /* word 7 of FWR */
uint32_t major_; /* keyladder count */
uint32_t minor_;
uint64_t timestamp_; /* time of signing */
uint32_t p4cl_;
/* bits to and with FUSE_FW_DEFINED_BROM_APPLYSEC */
uint32_t applysec_;
/* bits to mesh with FUSE_FW_DEFINED_BROM_CONFIG1 */
uint32_t config1_;
/* bits to or with FUSE_FW_DEFINED_BROM_ERR_RESPONSE */
uint32_t err_response_;
/* action to take when expectation is violated */
uint32_t expect_response_;
union {
// 2nd FIPS signature (gnubby RW / Cr51)
struct {
uint32_t keyid;
uint32_t r[8];
uint32_t s[8];
} ext_sig;
// FLASH trim override (Dauntless RO)
// iff config1_ & 65536
struct {
uint32_t FSH_SMW_SETTING_OPTION3;
uint32_t FSH_SMW_SETTING_OPTION2;
uint32_t FSH_SMW_SETTING_OPTIONA;
uint32_t FSH_SMW_SETTING_OPTIONB;
uint32_t FSH_SMW_SMP_WHV_OPTION1;
uint32_t FSH_SMW_SMP_WHV_OPTION0;
uint32_t FSH_SMW_SME_WHV_OPTION1;
uint32_t FSH_SMW_SME_WHV_OPTION0;
} fsh;
} u;
/* Padding to bring the total structure size to 1K. */
uint32_t _pad[5];
struct {
unsigned size:12;
unsigned offset:20;
} swap_mark;
/* Field for managing updates between RW product families. */
uint32_t rw_product_family_;
/* Board ID type, mask, flags (stored ^SIGNED_HEADER_PADDING) */
uint32_t board_id_type;
uint32_t board_id_type_mask;
uint32_t board_id_flags;
uint32_t dev_id0_; /* node id, if locked */
uint32_t dev_id1_;
uint32_t fuses_chk_; /* top 32 bit of expected fuses hash */
uint32_t info_chk_; /* top 32 bit of expected info hash */
};
BUILD_ASSERT(sizeof(struct SignedHeader) == 1024);
BUILD_ASSERT(offsetof(struct SignedHeader, info_chk_) == 1020);
#define TOP_IMAGE_SIZE_BIT (1 << \
(sizeof(((struct SignedHeader *)0)->image_size) * 8 - 1))
/*
* It is a mere convention, but all prod keys are required to have key IDs
* such, that bit D2 is set, and all dev keys are required to have key IDs
* such, that bit D2 is not set.
*
* This convention is enforced at the key generation time.
*/
#define G_SIGNED_FOR_PROD(h) ((h)->keyid & BIT(2))
#endif /* __CROS_EC_SIGNED_HEADER_H */
|
