vboot2: Change preamble to contain a list of signaturesrelease-R40-6457.Bfactory-auron-6459.B

Use struct vb2_signature2 objects to hold the hashes of firmware
components, rather than a separate vb2_fw_preamble2_hash struct.
Better for code reuse.

BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests

Change-Id: Ia9e23c1488a884f2d6fab4c4be51b25d3ff25c2f
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/228241
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>

6 files changed, 30 insertions, 50 deletions

diff --git a/firmware/2lib/2common2.c b/firmware/2lib/2common2.c
index 813e2b65..1dcf53d1 100644
--- a/firmware/2lib/2common2.c
+++ b/firmware/2lib/2common2.c
@@ -353,7 +353,7 @@ int vb2_verify_keyblock2(struct vb2_keyblock2 *block,
 			return rv;
 
 		/* Skip signature if it doesn't match the key GUID */
-		if (memcmp(&sig->key_guid, key->guid, GUID_SIZE))
+		if (memcmp(&sig->guid, key->guid, GUID_SIZE))
 			continue;
 
 		/* Make sure we signed the right amount of data */
diff --git a/firmware/2lib/2packed_key2.c b/firmware/2lib/2packed_key2.c
index 264ca139..c009c2b1 100644
--- a/firmware/2lib/2packed_key2.c
+++ b/firmware/2lib/2packed_key2.c
@@ -92,7 +92,7 @@ int vb2_unpack_key2(struct vb2_public_key *key,
 		key->desc = "";
 
 	key->version = pkey->key_version;
-	key->guid = &pkey->key_guid;
+	key->guid = &pkey->guid;
 
 	return VB2_SUCCESS;
 }
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index e0b252b3..0f7012cb 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -299,10 +299,10 @@ uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg,
 		      enum vb2_hash_algorithm hash_alg);
 
 /**
- * Return a key_guid for an unsigned hash algorithm.
+ * Return a key guid for an unsigned hash algorithm.
  *
  * @param hash_alg	Hash algorithm to return key for
- * @return A pointer to the key_guid for that hash algorithm and
+ * @return A pointer to the key guid for that hash algorithm and
  *	   sig_alg=VB2_SIG_NONE, or NULL if error.
  */
 const struct vb2_guid *vb2_hash_guid(enum vb2_hash_algorithm hash_alg);
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index bfe23559..e988f3f9 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -381,7 +381,7 @@ struct vb2_packed_key2 {
 	uint32_t key_version;
 
 	/* Key GUID */
-	struct vb2_guid key_guid;
+	struct vb2_guid guid;
 } __attribute__((packed));
 
 #define EXPECTED_VB2_PACKED_KEY2_SIZE					\
@@ -419,11 +419,17 @@ struct vb2_signature2 {
 	uint16_t hash_alg;
 
 	/*
-	 * GUID of key used to generate this signature.  This allows the
-	 * firmware to quickly determine which signature block (if any) goes
-	 * with the key being used by the firmware.
+	 * GUID for the signature.
+	 *
+	 * If this is a keyblock signature entry, this is the GUID of the key
+	 * used to generate this signature.  This allows the firmware to
+	 * quickly determine which signature block (if any) goes with the key
+	 * being used by the firmware.
+	 *
+	 * If this is a preamble hash entry, this is the GUID of the data type
+	 * being hashed.  There is no key GUID, because sig_alg=VB2_ALG_NONE.
 	 */
-	struct vb2_guid key_guid;
+	struct vb2_guid guid;
 } __attribute__((packed));
 
 #define EXPECTED_VB2_SIGNATURE2_SIZE					\
@@ -475,6 +481,9 @@ struct vb2_keyblock2 {
 	 * Kernels often have at least two signatures - one using the kernel
 	 * subkey from the RW firmware (for signed kernels) and one which is
 	 * simply a SHA-512 hash (for unsigned developer kernels).
+	 *
+	 * The GUID for each signature indicates which key was used to generate
+	 * the signature.
 	 */
 	uint32_t sig_offset;
 } __attribute__((packed));
@@ -486,20 +495,6 @@ struct vb2_keyblock2 {
 #define VB2_PREAMBLE2_VERSION_MAJOR 3
 #define VB2_PREAMBLE2_VERSION_MINOR 0
 
-/* Single hash entry for the firmware preamble */
-struct vb2_fw_preamble2_hash {
-	/* Type of data being hashed (enum vb2api_hash_tag) */
-	uint32_t tag;
-
-	/* Size of hashed data in bytes */
-	uint32_t data_size;
-
-	/* Hash digest follows this struct */
-	uint8_t digest[0];
-} __attribute__((packed));
-
-#define EXPECTED_VB2_FW_PREAMBLE2_HASH_SIZE 8
-
 /*
  * Firmware preamble
  *
@@ -525,34 +520,22 @@ struct vb2_fw_preamble2 {
 	uint32_t sig_offset;
 
 	/*
-	 * The preamble contains a list of hashes for the various firmware
-	 * components.  The calling firmware is responsible for knowing where
-	 * to find those components, which may be on a different storage device
-	 * than this preamble.
+	 * The preamble contains a list of hashes (struct vb2_signature2) for
+	 * the various firmware components.  These have sig_alg=VB2_SIG_NONE,
+	 * and the GUID for each hash identifies the component being hashed.
+	 * The calling firmware is responsible for knowing where to find those
+	 * components, which may be on a different storage device than this
+	 * preamble.
 	 */
 
 	/* Number of hash entries */
 	uint32_t hash_count;
 
-	/*
-	 * Hash algorithm used (must be same for all entries) (enum
-	 * vb2_hash_algorithm).
-	 */
-	uint16_t hash_alg;
-
-	/* Size of each hash entry, in bytes */
-	uint16_t hash_entry_size;
-
-	/*
-	 * Offset of first hash entry from start of preamble.  Entry N can be
-	 * found at:
-	 *
-	 * (uint8_t *)hdr + hdr->hash_table_offset + N * hdr->hash_entry_size
-	 */
-	uint32_t hash_table_offset;
+	/* Offset of first hash entry from start of preamble */
+	uint32_t hash_offset;
 } __attribute__((packed));
 
-#define EXPECTED_VB2_FW_PREAMBLE2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 24)
+#define EXPECTED_VB2_FW_PREAMBLE2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 20)
 
 /****************************************************************************/
 
diff --git a/tests/vb2_common_tests.c b/tests/vb2_common_tests.c
index e8c7d1f2..ad7635e0 100644
--- a/tests/vb2_common_tests.c
+++ b/tests/vb2_common_tests.c
@@ -165,9 +165,6 @@ static void test_struct_packing(void)
 	TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_SIZE,
 		sizeof(struct vb2_fw_preamble2),
 		"sizeof(vb2_fw_preamble2)");
-	TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_HASH_SIZE,
-		sizeof(struct vb2_fw_preamble2_hash),
-		"sizeof(vb2_fw_preamble2_hash)");
 }
 
 /**
diff --git a/tests/vb2_convert_structs.c b/tests/vb2_convert_structs.c
index 777c7389..0c4a7ec3 100644
--- a/tests/vb2_convert_structs.c
+++ b/tests/vb2_convert_structs.c
@@ -84,11 +84,11 @@ struct vb2_signature2 *vb2_convert_signature2(
 	if (key) {
 		s2.sig_alg = key->sig_alg;
 		s2.hash_alg = key->hash_alg;
-		memcpy(&s2.key_guid, &key->key_guid, GUID_SIZE);
+		memcpy(&s2.guid, &key->guid, GUID_SIZE);
 	} else {
 		s2.sig_alg = VB2_SIG_INVALID;
 		s2.hash_alg = VB2_HASH_INVALID;
-		memset(&s2.key_guid, 0, GUID_SIZE);
+		memset(&s2.guid, 0, GUID_SIZE);
 	}
 
 	/* Allocate the new buffer */
@@ -135,7 +135,7 @@ struct vb2_signature2 *vb2_create_hash_sig(const uint8_t *data,
 	if (!hash_guid || !s.sig_size)
 		return NULL;
 
-	memcpy(&s.key_guid, hash_guid, sizeof(s.key_guid));
+	memcpy(&s.guid, hash_guid, sizeof(s.guid));
 	s.sig_offset = s.c.fixed_size + s.c.desc_size;
 	s.c.total_size = s.sig_offset + s.sig_size;