vboot/secdata: move struct definitions into 2secdata_struct.h

Makes it easier to prevent different parts of vboot from reading
secdata structs without using accessor functions.

BUG=b:124141368, chromium:972956
TEST=make clean && make runtests
BRANCH=none

Change-Id: I407e1409409c6aab0c1f311f7715ce159497961b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776280
Reviewed-by: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>

8 files changed, 136 insertions, 121 deletions

diff --git a/firmware/2lib/2secdata_firmware.c b/firmware/2lib/2secdata_firmware.c
index 74b7ff1f..6f5d2178 100644
--- a/firmware/2lib/2secdata_firmware.c
+++ b/firmware/2lib/2secdata_firmware.c
@@ -10,6 +10,7 @@
 #include "2crc8.h"
 #include "2misc.h"
 #include "2secdata.h"
+#include "2secdata_struct.h"
 
 vb2_error_t vb2api_secdata_firmware_check(struct vb2_context *ctx)
 {
diff --git a/firmware/2lib/2secdata_fwmp.c b/firmware/2lib/2secdata_fwmp.c
index 774a7fa8..d4fda283 100644
--- a/firmware/2lib/2secdata_fwmp.c
+++ b/firmware/2lib/2secdata_fwmp.c
@@ -9,13 +9,7 @@
 #include "2common.h"
 #include "2misc.h"
 #include "2secdata.h"
-
-uint32_t vb2_secdata_fwmp_crc(struct vb2_secdata_fwmp *sec)
-{
-	int version_offset = offsetof(struct vb2_secdata_fwmp, struct_version);
-	return vb2_crc8((void *)sec + version_offset,
-			sec->struct_size - version_offset);
-}
+#include "2secdata_struct.h"
 
 vb2_error_t vb2api_secdata_fwmp_check(struct vb2_context *ctx, uint8_t *size)
 {
diff --git a/firmware/2lib/2secdata_kernel.c b/firmware/2lib/2secdata_kernel.c
index fb9f0b95..2be219f5 100644
--- a/firmware/2lib/2secdata_kernel.c
+++ b/firmware/2lib/2secdata_kernel.c
@@ -10,6 +10,7 @@
 #include "2crc8.h"
 #include "2misc.h"
 #include "2secdata.h"
+#include "2secdata_struct.h"
 
 vb2_error_t vb2api_secdata_kernel_check(struct vb2_context *ctx)
 {
diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h
index 4e6fdda2..99b557de 100644
--- a/firmware/2lib/include/2secdata.h
+++ b/firmware/2lib/include/2secdata.h
@@ -11,9 +11,16 @@
 #include "2api.h"
 
 /*****************************************************************************/
-/* Firmware version space */
+/* Firmware secure storage space */
 
-#define VB2_SECDATA_FIRMWARE_VERSION 2
+/* Which param to get/set for vb2_secdata_firmware_get/set() */
+enum vb2_secdata_firmware_param {
+	/* Flags; see vb2_secdata_firmware_flags */
+	VB2_SECDATA_FIRMWARE_FLAGS = 0,
+
+	/* Firmware versions */
+	VB2_SECDATA_FIRMWARE_VERSIONS,
+};
 
 /* Flags for firmware space */
 enum vb2_secdata_firmware_flags {
@@ -32,103 +39,6 @@ enum vb2_secdata_firmware_flags {
 	VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE = (1 << 1),
 };
 
-struct vb2_secdata_firmware {
-	/* Struct version, for backwards compatibility */
-	uint8_t struct_version;
-
-	/* Flags; see vb2_secdata_firmware_flags */
-	uint8_t flags;
-
-	/* Firmware versions */
-	uint32_t fw_versions;
-
-	/* Reserved for future expansion */
-	uint8_t reserved[3];
-
-	/* CRC; must be last field in struct */
-	uint8_t crc8;
-} __attribute__((packed));
-
-/* Which param to get/set for vb2_secdata_firmware_get/set() */
-enum vb2_secdata_firmware_param {
-	/* Flags; see vb2_secdata_firmware_flags */
-	VB2_SECDATA_FIRMWARE_FLAGS = 0,
-
-	/* Firmware versions */
-	VB2_SECDATA_FIRMWARE_VERSIONS,
-};
-
-/*****************************************************************************/
-/* Kernel version space */
-
-/* Kernel space - KERNEL_NV_INDEX, locked with physical presence. */
-#define VB2_SECDATA_KERNEL_VERSION 2
-#define VB2_SECDATA_KERNEL_UID 0x4752574c  /* 'GRWL' */
-
-struct vb2_secdata_kernel {
-	/* Struct version, for backwards compatibility */
-	uint8_t struct_version;
-
-	/* Unique ID to detect space redefinition */
-	uint32_t uid;
-
-	/* Kernel versions */
-	uint32_t kernel_versions;
-
-	/* Reserved for future expansion */
-	uint8_t reserved[3];
-
-	/* CRC; must be last field in struct */
-	uint8_t crc8;
-} __attribute__((packed));
-
-/* Which param to get/set for vb2_secdata_kernel_get/set() */
-enum vb2_secdata_kernel_param {
-	/* Kernel versions */
-	VB2_SECDATA_KERNEL_VERSIONS = 0,
-};
-
-/*****************************************************************************/
-/* Firmware management parameters (FWMP) space */
-
-#define VB2_SECDATA_FWMP_VERSION 0x10  /* 1.0 */
-#define VB2_SECDATA_FWMP_HASH_SIZE 32  /* enough for SHA-256 */
-
-/* Flags for FWMP space */
-enum vb2_secdata_fwmp_flags {
-	VB2_SECDATA_FWMP_DEV_DISABLE_BOOT = (1 << 0),
-	VB2_SECDATA_FWMP_DEV_DISABLE_RECOVERY = (1 << 1),
-	VB2_SECDATA_FWMP_DEV_ENABLE_USB = (1 << 2),
-	VB2_SECDATA_FWMP_DEV_ENABLE_LEGACY = (1 << 3),
-	VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY = (1 << 4),
-	VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5),
-	/* CCD = case-closed debugging on cr50; flag implemented on cr50 */
-	VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6),
-};
-
-struct vb2_secdata_fwmp {
-	/* CRC-8 of fields following struct_size */
-	uint8_t crc8;
-
-	/* Structure size in bytes */
-	uint8_t struct_size;
-
-	/* Structure version (4 bits major, 4 bits minor) */
-	uint8_t struct_version;
-
-	/* Reserved; ignored by current reader */
-	uint8_t reserved0;
-
-	/* Flags; see enum vb2_secdata_fwmp_flags */
-	uint32_t flags;
-
-	/* Hash of developer kernel key */
-	uint8_t dev_key_hash[VB2_SECDATA_FWMP_HASH_SIZE];
-};
-
-/*****************************************************************************/
-/* Firmware secure storage space functions */
-
 /**
  * Initialize firmware secure storage context and verify its CRC.
  *
@@ -164,12 +74,18 @@ vb2_error_t vb2_secdata_firmware_set(struct vb2_context *ctx,
 				     uint32_t value);
 
 /*****************************************************************************/
-/* Kernel secure storage space functions
+/* Kernel secure storage space
  *
  * These are separate functions so that they don't bloat the size of the early
  * boot code which uses the firmware version space functions.
  */
 
+/* Which param to get/set for vb2_secdata_kernel_get/set() */
+enum vb2_secdata_kernel_param {
+	/* Kernel versions */
+	VB2_SECDATA_KERNEL_VERSIONS = 0,
+};
+
 /**
  * Initialize kernel secure storage context and verify its CRC.
  *
@@ -205,20 +121,19 @@ vb2_error_t vb2_secdata_kernel_set(struct vb2_context *ctx,
 				   uint32_t value);
 
 /*****************************************************************************/
-/* Firmware management parameters (FWMP) space functions */
+/* Firmware management parameters (FWMP) space */
 
-/**
- * Generate CRC for FWMP secure storage space.
- *
- * Calculate CRC hash from struct_version onward.  Should not be used;
- * prototype only in header for use by unittests.
- *
- * In valid FWMP data, this CRC value should match the crc8 field.
- *
- * @param sec		Pointer to FWMP struct
- * @return 32-bit CRC hash of FWMP data
- */
-uint32_t vb2_secdata_fwmp_crc(struct vb2_secdata_fwmp *sec);
+/* Flags for FWMP space */
+enum vb2_secdata_fwmp_flags {
+	VB2_SECDATA_FWMP_DEV_DISABLE_BOOT = (1 << 0),
+	VB2_SECDATA_FWMP_DEV_DISABLE_RECOVERY = (1 << 1),
+	VB2_SECDATA_FWMP_DEV_ENABLE_USB = (1 << 2),
+	VB2_SECDATA_FWMP_DEV_ENABLE_LEGACY = (1 << 3),
+	VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY = (1 << 4),
+	VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5),
+	/* CCD = case-closed debugging on cr50; flag implemented on cr50 */
+	VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6),
+};
 
 /**
  * Initialize FWMP secure storage context and verify its CRC.
diff --git a/firmware/2lib/include/2secdata_struct.h b/firmware/2lib/include/2secdata_struct.h
new file mode 100644
index 00000000..92c2408c
--- /dev/null
+++ b/firmware/2lib/include/2secdata_struct.h
@@ -0,0 +1,102 @@
+/* Copyright 2019 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Secure non-volatile storage data structure definitions
+ */
+
+#ifndef VBOOT_REFERENCE_2SECDATA_STRUCT_H_
+#define VBOOT_REFERENCE_2SECDATA_STRUCT_H_
+
+#include "2crc8.h"
+#include "2sysincludes.h"
+
+/*****************************************************************************/
+/* Firmware secure storage space */
+
+#define VB2_SECDATA_FIRMWARE_VERSION 2
+
+struct vb2_secdata_firmware {
+	/* Struct version, for backwards compatibility */
+	uint8_t struct_version;
+
+	/* Flags; see vb2_secdata_firmware_flags */
+	uint8_t flags;
+
+	/* Firmware versions */
+	uint32_t fw_versions;
+
+	/* Reserved for future expansion */
+	uint8_t reserved[3];
+
+	/* CRC; must be last field in struct */
+	uint8_t crc8;
+} __attribute__((packed));
+
+/*****************************************************************************/
+/* Kernel secure storage space */
+
+/* Kernel space - KERNEL_NV_INDEX, locked with physical presence. */
+#define VB2_SECDATA_KERNEL_VERSION 2
+#define VB2_SECDATA_KERNEL_UID 0x4752574c  /* 'LWRG' */
+
+struct vb2_secdata_kernel {
+	/* Struct version, for backwards compatibility */
+	uint8_t struct_version;
+
+	/* Unique ID to detect space redefinition */
+	uint32_t uid;
+
+	/* Kernel versions */
+	uint32_t kernel_versions;
+
+	/* Reserved for future expansion */
+	uint8_t reserved[3];
+
+	/* CRC; must be last field in struct */
+	uint8_t crc8;
+} __attribute__((packed));
+
+/*****************************************************************************/
+/* Firmware management parameters (FWMP) space */
+
+#define VB2_SECDATA_FWMP_VERSION 0x10  /* 1.0 */
+#define VB2_SECDATA_FWMP_HASH_SIZE 32  /* enough for SHA-256 */
+
+struct vb2_secdata_fwmp {
+	/* CRC-8 of fields following struct_size */
+	uint8_t crc8;
+
+	/* Structure size in bytes */
+	uint8_t struct_size;
+
+	/* Structure version (4 bits major, 4 bits minor) */
+	uint8_t struct_version;
+
+	/* Reserved; ignored by current reader */
+	uint8_t reserved0;
+
+	/* Flags; see enum vb2_secdata_fwmp_flags */
+	uint32_t flags;
+
+	/* Hash of developer kernel key */
+	uint8_t dev_key_hash[VB2_SECDATA_FWMP_HASH_SIZE];
+};
+
+/**
+ * Generate CRC for FWMP secure storage space.
+ *
+ * Calculate CRC hash from struct_version onward.  In valid FWMP data, this CRC
+ * value should match the crc8 field.
+ *
+ * @param sec		Pointer to FWMP struct
+ * @return 32-bit CRC hash of FWMP data
+ */
+static __inline uint32_t vb2_secdata_fwmp_crc(struct vb2_secdata_fwmp *sec)
+{
+	int version_offset = offsetof(struct vb2_secdata_fwmp, struct_version);
+	return vb2_crc8((void *)sec + version_offset,
+			sec->struct_size - version_offset);
+}
+
+#endif  /* VBOOT_REFERENCE_2SECDATA_STRUCT_H_ */
diff --git a/tests/vb2_secdata_firmware_tests.c b/tests/vb2_secdata_firmware_tests.c
index d20ee709..45e38347 100644
--- a/tests/vb2_secdata_firmware_tests.c
+++ b/tests/vb2_secdata_firmware_tests.c
@@ -10,6 +10,7 @@
 #include "2crc8.h"
 #include "2misc.h"
 #include "2secdata.h"
+#include "2secdata_struct.h"
 #include "2sysincludes.h"
 #include "test_common.h"
 #include "vboot_common.h"
diff --git a/tests/vb2_secdata_fwmp_tests.c b/tests/vb2_secdata_fwmp_tests.c
index 06a89fdf..d6ba934b 100644
--- a/tests/vb2_secdata_fwmp_tests.c
+++ b/tests/vb2_secdata_fwmp_tests.c
@@ -8,7 +8,7 @@
 #include "2common.h"
 #include "2misc.h"
 #include "2secdata.h"
-#include "2struct.h"
+#include "2secdata_struct.h"
 #include "test_common.h"
 
 static uint8_t workbuf[VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE]
diff --git a/tests/vb2_secdata_kernel_tests.c b/tests/vb2_secdata_kernel_tests.c
index e278b86e..d2abe10d 100644
--- a/tests/vb2_secdata_kernel_tests.c
+++ b/tests/vb2_secdata_kernel_tests.c
@@ -10,6 +10,7 @@
 #include "2crc8.h"
 #include "2misc.h"
 #include "2secdata.h"
+#include "2secdata_struct.h"
 #include "2sysincludes.h"
 #include "test_common.h"
 #include "vboot_common.h"