vboot: clean up vboot_struct.h

It only needs to contain VbSharedDataHeader definition, and it
can be made private to vboot_reference now.

Move kernel verification-related structs to vboot_kernel.h.

Also, since the related constants VBSD_LF_CHECK_* are being
removed in this CL, deprecate the RO_INVALID_RW_CHECK_MIN
recovery reason, which was originally dismantled in CL:1863624.

BUG=b:124141368, chromium:1038260
TEST=make clean && make runtests
BRANCH=none

Change-Id: Ie6937cda6c3ba987031ba770ec9f1fb0ffa9cf3a
Cq-Depend: chromium:2070292, chromium:2073461, chrome-internal:2634199
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2066302
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>

5 files changed, 246 insertions, 330 deletions

diff --git a/firmware/2lib/include/2recovery_reasons.h b/firmware/2lib/include/2recovery_reasons.h
index d76b142a..ba7beb8f 100644
--- a/firmware/2lib/include/2recovery_reasons.h
+++ b/firmware/2lib/include/2recovery_reasons.h
@@ -58,9 +58,9 @@ enum vb2_nv_recovery {
 	 * RW firmware failed signature check (neither RW firmware slot was
 	 * valid).  Recovery reason is VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN +
 	 * the check value for the slot which came closest to validating; see
-	 * VBSD_LF_CHECK_* in vboot_struct.h.
+	 * VBSD_LF_CHECK_* in vboot_struct.h (deprecated).
 	 */
-	VB2_RECOVERY_RO_INVALID_RW_CHECK_MIN = 0x10,
+	VB2_RECOVERY_DEPRECATED_RO_INVALID_RW_CHECK_MIN = 0x10,
 
 	/* Latest tried RW firmware keyblock verification failed */
 	VB2_RECOVERY_FW_KEYBLOCK = 0x13,
diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h
deleted file mode 100644
index bfdc1f0b..00000000
--- a/firmware/include/vboot_struct.h
+++ /dev/null
@@ -1,327 +0,0 @@
-/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Data structure definitions for verified boot, for on-disk / in-eeprom
- * data.
- */
-
-#ifndef VBOOT_REFERENCE_VBOOT_STRUCT_H_
-#define VBOOT_REFERENCE_VBOOT_STRUCT_H_
-
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif  /* __cplusplus */
-
-/* Constants and sub-structures for VbSharedDataHeader */
-
-/* Magic number for recognizing VbSharedDataHeader ("VbSD") */
-#define VB_SHARED_DATA_MAGIC 0x44536256
-
-/*
- * Flags for VbSharedDataHeader
- *
- * TODO(b:124141368): Move these constants into crossystem once they are
- * no longer needed in vboot2 code.
- */
-
-/* LoadFirmware() tried firmware B because of VbNvStorage firmware B tries;
-   Deprecated as part of chromium:1010389. */
-#define VBSD_DEPRECATED_FWB_TRIED        0x00000001
-/*
- * LoadKernel() verified the good kernel keyblock using the kernel subkey from
- * the firmware.  If this flag is not present, it just used the hash of the
- * kernel keyblock.
- */
-#define VBSD_KERNEL_KEY_VERIFIED         0x00000002
-/* LoadFirmware() was told the developer switch was on;
-   Deprecated as part of chromium:1038260 */
-#define VBSD_DEPRECATED_LF_DEV_SWITCH_ON 0x00000004
-/*
- * LoadFirmware() is requesting the read only normal/dev code path.  This is
- * deprecated and unsupported by current firmware.
- */
-#define VBSD_DEPRECATED_LF_USE_RO_NORMAL 0x00000008
-/* Developer switch was enabled at boot time */
-#define VBSD_BOOT_DEV_SWITCH_ON          0x00000010
-/* Recovery switch was enabled at boot time */
-#define VBSD_BOOT_REC_SWITCH_ON          0x00000020
-/* Firmware write protect was enabled at boot time */
-#define VBSD_BOOT_FIRMWARE_WP_ENABLED    0x00000040
-/* Boot is a S3->S0 resume, not a S5->S0 normal boot;
-   Deprecated as part of CL:347257. */
-#define VBSD_DEPRECATED_BOOT_S3_RESUME   0x00000100
-/* Read-only firmware supports the normal/developer code path;
-   Deprecated as part of CL:347257. */
-#define VBSD_DEPRECATED_BOOT_RO_NORMAL_SUPPORT 0x00000200
-/* VbInit() was told that the system has a virtual dev-switch;
-   Deprecated as part of chromium:942901. */
-#define VBSD_DEPRECATED_HONOR_VIRT_DEV_SWITCH 0x00000400
-/* VbInit() was told the system supports EC software sync */
-#define VBSD_EC_SOFTWARE_SYNC            0x00000800
-/* VbInit() was told that the EC firmware is slow to update;
-   Deprecated as part of chromium:1038259 */
-#define VBSD_DEPRECATED_EC_SLOW_UPDATE   0x00001000
-/* Firmware software write protect was enabled at boot time.
-   Crossystem support deprecated as part of CL:575389. */
-#define VBSD_DEPRECATED_BOOT_FIRMWARE_SW_WP_ENABLED 0x00002000
-/* VbInit() was told that the recovery button is a virtual one;
-   Deprecated as part of chromium:943150 */
-#define VBSD_DEPRECATED_BOOT_REC_SWITCH_VIRTUAL 0x00004000
-/* Firmware used vboot2 for firmware selection */
-#define VBSD_BOOT_FIRMWARE_VBOOT2        0x00008000
-/* Firmware needs VGA Option ROM to display screens;
-   Deprecated as part of chromium:948529 */
-#define VBSD_DEPRECATED_OPROM_MATTERS    0x00010000
-/* Firmware has loaded the VGA Option ROM;
-   Deprecated as part of chromium:948529 */
-#define VBSD_DEPRECATED_OPROM_LOADED     0x00020000
-/* Don't try for boot failures;
- * Deprecated as part of chromium:1038260 */
-#define VBSD_DEPRECATED_NOFAIL_BOOT      0x00040000
-/* VbInit() was told that the EC firmware supports EFS
-   Deprecated as part of chromium:1038259 */
-#define VBSD_DEPRECATED_EC_EFS           0x00080000
-/* NvStorage uses 64-byte record, not 16-byte */
-#define VBSD_NVDATA_V2                   0x00100000
-
-/* Result codes for VbSharedDataHeader.check_fw_a_result (and b_result) */
-#define VBSD_LF_CHECK_NOT_DONE          0
-#define VBSD_LF_CHECK_DEV_MISMATCH      1
-#define VBSD_LF_CHECK_REC_MISMATCH      2
-#define VBSD_LF_CHECK_VERIFY_KEYBLOCK   3
-#define VBSD_LF_CHECK_KEY_ROLLBACK      4
-#define VBSD_LF_CHECK_DATA_KEY_PARSE    5
-#define VBSD_LF_CHECK_VERIFY_PREAMBLE   6
-#define VBSD_LF_CHECK_FW_ROLLBACK       7
-#define VBSD_LF_CHECK_HEADER_VALID      8
-#define VBSD_LF_CHECK_GET_FW_BODY       9
-#define VBSD_LF_CHECK_HASH_WRONG_SIZE   10
-#define VBSD_LF_CHECK_VERIFY_BODY       11
-#define VBSD_LF_CHECK_VALID             12
-/*
- * Read-only normal path requested by firmware preamble, but unsupported by
- * firmware.
- */
-#define VBSD_LF_CHECK_NO_RO_NORMAL      13
-
-/* Boot mode for VbSharedDataHeader.lk_boot_mode */
-#define VBSD_LK_BOOT_MODE_RECOVERY      0
-#define VBSD_LK_BOOT_MODE_NORMAL        1
-#define VBSD_LK_BOOT_MODE_DEVELOPER     2
-
-/* Flags for VbSharedDataKernelPart.flags */
-#define VBSD_LKP_FLAG_KEYBLOCK_VALID   0x01
-
-/* Result codes for VbSharedDataKernelPart.check_result */
-#define VBSD_LKP_CHECK_NOT_DONE           0
-#define VBSD_LKP_CHECK_TOO_SMALL          1
-#define VBSD_LKP_CHECK_READ_START         2
-#define VBSD_LKP_CHECK_KEYBLOCK_SIG      3
-#define VBSD_LKP_CHECK_KEYBLOCK_HASH     4
-#define VBSD_LKP_CHECK_DEV_MISMATCH       5
-#define VBSD_LKP_CHECK_REC_MISMATCH       6
-#define VBSD_LKP_CHECK_KEY_ROLLBACK       7
-#define VBSD_LKP_CHECK_DATA_KEY_PARSE     8
-#define VBSD_LKP_CHECK_VERIFY_PREAMBLE    9
-#define VBSD_LKP_CHECK_KERNEL_ROLLBACK    10
-#define VBSD_LKP_CHECK_PREAMBLE_VALID     11
-/*
- * Body load address check is omitted; this result code is deprecated and not
- * used anywhere in the codebase.
- */
-#define VBSD_LKP_CHECK_BODY_ADDRESS       12
-#define VBSD_LKP_CHECK_BODY_OFFSET        13
-#define VBSD_LKP_CHECK_SELF_SIGNED        14
-#define VBSD_LKP_CHECK_BODY_EXCEEDS_MEM   15
-#define VBSD_LKP_CHECK_BODY_EXCEEDS_PART  16
-#define VBSD_LKP_CHECK_READ_DATA          17
-#define VBSD_LKP_CHECK_VERIFY_DATA        18
-#define VBSD_LKP_CHECK_KERNEL_GOOD        19
-
-/* Information about a single kernel partition check in LoadKernel() */
-typedef struct VbSharedDataKernelPart {
-	uint64_t sector_start;     /* Start sector of partition */
-	uint64_t sector_count;     /* Sector count of partition */
-	uint32_t combined_version; /* Combined key+kernel version */
-	uint8_t gpt_index;         /* Index of partition in GPT */
-	uint8_t check_result;      /* Check result; see VBSD_LKP_CHECK_* */
-	uint8_t flags;             /* Flags (see VBSD_LKP_FLAG_* */
-	uint8_t reserved0;         /* Reserved for padding */
-} VbSharedDataKernelPart;
-
-/* Number of kernel partitions to track per call.  Must be power of 2. */
-#define VBSD_MAX_KERNEL_PARTS 8
-
-/* Result codes for VbSharedDataKernelCall.check_result */
-#define VBSD_LKC_CHECK_NOT_DONE            0
-#define VBSD_LKC_CHECK_DEV_SWITCH_MISMATCH 1
-#define VBSD_LKC_CHECK_GPT_READ_ERROR      2
-#define VBSD_LKC_CHECK_GPT_PARSE_ERROR     3
-#define VBSD_LKC_CHECK_GOOD_PARTITION      4
-#define VBSD_LKC_CHECK_INVALID_PARTITIONS  5
-#define VBSD_LKC_CHECK_NO_PARTITIONS       6
-
-/* Information about a single call to LoadKernel() */
-typedef struct VbSharedDataKernelCall {
-	/* Bottom 32 bits of flags passed in LoadKernelParams.boot_flags */
-	uint32_t boot_flags;
-	/* Debug flags; see VBSD_LK_FLAG_* */
-	uint32_t flags;
-	/* Number of sectors on drive */
-	uint64_t sector_count;
-	/* Sector size in bytes */
-	uint32_t sector_size;
-	/* Check result; see VBSD_LKC_CHECK_* */
-	uint8_t check_result;
-	/* Boot mode for LoadKernel(); see VBSD_LK_BOOT_MODE_* constants */
-	uint8_t boot_mode;
-	/* Test error number, if non-zero */
-	uint8_t test_error_num;
-	/* Return code from LoadKernel() */
-	uint8_t return_code;
-	/* Number of kernel partitions found */
-	uint8_t kernel_parts_found;
-	/* Reserved for padding */
-	uint8_t reserved0[7];
-	/* Data on kernels */
-	VbSharedDataKernelPart parts[VBSD_MAX_KERNEL_PARTS];
-} VbSharedDataKernelCall;
-
-/* Number of kernel calls to track.  Must be power of 2. */
-#define VBSD_MAX_KERNEL_CALLS 4
-
-/*
- * Data shared between LoadFirmware(), LoadKernel(), and OS.
- *
- * The boot process is:
- *   1) Caller allocates buffer, at least VB_SHARED_DATA_MIN bytes, ideally
- *      VB_SHARED_DATA_REC_SIZE bytes.
- *   2) If non-recovery boot, this is passed to LoadFirmware(), which
- *      initializes the buffer, adding this header and some data.
- *   3) Buffer is passed to LoadKernel().  If this is a recovery boot,
- *      LoadKernel() initializes the buffer, adding this header.  Regardless
- *      of boot type, LoadKernel() adds some data to the buffer.
- *   4) Caller makes data available to the OS in a platform-dependent manner.
- *      For example, via ACPI or ATAGs.
- */
-typedef struct VbSharedDataHeader {
-	/* Fields present in version 1 */
-	/* Magic number for struct (VB_SHARED_DATA_MAGIC) */
-	uint32_t magic;
-	/* Version of this structure */
-	uint32_t struct_version;
-	/* Size of this structure in bytes */
-	uint64_t struct_size;
-	/* Size of shared data buffer in bytes */
-	uint64_t data_size;
-	/* Amount of shared data used so far */
-	uint64_t data_used;
-	/* Flags */
-	uint32_t flags;
-	/* Reserved for padding */
-	uint32_t reserved0;
-	/* Previously, kernel subkey, from firmware (struct vb2_packed_key).
-	   Now we use vboot2 workbuf for storage. */
-	uint8_t reserved1[32];
-	/* Offset of kernel subkey data from start of this struct */
-	uint64_t kernel_subkey_data_offset;
-	/* Size of kernel subkey data */
-	uint64_t kernel_subkey_data_size;
-
-	/*
-	 * These timer values are all deprecated.  coreboot tstamp_table should
-	 * be used instead.  See crosbug.com/1014102.
-	 */
-	/* VbInit() enter/exit */
-	uint64_t timer_vb_init_enter;
-	uint64_t timer_vb_init_exit;
-	/* VbSelectFirmware() enter/exit */
-	uint64_t timer_vb_select_firmware_enter;
-	uint64_t timer_vb_select_firmware_exit;
-	/* VbSelectAndLoadKernel() enter/exit */
-	uint64_t timer_vb_select_and_load_kernel_enter;
-	uint64_t timer_vb_select_and_load_kernel_exit;
-
-	/* Information stored in TPM, as retrieved by firmware */
-	/* Current firmware version in TPM */
-	uint32_t fw_version_tpm;
-	/* Current kernel version in TPM */
-	uint32_t kernel_version_tpm;
-
-	/* Debugging information from LoadFirmware() */
-	/* Result of checking RW firmware A and B */
-	uint8_t check_fw_a_result;
-	uint8_t check_fw_b_result;
-	/* Firmware index returned by LoadFirmware() or 0xFF if failure */
-	uint8_t firmware_index;
-	/* Reserved for padding */
-	uint8_t reserved2;
-	/* Firmware TPM version at start of VbSelectFirmware() */
-	uint32_t fw_version_tpm_start;
-	/* Firmware lowest version found */
-	uint32_t fw_version_lowest;
-
-	/* Debugging information from LoadKernel() */
-	/* Number of times LoadKernel() called */
-	uint32_t lk_call_count;
-	/* Info on calls */
-	VbSharedDataKernelCall lk_calls[VBSD_MAX_KERNEL_CALLS];
-
-	/*
-	 * Offset and size of supplemental kernel data.  Reserve space for
-	 * these fields now, so that future LoadKernel() versions can store
-	 * information there without needing to shift down whatever data the
-	 * original LoadFirmware() might have put immediately following its
-	 * VbSharedDataHeader.
-	 */
-	uint64_t kernel_supplemental_offset;
-	uint64_t kernel_supplemental_size;
-
-	/*
-	 * Fields added in version 2.  Before accessing, make sure that
-	 * struct_version >= 2
-	 */
-	/* Recovery reason for current boot */
-	uint8_t recovery_reason;
-	/* Reserved for padding */
-	uint8_t reserved3[7];
-	/* Flags from firmware keyblock */
-	uint64_t fw_keyblock_flags;
-	/* Kernel TPM version at start of VbSelectAndLoadKernel() */
-	uint32_t kernel_version_tpm_start;
-	/* Kernel lowest version found */
-	uint32_t kernel_version_lowest;
-
-	/*
-	 * After read-only firmware which uses version 2 is released, any
-	 * additional fields must be added below, and the struct version must
-	 * be increased.  Before reading/writing those fields, make sure that
-	 * the struct being accessed is at least version 3.
-	 *
-	 * It's always ok for an older firmware to access a newer struct, since
-	 * all the fields it knows about are present.  Newer firmware needs to
-	 * use reasonable defaults when accessing older structs.
-	 */
-} __attribute__((packed)) VbSharedDataHeader;
-
-/* Size of VbSharedDataheader for each version */
-#define VB_SHARED_DATA_HEADER_SIZE_V1 1072
-#define VB_SHARED_DATA_HEADER_SIZE_V2 1096
-
-_Static_assert(VB_SHARED_DATA_HEADER_SIZE_V1
-	       == offsetof(VbSharedDataHeader, recovery_reason),
-	       "VB_SHARED_DATA_HEADER_SIZE_V1 incorrect");
-
-_Static_assert(VB_SHARED_DATA_HEADER_SIZE_V2 == sizeof(VbSharedDataHeader),
-	       "VB_SHARED_DATA_HEADER_SIZE_V2 incorrect");
-
-#define VB_SHARED_DATA_VERSION 2  /* Version for struct_version */
-
-#ifdef __cplusplus
-}
-#endif  /* __cplusplus */
-
-#endif  /* VBOOT_REFERENCE_VBOOT_STRUCT_H_ */
diff --git a/firmware/lib/include/vboot_kernel.h b/firmware/lib/include/vboot_kernel.h
index 6f1a31d0..eb15e5e2 100644
--- a/firmware/lib/include/vboot_kernel.h
+++ b/firmware/lib/include/vboot_kernel.h
@@ -16,6 +16,84 @@
 
 struct vb2_context;
 
+/* Flags for VbSharedDataKernelPart.flags */
+#define VBSD_LKP_FLAG_KEYBLOCK_VALID   0x01
+
+/* Result codes for VbSharedDataKernelPart.check_result */
+#define VBSD_LKP_CHECK_NOT_DONE           0
+#define VBSD_LKP_CHECK_TOO_SMALL          1
+#define VBSD_LKP_CHECK_READ_START         2
+#define VBSD_LKP_CHECK_KEYBLOCK_SIG      3
+#define VBSD_LKP_CHECK_KEYBLOCK_HASH     4
+#define VBSD_LKP_CHECK_DEV_MISMATCH       5
+#define VBSD_LKP_CHECK_REC_MISMATCH       6
+#define VBSD_LKP_CHECK_KEY_ROLLBACK       7
+#define VBSD_LKP_CHECK_DATA_KEY_PARSE     8
+#define VBSD_LKP_CHECK_VERIFY_PREAMBLE    9
+#define VBSD_LKP_CHECK_KERNEL_ROLLBACK    10
+#define VBSD_LKP_CHECK_PREAMBLE_VALID     11
+/*
+ * Body load address check is omitted; this result code is deprecated and not
+ * used anywhere in the codebase.
+ */
+#define VBSD_LKP_CHECK_BODY_ADDRESS       12
+#define VBSD_LKP_CHECK_BODY_OFFSET        13
+#define VBSD_LKP_CHECK_SELF_SIGNED        14
+#define VBSD_LKP_CHECK_BODY_EXCEEDS_MEM   15
+#define VBSD_LKP_CHECK_BODY_EXCEEDS_PART  16
+#define VBSD_LKP_CHECK_READ_DATA          17
+#define VBSD_LKP_CHECK_VERIFY_DATA        18
+#define VBSD_LKP_CHECK_KERNEL_GOOD        19
+
+/* Information about a single kernel partition check in LoadKernel() */
+typedef struct VbSharedDataKernelPart {
+	uint64_t sector_start;     /* Start sector of partition */
+	uint64_t sector_count;     /* Sector count of partition */
+	uint32_t combined_version; /* Combined key+kernel version */
+	uint8_t gpt_index;         /* Index of partition in GPT */
+	uint8_t check_result;      /* Check result; see VBSD_LKP_CHECK_* */
+	uint8_t flags;             /* Flags (see VBSD_LKP_FLAG_* */
+	uint8_t reserved0;         /* Reserved for padding */
+} VbSharedDataKernelPart;
+
+/* Number of kernel partitions to track per call.  Must be power of 2. */
+#define VBSD_MAX_KERNEL_PARTS 8
+
+/* Result codes for VbSharedDataKernelCall.check_result */
+#define VBSD_LKC_CHECK_NOT_DONE            0
+#define VBSD_LKC_CHECK_DEV_SWITCH_MISMATCH 1
+#define VBSD_LKC_CHECK_GPT_READ_ERROR      2
+#define VBSD_LKC_CHECK_GPT_PARSE_ERROR     3
+#define VBSD_LKC_CHECK_GOOD_PARTITION      4
+#define VBSD_LKC_CHECK_INVALID_PARTITIONS  5
+#define VBSD_LKC_CHECK_NO_PARTITIONS       6
+
+/* Information about a single call to LoadKernel() */
+typedef struct VbSharedDataKernelCall {
+	/* Bottom 32 bits of flags passed in LoadKernelParams.boot_flags */
+	uint32_t boot_flags;
+	/* Debug flags; see VBSD_LK_FLAG_* */
+	uint32_t flags;
+	/* Number of sectors on drive */
+	uint64_t sector_count;
+	/* Sector size in bytes */
+	uint32_t sector_size;
+	/* Check result; see VBSD_LKC_CHECK_* */
+	uint8_t check_result;
+	/* Boot mode for LoadKernel(); see VBSD_LK_BOOT_MODE_* constants */
+	uint8_t boot_mode;
+	/* Test error number, if non-zero */
+	uint8_t test_error_num;
+	/* Return code from LoadKernel() */
+	uint8_t return_code;
+	/* Number of kernel partitions found */
+	uint8_t kernel_parts_found;
+	/* Reserved for padding */
+	uint8_t reserved0[7];
+	/* Data on kernels */
+	VbSharedDataKernelPart parts[VBSD_MAX_KERNEL_PARTS];
+} VbSharedDataKernelCall;
+
 /**
  * Attempt loading a kernel from the specified type(s) of disks.
  *
diff --git a/firmware/lib/include/vboot_struct.h b/firmware/lib/include/vboot_struct.h
new file mode 100644
index 00000000..caca1f26
--- /dev/null
+++ b/firmware/lib/include/vboot_struct.h
@@ -0,0 +1,165 @@
+/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * VbSharedDataHeader definition, for sharing with OS.
+ */
+
+#ifndef VBOOT_REFERENCE_VBOOT_STRUCT_H_
+#define VBOOT_REFERENCE_VBOOT_STRUCT_H_
+
+#include <stdint.h>
+
+#include "vboot_kernel.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif  /* __cplusplus */
+
+/* Constants and sub-structures for VbSharedDataHeader */
+
+/* Magic number for recognizing VbSharedDataHeader ("VbSD") */
+#define VB_SHARED_DATA_MAGIC 0x44536256
+
+/* Version for struct_version */
+#define VB_SHARED_DATA_VERSION 2
+
+/*
+ * Flags for VbSharedDataHeader
+ *
+ * TODO(b:124141368): Move these constants into crossystem once they are
+ * no longer needed in vboot2 code.
+ */
+
+/* LoadFirmware() tried firmware B because of VbNvStorage firmware B tries;
+   Deprecated as part of chromium:1010389. */
+#define VBSD_FWB_TRIED        0x00000001
+/*
+ * LoadKernel() verified the good kernel keyblock using the kernel subkey from
+ * the firmware.  If this flag is not present, it just used the hash of the
+ * kernel keyblock.
+ */
+#define VBSD_KERNEL_KEY_VERIFIED         0x00000002
+/* Developer switch was enabled at boot time */
+#define VBSD_BOOT_DEV_SWITCH_ON          0x00000010
+/* Recovery switch was enabled at boot time */
+#define VBSD_BOOT_REC_SWITCH_ON          0x00000020
+/* Firmware write protect was enabled at boot time */
+#define VBSD_BOOT_FIRMWARE_WP_ENABLED    0x00000040
+/* VbInit() was told the system supports EC software sync */
+#define VBSD_EC_SOFTWARE_SYNC            0x00000800
+/* Firmware used vboot2 for firmware selection */
+#define VBSD_BOOT_FIRMWARE_VBOOT2        0x00008000
+/* NvStorage uses 64-byte record, not 16-byte */
+#define VBSD_NVDATA_V2                   0x00100000
+
+/* Number of kernel calls to track.  Must be power of 2. */
+#define VBSD_MAX_KERNEL_CALLS 4
+
+/* Data shared to OS. */
+typedef struct VbSharedDataHeader {
+	/* Fields present in version 1 */
+	/* Magic number for struct (VB_SHARED_DATA_MAGIC) */
+	uint32_t magic;
+	/* Version of this structure */
+	uint32_t struct_version;
+	/* Size of this structure in bytes */
+	uint64_t struct_size;
+	/* Size of shared data buffer in bytes */
+	uint64_t data_size;
+	/* Amount of shared data used so far */
+	uint64_t data_used;
+	/* Flags */
+	uint32_t flags;
+	/* Reserved for padding */
+	uint32_t reserved0;
+	/* Previously, kernel subkey, from firmware (struct vb2_packed_key).
+	   Now we use vboot2 workbuf for storage. */
+	uint8_t reserved1[32];
+	/* Offset of kernel subkey data from start of this struct */
+	uint64_t kernel_subkey_data_offset;
+	/* Size of kernel subkey data */
+	uint64_t kernel_subkey_data_size;
+
+	/*
+	 * These timer values are all deprecated.  coreboot tstamp_table should
+	 * be used instead.  See crosbug.com/1014102.
+	 */
+	/* VbInit() enter/exit */
+	uint64_t timer_vb_init_enter;
+	uint64_t timer_vb_init_exit;
+	/* VbSelectFirmware() enter/exit */
+	uint64_t timer_vb_select_firmware_enter;
+	uint64_t timer_vb_select_firmware_exit;
+	/* VbSelectAndLoadKernel() enter/exit */
+	uint64_t timer_vb_select_and_load_kernel_enter;
+	uint64_t timer_vb_select_and_load_kernel_exit;
+
+	/* Information stored in TPM, as retrieved by firmware */
+	/* Current firmware version in TPM */
+	uint32_t fw_version_tpm;
+	/* Current kernel version in TPM */
+	uint32_t kernel_version_tpm;
+
+	/* Debugging information from LoadFirmware() */
+	/* Result of checking RW firmware A and B */
+	uint8_t check_fw_a_result;
+	uint8_t check_fw_b_result;
+	/* Firmware index returned by LoadFirmware() or 0xFF if failure */
+	uint8_t firmware_index;
+	/* Reserved for padding */
+	uint8_t reserved2;
+	/* Firmware TPM version at start of VbSelectFirmware() */
+	uint32_t fw_version_tpm_start;
+	/* Firmware lowest version found */
+	uint32_t fw_version_lowest;
+
+	/* Debugging information from LoadKernel() */
+	/* Number of times LoadKernel() called */
+	uint32_t lk_call_count;
+	/* Info on calls */
+	VbSharedDataKernelCall lk_calls[VBSD_MAX_KERNEL_CALLS];
+
+	/*
+	 * Offset and size of supplemental kernel data.  Reserve space for
+	 * these fields now, so that future LoadKernel() versions can store
+	 * information there without needing to shift down whatever data the
+	 * original LoadFirmware() might have put immediately following its
+	 * VbSharedDataHeader.
+	 */
+	uint64_t kernel_supplemental_offset;
+	uint64_t kernel_supplemental_size;
+
+	/*
+	 * Fields added in version 2.  Before accessing, make sure that
+	 * struct_version >= 2
+	 */
+	/* Recovery reason for current boot */
+	uint8_t recovery_reason;
+	/* Reserved for padding */
+	uint8_t reserved3[7];
+	/* Flags from firmware keyblock */
+	uint64_t fw_keyblock_flags;
+	/* Kernel TPM version at start of VbSelectAndLoadKernel() */
+	uint32_t kernel_version_tpm_start;
+	/* Kernel lowest version found */
+	uint32_t kernel_version_lowest;
+
+} __attribute__((packed)) VbSharedDataHeader;
+
+/* Size of VbSharedDataheader for each version */
+#define VB_SHARED_DATA_HEADER_SIZE_V1 1072
+#define VB_SHARED_DATA_HEADER_SIZE_V2 1096
+
+_Static_assert(VB_SHARED_DATA_HEADER_SIZE_V1
+	       == offsetof(VbSharedDataHeader, recovery_reason),
+	       "VB_SHARED_DATA_HEADER_SIZE_V1 incorrect");
+
+_Static_assert(VB_SHARED_DATA_HEADER_SIZE_V2 == sizeof(VbSharedDataHeader),
+	       "VB_SHARED_DATA_HEADER_SIZE_V2 incorrect");
+
+#ifdef __cplusplus
+}
+#endif  /* __cplusplus */
+
+#endif  /* VBOOT_REFERENCE_VBOOT_STRUCT_H_ */
diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c
index 50de4cb0..995d0cb5 100644
--- a/host/lib/crossystem.c
+++ b/host/lib/crossystem.c
@@ -298,7 +298,7 @@ static int GetVdatInt(VdatIntField field)
 			value = sh->struct_version;
 			break;
 		case VDAT_INT_TRIED_FIRMWARE_B:
-			value = (sh->flags & VBSD_DEPRECATED_FWB_TRIED ? 1 : 0);
+			value = (sh->flags & VBSD_FWB_TRIED ? 1 : 0);
 			break;
 		case VDAT_INT_KERNEL_KEY_VERIFIED:
 			value = (sh->flags & VBSD_KERNEL_KEY_VERIFIED ? 1 : 0);