vboot2: new data structures

These structures allow for simplication and feature expansion in
vboot.  They are NOT backwards-compatible with old vboot1 structs.
This CL simply adds the new structs and unit tests for struct packing;
future CLs will add support for them in the firmware library and
futility.

BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests

Change-Id: I22532acf985dd74316bd30f17e750f993b6c53d7
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/224820
Reviewed-by: Bill Richardson <wfrichar@chromium.org>

6 files changed, 474 insertions, 31 deletions

diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c
index 3f172f12..21c42a34 100644
--- a/firmware/2lib/2common.c
+++ b/firmware/2lib/2common.c
@@ -373,8 +373,8 @@ int vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
 	VB2_DEBUG("Verifying preamble.\n");
 
 	/* Sanity checks before attempting signature of data */
-	if(size < EXPECTED_VB2FIRMWAREPREAMBLEHEADER2_1_SIZE) {
-		VB2_DEBUG("Not enough data for preamble header 2.1.\n");
+	if(size < sizeof(*preamble)) {
+		VB2_DEBUG("Not enough data for preamble header\n");
 		return VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER;
 	}
 	if (preamble->header_version_major !=
diff --git a/firmware/2lib/2sha_utility.c b/firmware/2lib/2sha_utility.c
index 0f9adfa3..52492aba 100644
--- a/firmware/2lib/2sha_utility.c
+++ b/firmware/2lib/2sha_utility.c
@@ -10,30 +10,59 @@
 #include "2rsa.h"
 #include "2sha.h"
 
-/* Hash algorithms.  Note that they line up with key algorithms. */
-enum vb2_hash_algorithm {
-	VB2_HASH_SHA1   = VB2_ALG_RSA1024_SHA1,
-	VB2_HASH_SHA256 = VB2_ALG_RSA1024_SHA256,
-	VB2_HASH_SHA512 = VB2_ALG_RSA1024_SHA512,
+#if VB2_SUPPORT_SHA1
+#define CTH_SHA1 VB2_HASH_SHA1
+#else
+#define CTH_SHA1 VB2_HASH_INVALID
+#endif
+
+#if VB2_SUPPORT_SHA256
+#define CTH_SHA256 VB2_HASH_SHA256
+#else
+#define CTH_SHA256 VB2_HASH_INVALID
+#endif
 
-	/* Number of hash algorithms */
-	VB2_HASH_COUNT
+#if VB2_SUPPORT_SHA512
+#define CTH_SHA512 VB2_HASH_SHA512
+#else
+#define CTH_SHA512 VB2_HASH_INVALID
+#endif
+
+static const uint8_t crypto_to_hash[VB2_ALG_COUNT] = {
+	CTH_SHA1,
+	CTH_SHA256,
+	CTH_SHA512,
+	CTH_SHA1,
+	CTH_SHA256,
+	CTH_SHA512,
+	CTH_SHA1,
+	CTH_SHA256,
+	CTH_SHA512,
+	CTH_SHA1,
+	CTH_SHA256,
+	CTH_SHA512,
 };
 
 /**
- * Convert key algorithm to hash algorithm.
+ * Convert vb2_crypto_algorithm to vb2_hash_algorithm.
+ *
+ * @param algorithm	Crypto algorithm (vb2_crypto_algorithm)
+ *
+ * @return The hash algorithm for that crypto algorithm, or VB2_HASH_INVALID if
+ * the crypto algorithm or its corresponding hash algorithm is invalid or not
+ * supported.
  */
-static enum vb2_hash_algorithm vb2_hash_alg(uint32_t algorithm)
+enum vb2_hash_algorithm vb2_hash_algorithm(uint32_t algorithm)
 {
 	if (algorithm < VB2_ALG_COUNT)
-		return algorithm % VB2_HASH_COUNT;
+		return crypto_to_hash[algorithm];
 	else
-		return VB2_HASH_COUNT;
+		return VB2_HASH_INVALID;
 }
 
 int vb2_digest_size(uint32_t algorithm)
 {
-	switch (vb2_hash_alg(algorithm)) {
+	switch (vb2_hash_algorithm(algorithm)) {
 #if VB2_SUPPORT_SHA1
 	case VB2_HASH_SHA1:
 		return VB2_SHA1_DIGEST_SIZE;
@@ -55,7 +84,7 @@ int vb2_digest_init(struct vb2_digest_context *dc, uint32_t algorithm)
 {
 	dc->algorithm = algorithm;
 
-	switch (vb2_hash_alg(dc->algorithm)) {
+	switch (vb2_hash_algorithm(dc->algorithm)) {
 #if VB2_SUPPORT_SHA1
 	case VB2_HASH_SHA1:
 		vb2_sha1_init(&dc->sha1);
@@ -80,7 +109,7 @@ int vb2_digest_extend(struct vb2_digest_context *dc,
 		      const uint8_t *buf,
 		      uint32_t size)
 {
-	switch (vb2_hash_alg(dc->algorithm)) {
+	switch (vb2_hash_algorithm(dc->algorithm)) {
 #if VB2_SUPPORT_SHA1
 	case VB2_HASH_SHA1:
 		vb2_sha1_update(&dc->sha1, buf, size);
@@ -108,7 +137,7 @@ int vb2_digest_finalize(struct vb2_digest_context *dc,
 	if (digest_size < vb2_digest_size(dc->algorithm))
 		return VB2_ERROR_SHA_FINALIZE_DIGEST_SIZE;
 
-	switch (vb2_hash_alg(dc->algorithm)) {
+	switch (vb2_hash_algorithm(dc->algorithm)) {
 #if VB2_SUPPORT_SHA1
 	case VB2_HASH_SHA1:
 		vb2_sha1_finalize(&dc->sha1, digest);
diff --git a/firmware/2lib/include/2sha.h b/firmware/2lib/include/2sha.h
index 73efd96b..675fc667 100644
--- a/firmware/2lib/include/2sha.h
+++ b/firmware/2lib/include/2sha.h
@@ -116,6 +116,17 @@ void vb2_sha256_finalize(struct vb2_sha256_context *ctx, uint8_t *digest);
 void vb2_sha512_finalize(struct vb2_sha512_context *ctx, uint8_t *digest);
 
 /**
+ * Convert vb2_crypto_algorithm to vb2_hash_algorithm.
+ *
+ * @param algorithm	Crypto algorithm (vb2_crypto_algorithm)
+ *
+ * @return The hash algorithm for that crypto algorithm, or VB2_HASH_INVALID if
+ * the crypto algorithm or its corresponding hash algorithm is invalid or not
+ * supported.
+ */
+enum vb2_hash_algorithm vb2_hash_algorithm(uint32_t algorithm);
+
+/**
  * Return the size of the digest for a key algorithm.
  *
  * @param algorithm	Key algorithm (enum vb2_crypto_algorithm)
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index 13eb8c19..38153c5c 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -10,7 +10,33 @@
 #define VBOOT_REFERENCE_VBOOT_2STRUCT_H_
 #include <stdint.h>
 
+/****************************************************************************/
+/* GUID structure.  Defined in appendix A of EFI standard. */
+
+#define UUID_NODE_LEN 6
+#define GUID_SIZE 16
+
+struct vb2_guid {
+	union {
+		struct {
+			uint32_t time_low;
+			uint16_t time_mid;
+			uint16_t time_high_and_version;
+			uint8_t clock_seq_high_and_reserved;
+			uint8_t clock_seq_low;
+			uint8_t node[UUID_NODE_LEN];
+		} uuid;
+		uint8_t raw[GUID_SIZE];
+	};
+} __attribute__((packed));
+
+#define EXPECTED_GUID_SIZE GUID_SIZE
+
+/****************************************************************************/
 /*
+ * Vboot1-compatible data structures
+ *
+ *
  * Note: Many of the structs have pairs of 32-bit fields and reserved fields.
  * This is to be backwards-compatible with older verified boot data which used
  * 64-bit fields (when we thought that hey, UEFI is 64-bit so all our fields
@@ -38,7 +64,7 @@ struct vb2_packed_key {
 	/* TODO: when redoing this struct, add a text description of the key */
 } __attribute__((packed));
 
-#define EXPECTED_VBPUBLICKEY_SIZE 32
+#define EXPECTED_VB2_PACKED_KEY_SIZE 32
 
 /* Signature data (a secure hash, possibly signed) */
 struct vb2_signature {
@@ -60,7 +86,7 @@ struct vb2_signature {
 	 */
 } __attribute__((packed));
 
-#define EXPECTED_VBSIGNATURE_SIZE 24
+#define EXPECTED_VB2_SIGNATURE_SIZE 24
 
 #define KEY_BLOCK_MAGIC "CHROMEOS"
 #define KEY_BLOCK_MAGIC_SIZE 8
@@ -126,9 +152,8 @@ struct vb2_keyblock {
 	struct vb2_packed_key data_key;
 } __attribute__((packed));
 
-#define EXPECTED_VB2KEYBLOCKHEADER_SIZE 112
+#define EXPECTED_VB2_KEYBLOCK_SIZE 112
 
-/****************************************************************************/
 
 /* Firmware preamble header */
 #define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
@@ -187,7 +212,340 @@ struct vb2_fw_preamble {
 	uint32_t flags;
 } __attribute__((packed));
 
-#define EXPECTED_VB2FIRMWAREPREAMBLEHEADER2_1_SIZE 108
+#define EXPECTED_VB2_FW_PREAMBLE_SIZE 108
+
+/****************************************************************************/
+/*
+ * Vboot2 data structures
+ *
+ *
+ * Offsets should be padded to 32-bit boundaries, since some architectures
+ * have trouble with accessing unaligned integers.
+ */
+
+/*
+ * Magic numbers used by vb2_struct_common.magic.
+ *
+ * All valid numbers should be listed here to avoid accidental overlap.
+ * Numbers start at a large value, so that previous parsers (which stored
+ * things like lengths and offsets at that field) will detect and reject new
+ * structs as invalid.
+ */
+enum vb2_struct_common_magic {
+	/* "Vb2B" = vb2_keyblock2.c.magic */
+	VB2_MAGIC_KEYBLOCK2        = 0x42326256,
+
+	/* "Vb2F" = vb2_fw_preamble.c.magic */
+	VB2_MAGIC_FW_PREAMBLE2     = 0x46326256,
+
+	/* "Vb2K" = vb2_kernel_preamble.c.magic */
+	VB2_MAGIC_KERNEL_PREAMBLE2 = 0x4b326256,
+
+	/* "Vb2P" = vb2_packed_key2.c.magic */
+	VB2_MAGIC_PACKED_KEY2      = 0x50326256,
+
+	/* "Vb2S" = vb2_signature.c.magic */
+	VB2_MAGIC_SIGNATURE2       = 0x53326256,
+};
+
+
+/*
+ * Generic struct header for all vboot2 structs.  This makes it easy to
+ * automatically parse and identify vboot structs (e.g., in futility).
+ */
+struct vb2_struct_common {
+	/* Magic number; see vb2_struct_common_magic for expected values */
+	uint32_t magic;
+
+	/*
+	 * Struct version; see each struct for the expected value.
+	 *
+	 * How to handle struct version mismatches, if the parser is version
+	 * A.b and the data is version C.d:
+	 *     1) If A.b == C.d, we're good.
+	 *     2) If A != C, the data cannot be parsed at all.
+	 *     3) If b < d, C.d is a newer version of data which is backwards-
+	 *        compatible to old parsers.  We're good.
+	 *     4) If b > d, C.d is an older version of data.  The parser should
+	 *        use default values for fields added after version d.  We're
+	 *        good.
+	 *
+	 * Struct versions start at 3.0, since the highest version of the old
+	 * structures was 2.1.  This way, there is no possibility of collision
+	 * for old code which depends on the version number.
+	 */
+	uint16_t struct_version_major;
+	uint16_t struct_version_minor;
+
+	/* Offset of null-terminated ASCII description from start of struct */
+	uint32_t desc_offset;
+
+	/*
+	 * Size of description in bytes, counting null terminator.  May be 0
+	 * if no description is present.
+	 */
+	uint32_t desc_size;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_STRUCT_COMMON_SIZE 16
+
+/* Algorithm types for signatures */
+enum vb2_signature_algorithm {
+	/* Invalid or unsupported signature type */
+	VB2_SIG_INVALID = 0,
+
+	/* No signature algorithm.  The digest is unsigned. */
+	VB2_SIG_NONE = 1,
+
+	/* RSA algorithms of the given length in bits (1024-8192) */
+	VB2_SIG_RSA1024 = 2,  /* Warning!  This is likely to be deprecated! */
+	VB2_SIG_RSA2048 = 3,
+	VB2_SIG_RSA4096 = 4,
+	VB2_SIG_RSA8192 = 5,
+};
+
+/* Algorithm types for hash digests */
+enum vb2_hash_algorithm {
+	/* Invalid or unsupported digest type */
+	VB2_HASH_INVALID = 0,
+
+	/* SHA-1.  Warning: This is likely to be deprecated soon! */
+	VB2_HASH_SHA1 = 1,
+
+	/* SHA-256 and SHA-512 */
+	VB2_HASH_SHA256 = 2,
+	VB2_HASH_SHA512 = 3,
+};
+
+/* Current version of vb2_packed_key2 struct */
+#define VB2_PACKED_KEY2_VERSION_MAJOR 3
+#define VB2_PACKED_KEY2_VERSION_MINOR 0
+
+/* Packed public key data, version 2 */
+struct vb2_packed_key2 {
+	/* Common header fields */
+	struct vb2_struct_common c;
+
+	/*
+	 * Offset of key data from start of this struct.  Note that data may
+	 * not immediately follow this struct header, if this struct is a
+	 * member of a bigger struct; see vb2_keyblock2 for an example.
+	 */
+	uint32_t key_offset;
+
+	/* Size of key data in bytes (NOT strength of key in bits) */
+	uint32_t key_size;
+
+	/* Signature algorithm used by the key (enum vb2_signature_algorithm) */
+	uint16_t sig_algorithm;
+
+	/*
+	 * Hash digest algorithm used with the key (enum vb2_hash_algorithm).
+	 * This is explicitly specified as part of the key to prevent use of a
+	 * strong key with a weak hash.
+	 */
+	uint16_t hash_algorithm;
+
+	/* Key version */
+	uint32_t key_version;
+
+	/* Key GUID */
+	struct vb2_guid key_guid;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_PACKED_KEY2_SIZE					\
+	(EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16)
+
+/* Current version of vb2_signature2 struct */
+#define VB2_SIGNATURE2_VERSION_MAJOR 3
+#define VB2_SIGNATURE2_VERSION_MINOR 0
+
+/* Signature data, version 2 */
+struct vb2_signature2 {
+	/* Common header fields */
+	struct vb2_struct_common c;
+
+	/*
+	 * Offset of signature data from start of this struct.  Note that data
+	 * may not immediately follow the struct header, if this struct is a
+	 * member of a bigger struct; see vb2_keyblock2 for an example.
+	 */
+	uint32_t sig_offset;
+
+	/* Size of signature data in bytes */
+	uint32_t sig_size;
+
+	/* Size of the data block which was signed in bytes */
+	uint32_t data_size;
+
+	/* Signature algorithm used (enum vb2_signature_algorithm) */
+	uint16_t sig_algorithm;
+
+	/* Hash digest algorithm used (enum vb2_hash_algorithm) */
+	uint16_t hash_algorithm;
+
+	/*
+	 * GUID of key used to generate this signature.  This allows the
+	 * firmware to quickly determine which signature block (if any) goes
+	 * with the key being used by the firmware.  If the algorithm is an
+	 * unsigned hash, this guid will be all 0.
+	 */
+	struct vb2_guid key_guid;
+
+	/* Offset of null-terminated ASCII description from start of struct */
+	uint32_t desc_offset;
+
+	/* Size of description in bytes, counting null terminator */
+	uint32_t desc_size;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_SIGNATURE2_SIZE					\
+	(EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 24)
+
+
+/* Current version of vb2_keyblock2 struct */
+#define VB2_KEYBLOCK2_VERSION_MAJOR 3
+#define VB2_KEYBLOCK2_VERSION_MINOR 0
+
+/*
+ * Key block.  This contains a signed, versioned key for use in the next stage
+ * of verified boot.
+ *
+ * The key block data must be arranged like this:
+ *     1) vb2_keyblock2 header struct h
+ *     2) The following in any order
+ *        - Keyblock description (pointed to by h.c.desc_offset)
+ *        - Data key description (pointed to by h.data_key.c.desc_offset)
+ *        - Data key data (pointed to by h.data_key.key_offset)
+ *        - Signature table (pointed to by h.signature_table_offset)
+ *     3) Signature data and descriptions (pointed to by each signature table
+ *        entry e's e.c.desc_offset and e.sig_offset)
+ *
+ * The signatures from 3) must cover all the data from 1) and 2).
+ */
+struct vb2_keyblock2 {
+	/* Common header fields */
+	struct vb2_struct_common c;
+
+	/*
+	 * Size of this key block, including this header and all data (data
+	 * key, signatures, description from common header, padding, etc.), in
+	 * bytes.
+	 */
+	uint32_t keyblock_size;
+
+	/* Flags (VB2_KEY_BLOCK_FLAG_*) */
+	uint32_t flags;
+
+	/* Key to use in next stage of verification */
+	struct vb2_packed_key2 data_key;
+
+	/* Number of keyblock signatures which follow */
+	uint32_t signature_count;
+
+	/* Size of each signature table entry, in bytes */
+	uint32_t signature_entry_size;
+
+	/*
+	 * Offset of signature table from the start of the keyblock.  The
+	 * signature table is an array of struct vb2_signature2 (version 3.0).
+	 *
+	 * Signatures sign the contents of this struct and the data pointed to
+	 * by data_key (but not the signature table/data).
+	 *
+	 * For the firmware, there may be only one signature.
+	 *
+	 * Kernels often have at least two signatures - one using the kernel
+	 * subkey from the RW firmware (for signed kernels) and one which is
+	 * simply a SHA-512 hash (for unsigned developer kernels).
+	 */
+	uint32_t signature_table_offset;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_KEYBLOCK2_SIZE					\
+	(EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_VB2_PACKED_KEY2_SIZE + 20)
+
+
+/* Current version of vb2_preamble2 struct */
+#define VB2_PREAMBLE2_VERSION_MAJOR 3
+#define VB2_PREAMBLE2_VERSION_MINOR 0
+
+/* Single hash entry for the firmware preamble */
+struct vb2_fw_preamble_hash {
+	/* Type of data being hashed (enum vb2api_hash_tag) */
+	uint32_t tag;
+
+	/* Size of hashed data in bytes */
+	uint32_t data_size;
+
+	/* Hash digest follows this struct */
+	uint8_t digest[0];
+} __attribute__((packed));
+
+#define EXPECTED_VB2_FW_PREAMBLE_HASH_SIZE 8
+
+/*
+ * Firmware preamble
+ *
+ * The preamble data must be arranged like this:
+ *     1) vb2_fw_preamble2 header struct h
+ *     2) The following in any order
+ *        - Preamble description (pointed to by h.c.desc_offset)
+ *        - Hash table (pointed to by h.hash_table_offset)
+ *     3) Signature data and description (pointed to by
+ *	  h.preamble_signature.desc_offset and h.preamble_signature.sig_offset)
+ *
+ * The signature 3) must cover all the data from 1) and 2).
+ */
+struct vb2_fw_preamble2 {
+	/* Common header fields */
+	struct vb2_struct_common c;
+
+	/*
+	 * Size of the preamble, including this header struct and all data
+	 * (hashes, signatures, descriptions, padding, etc.), in bytes.
+	 */
+	uint32_t preamble_size;
+
+	/* Flags; see VB2_FIRMWARE_PREAMBLE_* */
+	uint32_t flags;
+
+	/* Firmware version */
+	uint32_t firmware_version;
+
+	/* Signature for this preamble (header + hash table entries) */
+	struct vb2_signature2 preamble_signature;
+
+	/*
+	 * The preamble contains a list of hashes for the various firmware
+	 * components.  The calling firmware is responsible for knowing where
+	 * to find those components, which may be on a different storage device
+	 * than this preamble.
+	 */
+
+	/* Number of hash entries */
+	uint32_t hash_count;
+
+	/*
+	 * Hash algorithm used (must be same for all entries) (enum
+	 * vb2_hash_algorithm).
+	 */
+	uint16_t hash_algorithm;
+
+	/* Size of each hash entry, in bytes */
+	uint16_t hash_entry_size;
+
+	/*
+	 * Offset of first hash entry from start of preamble.  Entry N can be
+	 * found at:
+	 *
+	 * (uint8_t *)hdr + hdr->hash_table_offset + N * hdr->hash_entry_size
+	 */
+	uint32_t hash_table_offset;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_FW_PREAMBLE2_SIZE					\
+	(EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_VB2_SIGNATURE2_SIZE + 24)
 
 /****************************************************************************/
 
@@ -390,12 +748,13 @@ struct vb2_gbb_header {
 	uint32_t recovery_key_size;
 
 	/* Added in version 1.2 */
-	uint8_t  hwid_digest[32];	/* sha256 */
+	uint8_t  hwid_digest[32];	/* SHA-256 of HWID */
 
-	uint8_t  pad[48]; /* To match EXPECTED_GBB_HEADER_SIZE. Init to 0. */
+	/* Pad to match EXPECETED_VB2_GBB_HEADER_SIZE.  Initialize to 0. */
+	uint8_t  pad[48];
 } __attribute__((packed));
 
 /* The GBB is used outside of vboot_reference, so this size is important. */
-#define EXPECTED_GBB_HEADER_SIZE 128
+#define EXPECTED_VB2_GBB_HEADER_SIZE 128
 
 #endif  /* VBOOT_REFERENCE_VBOOT_2STRUCT_H_ */
diff --git a/tests/vb2_common_tests.c b/tests/vb2_common_tests.c
index a9f414f8..c70de2ea 100644
--- a/tests/vb2_common_tests.c
+++ b/tests/vb2_common_tests.c
@@ -7,6 +7,7 @@
 
 #include "2sysincludes.h"
 #include "2common.h"
+#include "vboot_struct.h"  /* For old struct sizes */
 
 #include "test_common.h"
 
@@ -112,16 +113,59 @@ static void test_workbuf(void)
  */
 static void test_struct_packing(void)
 {
-	TEST_EQ(EXPECTED_VBPUBLICKEY_SIZE, sizeof(struct vb2_packed_key),
+	/* Test vboot2 versions of vboot1 structs */
+	TEST_EQ(EXPECTED_VB2_PACKED_KEY_SIZE,
+		sizeof(struct vb2_packed_key),
 		"sizeof(vb2_packed_key)");
-	TEST_EQ(EXPECTED_VBSIGNATURE_SIZE, sizeof(struct vb2_signature),
+	TEST_EQ(EXPECTED_VB2_SIGNATURE_SIZE,
+		sizeof(struct vb2_signature),
 		"sizeof(vb2_signature)");
-	TEST_EQ(EXPECTED_VB2KEYBLOCKHEADER_SIZE,
+	TEST_EQ(EXPECTED_VB2_KEYBLOCK_SIZE,
 		sizeof(struct vb2_keyblock),
-		"sizeof(VbKeyBlockHeader)");
-	TEST_EQ(EXPECTED_VB2FIRMWAREPREAMBLEHEADER2_1_SIZE,
+		"sizeof(vb2_keyblock)");
+	TEST_EQ(EXPECTED_VB2_FW_PREAMBLE_SIZE,
 		sizeof(struct vb2_fw_preamble),
 		"sizeof(vb2_fw_preamble)");
+	TEST_EQ(EXPECTED_VB2_GBB_HEADER_SIZE,
+		sizeof(struct vb2_gbb_header),
+		"sizeof(vb2_gbb_header)");
+
+	/* And make sure they're the same as their vboot1 equivalents */
+	TEST_EQ(EXPECTED_VB2_PACKED_KEY_SIZE,
+		EXPECTED_VBPUBLICKEY_SIZE,
+		"vboot1->2 packed key sizes same");
+	TEST_EQ(EXPECTED_VB2_SIGNATURE_SIZE,
+		EXPECTED_VBSIGNATURE_SIZE,
+		"vboot1->2 signature sizes same");
+	TEST_EQ(EXPECTED_VB2_KEYBLOCK_SIZE,
+		EXPECTED_VBKEYBLOCKHEADER_SIZE,
+		"vboot1->2 keyblock sizes same");
+	TEST_EQ(EXPECTED_VB2_FW_PREAMBLE_SIZE,
+		EXPECTED_VBFIRMWAREPREAMBLEHEADER2_1_SIZE,
+		"vboot1->2 firmware preamble sizes same");
+
+	/* Test new struct sizes */
+	TEST_EQ(EXPECTED_GUID_SIZE,
+		sizeof(struct vb2_guid),
+		"sizeof(vb2_guid)");
+	TEST_EQ(EXPECTED_VB2_STRUCT_COMMON_SIZE,
+		sizeof(struct vb2_struct_common),
+		"sizeof(vb2_struct_common)");
+	TEST_EQ(EXPECTED_VB2_PACKED_KEY2_SIZE,
+		sizeof(struct vb2_packed_key2),
+		"sizeof(vb2_packed_key2)");
+	TEST_EQ(EXPECTED_VB2_SIGNATURE2_SIZE,
+		sizeof(struct vb2_signature2),
+		"sizeof(vb2_signature2)");
+	TEST_EQ(EXPECTED_VB2_KEYBLOCK2_SIZE,
+		sizeof(struct vb2_keyblock2),
+		"sizeof(vb2_keyblock2)");
+	TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_SIZE,
+		sizeof(struct vb2_fw_preamble2),
+		"sizeof(vb2_fw_preamble2)");
+	TEST_EQ(EXPECTED_VB2_FW_PREAMBLE_HASH_SIZE,
+		sizeof(struct vb2_fw_preamble_hash),
+		"sizeof(vb2_fw_preamble_hash)");
 }
 
 /**
diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c
index c93cbefc..3dcb1dad 100644
--- a/tests/vb2_misc_tests.c
+++ b/tests/vb2_misc_tests.c
@@ -135,7 +135,7 @@ static void gbb_tests(void)
 	struct vb2_gbb_header gbbdest;
 
 	TEST_EQ(sizeof(struct vb2_gbb_header),
-		EXPECTED_GBB_HEADER_SIZE,
+		EXPECTED_VB2_GBB_HEADER_SIZE,
 		"sizeof(struct vb2_gbb_header)");
 
 	reset_common_data();