vboot: relocate vb2_signature and vb2_keybock structs

Move from vboot20 to vboot2.

BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none

Change-Id: Ib1fe0e2cfb0865fffe33ad35e7bd67d416da4589
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776291
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>

17 files changed, 203 insertions, 306 deletions

diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index e0232a57..535623f5 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -300,4 +300,30 @@ int vb2_verify_packed_key_inside(const void *parent,
 				 uint32_t parent_size,
 				 const struct vb2_packed_key *key);
 
+/*
+ * Helper functions to get data pointed to by a public key or signature.
+ */
+static __inline uint8_t *vb2_signature_data(struct vb2_signature *sig)
+{
+	return (uint8_t *)sig + sig->sig_offset;
+}
+
+/**
+ * Verify a signature is fully contained in its parent data
+ *
+ * @param parent	Parent data
+ * @param parent_size	Parent size in bytes
+ * @param sig		Signature pointer
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+static __inline vb2_error_t vb2_verify_signature_inside(
+	const void *parent,
+	uint32_t parent_size,
+	const struct vb2_signature *sig)
+{
+	return vb2_verify_member_inside(parent, parent_size,
+					sig, sizeof(*sig),
+					sig->sig_offset, sig->sig_size);
+}
+
 #endif  /* VBOOT_REFERENCE_2COMMON_H_ */
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index fafc72b7..8fa0254b 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -20,19 +20,12 @@
 #include "2crypto.h"
 #include "2sysincludes.h"
 
-/*
- * Keyblock flags.
- *
- *The following flags set where the key is valid.  Not used by firmware
- * verification; only kernel verification.
- */
-#define VB2_KEYBLOCK_FLAG_DEVELOPER_0  0x01 /* Developer switch off */
-#define VB2_KEYBLOCK_FLAG_DEVELOPER_1  0x02 /* Developer switch on */
-#define VB2_KEYBLOCK_FLAG_RECOVERY_0   0x04 /* Not recovery mode */
-#define VB2_KEYBLOCK_FLAG_RECOVERY_1   0x08 /* Recovery mode */
-#define VB2_GBB_HWID_DIGEST_SIZE	32
+/* "V2CT" = vb2_context.magic */
+#define VB2_CONTEXT_MAGIC 0x54433256
 
-/****************************************************************************/
+/* Current version of vb2_context struct */
+#define VB2_CONTEXT_VERSION_MAJOR 1
+#define VB2_CONTEXT_VERSION_MINOR 0
 
 /* Flags for vb2_shared_data.flags */
 enum vb2_shared_data_flags {
@@ -240,9 +233,11 @@ struct vb2_shared_data {
 /* TODO: can we write a macro to produce this at compile time? */
 #define VB2_GBB_XOR_SIGNATURE { 0x0e, 0x6d, 0x68, 0x68 }
 
+#define VB2_GBB_HWID_DIGEST_SIZE 32
+
 /* VB2 GBB struct version */
-#define VB2_GBB_MAJOR_VER      1
-#define VB2_GBB_MINOR_VER      2
+#define VB2_GBB_MAJOR_VER 1
+#define VB2_GBB_MINOR_VER 2
 /* v1.2 - added fields for sha256 digest of the HWID */
 
 struct vb2_gbb_header {
@@ -278,12 +273,13 @@ struct vb2_gbb_header {
 _Static_assert(VB2_GBB_FLAGS_OFFSET == offsetof(struct vb2_gbb_header, flags),
 	       "VB2_GBB_FLAGS_OFFSET set incorrectly");
 
+/****************************************************************************/
+
 /*
  * Root key hash for Ryu devices only.  Contains the hash of the root key.
  * This will be embedded somewhere inside the RO part of the firmware, so that
  * it can verify the GBB contains only the official root key.
  */
-
 #define RYU_ROOT_KEY_HASH_MAGIC "RtKyHash"
 #define RYU_ROOT_KEY_HASH_MAGIC_INVCASE "rTkYhASH"
 #define RYU_ROOT_KEY_HASH_MAGIC_SIZE 8
@@ -314,6 +310,8 @@ struct vb2_ryu_root_key_hash {
 
 #define EXPECTED_VB2_RYU_ROOT_KEY_HASH_SIZE 48
 
+/****************************************************************************/
+
 /* Packed public key data */
 struct vb2_packed_key {
 	/* Offset of key data from start of this struct */
@@ -337,4 +335,91 @@ struct vb2_packed_key {
 
 #define EXPECTED_VB2_PACKED_KEY_SIZE 32
 
+/****************************************************************************/
+
+/* Signature data (a secure hash, possibly signed) */
+struct vb2_signature {
+	/* Offset of signature data from start of this struct */
+	uint32_t sig_offset;
+	uint32_t reserved0;
+
+	/* Size of signature data in bytes */
+	uint32_t sig_size;
+	uint32_t reserved1;
+
+	/* Size of the data block which was signed in bytes */
+	uint32_t data_size;
+	uint32_t reserved2;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_SIGNATURE_SIZE 24
+
+/****************************************************************************/
+
+#define VB2_KEYBLOCK_MAGIC "CHROMEOS"
+#define VB2_KEYBLOCK_MAGIC_SIZE 8
+
+#define VB2_KEYBLOCK_VERSION_MAJOR 2
+#define VB2_KEYBLOCK_VERSION_MINOR 1
+
+/*
+ * Keyblock flags.
+ *
+ * The following flags set where the key is valid.  Not used by firmware
+ * verification; only kernel verification.
+ */
+#define VB2_KEYBLOCK_FLAG_DEVELOPER_0 0x1  /* Developer switch off */
+#define VB2_KEYBLOCK_FLAG_DEVELOPER_1 0x2  /* Developer switch on */
+#define VB2_KEYBLOCK_FLAG_RECOVERY_0 0x4  /* Not recovery mode */
+#define VB2_KEYBLOCK_FLAG_RECOVERY_1 0x8  /* Recovery mode */
+
+/*
+ * Keyblock, containing the public key used to sign some other chunk of data.
+ *
+ * This should be followed by:
+ *   1) The data_key key data, pointed to by data_key.key_offset.
+ *   2) The checksum data for (vb2_keyblock + data_key data), pointed to
+ *      by keyblock_checksum.sig_offset.
+ *   3) The signature data for (vb2_keyblock + data_key data), pointed to
+ *      by keyblock_signature.sig_offset.
+ */
+struct vb2_keyblock {
+	/* Magic number */
+	uint8_t magic[VB2_KEYBLOCK_MAGIC_SIZE];
+
+	/* Version of this header format */
+	uint32_t header_version_major;
+	uint32_t header_version_minor;
+
+	/*
+	 * Length of this entire keyblock, including keys, signatures, and
+	 * padding, in bytes
+	 */
+	uint32_t keyblock_size;
+	uint32_t reserved0;
+
+	/*
+	 * Signature for this keyblock (header + data pointed to by data_key)
+	 * For use with signed data keys
+	 */
+	struct vb2_signature keyblock_signature;
+
+	/*
+	 * SHA-512 hash for this keyblock (header + data pointed to by
+	 * data_key) For use with unsigned data keys.
+	 *
+	 * Only supported for kernel keyblocks, not firmware keyblocks.
+	 */
+	struct vb2_signature keyblock_hash;
+
+	/* Flags for key (VB2_KEYBLOCK_FLAG_*) */
+	uint32_t keyblock_flags;
+	uint32_t reserved1;
+
+	/* Key to verify the chunk of data */
+	struct vb2_packed_key data_key;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_KEYBLOCK_SIZE 112
+
 #endif  /* VBOOT_REFERENCE_2STRUCT_H_ */
diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h
index 688de60b..f92a37db 100644
--- a/firmware/include/vboot_struct.h
+++ b/firmware/include/vboot_struct.h
@@ -23,73 +23,6 @@
 extern "C" {
 #endif  /* __cplusplus */
 
-/* Signature data (a secure hash, possibly signed) */
-typedef struct VbSignature {
-	/* Offset of signature data from start of this struct */
-	uint64_t sig_offset;
-	/* Size of signature data in bytes */
-	uint64_t sig_size;
-	/* Size of the data block which was signed in bytes */
-	uint64_t data_size;
-} __attribute__((packed)) VbSignature;
-
-#define EXPECTED_VBSIGNATURE_SIZE 24
-
-#define KEYBLOCK_MAGIC "CHROMEOS"
-#define KEYBLOCK_MAGIC_SIZE 8
-
-#define KEYBLOCK_HEADER_VERSION_MAJOR 2
-#define KEYBLOCK_HEADER_VERSION_MINOR 1
-
-/* Flags for keyblock_flags */
-/* The following flags set where the key is valid */
-#define KEYBLOCK_FLAG_DEVELOPER_0  (0x01ULL) /* Developer switch off */
-#define KEYBLOCK_FLAG_DEVELOPER_1  (0x02ULL) /* Developer switch on */
-#define KEYBLOCK_FLAG_RECOVERY_0   (0x04ULL) /* Not recovery mode */
-#define KEYBLOCK_FLAG_RECOVERY_1   (0x08ULL) /* Recovery mode */
-
-/*
- * Keyblock, containing the public key used to sign some other chunk of data.
- *
- * This should be followed by:
- *   1) The data_key key data, pointed to by data_key.key_offset.
- *   2) The checksum data for (VBKeyBlockHeader + data_key data), pointed to
- *      by keyblock_checksum.sig_offset.
- *   3) The signature data for (VBKeyBlockHeader + data_key data), pointed to
- *      by keyblock_signature.sig_offset.
- */
-typedef struct VbKeyBlockHeader {
-	/* Magic number */
-	uint8_t magic[KEYBLOCK_MAGIC_SIZE];
-	/* Version of this header format */
-	uint32_t header_version_major;
-	/* Version of this header format */
-	uint32_t header_version_minor;
-	/*
-	 * Length of this entire keyblock, including keys, signatures, and
-	 * padding, in bytes
-	 */
-	uint64_t keyblock_size;
-	/*
-	 * Signature for this keyblock (header + data pointed to by data_key)
-	 * For use with signed data keys
-	 */
-	VbSignature keyblock_signature;
-	/*
-	 * SHA-512 checksum for this keyblock (header + data pointed to by
-	 * data_key) For use with unsigned data keys
-	 */
-	VbSignature keyblock_checksum;
-	/* Flags for key (KEYBLOCK_FLAG_*) */
-	uint64_t keyblock_flags;
-	/* Key to verify the chunk of data */
-	struct vb2_packed_key data_key;
-} __attribute__((packed)) VbKeyBlockHeader;
-
-#define EXPECTED_VBKEYBLOCKHEADER_SIZE 112
-
-/****************************************************************************/
-
 #define KERNEL_PREAMBLE_HEADER_VERSION_MAJOR 2
 #define KERNEL_PREAMBLE_HEADER_VERSION_MINOR 2
 
@@ -108,7 +41,7 @@ typedef struct VbKernelPreambleHeader2_0 {
 	 */
 	uint64_t preamble_size;
 	/* Signature for this preamble (header + body signature) */
-	VbSignature preamble_signature;
+	struct vb2_signature preamble_signature;
 	/* Version of this header format */
 	uint32_t header_version_major;
 	/* Version of this header format */
@@ -123,7 +56,7 @@ typedef struct VbKernelPreambleHeader2_0 {
 	/* Size of bootloader in bytes */
 	uint64_t bootloader_size;
 	/* Signature for the kernel body */
-	VbSignature body_signature;
+	struct vb2_signature body_signature;
 } __attribute__((packed)) VbKernelPreambleHeader2_0;
 
 #define EXPECTED_VBKERNELPREAMBLEHEADER2_0_SIZE 96
@@ -145,7 +78,7 @@ typedef struct VbKernelPreambleHeader {
 	 */
 	uint64_t preamble_size;
 	/* Signature for this preamble (header + body signature) */
-	VbSignature preamble_signature;
+	struct vb2_signature preamble_signature;
 	/* Version of this header format */
 	uint32_t header_version_major;
 	/* Version of this header format */
@@ -160,7 +93,7 @@ typedef struct VbKernelPreambleHeader {
 	/* Size of bootloader in bytes */
 	uint64_t bootloader_size;
 	/* Signature for the kernel body */
-	VbSignature body_signature;
+	struct vb2_signature body_signature;
 	/*
 	 * Fields added in header version 2.1.  You must verify the header
 	 * version before reading these fields!
diff --git a/firmware/lib/include/vboot_common.h b/firmware/lib/include/vboot_common.h
index 46c135cf..90678123 100644
--- a/firmware/lib/include/vboot_common.h
+++ b/firmware/lib/include/vboot_common.h
@@ -50,8 +50,8 @@ extern const char *kVbootErrors[VBOOT_ERROR_MAX];
 
 uint8_t *GetPublicKeyData(struct vb2_packed_key *key);
 const uint8_t *GetPublicKeyDataC(const struct vb2_packed_key *key);
-uint8_t *GetSignatureData(VbSignature *sig);
-const uint8_t *GetSignatureDataC(const VbSignature *sig);
+uint8_t *GetSignatureData(struct vb2_signature *sig);
+const uint8_t *GetSignatureDataC(const struct vb2_signature *sig);
 
 /*
  * Helper functions to verify the data pointed to by a subfield is inside the
@@ -62,7 +62,7 @@ vb2_error_t VerifyPublicKeyInside(const void *parent, uint64_t parent_size,
 				  const struct vb2_packed_key *key);
 
 vb2_error_t VerifySignatureInside(const void *parent, uint64_t parent_size,
-				  const VbSignature *sig);
+				  const struct vb2_signature *sig);
 
 /**
  * Initialize a public key to refer to [key_data].
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index f68b387b..f8b0a955 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -38,12 +38,12 @@ const uint8_t *GetPublicKeyDataC(const struct vb2_packed_key *key)
 	return (const uint8_t *)key + key->key_offset;
 }
 
-uint8_t *GetSignatureData(VbSignature *sig)
+uint8_t *GetSignatureData(struct vb2_signature *sig)
 {
 	return (uint8_t *)sig + sig->sig_offset;
 }
 
-const uint8_t *GetSignatureDataC(const VbSignature *sig)
+const uint8_t *GetSignatureDataC(const struct vb2_signature *sig)
 {
 	return (const uint8_t *)sig + sig->sig_offset;
 }
@@ -62,10 +62,10 @@ vb2_error_t VerifyPublicKeyInside(const void *parent, uint64_t parent_size,
 }
 
 vb2_error_t VerifySignatureInside(const void *parent, uint64_t parent_size,
-				  const VbSignature *sig)
+				  const struct vb2_signature *sig)
 {
 	return vb2_verify_member_inside(parent, parent_size,
-					sig, sizeof(VbSignature),
+					sig, sizeof(struct vb2_signature),
 					sig->sig_offset, sig->sig_size);
 }
 
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 1c90f470..351044b3 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -166,14 +166,16 @@ static vb2_error_t vb2_verify_kernel_vblock(
 	/* Check the keyblock flags against boot flags. */
 	if (!(keyblock->keyblock_flags &
 	      ((ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) ?
-	       KEYBLOCK_FLAG_DEVELOPER_1 : KEYBLOCK_FLAG_DEVELOPER_0))) {
+	       VB2_KEYBLOCK_FLAG_DEVELOPER_1 :
+	       VB2_KEYBLOCK_FLAG_DEVELOPER_0))) {
 		VB2_DEBUG("Keyblock developer flag mismatch.\n");
 		shpart->check_result = VBSD_LKP_CHECK_DEV_MISMATCH;
 		keyblock_valid = 0;
 	}
 	if (!(keyblock->keyblock_flags &
 	      ((ctx->flags & VB2_CONTEXT_RECOVERY_MODE) ?
-	       KEYBLOCK_FLAG_RECOVERY_1 : KEYBLOCK_FLAG_RECOVERY_0))) {
+	       VB2_KEYBLOCK_FLAG_RECOVERY_1 :
+	       VB2_KEYBLOCK_FLAG_RECOVERY_0))) {
 		VB2_DEBUG("Keyblock recovery flag mismatch.\n");
 		shpart->check_result = VBSD_LKP_CHECK_REC_MISMATCH;
 		keyblock_valid = 0;
diff --git a/firmware/lib20/common.c b/firmware/lib20/common.c
index 2c6886c5..f1364c7a 100644
--- a/firmware/lib20/common.c
+++ b/firmware/lib20/common.c
@@ -11,20 +11,6 @@
 #include "2sysincludes.h"
 #include "vb2_common.h"
 
-uint8_t *vb2_signature_data(struct vb2_signature *sig)
-{
-	return (uint8_t *)sig + sig->sig_offset;
-}
-
-vb2_error_t vb2_verify_signature_inside(const void *parent,
-				uint32_t parent_size,
-				const struct vb2_signature *sig)
-{
-	return vb2_verify_member_inside(parent, parent_size,
-					sig, sizeof(*sig),
-					sig->sig_offset, sig->sig_size);
-}
-
 vb2_error_t vb2_verify_digest(const struct vb2_public_key *key,
 			      struct vb2_signature *sig, const uint8_t *digest,
 			      const struct vb2_workbuf *wb)
@@ -98,12 +84,12 @@ vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size,
 		return VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER;
 	}
 
-	if (memcmp(block->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE)) {
+	if (memcmp(block->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE)) {
 		VB2_DEBUG("Not a valid verified boot keyblock.\n");
 		return VB2_ERROR_KEYBLOCK_MAGIC;
 	}
 
-	if (block->header_version_major != KEYBLOCK_HEADER_VERSION_MAJOR) {
+	if (block->header_version_major != VB2_KEYBLOCK_VERSION_MAJOR) {
 		VB2_DEBUG("Incompatible keyblock header version.\n");
 		return VB2_ERROR_KEYBLOCK_HEADER_VERSION;
 	}
diff --git a/firmware/lib20/include/vb2_common.h b/firmware/lib20/include/vb2_common.h
index 911dc0a3..5bac7a89 100644
--- a/firmware/lib20/include/vb2_common.h
+++ b/firmware/lib20/include/vb2_common.h
@@ -18,24 +18,6 @@
 
 struct vb2_public_key;
 
-/*
- * Helper functions to get data pointed to by a public key or signature.
- */
-
-uint8_t *vb2_signature_data(struct vb2_signature *sig);
-
-/**
- * Verify a signature is fully contained in its parent data
- *
- * @param parent	Parent data
- * @param parent_size	Parent size in bytes
- * @param sig		Signature pointer
- * @return VB2_SUCCESS, or non-zero if error.
- */
-vb2_error_t vb2_verify_signature_inside(const void *parent,
-					uint32_t parent_size,
-					const struct vb2_signature *sig);
-
 /**
  * Unpack a vboot1-format key buffer for use in verification
  *
diff --git a/firmware/lib20/include/vb2_struct.h b/firmware/lib20/include/vb2_struct.h
index d6279e19..75330c18 100644
--- a/firmware/lib20/include/vb2_struct.h
+++ b/firmware/lib20/include/vb2_struct.h
@@ -27,81 +27,6 @@
 #define VB2_MAX_KEY_VERSION 0xffff
 #define VB2_MAX_PREAMBLE_VERSION 0xffff
 
-
-/* Signature data (a secure hash, possibly signed) */
-struct vb2_signature {
-	/* Offset of signature data from start of this struct */
-	uint32_t sig_offset;
-	uint32_t reserved0;
-
-	/* Size of signature data in bytes */
-	uint32_t sig_size;
-	uint32_t reserved1;
-
-	/* Size of the data block which was signed in bytes */
-	uint32_t data_size;
-	uint32_t reserved2;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_SIGNATURE_SIZE 24
-
-
-#define KEYBLOCK_MAGIC "CHROMEOS"
-#define KEYBLOCK_MAGIC_SIZE 8
-
-#define KEYBLOCK_HEADER_VERSION_MAJOR 2
-#define KEYBLOCK_HEADER_VERSION_MINOR 1
-
-/*
- * Keyblock, containing the public key used to sign some other chunk of data.
- *
- * This should be followed by:
- *   1) The data_key key data, pointed to by data_key.key_offset.
- *   2) The checksum data for (vb2_keyblock + data_key data), pointed to
- *      by keyblock_checksum.sig_offset.
- *   3) The signature data for (vb2_keyblock + data_key data), pointed to
- *      by keyblock_signature.sig_offset.
- */
-struct vb2_keyblock {
-	/* Magic number */
-	uint8_t magic[KEYBLOCK_MAGIC_SIZE];
-
-	/* Version of this header format */
-	uint32_t header_version_major;
-	uint32_t header_version_minor;
-
-	/*
-	 * Length of this entire keyblock, including keys, signatures, and
-	 * padding, in bytes
-	 */
-	uint32_t keyblock_size;
-	uint32_t reserved0;
-
-	/*
-	 * Signature for this keyblock (header + data pointed to by data_key)
-	 * For use with signed data keys
-	 */
-	struct vb2_signature keyblock_signature;
-
-	/*
-	 * SHA-512 hash for this keyblock (header + data pointed to by
-	 * data_key) For use with unsigned data keys.
-	 *
-	 * Only supported for kernel keyblocks, not firmware keyblocks.
-	 */
-	struct vb2_signature keyblock_hash;
-
-	/* Flags for key (VB2_KEYBLOCK_FLAG_*) */
-	uint32_t keyblock_flags;
-	uint32_t reserved1;
-
-	/* Key to verify the chunk of data */
-	struct vb2_packed_key data_key;
-} __attribute__((packed));
-
-#define EXPECTED_VB2_KEYBLOCK_SIZE 112
-
-
 /* Firmware preamble header */
 #define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
 #define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1
diff --git a/futility/cmd_vbutil_keyblock.c b/futility/cmd_vbutil_keyblock.c
index b81da878..8e4b22d1 100644
--- a/futility/cmd_vbutil_keyblock.c
+++ b/futility/cmd_vbutil_keyblock.c
@@ -215,13 +215,13 @@ static int Unpack(const char *infile, const char *datapubkey,
 	printf("Keyblock file:        %s\n", infile);
 	printf("Signature             %s\n", sign_key ? "valid" : "ignored");
 	printf("Flags:                %u ", block->keyblock_flags);
-	if (block->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_0)
+	if (block->keyblock_flags & VB2_KEYBLOCK_FLAG_DEVELOPER_0)
 		printf(" !DEV");
-	if (block->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_1)
+	if (block->keyblock_flags & VB2_KEYBLOCK_FLAG_DEVELOPER_1)
 		printf(" DEV");
-	if (block->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_0)
+	if (block->keyblock_flags & VB2_KEYBLOCK_FLAG_RECOVERY_0)
 		printf(" !REC");
-	if (block->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_1)
+	if (block->keyblock_flags & VB2_KEYBLOCK_FLAG_RECOVERY_1)
 		printf(" REC");
 	printf("\n");
 
diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c
index a106b5b8..01c63ebd 100644
--- a/futility/vb1_helper.c
+++ b/futility/vb1_helper.c
@@ -538,13 +538,13 @@ int VerifyKernelBlob(uint8_t *kernel_blob,
 	       signpub_key ? "valid" : "ignored");
 	printf("  Size:                %#x\n", g_keyblock->keyblock_size);
 	printf("  Flags:               %u ", g_keyblock->keyblock_flags);
-	if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_0)
+	if (g_keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_DEVELOPER_0)
 		printf(" !DEV");
-	if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_1)
+	if (g_keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_DEVELOPER_1)
 		printf(" DEV");
-	if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_0)
+	if (g_keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_RECOVERY_0)
 		printf(" !REC");
-	if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_1)
+	if (g_keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_RECOVERY_1)
 		printf(" REC");
 	printf("\n");
 	printf("  Data key algorithm:  %u %s\n", data_key->algorithm,
diff --git a/host/lib/host_keyblock.c b/host/lib/host_keyblock.c
index 53a382e4..42b3a71d 100644
--- a/host/lib/host_keyblock.c
+++ b/host/lib/host_keyblock.c
@@ -40,9 +40,9 @@ struct vb2_keyblock *vb2_create_keyblock(
 	uint8_t *block_chk_dest = data_key_dest + data_key->key_size;
 	uint8_t *block_sig_dest = block_chk_dest + VB2_SHA512_DIGEST_SIZE;
 
-	memcpy(h->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE);
-	h->header_version_major = KEYBLOCK_HEADER_VERSION_MAJOR;
-	h->header_version_minor = KEYBLOCK_HEADER_VERSION_MINOR;
+	memcpy(h->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE);
+	h->header_version_major = VB2_KEYBLOCK_VERSION_MAJOR;
+	h->header_version_minor = VB2_KEYBLOCK_VERSION_MINOR;
 	h->keyblock_size = block_size;
 	h->keyblock_flags = flags;
 
@@ -108,9 +108,9 @@ struct vb2_keyblock *vb2_create_keyblock_external(
 	uint8_t *block_chk_dest = data_key_dest + data_key->key_size;
 	uint8_t *block_sig_dest = block_chk_dest + VB2_SHA512_DIGEST_SIZE;
 
-	memcpy(h->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE);
-	h->header_version_major = KEYBLOCK_HEADER_VERSION_MAJOR;
-	h->header_version_minor = KEYBLOCK_HEADER_VERSION_MINOR;
+	memcpy(h->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE);
+	h->header_version_major = VB2_KEYBLOCK_VERSION_MAJOR;
+	h->header_version_minor = VB2_KEYBLOCK_VERSION_MINOR;
 	h->keyblock_size = block_size;
 	h->keyblock_flags = flags;
 
diff --git a/tests/vb20_common_tests.c b/tests/vb20_common_tests.c
index 7d9ffe82..17ffe670 100644
--- a/tests/vb20_common_tests.c
+++ b/tests/vb20_common_tests.c
@@ -8,7 +8,6 @@
 #include "2sysincludes.h"
 #include "test_common.h"
 #include "vb2_common.h"
-#include "vboot_struct.h"  /* For old struct sizes */
 
 /*
  * Test struct packing for vboot_struct.h structs which are passed between
@@ -17,68 +16,14 @@
 static void test_struct_packing(void)
 {
 	/* Test vboot2 versions of vboot1 structs */
-	TEST_EQ(EXPECTED_VB2_SIGNATURE_SIZE,
-		sizeof(struct vb2_signature),
-		"sizeof(vb2_signature)");
-	TEST_EQ(EXPECTED_VB2_KEYBLOCK_SIZE,
-		sizeof(struct vb2_keyblock),
-		"sizeof(vb2_keyblock)");
 	TEST_EQ(EXPECTED_VB2_FW_PREAMBLE_SIZE,
 		sizeof(struct vb2_fw_preamble),
 		"sizeof(vb2_fw_preamble)");
-
-	/* And make sure they're the same as their vboot1 equivalents */
-	TEST_EQ(EXPECTED_VB2_SIGNATURE_SIZE,
-		EXPECTED_VBSIGNATURE_SIZE,
-		"vboot1->2 signature sizes same");
-	TEST_EQ(EXPECTED_VB2_KEYBLOCK_SIZE,
-		EXPECTED_VBKEYBLOCKHEADER_SIZE,
-		"vboot1->2 keyblock sizes same");
-}
-
-/**
- * Helper functions not dependent on specific key sizes
- */
-static void test_helper_functions(void)
-{
-	{
-		struct vb2_signature s = {.sig_offset = sizeof(s)};
-		TEST_EQ((int)vb2_offset_of(&s, vb2_signature_data(&s)),
-			sizeof(s), "vb2_signature_data() adjacent");
-	}
-
-	{
-		struct vb2_signature s = {.sig_offset = 123};
-		TEST_EQ((int)vb2_offset_of(&s, vb2_signature_data(&s)), 123,
-			"vb2_signature_data() spaced");
-	}
-
-	{
-		struct vb2_signature s = {.sig_offset = sizeof(s),
-					  .sig_size = 128};
-		TEST_SUCC(vb2_verify_signature_inside(&s, sizeof(s)+128, &s),
-			"SignatureInside ok 1");
-		TEST_SUCC(vb2_verify_signature_inside(&s - 1,
-						      2*sizeof(s)+128, &s),
-			  "SignatureInside ok 2");
-		TEST_EQ(vb2_verify_signature_inside(&s, 128, &s),
-			VB2_ERROR_INSIDE_DATA_OUTSIDE,
-			"SignatureInside sig too big");
-	}
-
-	{
-		struct vb2_signature s = {.sig_offset = 100,
-					  .sig_size = 4};
-		TEST_EQ(vb2_verify_signature_inside(&s, 99, &s),
-			VB2_ERROR_INSIDE_DATA_OUTSIDE,
-			"SignatureInside offset too big");
-	}
 }
 
 int main(int argc, char* argv[])
 {
 	test_struct_packing();
-	test_helper_functions();
 
 	return gTestSuccess ? 0 : 255;
 }
diff --git a/tests/vb20_kernel_tests.c b/tests/vb20_kernel_tests.c
index 90f7e5ff..3a80552e 100644
--- a/tests/vb20_kernel_tests.c
+++ b/tests/vb20_kernel_tests.c
@@ -109,13 +109,13 @@ static void reset_common_data(enum reset_type t)
 	mock_gbb.recovery_key.key_size = sizeof(mock_gbb.recovery_key_data);
 
 	kb->keyblock_size = sizeof(mock_vblock.k);
-	memcpy(kb->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE);
+	memcpy(kb->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE);
 
 	kb->keyblock_flags = VB2_KEYBLOCK_FLAG_DEVELOPER_1 |
 		VB2_KEYBLOCK_FLAG_DEVELOPER_0 |
 		VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_RECOVERY_0;
-	kb->header_version_major = KEYBLOCK_HEADER_VERSION_MAJOR;
-	kb->header_version_minor = KEYBLOCK_HEADER_VERSION_MINOR;
+	kb->header_version_major = VB2_KEYBLOCK_VERSION_MAJOR;
+	kb->header_version_minor = VB2_KEYBLOCK_VERSION_MINOR;
 	kb->data_key.algorithm = 7;
 	kb->data_key.key_version = 2;
 	kb->data_key.key_offset =
diff --git a/tests/vb2_common_tests.c b/tests/vb2_common_tests.c
index 2661cce9..61ce1338 100644
--- a/tests/vb2_common_tests.c
+++ b/tests/vb2_common_tests.c
@@ -86,6 +86,12 @@ static void test_struct_packing(void)
 	TEST_EQ(EXPECTED_VB2_GBB_HEADER_SIZE,
 		sizeof(struct vb2_gbb_header),
 		"sizeof(vb2_gbb_header)");
+	TEST_EQ(EXPECTED_VB2_SIGNATURE_SIZE,
+		sizeof(struct vb2_signature),
+		"sizeof(vb2_signature)");
+	TEST_EQ(EXPECTED_VB2_KEYBLOCK_SIZE,
+		sizeof(struct vb2_keyblock),
+		"sizeof(vb2_keyblock)");
 }
 
 /**
@@ -204,6 +210,17 @@ static void test_helper_functions(void)
 		TEST_EQ((int)vb2_offset_of(&k, vb2_packed_key_data(&k)), 123,
 			"vb2_packed_key_data() spaced");
 	}
+	{
+		struct vb2_signature s = {.sig_offset = sizeof(s)};
+		TEST_EQ((int)vb2_offset_of(&s, vb2_signature_data(&s)),
+			sizeof(s), "vb2_signature_data() adjacent");
+	}
+
+	{
+		struct vb2_signature s = {.sig_offset = 123};
+		TEST_EQ((int)vb2_offset_of(&s, vb2_signature_data(&s)), 123,
+			"vb2_signature_data() spaced");
+	}
 
 	{
 		uint8_t *p = (uint8_t *)test_helper_functions;
@@ -272,6 +289,27 @@ static void test_helper_functions(void)
 			VB2_ERROR_INSIDE_DATA_OUTSIDE,
 			"vb2_packed_key_inside() offset too big");
 	}
+
+	{
+		struct vb2_signature s = {.sig_offset = sizeof(s),
+					  .sig_size = 128};
+		TEST_SUCC(vb2_verify_signature_inside(&s, sizeof(s)+128, &s),
+			"vb2_verify_signature_inside() ok 1");
+		TEST_SUCC(vb2_verify_signature_inside(&s - 1,
+						      2*sizeof(s)+128, &s),
+			  "vb2_verify_signature_inside() ok 2");
+		TEST_EQ(vb2_verify_signature_inside(&s, 128, &s),
+			VB2_ERROR_INSIDE_DATA_OUTSIDE,
+			"vb2_verify_signature_inside() sig too big");
+	}
+
+	{
+		struct vb2_signature s = {.sig_offset = 100,
+					  .sig_size = 4};
+		TEST_EQ(vb2_verify_signature_inside(&s, 99, &s),
+			VB2_ERROR_INSIDE_DATA_OUTSIDE,
+			"vb2_verify_signature_inside() offset too big");
+	}
 }
 
 /* Helper for test_assert_die() below */
diff --git a/tests/vboot_common_tests.c b/tests/vboot_common_tests.c
index 6a09d92f..1869556b 100644
--- a/tests/vboot_common_tests.c
+++ b/tests/vboot_common_tests.c
@@ -21,10 +21,6 @@
  */
 static void StructPackingTest(void)
 {
-	TEST_EQ(EXPECTED_VBSIGNATURE_SIZE, sizeof(VbSignature),
-		"sizeof(VbSignature)");
-	TEST_EQ(EXPECTED_VBKEYBLOCKHEADER_SIZE, sizeof(VbKeyBlockHeader),
-		"sizeof(VbKeyBlockHeader)");
 	TEST_EQ(EXPECTED_VBKERNELPREAMBLEHEADER2_2_SIZE,
 		sizeof(VbKernelPreambleHeader),
 		"sizeof(VbKernelPreambleHeader)");
@@ -38,26 +34,6 @@ static void StructPackingTest(void)
 		"sizeof(VbSharedDataHeader) V2");
 }
 
-/* Helper functions not dependent on specific key sizes */
-static void VerifyHelperFunctions(void)
-{
-	{
-		VbSignature s = {sizeof(s), 128, 2000};
-		TEST_EQ(VerifySignatureInside(&s, sizeof(s)+128, &s), 0,
-			"SignatureInside ok 1");
-		TEST_EQ(VerifySignatureInside(&s - 1, 2*sizeof(s)+128, &s), 0,
-			"SignatureInside ok 2");
-		TEST_NEQ(VerifySignatureInside(&s, 128, &s), 0,
-			 "SignatureInside sig too big");
-	}
-
-	{
-		VbSignature s = {100, 4, 0};
-		TEST_NEQ(VerifySignatureInside(&s, 99, &s), 0,
-			 "SignatureInside offset too big");
-	}
-}
-
 /* Public key utility functions */
 static void PublicKeyTest(void)
 {
@@ -152,7 +128,6 @@ static void VbSharedDataTest(void)
 int main(int argc, char* argv[])
 {
 	StructPackingTest();
-	VerifyHelperFunctions();
 	PublicKeyTest();
 	VbSharedDataTest();
 
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c
index 33705f2c..531a1187 100644
--- a/tests/vboot_kernel_tests.c
+++ b/tests/vboot_kernel_tests.c
@@ -61,7 +61,7 @@ static VbExDiskHandle_t handle;
 static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE];
 static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data;
 static LoadKernelParams lkp;
-static VbKeyBlockHeader kbh;
+static struct vb2_keyblock kbh;
 static VbKernelPreambleHeader kph;
 static struct RollbackSpaceFwmp fwmp;
 static uint8_t mock_disk[MOCK_SECTOR_SIZE * MOCK_SECTOR_COUNT];
@@ -683,27 +683,27 @@ static void LoadKernelTest(void)
 	/* Check keyblock flag mismatches */
 	ResetMocks();
 	kbh.keyblock_flags =
-		KEYBLOCK_FLAG_RECOVERY_0 | KEYBLOCK_FLAG_DEVELOPER_1;
+		VB2_KEYBLOCK_FLAG_RECOVERY_0 | VB2_KEYBLOCK_FLAG_DEVELOPER_1;
 	TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND,
 		       "Keyblock dev flag mismatch");
 
 	ResetMocks();
 	kbh.keyblock_flags =
-		KEYBLOCK_FLAG_RECOVERY_1 | KEYBLOCK_FLAG_DEVELOPER_0;
+		VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_0;
 	TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND,
 		       "Keyblock rec flag mismatch");
 
 	ResetMocks();
 	ctx.flags |= VB2_CONTEXT_RECOVERY_MODE;
 	kbh.keyblock_flags =
-		KEYBLOCK_FLAG_RECOVERY_1 | KEYBLOCK_FLAG_DEVELOPER_1;
+		VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_1;
 	TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND,
 		       "Keyblock recdev flag mismatch");
 
 	ResetMocks();
 	ctx.flags |= VB2_CONTEXT_RECOVERY_MODE | VB2_CONTEXT_DEVELOPER_MODE;
 	kbh.keyblock_flags =
-		KEYBLOCK_FLAG_RECOVERY_1 | KEYBLOCK_FLAG_DEVELOPER_0;
+		VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_DEVELOPER_0;
 	TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND,
 		       "Keyblock rec!dev flag mismatch");