diff options
author | Randall Spangler <rspangler@chromium.org> | 2016-04-15 14:49:40 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-05-08 21:16:02 -0700 |
commit | 946abf1439f378dded6d4c4a82b53af86cdf44a3 (patch) | |
tree | 0d21ca10aca695e8ce4c029236d1694c558df507 /firmware/lib/include/rollback_index.h | |
parent | 111c59b567bf2c1a61bfad38a7db80aa158ef5a0 (diff) | |
download | vboot-946abf1439f378dded6d4c4a82b53af86cdf44a3.tar.gz |
vboot: Add firmware management parameters
This adds RW firmware support for the optional firmware management
parameters TPM space.
System-level tests require CL:339262 to add cryptohome support.
BUG=chromium:601492
BRANCH=baytrail and newer platforms
TEST=make -j runtests
Or better, COV=1 make, and then make sure all new code is covered.
Change-Id: Ifaf644c80809552d5961615be6017c2a332a034b
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/339234
Diffstat (limited to 'firmware/lib/include/rollback_index.h')
-rw-r--r-- | firmware/lib/include/rollback_index.h | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/firmware/lib/include/rollback_index.h b/firmware/lib/include/rollback_index.h index dd0de32a..6cc9ee61 100644 --- a/firmware/lib/include/rollback_index.h +++ b/firmware/lib/include/rollback_index.h @@ -18,7 +18,8 @@ /* This is just an opaque space for backup purposes */ #define BACKUP_NV_INDEX 0x1009 #define BACKUP_NV_SIZE 16 - +#define FWMP_NV_INDEX 0x100a +#define FWMP_NV_MAX_SIZE 128 /* Structure definitions for TPM spaces */ @@ -70,6 +71,34 @@ typedef struct RollbackSpaceFirmware { uint8_t crc8; } __attribute__((packed)) RollbackSpaceFirmware; +#define FWMP_HASH_SIZE 32 /* Enough for SHA-256 */ + +/* Firmware management parameters */ +struct RollbackSpaceFwmp { + /* CRC-8 of fields following struct_size */ + uint8_t crc; + /* Structure size in bytes */ + uint8_t struct_size; + /* Structure version */ + uint8_t struct_version; + /* Reserved; ignored by current reader */ + uint8_t reserved0; + /* Flags; see enum fwmp_flags */ + uint32_t flags; + /* Hash of developer kernel key */ + uint8_t dev_key_hash[FWMP_HASH_SIZE]; +} __attribute__((packed)); + +#define ROLLBACK_SPACE_FWMP_VERSION 0x10 /* 1.0 */ + +enum fwmp_flags { + FWMP_DEV_DISABLE_BOOT = (1 << 0), + FWMP_DEV_DISABLE_RECOVERY = (1 << 1), + FWMP_DEV_ENABLE_USB = (1 << 2), + FWMP_DEV_ENABLE_LEGACY = (1 << 3), + FWMP_DEV_ENABLE_OFFICIAL_ONLY = (1 << 4), + FWMP_DEV_USE_KEY_HASH = (1 << 5), +}; /* All functions return TPM_SUCCESS (zero) if successful, non-zero if error */ @@ -134,6 +163,15 @@ uint32_t RollbackBackupWrite(uint8_t *raw); */ uint32_t RollbackKernelLock(int recovery_mode); +/** + * Read and validate firmware management parameters. + * + * Absence of a FWMP is not an error; in this case, fwmp will be cleared. + * + * Returns non-zero if error. + */ +uint32_t RollbackFwmpRead(struct RollbackSpaceFwmp *fwmp); + /****************************************************************************/ /* |