summaryrefslogtreecommitdiff
path: root/firmware/2lib/include/2secdata.h
diff options
context:
space:
mode:
Diffstat (limited to 'firmware/2lib/include/2secdata.h')
-rw-r--r--firmware/2lib/include/2secdata.h85
1 files changed, 85 insertions, 0 deletions
diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h
index 0bbce4f3..4e6fdda2 100644
--- a/firmware/2lib/include/2secdata.h
+++ b/firmware/2lib/include/2secdata.h
@@ -89,6 +89,44 @@ enum vb2_secdata_kernel_param {
};
/*****************************************************************************/
+/* Firmware management parameters (FWMP) space */
+
+#define VB2_SECDATA_FWMP_VERSION 0x10 /* 1.0 */
+#define VB2_SECDATA_FWMP_HASH_SIZE 32 /* enough for SHA-256 */
+
+/* Flags for FWMP space */
+enum vb2_secdata_fwmp_flags {
+ VB2_SECDATA_FWMP_DEV_DISABLE_BOOT = (1 << 0),
+ VB2_SECDATA_FWMP_DEV_DISABLE_RECOVERY = (1 << 1),
+ VB2_SECDATA_FWMP_DEV_ENABLE_USB = (1 << 2),
+ VB2_SECDATA_FWMP_DEV_ENABLE_LEGACY = (1 << 3),
+ VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY = (1 << 4),
+ VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5),
+ /* CCD = case-closed debugging on cr50; flag implemented on cr50 */
+ VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6),
+};
+
+struct vb2_secdata_fwmp {
+ /* CRC-8 of fields following struct_size */
+ uint8_t crc8;
+
+ /* Structure size in bytes */
+ uint8_t struct_size;
+
+ /* Structure version (4 bits major, 4 bits minor) */
+ uint8_t struct_version;
+
+ /* Reserved; ignored by current reader */
+ uint8_t reserved0;
+
+ /* Flags; see enum vb2_secdata_fwmp_flags */
+ uint32_t flags;
+
+ /* Hash of developer kernel key */
+ uint8_t dev_key_hash[VB2_SECDATA_FWMP_HASH_SIZE];
+};
+
+/*****************************************************************************/
/* Firmware secure storage space functions */
/**
@@ -166,4 +204,51 @@ vb2_error_t vb2_secdata_kernel_set(struct vb2_context *ctx,
enum vb2_secdata_kernel_param param,
uint32_t value);
+/*****************************************************************************/
+/* Firmware management parameters (FWMP) space functions */
+
+/**
+ * Generate CRC for FWMP secure storage space.
+ *
+ * Calculate CRC hash from struct_version onward. Should not be used;
+ * prototype only in header for use by unittests.
+ *
+ * In valid FWMP data, this CRC value should match the crc8 field.
+ *
+ * @param sec Pointer to FWMP struct
+ * @return 32-bit CRC hash of FWMP data
+ */
+uint32_t vb2_secdata_fwmp_crc(struct vb2_secdata_fwmp *sec);
+
+/**
+ * Initialize FWMP secure storage context and verify its CRC.
+ *
+ * This must be called before vb2_secdata_fwmp_get_flag/get_dev_key_hash().
+ *
+ * @param ctx Context pointer
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb2_secdata_fwmp_init(struct vb2_context *ctx);
+
+/**
+ * Read a FWMP secure storage flag value.
+ *
+ * It is unsupported to call before successfully running vb2_secdata_fwmp_init.
+ * In this case, vboot will fail and exit.
+ *
+ * @param ctx Context pointer
+ * @param flag Flag to read
+ * @return current flag value (0 or 1)
+ */
+int vb2_secdata_fwmp_get_flag(struct vb2_context *ctx,
+ enum vb2_secdata_fwmp_flags flag);
+
+/**
+ * Return a pointer to FWMP dev key hash.
+ *
+ * @param ctx Context pointer
+ * @return uint8_t pointer to dev_key_hash field
+ */
+uint8_t *vb2_secdata_fwmp_get_dev_key_hash(struct vb2_context *ctx);
+
#endif /* VBOOT_REFERENCE_2SECDATA_H_ */
View Lorry Controller Status