diff options
Diffstat (limited to 'firmware/2lib/include/2secdata.h')
-rw-r--r-- | firmware/2lib/include/2secdata.h | 141 |
1 files changed, 28 insertions, 113 deletions
diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h index 4e6fdda2..99b557de 100644 --- a/firmware/2lib/include/2secdata.h +++ b/firmware/2lib/include/2secdata.h @@ -11,9 +11,16 @@ #include "2api.h" /*****************************************************************************/ -/* Firmware version space */ +/* Firmware secure storage space */ -#define VB2_SECDATA_FIRMWARE_VERSION 2 +/* Which param to get/set for vb2_secdata_firmware_get/set() */ +enum vb2_secdata_firmware_param { + /* Flags; see vb2_secdata_firmware_flags */ + VB2_SECDATA_FIRMWARE_FLAGS = 0, + + /* Firmware versions */ + VB2_SECDATA_FIRMWARE_VERSIONS, +}; /* Flags for firmware space */ enum vb2_secdata_firmware_flags { @@ -32,103 +39,6 @@ enum vb2_secdata_firmware_flags { VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE = (1 << 1), }; -struct vb2_secdata_firmware { - /* Struct version, for backwards compatibility */ - uint8_t struct_version; - - /* Flags; see vb2_secdata_firmware_flags */ - uint8_t flags; - - /* Firmware versions */ - uint32_t fw_versions; - - /* Reserved for future expansion */ - uint8_t reserved[3]; - - /* CRC; must be last field in struct */ - uint8_t crc8; -} __attribute__((packed)); - -/* Which param to get/set for vb2_secdata_firmware_get/set() */ -enum vb2_secdata_firmware_param { - /* Flags; see vb2_secdata_firmware_flags */ - VB2_SECDATA_FIRMWARE_FLAGS = 0, - - /* Firmware versions */ - VB2_SECDATA_FIRMWARE_VERSIONS, -}; - -/*****************************************************************************/ -/* Kernel version space */ - -/* Kernel space - KERNEL_NV_INDEX, locked with physical presence. */ -#define VB2_SECDATA_KERNEL_VERSION 2 -#define VB2_SECDATA_KERNEL_UID 0x4752574c /* 'GRWL' */ - -struct vb2_secdata_kernel { - /* Struct version, for backwards compatibility */ - uint8_t struct_version; - - /* Unique ID to detect space redefinition */ - uint32_t uid; - - /* Kernel versions */ - uint32_t kernel_versions; - - /* Reserved for future expansion */ - uint8_t reserved[3]; - - /* CRC; must be last field in struct */ - uint8_t crc8; -} __attribute__((packed)); - -/* Which param to get/set for vb2_secdata_kernel_get/set() */ -enum vb2_secdata_kernel_param { - /* Kernel versions */ - VB2_SECDATA_KERNEL_VERSIONS = 0, -}; - -/*****************************************************************************/ -/* Firmware management parameters (FWMP) space */ - -#define VB2_SECDATA_FWMP_VERSION 0x10 /* 1.0 */ -#define VB2_SECDATA_FWMP_HASH_SIZE 32 /* enough for SHA-256 */ - -/* Flags for FWMP space */ -enum vb2_secdata_fwmp_flags { - VB2_SECDATA_FWMP_DEV_DISABLE_BOOT = (1 << 0), - VB2_SECDATA_FWMP_DEV_DISABLE_RECOVERY = (1 << 1), - VB2_SECDATA_FWMP_DEV_ENABLE_USB = (1 << 2), - VB2_SECDATA_FWMP_DEV_ENABLE_LEGACY = (1 << 3), - VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY = (1 << 4), - VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5), - /* CCD = case-closed debugging on cr50; flag implemented on cr50 */ - VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6), -}; - -struct vb2_secdata_fwmp { - /* CRC-8 of fields following struct_size */ - uint8_t crc8; - - /* Structure size in bytes */ - uint8_t struct_size; - - /* Structure version (4 bits major, 4 bits minor) */ - uint8_t struct_version; - - /* Reserved; ignored by current reader */ - uint8_t reserved0; - - /* Flags; see enum vb2_secdata_fwmp_flags */ - uint32_t flags; - - /* Hash of developer kernel key */ - uint8_t dev_key_hash[VB2_SECDATA_FWMP_HASH_SIZE]; -}; - -/*****************************************************************************/ -/* Firmware secure storage space functions */ - /** * Initialize firmware secure storage context and verify its CRC. * @@ -164,12 +74,18 @@ vb2_error_t vb2_secdata_firmware_set(struct vb2_context *ctx, uint32_t value); /*****************************************************************************/ -/* Kernel secure storage space functions +/* Kernel secure storage space * * These are separate functions so that they don't bloat the size of the early * boot code which uses the firmware version space functions. */ +/* Which param to get/set for vb2_secdata_kernel_get/set() */ +enum vb2_secdata_kernel_param { + /* Kernel versions */ + VB2_SECDATA_KERNEL_VERSIONS = 0, +}; + /** * Initialize kernel secure storage context and verify its CRC. * @@ -205,20 +121,19 @@ vb2_error_t vb2_secdata_kernel_set(struct vb2_context *ctx, uint32_t value); /*****************************************************************************/ -/* Firmware management parameters (FWMP) space functions */ +/* Firmware management parameters (FWMP) space */ -/** - * Generate CRC for FWMP secure storage space. - * - * Calculate CRC hash from struct_version onward. Should not be used; - * prototype only in header for use by unittests. - * - * In valid FWMP data, this CRC value should match the crc8 field. - * - * @param sec Pointer to FWMP struct - * @return 32-bit CRC hash of FWMP data - */ -uint32_t vb2_secdata_fwmp_crc(struct vb2_secdata_fwmp *sec); +/* Flags for FWMP space */ +enum vb2_secdata_fwmp_flags { + VB2_SECDATA_FWMP_DEV_DISABLE_BOOT = (1 << 0), + VB2_SECDATA_FWMP_DEV_DISABLE_RECOVERY = (1 << 1), + VB2_SECDATA_FWMP_DEV_ENABLE_USB = (1 << 2), + VB2_SECDATA_FWMP_DEV_ENABLE_LEGACY = (1 << 3), + VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY = (1 << 4), + VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5), + /* CCD = case-closed debugging on cr50; flag implemented on cr50 */ + VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6), +}; /** * Initialize FWMP secure storage context and verify its CRC. |