diff options
Diffstat (limited to 'firmware/2lib/include/2secdata.h')
-rw-r--r-- | firmware/2lib/include/2secdata.h | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h index 0bbce4f3..4e6fdda2 100644 --- a/firmware/2lib/include/2secdata.h +++ b/firmware/2lib/include/2secdata.h @@ -89,6 +89,44 @@ enum vb2_secdata_kernel_param { }; /*****************************************************************************/ +/* Firmware management parameters (FWMP) space */ + +#define VB2_SECDATA_FWMP_VERSION 0x10 /* 1.0 */ +#define VB2_SECDATA_FWMP_HASH_SIZE 32 /* enough for SHA-256 */ + +/* Flags for FWMP space */ +enum vb2_secdata_fwmp_flags { + VB2_SECDATA_FWMP_DEV_DISABLE_BOOT = (1 << 0), + VB2_SECDATA_FWMP_DEV_DISABLE_RECOVERY = (1 << 1), + VB2_SECDATA_FWMP_DEV_ENABLE_USB = (1 << 2), + VB2_SECDATA_FWMP_DEV_ENABLE_LEGACY = (1 << 3), + VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY = (1 << 4), + VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5), + /* CCD = case-closed debugging on cr50; flag implemented on cr50 */ + VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6), +}; + +struct vb2_secdata_fwmp { + /* CRC-8 of fields following struct_size */ + uint8_t crc8; + + /* Structure size in bytes */ + uint8_t struct_size; + + /* Structure version (4 bits major, 4 bits minor) */ + uint8_t struct_version; + + /* Reserved; ignored by current reader */ + uint8_t reserved0; + + /* Flags; see enum vb2_secdata_fwmp_flags */ + uint32_t flags; + + /* Hash of developer kernel key */ + uint8_t dev_key_hash[VB2_SECDATA_FWMP_HASH_SIZE]; +}; + +/*****************************************************************************/ /* Firmware secure storage space functions */ /** @@ -166,4 +204,51 @@ vb2_error_t vb2_secdata_kernel_set(struct vb2_context *ctx, enum vb2_secdata_kernel_param param, uint32_t value); +/*****************************************************************************/ +/* Firmware management parameters (FWMP) space functions */ + +/** + * Generate CRC for FWMP secure storage space. + * + * Calculate CRC hash from struct_version onward. Should not be used; + * prototype only in header for use by unittests. + * + * In valid FWMP data, this CRC value should match the crc8 field. + * + * @param sec Pointer to FWMP struct + * @return 32-bit CRC hash of FWMP data + */ +uint32_t vb2_secdata_fwmp_crc(struct vb2_secdata_fwmp *sec); + +/** + * Initialize FWMP secure storage context and verify its CRC. + * + * This must be called before vb2_secdata_fwmp_get_flag/get_dev_key_hash(). + * + * @param ctx Context pointer + * @return VB2_SUCCESS, or non-zero error code if error. + */ +vb2_error_t vb2_secdata_fwmp_init(struct vb2_context *ctx); + +/** + * Read a FWMP secure storage flag value. + * + * It is unsupported to call before successfully running vb2_secdata_fwmp_init. + * In this case, vboot will fail and exit. + * + * @param ctx Context pointer + * @param flag Flag to read + * @return current flag value (0 or 1) + */ +int vb2_secdata_fwmp_get_flag(struct vb2_context *ctx, + enum vb2_secdata_fwmp_flags flag); + +/** + * Return a pointer to FWMP dev key hash. + * + * @param ctx Context pointer + * @return uint8_t pointer to dev_key_hash field + */ +uint8_t *vb2_secdata_fwmp_get_dev_key_hash(struct vb2_context *ctx); + #endif /* VBOOT_REFERENCE_2SECDATA_H_ */ |