diff options
Diffstat (limited to 'firmware/lib/include')
| -rw-r--r-- | firmware/lib/include/stateful_util.h | 62 | ||||
| -rw-r--r-- | firmware/lib/include/tss_constants.h | 79 | ||||
| -rw-r--r-- | firmware/lib/include/vboot_common.h | 110 | ||||
| -rw-r--r-- | firmware/lib/include/vboot_kernel.h | 25 | ||||
| -rw-r--r-- | firmware/lib/include/vboot_struct.h | 124 |
5 files changed, 400 insertions, 0 deletions
diff --git a/firmware/lib/include/stateful_util.h b/firmware/lib/include/stateful_util.h new file mode 100644 index 00000000..e782ed88 --- /dev/null +++ b/firmware/lib/include/stateful_util.h @@ -0,0 +1,62 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/* Helper functions/wrappers for memory allocations, manipulation and + * comparison. + */ + +#ifndef VBOOT_FIRMWARE_LIB_UTILITY_H_ +#define VBOOT_FIRMWARE_LIB_UTILITY_H_ + +#include "sysincludes.h" + +/* Track remaining data to be read in a buffer. */ +typedef struct MemcpyState { + void* remaining_buf; + uint64_t remaining_len; /* Remaining length of the buffer. */ + uint8_t overrun; /* Flag set to 1 when an overrun occurs. */ +} MemcpyState; + +/* Skip [len] bytes only if there's enough data to skip according + * to [state]. + * On success, return a meaningless but non-NULL pointer and updates [state]. + * On failure, return NULL, set remaining_len in state to -1. + * + * Useful for iterating through a binary blob to populate a struct. After the + * first failure (buffer overrun), successive calls will always fail. + */ +void* StatefulSkip(MemcpyState* state, uint64_t len); + +/* Copy [len] bytes into [dst] only if there's enough data to read according + * to [state]. + * On success, return [dst] and update [state]. + * On failure, return NULL, set remaining len in state to -1. + * + * Useful for iterating through a binary blob to populate a struct. After the + * first failure (buffer overrun), successive calls will always fail. + */ +void* StatefulMemcpy(MemcpyState* state, void* dst, uint64_t len); + +/* Like StatefulMemcpy() but copies in the opposite direction, populating + * data from [src] into the buffer encapsulated in state [state]. + * On success, return [src] and update [state]. + * On failure, return NULL, set remaining_len in state to -1. + * + * Useful for iterating through a structure to populate a binary blob. After the + * first failure (buffer overrun), successive calls will always fail. + */ +const void* StatefulMemcpy_r(MemcpyState* state, const void* src, uint64_t len); + +/* Like StatefulMemcpy_r() but fills a portion of the encapsulated buffer with + * a constant value. + * On success, return a meaningless but non-NULL pointer and updates [state]. + * On failure, return NULL, set remaining_len in state to -1. + * + * After the first failure (buffer overrun), successive calls will always fail. + */ +const void* StatefulMemset_r(MemcpyState* state, const uint8_t val, + uint64_t len); + +#endif /* VBOOT_FIRMWARE_LIB_UTILITY_H_ */ diff --git a/firmware/lib/include/tss_constants.h b/firmware/lib/include/tss_constants.h new file mode 100644 index 00000000..a2371485 --- /dev/null +++ b/firmware/lib/include/tss_constants.h @@ -0,0 +1,79 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Some TPM constants and type definitions for standalone compilation for use in + * the firmware + */ + +/* FIXME(gauravsh): + * NOTE: This file is copied over from + * src/platform/tpm_lite/src/tlcl/tss_constants.h + * Ideally, we want to directly include it without having two maintain + * duplicate copies in sync. But in the current model, this is hard + * to do without breaking standalone compilation. + * Eventually tpm_lite should be moved into vboot_reference. + */ + +#ifndef TPM_LITE_TSS_CONSTANTS_H_ +#define TPM_LITE_TSS_CONSTANTS_H_ + +#include "sysincludes.h" + +#define TPM_MAX_COMMAND_SIZE 4096 +#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */ + +#define TPM_SUCCESS ((uint32_t)0x00000000) +#define TPM_E_BADINDEX ((uint32_t)0x00000002) +#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048) +#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000) /* vboot local */ +#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001) /* vboot local */ +#define TPM_E_MUST_REBOOT ((uint32_t)0x00005002) /* vboot local */ + +#define TPM_NV_INDEX0 ((uint32_t)0x00000000) +#define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff) +#define TPM_NV_PER_WRITE_STCLEAR (((uint32_t)1)<<14) +#define TPM_NV_PER_PPWRITE (((uint32_t)1)<<0) +#define TPM_NV_PER_GLOBALLOCK (((uint32_t)1)<<15) + +typedef uint8_t TSS_BOOL; +typedef uint16_t TPM_STRUCTURE_TAG; + +typedef struct tdTPM_WRITE_INFO { + uint32_t nvIndex; + uint32_t offset; + uint32_t dataSize; +} TPM_WRITE_INFO; + +typedef struct tdTPM_PERMANENT_FLAGS +{ + TPM_STRUCTURE_TAG tag; + TSS_BOOL disable; + TSS_BOOL ownership; + TSS_BOOL deactivated; + TSS_BOOL readPubek; + TSS_BOOL disableOwnerClear; + TSS_BOOL allowMaintenance; + TSS_BOOL physicalPresenceLifetimeLock; + TSS_BOOL physicalPresenceHWEnable; + TSS_BOOL physicalPresenceCMDEnable; + TSS_BOOL CEKPUsed; + TSS_BOOL TPMpost; + TSS_BOOL TPMpostLock; + TSS_BOOL FIPS; + TSS_BOOL Operator; + TSS_BOOL enableRevokeEK; + TSS_BOOL nvLocked; + TSS_BOOL readSRKPub; + TSS_BOOL tpmEstablished; + TSS_BOOL maintenanceDone; + TSS_BOOL disableFullDALogicInfo; +} TPM_PERMANENT_FLAGS; + +#define TPM_ALL_LOCALITIES (TPM_LOC_ZERO | TPM_LOC_ONE | TPM_LOC_TWO \ + | TPM_LOC_THREE | TPM_LOC_FOUR) /* 0x1f */ + +#define TPM_ENCAUTH_SIZE 20 +#define TPM_PUBEK_SIZE 256 + +#endif /* TPM_LITE_TSS_CONSTANTS_H_ */ diff --git a/firmware/lib/include/vboot_common.h b/firmware/lib/include/vboot_common.h new file mode 100644 index 00000000..b7998a7a --- /dev/null +++ b/firmware/lib/include/vboot_common.h @@ -0,0 +1,110 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Common functions between firmware and kernel verified boot. + */ + +#ifndef VBOOT_REFERENCE_VBOOT_COMMON_H_ +#define VBOOT_REFERENCE_VBOOT_COMMON_H_ + +#include "cryptolib.h" +#include "vboot_struct.h" + +/* Error Codes for all common functions. */ +enum { + VBOOT_SUCCESS = 0, + VBOOT_KEY_BLOCK_INVALID, /* Key block internal structure is + * invalid, or not a key block */ + VBOOT_KEY_BLOCK_SIGNATURE, /* Key block signature check failed */ + VBOOT_KEY_BLOCK_HASH, /* Key block hash check failed */ + VBOOT_PUBLIC_KEY_INVALID, /* Invalid public key passed to a + * signature verficiation function. */ + VBOOT_PREAMBLE_INVALID, /* Preamble internal structure is + * invalid */ + VBOOT_PREAMBLE_SIGNATURE, /* Preamble signature check failed */ + VBOOT_ERROR_MAX, +}; +extern char* kVbootErrors[VBOOT_ERROR_MAX]; + + +/* Return offset of ptr from base. */ +uint64_t OffsetOf(const void* base, const void* ptr); + + +/* Helper functions to get data pointed to by a public key or signature. */ +uint8_t* GetPublicKeyData(VbPublicKey* key); +const uint8_t* GetPublicKeyDataC(const VbPublicKey* key); +uint8_t* GetSignatureData(VbSignature* sig); +const uint8_t* GetSignatureDataC(const VbSignature* sig); + + +/* Helper functions to verify the data pointed to by a subfield is inside + * the parent data. Returns 0 if inside, 1 if error. */ +int VerifyMemberInside(const void* parent, uint64_t parent_size, + const void* member, uint64_t member_size, + uint64_t member_data_offset, + uint64_t member_data_size); + +int VerifyPublicKeyInside(const void* parent, uint64_t parent_size, + const VbPublicKey* key); + +int VerifySignatureInside(const void* parent, uint64_t parent_size, + const VbSignature* sig); + + +/* Initialize a public key to refer to [key_data]. */ +void PublicKeyInit(VbPublicKey* key, uint8_t* key_data, uint64_t key_size); + + +/* Copy a public key from [src] to [dest]. + * + * Returns 0 if success, non-zero if error. */ +int PublicKeyCopy(VbPublicKey* dest, const VbPublicKey* src); + + +/* Converts a public key to RsaPublicKey format. The returned key must + * be freed using RSAPublicKeyFree(). + * + * Returns NULL if error. */ +RSAPublicKey* PublicKeyToRSA(const VbPublicKey* key); + + +/* Verifies [data] matches signature [sig] using [key]. */ +int VerifyData(const uint8_t* data, const VbSignature* sig, + const RSAPublicKey* key); + + +/* Verifies a secure hash digest from DigestBuf() or DigestFinal(), + * using [key]. */ +int VerifyDigest(const uint8_t* digest, const VbSignature *sig, + const RSAPublicKey* key); + + +/* Checks the sanity of a key block of size [size] bytes, using public + * key [key]. If [key]==NULL, uses only the block checksum to verify + * the key block. Header fields are also checked for sanity. Does not + * verify key index or key block flags. */ +int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size, + const VbPublicKey *key); + + +/* Checks the sanity of a firmware preamble of size [size] bytes, + * using public key [key]. + * + * Returns VBOOT_SUCCESS if successful. */ +int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble, + uint64_t size, const RSAPublicKey* key); + + +/* Checks the sanity of a kernel preamble of size [size] bytes, + * using public key [key]. + * + * Returns VBOOT_SUCCESS if successful. */ +int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble, + uint64_t size, const RSAPublicKey* key); + + + + +#endif /* VBOOT_REFERENCE_VBOOT_COMMON_H_ */ diff --git a/firmware/lib/include/vboot_kernel.h b/firmware/lib/include/vboot_kernel.h new file mode 100644 index 00000000..9cb7f028 --- /dev/null +++ b/firmware/lib/include/vboot_kernel.h @@ -0,0 +1,25 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Data structure and API definitions for a verified boot kernel image. + * (Firmware Portion) + */ + +#ifndef VBOOT_REFERENCE_VBOOT_KERNEL_H_ +#define VBOOT_REFERENCE_VBOOT_KERNEL_H_ + +#include "cgptlib.h" + +/* Allocates and reads GPT data from the drive. The sector_bytes and + * drive_sectors fields should be filled on input. The primary and + * secondary header and entries are filled on output. + * + * Returns 0 if successful, 1 if error. */ +int AllocAndReadGptData(GptData* gptdata); + +/* Writes any changes for the GPT data back to the drive, then frees the + * buffers. */ +int WriteAndFreeGptData(GptData* gptdata); + +#endif /* VBOOT_REFERENCE_VBOOT_KERNEL_H_ */ diff --git a/firmware/lib/include/vboot_struct.h b/firmware/lib/include/vboot_struct.h new file mode 100644 index 00000000..a60615c2 --- /dev/null +++ b/firmware/lib/include/vboot_struct.h @@ -0,0 +1,124 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Data structure definitions for verified boot, for on-disk / in-eeprom + * data. + */ + +#ifndef VBOOT_REFERENCE_VBOOT_STRUCT_H_ +#define VBOOT_REFERENCE_VBOOT_STRUCT_H_ + +#include "sysincludes.h" + + +/* Public key data */ +typedef struct VbPublicKey { + uint64_t key_offset; /* Offset of key data from start of this struct */ + uint64_t key_size; /* Size of key data in bytes (NOT strength of key + * in bits) */ + uint64_t algorithm; /* Signature algorithm used by the key */ + uint64_t key_version; /* Key version */ +} __attribute__((packed)) VbPublicKey; + + +/* Signature data (a secure hash, possibly signed) */ +typedef struct VbSignature { + uint64_t sig_offset; /* Offset of signature data from start of this + * struct */ + uint64_t sig_size; /* Size of signature data in bytes */ + uint64_t data_size; /* Size of the data block which was signed in bytes */ +} __attribute__((packed)) VbSignature; + + +#define KEY_BLOCK_MAGIC "CHROMEOS" +#define KEY_BLOCK_MAGIC_SIZE 8 + +#define KEY_BLOCK_HEADER_VERSION_MAJOR 2 +#define KEY_BLOCK_HEADER_VERSION_MINOR 1 + +/* Flags for key_block_flags */ +/* The following flags set where the key is valid */ +#define KEY_BLOCK_FLAG_DEVELOPER_0 UINT64_C(0x01) /* Developer switch off */ +#define KEY_BLOCK_FLAG_DEVELOPER_1 UINT64_C(0x02) /* Developer switch on */ +#define KEY_BLOCK_FLAG_RECOVERY_0 UINT64_C(0x04) /* Not recovery mode */ +#define KEY_BLOCK_FLAG_RECOVERY_1 UINT64_C(0x08) /* Recovery mode */ + +/* Key block, containing the public key used to sign some other chunk + * of data. */ +typedef struct VbKeyBlockHeader { + uint8_t magic[KEY_BLOCK_MAGIC_SIZE]; /* Magic number */ + uint32_t header_version_major; /* Version of this header format */ + uint32_t header_version_minor; /* Version of this header format */ + uint64_t key_block_size; /* Length of this entire key block, + * including keys, signatures, and + * padding, in bytes */ + VbSignature key_block_signature; /* Signature for this key block + * (header + data pointed to by data_key) + * For use with signed data keys*/ + VbSignature key_block_checksum; /* SHA-512 checksum for this key block + * (header + data pointed to by data_key) + * For use with unsigned data keys */ + uint64_t key_block_flags; /* Flags for key (KEY_BLOCK_FLAG_*) */ + VbPublicKey data_key; /* Key to verify the chunk of data */ +} __attribute__((packed)) VbKeyBlockHeader; +/* This should be followed by: + * 1) The data_key key data, pointed to by data_key.key_offset. + * 2) The checksum data for (VBKeyBlockHeader + data_key data), pointed to + * by key_block_checksum.sig_offset. + * 3) The signature data for (VBKeyBlockHeader + data_key data), pointed to + * by key_block_signature.sig_offset. */ + + +#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2 +#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 0 + +/* Preamble block for rewritable firmware */ +typedef struct VbFirmwarePreambleHeader { + uint64_t preamble_size; /* Size of this preamble, including keys, + * signatures, and padding, in bytes */ + VbSignature preamble_signature; /* Signature for this preamble + * (header + kernel subkey + + * body signature) */ + uint32_t header_version_major; /* Version of this header format */ + uint32_t header_version_minor; /* Version of this header format */ + + uint64_t firmware_version; /* Firmware version */ + VbPublicKey kernel_subkey; /* Key to verify kernel key block */ + VbSignature body_signature; /* Signature for the firmware body */ +} __attribute__((packed)) VbFirmwarePreambleHeader; +/* This should be followed by: + * 1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset. + * 2) The signature data for the firmware body, pointed to by + * body_signature.sig_offset. + * 3) The signature data for (VBFirmwarePreambleHeader + kernel_subkey data + * + body signature data), pointed to by + * preamble_signature.sig_offset. */ + + +#define KERNEL_PREAMBLE_HEADER_VERSION_MAJOR 2 +#define KERNEL_PREAMBLE_HEADER_VERSION_MINOR 0 + +/* Preamble block for kernel */ +typedef struct VbKernelPreambleHeader { + uint64_t preamble_size; /* Size of this preamble, including keys, + * signatures, and padding, in bytes */ + VbSignature preamble_signature; /* Signature for this preamble + * (header + body signature) */ + uint32_t header_version_major; /* Version of this header format */ + uint32_t header_version_minor; /* Version of this header format */ + + uint64_t kernel_version; /* Kernel version */ + uint64_t body_load_address; /* Load address for kernel body */ + uint64_t bootloader_address; /* Address of bootloader, after body is + * loaded at body_load_address */ + uint64_t bootloader_size; /* Size of bootloader in bytes */ + VbSignature body_signature; /* Signature for the kernel body */ +} __attribute__((packed)) VbKernelPreambleHeader; +/* This should be followed by: + * 2) The signature data for the kernel body, pointed to by + * body_signature.sig_offset. + * 3) The signature data for (VBFirmwarePreambleHeader + body signature + * data), pointed to by preamble_signature.sig_offset. */ + +#endif /* VBOOT_REFERENCE_VBOOT_STRUCT_H_ */ |