diff options
Diffstat (limited to 'firmware')
| -rw-r--r-- | firmware/README | 4 | ||||
| -rw-r--r-- | firmware/bdb/LICENSE | 27 | ||||
| -rw-r--r-- | firmware/bdb/README | 30 | ||||
| -rw-r--r-- | firmware/bdb/bdb.c | 450 | ||||
| -rw-r--r-- | firmware/bdb/bdb.h | 232 | ||||
| -rw-r--r-- | firmware/bdb/bdb_api.h | 194 | ||||
| -rw-r--r-- | firmware/bdb/bdb_flag.h | 15 | ||||
| -rw-r--r-- | firmware/bdb/bdb_struct.h | 268 | ||||
| -rw-r--r-- | firmware/bdb/dump_rsa.c | 200 | ||||
| -rw-r--r-- | firmware/bdb/ecdsa.c | 17 | ||||
| -rw-r--r-- | firmware/bdb/host.c | 419 | ||||
| -rw-r--r-- | firmware/bdb/host.h | 191 | ||||
| -rw-r--r-- | firmware/bdb/misc.c | 124 | ||||
| -rw-r--r-- | firmware/bdb/nvm.c | 346 | ||||
| -rw-r--r-- | firmware/bdb/nvm.h | 139 | ||||
| -rw-r--r-- | firmware/bdb/rsa.c | 337 | ||||
| -rw-r--r-- | firmware/bdb/secrets.c | 330 | ||||
| -rw-r--r-- | firmware/bdb/secrets.h | 35 | ||||
| -rw-r--r-- | firmware/bdb/sha.c | 20 | ||||
| -rw-r--r-- | firmware/bdb/stub.c | 51 | ||||
| -rw-r--r-- | firmware/bdb/vboot_register.h | 22 |
21 files changed, 0 insertions, 3451 deletions
diff --git a/firmware/README b/firmware/README index 3d174f7b..754edf1b 100644 --- a/firmware/README +++ b/firmware/README @@ -1,10 +1,6 @@ Here's what's what in the firmware/ directory. -bdb/ - - Code for managing Boot Descriptor Blocks (BDB). - include/ lib/ diff --git a/firmware/bdb/LICENSE b/firmware/bdb/LICENSE deleted file mode 100644 index d2514965..00000000 --- a/firmware/bdb/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (c) 2010 The Chromium OS Authors. All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following disclaimer -// in the documentation and/or other materials provided with the -// distribution. -// * Neither the name of Google Inc. nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/firmware/bdb/README b/firmware/bdb/README deleted file mode 100644 index 82fb715b..00000000 --- a/firmware/bdb/README +++ /dev/null @@ -1,30 +0,0 @@ -Boot Descriptor Block (BDB) library and utilities - -Building: ---------- -The host-side library and utilities requires OpenSSL. - -Do 'make runtests' to ensure everything is working. - -Generating a BDB: ------------------ -Edit the options in bdb_create.c. Then 'make bdb'. - -In the next release, this will take a config file rather than -requiring recompilation each time. Also, the BDB header and data will -be signed in two separate steps, so that the private BDB key is not -required each time. - -Revision History: ------------------ -v0.1.2 24-Nov-2015 Add support for RSA-3072B keys and signatures. - Add dump_rsa utility and 'make testkeys' to create - new keys. - Use a RSA-3072B (exponent 3) key for the subkey so - the exponent 3 code gets tested. - -v0.1.1 17-Nov-2015 Add support for ECDSA-521 data types. Note that - only the data types are supported; there is not a - C implementation for ECDSA. - -v0.1.0 15-Sep-2015 Initial version. diff --git a/firmware/bdb/bdb.c b/firmware/bdb/bdb.c deleted file mode 100644 index 30d10586..00000000 --- a/firmware/bdb/bdb.c +++ /dev/null @@ -1,450 +0,0 @@ -/* Copyright 2015 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Boot descriptor block firmware functions - */ - -#include "2sysincludes.h" -#include "2common.h" -#include "2sha.h" -#include "bdb.h" - -/*****************************************************************************/ - -/** - * Check if string contains a null terminator. - * - * Bytes after the null terminator do not need to be null. - * - * @param s String to check - * @param size Size of string buffer in characters - * @return 1 if string has a null terminator, 0 if not - */ -static int string_has_null(const char *s, size_t size) -{ - for (; size; size--) { - if (*s++ == 0) - return 1; - } - return 0; -} - -int bdb_check_header(const struct bdb_header *p, size_t size) -{ - if (size < sizeof(*p) || size < p->struct_size) - return BDB_ERROR_BUF_SIZE; - - if (p->struct_magic != BDB_HEADER_MAGIC) - return BDB_ERROR_STRUCT_MAGIC; - - if (p->struct_major_version != BDB_HEADER_VERSION_MAJOR) - return BDB_ERROR_STRUCT_VERSION; - - /* Note that minor version doesn't matter yet */ - - if (p->struct_size < sizeof(*p)) - return BDB_ERROR_STRUCT_SIZE; - - if (p->oem_area_0_size & 3) - return BDB_ERROR_OEM_AREA_SIZE; /* Not 32-bit aligned */ - - /* - * Make sure the BDB is at least big enough for us. At this point, all - * the caller may have loaded is this header We'll check if there's - * space for everything else after we load it. - */ - if (p->bdb_size < sizeof(*p)) - return BDB_ERROR_BDB_SIZE; - - /* - * The rest of the fields don't matter yet; we'll check them when we - * check the BDB itself. - */ - return BDB_SUCCESS; -} - -int bdb_check_key(const struct bdb_key *p, size_t size) -{ - size_t expect_key_size = 0; - - if (size < sizeof(*p) || size < p->struct_size) - return BDB_ERROR_BUF_SIZE; - - if (p->struct_magic != BDB_KEY_MAGIC) - return BDB_ERROR_STRUCT_MAGIC; - - if (p->struct_major_version != BDB_KEY_VERSION_MAJOR) - return BDB_ERROR_STRUCT_VERSION; - - /* Note that minor version doesn't matter yet */ - - if (!string_has_null(p->description, sizeof(p->description))) - return BDB_ERROR_DESCRIPTION; - - /* We currently only support SHA-256 */ - if (p->hash_alg != BDB_HASH_ALG_SHA256) - return BDB_ERROR_HASH_ALG; - - /* Make sure signature algorithm and size are correct */ - switch (p->sig_alg) { - case BDB_SIG_ALG_RSA4096: - expect_key_size = BDB_RSA4096_KEY_DATA_SIZE; - break; - case BDB_SIG_ALG_ECSDSA521: - expect_key_size = BDB_ECDSA521_KEY_DATA_SIZE; - break; - case BDB_SIG_ALG_RSA3072B: - expect_key_size = BDB_RSA3072B_KEY_DATA_SIZE; - break; - default: - return BDB_ERROR_SIG_ALG; - } - - if (p->struct_size < sizeof(*p) + expect_key_size) - return BDB_ERROR_STRUCT_SIZE; - - return BDB_SUCCESS; -} - -int bdb_check_sig(const struct bdb_sig *p, size_t size) -{ - size_t expect_sig_size = 0; - - if (size < sizeof(*p) || size < p->struct_size) - return BDB_ERROR_BUF_SIZE; - - if (p->struct_magic != BDB_SIG_MAGIC) - return BDB_ERROR_STRUCT_MAGIC; - - if (p->struct_major_version != BDB_SIG_VERSION_MAJOR) - return BDB_ERROR_STRUCT_VERSION; - - /* Note that minor version doesn't matter yet */ - - if (!string_has_null(p->description, sizeof(p->description))) - return BDB_ERROR_DESCRIPTION; - - /* We currently only support SHA-256 */ - if (p->hash_alg != BDB_HASH_ALG_SHA256) - return BDB_ERROR_HASH_ALG; - - /* Make sure signature algorithm and size are correct */ - switch (p->sig_alg) { - case BDB_SIG_ALG_RSA4096: - expect_sig_size = BDB_RSA4096_SIG_SIZE; - break; - case BDB_SIG_ALG_ECSDSA521: - expect_sig_size = BDB_ECDSA521_SIG_SIZE; - break; - case BDB_SIG_ALG_RSA3072B: - expect_sig_size = BDB_RSA3072B_SIG_SIZE; - break; - default: - return BDB_ERROR_SIG_ALG; - } - - if (p->struct_size < sizeof(*p) + expect_sig_size) - return BDB_ERROR_STRUCT_SIZE; - - return BDB_SUCCESS; -} - -int bdb_check_data(const struct bdb_data *p, size_t size) -{ - size_t need_size; - - if (size < sizeof(*p) || size < p->signed_size) - return BDB_ERROR_BUF_SIZE; - - if (p->struct_magic != BDB_DATA_MAGIC) - return BDB_ERROR_STRUCT_MAGIC; - - if (p->struct_major_version != BDB_DATA_VERSION_MAJOR) - return BDB_ERROR_STRUCT_VERSION; - - /* Note that minor version doesn't matter yet */ - - if (!string_has_null(p->description, sizeof(p->description))) - return BDB_ERROR_DESCRIPTION; - - if (p->struct_size < sizeof(*p)) - return BDB_ERROR_STRUCT_SIZE; - - if (p->hash_entry_size < sizeof(struct bdb_hash)) - return BDB_ERROR_HASH_ENTRY_SIZE; - - /* Calculate expected size */ - need_size = p->struct_size + p->num_hashes * p->hash_entry_size; - - /* Make sure OEM area size doesn't cause wraparound */ - if (need_size + p->oem_area_1_size < need_size) - return BDB_ERROR_OEM_AREA_SIZE; - if (p->oem_area_1_size & 3) - return BDB_ERROR_OEM_AREA_SIZE; /* Not 32-bit aligned */ - need_size += p->oem_area_1_size; - - if (p->signed_size < need_size) - return BDB_ERROR_SIGNED_SIZE; - - return BDB_SUCCESS; -} - -/*****************************************************************************/ - -const struct bdb_header *bdb_get_header(const void *buf) -{ - return buf; -} - -uint32_t bdb_size_of(const void *buf) -{ - return bdb_get_header(buf)->bdb_size; -} - -const struct bdb_key *bdb_get_bdbkey(const void *buf) -{ - const struct bdb_header *h = bdb_get_header(buf); - const uint8_t *b8 = buf; - - /* BDB key follows header */ - return (const struct bdb_key *)(b8 + h->struct_size); -} - -const void *bdb_get_oem_area_0(const void *buf) -{ - const struct bdb_key *k = bdb_get_bdbkey(buf); - const uint8_t *b8 = (const uint8_t *)k; - - /* OEM area 0 follows BDB key */ - return b8 + k->struct_size; -} - -const struct bdb_key *bdb_get_datakey(const void *buf) -{ - const struct bdb_header *h = bdb_get_header(buf); - const uint8_t *b8 = bdb_get_oem_area_0(buf); - - /* datakey follows OEM area 0 */ - return (const struct bdb_key *)(b8 + h->oem_area_0_size); -} - -ptrdiff_t bdb_offset_of_datakey(const void *buf) -{ - return vb2_offset_of(buf, bdb_get_datakey(buf)); -} - -const struct bdb_sig *bdb_get_header_sig(const void *buf) -{ - const struct bdb_header *h = bdb_get_header(buf); - const uint8_t *b8 = bdb_get_oem_area_0(buf); - - /* Header signature starts after signed data */ - return (const struct bdb_sig *)(b8 + h->signed_size); -} - -ptrdiff_t bdb_offset_of_header_sig(const void *buf) -{ - return vb2_offset_of(buf, bdb_get_header_sig(buf)); -} - -const struct bdb_data *bdb_get_data(const void *buf) -{ - const struct bdb_sig *s = bdb_get_header_sig(buf); - const uint8_t *b8 = (const uint8_t *)s; - - /* Data follows header signature */ - return (const struct bdb_data *)(b8 + s->struct_size); -} - -ptrdiff_t bdb_offset_of_data(const void *buf) -{ - return vb2_offset_of(buf, bdb_get_data(buf)); -} - -const void *bdb_get_oem_area_1(const void *buf) -{ - const struct bdb_data *p = bdb_get_data(buf); - const uint8_t *b8 = (const uint8_t *)p; - - /* OEM area 1 follows BDB data */ - return b8 + p->struct_size; -} - -static const void *bdb_get_hash(const void *buf) -{ - const struct bdb_data *data = bdb_get_data(buf); - const uint8_t *b8 = bdb_get_oem_area_1(buf); - - /* Hashes follow OEM area 0 */ - return b8 + data->oem_area_1_size; -} - -const struct bdb_hash *bdb_get_hash_by_type(const void *buf, - enum bdb_data_type type) -{ - const struct bdb_data *data = bdb_get_data(buf); - const uint8_t *b8 = bdb_get_hash(buf); - int i; - - /* Search for a matching hash */ - for (i = 0; i < data->num_hashes; i++, b8 += data->hash_entry_size) { - const struct bdb_hash *h = (const struct bdb_hash *)b8; - - if (h->type == type) - return h; - } - - return NULL; -} - -const struct bdb_hash *bdb_get_hash_by_index(const void *buf, int index) -{ - const struct bdb_data *data = bdb_get_data(buf); - const uint8_t *p = bdb_get_hash(buf); - const struct bdb_hash *h = NULL; - int i; - - /* Search for a matching hash */ - for (i = 0; i < data->num_hashes; i++, p += data->hash_entry_size) { - if (i == index) { - h = (const struct bdb_hash *)p; - break; - } - } - - return h; -} - -const struct bdb_sig *bdb_get_data_sig(const void *buf) -{ - const struct bdb_data *data = bdb_get_data(buf); - const uint8_t *b8 = (const uint8_t *)data; - - /* Data signature starts after signed data */ - return (const struct bdb_sig *)(b8 + data->signed_size); -} - -/*****************************************************************************/ - -static int bdb_verify_sig(const struct bdb_key *key, - const struct bdb_sig *sig, - const uint8_t *digest) -{ - /* Key and signature algorithms must match */ - if (key->sig_alg != sig->sig_alg) - return BDB_ERROR_SIG_ALG; - - switch (key->sig_alg) { - case BDB_SIG_ALG_RSA4096: - if (bdb_rsa4096_verify(key->key_data, sig->sig_data, digest)) - return BDB_ERROR_VERIFY_SIG; - break; - case BDB_SIG_ALG_ECSDSA521: - if (bdb_ecdsa521_verify(key->key_data, sig->sig_data, digest)) - return BDB_ERROR_VERIFY_SIG; - break; - case BDB_SIG_ALG_RSA3072B: - if (bdb_rsa3072b_verify(key->key_data, sig->sig_data, digest)) - return BDB_ERROR_VERIFY_SIG; - break; - default: - return BDB_ERROR_VERIFY_SIG; - } - - return BDB_SUCCESS; -} - -int bdb_verify(const void *buf, size_t size, const uint8_t *bdb_key_digest) -{ - const uint8_t *end = (const uint8_t *)buf + size; - const struct bdb_header *h; - const struct bdb_key *bdbkey, *datakey; - const struct bdb_sig *sig; - const struct bdb_data *data; - const void *oem; - uint8_t digest[BDB_SHA256_DIGEST_SIZE]; - int bdb_digest_mismatch = -1; - - /* Make sure buffer doesn't wrap around address space */ - if (end < (const uint8_t *)buf) - return BDB_ERROR_BUF_SIZE; - - /* - * Check header now that we've actually loaded it. We can't guarantee - * this is the same header which was checked before. - */ - h = bdb_get_header(buf); - if (bdb_check_header(h, size)) - return BDB_ERROR_HEADER; - - /* Sanity-check BDB key */ - bdbkey = bdb_get_bdbkey(buf); - if (bdb_check_key(bdbkey, end - (const uint8_t *)bdbkey)) - return BDB_ERROR_BDBKEY; - - /* Calculate BDB key digest and compare with expected */ - if (vb2_digest_buffer((uint8_t *)bdbkey, bdbkey->struct_size, - VB2_HASH_SHA256, digest, BDB_SHA256_DIGEST_SIZE)) - return BDB_ERROR_DIGEST; - - if (bdb_key_digest) - bdb_digest_mismatch = memcmp(digest, - bdb_key_digest, sizeof(digest)); - - /* Make sure OEM area 0 fits */ - oem = bdb_get_oem_area_0(buf); - if (h->oem_area_0_size > end - (const uint8_t *)oem) - return BDB_ERROR_OEM_AREA_0; - - /* Sanity-check datakey */ - datakey = bdb_get_datakey(buf); - if (bdb_check_key(datakey, end - (const uint8_t *)datakey)) - return BDB_ERROR_DATAKEY; - - /* Make sure enough data was signed, and the signed data fits */ - if (h->oem_area_0_size + datakey->struct_size > h->signed_size || - h->signed_size > end - (const uint8_t *)oem) - return BDB_ERROR_BDB_SIGNED_SIZE; - - /* Sanity-check header signature */ - sig = bdb_get_header_sig(buf); - if (bdb_check_sig(sig, end - (const uint8_t *)sig)) - return BDB_ERROR_HEADER_SIG; - - /* Make sure it signed the right amount of data */ - if (sig->signed_size != h->signed_size) - return BDB_ERROR_HEADER_SIG; - - /* Calculate header digest and compare with expected signature */ - if (vb2_digest_buffer((uint8_t *)oem, h->signed_size, - VB2_HASH_SHA256, digest, BDB_SHA256_DIGEST_SIZE)) - return BDB_ERROR_DIGEST; - if (bdb_verify_sig(bdbkey, sig, digest)) - return BDB_ERROR_HEADER_SIG; - - /* - * Sanity-check data struct. This also checks that OEM area 1 and the - * hashes fit in the remaining buffer. - */ - data = bdb_get_data(buf); - if (bdb_check_data(data, end - (const uint8_t *)data)) - return BDB_ERROR_DATA; - - /* Sanity-check data signature */ - sig = bdb_get_data_sig(buf); - if (bdb_check_sig(sig, end - (const uint8_t *)sig)) - return BDB_ERROR_DATA_CHECK_SIG; - if (sig->signed_size != data->signed_size) - return BDB_ERROR_DATA_SIGNED_SIZE; - - /* Calculate data digest and compare with expected signature */ - if (vb2_digest_buffer((uint8_t *)data, data->signed_size, - VB2_HASH_SHA256, digest, BDB_SHA256_DIGEST_SIZE)) - return BDB_ERROR_DIGEST; - if (bdb_verify_sig(datakey, sig, digest)) - return BDB_ERROR_DATA_SIG; - - /* Return success or success-other-than-BDB-key-mismatch */ - return bdb_digest_mismatch ? BDB_GOOD_OTHER_THAN_KEY : BDB_SUCCESS; -} diff --git a/firmware/bdb/bdb.h b/firmware/bdb/bdb.h deleted file mode 100644 index 9e13696c..00000000 --- a/firmware/bdb/bdb.h +++ /dev/null @@ -1,232 +0,0 @@ -/* Copyright 2015 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Boot descriptor block firmware functions - */ - -#ifndef VBOOT_REFERENCE_BDB_H_ -#define VBOOT_REFERENCE_BDB_H_ - -#include <stdlib.h> -#include <stddef.h> - -#include "bdb_struct.h" - -/*****************************************************************************/ -/* -Expected calling sequence: - -Load and check just the header -bdb_check_header(buf, size); - -Load and verify the entire BDB -bdb_verify(buf, size, bdb_key_hash, dev_mode_flag); - -Check RW datakey version. If normal boot from primary BDB, roll forward - -Check data version. If normal boot from primary BDB, roll forward -*/ - -/*****************************************************************************/ -/* Codes for functions returning numeric error codes */ - -enum bdb_return_code { - /* Success */ - BDB_SUCCESS = 0, - - /* BDB key did not match hash, but other than that the BDB was - * fully verified. */ - BDB_GOOD_OTHER_THAN_KEY = 1, - - /* Function is not implemented, thus supposed to be not called */ - BDB_ERROR_NOT_IMPLEMENTED, - - /* Other errors */ - BDB_ERROR_UNKNOWN = 100, - - /* Buffer size too small or wraps around */ - BDB_ERROR_BUF_SIZE, - - /* Bad fields in structures */ - BDB_ERROR_STRUCT_MAGIC, - BDB_ERROR_STRUCT_VERSION, - BDB_ERROR_STRUCT_SIZE, - BDB_ERROR_SIGNED_SIZE, - BDB_ERROR_BDB_SIZE, - BDB_ERROR_OEM_AREA_SIZE, - BDB_ERROR_HASH_ENTRY_SIZE, - BDB_ERROR_HASH_ALG, - BDB_ERROR_SIG_ALG, - BDB_ERROR_DESCRIPTION, - - /* Bad components of BDB in bdb_verify() */ - BDB_ERROR_HEADER, - BDB_ERROR_BDBKEY, - BDB_ERROR_OEM_AREA_0, - BDB_ERROR_DATAKEY, - BDB_ERROR_BDB_SIGNED_SIZE, - BDB_ERROR_HEADER_SIG, - BDB_ERROR_DATA, - BDB_ERROR_DATA_SIG, - BDB_ERROR_DATA_CHECK_SIG, - BDB_ERROR_DATA_SIGNED_SIZE, - - /* Other errors in bdb_verify() */ - BDB_ERROR_DIGEST, /* Error calculating digest */ - BDB_ERROR_VERIFY_SIG, /* Error verifying signature */ - - /* Errors in vba_bdb_init */ - BDB_ERROR_TRY_OTHER_SLOT, - BDB_ERROR_RECOVERY_REQUEST, - - BDB_ERROR_NVM_INIT, - BDB_ERROR_NVM_WRITE, - BDB_ERROR_NVM_RW_HMAC, - BDB_ERROR_NVM_RW_INVALID_HMAC, - BDB_ERROR_NVM_INVALID_PARAMETER, - BDB_ERROR_NVM_INVALID_SECRET, - BDB_ERROR_NVM_RW_MAGIC, - BDB_ERROR_NVM_STRUCT_SIZE, - BDB_ERROR_NVM_WRITE_VERIFY, - BDB_ERROR_NVM_STRUCT_VERSION, - BDB_ERROR_NVM_VBE_READ, - BDB_ERROR_NVM_RW_BUFFER_SMALL, - BDB_ERROR_DECRYPT_BUC, - BDB_ERROR_ENCRYPT_BUC, - BDB_ERROR_WRITE_BUC, - - BDB_ERROR_SECRET_TYPE, - BDB_ERROR_SECRET_BUC, - BDB_ERROR_SECRET_BOOT_VERIFIED, - BDB_ERROR_SECRET_BOOT_PATH, - BDB_ERROR_SECRET_BDB, -}; - -/*****************************************************************************/ -/* Functions */ - -/** - * Sanity-check BDB structures. - * - * This checks for known version numbers, magic numbers, algorithms, etc. and - * ensures the sizes are consistent with those parameters. - * - * @param p Pointer to structure to check - * @param size Size of structure buffer - * @return 0 if success, non-zero error code if error. - */ -int bdb_check_header(const struct bdb_header *p, size_t size); -int bdb_check_key(const struct bdb_key *p, size_t size); -int bdb_check_sig(const struct bdb_sig *p, size_t size); -int bdb_check_data(const struct bdb_data *p, size_t size); - -/** - * Verify the entire BDB - * - * @param buf Data to hash - * @param size Size of data in bytes - * @param bdb_key_digest Pointer to expected digest for BDB key. - * Must be BDB_SHA256_DIGEST_SIZE bytes long. - * If it's NULL, digest match will be skipped - * (and it'll be treated as 'mismatch'). - * - * @return 0 if success, non-zero error code if error. Note that error code - * BDB_GOOD_OTHER_THAN_KEY may still indicate an acceptable BDB if the Boot - * Verified fuse has not been set, or in developer mode. - */ -int bdb_verify(const void *buf, size_t size, const uint8_t *bdb_key_digest); - -/** - * Functions to extract things from a verified BDB buffer. - * - * Do not call these externally until after bdb_verify()! These methods - * assume data structures have already been verified. - * - * @param buf Pointer to BDB buffer - * @param type Data type, for bdb_get_hash() - * @return A pointer to the requested data, or NULL if error / not present. - */ -const struct bdb_header *bdb_get_header(const void *buf); -const struct bdb_key *bdb_get_bdbkey(const void *buf); -const void *bdb_get_oem_area_0(const void *buf); -const struct bdb_key *bdb_get_datakey(const void *buf); -const struct bdb_sig *bdb_get_header_sig(const void *buf); -const struct bdb_data *bdb_get_data(const void *buf); -const void *bdb_get_oem_area_1(const void *buf); -const struct bdb_hash *bdb_get_hash_by_type(const void *buf, - enum bdb_data_type type); -const struct bdb_hash *bdb_get_hash_by_index(const void *buf, int index); -const struct bdb_sig *bdb_get_data_sig(const void *buf); - -/** - * Functions to calculate size of BDB components - * - * @param buf Pointer to BDB buffer - * @return Size of the component - */ -uint32_t bdb_size_of(const void *buf); - -/** - * Functions to calculate offset of BDB components - * - * @param buf Pointer to BDB buffer - * @return Offset of the component - */ -ptrdiff_t bdb_offset_of_datakey(const void *buf); -ptrdiff_t bdb_offset_of_header_sig(const void *buf); -ptrdiff_t bdb_offset_of_data(const void *buf); - -/*****************************************************************************/ -/* Functions probably provided by the caller */ - -/** - * Calculate a SHA-256 digest of a buffer. - * - * @param digest Pointer to the digest buffer. Must be - * BDB_SHA256_DIGEST_SIZE bytes long. - * @param buf Data to hash - * @param size Size of data in bytes - * @return 0 if success, non-zero error code if error. - */ -int bdb_sha256(void *digest, const void *buf, size_t size); - -/** - * Verify a RSA-4096 signed digest - * - * @param key_data Key data to use (BDB_RSA4096_KEY_DATA_SIZE bytes) - * @param sig_data Signature to verify (BDB_RSA4096_SIG_SIZE bytes) - * @param digest Digest of signed data (BDB_SHA256_DIGEST bytes) - * @return 0 if success, non-zero error code if error. - */ -int bdb_rsa4096_verify(const uint8_t *key_data, - const uint8_t *sig, - const uint8_t *digest); - -/** - * Verify a RSA-3072B signed digest - * - * @param key_data Key data to use (BDB_RSA3072B_KEY_DATA_SIZE bytes) - * @param sig_data Signature to verify (BDB_RSA3072B_SIG_SIZE bytes) - * @param digest Digest of signed data (BDB_SHA256_DIGEST bytes) - * @return 0 if success, non-zero error code if error. - */ -int bdb_rsa3072b_verify(const uint8_t *key_data, - const uint8_t *sig, - const uint8_t *digest); - -/** - * Verify a ECDSA-521 signed digest - * - * @param key_data Key data to use (BDB_ECDSA521_KEY_DATA_SIZE bytes) - * @param sig_data Signature to verify (BDB_ECDSA521_SIG_SIZE bytes) - * @param digest Digest of signed data (BDB_SHA256_DIGEST bytes) - * @return 0 if success, non-zero error code if error. - */ -int bdb_ecdsa521_verify(const uint8_t *key_data, - const uint8_t *sig, - const uint8_t *digest); - -/*****************************************************************************/ - -#endif /* VBOOT_REFERENCE_BDB_H_ */ diff --git a/firmware/bdb/bdb_api.h b/firmware/bdb/bdb_api.h deleted file mode 100644 index c0e850f9..00000000 --- a/firmware/bdb/bdb_api.h +++ /dev/null @@ -1,194 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#ifndef VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H -#define VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H - -#include <stdint.h> -#include "vboot_register.h" -#include "nvm.h" -#include "secrets.h" -#include "bdb_flag.h" - -struct vba_context { - /* Indicate which slot is being tried: 0 - primary, 1 - secondary */ - uint8_t slot; - - /* Defined by VBA_CONTEXT_FLAG_* in bdb_flag.h */ - uint32_t flags; - - /* BDB */ - uint8_t *bdb; - - /* Secrets */ - struct bdb_secrets *secrets; - - /* NVM-RW buffer */ - struct nvmrw nvmrw; -}; - -/** - * Initialize vboot process - * - * @param ctx - * @return enum bdb_return_code - */ -int vba_bdb_init(struct vba_context *ctx); - -/** - * Finalize vboot process - * - * @param ctx - * @return enum bdb_return_code - */ -int vba_bdb_finalize(struct vba_context *ctx); - -/** - * Log failed boot attempt and reset the chip - * - * @param ctx - */ -void vba_bdb_fail(struct vba_context *ctx); - -/** - * Update kernel and its data key version in NVM - * - * This is the function called from SP-RW, which receives a kernel version - * from an AP-RW after successful verification of a kernel. - * - * It checks whether the version in NVM-RW is older than the reported version - * or not. If so, it updates the version in NVM-RW. - * - * @param ctx - * @param kernel_data_key_version - * @param kernel_version - * @return BDB_SUCCESS or BDB_ERROR_* - */ -int vba_update_kernel_version(struct vba_context *ctx, - uint32_t kernel_data_key_version, - uint32_t kernel_version); - -/** - * Write new boot unlock code to NVM-RW - * - * @param ctx - * @param new_buc New BUC to be written - * @return BDB_SUCCESS or BDB_ERROR_* - */ -int vba_update_buc(struct vba_context *ctx, uint8_t *new_buc); - -/** - * Derive a secret - * - * This derives a new secret from a secret passed from SP-RO. - * - * @param ctx - * @param type Type of secret to derive - * @param buf Buffer containing data to derive secret from - * @param buf_size Size of <buf> - * @return BDB_SUCCESS or BDB_ERROR_* - */ -int vba_derive_secret(struct vba_context *ctx, enum bdb_secret_type type, - uint8_t *wsr, const uint8_t *buf, uint32_t buf_size); - -/** - * Clear a secret - * - * @param ctx - * @param type Type of secret to clear - * @return BDB_SUCCESS or BDB_ERROR_* - */ -int vba_clear_secret(struct vba_context *ctx, enum bdb_secret_type type); - -/** - * Extend secrets for SP-RO - * - * @param ctx struct vba_context - * @param bdb BDB - * @param wsr Pointer to working secret register contents - * @param extend Function to be called for extending a secret - * @return BDB_SUCCESS or BDB_ERROR_* - */ -typedef void (*f_extend)(const uint8_t *from, const uint8_t *by, uint8_t *to); -int vba_extend_secrets_ro(struct vba_context *ctx, const uint8_t *bdb, - uint8_t *wsr, f_extend extend); - -/** - * Get vboot register value - * - * Implemented by each chip - * - * @param type Type of register to get - * @return Register value - */ -uint32_t vbe_get_vboot_register(enum vboot_register type); - -/** - * Set vboot register value - * - * Implemented by each chip - * - * @param type Type of register to set - * @param val Value to set - */ -void vbe_set_vboot_register(enum vboot_register type, uint32_t val); - -/** - * Reset the SoC - * - * Implemented by each chip. This is different from reboot (a.k.a. board reset, - * cold reset). - */ -void vbe_reset(void); - -/** - * Read contents from Non-Volatile Memory - * - * Implemented by each chip. - * - * @param type Type of NVM - * @param buf Buffer where the data will be read to - * @param size Size of data to read - * @return Zero if success or non-zero otherwise - */ -int vbe_read_nvm(enum nvm_type type, uint8_t *buf, uint32_t size); - -/** - * Write contents to Non-Volatile Memory - * - * Implemented by each chip. - * - * @param type Type of NVM - * @param buf Buffer where the data will be written from - * @param size Size of data to write - * @return Zero if success or non-zero otherwise - */ -int vbe_write_nvm(enum nvm_type type, void *buf, uint32_t size); - -/** - * Encrypt data by AES-256 - * - * @param msg Message to be encrypted - * @param len Length of <msg> in bytes - * @param key Key used for encryption - * @param out Buffer where encrypted message is stored - * @return BDB_SUCCESS or BDB_ERROR_* - */ -int vbe_aes256_encrypt(const uint8_t *msg, uint32_t len, const uint8_t *key, - uint8_t *out); - -/** - * Decrypt data by AES-256 - * - * @param msg Message to be decrypted - * @param len Length of <msg> in bytes - * @param key Key used for decryption - * @param out Buffer where decrypted message is stored - * @return BDB_SUCCESS or BDB_ERROR_* - */ -int vbe_aes256_decrypt(const uint8_t *msg, uint32_t len, const uint8_t *key, - uint8_t *out); - -#endif diff --git a/firmware/bdb/bdb_flag.h b/firmware/bdb/bdb_flag.h deleted file mode 100644 index a7bd8574..00000000 --- a/firmware/bdb/bdb_flag.h +++ /dev/null @@ -1,15 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#ifndef VBOOT_REFERENCE_FIRMWARE_BDB_BDB_FLAG_H -#define VBOOT_REFERENCE_FIRMWARE_BDB_BDB_FLAG_H - -/* Indicate whether BDB key is verified */ -#define VBA_CONTEXT_FLAG_BDB_KEY_EFUSED (1 << 0) - -/* Indicate whether kernel data key is verified */ -#define VBA_CONTEXT_FLAG_KERNEL_DATA_KEY_VERIFIED (1 << 1) - -#endif diff --git a/firmware/bdb/bdb_struct.h b/firmware/bdb/bdb_struct.h deleted file mode 100644 index b9b4b852..00000000 --- a/firmware/bdb/bdb_struct.h +++ /dev/null @@ -1,268 +0,0 @@ -/* Copyright (c) 2015 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Boot descriptor block structures - */ - -#ifndef VBOOT_REFERENCE_BDB_STRUCT_H_ -#define VBOOT_REFERENCE_BDB_STRUCT_H_ - -#include <stdint.h> - -/* Size of SHA256 digest in bytes */ -#define BDB_SHA256_DIGEST_SIZE 32 - -/* Size of RSA4096 key data in bytes */ -#define BDB_RSA4096_KEY_DATA_SIZE 1032 - -/* Size of RSA4096 signature in bytes */ -#define BDB_RSA4096_SIG_SIZE 512 - -/* Size of ECDSA521 key data in bytes = ceil(521/8) * 2 */ -#define BDB_ECDSA521_KEY_DATA_SIZE 132 - -/* Size of ECDSA521 signature in bytes = ceil(521/8) * 2 */ -#define BDB_ECDSA521_SIG_SIZE 132 - -/* Size of RSA3072B key data in bytes */ -#define BDB_RSA3072B_KEY_DATA_SIZE 776 - -/* Size of RSA3072B signature in bytes */ -#define BDB_RSA3072B_SIG_SIZE 384 - -/*****************************************************************************/ -/* Header for BDB */ - -/* Magic number for bdb_header.struct_magic */ -#define BDB_HEADER_MAGIC 0x30426442 - -/* Current version of bdb_header struct */ -#define BDB_HEADER_VERSION_MAJOR 1 -#define BDB_HEADER_VERSION_MINOR 0 - -/* Expected size of bdb_header struct in bytes */ -#define BDB_HEADER_EXPECTED_SIZE 32 - -struct bdb_header { - /* Magic number to identify struct = BDB_HEADER_MAGIC. */ - uint32_t struct_magic; - - /* Structure version = BDB_HEADER_VERSION{MAJOR,MINOR} */ - uint8_t struct_major_version; - uint8_t struct_minor_version; - - /* Size of structure in bytes */ - uint16_t struct_size; - - /* Recommended address in SP SRAM to load BDB. Set to -1 to use - * default address. */ - uint64_t bdb_load_address; - - /* Size of the entire BDB in bytes */ - uint32_t bdb_size; - - /* Number of bytes following the BDB key which are signed by the BDB - * header signature. */ - uint32_t signed_size; - - /* Size of OEM area 0 in bytes, or 0 if not present */ - uint32_t oem_area_0_size; - - /* Reserved; set 0 */ - uint8_t reserved0[8]; -} __attribute__((packed)); - -/*****************************************************************************/ -/* Public key structure for BDB */ - -/* Magic number for bdb_key.struct_magic */ -#define BDB_KEY_MAGIC 0x73334256 - -/* Current version of bdb_key struct */ -#define BDB_KEY_VERSION_MAJOR 1 -#define BDB_KEY_VERSION_MINOR 0 - -/* Supported hash algorithms */ -enum bdb_hash_alg { - BDB_HASH_ALG_INVALID = 0, /* Not used; invalid */ - BDB_HASH_ALG_SHA256 = 2, /* SHA-256 */ -}; - -/* Supported signature algorithms */ -enum bdb_sig_alg { - BDB_SIG_ALG_INVALID = 0, /* Not used; invalid */ - BDB_SIG_ALG_RSA4096 = 3, /* RSA-4096, exponent 65537 */ - BDB_SIG_ALG_ECSDSA521 = 5, /* ECDSA-521 */ - BDB_SIG_ALG_RSA3072B = 7, /* RSA_3072, exponent 3 */ -}; - -/* - * Expected size of bdb_key struct in bytes, not counting variable-length key - * data at end. - */ -#define BDB_KEY_EXPECTED_SIZE 80 - -struct bdb_key { - /* Magic number to identify struct = BDB_KEY_MAGIC. */ - uint32_t struct_magic; - - /* Structure version = BDB_KEY_VERSION{MAJOR,MINOR} */ - uint8_t struct_major_version; - uint8_t struct_minor_version; - - /* Size of structure in bytes, including variable-length key data */ - uint16_t struct_size; - - /* Hash algorithm (enum bdb_hash_alg) */ - uint8_t hash_alg; - - /* Signature algorithm (enum bdb_sig_alg) */ - uint8_t sig_alg; - - /* Reserved; set 0 */ - uint8_t reserved0[2]; - - /* Key version */ - uint32_t key_version; - - /* Description; null-terminated ASCII */ - char description[128]; - - /* - * Key data. Variable-length; size is struct_size - - * offset_of(bdb_key, key_data). - */ - uint8_t key_data[0]; -} __attribute__((packed)); - -/*****************************************************************************/ -/* Signature structure for BDB */ - -/* Magic number for bdb_sig.struct_magic */ -#define BDB_SIG_MAGIC 0x6b334256 - -/* Current version of bdb_sig struct */ -#define BDB_SIG_VERSION_MAJOR 1 -#define BDB_SIG_VERSION_MINOR 0 - -struct bdb_sig { - /* Magic number to identify struct = BDB_SIG_MAGIC. */ - uint32_t struct_magic; - - /* Structure version = BDB_SIG_VERSION{MAJOR,MINOR} */ - uint8_t struct_major_version; - uint8_t struct_minor_version; - - /* Size of structure in bytes, including variable-length signature - * data. */ - uint16_t struct_size; - - /* Hash algorithm used for this signature (enum bdb_hash_alg) */ - uint8_t hash_alg; - - /* Signature algorithm (enum bdb_sig_alg) */ - uint8_t sig_alg; - - /* Reserved; set 0 */ - uint8_t reserved0[2]; - - /* Number of bytes of data signed by this signature */ - uint32_t signed_size; - - /* Description; null-terminated ASCII */ - char description[128]; - - /* Signature data. Variable-length; size is struct_size - - * offset_of(bdb_sig, sig_data). */ - uint8_t sig_data[0]; -} __attribute__((packed)); - -/*****************************************************************************/ -/* Data structure for BDB */ - -/* Magic number for bdb_data.struct_magic */ -#define BDB_DATA_MAGIC 0x31426442 - -/* Current version of bdb_sig struct */ -#define BDB_DATA_VERSION_MAJOR 1 -#define BDB_DATA_VERSION_MINOR 0 - -struct bdb_data { - /* Magic number to identify struct = BDB_DATA_MAGIC. */ - uint32_t struct_magic; - - /* Structure version = BDB_DATA_VERSION{MAJOR,MINOR} */ - uint8_t struct_major_version; - uint8_t struct_minor_version; - - /* Size of structure in bytes, NOT including hashes which follow. */ - uint16_t struct_size; - - /* Version of data (RW firmware) contained */ - uint32_t data_version; - - /* Size of OEM area 1 in bytes, or 0 if not present */ - uint32_t oem_area_1_size; - - /* Number of hashes which follow */ - uint8_t num_hashes; - - /* Size of each hash entry in bytes */ - uint8_t hash_entry_size; - - /* Reserved; set 0 */ - uint8_t reserved0[2]; - - /* Number of bytes of data signed by the datakey, including this - * header */ - uint32_t signed_size; - - /* Reserved; set 0 */ - uint8_t reserved1[8]; - - /* Description; null-terminated ASCII */ - char description[128]; -} __attribute__((packed)); - -/* Type of data for bdb_hash.type */ -enum bdb_data_type { - /* Types of data for boot descriptor blocks */ - BDB_DATA_SP_RW = 1, /* SP-RW firmware */ - BDB_DATA_AP_RW = 2, /* AP-RW firmware */ - BDB_DATA_MCU = 3, /* MCU firmware */ - - /* Types of data for kernel descriptor blocks */ - BDB_DATA_KERNEL = 128, /* Kernel */ - BDB_DATA_CMD_LINE = 129, /* Command line */ - BDB_DATA_HEADER16 = 130, /* 16-bit vmlinuz header */ -}; - -/* Hash entries which follow the structure */ -struct bdb_hash { - /* Offset of data from start of partition */ - uint64_t offset; - - /* Size of data in bytes */ - uint32_t size; - - /* Partition number containing data */ - uint8_t partition; - - /* Type of data; enum bdb_data_type */ - uint8_t type; - - /* Reserved; set 0 */ - uint8_t reserved0[2]; - - /* Address in RAM to load data. -1 means use default. */ - uint64_t load_address; - - /* SHA-256 hash digest */ - uint8_t digest[BDB_SHA256_DIGEST_SIZE]; -} __attribute__((packed)); - -/*****************************************************************************/ - -#endif /* VBOOT_REFERENCE_BDB_STRUCT_H_ */ - diff --git a/firmware/bdb/dump_rsa.c b/firmware/bdb/dump_rsa.c deleted file mode 100644 index c40f803a..00000000 --- a/firmware/bdb/dump_rsa.c +++ /dev/null @@ -1,200 +0,0 @@ -/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -/* - * C port of DumpPublicKey.java from the Android Open source project with - * support for additional RSA key sizes. (platform/system/core,git/libmincrypt - * /tools/DumpPublicKey.java). Uses the OpenSSL X509 and BIGNUM library. - */ - -#include <openssl/pem.h> - -#include <stdint.h> -#include <string.h> -#include <unistd.h> - -/* - * Command line tool to extract RSA public keys from X.509 certificates and - * output a pre-processed version of keys for use by RSA verification routines. - */ - -int check(RSA *key) -{ - int public_exponent = BN_get_word(key->e); - int modulus = BN_num_bits(key->n); - - if (public_exponent != 65537 && public_exponent != 3) { - fprintf(stderr, "WARNING: Non-standard public exponent %d.\n", - public_exponent); - } - - if (modulus != 1024 && modulus != 2048 && modulus != 3072 && - modulus != 4096 && modulus != 8192) { - fprintf(stderr, "WARNING: Non-standard modulus length = %d.\n", - modulus); - } - return 1; -} - -/** - * Pre-processes and outputs RSA public key to standard output. - */ -void output(RSA *key) -{ - BIGNUM *N; - BIGNUM *Big1 = NULL, *Big2 = NULL, *Big32 = NULL, *BigMinus1 = NULL; - BIGNUM *B = NULL; - BIGNUM *N0inv= NULL, *R = NULL, *RR = NULL, *RRTemp = NULL; - BIGNUM *NnumBits = NULL; - BIGNUM *n = NULL, *rr = NULL; - BN_CTX *bn_ctx = BN_CTX_new(); - uint32_t n0invout; - int nwords, i; - - N = key->n; - /* Output size of RSA key in 32-bit words */ - nwords = BN_num_bits(N) / 32; - if (-1 == write(1, &nwords, sizeof(nwords))) - goto failure; - - /* Initialize BIGNUMs */ - Big1 = BN_new(); - Big2 = BN_new(); - Big32 = BN_new(); - BigMinus1 = BN_new(); - N0inv= BN_new(); - R = BN_new(); - RR = BN_new(); - RRTemp = BN_new(); - NnumBits = BN_new(); - n = BN_new(); - rr = BN_new(); - - BN_set_word(Big1, 1L); - BN_set_word(Big2, 2L); - BN_set_word(Big32, 32L); - BN_sub(BigMinus1, Big1, Big2); - - B = BN_new(); - BN_exp(B, Big2, Big32, bn_ctx); /* B = 2^32 */ - - /* Calculate and output N0inv = -1 / N[0] mod 2^32 */ - BN_mod_inverse(N0inv, N, B, bn_ctx); - BN_sub(N0inv, B, N0inv); - n0invout = BN_get_word(N0inv); - if (-1 == write(1, &n0invout, sizeof(n0invout))) - goto failure; - - /* Calculate R = 2^(# of key bits) */ - BN_set_word(NnumBits, BN_num_bits(N)); - BN_exp(R, Big2, NnumBits, bn_ctx); - - /* Calculate RR = R^2 mod N */ - BN_copy(RR, R); - BN_mul(RRTemp, RR, R, bn_ctx); - BN_mod(RR, RRTemp, N, bn_ctx); - - /* Write out modulus as little endian array of integers. */ - for (i = 0; i < nwords; ++i) { - uint32_t nout; - - BN_mod(n, N, B, bn_ctx); /* n = N mod B */ - nout = BN_get_word(n); - if (-1 == write(1, &nout, sizeof(nout))) - goto failure; - - BN_rshift(N, N, 32); /* N = N/B */ - } - - /* Write R^2 as little endian array of integers. */ - for (i = 0; i < nwords; ++i) { - uint32_t rrout; - - BN_mod(rr, RR, B, bn_ctx); /* rr = RR mod B */ - rrout = BN_get_word(rr); - if (-1 == write(1, &rrout, sizeof(rrout))) - goto failure; - - BN_rshift(RR, RR, 32); /* RR = RR/B */ - } - - failure: - /* Free BIGNUMs. */ - BN_free(Big1); - BN_free(Big2); - BN_free(Big32); - BN_free(BigMinus1); - BN_free(N0inv); - BN_free(R); - BN_free(RRTemp); - BN_free(NnumBits); - BN_free(n); - BN_free(rr); - -} - -int main(int argc, char* argv[]) { - int cert_mode = 0; - FILE* fp; - X509* cert = NULL; - RSA* pubkey = NULL; - EVP_PKEY* key; - char *progname; - - if (argc != 3 || - (strcmp(argv[1], "-cert") && strcmp(argv[1], "-pub"))) { - progname = strrchr(argv[0], '/'); - if (progname) - progname++; - else - progname = argv[0]; - fprintf(stderr, "Usage: %s <-cert | -pub> <file>\n", progname); - return -1; - } - - if (!strcmp(argv[1], "-cert")) - cert_mode = 1; - - fp = fopen(argv[2], "r"); - - if (!fp) { - fprintf(stderr, "Couldn't open file %s!\n", argv[2]); - return -1; - } - - if (cert_mode) { - /* Read the certificate */ - if (!PEM_read_X509(fp, &cert, NULL, NULL)) { - fprintf(stderr, "Couldn't read certificate.\n"); - goto fail; - } - - /* Get the public key from the certificate. */ - key = X509_get_pubkey(cert); - - /* Convert to a RSA_style key. */ - if (!(pubkey = EVP_PKEY_get1_RSA(key))) { - fprintf(stderr, "Couldn't convert to RSA style key.\n"); - goto fail; - } - } else { - /* Read the pubkey in .PEM format. */ - if (!(pubkey = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))) { - fprintf(stderr, "Couldn't read public key file.\n"); - goto fail; - } - } - - if (check(pubkey)) { - output(pubkey); - } - - fail: - X509_free(cert); - RSA_free(pubkey); - fclose(fp); - - return 0; -} diff --git a/firmware/bdb/ecdsa.c b/firmware/bdb/ecdsa.c deleted file mode 100644 index f4d17287..00000000 --- a/firmware/bdb/ecdsa.c +++ /dev/null @@ -1,17 +0,0 @@ -/* Copyright (c) 2015 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Boot descriptor block firmware ECDSA stub - */ - -#include <string.h> -#include "bdb.h" - -int bdb_ecdsa521_verify(const uint8_t *key_data, - const uint8_t *sig, - const uint8_t *digest) -{ - /* This is just a stub */ - return BDB_ERROR_DIGEST; -} diff --git a/firmware/bdb/host.c b/firmware/bdb/host.c deleted file mode 100644 index 730d17d9..00000000 --- a/firmware/bdb/host.c +++ /dev/null @@ -1,419 +0,0 @@ -/* Copyright 2015 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Host functions for signing - */ - -#include <unistd.h> - -#include "2sysincludes.h" -#include "2common.h" -#include "2sha.h" -#include "bdb.h" -#include "host.h" - -char *strzcpy(char *dest, const char *src, size_t size) -{ - strncpy(dest, src, size); - dest[size - 1] = 0; - return dest; -} - -uint8_t *read_file(const char *filename, uint32_t *size_ptr) -{ - FILE *f; - uint8_t *buf; - long size; - - *size_ptr = 0; - - f = fopen(filename, "rb"); - if (!f) { - fprintf(stderr, "Unable to open file %s\n", filename); - return NULL; - } - - fseek(f, 0, SEEK_END); - size = ftell(f); - rewind(f); - - if (size < 0 || size > UINT32_MAX) { - fclose(f); - return NULL; - } - - buf = malloc(size); - if (!buf) { - fclose(f); - return NULL; - } - - if (1 != fread(buf, size, 1, f)) { - fprintf(stderr, "Unable to read file %s\n", filename); - fclose(f); - free(buf); - return NULL; - } - - fclose(f); - - *size_ptr = size; - return buf; -} - -int write_file(const char *filename, const void *buf, uint32_t size) -{ - FILE *f = fopen(filename, "wb"); - - if (!f) { - fprintf(stderr, "Unable to open file %s\n", filename); - return 1; - } - - if (1 != fwrite(buf, size, 1, f)) { - fprintf(stderr, "Unable to write to file %s\n", filename); - fclose(f); - unlink(filename); /* Delete any partial file */ - return 1; - } - - fclose(f); - return 0; -} - -struct rsa_st *read_pem(const char *filename) -{ - struct rsa_st *pem; - FILE *f; - - /* Read private key */ - f = fopen(filename, "rb"); - if (!f) { - fprintf(stderr, "%s: unable to read key from %s\n", - __func__, filename); - return NULL; - } - - pem = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL); - fclose(f); - - return pem; -} - -struct bdb_key *bdb_create_key(const char *filename, - uint32_t key_version, - const char *desc) -{ - uint32_t sig_alg; - size_t key_size = sizeof(struct bdb_key); - struct bdb_key *k; - uint8_t *kdata; - uint32_t kdata_size = 0; - - /* - * Read key data. Somewhat lame assumption that we can determine the - * signature algorithm from the key size, but it's true right now. - */ - kdata = read_file(filename, &kdata_size); - if (kdata_size == BDB_RSA4096_KEY_DATA_SIZE) { - sig_alg = BDB_SIG_ALG_RSA4096; - } else if (kdata_size == BDB_RSA3072B_KEY_DATA_SIZE) { - sig_alg = BDB_SIG_ALG_RSA3072B; - } else { - fprintf(stderr, "%s: bad key size from %s\n", - __func__, filename); - free(kdata); - return NULL; - } - key_size += kdata_size; - - /* Allocate buffer */ - k = (struct bdb_key *)calloc(key_size, 1); - if (!k) { - free(kdata); - return NULL; - } - - k->struct_magic = BDB_KEY_MAGIC; - k->struct_major_version = BDB_KEY_VERSION_MAJOR; - k->struct_minor_version = BDB_KEY_VERSION_MINOR; - k->struct_size = key_size; - k->hash_alg = BDB_HASH_ALG_SHA256; - k->sig_alg = sig_alg; - k->key_version = key_version; - - /* Copy description, if any */ - if (desc) - strzcpy(k->description, desc, sizeof(k->description)); - - /* Copy key data */ - memcpy(k->key_data, kdata, kdata_size); - free(kdata); - - return k; -} - -struct bdb_sig *bdb_create_sig(const void *data, - size_t size, - struct rsa_st *key, - uint32_t sig_alg, - const char *desc) -{ - static const uint8_t info[] = { - 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, - 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, - 0x00, 0x04, 0x20 - }; - - size_t sig_size = sizeof(struct bdb_sig); - uint8_t digest[sizeof(info) + BDB_SHA256_DIGEST_SIZE]; - struct bdb_sig *sig; - - if (size >= UINT32_MAX) - return NULL; - - switch(sig_alg) { - case BDB_SIG_ALG_RSA4096: - sig_size += BDB_RSA4096_SIG_SIZE; - break; - case BDB_SIG_ALG_RSA3072B: - sig_size += BDB_RSA3072B_SIG_SIZE; - break; - default: - fprintf(stderr, "%s: bad signature algorithm %d\n", - __func__, sig_alg); - return NULL; - } - - /* Allocate buffer */ - sig = (struct bdb_sig *)calloc(sig_size, 1); - if (!sig) - return NULL; - - sig->struct_magic = BDB_SIG_MAGIC; - sig->struct_major_version = BDB_SIG_VERSION_MAJOR; - sig->struct_minor_version = BDB_SIG_VERSION_MINOR; - sig->struct_size = sig_size; - sig->hash_alg = BDB_HASH_ALG_SHA256; - sig->sig_alg = sig_alg; - sig->signed_size = size; - - /* Copy description, if any */ - if (desc) - strzcpy(sig->description, desc, sizeof(sig->description)); - - /* Calculate info-padded digest */ - memcpy(digest, info, sizeof(info)); - if (vb2_digest_buffer((uint8_t *)data, size, - VB2_HASH_SHA256, - digest + sizeof(info), BDB_SHA256_DIGEST_SIZE)) { - free(sig); - return NULL; - } - - /* RSA-encrypt the signature */ - if (RSA_private_encrypt(sizeof(digest), - digest, - sig->sig_data, - key, - RSA_PKCS1_PADDING) == -1) { - free(sig); - return NULL; - } - return sig; -} - -int bdb_sign_datakey(uint8_t **bdb, struct rsa_st *key) -{ - const struct bdb_header *header = bdb_get_header(*bdb); - const struct bdb_key *bdbkey = bdb_get_bdbkey(*bdb); - const void *oem = bdb_get_oem_area_0(*bdb); - const struct bdb_sig *sig = bdb_get_header_sig(*bdb); - struct bdb_sig *new_sig; - uint8_t *new_bdb, *src, *dst; - size_t len; - - new_sig = bdb_create_sig(oem, header->signed_size, - key, bdbkey->sig_alg, NULL); - new_bdb = calloc(1, header->bdb_size - + (new_sig->struct_size - sig->struct_size)); - if (!new_bdb) - return BDB_ERROR_UNKNOWN; - - /* copy up to sig */ - src = *bdb; - dst = new_bdb; - len = bdb_offset_of_header_sig(*bdb); - memcpy(dst, src, len); - - /* copy new sig */ - src += len; - dst += len; - memcpy(dst, new_sig, new_sig->struct_size); - - /* copy the rest */ - src += sig->struct_size; - dst += new_sig->struct_size; - len = bdb_size_of(*bdb) - vb2_offset_of(*bdb, src); - memcpy(dst, src, len); - - free(*bdb); - free(new_sig); - *bdb = new_bdb; - - return BDB_SUCCESS; -} - -int bdb_sign_data(uint8_t **bdb, struct rsa_st *key) -{ - const struct bdb_key *datakey = bdb_get_datakey(*bdb); - const struct bdb_data *data = bdb_get_data(*bdb); - const uint64_t sig_offset = vb2_offset_of(*bdb, bdb_get_data_sig(*bdb)); - struct bdb_sig *new_sig; - uint8_t *new_bdb; - - new_sig = bdb_create_sig(data, data->signed_size, - key, datakey->sig_alg, NULL); - new_bdb = calloc(1, sig_offset + new_sig->struct_size); - if (!new_bdb) - return BDB_ERROR_UNKNOWN; - - /* copy all data up to the data sig */ - memcpy(new_bdb, *bdb, sig_offset); - - /* copy the new signature */ - memcpy(new_bdb + sig_offset, new_sig, new_sig->struct_size); - - free(*bdb); - free(new_sig); - *bdb = new_bdb; - - return BDB_SUCCESS; -} - -struct bdb_header *bdb_create(struct bdb_create_params *p) -{ - size_t bdb_size = 0; - size_t sig_size = sizeof(struct bdb_sig) + BDB_RSA4096_SIG_SIZE; - size_t hashes_size = sizeof(struct bdb_hash) * p->num_hashes; - uint8_t *buf, *bnext; - struct bdb_header *h; - struct bdb_sig *sig; - struct bdb_data *data; - const void *oem; - - /* We can do some checks before we even allocate the buffer */ - - /* Make sure OEM sizes are aligned */ - if ((p->oem_area_0_size & 3) || (p->oem_area_1_size & 3)) { - fprintf(stderr, "%s: OEM areas not 32-bit aligned\n", - __func__); - return NULL; - } - - /* Hash count must fit in uint8_t */ - if (p->num_hashes > 255) { - fprintf(stderr, "%s: too many hashes\n", __func__); - return NULL; - } - - /* Calculate BDB size */ - bdb_size = sizeof(struct bdb_header); - bdb_size += p->bdbkey->struct_size; - bdb_size += p->oem_area_0_size; - bdb_size += p->datakey->struct_size; - bdb_size += sig_size; - bdb_size += sizeof(struct bdb_data); - bdb_size += p->oem_area_1_size; - bdb_size += sizeof(struct bdb_hash) * p->num_hashes; - bdb_size += sig_size; - - /* Make sure it fits */ - if (bdb_size > UINT32_MAX) { - fprintf(stderr, "%s: BDB size > UINT32_MAX\n", __func__); - return NULL; - } - - /* Allocate a buffer */ - bnext = buf = calloc(bdb_size, 1); - if (!buf) { - fprintf(stderr, "%s: can't allocate buffer\n", __func__); - return NULL; - } - - /* Fill in the header */ - h = (struct bdb_header *)bnext; - h->struct_magic = BDB_HEADER_MAGIC; - h->struct_major_version = BDB_HEADER_VERSION_MAJOR; - h->struct_minor_version = BDB_HEADER_VERSION_MINOR; - h->struct_size = sizeof(*h); - h->bdb_load_address = p->bdb_load_address; - h->bdb_size = bdb_size; - h->signed_size = p->oem_area_0_size + p->datakey->struct_size; - h->oem_area_0_size = p->oem_area_0_size; - bnext += h->struct_size; - - /* Copy BDB key */ - memcpy(bnext, p->bdbkey, p->bdbkey->struct_size); - bnext += p->bdbkey->struct_size; - - /* Copy OEM area 0 */ - oem = bnext; - if (p->oem_area_0_size) { - memcpy(bnext, p->oem_area_0, p->oem_area_0_size); - bnext += p->oem_area_0_size; - } - - /* Copy datakey */ - memcpy(bnext, p->datakey, p->datakey->struct_size); - bnext += p->datakey->struct_size; - - /* - * Create header signature using private BDB key. - * - * TODO: create the header signature in a totally separate step. That - * way, the private BDB key is not required each time a BDB is created. - */ - sig = bdb_create_sig(oem, h->signed_size, p->private_bdbkey, - p->bdbkey->sig_alg, p->header_sig_description); - memcpy(bnext, sig, sig->struct_size); - bnext += sig->struct_size; - - /* Fill in the data */ - data = (struct bdb_data *)bnext; - data->struct_magic = BDB_DATA_MAGIC; - data->struct_major_version = BDB_DATA_VERSION_MAJOR; - data->struct_minor_version = BDB_DATA_VERSION_MINOR; - data->struct_size = sizeof(struct bdb_data); - data->data_version = p->data_version; - data->oem_area_1_size = p->oem_area_1_size; - data->num_hashes = p->num_hashes; - data->hash_entry_size = sizeof(struct bdb_hash); - data->signed_size = data->struct_size + data->oem_area_1_size + - hashes_size; - if (p->data_description) { - strzcpy(data->description, p->data_description, - sizeof(data->description)); - } - bnext += data->struct_size; - - /* Copy OEM area 1 */ - oem = bnext; - if (p->oem_area_1_size) { - memcpy(bnext, p->oem_area_1, p->oem_area_1_size); - bnext += p->oem_area_1_size; - } - - /* Copy hashes */ - memcpy(bnext, p->hash, hashes_size); - bnext += hashes_size; - - /* Create data signature using private datakey */ - sig = bdb_create_sig(data, data->signed_size, p->private_datakey, - p->datakey->sig_alg, p->data_sig_description); - memcpy(bnext, sig, sig->struct_size); - - /* Return the BDB */ - return h; -} diff --git a/firmware/bdb/host.h b/firmware/bdb/host.h deleted file mode 100644 index 105d668c..00000000 --- a/firmware/bdb/host.h +++ /dev/null @@ -1,191 +0,0 @@ -/* Copyright 2015 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Boot descriptor block host functions - */ - -#ifndef VBOOT_REFERENCE_BDB_HOST_H_ -#define VBOOT_REFERENCE_BDB_HOST_H_ - -#include <stdlib.h> -#include <openssl/pem.h> -#include "bdb_struct.h" - -/*****************************************************************************/ -/* -Expected calling sequence: - -Load and check just the header -bdb_check_header(buf, size); - -Load and verify the entire BDB -bdb_verify(buf, size, bdb_key_hash, dev_mode_flag); - - bdb_check_header() again - paranoia against bad storage devices - - bdb_check_key() on BDB key - bdb_sha256() on BDB key - Compare with appropriate root key hash - If dev_mode_flag(), mismatch is not fatal - - bdb_check_sig() on BDB header sig - bdb_sha256() on OEM area 1, RW datakey - bdb_rsa_verify() on digest using BDB key - - bdb_check_key() on RW datakey - - bdb_check_data() on RW data - bdb_check_sig() on data sig - bdb_sha256() on data, OEM area 1, hashes - bdb_rsa_verify() on digest using RW datakey - -Check RW datakey version. If normal boot from primary BDB, roll forward -Check data version. If normal boot from primary BDB, roll forward -*/ - -/*****************************************************************************/ -/* Codes for functions returning numeric error codes */ - -enum bdb_host_return_code { - /* All/any of bdb_return_code, and the following... */ - - /* Other errors */ - BDB_ERROR_HOST = 200, -}; - -/*****************************************************************************/ -/* Functions */ - -/** - * Like strncpy, but guaranteeing null termination - */ -char *strzcpy(char *dest, const char *src, size_t size); - -/** - * Read a file. - * - * Caller must free() the returned buffer. - * - * @param filename Path to file - * @param size_ptr Destination for size of buffer - * @return A newly allocated buffer containing the data, or NULL if error. - */ -uint8_t *read_file(const char *filename, uint32_t *size_ptr); - -/** - * Write a file. - * - * @param buf Data to write - * @param size Size of data in bytes - * @return 0 if success, non-zero error code if error. - */ -int write_file(const char *filename, const void *buf, uint32_t size); - -/** - * Read a PEM from a file. - * - * Caller must free the PEM with RSA_free(). - * - * @param filename Path to file - * @return A newly allocated PEM object, or NULL if error. - */ -struct rsa_st *read_pem(const char *filename); - -/** - * Create a BDB public key object. - * - * Caller must free() the returned key. - * - * @param filename Path to file containing public key (.keyb) - * @param key_version Version for key - * @param desc Description. Optional; may be NULL. - * @return A newly allocated public key, or NULL if error. - */ -struct bdb_key *bdb_create_key(const char *filename, - uint32_t key_version, - const char *desc); - -/** - * Create a BDB signature object. - * - * Caller must free() the returned signature. - * - * @param data Data to sign - * @param size Size of data in bytes - * @param key PEM key - * @param sig_alg Signature algorithm - * @param desc Description. Optional; may be NULL. - * @return A newly allocated signature, or NULL if error. - */ -struct bdb_sig *bdb_create_sig(const void *data, - size_t size, - struct rsa_st *key, - uint32_t sig_alg, - const char *desc); - -struct bdb_create_params -{ - /* Load address */ - uint64_t bdb_load_address; - - /* OEM areas. Size may be 0, in which case the buffer is ignored */ - uint8_t *oem_area_0; - uint32_t oem_area_0_size; - uint8_t *oem_area_1; - uint32_t oem_area_1_size; - - /* Public BDB key and datakey */ - struct bdb_key *bdbkey; - struct bdb_key *datakey; - - /* Private BDB key and datakey */ - struct rsa_st *private_bdbkey; - struct rsa_st *private_datakey; - - /* Descriptions for header and data signatures */ - char *header_sig_description; - char *data_sig_description; - - /* Data description and version */ - char *data_description; - uint32_t data_version; - - /* Data hashes and count */ - struct bdb_hash *hash; - uint32_t num_hashes; -}; - -/** - * Sign data key in BDB - * - * @param bdb (IN/OUT) Buffer is freed upon successful call. Caller is - * responsible for freeing the newly allocated buffer. - * @param key Private BDB key to be signed with - * @return BDB_SUCCESS on success or BDB_ERROR_* otherwise. - */ -int bdb_sign_datakey(uint8_t **bdb, struct rsa_st *key); - -/** - * Sign data section of BDB - * - * @param bdb (IN/OUT) Buffer is freed upon successful call. Caller is - * responsible for freeing the newly allocated buffer. - * @param key Private data key to be signed with - * @return BDB_SUCCESS on success or BDB_ERROR_* otherwise. - */ -int bdb_sign_data(uint8_t **bdb, struct rsa_st *key); - -/** - * Create a new BDB - * - * Caller must free() returned object. - * - * @param p Creation parameters - * @return A newly allocated BDB, or NULL if error. - */ -struct bdb_header *bdb_create(struct bdb_create_params *p); - -/*****************************************************************************/ - -#endif /* VBOOT_REFERENCE_BDB_HOST_H_ */ diff --git a/firmware/bdb/misc.c b/firmware/bdb/misc.c deleted file mode 100644 index fd3e0c9b..00000000 --- a/firmware/bdb/misc.c +++ /dev/null @@ -1,124 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include <stdint.h> -#include "bdb.h" -#include "bdb_api.h" -#include "vboot_register.h" - -static int did_current_slot_fail(struct vba_context *ctx) -{ - uint32_t val = vbe_get_vboot_register(VBOOT_REGISTER_PERSIST); - - if (ctx->slot) - return val & VBOOT_REGISTER_FAILED_RW_SECONDARY; - else - return val & VBOOT_REGISTER_FAILED_RW_PRIMARY; -} - -static int did_other_slot_fail(struct vba_context *ctx) -{ - uint32_t val = vbe_get_vboot_register(VBOOT_REGISTER_PERSIST); - - if (ctx->slot) - return val & VBOOT_REGISTER_FAILED_RW_PRIMARY; - else - return val & VBOOT_REGISTER_FAILED_RW_SECONDARY; -} - -static void set_try_other_slot(struct vba_context *ctx) -{ - uint32_t val = vbe_get_vboot_register(VBOOT_REGISTER_PERSIST); - - if (ctx->slot) - val &= ~VBOOT_REGISTER_TRY_SECONDARY_BDB; - else - val |= VBOOT_REGISTER_TRY_SECONDARY_BDB; - - vbe_set_vboot_register(VBOOT_REGISTER_PERSIST, val); -} - -static void set_recovery_request(struct vba_context *ctx) -{ - uint32_t val = vbe_get_vboot_register(VBOOT_REGISTER_PERSIST); - - val |= VBOOT_REGISTER_RECOVERY_REQUEST; - - vbe_set_vboot_register(VBOOT_REGISTER_PERSIST, val); -} - -static void get_current_slot(struct vba_context *ctx) -{ - /* Assume SP-RO selects slot this way */ - ctx->slot = (vbe_get_vboot_register(VBOOT_REGISTER_PERSIST) - & VBOOT_REGISTER_TRY_SECONDARY_BDB) ? 1 : 0; -} - -static void set_current_slot_failed(struct vba_context *ctx) -{ - uint32_t val = vbe_get_vboot_register(VBOOT_REGISTER_PERSIST); - - if (ctx->slot) - val |= VBOOT_REGISTER_FAILED_RW_SECONDARY; - else - val |= VBOOT_REGISTER_FAILED_RW_PRIMARY; - - vbe_set_vboot_register(VBOOT_REGISTER_PERSIST, val); -} - -static void unset_current_slot_failed(struct vba_context *ctx) -{ - uint32_t val = vbe_get_vboot_register(VBOOT_REGISTER_PERSIST); - - if (ctx->slot) - val &= ~VBOOT_REGISTER_FAILED_RW_SECONDARY; - else - val &= ~VBOOT_REGISTER_FAILED_RW_PRIMARY; - - vbe_set_vboot_register(VBOOT_REGISTER_PERSIST, val); -} - -int vba_bdb_init(struct vba_context *ctx) -{ - /* Get current slot */ - get_current_slot(ctx); - - /* Check current slot failed or not at the last boot */ - if (!did_current_slot_fail(ctx)) { - /* If not, we try this slot. Prepare for any accidents */ - set_current_slot_failed(ctx); - return BDB_SUCCESS; - } - - /* Check other slot failed or not at the previous boot */ - if (!did_other_slot_fail(ctx)) { - /* If not, we try the other slot after reboot. */ - set_try_other_slot(ctx); - return BDB_ERROR_TRY_OTHER_SLOT; - } else { - /* Otherwise, both slots are bad. Reboot to recovery */ - set_recovery_request(ctx); - return BDB_ERROR_RECOVERY_REQUEST; - } -} - -int vba_bdb_finalize(struct vba_context *ctx) -{ - /* Mark the current slot good */ - unset_current_slot_failed(ctx); - - /* Disable NVM bus */ - - return BDB_SUCCESS; -} - -void vba_bdb_fail(struct vba_context *ctx) -{ - /* We can do some logging here if we want */ - - /* Unconditionally reboot. FailedRW flag is already set. - * At the next boot, bdb_init will decide what to do. */ - vbe_reset(); -} diff --git a/firmware/bdb/nvm.c b/firmware/bdb/nvm.c deleted file mode 100644 index 85c301a2..00000000 --- a/firmware/bdb/nvm.c +++ /dev/null @@ -1,346 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "2sysincludes.h" -#include "2hmac.h" -#include "2sha.h" -#include "bdb_api.h" -#include "bdb_struct.h" -#include "bdb.h" -#include "nvm.h" -#include "secrets.h" - -static int nvmrw_validate(const void *buf, uint32_t size) -{ - const struct nvmrw *nvm = buf; - - if (nvm->struct_magic != NVM_RW_MAGIC) - return BDB_ERROR_NVM_RW_MAGIC; - - if (nvm->struct_major_version != NVM_HEADER_VERSION_MAJOR) - return BDB_ERROR_NVM_STRUCT_VERSION; - - if (size < nvm->struct_size) - return BDB_ERROR_NVM_STRUCT_SIZE; - - /* - * We allow any sizes between min and max so that we can handle minor - * version mismatches. Reader can be older than data or the other way - * around. FW in slot B can upgrade NVM-RW but fails to qualify as a - * stable boot path. Then, FW in slot A is invoked which is older than - * the NVM-RW written by FW in slot B. - */ - if (nvm->struct_size < NVM_RW_MIN_STRUCT_SIZE || - NVM_RW_MAX_STRUCT_SIZE < nvm->struct_size) - return BDB_ERROR_NVM_STRUCT_SIZE; - - return BDB_SUCCESS; -} - -static int nvmrw_verify(const struct bdb_secrets *secrets, - const struct nvmrw *nvm, uint32_t size) -{ - uint8_t mac[NVM_HMAC_SIZE]; - int rv; - - if (!secrets || !nvm) - return BDB_ERROR_NVM_INVALID_PARAMETER; - - rv = nvmrw_validate(nvm, size); - if (rv) - return rv; - - /* Compute and verify HMAC */ - if (hmac(VB2_HASH_SHA256, secrets->nvm_rw, BDB_SECRET_SIZE, - nvm, nvm->struct_size - sizeof(mac), mac, sizeof(mac))) - return BDB_ERROR_NVM_RW_HMAC; - /* TODO: Use safe_memcmp */ - if (memcmp(mac, nvm->hmac, sizeof(mac))) - return BDB_ERROR_NVM_RW_INVALID_HMAC; - - return BDB_SUCCESS; -} - -int nvmrw_write(struct vba_context *ctx, enum nvm_type type) -{ - struct nvmrw *nvm = &ctx->nvmrw; - int retry = NVM_MAX_WRITE_RETRY; - int rv; - - if (!ctx) - return BDB_ERROR_NVM_INVALID_PARAMETER; - - if (!ctx->secrets) - return BDB_ERROR_NVM_INVALID_SECRET; - - rv = nvmrw_validate(nvm, sizeof(*nvm)); - if (rv) - return rv; - - /* Update HMAC */ - hmac(VB2_HASH_SHA256, ctx->secrets->nvm_rw, BDB_SECRET_SIZE, - nvm, nvm->struct_size - sizeof(nvm->hmac), - nvm->hmac, sizeof(nvm->hmac)); - - while (retry--) { - uint8_t buf[sizeof(struct nvmrw)]; - if (vbe_write_nvm(type, nvm, nvm->struct_size)) - continue; - if (vbe_read_nvm(type, buf, sizeof(buf))) - continue; - if (memcmp(buf, nvm, sizeof(buf))) - continue; - /* Write success */ - return BDB_SUCCESS; - } - - /* NVM seems corrupted. Go to chip recovery mode */ - return BDB_ERROR_NVM_WRITE; -} - -static int read_verify_nvmrw(enum nvm_type type, - const struct bdb_secrets *secrets, - uint8_t *buf, uint32_t buf_size) -{ - struct nvmrw *nvm = (struct nvmrw *)buf; - int rv; - - /* Read minimum amount */ - if (vbe_read_nvm(type, buf, NVM_MIN_STRUCT_SIZE)) - return BDB_ERROR_NVM_VBE_READ; - - /* Validate the content */ - rv = nvmrw_validate(buf, buf_size); - if (rv) - return rv; - - /* Read full body */ - if (vbe_read_nvm(type, buf, nvm->struct_size)) - return BDB_ERROR_NVM_VBE_READ; - - /* Verify the content */ - rv = nvmrw_verify(secrets, nvm, sizeof(*nvm)); - return rv; - - return BDB_SUCCESS; -} - -int nvmrw_read(struct vba_context *ctx) -{ - uint8_t buf1[NVM_RW_MAX_STRUCT_SIZE]; - uint8_t buf2[NVM_RW_MAX_STRUCT_SIZE]; - struct nvmrw *nvm1 = (struct nvmrw *)buf1; - struct nvmrw *nvm2 = (struct nvmrw *)buf2; - int rv1, rv2; - - /* Read and verify the 1st copy */ - rv1 = read_verify_nvmrw(NVM_TYPE_RW_PRIMARY, ctx->secrets, - buf1, sizeof(buf1)); - - /* Read and verify the 2nd copy */ - rv2 = read_verify_nvmrw(NVM_TYPE_RW_SECONDARY, ctx->secrets, - buf2, sizeof(buf2)); - - if (rv1 == BDB_SUCCESS && rv2 == BDB_SUCCESS) { - /* Sync primary and secondary based on update_count. */ - if (nvm1->update_count > nvm2->update_count) - rv2 = !BDB_SUCCESS; - else if (nvm1->update_count < nvm2->update_count) - rv1 = !BDB_SUCCESS; - } else if (rv1 != BDB_SUCCESS && rv2 != BDB_SUCCESS){ - /* Abort. Neither was successful. */ - return rv1; - } - - if (rv1 == BDB_SUCCESS) - /* both copies are good. use primary copy */ - memcpy(&ctx->nvmrw, buf1, sizeof(ctx->nvmrw)); - else - /* primary is bad but secondary is good. */ - memcpy(&ctx->nvmrw, buf2, sizeof(ctx->nvmrw)); - - if (ctx->nvmrw.struct_minor_version != NVM_HEADER_VERSION_MINOR) { - /* - * Upgrade or downgrade is required. So, we need to write both. - * When upgrading, this is the place where new fields should be - * initialized. We don't increment update_count. - */ - ctx->nvmrw.struct_minor_version = NVM_HEADER_VERSION_MINOR; - ctx->nvmrw.struct_size = sizeof(ctx->nvmrw); - /* We don't worry about calculating hmac twice because - * this is a corner case. */ - rv1 = nvmrw_write(ctx, NVM_TYPE_RW_PRIMARY); - rv2 = nvmrw_write(ctx, NVM_TYPE_RW_SECONDARY); - } else if (rv1 != BDB_SUCCESS) { - /* primary copy is bad. sync it with secondary copy */ - rv1 = nvmrw_write(ctx, NVM_TYPE_RW_PRIMARY); - } else if (rv2 != BDB_SUCCESS){ - /* secondary copy is bad. sync it with primary copy */ - rv2 = nvmrw_write(ctx, NVM_TYPE_RW_SECONDARY); - } else { - /* Both copies are good and versions are same as the reader. - * Skip writing. This should be the common case. */ - } - - if (rv1 || rv2) - return rv1 ? rv1 : rv2; - - return BDB_SUCCESS; -} - -static int nvmrw_init(struct vba_context *ctx) -{ - if (nvmrw_read(ctx)) - return BDB_ERROR_NVM_INIT; - - return BDB_SUCCESS; -} - -int vba_update_kernel_version(struct vba_context *ctx, - uint32_t kernel_data_key_version, - uint32_t kernel_version) -{ - struct nvmrw *nvm = &ctx->nvmrw; - - if (nvmrw_verify(ctx->secrets, nvm, sizeof(*nvm))) { - if (nvmrw_init(ctx)) - return BDB_ERROR_NVM_INIT; - } - - if (nvm->min_kernel_data_key_version < kernel_data_key_version || - nvm->min_kernel_version < kernel_version) { - int rv1, rv2; - - /* Roll forward versions */ - nvm->min_kernel_data_key_version = kernel_data_key_version; - nvm->min_kernel_version = kernel_version; - - /* Increment update counter */ - nvm->update_count++; - - /* Update both copies */ - rv1 = nvmrw_write(ctx, NVM_TYPE_RW_PRIMARY); - rv2 = nvmrw_write(ctx, NVM_TYPE_RW_SECONDARY); - if (rv1 || rv2) - return BDB_ERROR_RECOVERY_REQUEST; - } - - return BDB_SUCCESS; -} - -int vba_update_buc(struct vba_context *ctx, uint8_t *new_buc) -{ - struct nvmrw *nvm = &ctx->nvmrw; - uint8_t buc[BUC_ENC_DIGEST_SIZE]; - int rv1, rv2; - - if (nvmrw_verify(ctx->secrets, nvm, sizeof(*nvm))) { - if (nvmrw_init(ctx)) - return BDB_ERROR_NVM_INIT; - } - - /* Encrypt new BUC - * Note that we do not need to decide whether we should use hardware - * crypto or not because this is supposed to be running in RW code. */ - if (vbe_aes256_encrypt(new_buc, BUC_ENC_DIGEST_SIZE, - ctx->secrets->buc, buc)) - return BDB_ERROR_ENCRYPT_BUC; - - /* Return if new BUC is same as current one. */ - if (!memcmp(buc, nvm->buc_enc_digest, sizeof(buc))) - return BDB_SUCCESS; - - memcpy(nvm->buc_enc_digest, buc, sizeof(buc)); - - /* Increment update counter */ - nvm->update_count++; - - /* Write new BUC */ - rv1 = nvmrw_write(ctx, NVM_TYPE_RW_PRIMARY); - rv2 = nvmrw_write(ctx, NVM_TYPE_RW_SECONDARY); - if (rv1 || rv2) - return BDB_ERROR_WRITE_BUC; - - return BDB_SUCCESS; -} - -int nvmrw_get(struct vba_context *ctx, enum nvmrw_var var, uint32_t *val) -{ - struct nvmrw *nvm = &ctx->nvmrw; - - /* No init or verify so that this can be called from futility. - * Callers are responsible for init and verify. */ - - switch (var) { - case NVMRW_VAR_UPDATE_COUNT: - *val = nvm->update_count; - break; - case NVMRW_VAR_MIN_KERNEL_DATA_KEY_VERSION: - *val = nvm->min_kernel_data_key_version; - break; - case NVMRW_VAR_MIN_KERNEL_VERSION: - *val = nvm->min_kernel_version; - break; - case NVMRW_VAR_BUC_TYPE: - *val = nvm->buc_type; - break; - case NVMRW_VAR_FLAG_BUC_PRESENT: - *val = nvm->flags & NVM_RW_FLAG_BUC_PRESENT; - break; - case NVMRW_VAR_FLAG_DFM_DISABLE: - *val = nvm->flags & NVM_RW_FLAG_DFM_DISABLE; - break; - case NVMRW_VAR_FLAG_DOSM: - *val = nvm->flags & NVM_RW_FLAG_DOSM; - break; - default: - return BDB_ERROR_NVM_INVALID_PARAMETER; - } - - return BDB_SUCCESS; -} - -#define MAX_8BIT_UINT ((((uint64_t)1) << 8) - 1) - -int nvmrw_set(struct vba_context *ctx, enum nvmrw_var var, uint32_t val) -{ - struct nvmrw *nvm = &ctx->nvmrw; - - /* No init or verify so that this can be called from futility. - * Callers are responsible for init and verify. */ - - switch (var) { - case NVMRW_VAR_UPDATE_COUNT: - nvm->update_count = val; - break; - case NVMRW_VAR_MIN_KERNEL_DATA_KEY_VERSION: - nvm->min_kernel_data_key_version = val; - break; - case NVMRW_VAR_MIN_KERNEL_VERSION: - nvm->min_kernel_version = val; - break; - case NVMRW_VAR_BUC_TYPE: - if (val > MAX_8BIT_UINT) - return BDB_ERROR_NVM_INVALID_PARAMETER; - nvm->buc_type = val; - break; - case NVMRW_VAR_FLAG_BUC_PRESENT: - nvm->flags &= ~NVM_RW_FLAG_BUC_PRESENT; - nvm->flags |= val ? NVM_RW_FLAG_BUC_PRESENT : 0; - break; - case NVMRW_VAR_FLAG_DFM_DISABLE: - nvm->flags &= ~NVM_RW_FLAG_DFM_DISABLE; - nvm->flags |= val ? NVM_RW_FLAG_DFM_DISABLE : 0; - break; - case NVMRW_VAR_FLAG_DOSM: - nvm->flags &= ~NVM_RW_FLAG_DOSM; - nvm->flags |= val ? NVM_RW_FLAG_DOSM : 0; - break; - default: - return BDB_ERROR_NVM_INVALID_PARAMETER; - } - - return BDB_SUCCESS; -} diff --git a/firmware/bdb/nvm.h b/firmware/bdb/nvm.h deleted file mode 100644 index c0a55402..00000000 --- a/firmware/bdb/nvm.h +++ /dev/null @@ -1,139 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#ifndef VBOOT_REFERENCE_BDB_NVM_H_ -#define VBOOT_REFERENCE_BDB_NVM_H_ - -#include <stdint.h> -#include "bdb_struct.h" -#include "bdb_api.h" - -enum nvm_type { - NVM_TYPE_WP_PRIMARY, - NVM_TYPE_WP_SECONDARY, - NVM_TYPE_RW_PRIMARY, - NVM_TYPE_RW_SECONDARY, -}; - -#define NVM_RW_MAGIC 0x3052766e - -/* Size in bytes of encrypted BUC (Boot Unlock Code) */ -#define BUC_ENC_DIGEST_SIZE 32 -/* Size in bytes of HMAC of struct NVM-RW */ -#define NVM_HMAC_SIZE BDB_SHA256_DIGEST_SIZE - -#define NVM_RW_FLAG_BUC_PRESENT (1 << 0) -#define NVM_RW_FLAG_DFM_DISABLE (1 << 1) -#define NVM_RW_FLAG_DOSM (1 << 2) - -/* This is the minimum size of the data needed to learn the actual size */ -#define NVM_MIN_STRUCT_SIZE 8 - -#define NVM_HEADER_VERSION_MAJOR 1 -#define NVM_HEADER_VERSION_MINOR 1 - -/* Maximum number of retries for writing NVM */ -#define NVM_MAX_WRITE_RETRY 2 - -struct nvmrw { - /* Magic number to identify struct */ - uint32_t struct_magic; - - /* Structure version */ - uint8_t struct_major_version; - uint8_t struct_minor_version; - - /* Size of struct in bytes. 96 for version 1.0 */ - uint16_t struct_size; - - /* Number of updates to structure contents */ - uint32_t update_count; - - /* Flags: NVM_RW_FLAG_* */ - uint32_t flags; - - /* Minimum valid kernel data key version */ - uint32_t min_kernel_data_key_version; - - /* Minimum valid kernel version */ - uint32_t min_kernel_version; - - /* Type of BUC */ - uint8_t buc_type; - - uint8_t reserved0[7]; - - /* Encrypted BUC */ - uint8_t buc_enc_digest[BUC_ENC_DIGEST_SIZE]; - - /* SHA-256 HMAC of the struct contents. Add new fields before this. */ - uint8_t hmac[NVM_HMAC_SIZE]; -} __attribute__((packed)); - -/* - * List of variables stored in NVM-RW. This should be exported and used by - * firmware and futility to access data in NVM-RW. - */ -enum nvmrw_var { - NVMRW_VAR_UPDATE_COUNT, - NVMRW_VAR_FLAGS, - NVMRW_VAR_MIN_KERNEL_DATA_KEY_VERSION, - NVMRW_VAR_MIN_KERNEL_VERSION, - NVMRW_VAR_BUC_TYPE, - NVMRW_VAR_FLAG_BUC_PRESENT, - NVMRW_VAR_FLAG_DFM_DISABLE, - NVMRW_VAR_FLAG_DOSM, -}; - -/* Size of the version 1.0 */ -#define NVM_RW_MIN_STRUCT_SIZE 96 -/* 4 Kbit EEPROM divided by 4 regions (RO,RW) x (1st,2nd) = 128 KB */ -#define NVM_RW_MAX_STRUCT_SIZE 128 - -/* For nvm_rw_read and nvm_write */ -struct vba_context; - -/** - * Read NVM-RW contents into the context - * - * @param ctx struct vba_context - * @return BDB_SUCCESS or BDB_ERROR_NVM_* - */ -int nvmrw_read(struct vba_context *ctx); - -/** - * Write to NVM-RW from the context - * - * @param ctx struct vba_context - * @param type NVM_TYPE_RW_* - * @return BDB_SUCCESS or BDB_ERROR_NVM_* - */ -int nvmrw_write(struct vba_context *ctx, enum nvm_type type); - -/** - * Get a value of NVM-RW variable - * - * Callers are responsible for init and verify of ctx->nvmrw. - * - * @param ctx struct vba_context - * @param var Index of the variable - * @param val Destination where the value is stored - * @return BDB_SUCCESS or BDB_ERROR_NVM_* - */ -int nvmrw_get(struct vba_context *ctx, enum nvmrw_var var, uint32_t *val); - -/** - * Set a value in NVM-RW variable - * - * Callers are responsible for init and verify of ctx->nvmrw. - * - * @param ctx struct vba_context - * @param var Index of the variable - * @param val Value to be set - * @return BDB_SUCCESS or BDB_ERROR_NVM_* - */ -int nvmrw_set(struct vba_context *ctx, enum nvmrw_var var, uint32_t val); - -#endif diff --git a/firmware/bdb/rsa.c b/firmware/bdb/rsa.c deleted file mode 100644 index 35bfcb47..00000000 --- a/firmware/bdb/rsa.c +++ /dev/null @@ -1,337 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Boot descriptor block firmware RSA - */ - -#include <string.h> -#include "bdb.h" - -/* Public key structure in RAM */ -struct public_key { - uint32_t arrsize; /* Size of n[] and rr[] arrays in elements */ - uint32_t n0inv; /* -1 / n[0] mod 2^32 */ - const uint32_t *n; /* Modulus as little endian array */ - const uint32_t *rr; /* R^2 as little endian array */ -}; - -/** - * a[] -= mod - */ -static void subM(const struct public_key *key, uint32_t *a) -{ - int64_t A = 0; - uint32_t i; - for (i = 0; i < key->arrsize; ++i) { - A += (uint64_t)a[i] - key->n[i]; - a[i] = (uint32_t)A; - A >>= 32; - } -} - -/** - * Return a[] >= mod - */ -static int mont_ge(const struct public_key *key, uint32_t *a) -{ - uint32_t i; - for (i = key->arrsize; i;) { - --i; - if (a[i] < key->n[i]) - return 0; - if (a[i] > key->n[i]) - return 1; - } - return 1; /* equal */ -} - -/** - * Montgomery c[] += a * b[] / R % mod - */ -static void montMulAdd(const struct public_key *key, - uint32_t *c, - const uint32_t a, - const uint32_t *b) -{ - uint64_t A = (uint64_t)a * b[0] + c[0]; - uint32_t d0 = (uint32_t)A * key->n0inv; - uint64_t B = (uint64_t)d0 * key->n[0] + (uint32_t)A; - uint32_t i; - - for (i = 1; i < key->arrsize; ++i) { - A = (A >> 32) + (uint64_t)a * b[i] + c[i]; - B = (B >> 32) + (uint64_t)d0 * key->n[i] + (uint32_t)A; - c[i - 1] = (uint32_t)B; - } - - A = (A >> 32) + (B >> 32); - - c[i - 1] = (uint32_t)A; - - if (A >> 32) { - subM(key, c); - } -} - -/** - * Montgomery c[] = a[] * b[] / R % mod - */ -static void montMul(const struct public_key *key, - uint32_t *c, - const uint32_t *a, - const uint32_t *b) -{ - uint32_t i; - for (i = 0; i < key->arrsize; ++i) { - c[i] = 0; - } - for (i = 0; i < key->arrsize; ++i) { - montMulAdd(key, c, a[i], b); - } -} - -static int safe_memcmp(const void *s1, const void *s2, size_t size) -{ - const unsigned char *us1 = s1; - const unsigned char *us2 = s2; - int result = 0; - - if (0 == size) - return 0; - - /* - * Code snippet without data-dependent branch due to Nate Lawson - * (nate@root.org) of Root Labs. - */ - while (size--) - result |= *us1++ ^ *us2++; - - return result != 0; -} - -/* - * PKCS 1.5 padding (from the RSA PKCS#1 v2.1 standard) - * - * Depending on the RSA key size and hash function, the padding is calculated - * as follows: - * - * 0x00 || 0x01 || PS || 0x00 || T - * - * T: DER Encoded DigestInfo value which depends on the hash function used. - * - * SHA-256: (0x)30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 || H. - * - * Length(T) = 51 octets for SHA-256 - * - * PS: octet string consisting of {Length(RSA Key) - Length(T) - 3} 0xFF - */ -static const uint8_t sha256_tail[] = { - 0x00,0x30,0x31,0x30,0x0d,0x06,0x09,0x60, - 0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01, - 0x05,0x00,0x04,0x20 -}; - -static int check_padding(const uint8_t *sig, const struct public_key *key, - uint32_t pad_size) -{ - /* Determine padding to use depending on the signature type */ - const uint32_t tail_size = sizeof(sha256_tail); - int result = 0; - int i; - - /* First 2 bytes are always 0x00 0x01 */ - result |= *sig++ ^ 0x00; - result |= *sig++ ^ 0x01; - - /* Then 0xff bytes until the tail */ - for (i = 0; i < pad_size - tail_size - 2; i++) - result |= *sig++ ^ 0xff; - - /* - * Then the tail. Even though there are probably no timing issues - * here, we use safe_memcmp() just to be on the safe side. - */ - result |= safe_memcmp(sig, sha256_tail, tail_size); - - return result ? BDB_ERROR_DIGEST : BDB_SUCCESS; -} - -/* Array size for RSA4096 */ -#define ARRSIZE4096 (4096 / 32) - -/** - * In-place public exponentiation. (exponent 65537, key size 4096 bits) - * - * @param key Key to use in signing - * @param inout Input and output big-endian byte array - */ -static void modpowF4(const struct public_key *key, uint8_t *inout) -{ - uint32_t a[ARRSIZE4096]; - uint32_t aR[ARRSIZE4096]; - uint32_t aaR[ARRSIZE4096]; - uint32_t *aaa = aaR; /* Re-use location. */ - int i; - - /* Convert from big endian byte array to little endian word array. */ - for (i = 0; i < ARRSIZE4096; ++i) { - uint32_t tmp = - (inout[((ARRSIZE4096 - 1 - i) * 4) + 0] << 24) | - (inout[((ARRSIZE4096 - 1 - i) * 4) + 1] << 16) | - (inout[((ARRSIZE4096 - 1 - i) * 4) + 2] << 8) | - (inout[((ARRSIZE4096 - 1 - i) * 4) + 3] << 0); - a[i] = tmp; - } - - montMul(key, aR, a, key->rr); /* aR = a * RR / R mod M */ - for (i = 0; i < 16; i+=2) { - montMul(key, aaR, aR, aR); /* aaR = aR * aR / R mod M */ - montMul(key, aR, aaR, aaR); /* aR = aaR * aaR / R mod M */ - } - montMul(key, aaa, aR, a); /* aaa = aR * a / R mod M */ - - /* Make sure aaa < mod; aaa is at most 1x mod too large. */ - if (mont_ge(key, aaa)) { - subM(key, aaa); - } - - /* Convert to bigendian byte array */ - for (i = ARRSIZE4096 - 1; i >= 0; --i) { - uint32_t tmp = aaa[i]; - *inout++ = (uint8_t)(tmp >> 24); - *inout++ = (uint8_t)(tmp >> 16); - *inout++ = (uint8_t)(tmp >> 8); - *inout++ = (uint8_t)(tmp >> 0); - } -} - -int bdb_rsa4096_verify(const uint8_t *key_data, - const uint8_t *sig, - const uint8_t *digest) -{ - const uint32_t *kdata32 = (const uint32_t *)key_data; - struct public_key key; - uint8_t sig_work[BDB_RSA4096_SIG_SIZE]; - uint32_t pad_size; - int rv; - - /* Unpack key */ - if (kdata32[0] != ARRSIZE4096) - return BDB_ERROR_DIGEST; /* Wrong key size */ - - key.arrsize = kdata32[0]; - key.n0inv = kdata32[1]; - key.n = kdata32 + 2; - key.rr = kdata32 + 2 + key.arrsize; - - /* Copy signature to work buffer */ - memcpy(sig_work, sig, sizeof(sig_work)); - - modpowF4(&key, sig_work); - - /* - * Check padding. Continue on to check the digest even if error to - * reduce the risk of timing based attacks. - */ - pad_size = key.arrsize * sizeof(uint32_t) - BDB_SHA256_DIGEST_SIZE; - rv = check_padding(sig_work, &key, pad_size); - - /* - * Check digest. Even though there are probably no timing issues here, - * use safe_memcmp() just to be on the safe side. (That's also why - * we don't return before this check if the padding check failed.) - */ - if (safe_memcmp(sig_work + pad_size, digest, BDB_SHA256_DIGEST_SIZE)) - rv = BDB_ERROR_DIGEST; - - return rv; -} - -/* Array size for RSA3072B */ -#define ARRSIZE3072B (3072 / 32) - -/** - * In-place public exponentiation. (exponent 3, key size 3072 bits) - * - * @param key Key to use in signing - * @param inout Input and output big-endian byte array - */ -static void modpow3(const struct public_key *key, uint8_t *inout) -{ - uint32_t a[ARRSIZE3072B]; - uint32_t aR[ARRSIZE3072B]; - uint32_t aaR[ARRSIZE3072B]; - uint32_t *aaa = aR; /* Re-use location */ - int i; - - /* Convert from big endian byte array to little endian word array. */ - for (i = 0; i < ARRSIZE3072B; ++i) { - uint32_t tmp = - (inout[((ARRSIZE3072B - 1 - i) * 4) + 0] << 24) | - (inout[((ARRSIZE3072B - 1 - i) * 4) + 1] << 16) | - (inout[((ARRSIZE3072B - 1 - i) * 4) + 2] << 8) | - (inout[((ARRSIZE3072B - 1 - i) * 4) + 3] << 0); - a[i] = tmp; - } - - montMul(key, aR, a, key->rr); /* aR = a * RR / R mod M */ - montMul(key, aaR, aR, aR); /* aaR = aR * aR / R mod M */ - montMul(key, aaa, aaR, a); /* aaa = aaR * a / R mod M */ - - /* Make sure aaa < mod; aaa is at most 1x mod too large. */ - if (mont_ge(key, aaa)) { - subM(key, aaa); - } - - /* Convert to bigendian byte array */ - for (i = ARRSIZE3072B - 1; i >= 0; --i) { - uint32_t tmp = aaa[i]; - *inout++ = (uint8_t)(tmp >> 24); - *inout++ = (uint8_t)(tmp >> 16); - *inout++ = (uint8_t)(tmp >> 8); - *inout++ = (uint8_t)(tmp >> 0); - } -} - -int bdb_rsa3072b_verify(const uint8_t *key_data, - const uint8_t *sig, - const uint8_t *digest) -{ - const uint32_t *kdata32 = (const uint32_t *)key_data; - struct public_key key; - uint8_t sig_work[BDB_RSA3072B_SIG_SIZE]; - uint32_t pad_size; - int rv; - - /* Unpack key */ - if (kdata32[0] != ARRSIZE3072B) - return BDB_ERROR_DIGEST; /* Wrong key size */ - - key.arrsize = kdata32[0]; - key.n0inv = kdata32[1]; - key.n = kdata32 + 2; - key.rr = kdata32 + 2 + key.arrsize; - - /* Copy signature to work buffer */ - memcpy(sig_work, sig, sizeof(sig_work)); - - modpow3(&key, sig_work); - - /* - * Check padding. Continue on to check the digest even if error to - * reduce the risk of timing based attacks. - */ - pad_size = key.arrsize * sizeof(uint32_t) - BDB_SHA256_DIGEST_SIZE; - rv = check_padding(sig_work, &key, pad_size); - - /* - * Check digest. Even though there are probably no timing issues here, - * use safe_memcmp() just to be on the safe side. (That's also why - * we don't return before this check if the padding check failed.) - */ - if (safe_memcmp(sig_work + pad_size, digest, BDB_SHA256_DIGEST_SIZE)) - rv = BDB_ERROR_DIGEST; - - return rv; -} diff --git a/firmware/bdb/secrets.c b/firmware/bdb/secrets.c deleted file mode 100644 index bd6c6fcf..00000000 --- a/firmware/bdb/secrets.c +++ /dev/null @@ -1,330 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "2sysincludes.h" -#include "2hmac.h" -#include "2sha.h" -#include "bdb_api.h" -#include "bdb_struct.h" -#include "bdb.h" -#include "secrets.h" - -const uint8_t secret_constant_a[] = { - 0xad, 0xf8, 0xd1, 0xd9, 0x48, 0xe6, 0xb3, 0xe4, 0xe0, 0xc4, - 0xd8, 0x66, 0x97, 0x95, 0x71, 0xa8, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x01}; - -const uint8_t secret_constant_b[] = { - 0xba, 0x9d, 0x1d, 0x8b, 0x12, 0xbd, 0x8d, 0xcd, 0x4c, 0x89, - 0xd8, 0x18, 0x72, 0x98, 0xb5, 0x18, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x02}; - -const uint8_t secret_constant_x[] = { - 0xfd, 0xc1, 0xe5, 0x57, 0x34, 0xf4, 0xf6, 0x89, 0x6d, 0x1b, - 0x6f, 0xf2, 0xd0, 0x36, 0xdb, 0xf4, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x09}; - -const uint8_t secret_constant_y[] = { - 0x18, 0xef, 0x01, 0x8e, 0xcd, 0x62, 0xf1, 0xb0, 0x2d, 0xd4, - 0x11, 0xa4, 0xb5, 0x6e, 0x38, 0xf6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x0a}; - -const uint8_t secret_constant_c[] = { - 0x46, 0xda, 0x52, 0x8d, 0x08, 0x56, 0x14, 0xde, 0x75, 0x9c, - 0x9a, 0xeb, 0x08, 0x93, 0x3d, 0xd6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x0b}; - -const uint8_t secret_constant_fv0[] = { - 0x93, 0x32, 0xf7, 0x8d, 0xec, 0x4b, 0x26, 0x2e, 0xb3, 0x5c, - 0x39, 0xd7, 0xfc, 0xc6, 0x9f, 0x09, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x05}; - -const uint8_t secret_constant_fv1[] = { - 0x60, 0x8d, 0x96, 0x35, 0xdf, 0xf6, 0x31, 0x67, 0xab, 0xb8, - 0x9f, 0x50, 0x81, 0x28, 0x82, 0xec, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x06}; - -const uint8_t secret_constant_kv0[] = { - 0x46, 0x6d, 0xef, 0x2c, 0x05, 0xc9, 0xbf, 0xa9, 0x6b, 0xee, - 0xaa, 0x6c, 0xb9, 0xb4, 0x6d, 0x37, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x07}; - -const uint8_t secret_constant_kv1[] = { - 0x0a, 0x9e, 0xc9, 0x20, 0x29, 0xa3, 0x5d, 0xd7, 0x27, 0x55, - 0xb6, 0xa6, 0xb4, 0x80, 0x7c, 0x73, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x08}; - -const uint8_t secret_constant_k[] = { - /* - * Digest of kernel data key struct fills first 32 bytes - */ - 0x1e, 0x1d, 0xec, 0xf2, 0x6d, 0x27, 0xa6, 0xd9, - 0x67, 0x0f, 0x34, 0xc5, 0xfa, 0x01, 0x68, 0xf6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x03}; - -const uint8_t secret_constant_l[] = { - /* - * Digest of kernel data key struct fills first 32 bytes - */ - 0x9b, 0xc0, 0x29, 0xd3, 0xc3, 0x90, 0x7f, 0x82, - 0x56, 0xe2, 0x67, 0x79, 0x11, 0x74, 0xbe, 0xd0, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x04}; - -const uint8_t secret_constant_p[] = { - /* - * Digest of KDB key struct fills first 32 bytes - */ - 0xfe, 0x31, 0xed, 0xed, 0x45, 0xfd, 0x8a, 0x5d, - 0x87, 0x90, 0xac, 0x17, 0x02, 0x89, 0x2c, 0xba, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x0c}; - -const uint8_t secret_constant_q[] = { - /* - * Digest of KDB key struct fills first 32 bytes - */ - 0xc7, 0x60, 0x83, 0x0f, 0x20, 0x44, 0x5d, 0x9c, - 0x70, 0x96, 0x05, 0x2d, 0x51, 0x4b, 0x15, 0x99, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, - 0xc6, 0xc6, 0xc6, 0x0d}; - -/** - * Get constant with digest - * - * This function computes a digest of the given buffer and concatenates it - * to the given constant. - * - * @param buf Data from which a digest is computed - * @param buf_size Size of <buf> - * @param constant Buffer containing constant - * @param out Buffer where the result is stored - * @return BDB_SUCCESS on success or !BDB_SUCCESS otherwise - */ -static int get_constant_with_digest(const uint8_t *buf, uint32_t buf_size, - const uint8_t *constant, uint8_t *out) -{ - int digest_size = vb2_digest_size(VB2_HASH_SHA256); - const struct bdb_key *key = (const struct bdb_key *)buf; - - if (!buf) - return !BDB_SUCCESS; - - if (bdb_check_key(key, buf_size)) - return !BDB_SUCCESS; - - if (vb2_digest_buffer(buf, buf_size, VB2_HASH_SHA256, out, digest_size)) - return !BDB_SUCCESS; - - memcpy(out + digest_size, constant, - BDB_CONSTANT_BLOCK_SIZE - digest_size); - - return BDB_SUCCESS; -} - -/** - * Derive secrets for SP-RO - * - * This function extends a BDS to derive secrets as done by SP-RO (a.k.a. mask - * rom). - * - * @param ctx VBoot context - * @param type Type of secret to derive - * @param wsr Work secret register - * @param buf Data from which a digest is computed - * @param buf_size Size of <buf> - * @param extend sha256 extension function to be used - * @return BDB_SUCCESS on success or BDB_ERROR_* otherwise - */ -static int derive_secret_ro(struct vba_context *ctx, enum bdb_secret_type type, - uint8_t *wsr, const uint8_t *buf, uint32_t buf_size, - f_extend extend) -{ - uint8_t c[BDB_CONSTANT_BLOCK_SIZE]; - uint8_t *from; - const uint8_t *by = (const uint8_t *)c; - uint8_t *to; - - switch (type) { - case BDB_SECRET_TYPE_WSR: - from = to = wsr; - by = secret_constant_x; - break; - case BDB_SECRET_TYPE_BDB: - from = wsr; - to = ctx->secrets->bdb; - if (get_constant_with_digest(buf, buf_size, - secret_constant_p, c)) - return BDB_ERROR_SECRET_BDB; - break; - case BDB_SECRET_TYPE_BOOT_PATH: - from = wsr; - to = ctx->secrets->boot_path; - if (get_constant_with_digest(buf, buf_size, - secret_constant_k, c)) - return BDB_ERROR_SECRET_BOOT_PATH; - break; - case BDB_SECRET_TYPE_BOOT_VERIFIED: - from = wsr; - to = ctx->secrets->boot_verified; - if (ctx->flags & VBA_CONTEXT_FLAG_BDB_KEY_EFUSED) - by = secret_constant_fv0; - else - by = secret_constant_fv1; - break; - case BDB_SECRET_TYPE_NVM_WP: - from = wsr; - by = secret_constant_a; - to = ctx->secrets->nvm_wp; - break; - case BDB_SECRET_TYPE_NVM_RW: - from = ctx->secrets->nvm_wp; - by = secret_constant_b; - to = ctx->secrets->nvm_rw; - break; - default: - return BDB_ERROR_SECRET_TYPE; - } - - if (extend) - extend(from, by, to); - else - vb2_sha256_extend(from, by, to); - - return BDB_SUCCESS; -} - -int vba_derive_secret(struct vba_context *ctx, enum bdb_secret_type type, - uint8_t *wsr, const uint8_t *buf, uint32_t buf_size) -{ - uint8_t c[BDB_CONSTANT_BLOCK_SIZE]; - uint8_t *from; - const uint8_t *by = (const uint8_t *)c; - uint8_t *to; - - switch (type) { - case BDB_SECRET_TYPE_WSR: - from = to = wsr; - by = secret_constant_y; - break; - case BDB_SECRET_TYPE_BDB: - from = to = ctx->secrets->bdb; - if (get_constant_with_digest(buf, buf_size, - secret_constant_q, c)) - return BDB_ERROR_SECRET_BDB; - break; - case BDB_SECRET_TYPE_BOOT_PATH: - from = to = ctx->secrets->boot_path; - if (get_constant_with_digest(buf, buf_size, - secret_constant_l, c)) - return BDB_ERROR_SECRET_BOOT_PATH; - break; - case BDB_SECRET_TYPE_BOOT_VERIFIED: - from = to = ctx->secrets->boot_verified; - if (ctx->flags & VBA_CONTEXT_FLAG_KERNEL_DATA_KEY_VERIFIED) - by = secret_constant_kv1; - else - by = secret_constant_kv0; - break; - case BDB_SECRET_TYPE_BUC: - from = ctx->secrets->boot_verified; - by = secret_constant_c; - to = ctx->secrets->buc; - break; - default: - return BDB_ERROR_SECRET_TYPE; - } - - vb2_sha256_extend(from, by, to); - - return BDB_SUCCESS; -} - -int vba_clear_secret(struct vba_context *ctx, enum bdb_secret_type type) -{ - uint8_t *s; - - switch (type) { - case BDB_SECRET_TYPE_NVM_RW: - s = ctx->secrets->nvm_rw; - break; - case BDB_SECRET_TYPE_BDB: - s = ctx->secrets->bdb; - break; - case BDB_SECRET_TYPE_BOOT_PATH: - s = ctx->secrets->boot_path; - break; - case BDB_SECRET_TYPE_BOOT_VERIFIED: - s = ctx->secrets->boot_verified; - break; - case BDB_SECRET_TYPE_BUC: - s = ctx->secrets->buc; - break; - default: - return BDB_ERROR_SECRET_TYPE; - } - - memset(s, 0, BDB_SECRET_SIZE); - return BDB_SUCCESS; -} - -int vba_extend_secrets_ro(struct vba_context *ctx, const uint8_t *bdb, - uint8_t *wsr, f_extend extend) -{ - const struct bdb_key *bdbkey = bdb_get_bdbkey(bdb); - const struct bdb_key *datakey = bdb_get_datakey(bdb); - - derive_secret_ro(ctx, BDB_SECRET_TYPE_BDB, wsr, (const uint8_t *)bdbkey, - bdbkey->struct_size, extend); - derive_secret_ro(ctx, BDB_SECRET_TYPE_BOOT_PATH, wsr, - (const uint8_t *)datakey, datakey->struct_size, - extend); - derive_secret_ro(ctx, BDB_SECRET_TYPE_BOOT_VERIFIED, wsr, NULL, 0, - extend); - derive_secret_ro(ctx, BDB_SECRET_TYPE_NVM_WP, wsr, NULL, 0, extend); - /* Deriving NVM-RW has to be done after NVM-WP */ - derive_secret_ro(ctx, BDB_SECRET_TYPE_NVM_RW, wsr, NULL, 0, extend); - /* Extending WSR has to be done last. */ - derive_secret_ro(ctx, BDB_SECRET_TYPE_WSR, wsr, NULL, 0, extend); - - return BDB_SUCCESS; -} diff --git a/firmware/bdb/secrets.h b/firmware/bdb/secrets.h deleted file mode 100644 index 59c27cf6..00000000 --- a/firmware/bdb/secrets.h +++ /dev/null @@ -1,35 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#ifndef VBOOT_REFERENCE_FIRMWARE_BDB_SECRETS_H_ -#define VBOOT_REFERENCE_FIRMWARE_BDB_SECRETS_H_ - -#define BDB_SECRET_SIZE 32 -#define BDB_CONSTANT_BLOCK_SIZE 64 - -enum bdb_secret_type { - BDB_SECRET_TYPE_WSR, - BDB_SECRET_TYPE_NVM_WP, - BDB_SECRET_TYPE_NVM_RW, - BDB_SECRET_TYPE_BDB, - BDB_SECRET_TYPE_BOOT_VERIFIED, - BDB_SECRET_TYPE_BOOT_PATH, - BDB_SECRET_TYPE_BUC, - BDB_SECRET_TYPE_COUNT, /* Last entry. Add new secrets before this. */ -}; - -/* - * Struct storing BDB secrets passed between SP-RO and SP-RW. - */ -struct bdb_secrets { - uint8_t nvm_rw[BDB_SECRET_SIZE]; - uint8_t bdb[BDB_SECRET_SIZE]; - uint8_t boot_verified[BDB_SECRET_SIZE]; - uint8_t boot_path[BDB_SECRET_SIZE]; - uint8_t nvm_wp[BDB_SECRET_SIZE]; - uint8_t buc[BDB_SECRET_SIZE]; -}; - -#endif diff --git a/firmware/bdb/sha.c b/firmware/bdb/sha.c deleted file mode 100644 index d73098df..00000000 --- a/firmware/bdb/sha.c +++ /dev/null @@ -1,20 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include <string.h> - -#include "2sha.h" -#include "bdb.h" - -int bdb_sha256(void *digest, const void *buf, size_t size) -{ - struct vb2_sha256_context ctx; - - vb2_sha256_init(&ctx); - vb2_sha256_update(&ctx, buf, size); - vb2_sha256_finalize(&ctx, digest); - - return BDB_SUCCESS; -} diff --git a/firmware/bdb/stub.c b/firmware/bdb/stub.c deleted file mode 100644 index 4af9126c..00000000 --- a/firmware/bdb/stub.c +++ /dev/null @@ -1,51 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "bdb_api.h" -#include "bdb.h" - -__attribute__((weak)) -uint32_t vbe_get_vboot_register(enum vboot_register type) -{ - return 0; -} - -__attribute__((weak)) -void vbe_set_vboot_register(enum vboot_register type, uint32_t val) -{ - return; -} - -__attribute__((weak)) -void vbe_reset(void) -{ - return; -} - -__attribute__((weak)) -int vbe_read_nvm(enum nvm_type type, uint8_t *buf, uint32_t size) -{ - return BDB_ERROR_NOT_IMPLEMENTED; -} - -__attribute__((weak)) -int vbe_write_nvm(enum nvm_type type, void *buf, uint32_t size) -{ - return BDB_ERROR_NOT_IMPLEMENTED; -} - -__attribute__((weak)) -int vbe_aes256_encrypt(const uint8_t *msg, uint32_t len, const uint8_t *key, - uint8_t *out) -{ - return BDB_ERROR_NOT_IMPLEMENTED; -} - -__attribute__((weak)) -int vbe_aes256_decrypt(const uint8_t *msg, uint32_t len, const uint8_t *key, - uint8_t *out) -{ - return BDB_ERROR_NOT_IMPLEMENTED; -} diff --git a/firmware/bdb/vboot_register.h b/firmware/bdb/vboot_register.h deleted file mode 100644 index 8844bf62..00000000 --- a/firmware/bdb/vboot_register.h +++ /dev/null @@ -1,22 +0,0 @@ -/* Copyright 2016 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#ifndef VBOOT_REFERENCE_FIRMWARE_BDB_VBOOT_REGISTER_H -#define VBOOT_REFERENCE_FIRMWARE_BDB_VBOOT_REGISTER_H - -enum vboot_register { - /* Register cleared after every reset */ - VBOOT_REGISTER, - /* Register cleared after cold reset (persists after warm reset) */ - VBOOT_REGISTER_PERSIST, -}; - -/* Bit fields for VBOOT_REGISTER_PERSISTENT */ -#define VBOOT_REGISTER_RECOVERY_REQUEST (1 << 0) -#define VBOOT_REGISTER_TRY_SECONDARY_BDB (1 << 1) -#define VBOOT_REGISTER_FAILED_RW_PRIMARY (1 << 2) -#define VBOOT_REGISTER_FAILED_RW_SECONDARY (1 << 3) - -#endif |