diff options
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/2lib/2secdata_firmware.c | 1 | ||||
-rw-r--r-- | firmware/2lib/2secdata_fwmp.c | 8 | ||||
-rw-r--r-- | firmware/2lib/2secdata_kernel.c | 1 | ||||
-rw-r--r-- | firmware/2lib/include/2secdata.h | 141 | ||||
-rw-r--r-- | firmware/2lib/include/2secdata_struct.h | 102 |
5 files changed, 133 insertions, 120 deletions
diff --git a/firmware/2lib/2secdata_firmware.c b/firmware/2lib/2secdata_firmware.c index 74b7ff1f..6f5d2178 100644 --- a/firmware/2lib/2secdata_firmware.c +++ b/firmware/2lib/2secdata_firmware.c @@ -10,6 +10,7 @@ #include "2crc8.h" #include "2misc.h" #include "2secdata.h" +#include "2secdata_struct.h" vb2_error_t vb2api_secdata_firmware_check(struct vb2_context *ctx) { diff --git a/firmware/2lib/2secdata_fwmp.c b/firmware/2lib/2secdata_fwmp.c index 774a7fa8..d4fda283 100644 --- a/firmware/2lib/2secdata_fwmp.c +++ b/firmware/2lib/2secdata_fwmp.c @@ -9,13 +9,7 @@ #include "2common.h" #include "2misc.h" #include "2secdata.h" - -uint32_t vb2_secdata_fwmp_crc(struct vb2_secdata_fwmp *sec) -{ - int version_offset = offsetof(struct vb2_secdata_fwmp, struct_version); - return vb2_crc8((void *)sec + version_offset, - sec->struct_size - version_offset); -} +#include "2secdata_struct.h" vb2_error_t vb2api_secdata_fwmp_check(struct vb2_context *ctx, uint8_t *size) { diff --git a/firmware/2lib/2secdata_kernel.c b/firmware/2lib/2secdata_kernel.c index fb9f0b95..2be219f5 100644 --- a/firmware/2lib/2secdata_kernel.c +++ b/firmware/2lib/2secdata_kernel.c @@ -10,6 +10,7 @@ #include "2crc8.h" #include "2misc.h" #include "2secdata.h" +#include "2secdata_struct.h" vb2_error_t vb2api_secdata_kernel_check(struct vb2_context *ctx) { diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h index 4e6fdda2..99b557de 100644 --- a/firmware/2lib/include/2secdata.h +++ b/firmware/2lib/include/2secdata.h @@ -11,9 +11,16 @@ #include "2api.h" /*****************************************************************************/ -/* Firmware version space */ +/* Firmware secure storage space */ -#define VB2_SECDATA_FIRMWARE_VERSION 2 +/* Which param to get/set for vb2_secdata_firmware_get/set() */ +enum vb2_secdata_firmware_param { + /* Flags; see vb2_secdata_firmware_flags */ + VB2_SECDATA_FIRMWARE_FLAGS = 0, + + /* Firmware versions */ + VB2_SECDATA_FIRMWARE_VERSIONS, +}; /* Flags for firmware space */ enum vb2_secdata_firmware_flags { @@ -32,103 +39,6 @@ enum vb2_secdata_firmware_flags { VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE = (1 << 1), }; -struct vb2_secdata_firmware { - /* Struct version, for backwards compatibility */ - uint8_t struct_version; - - /* Flags; see vb2_secdata_firmware_flags */ - uint8_t flags; - - /* Firmware versions */ - uint32_t fw_versions; - - /* Reserved for future expansion */ - uint8_t reserved[3]; - - /* CRC; must be last field in struct */ - uint8_t crc8; -} __attribute__((packed)); - -/* Which param to get/set for vb2_secdata_firmware_get/set() */ -enum vb2_secdata_firmware_param { - /* Flags; see vb2_secdata_firmware_flags */ - VB2_SECDATA_FIRMWARE_FLAGS = 0, - - /* Firmware versions */ - VB2_SECDATA_FIRMWARE_VERSIONS, -}; - -/*****************************************************************************/ -/* Kernel version space */ - -/* Kernel space - KERNEL_NV_INDEX, locked with physical presence. */ -#define VB2_SECDATA_KERNEL_VERSION 2 -#define VB2_SECDATA_KERNEL_UID 0x4752574c /* 'GRWL' */ - -struct vb2_secdata_kernel { - /* Struct version, for backwards compatibility */ - uint8_t struct_version; - - /* Unique ID to detect space redefinition */ - uint32_t uid; - - /* Kernel versions */ - uint32_t kernel_versions; - - /* Reserved for future expansion */ - uint8_t reserved[3]; - - /* CRC; must be last field in struct */ - uint8_t crc8; -} __attribute__((packed)); - -/* Which param to get/set for vb2_secdata_kernel_get/set() */ -enum vb2_secdata_kernel_param { - /* Kernel versions */ - VB2_SECDATA_KERNEL_VERSIONS = 0, -}; - -/*****************************************************************************/ -/* Firmware management parameters (FWMP) space */ - -#define VB2_SECDATA_FWMP_VERSION 0x10 /* 1.0 */ -#define VB2_SECDATA_FWMP_HASH_SIZE 32 /* enough for SHA-256 */ - -/* Flags for FWMP space */ -enum vb2_secdata_fwmp_flags { - VB2_SECDATA_FWMP_DEV_DISABLE_BOOT = (1 << 0), - VB2_SECDATA_FWMP_DEV_DISABLE_RECOVERY = (1 << 1), - VB2_SECDATA_FWMP_DEV_ENABLE_USB = (1 << 2), - VB2_SECDATA_FWMP_DEV_ENABLE_LEGACY = (1 << 3), - VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY = (1 << 4), - VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5), - /* CCD = case-closed debugging on cr50; flag implemented on cr50 */ - VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6), -}; - -struct vb2_secdata_fwmp { - /* CRC-8 of fields following struct_size */ - uint8_t crc8; - - /* Structure size in bytes */ - uint8_t struct_size; - - /* Structure version (4 bits major, 4 bits minor) */ - uint8_t struct_version; - - /* Reserved; ignored by current reader */ - uint8_t reserved0; - - /* Flags; see enum vb2_secdata_fwmp_flags */ - uint32_t flags; - - /* Hash of developer kernel key */ - uint8_t dev_key_hash[VB2_SECDATA_FWMP_HASH_SIZE]; -}; - -/*****************************************************************************/ -/* Firmware secure storage space functions */ - /** * Initialize firmware secure storage context and verify its CRC. * @@ -164,12 +74,18 @@ vb2_error_t vb2_secdata_firmware_set(struct vb2_context *ctx, uint32_t value); /*****************************************************************************/ -/* Kernel secure storage space functions +/* Kernel secure storage space * * These are separate functions so that they don't bloat the size of the early * boot code which uses the firmware version space functions. */ +/* Which param to get/set for vb2_secdata_kernel_get/set() */ +enum vb2_secdata_kernel_param { + /* Kernel versions */ + VB2_SECDATA_KERNEL_VERSIONS = 0, +}; + /** * Initialize kernel secure storage context and verify its CRC. * @@ -205,20 +121,19 @@ vb2_error_t vb2_secdata_kernel_set(struct vb2_context *ctx, uint32_t value); /*****************************************************************************/ -/* Firmware management parameters (FWMP) space functions */ +/* Firmware management parameters (FWMP) space */ -/** - * Generate CRC for FWMP secure storage space. - * - * Calculate CRC hash from struct_version onward. Should not be used; - * prototype only in header for use by unittests. - * - * In valid FWMP data, this CRC value should match the crc8 field. - * - * @param sec Pointer to FWMP struct - * @return 32-bit CRC hash of FWMP data - */ -uint32_t vb2_secdata_fwmp_crc(struct vb2_secdata_fwmp *sec); +/* Flags for FWMP space */ +enum vb2_secdata_fwmp_flags { + VB2_SECDATA_FWMP_DEV_DISABLE_BOOT = (1 << 0), + VB2_SECDATA_FWMP_DEV_DISABLE_RECOVERY = (1 << 1), + VB2_SECDATA_FWMP_DEV_ENABLE_USB = (1 << 2), + VB2_SECDATA_FWMP_DEV_ENABLE_LEGACY = (1 << 3), + VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY = (1 << 4), + VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5), + /* CCD = case-closed debugging on cr50; flag implemented on cr50 */ + VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6), +}; /** * Initialize FWMP secure storage context and verify its CRC. diff --git a/firmware/2lib/include/2secdata_struct.h b/firmware/2lib/include/2secdata_struct.h new file mode 100644 index 00000000..92c2408c --- /dev/null +++ b/firmware/2lib/include/2secdata_struct.h @@ -0,0 +1,102 @@ +/* Copyright 2019 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Secure non-volatile storage data structure definitions + */ + +#ifndef VBOOT_REFERENCE_2SECDATA_STRUCT_H_ +#define VBOOT_REFERENCE_2SECDATA_STRUCT_H_ + +#include "2crc8.h" +#include "2sysincludes.h" + +/*****************************************************************************/ +/* Firmware secure storage space */ + +#define VB2_SECDATA_FIRMWARE_VERSION 2 + +struct vb2_secdata_firmware { + /* Struct version, for backwards compatibility */ + uint8_t struct_version; + + /* Flags; see vb2_secdata_firmware_flags */ + uint8_t flags; + + /* Firmware versions */ + uint32_t fw_versions; + + /* Reserved for future expansion */ + uint8_t reserved[3]; + + /* CRC; must be last field in struct */ + uint8_t crc8; +} __attribute__((packed)); + +/*****************************************************************************/ +/* Kernel secure storage space */ + +/* Kernel space - KERNEL_NV_INDEX, locked with physical presence. */ +#define VB2_SECDATA_KERNEL_VERSION 2 +#define VB2_SECDATA_KERNEL_UID 0x4752574c /* 'LWRG' */ + +struct vb2_secdata_kernel { + /* Struct version, for backwards compatibility */ + uint8_t struct_version; + + /* Unique ID to detect space redefinition */ + uint32_t uid; + + /* Kernel versions */ + uint32_t kernel_versions; + + /* Reserved for future expansion */ + uint8_t reserved[3]; + + /* CRC; must be last field in struct */ + uint8_t crc8; +} __attribute__((packed)); + +/*****************************************************************************/ +/* Firmware management parameters (FWMP) space */ + +#define VB2_SECDATA_FWMP_VERSION 0x10 /* 1.0 */ +#define VB2_SECDATA_FWMP_HASH_SIZE 32 /* enough for SHA-256 */ + +struct vb2_secdata_fwmp { + /* CRC-8 of fields following struct_size */ + uint8_t crc8; + + /* Structure size in bytes */ + uint8_t struct_size; + + /* Structure version (4 bits major, 4 bits minor) */ + uint8_t struct_version; + + /* Reserved; ignored by current reader */ + uint8_t reserved0; + + /* Flags; see enum vb2_secdata_fwmp_flags */ + uint32_t flags; + + /* Hash of developer kernel key */ + uint8_t dev_key_hash[VB2_SECDATA_FWMP_HASH_SIZE]; +}; + +/** + * Generate CRC for FWMP secure storage space. + * + * Calculate CRC hash from struct_version onward. In valid FWMP data, this CRC + * value should match the crc8 field. + * + * @param sec Pointer to FWMP struct + * @return 32-bit CRC hash of FWMP data + */ +static __inline uint32_t vb2_secdata_fwmp_crc(struct vb2_secdata_fwmp *sec) +{ + int version_offset = offsetof(struct vb2_secdata_fwmp, struct_version); + return vb2_crc8((void *)sec + version_offset, + sec->struct_size - version_offset); +} + +#endif /* VBOOT_REFERENCE_2SECDATA_STRUCT_H_ */ |