/* Copyright 2016 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #ifndef VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H #define VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H #include #include "vboot_register.h" #include "nvm.h" #include "secrets.h" #include "bdb_flag.h" struct vba_context { /* Indicate which slot is being tried: 0 - primary, 1 - secondary */ uint8_t slot; /* Defined by VBA_CONTEXT_FLAG_* in bdb_flag.h */ uint32_t flags; /* BDB */ uint8_t *bdb; /* Secrets */ struct bdb_ro_secrets *ro_secrets; struct bdb_rw_secrets *rw_secrets; /* NVM-RW buffer */ struct nvmrw nvmrw; }; /** * Initialize vboot process * * @param ctx * @return enum bdb_return_code */ int vba_bdb_init(struct vba_context *ctx); /** * Finalize vboot process * * @param ctx * @return enum bdb_return_code */ int vba_bdb_finalize(struct vba_context *ctx); /** * Log failed boot attempt and reset the chip * * @param ctx */ void vba_bdb_fail(struct vba_context *ctx); /** * Update kernel and its data key version in NVM * * This is the function called from SP-RW, which receives a kernel version * from an AP-RW after successful verification of a kernel. * * It checks whether the version in NVM-RW is older than the reported version * or not. If so, it updates the version in NVM-RW. * * @param ctx * @param kernel_data_key_version * @param kernel_version * @return BDB_SUCCESS or BDB_ERROR_* */ int vba_update_kernel_version(struct vba_context *ctx, uint32_t kernel_data_key_version, uint32_t kernel_version); /** * Write new boot unlock code to NVM-RW * * @param ctx * @param new_buc New BUC to be written * @return BDB_SUCCESS or BDB_ERROR_* */ int vba_update_buc(struct vba_context *ctx, uint8_t *new_buc); /** * Derive a secret * * This derives a new secret from a secret passed from SP-RO. * * @param ctx * @param type Type of secret to derive * @param buf Buffer containing data to derive secret from * @param buf_size Size of * @return BDB_SUCCESS or BDB_ERROR_* */ int vba_derive_secret(struct vba_context *ctx, enum bdb_secret_type type, const uint8_t *buf, uint32_t buf_size); /** * Clear a secret * * @param ctx * @param type Type of secret to clear * @return BDB_SUCCESS or BDB_ERROR_* */ int vba_clear_secret(struct vba_context *ctx, enum bdb_secret_type type); /** * Get vboot register value * * Implemented by each chip * * @param type Type of register to get * @return Register value */ uint32_t vbe_get_vboot_register(enum vboot_register type); /** * Set vboot register value * * Implemented by each chip * * @param type Type of register to set * @param val Value to set */ void vbe_set_vboot_register(enum vboot_register type, uint32_t val); /** * Reset the SoC * * Implemented by each chip. This is different from reboot (a.k.a. board reset, * cold reset). */ void vbe_reset(void); /** * Read contents from Non-Volatile Memory * * Implemented by each chip. * * @param type Type of NVM * @param buf Buffer where the data will be read to * @param size Size of data to read * @return Zero if success or non-zero otherwise */ int vbe_read_nvm(enum nvm_type type, uint8_t *buf, uint32_t size); /** * Write contents to Non-Volatile Memory * * Implemented by each chip. * * @param type Type of NVM * @param buf Buffer where the data will be written from * @param size Size of data to write * @return Zero if success or non-zero otherwise */ int vbe_write_nvm(enum nvm_type type, void *buf, uint32_t size); /** * Encrypt data by AES-256 * * @param msg Message to be encrypted * @param len Length of in bytes * @param key Key used for encryption * @param out Buffer where encrypted message is stored * @return BDB_SUCCESS or BDB_ERROR_* */ int vbe_aes256_encrypt(const uint8_t *msg, uint32_t len, const uint8_t *key, uint8_t *out); /** * Decrypt data by AES-256 * * @param msg Message to be decrypted * @param len Length of in bytes * @param key Key used for decryption * @param out Buffer where decrypted message is stored * @return BDB_SUCCESS or BDB_ERROR_* */ int vbe_aes256_decrypt(const uint8_t *msg, uint32_t len, const uint8_t *key, uint8_t *out); #endif