1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
|
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Data structure definitions for verified boot, for on-disk / in-eeprom
* data.
*/
#ifndef VBOOT_REFERENCE_VBOOT_2STRUCT_H_
#define VBOOT_REFERENCE_VBOOT_2STRUCT_H_
#include <stdint.h>
/****************************************************************************/
/* GUID structure. Defined in appendix A of EFI standard. */
#define UUID_NODE_LEN 6
#define GUID_SIZE 16
struct vb2_guid {
union {
struct {
uint32_t time_low;
uint16_t time_mid;
uint16_t time_high_and_version;
uint8_t clock_seq_high_and_reserved;
uint8_t clock_seq_low;
uint8_t node[UUID_NODE_LEN];
} uuid;
uint8_t raw[GUID_SIZE];
};
} __attribute__((packed));
#define EXPECTED_GUID_SIZE GUID_SIZE
/* Key GUIDs to use for VB2_SIG_NONE and hash algorithms */
#define VB2_GUID_NONE_SHA1 \
{{{0xcfb5687a,0x6092,0x11e4,0x96,0xe1,{0x8f,0x3b,0x1a,0x60,0xa2,0x1d}}}}
#define VB2_GUID_NONE_SHA256 \
{{{0x0e4114e0,0x6093,0x11e4,0x9d,0xcb,{0x8f,0x8a,0xf4,0xca,0x2e,0x32}}}}
#define VB2_GUID_NONE_SHA512 \
{{{0x1c695960,0x6093,0x11e4,0x82,0x63,{0xdb,0xee,0xe9,0x3c,0xcd,0x7e}}}}
/****************************************************************************/
/*
* Vboot1-compatible data structures
*
*
* Note: Many of the structs have pairs of 32-bit fields and reserved fields.
* This is to be backwards-compatible with older verified boot data which used
* 64-bit fields (when we thought that hey, UEFI is 64-bit so all our fields
* should be too).
*/
/* Packed public key data */
struct vb2_packed_key {
/* Offset of key data from start of this struct */
uint32_t key_offset;
uint32_t reserved0;
/* Size of key data in bytes (NOT strength of key in bits) */
uint32_t key_size;
uint32_t reserved1;
/* Signature algorithm used by the key (enum vb2_crypto_algorithm) */
uint32_t algorithm;
uint32_t reserved2;
/* Key version */
uint32_t key_version;
uint32_t reserved3;
/* TODO: when redoing this struct, add a text description of the key */
} __attribute__((packed));
#define EXPECTED_VB2_PACKED_KEY_SIZE 32
/* Signature data (a secure hash, possibly signed) */
struct vb2_signature {
/* Offset of signature data from start of this struct */
uint32_t sig_offset;
uint32_t reserved0;
/* Size of signature data in bytes */
uint32_t sig_size;
uint32_t reserved1;
/* Size of the data block which was signed in bytes */
uint32_t data_size;
uint32_t reserved2;
} __attribute__((packed));
#define EXPECTED_VB2_SIGNATURE_SIZE 24
#define KEY_BLOCK_MAGIC "CHROMEOS"
#define KEY_BLOCK_MAGIC_SIZE 8
#define KEY_BLOCK_HEADER_VERSION_MAJOR 2
#define KEY_BLOCK_HEADER_VERSION_MINOR 1
/*
* The following flags set where the key is valid. Not used by firmware
* verification; only kernel verification.
*/
#define VB2_KEY_BLOCK_FLAG_DEVELOPER_0 0x01 /* Developer switch off */
#define VB2_KEY_BLOCK_FLAG_DEVELOPER_1 0x02 /* Developer switch on */
#define VB2_KEY_BLOCK_FLAG_RECOVERY_0 0x04 /* Not recovery mode */
#define VB2_KEY_BLOCK_FLAG_RECOVERY_1 0x08 /* Recovery mode */
/*
* Key block, containing the public key used to sign some other chunk of data.
*
* This should be followed by:
* 1) The data_key key data, pointed to by data_key.key_offset.
* 2) The checksum data for (vb2_keyblock + data_key data), pointed to
* by keyblock_checksum.sig_offset.
* 3) The signature data for (vb2_keyblock + data_key data), pointed to
* by keyblock_signature.sig_offset.
*/
struct vb2_keyblock {
/* Magic number */
uint8_t magic[KEY_BLOCK_MAGIC_SIZE];
/* Version of this header format */
uint32_t header_version_major;
/* Version of this header format */
uint32_t header_version_minor;
/*
* Length of this entire key block, including keys, signatures, and
* padding, in bytes
*/
uint32_t keyblock_size;
uint32_t reserved0;
/*
* Signature for this key block (header + data pointed to by data_key)
* For use with signed data keys
*/
struct vb2_signature keyblock_signature;
/*
* SHA-512 checksum for this key block (header + data pointed to by
* data_key) For use with unsigned data keys.
*
* Note that the vb2 lib currently only supports signed blocks.
*/
struct vb2_signature keyblock_checksum_unused;
/* Flags for key (VB2_KEY_BLOCK_FLAG_*) */
uint32_t keyblock_flags;
uint32_t reserved1;
/* Key to verify the chunk of data */
struct vb2_packed_key data_key;
} __attribute__((packed));
#define EXPECTED_VB2_KEYBLOCK_SIZE 112
/* Firmware preamble header */
#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1
/* Flags for VbFirmwarePreambleHeader.flags */
/* Reserved; do not use */
#define VB2_FIRMWARE_PREAMBLE_RESERVED0 0x00000001
/* Premable block for rewritable firmware, version 2.1.
*
* The firmware preamble header should be followed by:
* 1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset.
* 2) The signature data for the firmware body, pointed to by
* body_signature.sig_offset.
* 3) The signature data for (header + kernel_subkey data + body signature
* data), pointed to by preamble_signature.sig_offset.
*/
struct vb2_fw_preamble {
/*
* Size of this preamble, including keys, signatures, and padding, in
* bytes
*/
uint32_t preamble_size;
uint32_t reserved0;
/*
* Signature for this preamble (header + kernel subkey + body
* signature)
*/
struct vb2_signature preamble_signature;
/* Version of this header format */
uint32_t header_version_major;
uint32_t header_version_minor;
/* Firmware version */
uint32_t firmware_version;
uint32_t reserved1;
/* Key to verify kernel key block */
struct vb2_packed_key kernel_subkey;
/* Signature for the firmware body */
struct vb2_signature body_signature;
/*
* Fields added in header version 2.1. You must verify the header
* version before reading these fields!
*/
/*
* Flags; see VB2_FIRMWARE_PREAMBLE_*. Readers should return 0 for
* header version < 2.1.
*/
uint32_t flags;
} __attribute__((packed));
#define EXPECTED_VB2_FW_PREAMBLE_SIZE 108
/****************************************************************************/
/*
* Vboot2 data structures
*
*
* Offsets should be padded to 32-bit boundaries, since some architectures
* have trouble with accessing unaligned integers.
*/
/*
* Magic numbers used by vb2_struct_common.magic.
*
* All valid numbers should be listed here to avoid accidental overlap.
* Numbers start at a large value, so that previous parsers (which stored
* things like lengths and offsets at that field) will detect and reject new
* structs as invalid.
*/
enum vb2_struct_common_magic {
/* "Vb2B" = vb2_keyblock2.c.magic */
VB2_MAGIC_KEYBLOCK2 = 0x42326256,
/* "Vb2F" = vb2_fw_preamble.c.magic */
VB2_MAGIC_FW_PREAMBLE2 = 0x46326256,
/* "Vb2K" = vb2_kernel_preamble.c.magic */
VB2_MAGIC_KERNEL_PREAMBLE2 = 0x4b326256,
/* "Vb2P" = vb2_packed_key2.c.magic */
VB2_MAGIC_PACKED_KEY2 = 0x50326256,
/* "Vb2S" = vb2_signature.c.magic */
VB2_MAGIC_SIGNATURE2 = 0x53326256,
};
/*
* Generic struct header for all vboot2 structs. This makes it easy to
* automatically parse and identify vboot structs (e.g., in futility). This
* must be the first member of the parent vboot2 struct.
*/
struct vb2_struct_common {
/* Magic number; see vb2_struct_common_magic for expected values */
uint32_t magic;
/*
* Parent struct version; see each struct for the expected value.
*
* How to handle struct version mismatches, if the parser is version
* A.b and the data is version C.d:
* 1) If A.b == C.d, we're good.
* 2) If A != C, the data cannot be parsed at all.
* 3) If b < d, C.d is a newer version of data which is backwards-
* compatible to old parsers. We're good.
* 4) If b > d, C.d is an older version of data. The parser should
* use default values for fields added after version d. We're
* good.
*
* Struct versions start at 3.0, since the highest version of the old
* structures was 2.1. This way, there is no possibility of collision
* for old code which depends on the version number.
*/
uint16_t struct_version_major;
uint16_t struct_version_minor;
/*
* Size of the parent structure and all its data, including the
* description and any necessary padding. That is, all data must lie
* in a contiguous region of <total_size> bytes starting at the first
* byte of this header.
*/
uint32_t total_size;
/*
* Size of the fixed portion of the parent structure. If a description
* is present, it must start at this offset.
*/
uint32_t fixed_size;
/*
* The object may contain an ASCII description following the fixed
* portion of the structure. If it is present, it must be
* null-terminated, and padded with 0 (null) bytes to a multiple of 32
* bits.
*
* Size of ASCII description in bytes, counting null terminator and
* padding (if any). Set 0 if no description is present. If non-zero,
* there must be a null terminator (0) at offset (fixed_size +
* desc_size - 1).
*/
uint32_t desc_size;
} __attribute__((packed));
#define EXPECTED_VB2_STRUCT_COMMON_SIZE 20
/* Algorithm types for signatures */
enum vb2_signature_algorithm {
/* Invalid or unsupported signature type */
VB2_SIG_INVALID = 0,
/*
* No signature algorithm. The digest is unsigned. See
* VB2_GUID_NONE_* above for key GUIDs to use with this algorithm.
*/
VB2_SIG_NONE = 1,
/* RSA algorithms of the given length in bits (1024-8192) */
VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */
VB2_SIG_RSA2048 = 3,
VB2_SIG_RSA4096 = 4,
VB2_SIG_RSA8192 = 5,
};
/* Algorithm types for hash digests */
enum vb2_hash_algorithm {
/* Invalid or unsupported digest type */
VB2_HASH_INVALID = 0,
/* SHA-1. Warning: This is likely to be deprecated soon! */
VB2_HASH_SHA1 = 1,
/* SHA-256 and SHA-512 */
VB2_HASH_SHA256 = 2,
VB2_HASH_SHA512 = 3,
};
/* Current version of vb2_packed_key2 struct */
#define VB2_PACKED_KEY2_VERSION_MAJOR 3
#define VB2_PACKED_KEY2_VERSION_MINOR 0
/*
* Packed public key data, version 2
*
* The key data must be arranged like this:
* 1) vb2_packed_key2 header struct h
* 2) Key description (pointed to by h.c.fixed_size)
* 3) Key data key (pointed to by h.key_offset)
*/
struct vb2_packed_key2 {
/* Common header fields */
struct vb2_struct_common c;
/* Offset of key data from start of this struct */
uint32_t key_offset;
/* Size of key data in bytes (NOT strength of key in bits) */
uint32_t key_size;
/* Signature algorithm used by the key (enum vb2_signature_algorithm) */
uint16_t sig_alg;
/*
* Hash digest algorithm used with the key (enum vb2_hash_algorithm).
* This is explicitly specified as part of the key to prevent use of a
* strong key with a weak hash.
*/
uint16_t hash_alg;
/* Key version */
uint32_t key_version;
/* Key GUID */
struct vb2_guid key_guid;
} __attribute__((packed));
#define EXPECTED_VB2_PACKED_KEY2_SIZE \
(EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16)
/* Current version of vb2_signature2 struct */
#define VB2_SIGNATURE2_VERSION_MAJOR 3
#define VB2_SIGNATURE2_VERSION_MINOR 0
/*
* Signature data, version 2
*
* The signature data must be arranged like this:
* 1) vb2_signature2 header struct h
* 2) Signature description (pointed to by h.c.fixed_size)
* 3) Signature data (pointed to by h.sig_offset)
*/
struct vb2_signature2 {
/* Common header fields */
struct vb2_struct_common c;
/* Offset of signature data from start of this struct */
uint32_t sig_offset;
/* Size of signature data in bytes */
uint32_t sig_size;
/* Size of the data block which was signed in bytes */
uint32_t data_size;
/* Signature algorithm used (enum vb2_signature_algorithm) */
uint16_t sig_alg;
/* Hash digest algorithm used (enum vb2_hash_algorithm) */
uint16_t hash_alg;
/*
* GUID of key used to generate this signature. This allows the
* firmware to quickly determine which signature block (if any) goes
* with the key being used by the firmware.
*/
struct vb2_guid key_guid;
} __attribute__((packed));
#define EXPECTED_VB2_SIGNATURE2_SIZE \
(EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16)
/* Current version of vb2_keyblock2 struct */
#define VB2_KEYBLOCK2_VERSION_MAJOR 3
#define VB2_KEYBLOCK2_VERSION_MINOR 0
/*
* Key block. This contains a signed, versioned key for use in the next stage
* of verified boot.
*
* The key block data must be arranged like this:
* 1) vb2_keyblock2 header struct h
* 2) Keyblock description (pointed to by h.c.fixed_size)
* 3) Data key (pointed to by h.data_key_offset)
* 4) Signatures (first signature pointed to by h.sig_offset)
*
* The signatures from 4) must cover all the data from 1), 2), 3). That is,
* signatures must sign all data up to sig_offset.
*/
struct vb2_keyblock2 {
/* Common header fields */
struct vb2_struct_common c;
/* Flags (VB2_KEY_BLOCK_FLAG_*) */
uint32_t flags;
/*
* Offset of key (struct vb2_packed_key2) to use in next stage of
* verification, from start of the keyblock.
*/
uint32_t key_offset;
/* Number of keyblock signatures which follow */
uint32_t sig_count;
/*
* Offset of the first signature (struct vb2_signature2) from the start
* of the keyblock.
*
* Signatures sign the contents of this struct and the data pointed to
* by data_key_offset, but not themselves or other signatures.
*
* For the firmware, there may be only one signature.
*
* Kernels often have at least two signatures - one using the kernel
* subkey from the RW firmware (for signed kernels) and one which is
* simply a SHA-512 hash (for unsigned developer kernels).
*/
uint32_t sig_offset;
} __attribute__((packed));
#define EXPECTED_VB2_KEYBLOCK2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 16)
/* Current version of vb2_preamble2 struct */
#define VB2_PREAMBLE2_VERSION_MAJOR 3
#define VB2_PREAMBLE2_VERSION_MINOR 0
/* Single hash entry for the firmware preamble */
struct vb2_fw_preamble2_hash {
/* Type of data being hashed (enum vb2api_hash_tag) */
uint32_t tag;
/* Size of hashed data in bytes */
uint32_t data_size;
/* Hash digest follows this struct */
uint8_t digest[0];
} __attribute__((packed));
#define EXPECTED_VB2_FW_PREAMBLE2_HASH_SIZE 8
/*
* Firmware preamble
*
* The preamble data must be arranged like this:
* 1) vb2_fw_preamble2 header struct h
* 2) Preamble description (pointed to by h.c.fixed_size)
* 3) Hash table (pointed to by h.hash_table_offset)
* 4) Signature (pointed to by h.sig_offset)
*
* The signature 4) must cover all the data from 1), 2), 3).
*/
struct vb2_fw_preamble2 {
/* Common header fields */
struct vb2_struct_common c;
/* Flags; see VB2_FIRMWARE_PREAMBLE_* */
uint32_t flags;
/* Firmware version */
uint32_t firmware_version;
/* Offset of signature (struct vb2_signature2) for this preamble */
uint32_t sig_offset;
/*
* The preamble contains a list of hashes for the various firmware
* components. The calling firmware is responsible for knowing where
* to find those components, which may be on a different storage device
* than this preamble.
*/
/* Number of hash entries */
uint32_t hash_count;
/*
* Hash algorithm used (must be same for all entries) (enum
* vb2_hash_algorithm).
*/
uint16_t hash_alg;
/* Size of each hash entry, in bytes */
uint16_t hash_entry_size;
/*
* Offset of first hash entry from start of preamble. Entry N can be
* found at:
*
* (uint8_t *)hdr + hdr->hash_table_offset + N * hdr->hash_entry_size
*/
uint32_t hash_table_offset;
} __attribute__((packed));
#define EXPECTED_VB2_FW_PREAMBLE2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 24)
/****************************************************************************/
/* Flags for vb2_shared_data.flags */
enum vb2_shared_data_flags {
/* User has explicitly and physically requested recovery */
VB2_SD_FLAG_MANUAL_RECOVERY = (1 << 0),
/* Developer mode is enabled */
VB2_SD_DEV_MODE_ENABLED = (1 << 1),
/*
* TODO: might be nice to add flags for why dev mode is enabled - via
* gbb, virtual dev switch, or forced on for testing.
*/
};
/* Flags for vb2_shared_data.status */
enum vb2_shared_data_status {
/* Reinitialized NV data due to invalid checksum */
VB2_SD_STATUS_NV_REINIT = (1 << 0),
/* NV data has been initialized */
VB2_SD_STATUS_NV_INIT = (1 << 1),
/* Secure data initialized */
VB2_SD_STATUS_SECDATA_INIT = (1 << 2),
/* Chose a firmware slot */
VB2_SD_STATUS_CHOSE_SLOT = (1 << 3),
};
/*
* Data shared between vboot API calls. Stored at the start of the work
* buffer.
*/
struct vb2_shared_data {
/* Flags; see enum vb2_shared_data_flags */
uint32_t flags;
/* Flags from GBB header */
uint32_t gbb_flags;
/*
* Reason we are in recovery mode this boot (enum vb2_nv_recovery), or
* 0 if we aren't.
*/
uint32_t recovery_reason;
/* Firmware slot used last boot (0=A, 1=B) */
uint32_t last_fw_slot;
/* Result of last boot (enum vb2_fw_result) */
uint32_t last_fw_result;
/* Firmware slot used this boot */
uint32_t fw_slot;
/*
* Version for this slot (top 16 bits = key, lower 16 bits = firmware).
*
* TODO: Make this a union to allow getting/setting those versions
* separately?
*/
uint32_t fw_version;
/*
* Status flags for this boot; see enum vb2_shared_data_status. Status
* is "what we've done"; flags above are "decisions we've made".
*/
uint32_t status;
/**********************************************************************
* Temporary variables used during firmware verification. These don't
* really need to persist through to the OS, but there's nowhere else
* we can put them.
*/
/* Root key offset and size from GBB header */
uint32_t gbb_rootkey_offset;
uint32_t gbb_rootkey_size;
/* Offset of preamble from start of vblock */
uint32_t vblock_preamble_offset;
/*
* Offset and size of packed data key in work buffer. Size is 0 if
* data key is not stored in the work buffer.
*/
uint32_t workbuf_data_key_offset;
uint32_t workbuf_data_key_size;
/*
* Offset and size of firmware preamble in work buffer. Size if 0 if
* preamble is not stored in the work buffer.
*/
uint32_t workbuf_preamble_offset;
uint32_t workbuf_preamble_size;
/*
* Offset and size of hash context in work buffer. Size if 0 if
* hash context is not stored in the work buffer.
*/
uint32_t workbuf_hash_offset;
uint32_t workbuf_hash_size;
/* Current tag we're hashing */
uint32_t hash_tag;
/* Amount of data we still expect to hash */
uint32_t hash_remaining_size;
} __attribute__((packed));
/****************************************************************************/
/* Signature at start of the GBB
* Note that if you compile in the signature as is, you are likely to break any
* tools that search for the signature. */
#define VB2_GBB_SIGNATURE "$GBB"
#define VB2_GBB_SIGNATURE_SIZE 4
#define VB2_GBB_XOR_CHARS "****"
/* TODO: can we write a macro to produce this at compile time? */
#define VB2_GBB_XOR_SIGNATURE { 0x0e, 0x6d, 0x68, 0x68 }
/* VB2 GBB struct version */
#define VB2_GBB_MAJOR_VER 1
#define VB2_GBB_MINOR_VER 2
/* v1.2 - added fields for sha256 digest of the HWID */
/* Flags for vb2_gbb_header.flags */
enum vb2_gbb_flag {
/*
* Reduce the dev screen delay to 2 sec from 30 sec to speed up
* factory.
*/
VB2_GBB_FLAG_DEV_SCREEN_SHORT_DELAY = (1 << 0),
/*
* BIOS should load option ROMs from arbitrary PCI devices. We'll never
* enable this ourselves because it executes non-verified code, but if
* a customer wants to void their warranty and set this flag in the
* read-only flash, they should be able to do so.
*/
VB2_GBB_FLAG_LOAD_OPTION_ROMS = (1 << 1),
/*
* The factory flow may need the BIOS to boot a non-ChromeOS kernel if
* the dev-switch is on. This flag allows that.
*/
VB2_GBB_FLAG_ENABLE_ALTERNATE_OS = (1 << 2),
/*
* Force dev switch on, regardless of physical/keyboard dev switch
* position.
*/
VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON = (1 << 3),
/* Allow booting from USB in dev mode even if dev_boot_usb=0. */
VB2_GBB_FLAG_FORCE_DEV_BOOT_USB = (1 << 4),
/* Disable firmware rollback protection. */
VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK = (1 << 5),
/* Allow Enter key to trigger dev->tonorm screen transition */
VB2_GBB_FLAG_ENTER_TRIGGERS_TONORM = (1 << 6),
/* Allow booting Legacy OSes in dev mode even if dev_boot_legacy=0. */
VB2_GBB_FLAG_FORCE_DEV_BOOT_LEGACY = (1 << 7),
/* Allow booting using alternate keys for FAFT servo testing */
VB2_GBB_FLAG_FAFT_KEY_OVERIDE = (1 << 8),
/* Disable EC software sync */
VB2_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC = (1 << 9),
/* Default to booting legacy OS when dev screen times out */
VB2_GBB_FLAG_DEFAULT_DEV_BOOT_LEGACY = (1 << 10),
/* Disable PD software sync */
VB2_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC = (1 << 11),
};
struct vb2_gbb_header {
/* Fields present in version 1.1 */
uint8_t signature[VB2_GBB_SIGNATURE_SIZE]; /* VB2_GBB_SIGNATURE */
uint16_t major_version; /* See VB2_GBB_MAJOR_VER */
uint16_t minor_version; /* See VB2_GBB_MINOR_VER */
uint32_t header_size; /* Size of GBB header in bytes */
uint32_t flags; /* Flags (see enum vb2_gbb_flag) */
/* Offsets (from start of header) and sizes (in bytes) of components */
uint32_t hwid_offset; /* HWID */
uint32_t hwid_size;
uint32_t rootkey_offset; /* Root key */
uint32_t rootkey_size;
uint32_t bmpfv_offset; /* BMP FV */
uint32_t bmpfv_size;
uint32_t recovery_key_offset; /* Recovery key */
uint32_t recovery_key_size;
/* Added in version 1.2 */
uint8_t hwid_digest[32]; /* SHA-256 of HWID */
/* Pad to match EXPECETED_VB2_GBB_HEADER_SIZE. Initialize to 0. */
uint8_t pad[48];
} __attribute__((packed));
/* The GBB is used outside of vboot_reference, so this size is important. */
#define EXPECTED_VB2_GBB_HEADER_SIZE 128
#endif /* VBOOT_REFERENCE_VBOOT_2STRUCT_H_ */
|
