1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
/* Copyright 2016 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#ifndef VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H
#define VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H
#include <stdint.h>
#include "vboot_register.h"
#include "nvm.h"
#include "secrets.h"
struct vba_context {
/* Indicate which slot is being tried: 0 - primary, 1 - secondary */
uint8_t slot;
/* BDB */
uint8_t *bdb;
/* Secrets */
struct bdb_ro_secrets *ro_secrets;
struct bdb_rw_secrets *rw_secrets;
/* NVM-RW buffer */
struct nvmrw nvmrw;
};
/**
* Initialize vboot process
*
* @param ctx
* @return enum bdb_return_code
*/
int vba_bdb_init(struct vba_context *ctx);
/**
* Finalize vboot process
*
* @param ctx
* @return enum bdb_return_code
*/
int vba_bdb_finalize(struct vba_context *ctx);
/**
* Log failed boot attempt and reset the chip
*
* @param ctx
*/
void vba_bdb_fail(struct vba_context *ctx);
/**
* Update kernel and its data key version in NVM
*
* This is the function called from SP-RW, which receives a kernel version
* from an AP-RW after successful verification of a kernel.
*
* It checks whether the version in NVM-RW is older than the reported version
* or not. If so, it updates the version in NVM-RW.
*
* @param ctx
* @param kernel_data_key_version
* @param kernel_version
* @return BDB_SUCCESS or BDB_ERROR_*
*/
int vba_update_kernel_version(struct vba_context *ctx,
uint32_t kernel_data_key_version,
uint32_t kernel_version);
/**
* Write new boot unlock code to NVM-RW
*
* @param ctx
* @param new_buc New BUC to be written
* @return BDB_SUCCESS or BDB_ERROR_*
*/
int vba_update_buc(struct vba_context *ctx, uint8_t *new_buc);
/**
* Get vboot register value
*
* Implemented by each chip
*
* @param type Type of register to get
* @return Register value
*/
uint32_t vbe_get_vboot_register(enum vboot_register type);
/**
* Set vboot register value
*
* Implemented by each chip
*
* @param type Type of register to set
* @param val Value to set
*/
void vbe_set_vboot_register(enum vboot_register type, uint32_t val);
/**
* Reset the SoC
*
* Implemented by each chip. This is different from reboot (a.k.a. board reset,
* cold reset).
*/
void vbe_reset(void);
/**
* Read contents from Non-Volatile Memory
*
* Implemented by each chip.
*
* @param type Type of NVM
* @param buf Buffer where the data will be read to
* @param size Size of data to read
* @return Zero if success or non-zero otherwise
*/
int vbe_read_nvm(enum nvm_type type, uint8_t *buf, uint32_t size);
/**
* Write contents to Non-Volatile Memory
*
* Implemented by each chip.
*
* @param type Type of NVM
* @param buf Buffer where the data will be written from
* @param size Size of data to write
* @return Zero if success or non-zero otherwise
*/
int vbe_write_nvm(enum nvm_type type, void *buf, uint32_t size);
/**
* Encrypt data by AES-256
*
* @param msg Message to be encrypted
* @param len Length of <msg> in bytes
* @param key Key used for encryption
* @param out Buffer where encrypted message is stored
* @return BDB_SUCCESS or BDB_ERROR_*
*/
int vbe_aes256_encrypt(const uint8_t *msg, uint32_t len, const uint8_t *key,
uint8_t *out);
/**
* Decrypt data by AES-256
*
* @param msg Message to be decrypted
* @param len Length of <msg> in bytes
* @param key Key used for decryption
* @param out Buffer where decrypted message is stored
* @return BDB_SUCCESS or BDB_ERROR_*
*/
int vbe_aes256_decrypt(const uint8_t *msg, uint32_t len, const uint8_t *key,
uint8_t *out);
#endif
|
