1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
/* Copyright 2016 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#ifndef VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H
#define VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H
#include <stdint.h>
#include "vboot_register.h"
#include "nvm.h"
#include "secrets.h"
#include "bdb_flag.h"
struct vba_context {
/* Indicate which slot is being tried: 0 - primary, 1 - secondary */
uint8_t slot;
/* Defined by VBA_CONTEXT_FLAG_* in bdb_flag.h */
uint32_t flags;
/* BDB */
uint8_t *bdb;
/* Secrets */
struct bdb_ro_secrets *ro_secrets;
struct bdb_rw_secrets *rw_secrets;
/* NVM-RW buffer */
struct nvmrw nvmrw;
};
/**
* Initialize vboot process
*
* @param ctx
* @return enum bdb_return_code
*/
int vba_bdb_init(struct vba_context *ctx);
/**
* Finalize vboot process
*
* @param ctx
* @return enum bdb_return_code
*/
int vba_bdb_finalize(struct vba_context *ctx);
/**
* Log failed boot attempt and reset the chip
*
* @param ctx
*/
void vba_bdb_fail(struct vba_context *ctx);
/**
* Update kernel and its data key version in NVM
*
* This is the function called from SP-RW, which receives a kernel version
* from an AP-RW after successful verification of a kernel.
*
* It checks whether the version in NVM-RW is older than the reported version
* or not. If so, it updates the version in NVM-RW.
*
* @param ctx
* @param kernel_data_key_version
* @param kernel_version
* @return BDB_SUCCESS or BDB_ERROR_*
*/
int vba_update_kernel_version(struct vba_context *ctx,
uint32_t kernel_data_key_version,
uint32_t kernel_version);
/**
* Write new boot unlock code to NVM-RW
*
* @param ctx
* @param new_buc New BUC to be written
* @return BDB_SUCCESS or BDB_ERROR_*
*/
int vba_update_buc(struct vba_context *ctx, uint8_t *new_buc);
/**
* Derive a secret
*
* This derives a new secret from a secret passed from SP-RO.
*
* @param ctx
* @param type Type of secret to derive
* @param buf Buffer containing data to derive secret from
* @param buf_size Size of <buf>
* @return BDB_SUCCESS or BDB_ERROR_*
*/
int vba_derive_secret(struct vba_context *ctx, enum bdb_secret_type type,
const uint8_t *buf, uint32_t buf_size);
/**
* Clear a secret
*
* @param ctx
* @param type Type of secret to clear
* @return BDB_SUCCESS or BDB_ERROR_*
*/
int vba_clear_secret(struct vba_context *ctx, enum bdb_secret_type type);
/**
* Get vboot register value
*
* Implemented by each chip
*
* @param type Type of register to get
* @return Register value
*/
uint32_t vbe_get_vboot_register(enum vboot_register type);
/**
* Set vboot register value
*
* Implemented by each chip
*
* @param type Type of register to set
* @param val Value to set
*/
void vbe_set_vboot_register(enum vboot_register type, uint32_t val);
/**
* Reset the SoC
*
* Implemented by each chip. This is different from reboot (a.k.a. board reset,
* cold reset).
*/
void vbe_reset(void);
/**
* Read contents from Non-Volatile Memory
*
* Implemented by each chip.
*
* @param type Type of NVM
* @param buf Buffer where the data will be read to
* @param size Size of data to read
* @return Zero if success or non-zero otherwise
*/
int vbe_read_nvm(enum nvm_type type, uint8_t *buf, uint32_t size);
/**
* Write contents to Non-Volatile Memory
*
* Implemented by each chip.
*
* @param type Type of NVM
* @param buf Buffer where the data will be written from
* @param size Size of data to write
* @return Zero if success or non-zero otherwise
*/
int vbe_write_nvm(enum nvm_type type, void *buf, uint32_t size);
/**
* Encrypt data by AES-256
*
* @param msg Message to be encrypted
* @param len Length of <msg> in bytes
* @param key Key used for encryption
* @param out Buffer where encrypted message is stored
* @return BDB_SUCCESS or BDB_ERROR_*
*/
int vbe_aes256_encrypt(const uint8_t *msg, uint32_t len, const uint8_t *key,
uint8_t *out);
/**
* Decrypt data by AES-256
*
* @param msg Message to be decrypted
* @param len Length of <msg> in bytes
* @param key Key used for decryption
* @param out Buffer where decrypted message is stored
* @return BDB_SUCCESS or BDB_ERROR_*
*/
int vbe_aes256_decrypt(const uint8_t *msg, uint32_t len, const uint8_t *key,
uint8_t *out);
#endif
|
