1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
|
/* Copyright (c) 2015 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Boot descriptor block structures
*/
#ifndef VBOOT_REFERENCE_BDB_STRUCT_H_
#define VBOOT_REFERENCE_BDB_STRUCT_H_
#include <stdint.h>
/* Size of SHA256 digest in bytes */
#define BDB_SHA256_DIGEST_SIZE 32
/* Size of RSA4096 key data in bytes */
#define BDB_RSA4096_KEY_DATA_SIZE 1032
/* Size of RSA4096 signature in bytes */
#define BDB_RSA4096_SIG_SIZE 512
/* Size of ECDSA521 key data in bytes = ceil(521/8) * 2 */
#define BDB_ECDSA521_KEY_DATA_SIZE 132
/* Size of ECDSA521 signature in bytes = ceil(521/8) * 2 */
#define BDB_ECDSA521_SIG_SIZE 132
/* Size of RSA3072B key data in bytes */
#define BDB_RSA3072B_KEY_DATA_SIZE 776
/* Size of RSA3072B signature in bytes */
#define BDB_RSA3072B_SIG_SIZE 384
/*****************************************************************************/
/* Header for BDB */
/* Magic number for bdb_header.struct_magic */
#define BDB_HEADER_MAGIC 0x30426442
/* Current version of bdb_header struct */
#define BDB_HEADER_VERSION_MAJOR 1
#define BDB_HEADER_VERSION_MINOR 0
/* Expected size of bdb_header struct in bytes */
#define BDB_HEADER_EXPECTED_SIZE 32
struct bdb_header {
/* Magic number to identify struct = BDB_HEADER_MAGIC. */
uint32_t struct_magic;
/* Structure version = BDB_HEADER_VERSION{MAJOR,MINOR} */
uint8_t struct_major_version;
uint8_t struct_minor_version;
/* Size of structure in bytes */
uint16_t struct_size;
/* Recommended address in SP SRAM to load BDB. Set to -1 to use
* default address. */
uint64_t bdb_load_address;
/* Size of the entire BDB in bytes */
uint32_t bdb_size;
/* Number of bytes following the BDB key which are signed by the BDB
* header signature. */
uint32_t signed_size;
/* Size of OEM area 0 in bytes, or 0 if not present */
uint32_t oem_area_0_size;
/* Reserved; set 0 */
uint8_t reserved0[8];
} __attribute__((packed));
/*****************************************************************************/
/* Public key structure for BDB */
/* Magic number for bdb_key.struct_magic */
#define BDB_KEY_MAGIC 0x73334256
/* Current version of bdb_key struct */
#define BDB_KEY_VERSION_MAJOR 1
#define BDB_KEY_VERSION_MINOR 0
/* Supported hash algorithms */
enum bdb_hash_alg {
BDB_HASH_ALG_INVALID = 0, /* Not used; invalid */
BDB_HASH_ALG_SHA256 = 2, /* SHA-256 */
};
/* Supported signature algorithms */
enum bdb_sig_alg {
BDB_SIG_ALG_INVALID = 0, /* Not used; invalid */
BDB_SIG_ALG_RSA4096 = 3, /* RSA-4096, exponent 65537 */
BDB_SIG_ALG_ECSDSA521 = 5, /* ECDSA-521 */
BDB_SIG_ALG_RSA3072B = 7, /* RSA_3072, exponent 3 */
};
/*
* Expected size of bdb_key struct in bytes, not counting variable-length key
* data at end.
*/
#define BDB_KEY_EXPECTED_SIZE 80
struct bdb_key {
/* Magic number to identify struct = BDB_KEY_MAGIC. */
uint32_t struct_magic;
/* Structure version = BDB_KEY_VERSION{MAJOR,MINOR} */
uint8_t struct_major_version;
uint8_t struct_minor_version;
/* Size of structure in bytes, including variable-length key data */
uint16_t struct_size;
/* Hash algorithm (enum bdb_hash_alg) */
uint8_t hash_alg;
/* Signature algorithm (enum bdb_sig_alg) */
uint8_t sig_alg;
/* Reserved; set 0 */
uint8_t reserved0[2];
/* Key version */
uint32_t key_version;
/* Description; null-terminated ASCII */
char description[128];
/*
* Key data. Variable-length; size is struct_size -
* offset_of(bdb_key, key_data).
*/
uint8_t key_data[0];
} __attribute__((packed));
/*****************************************************************************/
/* Signature structure for BDB */
/* Magic number for bdb_sig.struct_magic */
#define BDB_SIG_MAGIC 0x6b334256
/* Current version of bdb_sig struct */
#define BDB_SIG_VERSION_MAJOR 1
#define BDB_SIG_VERSION_MINOR 0
struct bdb_sig {
/* Magic number to identify struct = BDB_SIG_MAGIC. */
uint32_t struct_magic;
/* Structure version = BDB_SIG_VERSION{MAJOR,MINOR} */
uint8_t struct_major_version;
uint8_t struct_minor_version;
/* Size of structure in bytes, including variable-length signature
* data. */
uint16_t struct_size;
/* Hash algorithm used for this signature (enum bdb_hash_alg) */
uint8_t hash_alg;
/* Signature algorithm (enum bdb_sig_alg) */
uint8_t sig_alg;
/* Reserved; set 0 */
uint8_t reserved0[2];
/* Number of bytes of data signed by this signature */
uint32_t signed_size;
/* Description; null-terminated ASCII */
char description[128];
/* Signature data. Variable-length; size is struct_size -
* offset_of(bdb_sig, sig_data). */
uint8_t sig_data[0];
} __attribute__((packed));
/*****************************************************************************/
/* Data structure for BDB */
/* Magic number for bdb_data.struct_magic */
#define BDB_DATA_MAGIC 0x31426442
/* Current version of bdb_sig struct */
#define BDB_DATA_VERSION_MAJOR 1
#define BDB_DATA_VERSION_MINOR 0
struct bdb_data {
/* Magic number to identify struct = BDB_DATA_MAGIC. */
uint32_t struct_magic;
/* Structure version = BDB_DATA_VERSION{MAJOR,MINOR} */
uint8_t struct_major_version;
uint8_t struct_minor_version;
/* Size of structure in bytes, NOT including hashes which follow. */
uint16_t struct_size;
/* Version of data (RW firmware) contained */
uint32_t data_version;
/* Size of OEM area 1 in bytes, or 0 if not present */
uint32_t oem_area_1_size;
/* Number of hashes which follow */
uint8_t num_hashes;
/* Size of each hash entry in bytes */
uint8_t hash_entry_size;
/* Reserved; set 0 */
uint8_t reserved0[2];
/* Number of bytes of data signed by the subkey, including this
* header */
uint32_t signed_size;
/* Reserved; set 0 */
uint8_t reserved1[8];
/* Description; null-terminated ASCII */
char description[128];
} __attribute__((packed));
/* Type of data for bdb_hash.type */
enum bdb_data_type {
/* Types of data for boot descriptor blocks */
BDB_DATA_SP_RW = 1, /* SP-RW firmware */
BDB_DATA_AP_RW = 2, /* AP-RW firmware */
BDB_DATA_MCU = 3, /* MCU firmware */
/* Types of data for kernel descriptor blocks */
BDB_DATA_KERNEL = 128, /* Kernel */
BDB_DATA_CMD_LINE = 129, /* Command line */
BDB_DATA_HEADER16 = 130, /* 16-bit vmlinuz header */
};
/* Hash entries which follow the structure */
struct bdb_hash {
/* Offset of data from start of partition */
uint64_t offset;
/* Size of data in bytes */
uint32_t size;
/* Partition number containing data */
uint8_t partition;
/* Type of data; enum bdb_data_type */
uint8_t type;
/* Reserved; set 0 */
uint8_t reserved0[2];
/* Address in RAM to load data. -1 means use default. */
uint64_t load_address;
/* SHA-256 hash digest */
uint8_t digest[BDB_SHA256_DIGEST_SIZE];
} __attribute__((packed));
/*****************************************************************************/
#endif /* VBOOT_REFERENCE_BDB_STRUCT_H_ */
|
