1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Common functions between firmware and kernel verified boot.
*/
#ifndef VBOOT_REFERENCE_VBOOT_COMMON_H_
#define VBOOT_REFERENCE_VBOOT_COMMON_H_
#include "2api.h"
#include "2struct.h"
#include "vboot_struct.h"
/* Test an important condition at compile time, not run time */
#ifndef BUILD_ASSERT
#define _BA1_(cond, line) \
extern int __build_assertion_ ## line[1 - 2*!(cond)] \
__attribute__ ((unused))
#define _BA0_(c, x) _BA1_(c, x)
#define BUILD_ASSERT(cond) _BA0_(cond, __LINE__)
#endif
/* Error Codes for all common functions. */
enum {
VBOOT_SUCCESS = 0,
/* Key block internal structure is invalid, or not a key block */
VBOOT_KEY_BLOCK_INVALID,
/* Key block signature check failed */
VBOOT_KEY_BLOCK_SIGNATURE,
/* Key block hash check failed */
VBOOT_KEY_BLOCK_HASH,
/* Invalid public key passed to a signature verficiation function. */
VBOOT_PUBLIC_KEY_INVALID,
/* Preamble internal structure is invalid */
VBOOT_PREAMBLE_INVALID,
/* Preamble signature check failed */
VBOOT_PREAMBLE_SIGNATURE,
/* Shared data is invalid. */
VBOOT_SHARED_DATA_INVALID,
/* Kernel Preamble does not contain flags */
VBOOT_KERNEL_PREAMBLE_NO_FLAGS,
VBOOT_ERROR_MAX,
};
extern const char *kVbootErrors[VBOOT_ERROR_MAX];
/*
* Helper functions to get data pointed to by a public key or signature.
*/
uint8_t *GetPublicKeyData(struct vb2_packed_key *key);
const uint8_t *GetPublicKeyDataC(const struct vb2_packed_key *key);
uint8_t *GetSignatureData(VbSignature *sig);
const uint8_t *GetSignatureDataC(const VbSignature *sig);
/*
* Helper functions to verify the data pointed to by a subfield is inside the
* parent data. Returns 0 if inside, 1 if error.
*/
int VerifyPublicKeyInside(const void *parent, uint64_t parent_size,
const struct vb2_packed_key *key);
int VerifySignatureInside(const void *parent, uint64_t parent_size,
const VbSignature *sig);
/**
* Initialize a public key to refer to [key_data].
*/
void PublicKeyInit(struct vb2_packed_key *key,
uint8_t *key_data, uint64_t key_size);
/**
* Copy a public key from [src] to [dest].
*
* Returns 0 if success, non-zero if error.
*/
int PublicKeyCopy(struct vb2_packed_key *dest,
const struct vb2_packed_key *src);
/**
* Retrieve the 16-bit vmlinuz header address and size from the kernel preamble
* if there is one. These are only available in Kernel Preamble Header version
* >= 2.1. If given a header 2.0 or lower, will set address and size to 0 (this
* is not considered an error).
*
* Returns VBOOT_SUCCESS if successful.
*/
int VbGetKernelVmlinuzHeader(const VbKernelPreambleHeader *preamble,
uint64_t *vmlinuz_header_address,
uint64_t *vmlinuz_header_size);
/**
* Checks if the kernel preamble has flags field. This is available only if the
* Kernel Preamble Header version >=2.2. If give a header of 2.1 or lower, it
* will return VBOOT_KERNEL_PREAMBLE_NO_FLAGS.
*
* Returns VBOOT_SUCCESS if version is >=2.2.
*/
int VbKernelHasFlags(const VbKernelPreambleHeader *preamble);
/**
* Verify that the Vmlinuz Header is contained inside of the kernel blob.
*
* Returns VBOOT_SUCCESS or VBOOT_PREAMBLE_INVALID on error
*/
int VerifyVmlinuzInsideKBlob(uint64_t kblob, uint64_t kblob_size,
uint64_t header, uint64_t header_size);
/**
* Initialize a verified boot shared data structure.
*
* Returns 0 if success, non-zero if error.
*/
int VbSharedDataInit(VbSharedDataHeader *header, uint64_t size);
/**
* Reserve [size] bytes of the shared data area. Returns the offset of the
* reserved data from the start of the shared data buffer, or 0 if error.
*/
uint64_t VbSharedDataReserve(VbSharedDataHeader *header, uint64_t size);
/**
* Copy the kernel subkey into the shared data.
*
* Returns 0 if success, non-zero if error.
*/
int VbSharedDataSetKernelKey(VbSharedDataHeader *header,
const struct vb2_packed_key *src);
/**
* Check whether recovery is allowed or not.
*
* The only way to pass this check and proceed to the recovery process is to
* physically request a recovery (a.k.a. manual recovery). All other recovery
* requests including manual recovery requested by a (compromised) host will
* end up with 'broken' screen.
*
* @param ctx vboot2 context pointer
* @return 1: Yes. 0: No or not sure.
*/
int vb2_allow_recovery(struct vb2_context *ctx);
#endif /* VBOOT_REFERENCE_VBOOT_COMMON_H_ */
|
