OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Data structure and API definitions for a verified boot firmware image. | 5 * Data structure and API definitions for a verified boot firmware image. |
6 */ | 6 */ |
7 | 7 |
8 #ifndef VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ | 8 #ifndef VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ |
9 #define VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ | 9 #define VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ |
10 | 10 |
11 #include <inttypes.h> | 11 #include <inttypes.h> |
12 | 12 |
13 #include "rsa.h" | 13 #include "rsa.h" |
14 #include "sha.h" | 14 #include "sha.h" |
15 | 15 |
16 #define FIRMWARE_MAGIC "CHROMEOS" | 16 #define FIRMWARE_MAGIC "CHROMEOS" |
17 #define FIRMWARE_MAGIC_SIZE 8 | 17 #define FIRMWARE_MAGIC_SIZE 8 |
18 #define FIRMWARE_PREAMBLE_SIZE 8 | 18 #define FIRMWARE_PREAMBLE_SIZE 8 |
19 | 19 |
20 /* RSA 8192 and SHA-512. */ | 20 /* RSA 8192 and SHA-512. */ |
21 #define ROOT_SIGNATURE_ALGORITHM 11 | 21 #define ROOT_SIGNATURE_ALGORITHM 11 |
22 #define ROOT_SIGNATURE_ALGORITHM_STRING "11" | 22 #define ROOT_SIGNATURE_ALGORITHM_STRING "11" |
23 | 23 |
24 typedef struct FirmwareImage { | 24 typedef struct FirmwareImage { |
25 uint8_t magic[FIRMWARE_MAGIC_SIZE]; | 25 uint8_t magic[FIRMWARE_MAGIC_SIZE]; |
26 /* Key Header */ | 26 /* Key Header */ |
27 uint16_t header_len; /* Length of the header. */ | 27 uint16_t header_len; /* Length of the header. */ |
28 uint16_t firmware_sign_algorithm; /* Signature algorithm used by the signing | 28 uint16_t firmware_sign_algorithm; /* Signature algorithm used by the signing |
29 * key. */ | 29 * key. */ |
| 30 uint16_t firmware_key_version; /* Key Version# for preventing rollbacks. */ |
30 uint8_t* firmware_sign_key; /* Pre-processed public half of signing key. */ | 31 uint8_t* firmware_sign_key; /* Pre-processed public half of signing key. */ |
31 uint16_t firmware_key_version; /* Key Version# for preventing rollbacks. */ | |
32 uint8_t header_checksum[SHA512_DIGEST_SIZE]; /* SHA-512 hash of the header.*/ | 32 uint8_t header_checksum[SHA512_DIGEST_SIZE]; /* SHA-512 hash of the header.*/ |
33 | 33 |
34 uint8_t firmware_key_signature[RSA8192NUMBYTES]; /* Signature of the header | 34 uint8_t firmware_key_signature[RSA8192NUMBYTES]; /* Signature of the header |
35 * above. */ | 35 * above. */ |
36 | 36 |
37 /* Firmware Preamble. */ | 37 /* Firmware Preamble. */ |
38 uint16_t firmware_version; /* Firmware Version# for preventing rollbacks.*/ | 38 uint16_t firmware_version; /* Firmware Version# for preventing rollbacks.*/ |
39 uint64_t firmware_len; /* Length of the rest of the R/W firmware data. */ | 39 uint64_t firmware_len; /* Length of the rest of the R/W firmware data. */ |
40 uint8_t preamble[FIRMWARE_PREAMBLE_SIZE]; /* Remaining preamble data.*/ | 40 uint8_t preamble[FIRMWARE_PREAMBLE_SIZE]; /* Remaining preamble data.*/ |
41 | 41 |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 void PrintFirmwareImage(const FirmwareImage* image); | 106 void PrintFirmwareImage(const FirmwareImage* image); |
107 | 107 |
108 /* Error Codes for VerifyFirmware* family of functions. */ | 108 /* Error Codes for VerifyFirmware* family of functions. */ |
109 #define VERIFY_FIRMWARE_SUCCESS 0 | 109 #define VERIFY_FIRMWARE_SUCCESS 0 |
110 #define VERIFY_FIRMWARE_INVALID_IMAGE 1 | 110 #define VERIFY_FIRMWARE_INVALID_IMAGE 1 |
111 #define VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED 2 | 111 #define VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED 2 |
112 #define VERIFY_FIRMWARE_INVALID_ALGORITHM 3 | 112 #define VERIFY_FIRMWARE_INVALID_ALGORITHM 3 |
113 #define VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED 4 | 113 #define VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED 4 |
114 #define VERIFY_FIRMWARE_SIGNATURE_FAILED 5 | 114 #define VERIFY_FIRMWARE_SIGNATURE_FAILED 5 |
115 #define VERIFY_FIRMWARE_WRONG_MAGIC 6 | 115 #define VERIFY_FIRMWARE_WRONG_MAGIC 6 |
116 #define VERIFY_FIRMWARE_MAX 7 /* Generic catch-all. */ | 116 #define VERIFY_FIRMWARE_WRONG_HEADER_CHECKSUM 7 |
| 117 #define VERIFY_FIRMWARE_KEY_ROLLBACK 8 |
| 118 #define VERIFY_FIRMWARE_VERSION_ROLLBACK 9 |
| 119 #define VERIFY_FIRMWARE_MAX 10 /* Total number of error codes. */ |
117 | 120 |
118 extern char* kVerifyFirmwareErrors[VERIFY_FIRMWARE_MAX]; | 121 extern char* kVerifyFirmwareErrors[VERIFY_FIRMWARE_MAX]; |
119 | 122 |
120 /* Checks for the sanity of the firmware header pointed by [header_blob]. | 123 /* Checks for the sanity of the firmware header pointed by [header_blob]. |
121 * If [dev_mode] is enabled, also checks the root key signature using the | 124 * If [dev_mode] is enabled, also checks the root key signature using the |
122 * pre-processed public root key [root_key_blob]. | 125 * pre-processed public root key [root_key_blob]. |
123 * | 126 * |
124 * On success, put signature algorithm in [algorithm], header length | 127 * On success, put signature algorithm in [algorithm], header length |
125 * in [header_len], and return 0. | 128 * in [header_len], and return 0. |
126 * Else, return error code on failure. | 129 * Else, return error code on failure. |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
191 */ | 194 */ |
192 int AddFirmwareKeySignature(FirmwareImage* image, const char* root_key_file); | 195 int AddFirmwareKeySignature(FirmwareImage* image, const char* root_key_file); |
193 | 196 |
194 /* Add firmware and preamble signature to a firmware image [image] | 197 /* Add firmware and preamble signature to a firmware image [image] |
195 * using the private signing key in file [signing_key_file]. | 198 * using the private signing key in file [signing_key_file]. |
196 * | 199 * |
197 * Return 1 on success, 0 on failure. | 200 * Return 1 on success, 0 on failure. |
198 */ | 201 */ |
199 int AddFirmwareSignature(FirmwareImage* image, const char* signing_key_file); | 202 int AddFirmwareSignature(FirmwareImage* image, const char* signing_key_file); |
200 | 203 |
| 204 /* Returns the logical version of a firmware blob which is calculated as |
| 205 * (firmware_key_version << 16 | firmware_version). */ |
| 206 uint32_t GetLogicalFirmwareVersion(uint8_t* firmware_blob); |
| 207 |
| 208 #define BOOT_FIRMWARE_A_CONTINUE 1 |
| 209 #define BOOT_FIRMWARE_B_CONTINUE 2 |
| 210 #define BOOT_FIRMWARE_RECOVERY_CONTINUE 3 |
| 211 |
| 212 /* This function is the driver used by the RO firmware to |
| 213 * determine which copy of the firmware to boot from. It performs |
| 214 * the requisite rollback index checking, including updating them, |
| 215 * if required. |
| 216 * |
| 217 * Returns the code path to follow. It is one of: |
| 218 * BOOT_FIRMWARE_A_CONTINUE Boot from Firmware A |
| 219 * BOOT_FIRMWARE_B_CONTINUE Boot from Firmware B |
| 220 * BOOT_FIRMWARE_RECOVERY_CONTINUE Jump to recovery mode |
| 221 */ |
| 222 int VerifyFirmwareDriver_f(uint8_t* root_key_blob, |
| 223 uint8_t* firmwareA, |
| 224 uint8_t* firmwareB); |
| 225 |
201 #endif /* VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ */ | 226 #endif /* VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ */ |
OLD | NEW |