OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Data structure and API definitions for a verified boot firmware image. | 5 * Data structure and API definitions for a verified boot firmware image. |
6 */ | 6 */ |
7 | 7 |
8 #ifndef VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ | 8 #ifndef VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ |
9 #define VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ | 9 #define VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ |
10 | 10 |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
114 #define VERIFY_FIRMWARE_SIGNATURE_FAILED 5 | 114 #define VERIFY_FIRMWARE_SIGNATURE_FAILED 5 |
115 #define VERIFY_FIRMWARE_WRONG_MAGIC 6 | 115 #define VERIFY_FIRMWARE_WRONG_MAGIC 6 |
116 #define VERIFY_FIRMWARE_WRONG_HEADER_CHECKSUM 7 | 116 #define VERIFY_FIRMWARE_WRONG_HEADER_CHECKSUM 7 |
117 #define VERIFY_FIRMWARE_KEY_ROLLBACK 8 | 117 #define VERIFY_FIRMWARE_KEY_ROLLBACK 8 |
118 #define VERIFY_FIRMWARE_VERSION_ROLLBACK 9 | 118 #define VERIFY_FIRMWARE_VERSION_ROLLBACK 9 |
119 #define VERIFY_FIRMWARE_MAX 10 /* Total number of error codes. */ | 119 #define VERIFY_FIRMWARE_MAX 10 /* Total number of error codes. */ |
120 | 120 |
121 extern char* kVerifyFirmwareErrors[VERIFY_FIRMWARE_MAX]; | 121 extern char* kVerifyFirmwareErrors[VERIFY_FIRMWARE_MAX]; |
122 | 122 |
123 /* Checks for the sanity of the firmware header pointed by [header_blob]. | 123 /* Checks for the sanity of the firmware header pointed by [header_blob]. |
124 * If [dev_mode] is enabled, also checks the root key signature using the | |
125 * pre-processed public root key [root_key_blob]. | |
126 * | 124 * |
127 * On success, put signature algorithm in [algorithm], header length | 125 * On success, put signature algorithm in [algorithm], header length |
128 * in [header_len], and return 0. | 126 * in [header_len], and return 0. |
129 * Else, return error code on failure. | 127 * Else, return error code on failure. |
130 */ | 128 */ |
131 int VerifyFirmwareHeader(const uint8_t* root_key_blob, | 129 int VerifyFirmwareHeader(const uint8_t* root_key_blob, |
132 const uint8_t* header_blob, | 130 const uint8_t* header_blob, |
133 const int dev_mode, | |
134 int* algorithm, | 131 int* algorithm, |
135 int* header_len); | 132 int* header_len); |
136 | 133 |
137 /* Checks the preamble signature on firmware preamble pointed by | 134 /* Checks the preamble signature on firmware preamble pointed by |
138 * [preamble_blob] using the signing key [sign_key]. | 135 * [preamble_blob] using the signing key [sign_key]. |
139 * | 136 * |
140 * On success, put firmware length into [firmware_len], and return 0. | 137 * On success, put firmware length into [firmware_len], and return 0. |
141 * Else, return error code on failure. | 138 * Else, return error code on failure. |
142 */ | 139 */ |
143 int VerifyFirmwarePreamble(RSAPublicKey* sign_key, | 140 int VerifyFirmwarePreamble(RSAPublicKey* sign_key, |
144 const uint8_t* preamble_blob, | 141 const uint8_t* preamble_blob, |
145 int algorithm, | 142 int algorithm, |
146 int* firmware_len); | 143 int* firmware_len); |
147 | 144 |
148 /* Checks the signature on the firmware data at location [firmware_data_start]. | 145 /* Checks the signature on the firmware data at location [firmware_data_start]. |
149 * The length of the actual firmware data is firmware_len and it is assumed to | 146 * The length of the actual firmware data is firmware_len and it is assumed to |
150 * be prepended with the signature whose size depends on the signature_algorithm | 147 * be prepended with the signature whose size depends on the signature_algorithm |
151 * [algorithm]. | 148 * [algorithm]. |
152 * | 149 * |
153 * Return 0 on success, error code on failure. | 150 * Return 0 on success, error code on failure. |
154 */ | 151 */ |
155 int VerifyFirmwareData(RSAPublicKey* sign_key, | 152 int VerifyFirmwareData(RSAPublicKey* sign_key, |
156 const uint8_t* firmware_data_start, | 153 const uint8_t* firmware_data_start, |
157 int firmware_len, | 154 int firmware_len, |
158 int algorithm); | 155 int algorithm); |
159 | 156 |
160 /* Performs a chained verify of the firmware blob [firmware_blob]. If | 157 /* Performs a chained verify of the firmware blob [firmware_blob]. |
161 * [dev_mode] is 0 [inactive], then the pre-processed public root key | |
162 * [root_key_blob] is used the verify the signature of the signing key, | |
163 * else the check is skipped. | |
164 * | 158 * |
165 * Returns 0 on success, error code on failure. | 159 * Returns 0 on success, error code on failure. |
166 * | 160 * |
167 * NOTE: The length of the firmware blob is derived from reading the fields | 161 * NOTE: The length of the firmware blob is derived from reading the fields |
168 * in the first few bytes of the buffer. This might look risky but in firmware | 162 * in the first few bytes of the buffer. This might look risky but in firmware |
169 * land, the start address of the firmware_blob will always be fixed depending | 163 * land, the start address of the firmware_blob will always be fixed depending |
170 * on the memory map on the particular platform. In addition, the signature on | 164 * on the memory map on the particular platform. In addition, the signature on |
171 * length itself is checked early in the verification process for extra safety. | 165 * length itself is checked early in the verification process for extra safety. |
172 */ | 166 */ |
173 int VerifyFirmware(const uint8_t* root_key_blob, | 167 int VerifyFirmware(const uint8_t* root_key_blob, |
174 const uint8_t* firmware_blob, | 168 const uint8_t* firmware_blob); |
175 const int dev_mode); | |
176 | 169 |
177 /* Performs a chained verify of the firmware [image]. If [dev_mode] is | 170 /* Performs a chained verify of the firmware [image]. |
178 * 0 (inactive), then the [root_key] is used to verify the signature of | |
179 * the signing key, else the check is skipped. | |
180 * | 171 * |
181 * Returns 0 on success, error code on failure. | 172 * Returns 0 on success, error code on failure. |
182 */ | 173 */ |
183 int VerifyFirmwareImage(const RSAPublicKey* root_key, | 174 int VerifyFirmwareImage(const RSAPublicKey* root_key, |
184 const FirmwareImage* image, | 175 const FirmwareImage* image); |
185 const int dev_mode); | |
186 | 176 |
187 /* Maps error codes from VerifyFirmware() to error description. */ | 177 /* Maps error codes from VerifyFirmware() to error description. */ |
188 const char* VerifyFirmwareErrorString(int error); | 178 const char* VerifyFirmwareErrorString(int error); |
189 | 179 |
190 /* Add a root key signature to the key header to a firmware image [image] | 180 /* Add a root key signature to the key header to a firmware image [image] |
191 * using the private root key in file [root_key_file]. | 181 * using the private root key in file [root_key_file]. |
192 * | 182 * |
193 * Return 1 on success, 0 on failure. | 183 * Return 1 on success, 0 on failure. |
194 */ | 184 */ |
195 int AddFirmwareKeySignature(FirmwareImage* image, const char* root_key_file); | 185 int AddFirmwareKeySignature(FirmwareImage* image, const char* root_key_file); |
(...skipping 21 matching lines...) Expand all Loading... |
217 * Returns the code path to follow. It is one of: | 207 * Returns the code path to follow. It is one of: |
218 * BOOT_FIRMWARE_A_CONTINUE Boot from Firmware A | 208 * BOOT_FIRMWARE_A_CONTINUE Boot from Firmware A |
219 * BOOT_FIRMWARE_B_CONTINUE Boot from Firmware B | 209 * BOOT_FIRMWARE_B_CONTINUE Boot from Firmware B |
220 * BOOT_FIRMWARE_RECOVERY_CONTINUE Jump to recovery mode | 210 * BOOT_FIRMWARE_RECOVERY_CONTINUE Jump to recovery mode |
221 */ | 211 */ |
222 int VerifyFirmwareDriver_f(uint8_t* root_key_blob, | 212 int VerifyFirmwareDriver_f(uint8_t* root_key_blob, |
223 uint8_t* firmwareA, | 213 uint8_t* firmwareA, |
224 uint8_t* firmwareB); | 214 uint8_t* firmwareB); |
225 | 215 |
226 #endif /* VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ */ | 216 #endif /* VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ */ |
OLD | NEW |