OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * High-level firmware API for loading and verifying rewritable firmware. | 5 * High-level firmware API for loading and verifying rewritable firmware. |
6 * (Firmware Portion) | 6 * (Firmware Portion) |
7 */ | 7 */ |
8 | 8 |
9 #ifndef VBOOT_REFERENCE_LOAD_FIRMWARE_FW_H_ | 9 #ifndef VBOOT_REFERENCE_LOAD_FIRMWARE_FW_H_ |
10 #define VBOOT_REFERENCE_LOAD_FIRMWARE_FW_H_ | 10 #define VBOOT_REFERENCE_LOAD_FIRMWARE_FW_H_ |
11 | 11 |
12 #include <stdint.h> | 12 #include <stdint.h> |
13 | 13 |
14 /* Functions provided by PEI to LoadFirmware() */ | 14 /* Maximum size of kernel_sign_key_blob in bytes, for implementations |
15 | 15 * which must preallocate a transfer buffer between boot phases */ |
16 /* Get the firmware body data for [firmware_index], which is either | 16 #define LOAD_FIRMWARE_KEY_BLOB_MAX 2104 |
17 * 0 (the first firmware image) or 1 (the second firmware image). | |
18 * | |
19 * This function must call UpdateFirmwareBodyHash() before returning, | |
20 * to update the secure hash for the firmware image. For best | |
21 * performance, the reader should call this function periodically | |
22 * during the read, so that updating the hash can be pipelined with | |
23 * the read. If the reader cannot update the hash during the read | |
24 * process, it should call UpdateFirmwareBodyHash() on the entire | |
25 * firmeware data after the read, before returning. | |
26 * | |
27 * On success, returns a pointer to the data and stores the data size | |
28 * in [*size]. On error, returns NULL. */ | |
29 void *GetFirmwareBody(uint64_t firmware_index, uint64_t* size); | |
30 | |
31 | |
32 /* Interface provided by verified boot library to PEI */ | |
33 | 17 |
34 /* Return codes for LoadFirmware() */ | 18 /* Return codes for LoadFirmware() */ |
35 #define LOAD_FIRMWARE_SUCCESS 0 /* Success */ | 19 #define LOAD_FIRMWARE_SUCCESS 0 /* Success */ |
36 #define LOAD_FIRMWARE_RECOVERY 1 /* Reboot to recovery mode */ | 20 #define LOAD_FIRMWARE_RECOVERY 1 /* Reboot to recovery mode */ |
37 | 21 |
38 /* Update the data hash for the current firmware image, extending it | |
39 * by [size] bytes stored in [*data]. This function must only be | |
40 * called inside GetFirmwareBody(). */ | |
41 void UpdateFirmwareBodyHash(uint8_t* data, uint64_t size); | |
42 | |
43 | |
44 typedef struct LoadFirmwareParams { | 22 typedef struct LoadFirmwareParams { |
45 /* Inputs to LoadFirmware() */ | 23 /* Inputs to LoadFirmware() */ |
46 void *firmware_root_key_blob; /* Key used to sign firmware header */ | 24 void *firmware_root_key_blob; /* Key used to sign firmware header */ |
47 void *verification_block_0; /* Key block + preamble for firmware 0 */ | 25 void *verification_block_0; /* Key block + preamble for firmware 0 */ |
48 void *verification_block_1; /* Key block + preamble for firmware 1 */ | 26 void *verification_block_1; /* Key block + preamble for firmware 1 */ |
49 uint64_t verification_size_0; /* Verification block 0 size in bytes */ | 27 uint64_t verification_size_0; /* Verification block 0 size in bytes */ |
50 uint64_t verification_size_1; /* Verification block 1 size in bytes */ | 28 uint64_t verification_size_1; /* Verification block 1 size in bytes */ |
| 29 void *kernel_sign_key_blob; /* Destination buffer for key to use |
| 30 * when loading kernel. Pass this |
| 31 * data to LoadKernel() in |
| 32 * LoadKernelParams.header_sign_key_blob. */ |
| 33 uint64_t kernel_sign_key_size; /* Size of kernel signing key blob |
| 34 * buffer, in bytes. On output, this |
| 35 * will contain the actual key blob |
| 36 * size placed into the buffer. */ |
51 | 37 |
52 /* Outputs from LoadFirmware(); valid only if LoadFirmware() returns | 38 /* Outputs from LoadFirmware(); valid only if LoadFirmware() returns |
53 * LOAD_FIRMWARE_SUCCESS. */ | 39 * LOAD_FIRMWARE_SUCCESS. */ |
54 uint64_t firmware_index; /* Firmware index to run. */ | 40 uint64_t firmware_index; /* Firmware index to run. */ |
55 void *kernel_sign_key_blob; /* Key to use when loading kernel. | 41 |
56 * Pass this data to LoadKernel() in | 42 /* Internal data for LoadFirmware() / UpdateFirmwareBodyHash(). */ |
57 * LoadKernelParams.header_sign_key_blob. | 43 void* load_firmware_internal; |
58 * Key data may be copied/relocated | 44 |
59 * if necessary. */ | 45 /* Internal data for caller / GetFirmwareBody(). */ |
60 uint64_t kernel_sign_key_size; /* Size of kernel signing key blob, | 46 void* caller_internal; |
61 * in bytes. */ | 47 |
62 } LoadFirmwareParams; | 48 } LoadFirmwareParams; |
63 | 49 |
64 | 50 |
| 51 /* Functions provided by PEI to LoadFirmware() */ |
| 52 |
| 53 /* Get the firmware body data for [firmware_index], which is either |
| 54 * 0 (the first firmware image) or 1 (the second firmware image). |
| 55 * |
| 56 * This function must call UpdateFirmwareBodyHash() before returning, |
| 57 * to update the secure hash for the firmware image. For best |
| 58 * performance, the reader should call this function periodically |
| 59 * during the read, so that updating the hash can be pipelined with |
| 60 * the read. If the reader cannot update the hash during the read |
| 61 * process, it should call UpdateFirmwareBodyHash() on the entire |
| 62 * firmeware data after the read, before returning. |
| 63 * |
| 64 * Returns 0 if successful or non-zero if error. */ |
| 65 int GetFirmwareBody(LoadFirmwareParams* params, uint64_t firmware_index); |
| 66 |
| 67 |
| 68 /* Functions provided by verified boot library to PEI */ |
| 69 |
65 /* Attempts to load the rewritable firmware. | 70 /* Attempts to load the rewritable firmware. |
66 * | 71 * |
67 * Returns LOAD_FIRMWARE_SUCCESS if successful, error code on failure. */ | 72 * Returns LOAD_FIRMWARE_SUCCESS if successful, error code on failure. */ |
68 int LoadFirmware(LoadFirmwareParams* params); | 73 int LoadFirmware(LoadFirmwareParams* params); |
69 | 74 |
70 | 75 |
| 76 /* Update the data hash for the current firmware image, extending it |
| 77 * by [size] bytes stored in [*data]. This function must only be |
| 78 * called inside GetFirmwareBody(). */ |
| 79 void UpdateFirmwareBodyHash(LoadFirmwareParams* params, |
| 80 uint8_t* data, uint64_t size); |
| 81 |
| 82 |
| 83 |
| 84 |
71 #endif /* VBOOT_REFERENCE_LOAD_FIRMWARE_FW_H_ */ | 85 #endif /* VBOOT_REFERENCE_LOAD_FIRMWARE_FW_H_ */ |
OLD | NEW |