Add structs for TPM NV simplification

firmware/lib/include/rollback_index.h

 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Functions for querying, manipulating and locking rollback indices
  * stored in the TPM NVRAM.
  */
 
 #ifndef VBOOT_REFERENCE_ROLLBACK_INDEX_H_
 #define VBOOT_REFERENCE_ROLLBACK_INDEX_H_
 
 #include "sysincludes.h"
 #include "tss_constants.h"
 
-/* Rollback version types. */
-#define FIRMWARE_VERSIONS 0
-#define KERNEL_VERSIONS   1
+/* TPM NVRAM location indices. */
+#define FIRMWARE_NV_INDEX               0x1007
+#define KERNEL_NV_INDEX                 0x1008
 
-/* Initialization mode */
-#define RO_RECOVERY_MODE 0
-#define RO_NORMAL_MODE   1
-#define RW_NORMAL_MODE   2
+/* Structure definitions for TPM spaces */
 
-/* TPM NVRAM location indices. */
-#define FIRST_ROLLBACK_NV_INDEX         0x1001  /* First index used here */
-#define FIRMWARE_VERSIONS_NV_INDEX      0x1001
-#define KERNEL_VERSIONS_NV_INDEX        0x1002
-#define TPM_IS_INITIALIZED_NV_INDEX     0x1003
-#define KERNEL_VERSIONS_BACKUP_NV_INDEX 0x1004
-#define KERNEL_MUST_USE_BACKUP_NV_INDEX 0x1005
-#define DEVELOPER_MODE_NV_INDEX         0x1006
-#define LAST_ROLLBACK_NV_INDEX          0x1006  /* Last index used here */
+__pragma(pack(push, 1)) /* Support packing for MSVC. */
 
-/* Unique ID to detect kernel space redefinition */
-#define KERNEL_SPACE_UID "GRWL"        /* unique ID with secret meaning */
-#define KERNEL_SPACE_UID_SIZE (sizeof(KERNEL_SPACE_UID) - 1)
-#define KERNEL_SPACE_INIT_DATA ((uint8_t*) "\0\0\0\0" KERNEL_SPACE_UID)
-#define KERNEL_SPACE_SIZE (sizeof(uint32_t) + KERNEL_SPACE_UID_SIZE)
+/* Kernel space - KERNEL_NV_INDEX, locked with physical presence. */
+#define ROLLBACK_SPACE_KERNEL_VERSION 1
+#define ROLLBACK_SPACE_KERNEL_UID 0x4752574C  /* 'GRWL' */
+typedef struct RollbackSpaceKernel {
+  uint8_t  struct_version;      /* Struct version, for backwards
+                                 * compatibility */
+  uint32_t uid;                 /* Unique ID to detect space redefinition */
+  uint32_t kernel_versions;     /* Kernel versions */
+  uint32_t reserved;            /* Reserved for future expansion */
+} __attribute__((packed)) RollbackSpaceKernel;
+
+
+/* Flags for firmware space */
+/* Last boot was developer mode.  TPM ownership is cleared when
+ * transitioning to/from developer mode. */
+#define FLAG_LAST_BOOT_DEVELOPER 0x01
+/* There have been one or more boots which left PP unlocked, so the
+ * contents of the kernel space are untrusted and must be restored
+ * from the backup copy. */
+#define FLAG_KERNEL_SPACE_USE_BACKUP 0x02
+
+#define ROLLBACK_SPACE_FIRMWARE_VERSION 1
+/* Firmware space - FIRMWARE_NV_INDEX, locked with global lock. */
+typedef struct RollbackSpaceFirmware {
+  uint8_t  struct_version;  /* Struct version, for backwards compatibility */
+  uint8_t  flags;           /* Flags (see FLAG_* above) */
+  uint32_t fw_versions;     /* Firmware versions */
+  uint32_t reserved;            /* Reserved for future expansion */
+  RollbackSpaceKernel kernel_backup;  /* Backup of kernel space */
+} __attribute__((packed)) RollbackSpaceFirmware;
+
+__pragma(pack(pop)) /* Support packing for MSVC. */
+
 
 /* All functions return TPM_SUCCESS (zero) if successful, non-zero if error */
 
 /*
 
 Call from LoadFirmware()
   Normal or developer mode (not recovery)
   Wants firmware versions
   Must send in developer flag
 
@@ skipping 16 matching lines @@
       Must send in developer flag
     If not recovery mode, wants kernel versions
   Must send in developer and recovery flags
 */
 
 /* These functions are callable from LoadFirmware().  They cannot use
  * global variables. */
 
 /* Setup must be called.  Pass developer_mode=nonzero if in developer
  * mode. */
-uint32_t RollbackFirmwareSetup(int developer_mode);
-/* Read and Write may be called after Setup. */
-uint32_t RollbackFirmwareRead(uint16_t* key_version, uint16_t* version);
+/* TODO: use a 32-bit version instead of 2 version pieces */
+uint32_t RollbackFirmwareSetup(int developer_mode, uint16_t* key_version,
+                               uint16_t* version);
+
 /* Write may be called if the versions change */
+/* TODO: use a 32-bit version instead of 2 version pieces */

[Luigi Semenzato, 2010/08/12 01:12:30]

Maybe have Gaurav review this (future) change.

 uint32_t RollbackFirmwareWrite(uint16_t key_version, uint16_t version);
 
 /* Lock must be called */
 uint32_t RollbackFirmwareLock(void);
 
 /* These functions are callable from LoadKernel().  They may use global
  * variables. */
 
 /* Recovery may be called.  If it is, this is the first time a
  * rollback function has been called this boot, so it needs to know if
  * we're in developer mode.  Pass developer_mode=nonzero if in developer
  * mode. */
 uint32_t RollbackKernelRecovery(int developer_mode);
 
 /* Read and write may be called if not in developer mode.  If called in
  * recovery mode, the effect is undefined. */
+/* TODO: use a 32-bit version instead of 2 version pieces */
 uint32_t RollbackKernelRead(uint16_t* key_version, uint16_t* version);
 uint32_t RollbackKernelWrite(uint16_t key_version, uint16_t version);
 
 /* Lock must be called.  Internally, it's ignored in recovery mode. */
 uint32_t RollbackKernelLock(void);
 
 /* The following functions are here for testing only. */
 
-/* Store 1 in *|initialized| if the TPM NVRAM spaces have been initialized, 0
- * otherwise.  Return TPM errors. */
-uint32_t GetSpacesInitialized(int* initialized);
-
 /* Issue a TPM_Clear and reenable/reactivate the TPM. */
 uint32_t TPMClearAndReenable(void);
 
 #endif  /* VBOOT_REFERENCE_ROLLBACK_INDEX_H_ */