1a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. 2a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Use of this source code is governed by a BSD-style license that can be 3a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * found in the LICENSE file. 4a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler */ 5a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 6a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* APIs provided by firmware to vboot_reference. 7a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 8a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * General notes: 9a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 10a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * All verified boot functions now start with "Vb" for namespace clarity. This 11a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * fixes the problem where uboot and vboot both defined assert(). 12a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 13a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Verified boot APIs to be implemented by the calling firmware and exported to 14a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * vboot_reference start with "VbEx". 15a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 16a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * TODO: split this file into a vboot_entry_points.h file which contains the 17a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * entry points for the firmware to call vboot_reference, and a 18a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * vboot_firmware_exports.h which contains the APIs to be implemented by the 19a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * calling firmware and exported to vboot_reference. 20a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler */ 21a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 22a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#ifndef VBOOT_REFERENCE_VBOOT_API_H_ 23a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VBOOT_REFERENCE_VBOOT_API_H_ 240c3ba249abb1dc60f5ebabccf84ff13206440b83Bill Richardson#include <stdint.h> 2532c8ee3e2598d5b9d6d7447155ca1580c6938904David Hendricks#include <stdlib.h> 26a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 27a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 28a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Error codes */ 29a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 30a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 31a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Functions which return an error all return this type. This is a 32-bit 32a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * value rather than an int so it's consistent across UEFI, which is 32-bit 33a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * during PEI and 64-bit during DXE/BDS. 34a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 35a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef uint32_t VbError_t; 36a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 37a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 38a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Predefined error numbers. Success is 0. Errors are non-zero, but differ 39a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * between functions. For example, the TPM functions may pass through TPM 40a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * error codes, some of which may be recoverable. 41a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 421cf77cda5ea2d7549caccb953079263d463feadbRandall Spanglerenum VbErrorPredefined_t { 43a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* No error; function completed successfully. */ 44a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_SUCCESS = 0, 45a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler 46a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* 47a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * The verified boot entry points VbInit(), VbSelectFirmware(), 48a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * VbSelectAndLoadKernel() may return the following errors. 49a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 50a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Unknown error */ 51a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_UNKNOWN = 0x10000, 52a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Unable to initialize shared data */ 53a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_INIT_SHARED_DATA = 0x10001, 54a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Error resuming TPM during a S3 resume */ 55a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_TPM_S3_RESUME = 0x10002, 56a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* VbSelectFirmware() failed to find a valid firmware */ 57a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_LOAD_FIRMWARE = 0x10003, 58a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Unable to write firmware versions to TPM */ 59a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_TPM_WRITE_FIRMWARE = 0x10004, 60a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Unable to lock firmware versions in TPM */ 61a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_TPM_LOCK_FIRMWARE = 0x10005, 62a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Unable to set boot mode state in TPM */ 63a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_TPM_SET_BOOT_MODE_STATE = 0x10006, 64a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* TPM requires reboot */ 65a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_TPM_REBOOT_REQUIRED = 0x10007, 66a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Unable to set up TPM */ 67a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_TPM_FIRMWARE_SETUP = 0x10008, 68a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Unable to read kernel versions from TPM */ 69a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_TPM_READ_KERNEL = 0x10009, 70a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Attempt to load developer-only firmware with developer switch off */ 71a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_DEV_FIRMWARE_SWITCH_MISMATCH = 0x1000A, 72a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Unable to write kernel versions to TPM */ 73a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_TPM_WRITE_KERNEL = 0x1000B, 74a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Unable to lock kernel versions in TPM */ 75a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_TPM_LOCK_KERNEL = 0x1000C, 76a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Calling firmware requested shutdown via VbExIsShutdownRequested() */ 77a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_SHUTDOWN_REQUESTED = 0x1000D, 78a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Unable to find a boot device on which to look for a kernel */ 79a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_NO_DISK_FOUND = 0x1000E, 80a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* No OS kernel found on any boot device */ 81a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_NO_KERNEL_FOUND = 0x1000F, 82a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* All OS kernels found were invalid (corrupt, improperly signed...) */ 83a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_INVALID_KERNEL_FOUND = 0x10010, 84a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* VbSelectAndLoadKernel() requested recovery mode */ 85a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_LOAD_KERNEL_RECOVERY = 0x10011, 86a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Other error inside VbSelectAndLoadKernel() */ 87a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_LOAD_KERNEL = 0x10012, 88a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Invalid Google binary block */ 89a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_INVALID_GBB = 0x10013, 90a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Invalid bitmap volume */ 91a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_INVALID_BMPFV = 0x10014, 92a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Invalid screen index */ 93a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_INVALID_SCREEN_INDEX = 0x10015, 94a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Simulated (test) error */ 95a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_SIMULATED = 0x10016, 96a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Invalid parameter */ 97a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_INVALID_PARAMETER = 0x10017, 98a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* VbExBeep() can't make sounds at all */ 99a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_NO_SOUND = 0x10018, 100a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* VbExBeep() can't make sound in the background */ 101a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_NO_BACKGROUND_SOUND = 0x10019, 102a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Developer has requested a BIOS shell */ 103a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_BIOS_SHELL_REQUESTED = 0x10020, 104a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Need VGA and don't have it, or vice-versa */ 105a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VBERROR_VGA_OPROM_MISMATCH = 0x10021, 106a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Need EC to reboot to read-only code */ 1075cfcab54375c93fec3f04cd1cb76ea2f5beaaf97Randall Spangler VBERROR_EC_REBOOT_TO_RO_REQUIRED = 0x10022, 108527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass /* Invalid region read parameters */ 109527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass VBERROR_REGION_READ_INVALID = 0x10023, 110527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass /* Cannot read from region */ 111527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass VBERROR_REGION_READ_FAILED = 0x10024, 112527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass /* Unsupported region type */ 113527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass VBERROR_UNSUPPORTED_REGION = 0x10025, 114527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass /* No image present (returned from VbGbbReadImage() for missing image) */ 115527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass VBERROR_NO_IMAGE_PRESENT = 0x10026, 1165cfcab54375c93fec3f04cd1cb76ea2f5beaaf97Randall Spangler 1175cfcab54375c93fec3f04cd1cb76ea2f5beaaf97Randall Spangler /* VbExEcGetExpectedRWHash() may return the following codes */ 1185cfcab54375c93fec3f04cd1cb76ea2f5beaaf97Randall Spangler /* Compute expected RW hash from the EC image; BIOS doesn't have it */ 1195cfcab54375c93fec3f04cd1cb76ea2f5beaaf97Randall Spangler VBERROR_EC_GET_EXPECTED_HASH_FROM_IMAGE = 0x20000, 1201cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler}; 121a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 122a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 123a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 124a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Main entry points from firmware into vboot_reference */ 125a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 126a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 127a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Minimum and recommended size of shared_data_blob in bytes. Shared data blob 128a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * is used to communicate data between calls to VbInit(), VbSelectFirmware(), 129a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * the OS. Minimum size is enough to hold all required data for verified boot 130a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * but may not be able to hold debug output. 131a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 132a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_SHARED_DATA_MIN_SIZE 3072 133a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_SHARED_DATA_REC_SIZE 16384 134a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 135a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 136a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Data passed by firmware to VbInit(), VbSelectFirmware() and 137a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * VbSelectAndLoadKernel(). 138a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 139a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Note that in UEFI, these are called by different phases in different 140a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * processor modes (VbInit() and VbSelectFirmware() = 32-bit PEI, 141a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSelectAndLoadKernel() = 64-bit BDS), so the data may be at a different 142a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * location between calls. 143a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 144a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbCommonParams { 145a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Pointer to GBB data */ 146a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler void *gbb_data; 147a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Size of GBB data in bytes */ 148a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint32_t gbb_size; 149a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler 150a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* 151a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Shared data blob for data shared between verified boot entry points. 152a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * This should be at least VB_SHARED_DATA_MIN_SIZE bytes long, and 153a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * ideally is VB_SHARED_DATA_REC_SIZE bytes long. 154a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 155a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Pointer to shared data blob buffer */ 156a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler void *shared_data_blob; 157a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* 158a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * On input, set to size of shared data blob buffer, in bytes. On 159a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * output, this will contain the actual data size placed into the 160a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * buffer. 161a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 162a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint32_t shared_data_size; 163a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler 164a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* 165a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Internal context/data for verified boot, to maintain state during 166a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * calls to other API functions such as VbExHashFirmwareBody(). 167a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Allocated and freed inside the entry point; firmware should not look 168a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * at this. 169a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 170a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler void *vboot_context; 171a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler 172a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* 173a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Internal context/data for firmware / VbExHashFirmwareBody(). Needed 174a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * because the PEI phase of UEFI boot runs out of ROM and thus can't 175a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * modify global variables; everything needs to get passed around on 176a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * the stack. 177a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 178a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler void *caller_context; 179527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass 180527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass /* For internal use of Vboot - do not examine or modify! */ 181527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass struct GoogleBinaryBlockHeader *gbb; 182527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass struct BmpBlockHeader *bmp; 183a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbCommonParams; 184a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 185a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Flags for VbInitParams.flags */ 186a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Developer switch was on at boot time. */ 187a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_FLAG_DEV_SWITCH_ON 0x00000001 188a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Recovery button was pressed at boot time. */ 189a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_FLAG_REC_BUTTON_PRESSED 0x00000002 190a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Hardware write protect was enabled at boot time. */ 191a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_FLAG_WP_ENABLED 0x00000004 1921b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler/* This is a S3 resume, not a normal boot. */ 1931b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler#define VB_INIT_FLAG_S3_RESUME 0x00000008 194a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 195a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Previous boot attempt failed for reasons external to verified boot (RAM 196a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * init failure, SSD missing, etc.). 197a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 198a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * TODO: add a field to VbInitParams which holds a reason code, and report 199a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * that via VbSharedData. 200a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 2019619112a574b975476667545e3a326052fa0c50bRandall Spangler#define VB_INIT_FLAG_PREVIOUS_BOOT_FAIL 0x00000010 202a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 203a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Calling firmware supports read only firmware for normal/developer boot path. 204a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 2058bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler#define VB_INIT_FLAG_RO_NORMAL_SUPPORT 0x00000020 206a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 207a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * This platform does not have a physical dev-switch, so we must rely on a 208b75d8adcc01f08cf5a6d87b78aeb1d7cdfcd22afBill Richardson * virtual switch (kept in the TPM) instead. When this flag is set, 209a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * VB_INIT_FLAG_DEV_SWITCH_ON is ignored. 210a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 211b75d8adcc01f08cf5a6d87b78aeb1d7cdfcd22afBill Richardson#define VB_INIT_FLAG_VIRTUAL_DEV_SWITCH 0x00000040 21217b8224ea582b2ba90b30a3e8e2d913e49c7818aBill Richardson/* Set when the VGA Option ROM has been loaded already. */ 21317b8224ea582b2ba90b30a3e8e2d913e49c7818aBill Richardson#define VB_INIT_FLAG_OPROM_LOADED 0x00000080 21488d9375f50726fb26f1d4fcb909aa15256e24a17Bill Richardson/* Set if we care about the VGA Option ROM - some platforms don't. */ 21588d9375f50726fb26f1d4fcb909aa15256e24a17Bill Richardson#define VB_INIT_FLAG_OPROM_MATTERS 0x00000100 216b2ac7fbbbf05fecfbabd37f6a2e4b268c9ac330fRandall Spangler/* EC on this platform supports EC software sync. */ 21788d9375f50726fb26f1d4fcb909aa15256e24a17Bill Richardson#define VB_INIT_FLAG_EC_SOFTWARE_SYNC 0x00000200 218f217520215e7e3d2f5ca006992ab5002927c4f87Bill Richardson/* EC on this platform is slow to update. */ 219f217520215e7e3d2f5ca006992ab5002927c4f87Bill Richardson#define VB_INIT_FLAG_EC_SLOW_UPDATE 0x00000400 220a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 221a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Software write protect was enabled at boot time. This is separate from the 222a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * HW write protect. Both must be set for flash write protection to work. 223a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 2249dc62178c97b94e5c308f1c36fd0858c316959e5Bill Richardson#define VB_INIT_FLAG_SW_WP_ENABLED 0x00000800 225a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato/* 226a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato * This platform does not have a physical recovery switch which, when present, 227a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato * can (and should) be used for additional physical presence checks. 228a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato */ 229a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato#define VB_INIT_FLAG_VIRTUAL_REC_SWITCH 0x00001000 2302596c657958477b06d1613902dfe4d47a2ad0ae0Duncan Laurie/* Set when we are calling VbInit() before loading Option ROMs */ 2312596c657958477b06d1613902dfe4d47a2ad0ae0Duncan Laurie#define VB_INIT_FLAG_BEFORE_OPROM_LOAD 0x00002000 232a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 233a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 234a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Output flags for VbInitParams.out_flags. Used to indicate potential boot 235a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * paths and configuration to the calling firmware early in the boot process, 236a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * so that it can properly configure itself for the capabilities subsequently 237a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * required by VbSelectFirmware() and VbSelectAndLoadKernel(). 238a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 239a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 240a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Enable recovery path. Do not rely on any rewritable data (cached RAM 241a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * timings, etc.). Reliable operation is more important than boot speed. 242a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 243a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_ENABLE_RECOVERY 0x00000001 244a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* RAM must be cleared before calling VbSelectFirmware(). */ 245a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_CLEAR_RAM 0x00000002 246a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 247a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Load display drivers; VbExDisplay*() functions may be called. If this flag 248a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * is not present, VbExDisplay*() functions will not be called this boot. 249a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 250a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_ENABLE_DISPLAY 0x00000004 251a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 252a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Load USB storage drivers; VbExDisk*() functions may be called with the 253a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VB_DISK_FLAG_REMOVABLE flag. If this flag is not present, VbExDisk*() 254a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * functions will only be called for fixed disks. 255a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 256a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_ENABLE_USB_STORAGE 0x00000008 2571b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler/* If this is a S3 resume, do a debug reset boot instead */ 2581b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler#define VB_INIT_OUT_S3_DEBUG_BOOT 0x00000010 259c8e4ff7c15e6bf5992a578b66bec47d69cde3beaBill Richardson/* BIOS should load any PCI option ROMs it finds, not just internal video */ 260c8e4ff7c15e6bf5992a578b66bec47d69cde3beaBill Richardson#define VB_INIT_OUT_ENABLE_OPROM 0x00000020 2610d11efb0dc1d8d2b5eafdd5b65bce82e73fdeeccBill Richardson/* BIOS may be asked to boot something other than ChromeOS */ 2620d11efb0dc1d8d2b5eafdd5b65bce82e73fdeeccBill Richardson#define VB_INIT_OUT_ENABLE_ALTERNATE_OS 0x00000040 263dc6b642b47168a09fa1702092961595ab0674c03Che-Liang Chiou/* Enable developer path. */ 264dc6b642b47168a09fa1702092961595ab0674c03Che-Liang Chiou#define VB_INIT_OUT_ENABLE_DEVELOPER 0x00000080 265a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 266a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Data only used by VbInit() */ 267a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbInitParams { 268a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Inputs to VbInit() */ 269a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Flags (see VB_INIT_FLAG_*) */ 270a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint32_t flags; 271a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 272a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Outputs from VbInit(); valid only if it returns success. */ 273a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Output flags for firmware; see VB_INIT_OUT_*) */ 274a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint32_t out_flags; 275a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbInitParams; 276a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 277a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 278a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Firmware types for VbHashFirmwareBody() and 279a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * VbSelectFirmwareParams.selected_firmware. Note that we store these in a 280a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * uint32_t because enum maps to int, which isn't fixed-size. 281a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 282a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglerenum VbSelectFirmware_t { 283a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Recovery mode */ 284a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SELECT_FIRMWARE_RECOVERY = 0, 285a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Rewritable firmware A/B for normal or developer path */ 286a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SELECT_FIRMWARE_A = 1, 287a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SELECT_FIRMWARE_B = 2, 288a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Read only firmware for normal or developer path. */ 289195e4e8b03f98cb4ad841566053324b85b8903eaSimon Glass VB_SELECT_FIRMWARE_READONLY = 3, 290195e4e8b03f98cb4ad841566053324b85b8903eaSimon Glass VB_SELECT_FIRMWARE_COUNT, 291a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler}; 292a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 293a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Data only used by VbSelectFirmware() */ 294a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbSelectFirmwareParams { 295a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Inputs to VbSelectFirmware() */ 296a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Key block + preamble for firmware A */ 297a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler void *verification_block_A; 298a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Key block + preamble for firmware B */ 299a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler void *verification_block_B; 300a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Verification block A size in bytes */ 301a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint32_t verification_size_A; 302a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Verification block B size in bytes */ 303a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint32_t verification_size_B; 304a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler 305a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Outputs from VbSelectFirmware(); valid only if it returns success. */ 306a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Main firmware to run; see VB_SELECT_FIRMWARE_*. */ 307a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint32_t selected_firmware; 308a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbSelectFirmwareParams; 309a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 310a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 311a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * We use disk handles rather than indices. Using indices causes problems if 312a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * a disk is removed/inserted in the middle of processing. 313a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 314a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spanglertypedef void *VbExDiskHandle_t; 315a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 316a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Data used only by VbSelectAndLoadKernel() */ 317a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbSelectAndLoadKernelParams { 318a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Inputs to VbSelectAndLoadKernel() */ 319a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Destination buffer for kernel (normally at 0x100000 on x86) */ 320a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler void *kernel_buffer; 321a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Size of kernel buffer in bytes */ 322a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint32_t kernel_buffer_size; 323a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler 324a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* 325a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Outputs from VbSelectAndLoadKernel(); valid only if it returns 326a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * success. 327a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 328a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Handle of disk containing loaded kernel */ 329a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VbExDiskHandle_t disk_handle; 330a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Partition number on disk to boot (1...M) */ 331a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint32_t partition_number; 332a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Address of bootloader image in RAM */ 333a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint64_t bootloader_address; 334a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Size of bootloader image in bytes */ 335a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint32_t bootloader_size; 336a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* UniquePartitionGuid for boot partition */ 337a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint8_t partition_guid[16]; 338b7d1f03e368b146d11eab511cd6a573a528bc728Furquan Shaikh /* Flags passed in by signer */ 339b7d1f03e368b146d11eab511cd6a573a528bc728Furquan Shaikh uint32_t flags; 340a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* 341a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * TODO: in H2C, all that pretty much just gets passed to the 342a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * bootloader as KernelBootloaderOptions, though the disk handle is 343a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * passed as an index instead of a handle. Is that used anymore now 344a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * that we're passing partition_guid? 345a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 346a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbSelectAndLoadKernelParams; 347a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 348a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 349a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Initialize the verified boot library. 350a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 351a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns VBERROR_SUCCESS if success, non-zero if error; on error, 352a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * caller should reboot. 353a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 354a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall SpanglerVbError_t VbInit(VbCommonParams *cparams, VbInitParams *iparams); 355a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 356a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 357a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Select the main firmware. 358a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 359a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns VBERROR_SUCCESS if success, non-zero if error; on error, 360a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * caller should reboot. 361a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 362a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * NOTE: This is now called in all modes, including recovery. Previously, 363a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * LoadFirmware() was not called in recovery mode, which meant that 364a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * LoadKernel() needed to duplicate the TPM and VbSharedData initialization 365a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * code. 366a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 367a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall SpanglerVbError_t VbSelectFirmware(VbCommonParams *cparams, 368a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VbSelectFirmwareParams *fparams); 369a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler 370a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 371a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Update the data hash for the current firmware image, extending it by [size] 372a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * bytes stored in [*data]. This function must only be called inside 373a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * VbExHashFirmwareBody(), which is in turn called by VbSelectFirmware(). 374a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 375a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spanglervoid VbUpdateFirmwareBodyHash(VbCommonParams *cparams, 376a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint8_t *data, uint32_t size); 377a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler 378a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 379a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Select and loads the kernel. 380a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 381a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Returns VBERROR_SUCCESS if success, non-zero if error; on error, caller 382a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * should reboot. */ 383a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall SpanglerVbError_t VbSelectAndLoadKernel(VbCommonParams *cparams, 384a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VbSelectAndLoadKernelParams *kparams); 385a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 386a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 387a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Debug output (from utility.h) */ 388a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 389a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 390a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Output an error message and quit. Does not return. Supports 391a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * printf()-style formatting. 392a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 393a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spanglervoid VbExError(const char *format, ...); 394a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 395a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 396a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Output a debug message. Supports printf()-style formatting. 397a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 3987aa250f2db901f523b050ca897237ec1e2be678aVadim Bendeburyvoid VbExDebug(const char *format, ...) 3997aa250f2db901f523b050ca897237ec1e2be678aVadim Bendebury __attribute__ ((format (__printf__, 1, 2))); 400a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 401a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 402a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Memory (from utility.h) */ 403a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 404a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 405a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Allocate [size] bytes and return a pointer to the allocated memory. Abort 406a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * on error; this always either returns a good pointer or never returns. 407a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 408a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * If any of the firmware API implementations require aligned data (for 409a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * example, disk access on ARM), all pointers returned by VbExMalloc() must 410a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * also be aligned. 411a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 412a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spanglervoid *VbExMalloc(size_t size); 413a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 414a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 415a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Free memory pointed to by [ptr] previously allocated by VbExMalloc(). 416a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 417a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spanglervoid VbExFree(void *ptr); 418a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 419a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 420a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Timer and delay (first two from utility.h) */ 421a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 422a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 423a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Read a high-resolution timer. Returns the current timer value in arbitrary 424a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * units. 425a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 426a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * This is intended for benchmarking, so this call MUST be fast. The timer 427a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * frequency must be >1 KHz (preferably >1 MHz), and the timer must not wrap 428a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * around for at least 10 minutes. It is preferable (but not required) that 429a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * the timer be initialized to 0 at boot. 430a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 431a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * It is assumed that the firmware has some other way of communicating the 432a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * timer frequency to the OS. For example, on x86 we use TSC, and the OS 433a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * kernel reports the initial TSC value at kernel-start and calculates the 434a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * frequency. */ 435a45ee21bb023665b51e09f722555d9e560fab232Randall Spangleruint64_t VbExGetTimer(void); 436a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 437a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 438a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Delay for at least the specified number of milliseconds. Should be accurate 439a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * to within 10% (a requested delay of 1000 ms should result in an actual delay 440a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * of between 1000 - 1100 ms). 441a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 442a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid VbExSleepMs(uint32_t msec); 443a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 444a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 445a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Play a beep tone of the specified frequency in Hz and duration in msec. 446a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * This is effectively a VbSleep() variant that makes noise. 447a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 4484313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * If the audio codec can run in the background, then: 4494313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * zero frequency means OFF, non-zero frequency means ON 4504313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * zero msec means return immediately, non-zero msec means delay (and 4514313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * then OFF if needed) 452a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * otherwise, 4534313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * non-zero msec and non-zero frequency means ON, delay, OFF, return 4544313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * zero msec or zero frequency means do nothing and return immediately 4554313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * 4564313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * The return value is used by the caller to determine the capabilities. The 4574313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * implementation should always do the best it can if it cannot fully support 4584313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * all features - for example, beeping at a fixed frequency if frequency 4594313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * support is not available. At a minimum, it must delay for the specified 4604313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * non-zero duration. 4614313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson */ 4624313fba2fb928f662a63b7566f235291dc1455f7Bill RichardsonVbError_t VbExBeep(uint32_t msec, uint32_t frequency); 463a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 464a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 465a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* TPM (from tlcl_stub.h) */ 466a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 467a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 468a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Initialize the stub library. */ 469a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExTpmInit(void); 470a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 471a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 472a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Close and open the device. This is needed for running more complex commands 473a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * at user level, such as TPM_TakeOwnership, since the TPM device can be opened 474a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * only by one process at a time. 475a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 476a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExTpmClose(void); 477a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExTpmOpen(void); 478a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 479a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 480a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Send a request_length-byte request to the TPM and receive a response. On 481a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * input, response_length is the size of the response buffer in bytes. On 482a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * exit, response_length is set to the actual received response length in 483a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * bytes. */ 484a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall SpanglerVbError_t VbExTpmSendReceive(const uint8_t *request, uint32_t request_length, 485a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint8_t *response, uint32_t *response_length); 486a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 487a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 488a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Non-volatile storage */ 489a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 490a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VBNV_BLOCK_SIZE 16 /* Size of NV storage block in bytes */ 491a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 492a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 493a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Read the VBNV_BLOCK_SIZE-byte non-volatile storage into buf. 494a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 495a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall SpanglerVbError_t VbExNvStorageRead(uint8_t *buf); 496a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 497a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 498a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Write the VBNV_BLOCK_SIZE-byte non-volatile storage from buf. 499a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 500a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall SpanglerVbError_t VbExNvStorageWrite(const uint8_t *buf); 501a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 502a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 503a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Firmware / EEPROM access (previously in load_firmware_fw.h) */ 504a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 505a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 506a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Calculate the hash of the firmware body data for [firmware_index], which is 507a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * either VB_SELECT_FIRMWARE_A or VB_SELECT_FIRMWARE B. 508a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 509a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * This function must call VbUpdateFirmwareBodyHash() before returning, to 510a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * update the secure hash for the firmware image. For best performance, the 511a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * implementation should call VbUpdateFirmwareBodyHash() periodically during 512a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * the read, so that updating the hash can be pipelined with the read. If the 513a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * reader cannot update the hash during the read process, it should call 514a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * VbUpdateFirmwareBodyHash() on the entire firmware data after the read, 515a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * before returning. 516a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 517a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * It is recommended that the firmware use this call to copy the requested 518a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * firmware body from EEPROM into RAM, so that it doesn't need to do a second 519a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * slow copy from EEPROM to RAM if this firmware body is selected. 520a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 521a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Note this function doesn't actually pass the firmware body data to verified 522a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * boot, because verified boot doesn't actually need the firmware body, just 523a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * its hash. This is important on x86, where the firmware is stored 524a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * compressed. We hash the compressed data, but the BIOS decompresses it 525a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * during read. Simply updating a hash is compatible with the x86 526a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * read-and-decompress pipeline. 527a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 528a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall SpanglerVbError_t VbExHashFirmwareBody(VbCommonParams *cparams, 529a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t firmware_index); 530a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 531a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 532a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Disk access (previously in boot_device.h) */ 533a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 534a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Flags for VbDisk APIs */ 535a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Disk is removable. Example removable disks: SD cards, USB keys. */ 536a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_DISK_FLAG_REMOVABLE 0x00000001 537a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 538a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Disk is fixed. If this flag is present, disk is internal to the system and 539a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * not removable. Example fixed disks: internal SATA SSD, eMMC. 540a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 541a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_DISK_FLAG_FIXED 0x00000002 542a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/* 543a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Note that VB_DISK_FLAG_REMOVABLE and VB_DISK_FLAG_FIXED are 544a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * mutually-exclusive for a single disk. VbExDiskGetInfo() may specify both 545a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * flags to request disks of both types in a single call. 546a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 547a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * At some point we could specify additional flags, but we don't currently 548a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * have a way to make use of these: 549a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 550a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * USB Device is known to be attached to USB. Note that the SD 551a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * card reader inside x86 systems is attached to USB so this 552a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * isn't super useful. 553a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * SD Device is known to be a SD card. Note that external card 554a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * readers might not return this information, so also of 555a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * questionable use. 556a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * READ_ONLY Device is known to be read-only. Could be used by recovery 557a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * when processing read-only recovery image. 558a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 559a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 5603f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg/* 5613f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * Disks are used in two ways: 5623f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * - As a random-access device to read and write the GPT 5633f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * - As a streaming device to read the kernel 5643f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * These are implemented differently on raw NAND vs eMMC/SATA/USB 5653f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * - On eMMC/SATA/USB, both of these refer to the same underlying 5663f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * storage, so they have the same size and LBA size. In this case, 5673f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * the GPT should not point to the same address as itself. 5683f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * - On raw NAND, the GPT is held on a portion of the SPI flash. 5693f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * Random access GPT operations refer to the SPI and streaming 5703f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * operations refer to NAND. The GPT may therefore point into 5713f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * the same offsets as itself. 5723f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * These types are distinguished by the following flag and VbDiskInfo 5733f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * has separate fields to describe the random-access ("GPT") and 5743f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * streaming aspects of the disk. If a disk is random-access (i.e. 5753f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * not raw NAND) then these fields are equal. 5763f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg */ 5773f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg#define VB_DISK_FLAG_EXTERNAL_GPT 0x00000004 5783f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg 579a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Information on a single disk */ 580a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbDiskInfo { 581a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Disk handle */ 582a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VbExDiskHandle_t handle; 5833f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg /* Size of a random-access LBA sector in bytes */ 584a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint64_t bytes_per_lba; 5853f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg /* Number of random-access LBA sectors on the device. 5863f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * If streaming_lba_count is 0, this stands in for the size of the 5873f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * randomly accessed portion as well as the streaming portion. 5883f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * Otherwise, this is only the randomly-accessed portion. */ 589a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint64_t lba_count; 5903f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg /* Number of streaming sectors on the device */ 5913f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg uint64_t streaming_lba_count; 592a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Flags (see VB_DISK_FLAG_* constants) */ 593a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint32_t flags; 594a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* 595a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Optional name string, for use in debugging. May be empty or null if 596a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * not available. 597a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 598a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler const char *name; 599a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbDiskInfo; 600a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 601a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 602a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Store information into [info] for all disks (storage devices) attached to 603a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * the system which match all of the disk_flags. 604a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 605a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * On output, count indicates how many disks are present, and [infos_ptr] 606a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * points to a [count]-sized array of VbDiskInfo structs with the information 607a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * on those disks; this pointer must be freed by calling VbExDiskFreeInfo(). 608a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * If count=0, infos_ptr may point to NULL. If [infos_ptr] points to NULL 609a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * because count=0 or error, it is not necessary to call VbExDiskFreeInfo(). 610a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 611a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * A multi-function device (such as a 4-in-1 card reader) should provide 612a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * multiple disk handles. 613a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 614a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * The firmware must not alter or free the list pointed to by [infos_ptr] until 615a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * VbExDiskFreeInfo() is called. 616a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 617a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall SpanglerVbError_t VbExDiskGetInfo(VbDiskInfo **infos_ptr, uint32_t *count, 618a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t disk_flags); 619a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 620a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 621a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Free a disk information list [infos] previously returned by 622a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * VbExDiskGetInfo(). If [preserve_handle] != NULL, the firmware must ensure 623a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * that handle remains valid after this call; all other handles from the info 624a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * list need not remain valid after this call. 625a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 626a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall SpanglerVbError_t VbExDiskFreeInfo(VbDiskInfo *infos, 627a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VbExDiskHandle_t preserve_handle); 628a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 629a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 630a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Read lba_count LBA sectors, starting at sector lba_start, from the disk, 631a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * into the buffer. 632a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 6333f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * This is used for random access to the GPT. It is not for the partition 6343f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * contents. The upper limit is lba_count. 6353f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * 636a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * If the disk handle is invalid (for example, the handle refers to a disk 637a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * which as been removed), the function must return error but must not 638a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * crash. 639a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 640a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDiskRead(VbExDiskHandle_t handle, uint64_t lba_start, 641a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint64_t lba_count, void *buffer); 642a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 643a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 644a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Write lba_count LBA sectors, starting at sector lba_start, to the disk, from 645a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * the buffer. 646a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 6473f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * This is used for random access to the GPT. It does not (necessarily) access 6483f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * the streaming portion of the device. 6493f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * 650a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * If the disk handle is invalid (for example, the handle refers to a disk 651a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * which as been removed), the function must return error but must not 652a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * crash. 653a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 654a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDiskWrite(VbExDiskHandle_t handle, uint64_t lba_start, 655a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler uint64_t lba_count, const void *buffer); 656a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 6575dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg/* Streaming read interface */ 6585dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenbergtypedef void *VbExStream_t; 6595dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg 6605dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg/** 6615dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * Open a stream on a disk 6625dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * 6635dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * @param handle Disk to open the stream against 6645dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * @param lba_start Starting sector offset within the disk to stream from 6655dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * @param lba_count Maximum extent of the stream in sectors 6665dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * @param stream out-paramter for the generated stream 6675dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * 6685dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * @return Error code, or VBERROR_SUCCESS. 6695dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * 6703f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * This is used for access to the contents of the actual partitions on the 6713f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * device. It is not used to access the GPT. The size of the content addressed 6723f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * is within streaming_lba_count. 6735dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg */ 6745dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan EhrenbergVbError_t VbExStreamOpen(VbExDiskHandle_t handle, uint64_t lba_start, 6755dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg uint64_t lba_count, VbExStream_t *stream_ptr); 6765dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg 6775dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg/** 6785dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * Read from a stream on a disk 6795dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * 6805dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * @param stream Stream to read from 6815dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * @param bytes Number of bytes to read 6825dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * @param buffer Destination to read into 6835dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * 6845dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * @return Error code, or VBERROR_SUCCESS. Failure to read as much data as 6855dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * requested is an error. 68679a9e0e63fd1001a3f9615f96c09acba5f20250dJulius Werner * 6873f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * This is used for access to the contents of the actual partitions on the 6883f4d8d05ba4e32990c8584bd47cdf082d4604232Dan Ehrenberg * device. It is not used to access the GPT. 6895dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg */ 6905dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan EhrenbergVbError_t VbExStreamRead(VbExStream_t stream, uint32_t bytes, void *buffer); 6915dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg 6925dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg/** 6935dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * Close a stream 6945dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * 6955dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg * @param stream Stream to close 6965dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg */ 6975dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenbergvoid VbExStreamClose(VbExStream_t stream); 6985dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg 6995dc75d16b6d5cb0ebc677e6572a2559c6157b8e4Dan Ehrenberg 700a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 701a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Display */ 702a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 703a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Predefined (default) screens for VbExDisplayScreen(). */ 704a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglerenum VbScreenType_t { 705a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Blank (clear) screen */ 706a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SCREEN_BLANK = 0, 707a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Developer - warning */ 708a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SCREEN_DEVELOPER_WARNING = 0x101, 709a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Developer - easter egg */ 710a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SCREEN_DEVELOPER_EGG = 0x102, 711a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Recovery - remove inserted devices */ 712a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SCREEN_RECOVERY_REMOVE = 0x201, 713a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Recovery - insert recovery image */ 714a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SCREEN_RECOVERY_INSERT = 0x202, 715a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Recovery - inserted image invalid */ 716a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SCREEN_RECOVERY_NO_GOOD = 0x203, 717a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Recovery - confirm dev mode */ 718a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SCREEN_RECOVERY_TO_DEV = 0x204, 719a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Developer - confirm normal mode */ 720a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SCREEN_DEVELOPER_TO_NORM = 0x205, 721a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Please wait - programming EC */ 722a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SCREEN_WAIT = 0x206, 723a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler /* Confirm after DEVELOPER_TO_NORM */ 724a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_SCREEN_TO_NORM_CONFIRMED = 0x207, 725a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler}; 726a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 727a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 728a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Initialize and clear the display. Set width and height to the screen 729a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * dimensions in pixels. 730a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 731a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall SpanglerVbError_t VbExDisplayInit(uint32_t *width, uint32_t *height); 732a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 733a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 734a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Enable (enable!=0) or disable (enable=0) the display backlight. 735a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 736a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDisplayBacklight(uint8_t enable); 737a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 738a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 7395e8f1db9d4a483678c376a0a276b8f774f91d0acHung-Te Lin * Sets the logical dimension to display. 7405e8f1db9d4a483678c376a0a276b8f774f91d0acHung-Te Lin * 7415e8f1db9d4a483678c376a0a276b8f774f91d0acHung-Te Lin * If the physical display is larger or smaller than given dimension, display 7425e8f1db9d4a483678c376a0a276b8f774f91d0acHung-Te Lin * provider may decide to scale or shift images (from VbExDisplayImage)to proper 7435e8f1db9d4a483678c376a0a276b8f774f91d0acHung-Te Lin * location. 7445e8f1db9d4a483678c376a0a276b8f774f91d0acHung-Te Lin */ 7455e8f1db9d4a483678c376a0a276b8f774f91d0acHung-Te LinVbError_t VbExDisplaySetDimension(uint32_t width, uint32_t height); 7465e8f1db9d4a483678c376a0a276b8f774f91d0acHung-Te Lin 7475e8f1db9d4a483678c376a0a276b8f774f91d0acHung-Te Lin/** 748a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Display a predefined screen; see VB_SCREEN_* for valid screens. 749a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 750a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * This is a backup method of screen display, intended for use if the GBB does 751a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * not contain a full set of bitmaps. It is acceptable for the backup screen 752a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * to be simple ASCII text such as "NO GOOD" or "INSERT"; these screens should 753a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * only be seen during development. 754a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 755a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDisplayScreen(uint32_t screen_type); 756a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 757a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 758a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Write an image to the display, with the upper left corner at the specified 759b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * pixel coordinates. The bitmap buffer is a pointer to the platform-dependent 760b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * uncompressed binary blob with dimensions and format specified internally 761b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * (for example, a raw BMP, GIF, PNG, whatever). We pass the size just for 762b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * convenience. 763b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson */ 764b1c85a8442fd2d8e05705cdcadfa40865e952975Bill RichardsonVbError_t VbExDisplayImage(uint32_t x, uint32_t y, 765a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler void *buffer, uint32_t buffersize); 766a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler 767a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 768a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Display a string containing debug information on the screen, rendered in a 769a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * platform-dependent font. Should be able to handle newlines '\n' in the 770a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * string. Firmware must support displaying at least 20 lines of text, where 771a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * each line may be at least 80 characters long. If the firmware has its own 772a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * debug state, it may display it to the screen below this information. 773a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 774a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * NOTE: This is what we currently display when TAB is pressed. Some 775a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * information (HWID, recovery reason) is ours; some (CMOS breadcrumbs) is 776a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * platform-specific. If we decide to soft-render the HWID string 777a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * (chrome-os-partner:3693), we'll need to maintain our own fonts, so we'll 778a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * likely display it via VbExDisplayImage() above. 779a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 780a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall SpanglerVbError_t VbExDisplayDebugInfo(const char *info_str); 781a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 782a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 783a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Keyboard and switches */ 784a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 785a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Key codes for required non-printable-ASCII characters. */ 786a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglerenum VbKeyCode_t { 787a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_KEY_UP = 0x100, 788a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_KEY_DOWN = 0x101, 789a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_KEY_LEFT = 0x102, 790a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_KEY_RIGHT = 0x103, 791a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler VB_KEY_CTRL_ENTER = 0x104, 792a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler}; 793a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 794a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato/* Flags for additional information. 795a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato * TODO(semenzato): consider adding flags for modifiers instead of 796a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato * making up some of the key codes above. 797a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato */ 798a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzatoenum VbKeyFlags_t { 799a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato VB_KEY_FLAG_TRUSTED_KEYBOARD = 1 << 0, 800a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato}; 801a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato 802a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 803a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Read the next keypress from the keyboard buffer. 804a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 805a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns the keypress, or zero if no keypress is pending or error. 806a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 807a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * The following keys must be returned as ASCII character codes: 808a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x08 Backspace 809a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x09 Tab 810a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x0D Enter (carriage return) 811a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x01 - 0x1A Ctrl+A - Ctrl+Z (yes, those alias with backspace/tab/enter) 812a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x1B Esc 813a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x20 Space 814a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x30 - 0x39 '0' - '9' 815a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x60 - 0x7A 'a' - 'z' 816a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 817a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Some extended keys must also be supported; see the VB_KEY_* defines above. 818a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 819a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Keys ('/') or key-chords (Fn+Q) not defined above may be handled in any of 820a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the following ways: 821a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 1. Filter (don't report anything if one of these keys is pressed). 822a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 2. Report as ASCII (if a well-defined ASCII value exists for the key). 823a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 3. Report as any other value in the range 0x200 - 0x2FF. 824a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * It is not permitted to report a key as a multi-byte code (for example, 825a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * sending an arrow key as the sequence of keys '\x1b', '[', '1', 'A'). */ 826a45ee21bb023665b51e09f722555d9e560fab232Randall Spangleruint32_t VbExKeyboardRead(void); 827a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 828a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato/** 829a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato * Same as VbExKeyboardRead(), but return extra information. 830a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato */ 831a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzatouint32_t VbExKeyboardReadWithFlags(uint32_t *flags_ptr); 832a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato 833a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato/** 834a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato * Return the current state of the switches specified in request_mask 835a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato */ 836a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzatouint32_t VbExGetSwitches(uint32_t request_mask); 837a53a0b040f45a1086515e7a5c8a8326c0b1d1f74Luigi Semenzato 838a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 839053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler/* Embedded controller (EC) */ 840053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 841e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall Spangler/* 842e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall Spangler * All these functions take a devidx parameter, which indicates which embedded 843e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall Spangler * processor the call applies to. At present, only devidx=0 is valid, but 844e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall Spangler * upcoming CLs will add support for multiple devices. 845e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall Spangler */ 846e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall Spangler 847a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 848a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * This is called only if the system implements a keyboard-based (virtual) 849053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * developer switch. It must return true only if the system has an embedded 850053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * controller which is provably running in its RO firmware at the time the 851a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * function is called. 852a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 853e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall Spanglerint VbExTrustEC(int devidx); 854053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 855a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 856a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Check if the EC is currently running rewritable code. 857053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * 858053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * If the EC is in RO code, sets *in_rw=0. 859053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * If the EC is in RW code, sets *in_rw non-zero. 860053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * If the current EC image is unknown, returns error. */ 861e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall SpanglerVbError_t VbExEcRunningRW(int devidx, int *in_rw); 862053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 863a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 864a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Request the EC jump to its rewritable code. If successful, returns when the 865a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * EC has booting its RW code far enough to respond to subsequent commands. 866a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Does nothing if the EC is already in its rewritable code. 867a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 868e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall SpanglerVbError_t VbExEcJumpToRW(int devidx); 869053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 870a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 8718912169231e589b0400debed26f9cedbbe6d9561Daisuke Nojiri * Tell the EC to refuse another jump until it reboots. Subsequent calls to 8728912169231e589b0400debed26f9cedbbe6d9561Daisuke Nojiri * VbExEcJumpToRW() in this boot will fail. 873a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 874e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall SpanglerVbError_t VbExEcDisableJump(int devidx); 875053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 876a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 877a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Read the SHA-256 hash of the rewriteable EC image. 878a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 879e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall SpanglerVbError_t VbExEcHashRW(int devidx, const uint8_t **hash, int *hash_size); 880053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 881a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 882a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Get the expected contents of the EC image associated with the main firmware 883a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * specified by the "select" argument. 884a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 885e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall SpanglerVbError_t VbExEcGetExpectedRW(int devidx, enum VbSelectFirmware_t select, 886029ae65756993979c22035e3706e2b04049ef9feRandall Spangler const uint8_t **image, int *image_size); 887053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 888a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 8895cfcab54375c93fec3f04cd1cb76ea2f5beaaf97Randall Spangler * Read the SHA-256 hash of the expected contents of the EC image associated 8905cfcab54375c93fec3f04cd1cb76ea2f5beaaf97Randall Spangler * with the main firmware specified by the "select" argument. 8915cfcab54375c93fec3f04cd1cb76ea2f5beaaf97Randall Spangler */ 892e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall SpanglerVbError_t VbExEcGetExpectedRWHash(int devidx, enum VbSelectFirmware_t select, 8935cfcab54375c93fec3f04cd1cb76ea2f5beaaf97Randall Spangler const uint8_t **hash, int *hash_size); 8945cfcab54375c93fec3f04cd1cb76ea2f5beaaf97Randall Spangler 8955cfcab54375c93fec3f04cd1cb76ea2f5beaaf97Randall Spangler/** 896a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Update the EC rewritable image. 897a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 898e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall SpanglerVbError_t VbExEcUpdateRW(int devidx, const uint8_t *image, int image_size); 899053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 900a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 901a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Lock the EC code to prevent updates until the EC is rebooted. 902a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Subsequent calls to VbExEcUpdateRW() this boot will fail. 903a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 904e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall SpanglerVbError_t VbExEcProtectRW(int devidx); 905e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall Spangler 906487a54bcbe7b6dac1a856b0991e6d13c34a1c423Sheng-Liang Song/** 907487a54bcbe7b6dac1a856b0991e6d13c34a1c423Sheng-Liang Song * Info the EC of the boot mode selected by the AP. 908487a54bcbe7b6dac1a856b0991e6d13c34a1c423Sheng-Liang Song * mode: Normal, Developer, or Recovery 909487a54bcbe7b6dac1a856b0991e6d13c34a1c423Sheng-Liang Song */ 910487a54bcbe7b6dac1a856b0991e6d13c34a1c423Sheng-Liang Songenum VbEcBootMode_t {VB_EC_NORMAL, VB_EC_DEVELOPER, VB_EC_RECOVERY }; 911487a54bcbe7b6dac1a856b0991e6d13c34a1c423Sheng-Liang SongVbError_t VbExEcEnteringMode(int devidx, enum VbEcBootMode_t mode); 912487a54bcbe7b6dac1a856b0991e6d13c34a1c423Sheng-Liang Song 913e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall Spangler/*****************************************************************************/ 914e778adae83d2ac4ab94aa10acceab328bbd3ea7bRandall Spangler/* Misc */ 915053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 916e0c55a3238f41ce30d6d592725670766355bed67Bill Richardson/* Args to VbExProtectFlash() */ 917e0c55a3238f41ce30d6d592725670766355bed67Bill Richardsonenum VbProtectFlash_t { VBPROTECT_RW_A, VBPROTECT_RW_B, VBPROTECT_RW_DEVKEY }; 918e0c55a3238f41ce30d6d592725670766355bed67Bill Richardson 919a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 920a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Lock a section of the BIOS flash address space to prevent updates until the 921e0c55a3238f41ce30d6d592725670766355bed67Bill Richardson * host is rebooted. Subsequent attempts to erase or modify the specified BIOS 922e0c55a3238f41ce30d6d592725670766355bed67Bill Richardson * image will fail. If this function is called more than once each call should 923a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * be cumulative. 924a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 925e0c55a3238f41ce30d6d592725670766355bed67Bill RichardsonVbError_t VbExProtectFlash(enum VbProtectFlash_t region); 926053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 927a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 928a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Check if the firmware needs to shut down the system. 929a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 9305d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh * Returns a non-zero VB_SHUTDOWN_REQUEST mask indicating the reason(s) for 9315d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh * shutdown if a shutdown is being requested (see VB_SHUTDOWN_REQUEST_*), or 0 9325d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh * if a shutdown is not being requested. 933a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * 934a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * NOTE: When we're displaying a screen, pressing the power button should shut 935a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * down the computer. We need a way to break out of our control loop so this 936a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * can occur cleanly. 937a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 938a45ee21bb023665b51e09f722555d9e560fab232Randall Spangleruint32_t VbExIsShutdownRequested(void); 939a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 9405d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh/* 9415d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh * Shutdown requested for a reason which is not defined among other 9425d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh * VB_SHUTDOWN_REQUEST_* values. This must be defined as 1 for backward 9435d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh * compatibility with old versions of the API. 9445d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh */ 9455d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh#define VB_SHUTDOWN_REQUEST_OTHER 0x00000001 9465d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh/* Shutdown requested due to a lid switch being closed. */ 9475d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh#define VB_SHUTDOWN_REQUEST_LID_CLOSED 0x00000002 9485d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh/* Shutdown requested due to a power button being pressed. */ 9495d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh#define VB_SHUTDOWN_REQUEST_POWER_BUTTON 0x00000004 9505d652cdffa70dc772e80548a760e1f0d67de273fShawn Nematbakhsh 951a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 952a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Expose the BIOS' built-in decompression routine to the vboot wrapper. The 953b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * caller must know how large the uncompressed data will be and must manage 954b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * that memory. The decompression routine just puts the uncompressed data into 955b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * the specified buffer. We pass in the size of the outbuf, and get back the 956b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * actual size used. 957b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson */ 958b1c85a8442fd2d8e05705cdcadfa40865e952975Bill RichardsonVbError_t VbExDecompress(void *inbuf, uint32_t in_size, 959b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson uint32_t compression_type, 960b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson void *outbuf, uint32_t *out_size); 961b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson 9620c3ba249abb1dc60f5ebabccf84ff13206440b83Bill Richardson/* Constants for compression_type */ 9630c3ba249abb1dc60f5ebabccf84ff13206440b83Bill Richardsonenum { 9640c3ba249abb1dc60f5ebabccf84ff13206440b83Bill Richardson COMPRESS_NONE = 0, 9650c3ba249abb1dc60f5ebabccf84ff13206440b83Bill Richardson COMPRESS_EFIv1, /* The x86 BIOS only supports this */ 9660c3ba249abb1dc60f5ebabccf84ff13206440b83Bill Richardson COMPRESS_LZMA1, /* The ARM BIOS supports LZMA1 */ 9670c3ba249abb1dc60f5ebabccf84ff13206440b83Bill Richardson MAX_COMPRESS, 9680c3ba249abb1dc60f5ebabccf84ff13206440b83Bill Richardson}; 9690c3ba249abb1dc60f5ebabccf84ff13206440b83Bill Richardson 970a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler/** 971a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler * Execute legacy boot option. 972a2db67d204c0dd3d152ff54958bf42c5dbe394ffRandall Spangler */ 973a2326ee152ab5b8aee924ccf794cee38d54909bdStefan Reinauerint VbExLegacy(void); 974a2326ee152ab5b8aee924ccf794cee38d54909bdStefan Reinauer 975527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass/* Regions for VbExRegionRead() */ 976527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glassenum vb_firmware_region { 977527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass VB_REGION_GBB, /* Google Binary Block - see gbbheader.h */ 978527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass 979527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass VB_REGION_COUNT, 980527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass}; 981527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass 982527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass/** 983527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * Read data from a region of the firmware image 984527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * 985527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * Vboot wants access to a region, to read data from it. This function 986527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * reads it (typically from the firmware image such as SPI flash) and 987527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * returns the data. 988527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * 989527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * cparams is passed so that the boot loader has some context for the 990527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * operation. 991527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * 992527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * @param cparams Common parameters, e.g. use member caller_context 993527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * to point to useful context data 994527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * @param region Firmware region to read 995527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * @param offset Start offset within region 996527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * @param size Number of bytes to read 997527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * @param buf Place to put data 998527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass * @return VBERROR_... error, VBERROR_SUCCESS on success, 999527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass */ 1000527ba810eff4006cf69579f6b96cb4350cb1e189Simon GlassVbError_t VbExRegionRead(VbCommonParams *cparams, 1001527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass enum vb_firmware_region region, uint32_t offset, 1002527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass uint32_t size, void *buf); 1003527ba810eff4006cf69579f6b96cb4350cb1e189Simon Glass 1004a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#endif /* VBOOT_REFERENCE_VBOOT_API_H_ */ 1005