vboot_api.h revision 17b8224ea582b2ba90b30a3e8e2d913e49c7818a
1a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 2a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Use of this source code is governed by a BSD-style license that can be 3a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * found in the LICENSE file. 4a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler */ 5a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 6a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* APIs provided by firmware to vboot_reference. */ 7a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 8a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* General notes: 9a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 10a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * All verified boot functions now start with "Vb" for namespace 11a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * clarity. This fixes the problem where uboot and vboot both defined 12a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * assert(). 13a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 14a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Verified boot APIs to be implemented by the calling firmware and 15a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * exported to vboot_reference start with "VbEx". 16a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler */ 17a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* TODO: split this file into a vboot_entry_points.h file which 18a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * contains the entry points for the firmware to call vboot_reference, 19a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * and a vboot_firmware_exports.h which contains the APIs to be 20a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * implemented by the calling firmware and exported to 21a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * vboot_reference. */ 22a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 23a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#ifndef VBOOT_REFERENCE_VBOOT_API_H_ 24a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VBOOT_REFERENCE_VBOOT_API_H_ 25a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 26a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#include "sysincludes.h" 27a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#include "bmpblk_header.h" 28a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 29a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 30a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 31a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Error codes */ 32a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 33a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Functions which return an error all return this type. This is a 341cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler * 32-bit value rather than an int so it's consistent across UEFI, 351cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler * which is 32-bit during PEI and 64-bit during DXE/BDS. */ 36a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef uint32_t VbError_t; 37a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 381cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler/* Predefined error numbers. */ 391cf77cda5ea2d7549caccb953079263d463feadbRandall Spanglerenum VbErrorPredefined_t { 401cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* No error; function completed successfully. */ 411cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_SUCCESS = 0, 421cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler 431cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Errors are non-zero, but differ between functions. For example, 441cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler * the TPM functions may pass through TPM error codes, some of which 451cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler * may be recoverable. */ 461cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler 471cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* The verified boot entry points VbInit(), VbSelectFirmware(), 481cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler * VbSelectAndLoadKernel() may return the following errors. */ 491cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler 501cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unknown error */ 511cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_UNKNOWN = 0x10000, 521cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to initialize shared data */ 531cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_INIT_SHARED_DATA = 0x10001, 541cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Error resuming TPM during a S3 resume */ 551cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_S3_RESUME = 0x10002, 5682e69b9f7494c5f939e2b546c06eeb13d68bdd03Bill Richardson /* VbSelectFirmware() failed to find a valid firmware */ 571cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_LOAD_FIRMWARE = 0x10003, 581cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to write firmware versions to TPM */ 591cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_WRITE_FIRMWARE = 0x10004, 601cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to lock firmware versions in TPM */ 611cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_LOCK_FIRMWARE = 0x10005, 621cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to set boot mode state in TPM */ 631cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_SET_BOOT_MODE_STATE = 0x10006, 641cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* TPM requires reboot */ 651cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_REBOOT_REQUIRED = 0x10007, 661cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to set up TPM */ 671cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_FIRMWARE_SETUP = 0x10008, 681cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to read kernel versions from TPM */ 691cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_READ_KERNEL = 0x10009, 701cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Attempted to load developer-only firmware when developer switch was off */ 711cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_DEV_FIRMWARE_SWITCH_MISMATCH = 0x1000A, 721cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to write kernel versions to TPM */ 731cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_WRITE_KERNEL = 0x1000B, 741cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to lock kernel versions in TPM */ 751cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_LOCK_KERNEL = 0x1000C, 761cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Calling firmware requested shutdown via VbExIsShutdownRequested() */ 771cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_SHUTDOWN_REQUESTED = 0x1000D, 781cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to find a suitable boot device on which to look for a kernel */ 791cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_NO_DISK_FOUND = 0x1000E, 801cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* No OS kernel found on any boot device */ 811cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_NO_KERNEL_FOUND = 0x1000F, 821cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* All OS kernels found were invalid (corrupt, improperly signed, etc.) */ 831cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_INVALID_KERNEL_FOUND = 0x10010, 8482e69b9f7494c5f939e2b546c06eeb13d68bdd03Bill Richardson /* VbSelectAndLoadKernel() requested recovery mode */ 851cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_LOAD_KERNEL_RECOVERY = 0x10011, 8682e69b9f7494c5f939e2b546c06eeb13d68bdd03Bill Richardson /* Other error inside VbSelectAndLoadKernel() */ 871cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_LOAD_KERNEL = 0x10012, 881cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Invalid Google binary block */ 891cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_INVALID_GBB = 0x10013, 901cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Invalid bitmap volume */ 911cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_INVALID_BMPFV = 0x10014, 921cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Invalid screen index */ 93dfb0175a5b077e2c3c2809ee71c9b3368d91dbd9Randall Spangler VBERROR_INVALID_SCREEN_INDEX = 0x10015, 94dfb0175a5b077e2c3c2809ee71c9b3368d91dbd9Randall Spangler /* Simulated (test) error */ 95dfb0175a5b077e2c3c2809ee71c9b3368d91dbd9Randall Spangler VBERROR_SIMULATED = 0x10016, 96dfb0175a5b077e2c3c2809ee71c9b3368d91dbd9Randall Spangler /* Invalid parameter */ 974313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson VBERROR_INVALID_PARAMETER = 0x10017, 984313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson /* VbExBeep() can't make sounds at all */ 994313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson VBERROR_NO_SOUND = 0x10018, 1004313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson /* VbExBeep() can't make sound in the background */ 10182e69b9f7494c5f939e2b546c06eeb13d68bdd03Bill Richardson VBERROR_NO_BACKGROUND_SOUND = 0x10019, 10282e69b9f7494c5f939e2b546c06eeb13d68bdd03Bill Richardson /* Developer has requested a BIOS shell */ 103ec8df1628cd9cf236bf912dee7d4365d7977e697Bill Richardson VBERROR_BIOS_SHELL_REQUESTED = 0x10020, 1041cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler}; 105a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 106a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 107a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 108a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Main entry points from firmware into vboot_reference */ 109a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 110a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Minimum and recommended size of shared_data_blob in bytes. Shared 111a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * data blob is used to communicate data between calls to VbInit(), 112a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSelectFirmware(), the OS. Minimum size is enough to hold all 113a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * required data for verified boot but may not be able to hold debug 114a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * output. */ 115a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_SHARED_DATA_MIN_SIZE 3072 116a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_SHARED_DATA_REC_SIZE 16384 117a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 118a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Data passed by firmware to VbInit(), VbSelectFirmware() and 119a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSelectAndLoadKernel(). */ 120a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Note that in UEFI, these are called by different phases in 121a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * different processor modes (VbInit() and VbSelectFirmware() = 32-bit PEI, 122a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSelectAndLoadKernel() = 64-bit BDS), so the data may be at a different 123a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * location between calls. */ 124a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbCommonParams { 125a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* gbb_data; /* Pointer to GBB data */ 126a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t gbb_size; /* Size of GBB data in bytes */ 127a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 128a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Shared data blob for data shared between verified boot entry 129a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * points. This should be at least VB_SHARED_DATA_MIN_SIZE bytes 130a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * long, and ideally is VB_SHARED_DATA_REC_SIZE bytes long. */ 131a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* shared_data_blob; /* Pointer to shared data blob buffer */ 132a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t shared_data_size; /* On input, set to size of shared data blob 133a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * buffer, in bytes. On output, this will 134a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * contain the actual data size placed into 135a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the buffer. */ 136a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 137a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Internal context/data for verified boot, to maintain state during 138a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * calls to other API functions such as VbExHashFirmwareBody(). 139a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Allocated and freed inside the entry point; firmware should not 140a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * look at this. */ 141a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* vboot_context; 142a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 143a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Internal context/data for firmware / VbExHashFirmwareBody(). 144a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Needed because the PEI phase of UEFI boot runs out of ROM and 145a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * thus can't modify global variables; everything needs to get 146a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * passed around on the stack. */ 147a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* caller_context; 148a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbCommonParams; 149a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 150a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 151a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Flags for VbInitParams.flags */ 152a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Developer switch was on at boot time. */ 153a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_FLAG_DEV_SWITCH_ON 0x00000001 154a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Recovery button was pressed at boot time. */ 155a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_FLAG_REC_BUTTON_PRESSED 0x00000002 156a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Hardware write protect was enabled at boot time. */ 157a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_FLAG_WP_ENABLED 0x00000004 1581b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler/* This is a S3 resume, not a normal boot. */ 1591b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler#define VB_INIT_FLAG_S3_RESUME 0x00000008 1609619112a574b975476667545e3a326052fa0c50bRandall Spangler/* Previous boot attempt failed for reasons external to verified boot (RAM 1619619112a574b975476667545e3a326052fa0c50bRandall Spangler * init failure, SSD missing, etc.). */ 1629619112a574b975476667545e3a326052fa0c50bRandall Spangler/* TODO: add a field to VbInitParams which holds a reason code, and report 1639619112a574b975476667545e3a326052fa0c50bRandall Spangler * that via VbSharedData. */ 1649619112a574b975476667545e3a326052fa0c50bRandall Spangler#define VB_INIT_FLAG_PREVIOUS_BOOT_FAIL 0x00000010 1658bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler/* Calling firmware supports read only firmware for normal/developer 1668bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler * boot path. */ 1678bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler#define VB_INIT_FLAG_RO_NORMAL_SUPPORT 0x00000020 168b75d8adcc01f08cf5a6d87b78aeb1d7cdfcd22afBill Richardson/* This platform does not have a physical dev-switch, so we must rely on a 169b75d8adcc01f08cf5a6d87b78aeb1d7cdfcd22afBill Richardson * virtual switch (kept in the TPM) instead. When this flag is set, 170b75d8adcc01f08cf5a6d87b78aeb1d7cdfcd22afBill Richardson * VB_INIT_FLAG_DEV_SWITCH_ON is ignored. */ 171b75d8adcc01f08cf5a6d87b78aeb1d7cdfcd22afBill Richardson#define VB_INIT_FLAG_VIRTUAL_DEV_SWITCH 0x00000040 17217b8224ea582b2ba90b30a3e8e2d913e49c7818aBill Richardson/* Set when the VGA Option ROM has been loaded already. */ 17317b8224ea582b2ba90b30a3e8e2d913e49c7818aBill Richardson#define VB_INIT_FLAG_OPROM_LOADED 0x00000080 174a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 175a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Output flags for VbInitParams.out_flags. Used to indicate 176a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * potential boot paths and configuration to the calling firmware 177a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * early in the boot process, so that it can properly configure itself 178a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * for the capabilities subsequently required by VbSelectFirmware() 179a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * and VbSelectAndLoadKernel(). */ 180a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Enable recovery path. Do not rely on any rewritable data (cached 181a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * RAM timings, etc.). Reliable operation is more important than boot 182a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * speed. */ 183a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_ENABLE_RECOVERY 0x00000001 184a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* RAM must be cleared before calling VbSelectFirmware(). */ 185a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_CLEAR_RAM 0x00000002 186a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Load display drivers; VbExDisplay*() functions may be called. If this flag 187a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * is not present, VbExDisplay*() functions will not be called this boot. */ 188a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_ENABLE_DISPLAY 0x00000004 189a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Load USB storage drivers; VbExDisk*() functions may be called with the 190a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VB_DISK_FLAG_REMOVABLE flag. If this flag is not present, VbExDisk*() 191a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * functions will only be called for fixed disks. */ 192a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_ENABLE_USB_STORAGE 0x00000008 1931b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler/* If this is a S3 resume, do a debug reset boot instead */ 1941b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler#define VB_INIT_OUT_S3_DEBUG_BOOT 0x00000010 195c8e4ff7c15e6bf5992a578b66bec47d69cde3beaBill Richardson/* BIOS should load any PCI option ROMs it finds, not just internal video */ 196c8e4ff7c15e6bf5992a578b66bec47d69cde3beaBill Richardson#define VB_INIT_OUT_ENABLE_OPROM 0x00000020 1970d11efb0dc1d8d2b5eafdd5b65bce82e73fdeeccBill Richardson/* BIOS may be asked to boot something other than ChromeOS */ 1980d11efb0dc1d8d2b5eafdd5b65bce82e73fdeeccBill Richardson#define VB_INIT_OUT_ENABLE_ALTERNATE_OS 0x00000040 199a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 200a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 201a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Data only used by VbInit() */ 202a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbInitParams { 203a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Inputs to VbInit() */ 204a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t flags; /* Flags (see VB_INIT_FLAG_*) */ 205a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 206a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Outputs from VbInit(); valid only if it returns success. */ 207a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t out_flags; /* Output flags for firmware; see 208a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VB_INIT_OUT_*) */ 209a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbInitParams; 210a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 211a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 212a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Firmware types for VbHashFirmwareBody() and 213a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSelectFirmwareParams.selected_firmware. Note that we store these 214a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * in a uint32_t because enum maps to int, which isn't fixed-size. */ 215a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglerenum VbSelectFirmware_t { 216a712e01ae783351e921031aab59ff1b7583d683dRandall Spangler /* Recovery mode */ 217a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SELECT_FIRMWARE_RECOVERY = 0, 218a712e01ae783351e921031aab59ff1b7583d683dRandall Spangler /* Rewritable firmware A/B for normal or developer path */ 219a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SELECT_FIRMWARE_A = 1, 220a712e01ae783351e921031aab59ff1b7583d683dRandall Spangler VB_SELECT_FIRMWARE_B = 2, 2218bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler /* Read only firmware for normal or developer path. */ 222a712e01ae783351e921031aab59ff1b7583d683dRandall Spangler VB_SELECT_FIRMWARE_READONLY = 3 223a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler}; 224a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 225a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 226a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Data only used by VbSelectFirmware() */ 227a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbSelectFirmwareParams { 228a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Inputs to VbSelectFirmware() */ 229a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* verification_block_A; /* Key block + preamble for firmware A */ 230a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* verification_block_B; /* Key block + preamble for firmware B */ 231a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t verification_size_A; /* Verification block A size in bytes */ 232a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t verification_size_B; /* Verification block B size in bytes */ 233a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 234a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Outputs from VbSelectFirmware(); valid only if it returns success. */ 2358bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler uint32_t selected_firmware; /* Main firmware to run; see 2368bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler * VB_SELECT_FIRMWARE_*. */ 237a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbSelectFirmwareParams; 238a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 239a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 240a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* We use disk handles rather than indices. Using indices causes problems if 241a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * a disk is removed/inserted in the middle of processing. */ 242a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef void* VbExDiskHandle_t; 243a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 244a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 245a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Data used only by VbSelectAndLoadKernel() */ 246a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbSelectAndLoadKernelParams { 247a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Inputs to VbSelectAndLoadKernel() */ 248a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* kernel_buffer; /* Destination buffer for kernel 249a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * (normally at 0x100000 on x86) */ 250a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t kernel_buffer_size; /* Size of kernel buffer in bytes */ 251a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 252a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Outputs from VbSelectAndLoadKernel(); valid only if it returns success. */ 253a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VbExDiskHandle_t disk_handle; /* Handle of disk containing loaded kernel */ 254a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t partition_number; /* Partition number on disk to boot (1...M) */ 255a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint64_t bootloader_address; /* Address of bootloader image in RAM */ 256a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t bootloader_size; /* Size of bootloader image in bytes */ 257a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint8_t partition_guid[16]; /* UniquePartitionGuid for boot partition */ 258a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* TODO: in H2C, all that pretty much just gets passed to the bootloader 259a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * as KernelBootloaderOptions, though the disk handle is passed as an index 260a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * instead of a handle. Is that used anymore now that we're passing 261a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * partition_guid? */ 262a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbSelectAndLoadKernelParams; 263a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 264a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 265a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Initialize the verified boot library. 266a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 267a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns VBERROR_SUCCESS if success, non-zero if error; on error, 268a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * caller should reboot. */ 269a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams); 270a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 271a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 272a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Select the main firmware. 273a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 274a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns VBERROR_SUCCESS if success, non-zero if error; on error, 275a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * caller should reboot. */ 276a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* NOTE: This is now called in all modes, including recovery. 277a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Previously, LoadFirmware() was not called in recovery mode, which 278a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * meant that LoadKernel() needed to duplicate the TPM and 279a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSharedData initialization code. */ 280a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbSelectFirmware(VbCommonParams* cparams, 281a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VbSelectFirmwareParams* fparams); 282a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 283a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Update the data hash for the current firmware image, extending it 284a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * by [size] bytes stored in [*data]. This function must only be 285a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * called inside VbExHashFirmwareBody(), which is in turn called by 286a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSelectFirmware(). */ 287a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid VbUpdateFirmwareBodyHash(VbCommonParams* cparams, 288a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint8_t* data, uint32_t size); 289a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 290a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Select and loads the kernel. 291a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 292a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns VBERROR_SUCCESS if success, non-zero if error; on error, 293a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * caller should reboot. */ 294a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbSelectAndLoadKernel(VbCommonParams* cparams, 295a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VbSelectAndLoadKernelParams* kparams); 296a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 297a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 298a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Debug output (from utility.h) */ 299a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 300a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Output an error message and quit. Does not return. Supports 301a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * printf()-style formatting. */ 302a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid VbExError(const char* format, ...); 303a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 304a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Output a debug message. Supports printf()-style formatting. */ 305a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid VbExDebug(const char* format, ...); 306a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 307a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 308a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 309a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Memory (from utility.h) */ 310a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 311a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Allocate [size] bytes and return a pointer to the allocated memory. Abort 312a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * on error; this always either returns a good pointer or never returns. 313a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 314a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * If any of the firmware API implementations require aligned data 315a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * (for example, disk access on ARM), all pointers returned by 316a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbExMalloc() must also be aligned. */ 317a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid* VbExMalloc(size_t size); 318a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 319a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Free memory pointed to by [ptr] previously allocated by VbExMalloc(). */ 320a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid VbExFree(void* ptr); 321a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 322a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 323a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 324a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Timer and delay (first two from utility.h) */ 325a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 326a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Read a high-resolution timer. Returns the current timer value in 327a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * arbitrary units. 328a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 329a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * This is intended for benchmarking, so this call MUST be fast. The 330a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * timer frequency must be >1 KHz (preferably >1 MHz), and the timer 331a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * must not wrap around for at least 10 minutes. It is preferable 332a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * (but not required) that the timer be initialized to 0 at boot. 333a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 334a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * It is assumed that the firmware has some other way of communicating 335a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the timer frequency to the OS. For example, on x86 we use TSC, and 336a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the OS kernel reports the initial TSC value at kernel-start and 337a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * calculates the frequency. */ 338a45ee21bb023665b51e09f722555d9e560fab232Randall Spangleruint64_t VbExGetTimer(void); 339a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 340a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Delay for at least the specified number of milliseconds. Should be 341a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * accurate to within 10% (a requested delay of 1000 ms should 342a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * result in an actual delay of between 1000 - 1100 ms). */ 343a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid VbExSleepMs(uint32_t msec); 344a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 345a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Play a beep tone of the specified frequency in Hz and duration in msec. 346a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * This is effectively a VbSleep() variant that makes noise. 347a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 3484313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * If the audio codec can run in the background, then: 3494313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * zero frequency means OFF, non-zero frequency means ON 3504313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * zero msec means return immediately, non-zero msec means delay (and 3514313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * then OFF if needed) 3524313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * else: 3534313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * non-zero msec and non-zero frequency means ON, delay, OFF, return 3544313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * zero msec or zero frequency means do nothing and return immediately 3554313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * 3564313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * The return value is used by the caller to determine the capabilities. The 3574313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * implementation should always do the best it can if it cannot fully support 3584313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * all features - for example, beeping at a fixed frequency if frequency 3594313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * support is not available. At a minimum, it must delay for the specified 3604313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * non-zero duration. 3614313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson */ 3624313fba2fb928f662a63b7566f235291dc1455f7Bill RichardsonVbError_t VbExBeep(uint32_t msec, uint32_t frequency); 363a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 364a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 365a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 366a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* TPM (from tlcl_stub.h) */ 367a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 368a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Initialize the stub library. */ 369a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExTpmInit(void); 370a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 371a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Close and open the device. This is needed for running more complex commands 372a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * at user level, such as TPM_TakeOwnership, since the TPM device can be opened 373a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * only by one process at a time. */ 374a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExTpmClose(void); 375a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExTpmOpen(void); 376a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 377a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Send a request_length-byte request to the TPM and receive a 378a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * response. On input, response_length is the size of the response 379a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * buffer in bytes. On exit, response_length is set to the actual 380a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * received response length in bytes. */ 381a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExTpmSendReceive(const uint8_t* request, uint32_t request_length, 382a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint8_t* response, uint32_t* response_length); 383a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 384a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 385a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 386a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Non-volatile storage */ 387a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 388a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VBNV_BLOCK_SIZE 16 /* Size of NV storage block in bytes */ 389a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 390a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Read the VBNV_BLOCK_SIZE-byte non-volatile storage into buf. */ 391a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExNvStorageRead(uint8_t* buf); 392a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 393a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Write the VBNV_BLOCK_SIZE-byte non-volatile storage from buf. */ 394a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExNvStorageWrite(const uint8_t* buf); 395a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 396a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 397a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 398a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Firmware / EEPROM access (previously in load_firmware_fw.h) */ 399a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 400a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Calculate the hash of the firmware body data for [firmware_index], 401a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * which is either VB_SELECT_FIRMWARE_A or VB_SELECT_FIRMWARE B. 402a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 403a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * This function must call VbUpdateFirmwareBodyHash() before 404a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * returning, to update the secure hash for the firmware image. For 405a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * best performance, the implementation should call 406a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbUpdateFirmwareBodyHash() periodically during the read, so that 407a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * updating the hash can be pipelined with the read. If the reader 408a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * cannot update the hash during the read process, it should call 409a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbUpdateFirmwareBodyHash() on the entire firmware data after the 410a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * read, before returning. 411a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 412a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * It is recommended that the firmware use this call to copy the 413a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * requested firmware body from EEPROM into RAM, so that it doesn't 414a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * need to do a second slow copy from EEPROM to RAM if this firmware 415a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * body is selected. 416a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 417a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Note this function doesn't actually pass the firmware body data to 418a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * verified boot, because verified boot doesn't actually need the 419a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * firmware body, just its hash. This is important on x86, where the 420a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * firmware is stored compressed. We hash the compressed data, but 421a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the BIOS decompresses it during read. Simply updating a hash is 422a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * compatible with the x86 read-and-decompress pipeline. */ 423a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExHashFirmwareBody(VbCommonParams* cparams, 424a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t firmware_index); 425a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 426a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 427a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Disk access (previously in boot_device.h) */ 428a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 429a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Flags for VbDisk APIs */ 430a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Disk is removable. Example removable disks: SD cards, USB keys. */ 431a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_DISK_FLAG_REMOVABLE 0x00000001 432a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Disk is fixed. If this flag is present, disk is internal to the 433a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * system and not removable. Example fixed disks: internal SATA SSD, eMMC. */ 434a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_DISK_FLAG_FIXED 0x00000002 435a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Note that VB_DISK_FLAG_REMOVABLE and VB_DISK_FLAG_FIXED are 436a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * mutually-exclusive for a single disk. VbExDiskGetInfo() may specify 437a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * both flags to request disks of both types in a single call. */ 438a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* At some point we could specify additional flags, but we don't currently 439a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * have a way to make use of these: 440a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 441a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * USB Device is known to be attached to USB. Note that the SD 442a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * card reader inside x86 systems is attached to USB so this 443a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * isn't super useful. 444a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * SD Device is known to be a SD card. Note that external card 445a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * readers might not return this information, so also of 446a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * questionable use. 447a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * READ_ONLY Device is known to be read-only. Could be used by recovery 448a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * when processing read-only recovery image. 449a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler **/ 450a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 451a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Information on a single disk */ 452a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbDiskInfo { 453a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VbExDiskHandle_t handle; /* Disk handle */ 454a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint64_t bytes_per_lba; /* Size of a LBA sector in bytes */ 455a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint64_t lba_count; /* Number of LBA sectors on the device */ 456a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t flags; /* Flags (see VB_DISK_FLAG_* constants) */ 457a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler const char* name; /* Optional name string, for use in debugging. 458a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * May be empty or null if not available. */ 459a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbDiskInfo; 460a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 461a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Store information into [info] for all disks (storage devices) 462a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * attached to the system which match all of the disk_flags. 463a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 464a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * On output, count indicates how many disks are present, and 465a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * [infos_ptr] points to a [count]-sized array of VbDiskInfo structs 466a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * with the information on those disks; this pointer must be freed by 467a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * calling VbExDiskFreeInfo(). If count=0, infos_ptr may point to 468a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * NULL. If [infos_ptr] points to NULL because count=0 or error, it 469a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * is not necessary to call VbExDiskFreeInfo(). 470a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 471a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * A multi-function device (such as a 4-in-1 card reader) should provide 472a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * multiple disk handles. 473a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 474a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * The firmware must not alter or free the list pointed to by 475a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * [infos_ptr] until VbExDiskFreeInfo() is called. */ 476a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDiskGetInfo(VbDiskInfo** infos_ptr, uint32_t* count, 477a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t disk_flags); 478a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 479a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Free a disk information list [infos] previously returned by 480a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbExDiskGetInfo(). If [preserve_handle] != NULL, the firmware must 481a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * ensure that handle remains valid after this call; all other handles 482a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * from the info list need not remain valid after this call. */ 483a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDiskFreeInfo(VbDiskInfo* infos, 484a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VbExDiskHandle_t preserve_handle); 485a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 486a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Read lba_count LBA sectors, starting at sector lba_start, from the disk, 487a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * into the buffer. 488a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 489a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * If the disk handle is invalid (for example, the handle refers to a 490a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * disk which as been removed), the function must return error but 491a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * must not crash. */ 492a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDiskRead(VbExDiskHandle_t handle, uint64_t lba_start, 493a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint64_t lba_count, void* buffer); 494a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 495a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Write lba_count LBA sectors, starting at sector lba_start, to the 496a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * disk, from the buffer. 497a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 498a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * If the disk handle is invalid (for example, the handle refers to a 499a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * disk which as been removed), the function must return error but 500a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * must not crash. */ 501a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDiskWrite(VbExDiskHandle_t handle, uint64_t lba_start, 502a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint64_t lba_count, const void* buffer); 503a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 504a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 505a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 506a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Display */ 507a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 508a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Predefined (default) screens for VbExDisplayScreen(). */ 509a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglerenum VbScreenType_t { 510a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_BLANK = 0, /* Blank (clear) screen */ 511a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_DEVELOPER_WARNING = 0x101, /* Developer - warning */ 512a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_DEVELOPER_EGG = 0x102, /* Developer - easter egg */ 513a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_RECOVERY_REMOVE = 0x201, /* Recovery - remove inserted devices */ 514a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_RECOVERY_INSERT = 0x202, /* Recovery - insert recovery image */ 515a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_RECOVERY_NO_GOOD = 0x203, /* Recovery - inserted image invalid */ 516ec8df1628cd9cf236bf912dee7d4365d7977e697Bill Richardson VB_SCREEN_RECOVERY_TO_DEV = 0x204, /* Recovery - confirm dev mode */ 517ec8df1628cd9cf236bf912dee7d4365d7977e697Bill Richardson VB_SCREEN_RECOVERY_TO_NORM = 0x205, /* Recovery - confirm normal mode */ 518a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler}; 519a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 520a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Initialize and clear the display. Set width and height to the screen 521a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * dimensions in pixels. */ 522a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDisplayInit(uint32_t* width, uint32_t* height); 523a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 524a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 525a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Enable (enable!=0) or disable (enable=0) the display backlight. */ 526a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDisplayBacklight(uint8_t enable); 527a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 528a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 529a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Display a predefined screen; see VB_SCREEN_* for valid screens. 530a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * This is a backup method of screen display, intended for use if the 531a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * GBB does not contain a full set of bitmaps. It is acceptable for 532a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the backup screen to be simple ASCII text such as "NO GOOD" or 533a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * "INSERT"; these screens should only be seen during development. */ 534a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDisplayScreen(uint32_t screen_type); 535a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 536a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 537b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson/* Write an image to the display, with the upper left corner at the specified 538b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * pixel coordinates. The bitmap buffer is a pointer to the platform-dependent 539b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * uncompressed binary blob with dimensions and format specified internally 540b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * (for example, a raw BMP, GIF, PNG, whatever). We pass the size just for 541b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * convenience. 542b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson */ 543b1c85a8442fd2d8e05705cdcadfa40865e952975Bill RichardsonVbError_t VbExDisplayImage(uint32_t x, uint32_t y, 544b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson void* buffer, uint32_t buffersize); 545a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 546a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Display a string containing debug information on the screen, 547a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * rendered in a platform-dependent font. Should be able to handle 548a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * newlines '\n' in the string. Firmware must support displaying at 549a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * least 20 lines of text, where each line may be at least 80 550a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * characters long. If the firmware has its own debug state, it may 551a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * display it to the screen below this information. */ 552a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDisplayDebugInfo(const char* info_str); 553a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* NOTE: This is what we currently display on ZGB/Alex when TAB is 554a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * pressed. Some information (HWID, recovery reason) is ours; some 555a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * (CMOS breadcrumbs) is platform-specific. If we decide to 556a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * soft-render the HWID string (chrome-os-partner:3693), we'll need to 557a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * maintain our own fonts, so we'll likely display it via 558b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * VbExDisplayImage() above. */ 559a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 560a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 561a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 562a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Keyboard and switches */ 563a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 564a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Key codes for required non-printable-ASCII characters. */ 565a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglerenum VbKeyCode_t { 566a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_KEY_UP = 0x100, 567a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_KEY_DOWN = 0x101, 568a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_KEY_LEFT = 0x102, 5692ddd5f64515b4be9847a16de793c59b161221e1bTom Wai-Hong Tam VB_KEY_RIGHT = 0x103, 5702ddd5f64515b4be9847a16de793c59b161221e1bTom Wai-Hong Tam VB_KEY_CTRL_ENTER = 0x104, 571a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler}; 572a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 573a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Read the next keypress from the keyboard buffer. 574a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 575a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns the keypress, or zero if no keypress is pending or error. 576a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 577a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * The following keys must be returned as ASCII character codes: 578a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x08 Backspace 579a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x09 Tab 580a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x0D Enter (carriage return) 581a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x01 - 0x1A Ctrl+A - Ctrl+Z (yes, those alias with backspace/tab/enter) 582a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x1B Esc 583a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x20 Space 584a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x30 - 0x39 '0' - '9' 585a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x60 - 0x7A 'a' - 'z' 586a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 587a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Some extended keys must also be supported; see the VB_KEY_* defines above. 588a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 589a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Keys ('/') or key-chords (Fn+Q) not defined above may be handled in any of 590a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the following ways: 591a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 1. Filter (don't report anything if one of these keys is pressed). 592a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 2. Report as ASCII (if a well-defined ASCII value exists for the key). 593a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 3. Report as any other value in the range 0x200 - 0x2FF. 594a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * It is not permitted to report a key as a multi-byte code (for example, 595a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * sending an arrow key as the sequence of keys '\x1b', '[', '1', 'A'). */ 596a45ee21bb023665b51e09f722555d9e560fab232Randall Spangleruint32_t VbExKeyboardRead(void); 597a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 598a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 599a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 600a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Misc */ 601a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 602a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Checks if the firmware needs to shut down the system. 603a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 604a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns 1 if a shutdown is being requested (for example, the user has 605a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * pressed the power button or closed the lid), or 0 if a shutdown is not 606a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * being requested. */ 607a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* NOTE: When we're displaying a screen, pressing the power button 608a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * should shut down the computer. We need a way to break out of our 609a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * control loop so this can occur cleanly. */ 610a45ee21bb023665b51e09f722555d9e560fab232Randall Spangleruint32_t VbExIsShutdownRequested(void); 611a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 612b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson/* Expose the BIOS' built-in decompression routine to the vboot wrapper. The 613b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * caller must know how large the uncompressed data will be and must manage 614b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * that memory. The decompression routine just puts the uncompressed data into 615b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * the specified buffer. We pass in the size of the outbuf, and get back the 616b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * actual size used. 617b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson */ 618b1c85a8442fd2d8e05705cdcadfa40865e952975Bill RichardsonVbError_t VbExDecompress(void *inbuf, uint32_t in_size, 619b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson uint32_t compression_type, 620b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson void *outbuf, uint32_t *out_size); 621b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson 622592567e95612cdfa679b9b9fd3e4afe0579b1210Bill Richardson 623592567e95612cdfa679b9b9fd3e4afe0579b1210Bill Richardson/* This is called only if the system implements a keyboard-based (virtual) 624592567e95612cdfa679b9b9fd3e4afe0579b1210Bill Richardson * developer switch. It must return true only if the system has an embedded 625592567e95612cdfa679b9b9fd3e4afe0579b1210Bill Richardson * controller which is provably running in its RO firmware at the time the 626592567e95612cdfa679b9b9fd3e4afe0579b1210Bill Richardson * function is called. */ 627592567e95612cdfa679b9b9fd3e4afe0579b1210Bill Richardsonint VbExTrustEC(void); 628592567e95612cdfa679b9b9fd3e4afe0579b1210Bill Richardson 629a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#endif /* VBOOT_REFERENCE_VBOOT_API_H_ */ 630