vboot_api.h revision e0c55a3238f41ce30d6d592725670766355bed67
1053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 2a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Use of this source code is governed by a BSD-style license that can be 3a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * found in the LICENSE file. 4a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler */ 5a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 6a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* APIs provided by firmware to vboot_reference. */ 7a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 8a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* General notes: 9a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 10a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * All verified boot functions now start with "Vb" for namespace 11a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * clarity. This fixes the problem where uboot and vboot both defined 12a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * assert(). 13a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 14a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Verified boot APIs to be implemented by the calling firmware and 15a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * exported to vboot_reference start with "VbEx". 16a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler */ 17a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* TODO: split this file into a vboot_entry_points.h file which 18a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * contains the entry points for the firmware to call vboot_reference, 19a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * and a vboot_firmware_exports.h which contains the APIs to be 20a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * implemented by the calling firmware and exported to 21a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * vboot_reference. */ 22a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 23a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#ifndef VBOOT_REFERENCE_VBOOT_API_H_ 24a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VBOOT_REFERENCE_VBOOT_API_H_ 25a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 26a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#include "sysincludes.h" 27a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#include "bmpblk_header.h" 28a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 29a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 30a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 31a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Error codes */ 32a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 33a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Functions which return an error all return this type. This is a 341cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler * 32-bit value rather than an int so it's consistent across UEFI, 351cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler * which is 32-bit during PEI and 64-bit during DXE/BDS. */ 36a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef uint32_t VbError_t; 37a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 381cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler/* Predefined error numbers. */ 391cf77cda5ea2d7549caccb953079263d463feadbRandall Spanglerenum VbErrorPredefined_t { 401cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* No error; function completed successfully. */ 411cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_SUCCESS = 0, 421cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler 431cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Errors are non-zero, but differ between functions. For example, 441cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler * the TPM functions may pass through TPM error codes, some of which 451cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler * may be recoverable. */ 461cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler 471cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* The verified boot entry points VbInit(), VbSelectFirmware(), 481cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler * VbSelectAndLoadKernel() may return the following errors. */ 491cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler 501cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unknown error */ 511cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_UNKNOWN = 0x10000, 521cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to initialize shared data */ 531cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_INIT_SHARED_DATA = 0x10001, 541cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Error resuming TPM during a S3 resume */ 551cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_S3_RESUME = 0x10002, 5682e69b9f7494c5f939e2b546c06eeb13d68bdd03Bill Richardson /* VbSelectFirmware() failed to find a valid firmware */ 571cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_LOAD_FIRMWARE = 0x10003, 581cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to write firmware versions to TPM */ 591cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_WRITE_FIRMWARE = 0x10004, 601cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to lock firmware versions in TPM */ 611cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_LOCK_FIRMWARE = 0x10005, 621cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to set boot mode state in TPM */ 631cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_SET_BOOT_MODE_STATE = 0x10006, 641cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* TPM requires reboot */ 651cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_REBOOT_REQUIRED = 0x10007, 661cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to set up TPM */ 671cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_FIRMWARE_SETUP = 0x10008, 681cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to read kernel versions from TPM */ 691cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_READ_KERNEL = 0x10009, 701cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Attempted to load developer-only firmware when developer switch was off */ 711cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_DEV_FIRMWARE_SWITCH_MISMATCH = 0x1000A, 721cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to write kernel versions to TPM */ 731cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_WRITE_KERNEL = 0x1000B, 741cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to lock kernel versions in TPM */ 751cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_TPM_LOCK_KERNEL = 0x1000C, 761cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Calling firmware requested shutdown via VbExIsShutdownRequested() */ 771cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_SHUTDOWN_REQUESTED = 0x1000D, 781cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Unable to find a suitable boot device on which to look for a kernel */ 791cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_NO_DISK_FOUND = 0x1000E, 801cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* No OS kernel found on any boot device */ 811cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_NO_KERNEL_FOUND = 0x1000F, 821cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* All OS kernels found were invalid (corrupt, improperly signed, etc.) */ 831cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_INVALID_KERNEL_FOUND = 0x10010, 8482e69b9f7494c5f939e2b546c06eeb13d68bdd03Bill Richardson /* VbSelectAndLoadKernel() requested recovery mode */ 851cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_LOAD_KERNEL_RECOVERY = 0x10011, 8682e69b9f7494c5f939e2b546c06eeb13d68bdd03Bill Richardson /* Other error inside VbSelectAndLoadKernel() */ 871cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_LOAD_KERNEL = 0x10012, 881cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Invalid Google binary block */ 891cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_INVALID_GBB = 0x10013, 901cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Invalid bitmap volume */ 911cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler VBERROR_INVALID_BMPFV = 0x10014, 921cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler /* Invalid screen index */ 93dfb0175a5b077e2c3c2809ee71c9b3368d91dbd9Randall Spangler VBERROR_INVALID_SCREEN_INDEX = 0x10015, 94dfb0175a5b077e2c3c2809ee71c9b3368d91dbd9Randall Spangler /* Simulated (test) error */ 95dfb0175a5b077e2c3c2809ee71c9b3368d91dbd9Randall Spangler VBERROR_SIMULATED = 0x10016, 96dfb0175a5b077e2c3c2809ee71c9b3368d91dbd9Randall Spangler /* Invalid parameter */ 974313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson VBERROR_INVALID_PARAMETER = 0x10017, 984313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson /* VbExBeep() can't make sounds at all */ 994313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson VBERROR_NO_SOUND = 0x10018, 1004313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson /* VbExBeep() can't make sound in the background */ 10182e69b9f7494c5f939e2b546c06eeb13d68bdd03Bill Richardson VBERROR_NO_BACKGROUND_SOUND = 0x10019, 10282e69b9f7494c5f939e2b546c06eeb13d68bdd03Bill Richardson /* Developer has requested a BIOS shell */ 103ec8df1628cd9cf236bf912dee7d4365d7977e697Bill Richardson VBERROR_BIOS_SHELL_REQUESTED = 0x10020, 10488d9375f50726fb26f1d4fcb909aa15256e24a17Bill Richardson /* Need VGA and don't have it, or vice-versa */ 10588d9375f50726fb26f1d4fcb909aa15256e24a17Bill Richardson VBERROR_VGA_OPROM_MISMATCH = 0x10021, 106cc36ff4073c13eb6dc755248f357883316962e94Randall Spangler /* Need EC to reboot to read-only code */ 107cc36ff4073c13eb6dc755248f357883316962e94Randall Spangler VBERROR_EC_REBOOT_TO_RO_REQUIRED = 0x10022 1081cf77cda5ea2d7549caccb953079263d463feadbRandall Spangler}; 109a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 110a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 111a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 112a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Main entry points from firmware into vboot_reference */ 113a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 114a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Minimum and recommended size of shared_data_blob in bytes. Shared 115a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * data blob is used to communicate data between calls to VbInit(), 116a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSelectFirmware(), the OS. Minimum size is enough to hold all 117a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * required data for verified boot but may not be able to hold debug 118a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * output. */ 119a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_SHARED_DATA_MIN_SIZE 3072 120a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_SHARED_DATA_REC_SIZE 16384 121a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 122a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Data passed by firmware to VbInit(), VbSelectFirmware() and 123a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSelectAndLoadKernel(). */ 124a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Note that in UEFI, these are called by different phases in 125a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * different processor modes (VbInit() and VbSelectFirmware() = 32-bit PEI, 126a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSelectAndLoadKernel() = 64-bit BDS), so the data may be at a different 127a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * location between calls. */ 128a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbCommonParams { 129a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* gbb_data; /* Pointer to GBB data */ 130a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t gbb_size; /* Size of GBB data in bytes */ 131a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 132a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Shared data blob for data shared between verified boot entry 133a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * points. This should be at least VB_SHARED_DATA_MIN_SIZE bytes 134a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * long, and ideally is VB_SHARED_DATA_REC_SIZE bytes long. */ 135a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* shared_data_blob; /* Pointer to shared data blob buffer */ 136a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t shared_data_size; /* On input, set to size of shared data blob 137a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * buffer, in bytes. On output, this will 138a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * contain the actual data size placed into 139a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the buffer. */ 140a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 141a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Internal context/data for verified boot, to maintain state during 142a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * calls to other API functions such as VbExHashFirmwareBody(). 143a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Allocated and freed inside the entry point; firmware should not 144a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * look at this. */ 145a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* vboot_context; 146a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 147a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Internal context/data for firmware / VbExHashFirmwareBody(). 148a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Needed because the PEI phase of UEFI boot runs out of ROM and 149a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * thus can't modify global variables; everything needs to get 150a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * passed around on the stack. */ 151a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* caller_context; 152a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbCommonParams; 153a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 154a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 155a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Flags for VbInitParams.flags */ 156a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Developer switch was on at boot time. */ 157a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_FLAG_DEV_SWITCH_ON 0x00000001 158a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Recovery button was pressed at boot time. */ 159a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_FLAG_REC_BUTTON_PRESSED 0x00000002 160a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Hardware write protect was enabled at boot time. */ 161a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_FLAG_WP_ENABLED 0x00000004 1621b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler/* This is a S3 resume, not a normal boot. */ 1631b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler#define VB_INIT_FLAG_S3_RESUME 0x00000008 1649619112a574b975476667545e3a326052fa0c50bRandall Spangler/* Previous boot attempt failed for reasons external to verified boot (RAM 1659619112a574b975476667545e3a326052fa0c50bRandall Spangler * init failure, SSD missing, etc.). */ 1669619112a574b975476667545e3a326052fa0c50bRandall Spangler/* TODO: add a field to VbInitParams which holds a reason code, and report 1679619112a574b975476667545e3a326052fa0c50bRandall Spangler * that via VbSharedData. */ 1689619112a574b975476667545e3a326052fa0c50bRandall Spangler#define VB_INIT_FLAG_PREVIOUS_BOOT_FAIL 0x00000010 1698bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler/* Calling firmware supports read only firmware for normal/developer 1708bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler * boot path. */ 1718bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler#define VB_INIT_FLAG_RO_NORMAL_SUPPORT 0x00000020 172b75d8adcc01f08cf5a6d87b78aeb1d7cdfcd22afBill Richardson/* This platform does not have a physical dev-switch, so we must rely on a 173b75d8adcc01f08cf5a6d87b78aeb1d7cdfcd22afBill Richardson * virtual switch (kept in the TPM) instead. When this flag is set, 174b75d8adcc01f08cf5a6d87b78aeb1d7cdfcd22afBill Richardson * VB_INIT_FLAG_DEV_SWITCH_ON is ignored. */ 175b75d8adcc01f08cf5a6d87b78aeb1d7cdfcd22afBill Richardson#define VB_INIT_FLAG_VIRTUAL_DEV_SWITCH 0x00000040 17617b8224ea582b2ba90b30a3e8e2d913e49c7818aBill Richardson/* Set when the VGA Option ROM has been loaded already. */ 17717b8224ea582b2ba90b30a3e8e2d913e49c7818aBill Richardson#define VB_INIT_FLAG_OPROM_LOADED 0x00000080 17888d9375f50726fb26f1d4fcb909aa15256e24a17Bill Richardson/* Set if we care about the VGA Option ROM - some platforms don't. */ 17988d9375f50726fb26f1d4fcb909aa15256e24a17Bill Richardson#define VB_INIT_FLAG_OPROM_MATTERS 0x00000100 180b2ac7fbbbf05fecfbabd37f6a2e4b268c9ac330fRandall Spangler/* EC on this platform supports EC software sync. */ 18188d9375f50726fb26f1d4fcb909aa15256e24a17Bill Richardson#define VB_INIT_FLAG_EC_SOFTWARE_SYNC 0x00000200 182f217520215e7e3d2f5ca006992ab5002927c4f87Bill Richardson/* EC on this platform is slow to update. */ 183f217520215e7e3d2f5ca006992ab5002927c4f87Bill Richardson#define VB_INIT_FLAG_EC_SLOW_UPDATE 0x00000400 1849dc62178c97b94e5c308f1c36fd0858c316959e5Bill Richardson/* Software write protect was enabled at boot time. This is separate from the 1859dc62178c97b94e5c308f1c36fd0858c316959e5Bill Richardson * HW write protect. Both must be set for flash write protection to work. */ 1869dc62178c97b94e5c308f1c36fd0858c316959e5Bill Richardson#define VB_INIT_FLAG_SW_WP_ENABLED 0x00000800 187a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 188a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Output flags for VbInitParams.out_flags. Used to indicate 189a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * potential boot paths and configuration to the calling firmware 190a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * early in the boot process, so that it can properly configure itself 191a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * for the capabilities subsequently required by VbSelectFirmware() 192a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * and VbSelectAndLoadKernel(). */ 193a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Enable recovery path. Do not rely on any rewritable data (cached 194a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * RAM timings, etc.). Reliable operation is more important than boot 195a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * speed. */ 196a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_ENABLE_RECOVERY 0x00000001 197a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* RAM must be cleared before calling VbSelectFirmware(). */ 198a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_CLEAR_RAM 0x00000002 199a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Load display drivers; VbExDisplay*() functions may be called. If this flag 200a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * is not present, VbExDisplay*() functions will not be called this boot. */ 201a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_ENABLE_DISPLAY 0x00000004 202a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Load USB storage drivers; VbExDisk*() functions may be called with the 203a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VB_DISK_FLAG_REMOVABLE flag. If this flag is not present, VbExDisk*() 204a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * functions will only be called for fixed disks. */ 205a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_INIT_OUT_ENABLE_USB_STORAGE 0x00000008 2061b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler/* If this is a S3 resume, do a debug reset boot instead */ 2071b1998dff0002f20b3f27a21e6e79d8951e64684Randall Spangler#define VB_INIT_OUT_S3_DEBUG_BOOT 0x00000010 208c8e4ff7c15e6bf5992a578b66bec47d69cde3beaBill Richardson/* BIOS should load any PCI option ROMs it finds, not just internal video */ 209c8e4ff7c15e6bf5992a578b66bec47d69cde3beaBill Richardson#define VB_INIT_OUT_ENABLE_OPROM 0x00000020 2100d11efb0dc1d8d2b5eafdd5b65bce82e73fdeeccBill Richardson/* BIOS may be asked to boot something other than ChromeOS */ 2110d11efb0dc1d8d2b5eafdd5b65bce82e73fdeeccBill Richardson#define VB_INIT_OUT_ENABLE_ALTERNATE_OS 0x00000040 212dc6b642b47168a09fa1702092961595ab0674c03Che-Liang Chiou/* Enable developer path. */ 213dc6b642b47168a09fa1702092961595ab0674c03Che-Liang Chiou#define VB_INIT_OUT_ENABLE_DEVELOPER 0x00000080 214a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 215a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 216a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Data only used by VbInit() */ 217a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbInitParams { 218a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Inputs to VbInit() */ 219a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t flags; /* Flags (see VB_INIT_FLAG_*) */ 220a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 221a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Outputs from VbInit(); valid only if it returns success. */ 222a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t out_flags; /* Output flags for firmware; see 223a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VB_INIT_OUT_*) */ 224a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbInitParams; 225a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 226a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 227a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Firmware types for VbHashFirmwareBody() and 228a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSelectFirmwareParams.selected_firmware. Note that we store these 229a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * in a uint32_t because enum maps to int, which isn't fixed-size. */ 230a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglerenum VbSelectFirmware_t { 231a712e01ae783351e921031aab59ff1b7583d683dRandall Spangler /* Recovery mode */ 232a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SELECT_FIRMWARE_RECOVERY = 0, 233a712e01ae783351e921031aab59ff1b7583d683dRandall Spangler /* Rewritable firmware A/B for normal or developer path */ 234a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SELECT_FIRMWARE_A = 1, 235a712e01ae783351e921031aab59ff1b7583d683dRandall Spangler VB_SELECT_FIRMWARE_B = 2, 2368bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler /* Read only firmware for normal or developer path. */ 237a712e01ae783351e921031aab59ff1b7583d683dRandall Spangler VB_SELECT_FIRMWARE_READONLY = 3 238a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler}; 239a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 240a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 241a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Data only used by VbSelectFirmware() */ 242a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbSelectFirmwareParams { 243a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Inputs to VbSelectFirmware() */ 244a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* verification_block_A; /* Key block + preamble for firmware A */ 245a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* verification_block_B; /* Key block + preamble for firmware B */ 246a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t verification_size_A; /* Verification block A size in bytes */ 247a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t verification_size_B; /* Verification block B size in bytes */ 248a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 249a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Outputs from VbSelectFirmware(); valid only if it returns success. */ 2508bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler uint32_t selected_firmware; /* Main firmware to run; see 2518bf0d5ff0ff77aaf496507bbe8d65a5f3027c80cRandall Spangler * VB_SELECT_FIRMWARE_*. */ 252a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbSelectFirmwareParams; 253a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 254a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 255a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* We use disk handles rather than indices. Using indices causes problems if 256a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * a disk is removed/inserted in the middle of processing. */ 257a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef void* VbExDiskHandle_t; 258a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 259a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 260a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Data used only by VbSelectAndLoadKernel() */ 261a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbSelectAndLoadKernelParams { 262a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Inputs to VbSelectAndLoadKernel() */ 263a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler void* kernel_buffer; /* Destination buffer for kernel 264a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * (normally at 0x100000 on x86) */ 265a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t kernel_buffer_size; /* Size of kernel buffer in bytes */ 266a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 267a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* Outputs from VbSelectAndLoadKernel(); valid only if it returns success. */ 268a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VbExDiskHandle_t disk_handle; /* Handle of disk containing loaded kernel */ 269a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t partition_number; /* Partition number on disk to boot (1...M) */ 270a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint64_t bootloader_address; /* Address of bootloader image in RAM */ 271a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t bootloader_size; /* Size of bootloader image in bytes */ 272a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint8_t partition_guid[16]; /* UniquePartitionGuid for boot partition */ 273a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler /* TODO: in H2C, all that pretty much just gets passed to the bootloader 274a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * as KernelBootloaderOptions, though the disk handle is passed as an index 275a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * instead of a handle. Is that used anymore now that we're passing 276a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * partition_guid? */ 277a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbSelectAndLoadKernelParams; 278a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 279a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 280a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Initialize the verified boot library. 281a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 282a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns VBERROR_SUCCESS if success, non-zero if error; on error, 283a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * caller should reboot. */ 284a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams); 285a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 286a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 287a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Select the main firmware. 288a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 289a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns VBERROR_SUCCESS if success, non-zero if error; on error, 290a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * caller should reboot. */ 291a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* NOTE: This is now called in all modes, including recovery. 292a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Previously, LoadFirmware() was not called in recovery mode, which 293a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * meant that LoadKernel() needed to duplicate the TPM and 294a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSharedData initialization code. */ 295a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbSelectFirmware(VbCommonParams* cparams, 296a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VbSelectFirmwareParams* fparams); 297a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 298a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Update the data hash for the current firmware image, extending it 299a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * by [size] bytes stored in [*data]. This function must only be 300a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * called inside VbExHashFirmwareBody(), which is in turn called by 301a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbSelectFirmware(). */ 302a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid VbUpdateFirmwareBodyHash(VbCommonParams* cparams, 303a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint8_t* data, uint32_t size); 304a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 305a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Select and loads the kernel. 306a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 307a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns VBERROR_SUCCESS if success, non-zero if error; on error, 308a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * caller should reboot. */ 309a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbSelectAndLoadKernel(VbCommonParams* cparams, 310a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VbSelectAndLoadKernelParams* kparams); 311a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 312a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 313a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Debug output (from utility.h) */ 314a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 315a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Output an error message and quit. Does not return. Supports 316a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * printf()-style formatting. */ 317a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid VbExError(const char* format, ...); 318a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 319a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Output a debug message. Supports printf()-style formatting. */ 320a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid VbExDebug(const char* format, ...); 321a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 322a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 323a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 324a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Memory (from utility.h) */ 325a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 326a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Allocate [size] bytes and return a pointer to the allocated memory. Abort 327a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * on error; this always either returns a good pointer or never returns. 328a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 329a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * If any of the firmware API implementations require aligned data 330a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * (for example, disk access on ARM), all pointers returned by 331a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbExMalloc() must also be aligned. */ 332a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid* VbExMalloc(size_t size); 333a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 334a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Free memory pointed to by [ptr] previously allocated by VbExMalloc(). */ 335a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid VbExFree(void* ptr); 336a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 337a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 338a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 339a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Timer and delay (first two from utility.h) */ 340a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 341a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Read a high-resolution timer. Returns the current timer value in 342a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * arbitrary units. 343a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 344a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * This is intended for benchmarking, so this call MUST be fast. The 345a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * timer frequency must be >1 KHz (preferably >1 MHz), and the timer 346a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * must not wrap around for at least 10 minutes. It is preferable 347a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * (but not required) that the timer be initialized to 0 at boot. 348a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 349a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * It is assumed that the firmware has some other way of communicating 350a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the timer frequency to the OS. For example, on x86 we use TSC, and 351a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the OS kernel reports the initial TSC value at kernel-start and 352a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * calculates the frequency. */ 353a45ee21bb023665b51e09f722555d9e560fab232Randall Spangleruint64_t VbExGetTimer(void); 354a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 355a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Delay for at least the specified number of milliseconds. Should be 356a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * accurate to within 10% (a requested delay of 1000 ms should 357a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * result in an actual delay of between 1000 - 1100 ms). */ 358a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglervoid VbExSleepMs(uint32_t msec); 359a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 360a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Play a beep tone of the specified frequency in Hz and duration in msec. 361a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * This is effectively a VbSleep() variant that makes noise. 362a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 3634313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * If the audio codec can run in the background, then: 3644313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * zero frequency means OFF, non-zero frequency means ON 3654313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * zero msec means return immediately, non-zero msec means delay (and 3664313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * then OFF if needed) 3674313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * else: 3684313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * non-zero msec and non-zero frequency means ON, delay, OFF, return 3694313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * zero msec or zero frequency means do nothing and return immediately 3704313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * 3714313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * The return value is used by the caller to determine the capabilities. The 3724313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * implementation should always do the best it can if it cannot fully support 3734313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * all features - for example, beeping at a fixed frequency if frequency 3744313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * support is not available. At a minimum, it must delay for the specified 3754313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson * non-zero duration. 3764313fba2fb928f662a63b7566f235291dc1455f7Bill Richardson */ 3774313fba2fb928f662a63b7566f235291dc1455f7Bill RichardsonVbError_t VbExBeep(uint32_t msec, uint32_t frequency); 378a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 379a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 380a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 381a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* TPM (from tlcl_stub.h) */ 382a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 383a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Initialize the stub library. */ 384a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExTpmInit(void); 385a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 386a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Close and open the device. This is needed for running more complex commands 387a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * at user level, such as TPM_TakeOwnership, since the TPM device can be opened 388a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * only by one process at a time. */ 389a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExTpmClose(void); 390a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExTpmOpen(void); 391a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 392a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Send a request_length-byte request to the TPM and receive a 393a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * response. On input, response_length is the size of the response 394a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * buffer in bytes. On exit, response_length is set to the actual 395a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * received response length in bytes. */ 396a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExTpmSendReceive(const uint8_t* request, uint32_t request_length, 397a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint8_t* response, uint32_t* response_length); 398a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 399a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 400a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 401a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Non-volatile storage */ 402a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 403a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VBNV_BLOCK_SIZE 16 /* Size of NV storage block in bytes */ 404a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 405a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Read the VBNV_BLOCK_SIZE-byte non-volatile storage into buf. */ 406a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExNvStorageRead(uint8_t* buf); 407a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 408a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Write the VBNV_BLOCK_SIZE-byte non-volatile storage from buf. */ 409a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExNvStorageWrite(const uint8_t* buf); 410a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 411a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 412a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 413a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Firmware / EEPROM access (previously in load_firmware_fw.h) */ 414a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 415a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Calculate the hash of the firmware body data for [firmware_index], 416a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * which is either VB_SELECT_FIRMWARE_A or VB_SELECT_FIRMWARE B. 417a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 418a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * This function must call VbUpdateFirmwareBodyHash() before 419a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * returning, to update the secure hash for the firmware image. For 420a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * best performance, the implementation should call 421a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbUpdateFirmwareBodyHash() periodically during the read, so that 422a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * updating the hash can be pipelined with the read. If the reader 423a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * cannot update the hash during the read process, it should call 424a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbUpdateFirmwareBodyHash() on the entire firmware data after the 425a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * read, before returning. 426a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 427a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * It is recommended that the firmware use this call to copy the 428a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * requested firmware body from EEPROM into RAM, so that it doesn't 429a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * need to do a second slow copy from EEPROM to RAM if this firmware 430a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * body is selected. 431a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 432a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Note this function doesn't actually pass the firmware body data to 433a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * verified boot, because verified boot doesn't actually need the 434a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * firmware body, just its hash. This is important on x86, where the 435a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * firmware is stored compressed. We hash the compressed data, but 436a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the BIOS decompresses it during read. Simply updating a hash is 437a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * compatible with the x86 read-and-decompress pipeline. */ 438a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExHashFirmwareBody(VbCommonParams* cparams, 439a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t firmware_index); 440a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 441a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 442a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Disk access (previously in boot_device.h) */ 443a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 444a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Flags for VbDisk APIs */ 445a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Disk is removable. Example removable disks: SD cards, USB keys. */ 446a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_DISK_FLAG_REMOVABLE 0x00000001 447a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Disk is fixed. If this flag is present, disk is internal to the 448a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * system and not removable. Example fixed disks: internal SATA SSD, eMMC. */ 449a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#define VB_DISK_FLAG_FIXED 0x00000002 450a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Note that VB_DISK_FLAG_REMOVABLE and VB_DISK_FLAG_FIXED are 451a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * mutually-exclusive for a single disk. VbExDiskGetInfo() may specify 452a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * both flags to request disks of both types in a single call. */ 453a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* At some point we could specify additional flags, but we don't currently 454a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * have a way to make use of these: 455a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 456a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * USB Device is known to be attached to USB. Note that the SD 457a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * card reader inside x86 systems is attached to USB so this 458a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * isn't super useful. 459a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * SD Device is known to be a SD card. Note that external card 460a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * readers might not return this information, so also of 461a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * questionable use. 462a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * READ_ONLY Device is known to be read-only. Could be used by recovery 463a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * when processing read-only recovery image. 464a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler **/ 465a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 466a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Information on a single disk */ 467a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglertypedef struct VbDiskInfo { 468a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VbExDiskHandle_t handle; /* Disk handle */ 469a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint64_t bytes_per_lba; /* Size of a LBA sector in bytes */ 470a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint64_t lba_count; /* Number of LBA sectors on the device */ 471a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t flags; /* Flags (see VB_DISK_FLAG_* constants) */ 472a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler const char* name; /* Optional name string, for use in debugging. 473a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * May be empty or null if not available. */ 474a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler} VbDiskInfo; 475a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 476a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Store information into [info] for all disks (storage devices) 477a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * attached to the system which match all of the disk_flags. 478a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 479a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * On output, count indicates how many disks are present, and 480a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * [infos_ptr] points to a [count]-sized array of VbDiskInfo structs 481a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * with the information on those disks; this pointer must be freed by 482a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * calling VbExDiskFreeInfo(). If count=0, infos_ptr may point to 483a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * NULL. If [infos_ptr] points to NULL because count=0 or error, it 484a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * is not necessary to call VbExDiskFreeInfo(). 485a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 486a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * A multi-function device (such as a 4-in-1 card reader) should provide 487a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * multiple disk handles. 488a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 489a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * The firmware must not alter or free the list pointed to by 490a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * [infos_ptr] until VbExDiskFreeInfo() is called. */ 491a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDiskGetInfo(VbDiskInfo** infos_ptr, uint32_t* count, 492a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint32_t disk_flags); 493a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 494a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Free a disk information list [infos] previously returned by 495a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * VbExDiskGetInfo(). If [preserve_handle] != NULL, the firmware must 496a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * ensure that handle remains valid after this call; all other handles 497a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * from the info list need not remain valid after this call. */ 498a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDiskFreeInfo(VbDiskInfo* infos, 499a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VbExDiskHandle_t preserve_handle); 500a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 501a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Read lba_count LBA sectors, starting at sector lba_start, from the disk, 502a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * into the buffer. 503a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 504a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * If the disk handle is invalid (for example, the handle refers to a 505a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * disk which as been removed), the function must return error but 506a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * must not crash. */ 507a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDiskRead(VbExDiskHandle_t handle, uint64_t lba_start, 508a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint64_t lba_count, void* buffer); 509a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 510a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Write lba_count LBA sectors, starting at sector lba_start, to the 511a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * disk, from the buffer. 512a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 513a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * If the disk handle is invalid (for example, the handle refers to a 514a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * disk which as been removed), the function must return error but 515a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * must not crash. */ 516a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDiskWrite(VbExDiskHandle_t handle, uint64_t lba_start, 517a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler uint64_t lba_count, const void* buffer); 518a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 519a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 520a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 521a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Display */ 522a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 523a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Predefined (default) screens for VbExDisplayScreen(). */ 524a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglerenum VbScreenType_t { 525a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_BLANK = 0, /* Blank (clear) screen */ 526a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_DEVELOPER_WARNING = 0x101, /* Developer - warning */ 527a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_DEVELOPER_EGG = 0x102, /* Developer - easter egg */ 528a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_RECOVERY_REMOVE = 0x201, /* Recovery - remove inserted devices */ 529a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_RECOVERY_INSERT = 0x202, /* Recovery - insert recovery image */ 530a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_SCREEN_RECOVERY_NO_GOOD = 0x203, /* Recovery - inserted image invalid */ 531ec8df1628cd9cf236bf912dee7d4365d7977e697Bill Richardson VB_SCREEN_RECOVERY_TO_DEV = 0x204, /* Recovery - confirm dev mode */ 5322934475dbc6267915ecddd7bb53c922da928a749Bill Richardson VB_SCREEN_DEVELOPER_TO_NORM = 0x205, /* Developer - confirm normal mode */ 533b48cd672a731df7866b43110c62ebbbf23120125Bill Richardson VB_SCREEN_WAIT = 0x206, /* Please wait - programming EC */ 5349ea8e0d390cccff2057acc71dcc3807e3709c2fbHung-Te Lin VB_SCREEN_TO_NORM_CONFIRMED = 0x207, /* Confirm after DEVELOPER_TO_NORM */ 535a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler}; 536a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 537a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Initialize and clear the display. Set width and height to the screen 538a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * dimensions in pixels. */ 539a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDisplayInit(uint32_t* width, uint32_t* height); 540a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 541a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 542a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Enable (enable!=0) or disable (enable=0) the display backlight. */ 543a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDisplayBacklight(uint8_t enable); 544a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 545a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 546a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Display a predefined screen; see VB_SCREEN_* for valid screens. 547a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * This is a backup method of screen display, intended for use if the 548a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * GBB does not contain a full set of bitmaps. It is acceptable for 549a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the backup screen to be simple ASCII text such as "NO GOOD" or 550a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * "INSERT"; these screens should only be seen during development. */ 551a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDisplayScreen(uint32_t screen_type); 552a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 553a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 554b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson/* Write an image to the display, with the upper left corner at the specified 555b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * pixel coordinates. The bitmap buffer is a pointer to the platform-dependent 556b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * uncompressed binary blob with dimensions and format specified internally 557b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * (for example, a raw BMP, GIF, PNG, whatever). We pass the size just for 558b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * convenience. 559b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson */ 560b1c85a8442fd2d8e05705cdcadfa40865e952975Bill RichardsonVbError_t VbExDisplayImage(uint32_t x, uint32_t y, 561b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson void* buffer, uint32_t buffersize); 562a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 563a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Display a string containing debug information on the screen, 564a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * rendered in a platform-dependent font. Should be able to handle 565a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * newlines '\n' in the string. Firmware must support displaying at 566a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * least 20 lines of text, where each line may be at least 80 567a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * characters long. If the firmware has its own debug state, it may 568a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * display it to the screen below this information. */ 569a45ee21bb023665b51e09f722555d9e560fab232Randall SpanglerVbError_t VbExDisplayDebugInfo(const char* info_str); 570a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* NOTE: This is what we currently display on ZGB/Alex when TAB is 571a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * pressed. Some information (HWID, recovery reason) is ours; some 572a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * (CMOS breadcrumbs) is platform-specific. If we decide to 573a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * soft-render the HWID string (chrome-os-partner:3693), we'll need to 574a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * maintain our own fonts, so we'll likely display it via 575b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * VbExDisplayImage() above. */ 576a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 577a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 578a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 579a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Keyboard and switches */ 580a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 581a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Key codes for required non-printable-ASCII characters. */ 582a45ee21bb023665b51e09f722555d9e560fab232Randall Spanglerenum VbKeyCode_t { 583a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_KEY_UP = 0x100, 584a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_KEY_DOWN = 0x101, 585a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler VB_KEY_LEFT = 0x102, 5862ddd5f64515b4be9847a16de793c59b161221e1bTom Wai-Hong Tam VB_KEY_RIGHT = 0x103, 5872ddd5f64515b4be9847a16de793c59b161221e1bTom Wai-Hong Tam VB_KEY_CTRL_ENTER = 0x104, 588a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler}; 589a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 590a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Read the next keypress from the keyboard buffer. 591a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 592a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns the keypress, or zero if no keypress is pending or error. 593a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 594a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * The following keys must be returned as ASCII character codes: 595a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x08 Backspace 596a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x09 Tab 597a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x0D Enter (carriage return) 598a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x01 - 0x1A Ctrl+A - Ctrl+Z (yes, those alias with backspace/tab/enter) 599a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x1B Esc 600a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x20 Space 601a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x30 - 0x39 '0' - '9' 602a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 0x60 - 0x7A 'a' - 'z' 603a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 604a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Some extended keys must also be supported; see the VB_KEY_* defines above. 605a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 606a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Keys ('/') or key-chords (Fn+Q) not defined above may be handled in any of 607a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * the following ways: 608a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 1. Filter (don't report anything if one of these keys is pressed). 609a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 2. Report as ASCII (if a well-defined ASCII value exists for the key). 610a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 3. Report as any other value in the range 0x200 - 0x2FF. 611a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * It is not permitted to report a key as a multi-byte code (for example, 612a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * sending an arrow key as the sequence of keys '\x1b', '[', '1', 'A'). */ 613a45ee21bb023665b51e09f722555d9e560fab232Randall Spangleruint32_t VbExKeyboardRead(void); 614a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 615a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 616a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/*****************************************************************************/ 617053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler/* Embedded controller (EC) */ 618053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 619053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler/* This is called only if the system implements a keyboard-based (virtual) 620053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * developer switch. It must return true only if the system has an embedded 621053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * controller which is provably running in its RO firmware at the time the 622053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * function is called. */ 623053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spanglerint VbExTrustEC(void); 624053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 625053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler/* Check if the EC is currently running rewritable code. 626053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * 627053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * If the EC is in RO code, sets *in_rw=0. 628053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * If the EC is in RW code, sets *in_rw non-zero. 629053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * If the current EC image is unknown, returns error. */ 630053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall SpanglerVbError_t VbExEcRunningRW(int *in_rw); 631053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 632053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler/* Request the EC jump to its rewritable code. If successful, returns 633053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * when the EC has booting its RW code far enough to respond to 634053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * subsequent commands. Does nothing if the EC is already in its 635053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * rewritable code. */ 636053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall SpanglerVbError_t VbExEcJumpToRW(void); 637053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 638053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler/* Tell the EC to stay in RO code until it reboots. Subsequent calls to 639053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * VbExEcJumpToRW() this boot will fail. Fails if the EC is not currently in 640053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * RO code. */ 641053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall SpanglerVbError_t VbExEcStayInRO(void); 642053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 643053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler/* Read the SHA-256 hash of the rewriteable EC image. */ 644053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall SpanglerVbError_t VbExEcHashRW(const uint8_t **hash, int *hash_size); 645053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 646b1aa7aea2dd2b956dc6d04c430bda29d4d15679fGabe Black/* Get the expected contents of the EC image associated with the main firmware 647b1aa7aea2dd2b956dc6d04c430bda29d4d15679fGabe Black * specified by the "select" argument. */ 648029ae65756993979c22035e3706e2b04049ef9feRandall SpanglerVbError_t VbExEcGetExpectedRW(enum VbSelectFirmware_t select, 649029ae65756993979c22035e3706e2b04049ef9feRandall Spangler const uint8_t **image, int *image_size); 650053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 651053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler/* Update the EC rewritable image. */ 652053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall SpanglerVbError_t VbExEcUpdateRW(const uint8_t *image, int image_size); 653053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 654053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler/* Lock the EC code to prevent updates until the EC is rebooted. 655053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler * Subsequent calls to VbExEcUpdateRW() this boot will fail. */ 656053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall SpanglerVbError_t VbExEcProtectRW(void); 657053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 658e0c55a3238f41ce30d6d592725670766355bed67Bill Richardson/* Args to VbExProtectFlash() */ 659e0c55a3238f41ce30d6d592725670766355bed67Bill Richardsonenum VbProtectFlash_t { VBPROTECT_RW_A, VBPROTECT_RW_B, VBPROTECT_RW_DEVKEY }; 660e0c55a3238f41ce30d6d592725670766355bed67Bill Richardson 661e0c55a3238f41ce30d6d592725670766355bed67Bill Richardson/* Lock a section of the BIOS flash address space to prevent updates until the 662e0c55a3238f41ce30d6d592725670766355bed67Bill Richardson * host is rebooted. Subsequent attempts to erase or modify the specified BIOS 663e0c55a3238f41ce30d6d592725670766355bed67Bill Richardson * image will fail. If this function is called more than once each call should 664e0c55a3238f41ce30d6d592725670766355bed67Bill Richardson * be cumulative. */ 665e0c55a3238f41ce30d6d592725670766355bed67Bill RichardsonVbError_t VbExProtectFlash(enum VbProtectFlash_t region); 666053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler 667053b7b682c60eb7bcf55a079ff7afccccef82fa6Randall Spangler/*****************************************************************************/ 668a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Misc */ 669a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 670a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* Checks if the firmware needs to shut down the system. 671a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * 672a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * Returns 1 if a shutdown is being requested (for example, the user has 673a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * pressed the power button or closed the lid), or 0 if a shutdown is not 674a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * being requested. */ 675a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler/* NOTE: When we're displaying a screen, pressing the power button 676a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * should shut down the computer. We need a way to break out of our 677a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler * control loop so this can occur cleanly. */ 678a45ee21bb023665b51e09f722555d9e560fab232Randall Spangleruint32_t VbExIsShutdownRequested(void); 679a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler 680b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson/* Expose the BIOS' built-in decompression routine to the vboot wrapper. The 681b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * caller must know how large the uncompressed data will be and must manage 682b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * that memory. The decompression routine just puts the uncompressed data into 683b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * the specified buffer. We pass in the size of the outbuf, and get back the 684b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson * actual size used. 685b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson */ 686b1c85a8442fd2d8e05705cdcadfa40865e952975Bill RichardsonVbError_t VbExDecompress(void *inbuf, uint32_t in_size, 687b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson uint32_t compression_type, 688b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson void *outbuf, uint32_t *out_size); 689b1c85a8442fd2d8e05705cdcadfa40865e952975Bill Richardson 690592567e95612cdfa679b9b9fd3e4afe0579b1210Bill Richardson 691a45ee21bb023665b51e09f722555d9e560fab232Randall Spangler#endif /* VBOOT_REFERENCE_VBOOT_API_H_ */ 692