16f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. 26f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Use of this source code is governed by a BSD-style license that can be 36f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * found in the LICENSE file. 46f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 56f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Vboot 2.0 data structures (compatible with vboot1) 66f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 76f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Note: Many of the structs have pairs of 32-bit fields and reserved fields. 86f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * This is to be backwards-compatible with older verified boot data which used 96f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 64-bit fields (when we thought that hey, UEFI is 64-bit so all our fields 106f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * should be too). 116f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 126f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Offsets should be padded to 32-bit boundaries, since some architectures 136f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * have trouble with accessing unaligned integers. 146f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 156f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 166f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#ifndef VBOOT_REFERENCE_VB2_STRUCT_H_ 176f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define VBOOT_REFERENCE_VB2_STRUCT_H_ 186f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#include <stdint.h> 196f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 206f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/* Packed public key data */ 216f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerstruct vb2_packed_key { 226f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Offset of key data from start of this struct */ 236f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t key_offset; 246f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t reserved0; 256f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 266f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Size of key data in bytes (NOT strength of key in bits) */ 276f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t key_size; 286f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t reserved1; 296f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 306f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Signature algorithm used by the key (enum vb2_crypto_algorithm) */ 316f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t algorithm; 326f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t reserved2; 336f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 346f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Key version */ 356f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t key_version; 366f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t reserved3; 376f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 386f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* TODO: when redoing this struct, add a text description of the key */ 396f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler} __attribute__((packed)); 406f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 416f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define EXPECTED_VB2_PACKED_KEY_SIZE 32 426f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 436f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 446f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/* Signature data (a secure hash, possibly signed) */ 456f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerstruct vb2_signature { 466f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Offset of signature data from start of this struct */ 476f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t sig_offset; 486f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t reserved0; 496f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 506f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Size of signature data in bytes */ 516f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t sig_size; 526f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t reserved1; 536f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 546f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Size of the data block which was signed in bytes */ 556f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t data_size; 566f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t reserved2; 576f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler} __attribute__((packed)); 586f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 596f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define EXPECTED_VB2_SIGNATURE_SIZE 24 606f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 616f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 626f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define KEY_BLOCK_MAGIC "CHROMEOS" 636f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define KEY_BLOCK_MAGIC_SIZE 8 646f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 656f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define KEY_BLOCK_HEADER_VERSION_MAJOR 2 666f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define KEY_BLOCK_HEADER_VERSION_MINOR 1 676f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 686f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/* 696f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Key block, containing the public key used to sign some other chunk of data. 706f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 716f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * This should be followed by: 726f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 1) The data_key key data, pointed to by data_key.key_offset. 736f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 2) The checksum data for (vb2_keyblock + data_key data), pointed to 746f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * by keyblock_checksum.sig_offset. 756f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 3) The signature data for (vb2_keyblock + data_key data), pointed to 766f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * by keyblock_signature.sig_offset. 776f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 786f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerstruct vb2_keyblock { 796f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Magic number */ 806f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint8_t magic[KEY_BLOCK_MAGIC_SIZE]; 816f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 826f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Version of this header format */ 836f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t header_version_major; 846f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 856f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Version of this header format */ 866f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t header_version_minor; 876f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 886f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* 896f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Length of this entire key block, including keys, signatures, and 906f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * padding, in bytes 916f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 926f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t keyblock_size; 936f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t reserved0; 946f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 956f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* 966f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Signature for this key block (header + data pointed to by data_key) 976f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * For use with signed data keys 986f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 996f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler struct vb2_signature keyblock_signature; 1006f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1016f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* 1026f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * SHA-512 checksum for this key block (header + data pointed to by 1036f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * data_key) For use with unsigned data keys. 1046f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 1056f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Note that the vb2 lib currently only supports signed blocks. 1066f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 1076f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler struct vb2_signature keyblock_checksum_unused; 1086f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1096f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Flags for key (VB2_KEY_BLOCK_FLAG_*) */ 1106f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t keyblock_flags; 1116f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t reserved1; 1126f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1136f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Key to verify the chunk of data */ 1146f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler struct vb2_packed_key data_key; 1156f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler} __attribute__((packed)); 1166f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1176f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define EXPECTED_VB2_KEYBLOCK_SIZE 112 1186f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1196f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1206f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/* Firmware preamble header */ 1216f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2 1226f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1 1236f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1246f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/* Flags for VbFirmwarePreambleHeader.flags */ 1256f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/* Reserved; do not use */ 1266f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define VB2_FIRMWARE_PREAMBLE_RESERVED0 0x00000001 127f10e9099286202f83ce4c1dc5ef1e85fcb5ccde7Julius Werner/* Do not allow use of any hardware crypto accelerators. */ 128f10e9099286202f83ce4c1dc5ef1e85fcb5ccde7Julius Werner#define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002 1296f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1306f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler/* Premable block for rewritable firmware, vboot1 version 2.1. 1316f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 1326f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * The firmware preamble header should be followed by: 1336f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset. 1346f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 2) The signature data for the firmware body, pointed to by 1356f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * body_signature.sig_offset. 1366f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * 3) The signature data for (header + kernel_subkey data + body signature 1376f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * data), pointed to by preamble_signature.sig_offset. 1386f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 1396f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spanglerstruct vb2_fw_preamble { 1406f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* 1416f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Size of this preamble, including keys, signatures, and padding, in 1426f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * bytes 1436f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 1446f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t preamble_size; 1456f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t reserved0; 1466f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1476f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* 1486f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Signature for this preamble (header + kernel subkey + body 1496f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * signature) 1506f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 1516f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler struct vb2_signature preamble_signature; 1526f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1536f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Version of this header format */ 1546f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t header_version_major; 1556f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t header_version_minor; 1566f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1576f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Firmware version */ 1586f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t firmware_version; 1596f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t reserved1; 1606f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1616f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Key to verify kernel key block */ 1626f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler struct vb2_packed_key kernel_subkey; 1636f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1646f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* Signature for the firmware body */ 1656f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler struct vb2_signature body_signature; 1666f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1676f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* 1686f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Fields added in header version 2.1. You must verify the header 1696f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * version before reading these fields! 1706f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 1716f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1726f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler /* 1736f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * Flags; see VB2_FIRMWARE_PREAMBLE_*. Readers should return 0 for 1746f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler * header version < 2.1. 1756f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler */ 1766f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler uint32_t flags; 1776f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler} __attribute__((packed)); 1786f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1796f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#define EXPECTED_VB2_FW_PREAMBLE_SIZE 108 1806f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler 1816f1b82ac14f341d9733d6e95d518b3ee352002efRandall Spangler#endif /* VBOOT_REFERENCE_VB2_STRUCT_H_ */ 182