vb2_struct.h revision f10e9099286202f83ce4c1dc5ef1e85fcb5ccde7 
1/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Vboot 2.0 data structures (compatible with vboot1)
6 *
7 * Note: Many of the structs have pairs of 32-bit fields and reserved fields.
8 * This is to be backwards-compatible with older verified boot data which used
9 * 64-bit fields (when we thought that hey, UEFI is 64-bit so all our fields
10 * should be too).
11 *
12 * Offsets should be padded to 32-bit boundaries, since some architectures
13 * have trouble with accessing unaligned integers.
14 */
15
16#ifndef VBOOT_REFERENCE_VB2_STRUCT_H_
17#define VBOOT_REFERENCE_VB2_STRUCT_H_
18#include <stdint.h>
19
20/* Packed public key data */
21struct vb2_packed_key {
22	/* Offset of key data from start of this struct */
23	uint32_t key_offset;
24	uint32_t reserved0;
25
26	/* Size of key data in bytes (NOT strength of key in bits) */
27	uint32_t key_size;
28	uint32_t reserved1;
29
30	/* Signature algorithm used by the key (enum vb2_crypto_algorithm) */
31	uint32_t algorithm;
32	uint32_t reserved2;
33
34	/* Key version */
35	uint32_t key_version;
36	uint32_t reserved3;
37
38	/* TODO: when redoing this struct, add a text description of the key */
39} __attribute__((packed));
40
41#define EXPECTED_VB2_PACKED_KEY_SIZE 32
42
43
44/* Signature data (a secure hash, possibly signed) */
45struct vb2_signature {
46	/* Offset of signature data from start of this struct */
47	uint32_t sig_offset;
48	uint32_t reserved0;
49
50	/* Size of signature data in bytes */
51	uint32_t sig_size;
52	uint32_t reserved1;
53
54	/* Size of the data block which was signed in bytes */
55	uint32_t data_size;
56	uint32_t reserved2;
57} __attribute__((packed));
58
59#define EXPECTED_VB2_SIGNATURE_SIZE 24
60
61
62#define KEY_BLOCK_MAGIC "CHROMEOS"
63#define KEY_BLOCK_MAGIC_SIZE 8
64
65#define KEY_BLOCK_HEADER_VERSION_MAJOR 2
66#define KEY_BLOCK_HEADER_VERSION_MINOR 1
67
68/*
69 * Key block, containing the public key used to sign some other chunk of data.
70 *
71 * This should be followed by:
72 *   1) The data_key key data, pointed to by data_key.key_offset.
73 *   2) The checksum data for (vb2_keyblock + data_key data), pointed to
74 *      by keyblock_checksum.sig_offset.
75 *   3) The signature data for (vb2_keyblock + data_key data), pointed to
76 *      by keyblock_signature.sig_offset.
77 */
78struct vb2_keyblock {
79	/* Magic number */
80	uint8_t magic[KEY_BLOCK_MAGIC_SIZE];
81
82	/* Version of this header format */
83	uint32_t header_version_major;
84
85	/* Version of this header format */
86	uint32_t header_version_minor;
87
88	/*
89	 * Length of this entire key block, including keys, signatures, and
90	 * padding, in bytes
91	 */
92	uint32_t keyblock_size;
93	uint32_t reserved0;
94
95	/*
96	 * Signature for this key block (header + data pointed to by data_key)
97	 * For use with signed data keys
98	 */
99	struct vb2_signature keyblock_signature;
100
101	/*
102	 * SHA-512 checksum for this key block (header + data pointed to by
103	 * data_key) For use with unsigned data keys.
104	 *
105	 * Note that the vb2 lib currently only supports signed blocks.
106	 */
107	struct vb2_signature keyblock_checksum_unused;
108
109	/* Flags for key (VB2_KEY_BLOCK_FLAG_*) */
110	uint32_t keyblock_flags;
111	uint32_t reserved1;
112
113	/* Key to verify the chunk of data */
114	struct vb2_packed_key data_key;
115} __attribute__((packed));
116
117#define EXPECTED_VB2_KEYBLOCK_SIZE 112
118
119
120/* Firmware preamble header */
121#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
122#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1
123
124/* Flags for VbFirmwarePreambleHeader.flags */
125/* Reserved; do not use */
126#define VB2_FIRMWARE_PREAMBLE_RESERVED0 0x00000001
127/* Do not allow use of any hardware crypto accelerators. */
128#define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002
129
130/* Premable block for rewritable firmware, vboot1 version 2.1.
131 *
132 * The firmware preamble header should be followed by:
133 *   1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset.
134 *   2) The signature data for the firmware body, pointed to by
135 *      body_signature.sig_offset.
136 *   3) The signature data for (header + kernel_subkey data + body signature
137 *      data), pointed to by preamble_signature.sig_offset.
138 */
139struct vb2_fw_preamble {
140	/*
141	 * Size of this preamble, including keys, signatures, and padding, in
142	 * bytes
143	 */
144	uint32_t preamble_size;
145	uint32_t reserved0;
146
147	/*
148	 * Signature for this preamble (header + kernel subkey + body
149	 * signature)
150	 */
151	struct vb2_signature preamble_signature;
152
153	/* Version of this header format */
154	uint32_t header_version_major;
155	uint32_t header_version_minor;
156
157	/* Firmware version */
158	uint32_t firmware_version;
159	uint32_t reserved1;
160
161	/* Key to verify kernel key block */
162	struct vb2_packed_key kernel_subkey;
163
164	/* Signature for the firmware body */
165	struct vb2_signature body_signature;
166
167	/*
168	 * Fields added in header version 2.1.  You must verify the header
169	 * version before reading these fields!
170	 */
171
172	/*
173	 * Flags; see VB2_FIRMWARE_PREAMBLE_*.  Readers should return 0 for
174	 * header version < 2.1.
175	 */
176	uint32_t flags;
177} __attribute__((packed));
178
179#define EXPECTED_VB2_FW_PREAMBLE_SIZE 108
180
181#endif  /* VBOOT_REFERENCE_VB2_STRUCT_H_ */
182