13333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. 23333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * Use of this source code is governed by a BSD-style license that can be 33333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * found in the LICENSE file. 43333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * 53333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * Secure non-volatile storage routines 63333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler */ 73333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 83333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler#ifndef VBOOT_REFERENCE_VBOOT_SECDATA_H_ 93333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler#define VBOOT_REFERENCE_VBOOT_SECDATA_H_ 103333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 113333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler/* Expected value of vb2_secdata.version */ 123333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler#define VB2_SECDATA_VERSION 2 133333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 143333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler/* Flags for firmware space */ 153333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spanglerenum vb2_secdata_flags { 163333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler /* 173333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * Last boot was developer mode. TPM ownership is cleared when 183333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * transitioning to/from developer mode. Set/cleared by 193333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * vb2_check_dev_switch(). 203333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler */ 213333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER = (1 << 0), 223333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 233333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler /* 243333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * Virtual developer mode switch is on. Set/cleared by the 253333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * keyboard-controlled dev screens in recovery mode. Cleared by 263333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * vb2_check_dev_switch(). 273333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler */ 283333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler VB2_SECDATA_FLAG_DEV_MODE = (1 << 1), 293333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler}; 303333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 313333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler/* Secure data area */ 323333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spanglerstruct vb2_secdata { 333333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler /* Struct version, for backwards compatibility */ 343333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler uint8_t struct_version; 353333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 363333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler /* Flags; see vb2_secdata_flags */ 373333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler uint8_t flags; 383333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 393333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler /* Firmware versions */ 403333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler uint32_t fw_versions; 413333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 423333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler /* Reserved for future expansion */ 433333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler uint8_t reserved[3]; 443333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 453333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler /* CRC; must be last field in struct */ 463333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler uint8_t crc8; 473333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler} __attribute__((packed)); 483333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 493333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler/* Which param to get/set for vb2_secdata_get() / vb2_secdata_set() */ 503333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spanglerenum vb2_secdata_param { 513333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler /* Flags; see vb2_secdata_flags */ 523333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler VB2_SECDATA_FLAGS = 0, 533333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 543333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler /* Firmware versions */ 553333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler VB2_SECDATA_VERSIONS, 563333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler}; 573333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 583333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler/** 593333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * Check the CRC of the secure storage context. 603333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * 613333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * Use this if reading from secure storage may be flaky, and you want to retry 623333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * reading it several times. 633333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * 643333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * This may be called before vb2_context_init(). 653333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * 663333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @param ctx Context pointer 673333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @return VB2_SUCCESS, or non-zero error code if error. 683333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler */ 693333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spanglerint vb2_secdata_check_crc(const struct vb2_context *ctx); 703333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 713333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler/** 723333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * Create fresh data in the secure storage context. 733333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * 743333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * Use this only when initializing the secure storage context on a new machine 753333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * the first time it boots. Do NOT simply use this if vb2_secdata_check_crc() 763333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * (or any other API in this library) fails; that could allow the secure data 773333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * to be rolled back to an insecure state. 783333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * 793333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * This may be called before vb2_context_init(). 803333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler */ 813333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spanglerint vb2_secdata_create(struct vb2_context *ctx); 823333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 833333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler/** 843333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * Initialize the secure storage context and verify its CRC. 853333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * 863333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * This must be called before vb2_secdata_get() or vb2_secdata_set(). 873333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * 883333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @param ctx Context pointer 893333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @return VB2_SUCCESS, or non-zero error code if error. 903333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler */ 913333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spanglerint vb2_secdata_init(struct vb2_context *ctx); 923333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 933333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler/** 943333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * Read a secure storage value. 953333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * 963333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @param ctx Context pointer 973333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @param param Parameter to read 983333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @param dest Destination for value 993333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @return VB2_SUCCESS, or non-zero error code if error. 1003333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler */ 1013333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spanglerint vb2_secdata_get(struct vb2_context *ctx, 1023333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler enum vb2_secdata_param param, 1033333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler uint32_t *dest); 1043333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 1053333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler/** 1063333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * Write a secure storage value. 1073333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * 1083333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @param ctx Context pointer 1093333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @param param Parameter to write 1103333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @param value New value 1113333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler * @return VB2_SUCCESS, or non-zero error code if error. 1123333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler */ 1133333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spanglerint vb2_secdata_set(struct vb2_context *ctx, 1143333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler enum vb2_secdata_param param, 1153333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler uint32_t value); 1163333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler 1173333e578497aafc4eb8c6e1e359f6e2b1dee633aRandall Spangler#endif /* VBOOT_REFERENCE_VBOOT_2SECDATA_H_ */ 118