1 /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  *
5  * Vboot 2.0 data structures (compatible with vboot1)
6  *
7  * Note: Many of the structs have pairs of 32-bit fields and reserved fields.
8  * This is to be backwards-compatible with older verified boot data which used
9  * 64-bit fields (when we thought that hey, UEFI is 64-bit so all our fields
10  * should be too).
11  *
12  * Offsets should be padded to 32-bit boundaries, since some architectures
13  * have trouble with accessing unaligned integers.
14  */
15 
16 #ifndef VBOOT_REFERENCE_VB2_STRUCT_H_
17 #define VBOOT_REFERENCE_VB2_STRUCT_H_
18 #include <stdint.h>
19 
20 /* Packed public key data */
21 struct vb2_packed_key {
22 	/* Offset of key data from start of this struct */
23 	uint32_t key_offset;
24 	uint32_t reserved0;
25 
26 	/* Size of key data in bytes (NOT strength of key in bits) */
27 	uint32_t key_size;
28 	uint32_t reserved1;
29 
30 	/* Signature algorithm used by the key (enum vb2_crypto_algorithm) */
31 	uint32_t algorithm;
32 	uint32_t reserved2;
33 
34 	/* Key version */
35 	uint32_t key_version;
36 	uint32_t reserved3;
37 
38 	/* TODO: when redoing this struct, add a text description of the key */
39 } __attribute__((packed));
40 
41 #define EXPECTED_VB2_PACKED_KEY_SIZE 32
42 
43 
44 /* Signature data (a secure hash, possibly signed) */
45 struct vb2_signature {
46 	/* Offset of signature data from start of this struct */
47 	uint32_t sig_offset;
48 	uint32_t reserved0;
49 
50 	/* Size of signature data in bytes */
51 	uint32_t sig_size;
52 	uint32_t reserved1;
53 
54 	/* Size of the data block which was signed in bytes */
55 	uint32_t data_size;
56 	uint32_t reserved2;
57 } __attribute__((packed));
58 
59 #define EXPECTED_VB2_SIGNATURE_SIZE 24
60 
61 
62 #define KEY_BLOCK_MAGIC "CHROMEOS"
63 #define KEY_BLOCK_MAGIC_SIZE 8
64 
65 #define KEY_BLOCK_HEADER_VERSION_MAJOR 2
66 #define KEY_BLOCK_HEADER_VERSION_MINOR 1
67 
68 /*
69  * Key block, containing the public key used to sign some other chunk of data.
70  *
71  * This should be followed by:
72  *   1) The data_key key data, pointed to by data_key.key_offset.
73  *   2) The checksum data for (vb2_keyblock + data_key data), pointed to
74  *      by keyblock_checksum.sig_offset.
75  *   3) The signature data for (vb2_keyblock + data_key data), pointed to
76  *      by keyblock_signature.sig_offset.
77  */
78 struct vb2_keyblock {
79 	/* Magic number */
80 	uint8_t magic[KEY_BLOCK_MAGIC_SIZE];
81 
82 	/* Version of this header format */
83 	uint32_t header_version_major;
84 
85 	/* Version of this header format */
86 	uint32_t header_version_minor;
87 
88 	/*
89 	 * Length of this entire key block, including keys, signatures, and
90 	 * padding, in bytes
91 	 */
92 	uint32_t keyblock_size;
93 	uint32_t reserved0;
94 
95 	/*
96 	 * Signature for this key block (header + data pointed to by data_key)
97 	 * For use with signed data keys
98 	 */
99 	struct vb2_signature keyblock_signature;
100 
101 	/*
102 	 * SHA-512 checksum for this key block (header + data pointed to by
103 	 * data_key) For use with unsigned data keys.
104 	 *
105 	 * Note that the vb2 lib currently only supports signed blocks.
106 	 */
107 	struct vb2_signature keyblock_checksum_unused;
108 
109 	/* Flags for key (VB2_KEY_BLOCK_FLAG_*) */
110 	uint32_t keyblock_flags;
111 	uint32_t reserved1;
112 
113 	/* Key to verify the chunk of data */
114 	struct vb2_packed_key data_key;
115 } __attribute__((packed));
116 
117 #define EXPECTED_VB2_KEYBLOCK_SIZE 112
118 
119 
120 /* Firmware preamble header */
121 #define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
122 #define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1
123 
124 /* Flags for VbFirmwarePreambleHeader.flags */
125 /* Reserved; do not use */
126 #define VB2_FIRMWARE_PREAMBLE_RESERVED0 0x00000001
127 /* Do not allow use of any hardware crypto accelerators. */
128 #define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002
129 
130 /* Premable block for rewritable firmware, vboot1 version 2.1.
131  *
132  * The firmware preamble header should be followed by:
133  *   1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset.
134  *   2) The signature data for the firmware body, pointed to by
135  *      body_signature.sig_offset.
136  *   3) The signature data for (header + kernel_subkey data + body signature
137  *      data), pointed to by preamble_signature.sig_offset.
138  */
139 struct vb2_fw_preamble {
140 	/*
141 	 * Size of this preamble, including keys, signatures, and padding, in
142 	 * bytes
143 	 */
144 	uint32_t preamble_size;
145 	uint32_t reserved0;
146 
147 	/*
148 	 * Signature for this preamble (header + kernel subkey + body
149 	 * signature)
150 	 */
151 	struct vb2_signature preamble_signature;
152 
153 	/* Version of this header format */
154 	uint32_t header_version_major;
155 	uint32_t header_version_minor;
156 
157 	/* Firmware version */
158 	uint32_t firmware_version;
159 	uint32_t reserved1;
160 
161 	/* Key to verify kernel key block */
162 	struct vb2_packed_key kernel_subkey;
163 
164 	/* Signature for the firmware body */
165 	struct vb2_signature body_signature;
166 
167 	/*
168 	 * Fields added in header version 2.1.  You must verify the header
169 	 * version before reading these fields!
170 	 */
171 
172 	/*
173 	 * Flags; see VB2_FIRMWARE_PREAMBLE_*.  Readers should return 0 for
174 	 * header version < 2.1.
175 	 */
176 	uint32_t flags;
177 } __attribute__((packed));
178 
179 #define EXPECTED_VB2_FW_PREAMBLE_SIZE 108
180 
181 #endif  /* VBOOT_REFERENCE_VB2_STRUCT_H_ */
182