1 /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  *
5  * Secure non-volatile storage routines
6  */
7 
8 #ifndef VBOOT_REFERENCE_VBOOT_SECDATA_H_
9 #define VBOOT_REFERENCE_VBOOT_SECDATA_H_
10 
11 /* Expected value of vb2_secdata.version */
12 #define VB2_SECDATA_VERSION 2
13 
14 /* Flags for firmware space */
15 enum vb2_secdata_flags {
16 	/*
17 	 * Last boot was developer mode.  TPM ownership is cleared when
18 	 * transitioning to/from developer mode.  Set/cleared by
19 	 * vb2_check_dev_switch().
20 	 */
21 	VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER = (1 << 0),
22 
23 	/*
24 	 * Virtual developer mode switch is on.  Set/cleared by the
25 	 * keyboard-controlled dev screens in recovery mode.  Cleared by
26 	 * vb2_check_dev_switch().
27 	 */
28 	VB2_SECDATA_FLAG_DEV_MODE = (1 << 1),
29 };
30 
31 /* Secure data area */
32 struct vb2_secdata {
33 	/* Struct version, for backwards compatibility */
34 	uint8_t struct_version;
35 
36 	/* Flags; see vb2_secdata_flags */
37 	uint8_t flags;
38 
39 	/* Firmware versions */
40 	uint32_t fw_versions;
41 
42 	/* Reserved for future expansion */
43 	uint8_t reserved[3];
44 
45 	/* CRC; must be last field in struct */
46 	uint8_t crc8;
47 } __attribute__((packed));
48 
49 /* Which param to get/set for vb2_secdata_get() / vb2_secdata_set() */
50 enum vb2_secdata_param {
51 	/* Flags; see vb2_secdata_flags */
52 	VB2_SECDATA_FLAGS = 0,
53 
54 	/* Firmware versions */
55 	VB2_SECDATA_VERSIONS,
56 };
57 
58 /**
59  * Check the CRC of the secure storage context.
60  *
61  * Use this if reading from secure storage may be flaky, and you want to retry
62  * reading it several times.
63  *
64  * This may be called before vb2_context_init().
65  *
66  * @param ctx		Context pointer
67  * @return VB2_SUCCESS, or non-zero error code if error.
68  */
69 int vb2_secdata_check_crc(const struct vb2_context *ctx);
70 
71 /**
72  * Create fresh data in the secure storage context.
73  *
74  * Use this only when initializing the secure storage context on a new machine
75  * the first time it boots.  Do NOT simply use this if vb2_secdata_check_crc()
76  * (or any other API in this library) fails; that could allow the secure data
77  * to be rolled back to an insecure state.
78  *
79  * This may be called before vb2_context_init().
80  */
81 int vb2_secdata_create(struct vb2_context *ctx);
82 
83 /**
84  * Initialize the secure storage context and verify its CRC.
85  *
86  * This must be called before vb2_secdata_get() or vb2_secdata_set().
87  *
88  * @param ctx		Context pointer
89  * @return VB2_SUCCESS, or non-zero error code if error.
90  */
91 int vb2_secdata_init(struct vb2_context *ctx);
92 
93 /**
94  * Read a secure storage value.
95  *
96  * @param ctx		Context pointer
97  * @param param		Parameter to read
98  * @param dest		Destination for value
99  * @return VB2_SUCCESS, or non-zero error code if error.
100  */
101 int vb2_secdata_get(struct vb2_context *ctx,
102 		    enum vb2_secdata_param param,
103 		    uint32_t *dest);
104 
105 /**
106  * Write a secure storage value.
107  *
108  * @param ctx		Context pointer
109  * @param param		Parameter to write
110  * @param value		New value
111  * @return VB2_SUCCESS, or non-zero error code if error.
112  */
113 int vb2_secdata_set(struct vb2_context *ctx,
114 		    enum vb2_secdata_param param,
115 		    uint32_t value);
116 
117 #endif  /* VBOOT_REFERENCE_VBOOT_2SECDATA_H_ */
118