blob: 09abf138850c2eb860a5654cbe7a2b06403f4ffe [file] [log] [blame]
Randall Spanglera2db67d2013-01-24 16:15:35 -08001/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
Randall Spanglerd1836442010-06-10 09:59:04 -07002 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Data structure definitions for verified boot, for on-disk / in-eeprom
6 * data.
7 */
8
9#ifndef VBOOT_REFERENCE_VBOOT_STRUCT_H_
10#define VBOOT_REFERENCE_VBOOT_STRUCT_H_
Bill Richardson0c3ba242013-03-29 11:09:30 -070011#include <stdint.h>
Randall Spanglerd1836442010-06-10 09:59:04 -070012
Randall Spanglerd1836442010-06-10 09:59:04 -070013/* Public key data */
14typedef struct VbPublicKey {
Randall Spanglera2db67d2013-01-24 16:15:35 -080015 /* Offset of key data from start of this struct */
16 uint64_t key_offset;
17 /* Size of key data in bytes (NOT strength of key in bits) */
18 uint64_t key_size;
19 /* Signature algorithm used by the key */
20 uint64_t algorithm;
21 /* Key version */
22 uint64_t key_version;
Randall Spanglere9958952010-06-15 21:36:24 -070023} __attribute__((packed)) VbPublicKey;
Randall Spanglerd1836442010-06-10 09:59:04 -070024
Randall Spangler81d09962010-06-23 10:15:38 -070025#define EXPECTED_VBPUBLICKEY_SIZE 32
26
Randall Spanglerd1836442010-06-10 09:59:04 -070027/* Signature data (a secure hash, possibly signed) */
28typedef struct VbSignature {
Randall Spanglera2db67d2013-01-24 16:15:35 -080029 /* Offset of signature data from start of this struct */
30 uint64_t sig_offset;
31 /* Size of signature data in bytes */
32 uint64_t sig_size;
33 /* Size of the data block which was signed in bytes */
34 uint64_t data_size;
Randall Spanglere9958952010-06-15 21:36:24 -070035} __attribute__((packed)) VbSignature;
Randall Spanglerd1836442010-06-10 09:59:04 -070036
Randall Spangler81d09962010-06-23 10:15:38 -070037#define EXPECTED_VBSIGNATURE_SIZE 24
38
Randall Spanglerd1836442010-06-10 09:59:04 -070039#define KEY_BLOCK_MAGIC "CHROMEOS"
40#define KEY_BLOCK_MAGIC_SIZE 8
41
42#define KEY_BLOCK_HEADER_VERSION_MAJOR 2
43#define KEY_BLOCK_HEADER_VERSION_MINOR 1
44
45/* Flags for key_block_flags */
46/* The following flags set where the key is valid */
Gabe Blackac8805e2013-03-16 04:03:40 -070047#define KEY_BLOCK_FLAG_DEVELOPER_0 (0x01ULL) /* Developer switch off */
48#define KEY_BLOCK_FLAG_DEVELOPER_1 (0x02ULL) /* Developer switch on */
49#define KEY_BLOCK_FLAG_RECOVERY_0 (0x04ULL) /* Not recovery mode */
50#define KEY_BLOCK_FLAG_RECOVERY_1 (0x08ULL) /* Recovery mode */
Randall Spanglerd1836442010-06-10 09:59:04 -070051
Randall Spanglera2db67d2013-01-24 16:15:35 -080052/*
53 * Key block, containing the public key used to sign some other chunk of data.
54 *
55 * This should be followed by:
Randall Spanglerd1836442010-06-10 09:59:04 -070056 * 1) The data_key key data, pointed to by data_key.key_offset.
57 * 2) The checksum data for (VBKeyBlockHeader + data_key data), pointed to
58 * by key_block_checksum.sig_offset.
59 * 3) The signature data for (VBKeyBlockHeader + data_key data), pointed to
Randall Spanglera2db67d2013-01-24 16:15:35 -080060 * by key_block_signature.sig_offset.
61 */
62typedef struct VbKeyBlockHeader {
63 /* Magic number */
64 uint8_t magic[KEY_BLOCK_MAGIC_SIZE];
65 /* Version of this header format */
66 uint32_t header_version_major;
67 /* Version of this header format */
68 uint32_t header_version_minor;
69 /*
70 * Length of this entire key block, including keys, signatures, and
71 * padding, in bytes
72 */
73 uint64_t key_block_size;
74 /*
75 * Signature for this key block (header + data pointed to by data_key)
76 * For use with signed data keys
77 */
78 VbSignature key_block_signature;
79 /*
80 * SHA-512 checksum for this key block (header + data pointed to by
81 * data_key) For use with unsigned data keys
82 */
83 VbSignature key_block_checksum;
84 /* Flags for key (KEY_BLOCK_FLAG_*) */
85 uint64_t key_block_flags;
86 /* Key to verify the chunk of data */
87 VbPublicKey data_key;
88} __attribute__((packed)) VbKeyBlockHeader;
Randall Spanglerd1836442010-06-10 09:59:04 -070089
Randall Spangler81d09962010-06-23 10:15:38 -070090#define EXPECTED_VBKEYBLOCKHEADER_SIZE 112
91
Bill Richardson2448d3b2012-05-03 08:40:44 -070092/****************************************************************************/
93
Randall Spanglerd1836442010-06-10 09:59:04 -070094#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
Randall Spanglera712e012011-07-13 09:48:41 -070095#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1
Randall Spanglerd1836442010-06-10 09:59:04 -070096
Randall Spanglera2db67d2013-01-24 16:15:35 -080097/*
98 * Preamble block for rewritable firmware, version 2.0. All 2.x versions of
99 * this struct must start with the same data, to be compatible with version 2.0
100 * readers.
101 */
Randall Spanglera712e012011-07-13 09:48:41 -0700102typedef struct VbFirmwarePreambleHeader2_0 {
Randall Spanglera2db67d2013-01-24 16:15:35 -0800103 /*
104 * Size of this preamble, including keys, signatures, and padding, in
105 * bytes
106 */
107 uint64_t preamble_size;
108 /*
109 * Signature for this preamble (header + kernel subkey + body
110 * signature)
111 */
112 VbSignature preamble_signature;
113 /* Version of this header format (= 2) */
114 uint32_t header_version_major;
115 /* Version of this header format (= 0) */
116 uint32_t header_version_minor;
Randall Spanglera712e012011-07-13 09:48:41 -0700117
Randall Spanglera2db67d2013-01-24 16:15:35 -0800118 /* Firmware version */
119 uint64_t firmware_version;
120 /* Key to verify kernel key block */
121 VbPublicKey kernel_subkey;
122 /* Signature for the firmware body */
123 VbSignature body_signature;
Randall Spanglera712e012011-07-13 09:48:41 -0700124} __attribute__((packed)) VbFirmwarePreambleHeader2_0;
125
126#define EXPECTED_VBFIRMWAREPREAMBLEHEADER2_0_SIZE 104
127
128/* Flags for VbFirmwarePreambleHeader.flags */
Randall Spanglera2db67d2013-01-24 16:15:35 -0800129/*
130 * Use the normal/dev boot path from the read-only firmware, instead of
131 * verifying the body signature.
132 */
Randall Spanglera712e012011-07-13 09:48:41 -0700133#define VB_FIRMWARE_PREAMBLE_USE_RO_NORMAL 0x00000001
134
Randall Spanglera2db67d2013-01-24 16:15:35 -0800135/* Premable block for rewritable firmware, version 2.1.
136 *
137 * The firmware preamble header should be followed by:
Randall Spanglerd1836442010-06-10 09:59:04 -0700138 * 1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset.
139 * 2) The signature data for the firmware body, pointed to by
140 * body_signature.sig_offset.
Randall Spanglera712e012011-07-13 09:48:41 -0700141 * 3) The signature data for (header + kernel_subkey data + body signature
Randall Spanglera2db67d2013-01-24 16:15:35 -0800142 * data), pointed to by preamble_signature.sig_offset.
143 */
144typedef struct VbFirmwarePreambleHeader {
145 /*
146 * Size of this preamble, including keys, signatures, and padding, in
147 * bytes
148 */
149 uint64_t preamble_size;
150 /*
151 * Signature for this preamble (header + kernel subkey + body
152 * signature)
153 */
154 VbSignature preamble_signature;
155 /* Version of this header format */
156 uint32_t header_version_major;
157 /* Version of this header format */
158 uint32_t header_version_minor;
159
160 /* Firmware version */
161 uint64_t firmware_version;
162 /* Key to verify kernel key block */
163 VbPublicKey kernel_subkey;
164 /* Signature for the firmware body */
165 VbSignature body_signature;
166
167 /*
168 * Fields added in header version 2.1. You must verify the header
169 * version before reading these fields!
170 */
171 /*
172 * Flags; see VB_FIRMWARE_PREAMBLE_*. Readers should return 0 for
173 * header version < 2.1.
174 */
175 uint32_t flags;
176} __attribute__((packed)) VbFirmwarePreambleHeader;
177
178#define EXPECTED_VBFIRMWAREPREAMBLEHEADER2_1_SIZE 108
Randall Spanglerd1836442010-06-10 09:59:04 -0700179
Bill Richardson2448d3b2012-05-03 08:40:44 -0700180/****************************************************************************/
Randall Spanglerd1836442010-06-10 09:59:04 -0700181
182#define KERNEL_PREAMBLE_HEADER_VERSION_MAJOR 2
Furquan Shaikh80e779d2015-02-03 15:34:29 -0800183#define KERNEL_PREAMBLE_HEADER_VERSION_MINOR 2
Randall Spanglerd1836442010-06-10 09:59:04 -0700184
Shelley Chenf1f53b32015-01-08 09:13:44 -0800185/* Preamble block for kernel, version 2.0
Randall Spanglera2db67d2013-01-24 16:15:35 -0800186 *
187 * This should be followed by:
188 * 1) The signature data for the kernel body, pointed to by
Randall Spanglerd1836442010-06-10 09:59:04 -0700189 * body_signature.sig_offset.
Randall Spanglera2db67d2013-01-24 16:15:35 -0800190 * 2) The signature data for (VBFirmwarePreambleHeader + body signature
191 * data), pointed to by preamble_signature.sig_offset.
192 */
Shelley Chenf1f53b32015-01-08 09:13:44 -0800193typedef struct VbKernelPreambleHeader2_0 {
Randall Spanglera2db67d2013-01-24 16:15:35 -0800194 /*
195 * Size of this preamble, including keys, signatures, and padding, in
196 * bytes
197 */
198 uint64_t preamble_size;
199 /* Signature for this preamble (header + body signature) */
200 VbSignature preamble_signature;
201 /* Version of this header format */
202 uint32_t header_version_major;
203 /* Version of this header format */
204 uint32_t header_version_minor;
205
206 /* Kernel version */
207 uint64_t kernel_version;
208 /* Load address for kernel body */
209 uint64_t body_load_address;
210 /* Address of bootloader, after body is loaded at body_load_address */
211 uint64_t bootloader_address;
212 /* Size of bootloader in bytes */
213 uint64_t bootloader_size;
214 /* Signature for the kernel body */
215 VbSignature body_signature;
Shelley Chenf1f53b32015-01-08 09:13:44 -0800216} __attribute__((packed)) VbKernelPreambleHeader2_0;
217
218#define EXPECTED_VBKERNELPREAMBLEHEADER2_0_SIZE 96
219
220/* Preamble block for kernel, version 2.1
221 *
222 * This should be followed by:
223 * 1) The signature data for the kernel body, pointed to by
224 * body_signature.sig_offset.
225 * 2) The signature data for (VBFirmwarePreambleHeader + body signature
226 * data), pointed to by preamble_signature.sig_offset.
227 * 3) The 16-bit vmlinuz header, which is used for reconstruction of
228 * vmlinuz image.
229 */
230typedef struct VbKernelPreambleHeader {
231 /*
232 * Size of this preamble, including keys, signatures, vmlinuz header,
233 * and padding, in bytes
234 */
235 uint64_t preamble_size;
236 /* Signature for this preamble (header + body signature) */
237 VbSignature preamble_signature;
238 /* Version of this header format */
239 uint32_t header_version_major;
240 /* Version of this header format */
241 uint32_t header_version_minor;
242
243 /* Kernel version */
244 uint64_t kernel_version;
245 /* Load address for kernel body */
246 uint64_t body_load_address;
247 /* Address of bootloader, after body is loaded at body_load_address */
248 uint64_t bootloader_address;
249 /* Size of bootloader in bytes */
250 uint64_t bootloader_size;
251 /* Signature for the kernel body */
252 VbSignature body_signature;
253 /*
254 * Fields added in header version 2.1. You must verify the header
255 * version before reading these fields!
256 */
257 /* Address of 16-bit header for vmlinuz reassembly. Readers should
258 return 0 for header version < 2.1 */
259 uint64_t vmlinuz_header_address;
260 /* Size of 16-bit header for vmlinuz in bytes. Readers should return 0
261 for header version < 2.1 */
262 uint64_t vmlinuz_header_size;
Furquan Shaikh80e779d2015-02-03 15:34:29 -0800263 /*
264 * Flags passed in by the signer. Readers should return 0 for header
265 * version < 2.2. Flags field is currently defined as:
266 * [31:2] - Reserved (for future use)
267 * [1:0] - Kernel image type (0b00 - CrOS, 0b01 - bootimg)
268 */
269 uint32_t flags;
Randall Spanglera2db67d2013-01-24 16:15:35 -0800270} __attribute__((packed)) VbKernelPreambleHeader;
Randall Spanglerd1836442010-06-10 09:59:04 -0700271
Shelley Chenf1f53b32015-01-08 09:13:44 -0800272#define EXPECTED_VBKERNELPREAMBLEHEADER2_1_SIZE 112
Furquan Shaikh80e779d2015-02-03 15:34:29 -0800273#define EXPECTED_VBKERNELPREAMBLEHEADER2_2_SIZE 116
Randall Spangler81d09962010-06-23 10:15:38 -0700274
Bill Richardson2448d3b2012-05-03 08:40:44 -0700275/****************************************************************************/
276
Randall Spangler17c71262011-03-18 11:24:27 -0700277/* Constants and sub-structures for VbSharedDataHeader */
278
Randall Spanglerf4ba19d2011-03-17 16:10:21 -0700279/* Magic number for recognizing VbSharedDataHeader ("VbSD") */
280#define VB_SHARED_DATA_MAGIC 0x44536256
281
Randall Spangler95c40312011-03-09 15:54:16 -0800282/* Minimum and recommended size of shared_data_blob in bytes. */
283#define VB_SHARED_DATA_MIN_SIZE 3072
284#define VB_SHARED_DATA_REC_SIZE 16384
285
Randall Spanglerf4ba19d2011-03-17 16:10:21 -0700286/* Flags for VbSharedDataHeader */
287/* LoadFirmware() tried firmware B because of VbNvStorage firmware B tries */
288#define VBSD_FWB_TRIED 0x00000001
Randall Spanglera2db67d2013-01-24 16:15:35 -0800289/*
290 * LoadKernel() verified the good kernel keyblock using the kernel subkey from
Randall Spanglerf4ba19d2011-03-17 16:10:21 -0700291 * the firmware. If this flag is not present, it just used the hash of the
Randall Spanglera2db67d2013-01-24 16:15:35 -0800292 * kernel keyblock.
293 */
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700294#define VBSD_KERNEL_KEY_VERIFIED 0x00000002
Randall Spanglerf4ba19d2011-03-17 16:10:21 -0700295/* LoadFirmware() was told the developer switch was on */
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700296#define VBSD_LF_DEV_SWITCH_ON 0x00000004
Randall Spangler8bf0d5f2011-07-13 16:31:08 -0700297/* LoadFirmware() is requesting the read only normal/dev code path */
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700298#define VBSD_LF_USE_RO_NORMAL 0x00000008
Randall Spangler7adcc602011-06-24 16:11:45 -0700299/* Developer switch was enabled at boot time */
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700300#define VBSD_BOOT_DEV_SWITCH_ON 0x00000010
Randall Spangler7adcc602011-06-24 16:11:45 -0700301/* Recovery switch was enabled at boot time */
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700302#define VBSD_BOOT_REC_SWITCH_ON 0x00000020
Randall Spangler7adcc602011-06-24 16:11:45 -0700303/* Firmware write protect was enabled at boot time */
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700304#define VBSD_BOOT_FIRMWARE_WP_ENABLED 0x00000040
Randall Spangler1b1998d2011-07-01 16:12:47 -0700305/* Boot is a S3->S0 resume, not a S5->S0 normal boot */
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700306#define VBSD_BOOT_S3_RESUME 0x00000100
Randall Spangler8bf0d5f2011-07-13 16:31:08 -0700307/* Read-only firmware supports the normal/developer code path */
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700308#define VBSD_BOOT_RO_NORMAL_SUPPORT 0x00000200
Randall Spanglerd4faa062012-07-16 16:42:40 -0700309/* VbInit() was told that the system has a virtual dev-switch */
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700310#define VBSD_HONOR_VIRT_DEV_SWITCH 0x00000400
Randall Spanglerd4faa062012-07-16 16:42:40 -0700311/* VbInit() was told the system supports EC software sync */
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700312#define VBSD_EC_SOFTWARE_SYNC 0x00000800
Bill Richardsonf2175202012-08-06 16:48:50 -0700313/* VbInit() was told that the EC firmware is slow to update */
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700314#define VBSD_EC_SLOW_UPDATE 0x00001000
Bill Richardson9dc62172012-08-28 15:00:51 -0700315/* Firmware software write protect was enabled at boot time */
316#define VBSD_BOOT_FIRMWARE_SW_WP_ENABLED 0x00002000
Luigi Semenzatoa53a0b02014-01-10 16:26:08 -0800317/* VbInit() was told that the recovery button is a virtual one */
318#define VBSD_BOOT_REC_SWITCH_VIRTUAL 0x00004000
Daisuke Nojirid11086c2014-06-25 12:11:03 -0700319/* Firmware used vboot2 for firmware selection */
320#define VBSD_BOOT_FIRMWARE_VBOOT2 0x00008000
Duncan Laurie731f8e82014-10-16 11:05:13 -0700321/* Firmware needs VGA Option ROM to display screens */
322#define VBSD_OPROM_MATTERS 0x00010000
323/* Firmware has loaded the VGA Option ROM */
324#define VBSD_OPROM_LOADED 0x00020000
Randall Spanglerf4ba19d2011-03-17 16:10:21 -0700325
Randall Spanglera2db67d2013-01-24 16:15:35 -0800326/*
327 * Supported flags by header version. It's ok to add new flags while keeping
Randall Spanglerda8d32d2012-08-03 12:48:24 -0700328 * struct version 2 as long as flag-NOT-present is the correct value for
Randall Spanglera2db67d2013-01-24 16:15:35 -0800329 * existing hardware (Stumpy/Lumpy).
330 */
Randall Spanglerda8d32d2012-08-03 12:48:24 -0700331#define VBSD_FLAGS_VERSION_1 0x00000007 /* Alex, ZGB */
332#define VBSD_FLAGS_VERSION_2 0x00000F7F
333
Randall Spangler17c71262011-03-18 11:24:27 -0700334/* Result codes for VbSharedDataHeader.check_fw_a_result (and b_result) */
Randall Spanglerf4ba19d2011-03-17 16:10:21 -0700335#define VBSD_LF_CHECK_NOT_DONE 0
336#define VBSD_LF_CHECK_DEV_MISMATCH 1
337#define VBSD_LF_CHECK_REC_MISMATCH 2
338#define VBSD_LF_CHECK_VERIFY_KEYBLOCK 3
339#define VBSD_LF_CHECK_KEY_ROLLBACK 4
340#define VBSD_LF_CHECK_DATA_KEY_PARSE 5
341#define VBSD_LF_CHECK_VERIFY_PREAMBLE 6
342#define VBSD_LF_CHECK_FW_ROLLBACK 7
343#define VBSD_LF_CHECK_HEADER_VALID 8
344#define VBSD_LF_CHECK_GET_FW_BODY 9
345#define VBSD_LF_CHECK_HASH_WRONG_SIZE 10
346#define VBSD_LF_CHECK_VERIFY_BODY 11
347#define VBSD_LF_CHECK_VALID 12
Randall Spanglera2db67d2013-01-24 16:15:35 -0800348/*
349 * Read-only normal path requested by firmware preamble, but unsupported by
350 * firmware.
351 */
Randall Spangler8bf0d5f2011-07-13 16:31:08 -0700352#define VBSD_LF_CHECK_NO_RO_NORMAL 13
Randall Spanglerf4ba19d2011-03-17 16:10:21 -0700353
Randall Spangler17c71262011-03-18 11:24:27 -0700354/* Boot mode for VbSharedDataHeader.lk_boot_mode */
355#define VBSD_LK_BOOT_MODE_RECOVERY 0
356#define VBSD_LK_BOOT_MODE_NORMAL 1
357#define VBSD_LK_BOOT_MODE_DEVELOPER 2
358
359/* Flags for VbSharedDataKernelPart.flags */
360#define VBSD_LKP_FLAG_KEY_BLOCK_VALID 0x01
361
362/* Result codes for VbSharedDataKernelPart.check_result */
363#define VBSD_LKP_CHECK_NOT_DONE 0
364#define VBSD_LKP_CHECK_TOO_SMALL 1
365#define VBSD_LKP_CHECK_READ_START 2
366#define VBSD_LKP_CHECK_KEY_BLOCK_SIG 3
367#define VBSD_LKP_CHECK_KEY_BLOCK_HASH 4
368#define VBSD_LKP_CHECK_DEV_MISMATCH 5
369#define VBSD_LKP_CHECK_REC_MISMATCH 6
370#define VBSD_LKP_CHECK_KEY_ROLLBACK 7
371#define VBSD_LKP_CHECK_DATA_KEY_PARSE 8
372#define VBSD_LKP_CHECK_VERIFY_PREAMBLE 9
373#define VBSD_LKP_CHECK_KERNEL_ROLLBACK 10
374#define VBSD_LKP_CHECK_PREAMBLE_VALID 11
Randall Spanglera2db67d2013-01-24 16:15:35 -0800375/*
376 * Body load address check is omitted; this result code is deprecated and not
377 * used anywhere in the codebase.
378 */
Randall Spangler17c71262011-03-18 11:24:27 -0700379#define VBSD_LKP_CHECK_BODY_ADDRESS 12
380#define VBSD_LKP_CHECK_BODY_OFFSET 13
Bill Richardsonfa9d7782011-11-09 09:11:34 -0800381#define VBSD_LKP_CHECK_SELF_SIGNED 14
Randall Spangler17c71262011-03-18 11:24:27 -0700382#define VBSD_LKP_CHECK_BODY_EXCEEDS_MEM 15
383#define VBSD_LKP_CHECK_BODY_EXCEEDS_PART 16
384#define VBSD_LKP_CHECK_READ_DATA 17
385#define VBSD_LKP_CHECK_VERIFY_DATA 18
386#define VBSD_LKP_CHECK_KERNEL_GOOD 19
387
Randall Spangler17c71262011-03-18 11:24:27 -0700388/* Information about a single kernel partition check in LoadKernel() */
389typedef struct VbSharedDataKernelPart {
Randall Spanglera2db67d2013-01-24 16:15:35 -0800390 uint64_t sector_start; /* Start sector of partition */
391 uint64_t sector_count; /* Sector count of partition */
392 uint32_t combined_version; /* Combined key+kernel version */
393 uint8_t gpt_index; /* Index of partition in GPT */
394 uint8_t check_result; /* Check result; see VBSD_LKP_CHECK_* */
395 uint8_t flags; /* Flags (see VBSD_LKP_FLAG_* */
396 uint8_t reserved0; /* Reserved for padding */
Randall Spangler17c71262011-03-18 11:24:27 -0700397} VbSharedDataKernelPart;
398
399/* Number of kernel partitions to track per call. Must be power of 2. */
400#define VBSD_MAX_KERNEL_PARTS 8
401
402/* Flags for VbSharedDataKernelCall.flags */
403/* Error initializing TPM in recovery mode */
404#define VBSD_LK_FLAG_REC_TPM_INIT_ERROR 0x00000001
405
406/* Result codes for VbSharedDataKernelCall.check_result */
407#define VBSD_LKC_CHECK_NOT_DONE 0
408#define VBSD_LKC_CHECK_DEV_SWITCH_MISMATCH 1
409#define VBSD_LKC_CHECK_GPT_READ_ERROR 2
410#define VBSD_LKC_CHECK_GPT_PARSE_ERROR 3
411#define VBSD_LKC_CHECK_GOOD_PARTITION 4
412#define VBSD_LKC_CHECK_INVALID_PARTITIONS 5
413#define VBSD_LKC_CHECK_NO_PARTITIONS 6
414
415/* Information about a single call to LoadKernel() */
416typedef struct VbSharedDataKernelCall {
Randall Spanglera2db67d2013-01-24 16:15:35 -0800417 /* Bottom 32 bits of flags passed in LoadKernelParams.boot_flags */
418 uint32_t boot_flags;
419 /* Debug flags; see VBSD_LK_FLAG_* */
420 uint32_t flags;
421 /* Number of sectors on drive */
422 uint64_t sector_count;
423 /* Sector size in bytes */
424 uint32_t sector_size;
425 /* Check result; see VBSD_LKC_CHECK_* */
426 uint8_t check_result;
427 /* Boot mode for LoadKernel(); see VBSD_LK_BOOT_MODE_* constants */
428 uint8_t boot_mode;
429 /* Test error number, if non-zero */
430 uint8_t test_error_num;
431 /* Return code from LoadKernel() */
432 uint8_t return_code;
433 /* Number of kernel partitions found */
434 uint8_t kernel_parts_found;
435 /* Reserved for padding */
436 uint8_t reserved0[7];
437 /* Data on kernels */
438 VbSharedDataKernelPart parts[VBSD_MAX_KERNEL_PARTS];
Randall Spangler17c71262011-03-18 11:24:27 -0700439} VbSharedDataKernelCall;
440
441/* Number of kernel calls to track. Must be power of 2. */
442#define VBSD_MAX_KERNEL_CALLS 4
443
Randall Spanglera2db67d2013-01-24 16:15:35 -0800444/*
445 * Data shared between LoadFirmware(), LoadKernel(), and OS.
Randall Spangler95c40312011-03-09 15:54:16 -0800446 *
447 * The boot process is:
448 * 1) Caller allocates buffer, at least VB_SHARED_DATA_MIN bytes, ideally
449 * VB_SHARED_DATA_REC_SIZE bytes.
450 * 2) If non-recovery boot, this is passed to LoadFirmware(), which
451 * initializes the buffer, adding this header and some data.
452 * 3) Buffer is passed to LoadKernel(). If this is a recovery boot,
453 * LoadKernel() initializes the buffer, adding this header. Regardless
454 * of boot type, LoadKernel() adds some data to the buffer.
455 * 4) Caller makes data available to the OS in a platform-dependent manner.
Randall Spanglera2db67d2013-01-24 16:15:35 -0800456 * For example, via ACPI or ATAGs.
457 */
Randall Spangler95c40312011-03-09 15:54:16 -0800458typedef struct VbSharedDataHeader {
Randall Spanglera2db67d2013-01-24 16:15:35 -0800459 /* Fields present in version 1 */
460 /* Magic number for struct (VB_SHARED_DATA_MAGIC) */
461 uint32_t magic;
462 /* Version of this structure */
463 uint32_t struct_version;
464 /* Size of this structure in bytes */
465 uint64_t struct_size;
466 /* Size of shared data buffer in bytes */
467 uint64_t data_size;
468 /* Amount of shared data used so far */
469 uint64_t data_used;
470 /* Flags */
471 uint32_t flags;
472 /* Reserved for padding */
473 uint32_t reserved0;
474 /* Kernel subkey, from firmware */
475 VbPublicKey kernel_subkey;
476 /* Offset of kernel subkey data from start of this struct */
477 uint64_t kernel_subkey_data_offset;
478 /* Size of kernel subkey data */
479 uint64_t kernel_subkey_data_size;
Randall Spangler95c40312011-03-09 15:54:16 -0800480
Randall Spanglera2db67d2013-01-24 16:15:35 -0800481 /*
482 * Timer values from VbExGetTimer(). Unused values are set to 0. Note
483 * that these are now the enter/exit times for the wrapper API entry
484 * points; see crosbug.com/17018. */
485 /* VbInit() enter/exit */
486 uint64_t timer_vb_init_enter;
487 uint64_t timer_vb_init_exit;
488 /* VbSelectFirmware() enter/exit */
489 uint64_t timer_vb_select_firmware_enter;
490 uint64_t timer_vb_select_firmware_exit;
491 /* VbSelectAndLoadKernel() enter/exit */
492 uint64_t timer_vb_select_and_load_kernel_enter;
493 uint64_t timer_vb_select_and_load_kernel_exit;
Randall Spangler95c40312011-03-09 15:54:16 -0800494
Randall Spanglera2db67d2013-01-24 16:15:35 -0800495 /* Information stored in TPM, as retrieved by firmware */
496 /* Current firmware version in TPM */
497 uint32_t fw_version_tpm;
498 /* Current kernel version in TPM */
499 uint32_t kernel_version_tpm;
Randall Spanglerad6824b2011-03-16 19:07:33 -0700500
Randall Spanglera2db67d2013-01-24 16:15:35 -0800501 /* Debugging information from LoadFirmware() */
502 /* Result of checking RW firmware A and B */
503 uint8_t check_fw_a_result;
504 uint8_t check_fw_b_result;
505 /* Firmware index returned by LoadFirmware() or 0xFF if failure */
506 uint8_t firmware_index;
507 /* Reserved for padding */
508 uint8_t reserved1;
509 /* Firmware TPM version at start of VbSelectFirmware() */
510 uint32_t fw_version_tpm_start;
511 /* Firmware lowest version found */
512 uint32_t fw_version_lowest;
Randall Spangler17c71262011-03-18 11:24:27 -0700513
Randall Spanglera2db67d2013-01-24 16:15:35 -0800514 /* Debugging information from LoadKernel() */
515 /* Number of times LoadKernel() called */
516 uint32_t lk_call_count;
517 /* Info on calls */
518 VbSharedDataKernelCall lk_calls[VBSD_MAX_KERNEL_CALLS];
Randall Spanglerf4ba19d2011-03-17 16:10:21 -0700519
Randall Spanglera2db67d2013-01-24 16:15:35 -0800520 /*
521 * Offset and size of supplemental kernel data. Reserve space for
522 * these fields now, so that future LoadKernel() versions can store
523 * information there without needing to shift down whatever data the
524 * original LoadFirmware() might have put immediately following its
525 * VbSharedDataHeader.
526 */
527 uint64_t kernel_supplemental_offset;
528 uint64_t kernel_supplemental_size;
Randall Spangler17c71262011-03-18 11:24:27 -0700529
Randall Spanglera2db67d2013-01-24 16:15:35 -0800530 /*
531 * Fields added in version 2. Before accessing, make sure that
532 * struct_version >= 2
533 */
534 /* Recovery reason for current boot */
535 uint8_t recovery_reason;
536 /* Reserved for padding */
537 uint8_t reserved2[7];
538 /* Flags from firmware keyblock */
539 uint64_t fw_keyblock_flags;
540 /* Kernel TPM version at start of VbSelectAndLoadKernel() */
541 uint32_t kernel_version_tpm_start;
542 /* Kernel lowest version found */
543 uint32_t kernel_version_lowest;
Randall Spangler5ac39bf2011-03-17 17:58:56 -0700544
Randall Spanglera2db67d2013-01-24 16:15:35 -0800545 /*
546 * After read-only firmware which uses version 2 is released, any
547 * additional fields must be added below, and the struct version must
548 * be increased. Before reading/writing those fields, make sure that
549 * the struct being accessed is at least version 3.
550 *
551 * It's always ok for an older firmware to access a newer struct, since
552 * all the fields it knows about are present. Newer firmware needs to
553 * use reasonable defaults when accessing older structs.
554 */
Randall Spangler95c40312011-03-09 15:54:16 -0800555} __attribute__((packed)) VbSharedDataHeader;
556
Randall Spanglera2db67d2013-01-24 16:15:35 -0800557/*
558 * Size of VbSharedDataheader for each version
559 *
560 * TODO: crossystem needs not to fail if called on a v1 system where
561 * sizeof(VbSharedDataHeader) was smaller
562 */
Randall Spangler7adcc602011-06-24 16:11:45 -0700563#define VB_SHARED_DATA_HEADER_SIZE_V1 1072
Randall Spanglerf02bbb42011-08-24 14:16:01 -0700564#define VB_SHARED_DATA_HEADER_SIZE_V2 1096
Randall Spangler7adcc602011-06-24 16:11:45 -0700565
566#define VB_SHARED_DATA_VERSION 2 /* Version for struct_version */
Randall Spangler95c40312011-03-09 15:54:16 -0800567
Randall Spanglerd1836442010-06-10 09:59:04 -0700568#endif /* VBOOT_REFERENCE_VBOOT_STRUCT_H_ */