Gitiles
Code Review Sign In
review.coreboot.org / vboot / fbde3aa0af045021c2bfd315ad59f10aab2543fc / . / firmware / 2lib / include / 2secdata.h
blob: 6931278cd00b588116fabd06c5566f64515c7b67 [file] [log] [blame]
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]1/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Secure non-volatile storage routines
6 */
7
Joel Kitching9adf2aa2019-08-20 17:43:50 +0800[diff] [blame]8#ifndef VBOOT_REFERENCE_2SECDATA_H_
9#define VBOOT_REFERENCE_2SECDATA_H_
10
11/* Avoid circular dependency with 2api.h */
12struct vb2_context;
13typedef uint32_t vb2_error_t;
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]14
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]15/*****************************************************************************/
16/* Firmware version space */
17
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]18#define VB2_SECDATA_FIRMWARE_VERSION 2
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]19
20/* Flags for firmware space */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]21enum vb2_secdata_firmware_flags {
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]22 /*
23 * Last boot was developer mode. TPM ownership is cleared when
24 * transitioning to/from developer mode. Set/cleared by
25 * vb2_check_dev_switch().
26 */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]27 VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER = (1 << 0),
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]28
29 /*
30 * Virtual developer mode switch is on. Set/cleared by the
31 * keyboard-controlled dev screens in recovery mode. Cleared by
32 * vb2_check_dev_switch().
33 */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]34 VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE = (1 << 1),
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]35};
36
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]37struct vb2_secdata_firmware {
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]38 /* Struct version, for backwards compatibility */
39 uint8_t struct_version;
40
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]41 /* Flags; see vb2_secdata_firmware_flags */
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]42 uint8_t flags;
43
44 /* Firmware versions */
45 uint32_t fw_versions;
46
47 /* Reserved for future expansion */
48 uint8_t reserved[3];
49
50 /* CRC; must be last field in struct */
51 uint8_t crc8;
52} __attribute__((packed));
53
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]54/* Which param to get/set for vb2_secdata_firmware_get/set() */
55enum vb2_secdata_firmware_param {
56 /* Flags; see vb2_secdata_firmware_flags */
57 VB2_SECDATA_FIRMWARE_FLAGS = 0,
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]58
59 /* Firmware versions */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]60 VB2_SECDATA_FIRMWARE_VERSIONS,
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]61};
62
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]63/*****************************************************************************/
64/* Kernel version space */
65
66/* Kernel space - KERNEL_NV_INDEX, locked with physical presence. */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]67#define VB2_SECDATA_KERNEL_VERSION 2
68#define VB2_SECDATA_KERNEL_UID 0x4752574c /* 'GRWL' */
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]69
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]70struct vb2_secdata_kernel {
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]71 /* Struct version, for backwards compatibility */
72 uint8_t struct_version;
73
74 /* Unique ID to detect space redefinition */
75 uint32_t uid;
76
77 /* Kernel versions */
78 uint32_t kernel_versions;
79
80 /* Reserved for future expansion */
81 uint8_t reserved[3];
82
83 /* CRC; must be last field in struct */
84 uint8_t crc8;
85} __attribute__((packed));
86
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]87/* Which param to get/set for vb2_secdata_kernel_get/set() */
88enum vb2_secdata_kernel_param {
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]89 /* Kernel versions */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]90 VB2_SECDATA_KERNEL_VERSIONS = 0,
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]91};
92
93/*****************************************************************************/
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]94/* Firmware secure storage space functions */
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]95
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]96/**
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]97 * Initialize firmware secure storage context and verify its CRC.
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]98 *
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]99 * This must be called before vb2_secdata_firmware_get/set().
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]100 *
101 * @param ctx Context pointer
102 * @return VB2_SUCCESS, or non-zero error code if error.
103 */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]104vb2_error_t vb2_secdata_firmware_init(struct vb2_context *ctx);
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]105
106/**
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]107 * Read a firmware secure storage value.
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]108 *
109 * @param ctx Context pointer
110 * @param param Parameter to read
111 * @param dest Destination for value
112 * @return VB2_SUCCESS, or non-zero error code if error.
113 */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]114vb2_error_t vb2_secdata_firmware_get(struct vb2_context *ctx,
115 enum vb2_secdata_firmware_param param,
116 uint32_t *dest);
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]117
118/**
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]119 * Write a firmware secure storage value.
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]120 *
121 * @param ctx Context pointer
122 * @param param Parameter to write
123 * @param value New value
124 * @return VB2_SUCCESS, or non-zero error code if error.
125 */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]126vb2_error_t vb2_secdata_firmware_set(struct vb2_context *ctx,
127 enum vb2_secdata_firmware_param param,
128 uint32_t value);
Randall Spangler3333e572014-05-14 11:37:52 -0700[diff] [blame]129
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]130/*****************************************************************************/
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]131/* Kernel secure storage space functions
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]132 *
133 * These are separate functions so that they don't bloat the size of the early
134 * boot code which uses the firmware version space functions.
135 */
136
137/**
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]138 * Initialize kernel secure storage context and verify its CRC.
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]139 *
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]140 * This must be called before vb2_secdata_kernel_get/set().
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]141 *
142 * @param ctx Context pointer
143 * @return VB2_SUCCESS, or non-zero error code if error.
144 */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]145vb2_error_t vb2_secdata_kernel_init(struct vb2_context *ctx);
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]146
147/**
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]148 * Read a kernel secure storage value.
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]149 *
150 * @param ctx Context pointer
151 * @param param Parameter to read
152 * @param dest Destination for value
153 * @return VB2_SUCCESS, or non-zero error code if error.
154 */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]155vb2_error_t vb2_secdata_kernel_get(struct vb2_context *ctx,
156 enum vb2_secdata_kernel_param param,
157 uint32_t *dest);
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]158
159/**
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]160 * Write a kernel secure storage value.
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]161 *
162 * @param ctx Context pointer
163 * @param param Parameter to write
164 * @param value New value
165 * @return VB2_SUCCESS, or non-zero error code if error.
166 */
Joel Kitchingfbde3aa2019-08-27 17:13:55 +0800[diff] [blame^]167vb2_error_t vb2_secdata_kernel_set(struct vb2_context *ctx,
168 enum vb2_secdata_kernel_param param,
169 uint32_t value);
Randall Spanglerbf9c2762015-05-12 13:44:30 -0700[diff] [blame]170
Joel Kitching9adf2aa2019-08-20 17:43:50 +0800[diff] [blame]171#endif /* VBOOT_REFERENCE_2SECDATA_H_ */