1 /* SPDX-License-Identifier: GPL-2.0-or-later 2 * 3 * Copyright (c) 2023 Huawei Device Co., Ltd. 4 */ 5 6 #ifndef _CODE_SIGN_ELF_H 7 #define _CODE_SIGN_ELF_H 8 9 #include <linux/fs.h> 10 #include <linux/code_sign.h> 11 12 #define PAGE_SIZE_4K 12 13 14 /* 15 * Sign block of ELF file consists of 16 * sign data and sign head 17 * 18 * Detailed structure: 19 * +-------------------------------------------------+ 20 * | |type (4 bytes)| code signing| 21 * | |length (4 bytes)| block | 22 * | |offset (4 bytes)| header | 23 * | +---------------------------+-------------| 24 * | |type (4 bytes)| profile | 25 * | |length (4 bytes)| block | 26 * | |offset (4 bytes)| header | 27 * | +---------------------------+-------------| 28 * | | .. other block headers .. | | 29 * | +---------------------------+-------------| 30 * | SIGN |type (4 bytes)| merkle | 31 * | |length (4 bytes)| tree | 32 * | DATA |merkle tree data (N bytes)| block | 33 * | +---------------------------+-------------| 34 * | |type (4 bytes)| | 35 * | |length (4 bytes)| | 36 * | |version (1 byte )| | 37 * | |hash alg (1 byte )| | 38 * | |log2blocksize (1 byte )| | 39 * | |salt size (1 byte )| | 40 * | |signature size (4 bytes)| code sign | 41 * | |data size (8 bytes)| block | 42 * | |root hash (64 bytes)| | 43 * | |salt (32 bytes)| | 44 * | |flags (4 bytes)| | 45 * | |reserved (4 bytes)| | 46 * | |tree offset (8 bytes)| | 47 * | |reserved (127 bytes)| | 48 * | |cs version (1 byte )| | 49 * | |signature (N bytes)| | 50 * |-------+---------------------------+-------------| 51 * | | magic string (16 bytes)| | 52 * | SIGN | version (4 bytes) | | 53 * | | sign data size (4 bytes) | | 54 * | HEAD | sign block num (4 bytes) | | 55 * | | padding (4 bytes) | | 56 * +-------+-----------------------------------------+ 57 */ 58 59 static const __u32 MAGIC_STRING_LEN = 16; 60 static const char SIGN_MAGIC_STR[] = "elf sign block "; 61 62 enum CODE_SIGNING_DATA_TYPE { 63 TYPE_FS_VERITY_DESC = 0x1, 64 TYPE_MERKLE_TREE = 0x2 65 }; 66 67 enum BLOCK_TYPE { 68 BLOCK_TYPE_UNSIGNED_PROFILE = 0x1, 69 BLOCK_TYPE_SIGNED_PROFILE = 0x2, 70 BLOCK_TYPE_CODE_SIGNING = 0x3 71 }; 72 73 #pragma pack(push, 1) 74 typedef struct 75 { 76 __u8 magic[16]; 77 __u8 version[4]; 78 __u32 sign_data_size; 79 __u32 sign_block_num; 80 __u32 padding; 81 } sign_head_t; 82 83 typedef struct 84 { 85 __u32 type; 86 __u32 length; 87 } tl_header_t; 88 89 typedef struct 90 { 91 __u32 type; 92 __u32 length; 93 __u32 offset; 94 } block_hdr_t; 95 96 #pragma pack(pop) 97 98 typedef struct 99 { 100 __u32 padding_length; 101 char *merkle_tree_data; 102 __u32 merkle_tree_length; 103 } merkle_tree_t; 104 105 typedef struct 106 { 107 /* sign data */ 108 block_hdr_t code_signing_block_hdr; 109 block_hdr_t profile_block_hdr; 110 /* code signing block */ 111 tl_header_t merkle_tree_hdr; 112 merkle_tree_t *merkle_tree; 113 tl_header_t fsverity_desc_hdr; 114 struct code_sign_descriptor *fsverity_desc; 115 116 /* sign head */ 117 sign_head_t sign_head; 118 } sign_block_t; 119 120 int elf_file_enable_fs_verity(struct file *file); 121 122 #endif /* _CODE_SIGN_ELF_H */ 123