1 /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 * 5 * Vboot 2.0 data structures (compatible with vboot1) 6 * 7 * Note: Many of the structs have pairs of 32-bit fields and reserved fields. 8 * This is to be backwards-compatible with older verified boot data which used 9 * 64-bit fields (when we thought that hey, UEFI is 64-bit so all our fields 10 * should be too). 11 * 12 * Offsets should be padded to 32-bit boundaries, since some architectures 13 * have trouble with accessing unaligned integers. 14 */ 15 16 #ifndef VBOOT_REFERENCE_VB2_STRUCT_H_ 17 #define VBOOT_REFERENCE_VB2_STRUCT_H_ 18 #include <stdint.h> 19 20 /* Packed public key data */ 21 struct vb2_packed_key { 22 /* Offset of key data from start of this struct */ 23 uint32_t key_offset; 24 uint32_t reserved0; 25 26 /* Size of key data in bytes (NOT strength of key in bits) */ 27 uint32_t key_size; 28 uint32_t reserved1; 29 30 /* Signature algorithm used by the key (enum vb2_crypto_algorithm) */ 31 uint32_t algorithm; 32 uint32_t reserved2; 33 34 /* Key version */ 35 uint32_t key_version; 36 uint32_t reserved3; 37 38 /* TODO: when redoing this struct, add a text description of the key */ 39 } __attribute__((packed)); 40 41 #define EXPECTED_VB2_PACKED_KEY_SIZE 32 42 43 44 /* Signature data (a secure hash, possibly signed) */ 45 struct vb2_signature { 46 /* Offset of signature data from start of this struct */ 47 uint32_t sig_offset; 48 uint32_t reserved0; 49 50 /* Size of signature data in bytes */ 51 uint32_t sig_size; 52 uint32_t reserved1; 53 54 /* Size of the data block which was signed in bytes */ 55 uint32_t data_size; 56 uint32_t reserved2; 57 } __attribute__((packed)); 58 59 #define EXPECTED_VB2_SIGNATURE_SIZE 24 60 61 62 #define KEY_BLOCK_MAGIC "CHROMEOS" 63 #define KEY_BLOCK_MAGIC_SIZE 8 64 65 #define KEY_BLOCK_HEADER_VERSION_MAJOR 2 66 #define KEY_BLOCK_HEADER_VERSION_MINOR 1 67 68 /* 69 * Key block, containing the public key used to sign some other chunk of data. 70 * 71 * This should be followed by: 72 * 1) The data_key key data, pointed to by data_key.key_offset. 73 * 2) The checksum data for (vb2_keyblock + data_key data), pointed to 74 * by keyblock_checksum.sig_offset. 75 * 3) The signature data for (vb2_keyblock + data_key data), pointed to 76 * by keyblock_signature.sig_offset. 77 */ 78 struct vb2_keyblock { 79 /* Magic number */ 80 uint8_t magic[KEY_BLOCK_MAGIC_SIZE]; 81 82 /* Version of this header format */ 83 uint32_t header_version_major; 84 85 /* Version of this header format */ 86 uint32_t header_version_minor; 87 88 /* 89 * Length of this entire key block, including keys, signatures, and 90 * padding, in bytes 91 */ 92 uint32_t keyblock_size; 93 uint32_t reserved0; 94 95 /* 96 * Signature for this key block (header + data pointed to by data_key) 97 * For use with signed data keys 98 */ 99 struct vb2_signature keyblock_signature; 100 101 /* 102 * SHA-512 checksum for this key block (header + data pointed to by 103 * data_key) For use with unsigned data keys. 104 * 105 * Note that the vb2 lib currently only supports signed blocks. 106 */ 107 struct vb2_signature keyblock_checksum_unused; 108 109 /* Flags for key (VB2_KEY_BLOCK_FLAG_*) */ 110 uint32_t keyblock_flags; 111 uint32_t reserved1; 112 113 /* Key to verify the chunk of data */ 114 struct vb2_packed_key data_key; 115 } __attribute__((packed)); 116 117 #define EXPECTED_VB2_KEYBLOCK_SIZE 112 118 119 120 /* Firmware preamble header */ 121 #define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2 122 #define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1 123 124 /* Flags for VbFirmwarePreambleHeader.flags */ 125 /* Reserved; do not use */ 126 #define VB2_FIRMWARE_PREAMBLE_RESERVED0 0x00000001 127 /* Do not allow use of any hardware crypto accelerators. */ 128 #define VB2_FIRMWARE_PREAMBLE_DISALLOW_HWCRYPTO 0x00000002 129 130 /* Premable block for rewritable firmware, vboot1 version 2.1. 131 * 132 * The firmware preamble header should be followed by: 133 * 1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset. 134 * 2) The signature data for the firmware body, pointed to by 135 * body_signature.sig_offset. 136 * 3) The signature data for (header + kernel_subkey data + body signature 137 * data), pointed to by preamble_signature.sig_offset. 138 */ 139 struct vb2_fw_preamble { 140 /* 141 * Size of this preamble, including keys, signatures, and padding, in 142 * bytes 143 */ 144 uint32_t preamble_size; 145 uint32_t reserved0; 146 147 /* 148 * Signature for this preamble (header + kernel subkey + body 149 * signature) 150 */ 151 struct vb2_signature preamble_signature; 152 153 /* Version of this header format */ 154 uint32_t header_version_major; 155 uint32_t header_version_minor; 156 157 /* Firmware version */ 158 uint32_t firmware_version; 159 uint32_t reserved1; 160 161 /* Key to verify kernel key block */ 162 struct vb2_packed_key kernel_subkey; 163 164 /* Signature for the firmware body */ 165 struct vb2_signature body_signature; 166 167 /* 168 * Fields added in header version 2.1. You must verify the header 169 * version before reading these fields! 170 */ 171 172 /* 173 * Flags; see VB2_FIRMWARE_PREAMBLE_*. Readers should return 0 for 174 * header version < 2.1. 175 */ 176 uint32_t flags; 177 } __attribute__((packed)); 178 179 #define EXPECTED_VB2_FW_PREAMBLE_SIZE 108 180 181 #endif /* VBOOT_REFERENCE_VB2_STRUCT_H_ */ 182