1 /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 * 5 * Secure non-volatile storage routines 6 */ 7 8 #ifndef VBOOT_REFERENCE_VBOOT_SECDATA_H_ 9 #define VBOOT_REFERENCE_VBOOT_SECDATA_H_ 10 11 /* Expected value of vb2_secdata.version */ 12 #define VB2_SECDATA_VERSION 2 13 14 /* Flags for firmware space */ 15 enum vb2_secdata_flags { 16 /* 17 * Last boot was developer mode. TPM ownership is cleared when 18 * transitioning to/from developer mode. Set/cleared by 19 * vb2_check_dev_switch(). 20 */ 21 VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER = (1 << 0), 22 23 /* 24 * Virtual developer mode switch is on. Set/cleared by the 25 * keyboard-controlled dev screens in recovery mode. Cleared by 26 * vb2_check_dev_switch(). 27 */ 28 VB2_SECDATA_FLAG_DEV_MODE = (1 << 1), 29 }; 30 31 /* Secure data area */ 32 struct vb2_secdata { 33 /* Struct version, for backwards compatibility */ 34 uint8_t struct_version; 35 36 /* Flags; see vb2_secdata_flags */ 37 uint8_t flags; 38 39 /* Firmware versions */ 40 uint32_t fw_versions; 41 42 /* Reserved for future expansion */ 43 uint8_t reserved[3]; 44 45 /* CRC; must be last field in struct */ 46 uint8_t crc8; 47 } __attribute__((packed)); 48 49 /* Which param to get/set for vb2_secdata_get() / vb2_secdata_set() */ 50 enum vb2_secdata_param { 51 /* Flags; see vb2_secdata_flags */ 52 VB2_SECDATA_FLAGS = 0, 53 54 /* Firmware versions */ 55 VB2_SECDATA_VERSIONS, 56 }; 57 58 /** 59 * Check the CRC of the secure storage context. 60 * 61 * Use this if reading from secure storage may be flaky, and you want to retry 62 * reading it several times. 63 * 64 * This may be called before vb2_context_init(). 65 * 66 * @param ctx Context pointer 67 * @return VB2_SUCCESS, or non-zero error code if error. 68 */ 69 int vb2_secdata_check_crc(const struct vb2_context *ctx); 70 71 /** 72 * Create fresh data in the secure storage context. 73 * 74 * Use this only when initializing the secure storage context on a new machine 75 * the first time it boots. Do NOT simply use this if vb2_secdata_check_crc() 76 * (or any other API in this library) fails; that could allow the secure data 77 * to be rolled back to an insecure state. 78 * 79 * This may be called before vb2_context_init(). 80 */ 81 int vb2_secdata_create(struct vb2_context *ctx); 82 83 /** 84 * Initialize the secure storage context and verify its CRC. 85 * 86 * This must be called before vb2_secdata_get() or vb2_secdata_set(). 87 * 88 * @param ctx Context pointer 89 * @return VB2_SUCCESS, or non-zero error code if error. 90 */ 91 int vb2_secdata_init(struct vb2_context *ctx); 92 93 /** 94 * Read a secure storage value. 95 * 96 * @param ctx Context pointer 97 * @param param Parameter to read 98 * @param dest Destination for value 99 * @return VB2_SUCCESS, or non-zero error code if error. 100 */ 101 int vb2_secdata_get(struct vb2_context *ctx, 102 enum vb2_secdata_param param, 103 uint32_t *dest); 104 105 /** 106 * Write a secure storage value. 107 * 108 * @param ctx Context pointer 109 * @param param Parameter to write 110 * @param value New value 111 * @return VB2_SUCCESS, or non-zero error code if error. 112 */ 113 int vb2_secdata_set(struct vb2_context *ctx, 114 enum vb2_secdata_param param, 115 uint32_t value); 116 117 #endif /* VBOOT_REFERENCE_VBOOT_2SECDATA_H_ */ 118