1 // Copyright 2021 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not 4 // use this file except in compliance with the License. You may obtain a copy of 5 // the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 // License for the specific language governing permissions and limitations under 13 // the License. 14 15 #ifndef DICE_ANDROID_BCC_H_ 16 #define DICE_ANDROID_BCC_H_ 17 18 #include <stdbool.h> 19 20 #include "dice/dice.h" 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 26 #define BCC_INPUT_COMPONENT_NAME (1 << 0) 27 #define BCC_INPUT_COMPONENT_VERSION (1 << 1) 28 #define BCC_INPUT_RESETTABLE (1 << 2) 29 30 // Contains the input values used to construct the BCC configuration 31 // descriptor. Optional fields are selected in the |inputs| bitfield. 32 // 33 // Fields: 34 // inputs: A bitfield selecting which BCC inputs to include. 35 // component_name: Optional. Name of firmware component / boot stage. 36 // component_version: Optional. Version of firmware component / boot stage. 37 typedef struct BccConfigValues_ { 38 uint32_t inputs; 39 const char* component_name; 40 uint64_t component_version; 41 } BccConfigValues; 42 43 // Formats a configuration descriptor following the BCC's specification. 44 DiceResult BccFormatConfigDescriptor(const BccConfigValues* input_values, 45 size_t buffer_size, uint8_t* buffer, 46 size_t* actual_size); 47 48 // Executes the main BCC flow. 49 // 50 // Call this instead of DiceMainFlow when the next certificate should be 51 // appended to an existing boot certificate chain (BCC). However, when using 52 // the BCC handover format, use BccHandoverMainFlow instead. 53 // 54 // Given a full set of input values along with the current BCC and CDI values, 55 // computes the next CDI values and matching updated BCC. 56 DiceResult BccMainFlow(void* context, 57 const uint8_t current_cdi_attest[DICE_CDI_SIZE], 58 const uint8_t current_cdi_seal[DICE_CDI_SIZE], 59 const uint8_t* bcc, size_t bcc_size, 60 const DiceInputValues* input_values, size_t buffer_size, 61 uint8_t* buffer, size_t* actual_size, 62 uint8_t next_cdi_attest[DICE_CDI_SIZE], 63 uint8_t next_cdi_seal[DICE_CDI_SIZE]); 64 65 // Executes the main BCC handover flow. 66 // 67 // Call this instead of BccMainFlow when using the BCC handover format to 68 // combine the BCC and CDIs in a single CBOR object. 69 // 70 // Given a full set of input values and the current BCC handover data, computes 71 // the next BCC handover data. 72 // 73 // Using a CBOR object to bundle is one option for passing the values passed 74 // between boot stages. This function can take the current boot stage's bundle 75 // and produce a bundle for the next stage. Passing the bundle between stages 76 // is a problem left to the caller. 77 DiceResult BccHandoverMainFlow(void* context, const uint8_t* bcc_handover, 78 size_t bcc_handover_size, 79 const DiceInputValues* input_values, 80 size_t buffer_size, uint8_t* buffer, 81 size_t* actual_size); 82 83 #ifdef __cplusplus 84 } // extern "C" 85 #endif 86 87 #endif // DICE_ANDROID_BCC_H_ 88