1 /* Copyright 2017 The Chromium OS Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 */ 5 #ifndef __EC_UTIL_SIGNER_COMMON_SIGNED_HEADER_H 6 #define __EC_UTIL_SIGNER_COMMON_SIGNED_HEADER_H 7 8 /* This is citadel */ 9 #define CHIP_C 10 #define MAGIC_DEFAULT (-1u) 11 #define MAGIC_VALID (-2u) 12 13 #ifdef __cplusplus 14 #include <endian.h> 15 #include <stdio.h> 16 #include <time.h> 17 #endif 18 19 #include <assert.h> 20 #include <inttypes.h> 21 #include <stdint.h> 22 #include <string.h> 23 24 #define FUSE_MAX 128 25 #define INFO_MAX 128 26 #define FUSE_PADDING 0x55555555 27 28 // B chips 29 #define FUSE_IGNORE_B 0xa3badaac // baked in rom! 30 #define INFO_IGNORE_B 0xaa3c55c3 // baked in rom! 31 32 // Citadel chips 33 #define FUSE_IGNORE_C 0x3aabadac // baked in rom! 34 #define INFO_IGNORE_C 0xa5c35a3c // baked in rom! 35 36 #if defined(CHIP_C) 37 #define FUSE_IGNORE FUSE_IGNORE_C 38 #define INFO_IGNORE INFO_IGNORE_C 39 #else 40 #define FUSE_IGNORE FUSE_IGNORE_B 41 #define INFO_IGNORE INFO_IGNORE_B 42 #endif 43 44 typedef struct SignedHeader { 45 #ifdef __cplusplus SignedHeaderSignedHeader46 SignedHeader() 47 : magic(-1), 48 image_size(0), 49 epoch_(0x1337), 50 major_(0), 51 minor_(0xbabe), 52 p4cl_(0), 53 applysec_(0), 54 config1_(0), 55 err_response_(0), 56 expect_response_(0), 57 dev_id0_(0), 58 dev_id1_(0) { 59 memset(signature, 'S', sizeof(signature)); 60 memset(tag, 'T', sizeof(tag)); 61 memset(fusemap, 0, sizeof(fusemap)); 62 memset(infomap, 0, sizeof(infomap)); 63 memset(&_pad, '3', sizeof(_pad)); 64 } 65 markFuseSignedHeader66 void markFuse(uint32_t n) { 67 assert(n < FUSE_MAX); 68 fusemap[n / 32] |= 1 << (n & 31); 69 } 70 markInfoSignedHeader71 void markInfo(uint32_t n) { 72 assert(n < INFO_MAX); 73 infomap[n / 32] |= 1 << (n & 31); 74 } 75 fuseIgnoreSignedHeader76 static uint32_t fuseIgnore(bool c) { 77 return c ? FUSE_IGNORE_C : FUSE_IGNORE_B; 78 } 79 infoIgnoreSignedHeader80 static uint32_t infoIgnore(bool c) { 81 return c ? INFO_IGNORE_C : INFO_IGNORE_B; 82 } 83 printSignedHeader84 void print() const { 85 printf("hdr.magic : %08x\n", magic); 86 printf("hdr.keyid : %08x\n", keyid); 87 printf("hdr.tag : "); 88 const uint8_t* p = reinterpret_cast<const uint8_t*>(&tag); 89 for (size_t i = 0; i < sizeof(tag); ++i) { 90 printf("%02x", p[i] & 255); 91 } 92 printf("\n"); 93 printf("hdr.epoch : %08x\n", epoch_); 94 printf("hdr.major : %08x\n", major_); 95 printf("hdr.minor : %08x\n", minor_); 96 printf("hdr.timestamp : %016" PRIx64 ", %s", timestamp_, 97 asctime(localtime(reinterpret_cast<const time_t*>(×tamp_)))); 98 printf("hdr.image_size : %08x\n", image_size); 99 printf("hdr.ro_base : %08x\n", ro_base); 100 printf("hdr.ro_max : %08x\n", ro_max); 101 printf("hdr.rx_base : %08x\n", rx_base); 102 printf("hdr.rx_max : %08x\n", rx_max); 103 printf("hdr.img_chk : %08x\n", be32toh(img_chk_)); 104 printf("hdr.fuses_chk : %08x\n", be32toh(fuses_chk_)); 105 printf("hdr.info_chk : %08x\n", be32toh(info_chk_)); 106 printf("hdr.applysec : %08x\n", applysec_); 107 printf("hdr.config1 : %08x\n", config1_); 108 printf("hdr.err_response : %08x\n", err_response_); 109 printf("hdr.expect_response: %08x\n", expect_response_); 110 111 if (dev_id0_) printf("hdr.dev_id0 : %08x\n", dev_id0_); 112 if (dev_id1_) printf("hdr.dev_id1 : %08x\n", dev_id1_); 113 114 printf("hdr.fusemap : "); 115 for (size_t i = 0; i < sizeof(fusemap) / sizeof(fusemap[0]); ++i) { 116 printf("%08X", fusemap[i]); 117 } 118 printf("\n"); 119 printf("hdr.infomap : "); 120 for (size_t i = 0; i < sizeof(infomap) / sizeof(infomap[0]); ++i) { 121 printf("%08X", infomap[i]); 122 } 123 printf("\n"); 124 } 125 #endif // __cplusplus 126 127 uint32_t magic; // -1 (thanks, boot_sys!) 128 uint32_t signature[96]; 129 uint32_t img_chk_; // top 32 bit of expected img_hash 130 // --------------------- everything below is part of img_hash 131 uint32_t tag[7]; // words 0-6 of RWR/FWR 132 uint32_t keyid; // word 7 of RWR 133 uint32_t key[96]; // public key to verify signature with 134 uint32_t image_size; 135 uint32_t ro_base; // readonly region 136 uint32_t ro_max; 137 uint32_t rx_base; // executable region 138 uint32_t rx_max; 139 uint32_t fusemap[FUSE_MAX / (8 * sizeof(uint32_t))]; 140 uint32_t infomap[INFO_MAX / (8 * sizeof(uint32_t))]; 141 uint32_t epoch_; // word 7 of FWR 142 uint32_t major_; // keyladder count 143 uint32_t minor_; 144 uint64_t timestamp_; // time of signing 145 uint32_t p4cl_; 146 uint32_t applysec_; // bits to and with FUSE_FW_DEFINED_BROM_APPLYSEC 147 uint32_t config1_; // bits to mesh with FUSE_FW_DEFINED_BROM_CONFIG1 148 uint32_t err_response_; // bits to or with FUSE_FW_DEFINED_BROM_ERR_RESPONSE 149 uint32_t expect_response_; // action to take when expectation is violated 150 union { 151 uint32_t 152 _pad[256 - 1 - 96 - 1 - 7 - 1 - 96 - 5 * 1 - 4 - 4 - 9 * 1 - 2 - 1 - 2]; 153 struct { 154 // 2nd FIPS signature (gnubby RW) 155 uint32_t keyid; 156 uint32_t r[8]; 157 uint32_t s[8]; 158 } ext_sig; 159 } _pad; 160 uint32_t dev_id0_; // node id, if locked 161 uint32_t dev_id1_; 162 uint32_t fuses_chk_; // top 32 bit of expected fuses hash 163 uint32_t info_chk_; // top 32 bit of expected info hash 164 } SignedHeader; 165 166 #ifdef __cplusplus 167 static_assert(sizeof(SignedHeader) == 1024, 168 "SignedHeader should be 1024 bytes"); 169 #ifndef GOOGLE3 170 static_assert(offsetof(SignedHeader, info_chk_) == 1020, 171 "SignedHeader should be 1024 bytes"); 172 #endif // GOOGLE3 173 #endif // __cplusplus 174 175 #endif // __EC_UTIL_SIGNER_COMMON_SIGNED_HEADER_H 176