blob: acfb58b75d55ac1965fba2013c557df7c31f01b0 [file] [log] [blame]
/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
* Common functions between firmware and kernel verified boot.
#include "vboot_struct.h"
#ifndef ARRAY_SIZE
#define ARRAY_SIZE(array) (sizeof(array)/sizeof(array[0]))
/* Test an important condition at compile time, not run time */
#define _BA1_(cond, line) \
extern int __build_assertion_ ## line[1 - 2*!(cond)] \
__attribute__ ((unused))
#define _BA0_(c, x) _BA1_(c, x)
#define BUILD_ASSERT(cond) _BA0_(cond, __LINE__)
/* Error Codes for all common functions. */
enum {
/* Key block internal structure is invalid, or not a key block */
/* Key block signature check failed */
/* Key block hash check failed */
/* Invalid public key passed to a signature verficiation function. */
/* Preamble internal structure is invalid */
/* Preamble signature check failed */
/* Shared data is invalid. */
/* Kernel Preamble does not contain flags */
extern const char *kVbootErrors[VBOOT_ERROR_MAX];
* Return offset of ptr from base.
uint64_t OffsetOf(const void *base, const void *ptr);
* Helper functions to get data pointed to by a public key or signature.
uint8_t *GetPublicKeyData(VbPublicKey *key);
const uint8_t *GetPublicKeyDataC(const VbPublicKey *key);
uint8_t *GetSignatureData(VbSignature *sig);
const uint8_t *GetSignatureDataC(const VbSignature *sig);
* Helper functions to verify the data pointed to by a subfield is inside the
* parent data. Returns 0 if inside, 1 if error.
int VerifyMemberInside(const void *parent, uint64_t parent_size,
const void *member, uint64_t member_size,
uint64_t member_data_offset,
uint64_t member_data_size);
int VerifyPublicKeyInside(const void *parent, uint64_t parent_size,
const VbPublicKey *key);
int VerifySignatureInside(const void *parent, uint64_t parent_size,
const VbSignature *sig);
* Initialize a public key to refer to [key_data].
void PublicKeyInit(VbPublicKey *key, uint8_t *key_data, uint64_t key_size);
* Copy a public key from [src] to [dest].
* Returns 0 if success, non-zero if error.
int PublicKeyCopy(VbPublicKey *dest, const VbPublicKey *src);
* Retrieve the 16-bit vmlinuz header address and size from the kernel preamble
* if there is one. These are only available in Kernel Preamble Header version
* >= 2.1. If given a header 2.0 or lower, will set address and size to 0 (this
* is not considered an error).
* Returns VBOOT_SUCCESS if successful.
int VbGetKernelVmlinuzHeader(const VbKernelPreambleHeader *preamble,
uint64_t *vmlinuz_header_address,
uint64_t *vmlinuz_header_size);
* Checks if the kernel preamble has flags field. This is available only if the
* Kernel Preamble Header version >=2.2. If give a header of 2.1 or lower, it
* Returns VBOOT_SUCCESS if version is >=2.2.
int VbKernelHasFlags(const VbKernelPreambleHeader *preamble);
* Verify that the Vmlinuz Header is contained inside of the kernel blob.
int VerifyVmlinuzInsideKBlob(uint64_t kblob, uint64_t kblob_size,
uint64_t header, uint64_t header_size);
* Initialize a verified boot shared data structure.
* Returns 0 if success, non-zero if error.
int VbSharedDataInit(VbSharedDataHeader *header, uint64_t size);
* Reserve [size] bytes of the shared data area. Returns the offset of the
* reserved data from the start of the shared data buffer, or 0 if error.
uint64_t VbSharedDataReserve(VbSharedDataHeader *header, uint64_t size);
* Copy the kernel subkey into the shared data.
* Returns 0 if success, non-zero if error.
int VbSharedDataSetKernelKey(VbSharedDataHeader *header,
const VbPublicKey *src);
* Check whether recovery is allowed or not.
* The only way to pass this check and proceed to the recovery process is to
* physically request a recovery (a.k.a. manual recovery). All other recovery
* requests including manual recovery requested by a (compromised) host will
* end up with 'broken' screen.
* @param flags Flags of VbSharedDataHeader.
* @return 1: Yes. 0: No or not sure.
int vb2_allow_recovery(uint32_t flags);