diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 4684d54b66..b26d1847ba 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -21,6 +21,7 @@ #define VBOOT_2_API_H_ #include +#include "2fw_hash_tags.h" #include "2recovery_reasons.h" #include "2return_codes.h" @@ -294,27 +295,11 @@ int vb2api_fw_phase2(struct vb2_context *ctx); */ int vb2api_fw_phase3(struct vb2_context *ctx); -/* - * Tags for types of hashable data. - * - * TODO: These are the ones that vboot specifically knows about given the - * current data structures. In the future, I'd really like the vboot preamble - * to contain an arbitrary list of tags and their hashes, so that we can hash - * ram init, main RW body, EC-RW for software sync, etc. all separately. - */ -enum vb2api_hash_tag { - /* Invalid hash tag; never present in table */ - VB2_HASH_TAG_INVALID = 0, - - /* Firmware body */ - VB2_HASH_TAG_FW_BODY, -}; - /** * Initialize hashing data for the specified tag. * * @param ctx Vboot context - * @param tag Tag to start hashing + * @param tag Tag to start hashing (enum vb2_hash_tag) * @param size If non-null, expected size of data for tag will be * stored here on output. * @return VB2_SUCCESS, or error code on error. diff --git a/firmware/2lib/include/2fw_hash_tags.h b/firmware/2lib/include/2fw_hash_tags.h new file mode 100644 index 0000000000..0c061f56b6 --- /dev/null +++ b/firmware/2lib/include/2fw_hash_tags.h @@ -0,0 +1,40 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Firmware hash tags for verified boot + */ + +#ifndef VBOOT_REFERENCE_VBOOT_2FW_HASH_TAGS_H_ +#define VBOOT_REFERENCE_VBOOT_2FW_HASH_TAGS_H_ +#include + +/* + * Tags for types of hashable data. + * + * Note that not every firmware image will contain every tag. + * + * TODO: These are the ones that vboot specifically knows about given the + * current data structures. In the future, I'd really like the vboot preamble + * to contain an arbitrary list of tags and their hashes, so that we can hash + * ram init, main RW body, EC-RW for software sync, etc. all separately. + */ +enum vb2_hash_tag { + /* Invalid hash tag; never present in table */ + VB2_HASH_TAG_INVALID = 0, + + /* Firmware body */ + VB2_HASH_TAG_FW_BODY = 1, + + /* Kernel data key */ + VB2_HASH_TAG_KERNEL_DATA_KEY = 2, + + /* + * Tags over 0x40000000 are reserved for use by the calling firmware, + * which may associate them with arbitrary types of RW firmware data + * that it wants to track. + */ + VB2_HASH_TAG_CALLER_BASE = 0x40000000 +}; + +#endif /* VBOOT_REFERENCE_VBOOT_2FW_HASH_TAGS_H_ */