Remove unused files, and tidy the directory structure of the remaining ones.

Review URL: http://codereview.chromium.org/2815011

firmware/lib/include/stateful_util.h

@@ -0,0 +1,62 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Helper functions/wrappers for memory allocations, manipulation and
+ * comparison.
+ */
+
+#ifndef VBOOT_FIRMWARE_LIB_UTILITY_H_
+#define VBOOT_FIRMWARE_LIB_UTILITY_H_
+
+#include "sysincludes.h"
+
+/* Track remaining data to be read in a buffer. */
+typedef struct MemcpyState {
+  void* remaining_buf;
+  uint64_t remaining_len;  /* Remaining length of the buffer. */
+  uint8_t overrun;  /* Flag set to 1 when an overrun occurs. */
+} MemcpyState;
+
+/* Skip [len] bytes only if there's enough data to skip according
+ * to [state].
+ * On success, return a meaningless but non-NULL pointer and updates [state].
+ * On failure, return NULL, set remaining_len in state to -1.
+ *
+ * Useful for iterating through a binary blob to populate a struct. After the
+ * first failure (buffer overrun), successive calls will always fail.
+ */
+void* StatefulSkip(MemcpyState* state, uint64_t len);
+
+/* Copy [len] bytes into [dst] only if there's enough data to read according
+ * to [state].
+ * On success, return [dst] and update [state].
+ * On failure, return NULL, set remaining len in state to -1.
+ *
+ * Useful for iterating through a binary blob to populate a struct. After the
+ * first failure (buffer overrun), successive calls will always fail.
+ */
+void* StatefulMemcpy(MemcpyState* state, void* dst, uint64_t len);
+
+/* Like StatefulMemcpy() but copies in the opposite direction, populating
+ * data from [src] into the buffer encapsulated in state [state].
+ * On success, return [src] and update [state].
+ * On failure, return NULL, set remaining_len in state to -1.
+ *
+ * Useful for iterating through a structure to populate a binary blob. After the
+ * first failure (buffer overrun), successive calls will always fail.
+ */
+const void* StatefulMemcpy_r(MemcpyState* state, const void* src, uint64_t len);
+
+/* Like StatefulMemcpy_r() but fills a portion of the encapsulated buffer with
+ * a constant value.
+ * On success, return a meaningless but non-NULL pointer and updates [state].
+ * On failure, return NULL, set remaining_len in state to -1.
+ *
+ * After the first failure (buffer overrun), successive calls will always fail.
+ */
+const void* StatefulMemset_r(MemcpyState* state, const uint8_t val,
+                             uint64_t len);
+
+#endif  /* VBOOT_FIRMWARE_LIB_UTILITY_H_ */

firmware/lib/include/tss_constants.h

@@ -0,0 +1,79 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Some TPM constants and type definitions for standalone compilation for use in
+ * the firmware
+ */
+
+/* FIXME(gauravsh):
+ * NOTE: This file is copied over from
+ *       src/platform/tpm_lite/src/tlcl/tss_constants.h
+ * Ideally, we want to directly include it without having two maintain
+ * duplicate copies in sync. But in the current model, this is hard
+ * to do without breaking standalone compilation.
+ * Eventually tpm_lite should be moved into vboot_reference.
+ */
+
+#ifndef TPM_LITE_TSS_CONSTANTS_H_
+#define TPM_LITE_TSS_CONSTANTS_H_
+
+#include "sysincludes.h"
+
+#define TPM_MAX_COMMAND_SIZE 4096
+#define TPM_LARGE_ENOUGH_COMMAND_SIZE 256  /* saves space in the firmware */
+
+#define TPM_SUCCESS ((uint32_t)0x00000000)
+#define TPM_E_BADINDEX ((uint32_t)0x00000002)
+#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048)
+#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000)     /* vboot local */
+#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001)  /* vboot local */
+#define TPM_E_MUST_REBOOT            ((uint32_t)0x00005002)  /* vboot local */
+
+#define TPM_NV_INDEX0 ((uint32_t)0x00000000)
+#define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff)
+#define TPM_NV_PER_WRITE_STCLEAR (((uint32_t)1)<<14)
+#define TPM_NV_PER_PPWRITE (((uint32_t)1)<<0)
+#define TPM_NV_PER_GLOBALLOCK (((uint32_t)1)<<15)
+
+typedef uint8_t TSS_BOOL;
+typedef uint16_t TPM_STRUCTURE_TAG;
+
+typedef struct tdTPM_WRITE_INFO {
+  uint32_t nvIndex;
+  uint32_t offset;
+  uint32_t dataSize;
+} TPM_WRITE_INFO;
+
+typedef struct tdTPM_PERMANENT_FLAGS
+{
+    TPM_STRUCTURE_TAG tag;
+    TSS_BOOL disable;
+    TSS_BOOL ownership;
+    TSS_BOOL deactivated;
+    TSS_BOOL readPubek;
+    TSS_BOOL disableOwnerClear;
+    TSS_BOOL allowMaintenance;
+    TSS_BOOL physicalPresenceLifetimeLock;
+    TSS_BOOL physicalPresenceHWEnable;
+    TSS_BOOL physicalPresenceCMDEnable;
+    TSS_BOOL CEKPUsed;
+    TSS_BOOL TPMpost;
+    TSS_BOOL TPMpostLock;
+    TSS_BOOL FIPS;
+    TSS_BOOL Operator;
+    TSS_BOOL enableRevokeEK;
+    TSS_BOOL nvLocked;
+    TSS_BOOL readSRKPub;
+    TSS_BOOL tpmEstablished;
+    TSS_BOOL maintenanceDone;
+    TSS_BOOL disableFullDALogicInfo;
+} TPM_PERMANENT_FLAGS;
+
+#define TPM_ALL_LOCALITIES (TPM_LOC_ZERO | TPM_LOC_ONE | TPM_LOC_TWO \
+                            | TPM_LOC_THREE | TPM_LOC_FOUR)  /* 0x1f */
+
+#define TPM_ENCAUTH_SIZE 20
+#define TPM_PUBEK_SIZE 256
+
+#endif  /* TPM_LITE_TSS_CONSTANTS_H_ */

firmware/lib/include/vboot_common.h

@@ -0,0 +1,110 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Common functions between firmware and kernel verified boot.
+ */
+
+#ifndef VBOOT_REFERENCE_VBOOT_COMMON_H_
+#define VBOOT_REFERENCE_VBOOT_COMMON_H_
+
+#include "cryptolib.h"
+#include "vboot_struct.h"
+
+/* Error Codes for all common functions. */
+enum {
+  VBOOT_SUCCESS = 0,
+  VBOOT_KEY_BLOCK_INVALID,    /* Key block internal structure is
+                               * invalid, or not a key block */
+  VBOOT_KEY_BLOCK_SIGNATURE,  /* Key block signature check failed */
+  VBOOT_KEY_BLOCK_HASH,      /* Key block hash check failed */
+  VBOOT_PUBLIC_KEY_INVALID,  /* Invalid public key passed to a
+                              * signature verficiation function. */
+  VBOOT_PREAMBLE_INVALID,    /* Preamble internal structure is
+                              * invalid */
+  VBOOT_PREAMBLE_SIGNATURE,  /* Preamble signature check failed */
+  VBOOT_ERROR_MAX,
+};
+extern char* kVbootErrors[VBOOT_ERROR_MAX];
+
+
+/* Return offset of ptr from base. */
+uint64_t OffsetOf(const void* base, const void* ptr);
+
+
+/* Helper functions to get data pointed to by a public key or signature. */
+uint8_t* GetPublicKeyData(VbPublicKey* key);
+const uint8_t* GetPublicKeyDataC(const VbPublicKey* key);
+uint8_t* GetSignatureData(VbSignature* sig);
+const uint8_t* GetSignatureDataC(const VbSignature* sig);
+
+
+/* Helper functions to verify the data pointed to by a subfield is inside
+ * the parent data.  Returns 0 if inside, 1 if error. */
+int VerifyMemberInside(const void* parent, uint64_t parent_size,
+                       const void* member, uint64_t member_size,
+                       uint64_t member_data_offset,
+                       uint64_t member_data_size);
+
+int VerifyPublicKeyInside(const void* parent, uint64_t parent_size,
+                          const VbPublicKey* key);
+
+int VerifySignatureInside(const void* parent, uint64_t parent_size,
+                          const VbSignature* sig);
+
+
+/* Initialize a public key to refer to [key_data]. */
+void PublicKeyInit(VbPublicKey* key, uint8_t* key_data, uint64_t key_size);
+
+
+/* Copy a public key from [src] to [dest].
+ *
+ * Returns 0 if success, non-zero if error. */
+int PublicKeyCopy(VbPublicKey* dest, const VbPublicKey* src);
+
+
+/* Converts a public key to RsaPublicKey format.  The returned key must
+ * be freed using RSAPublicKeyFree().
+ *
+ * Returns NULL if error. */
+RSAPublicKey* PublicKeyToRSA(const VbPublicKey* key);
+
+
+/* Verifies [data] matches signature [sig] using [key]. */
+int VerifyData(const uint8_t* data, const VbSignature* sig,
+               const RSAPublicKey* key);
+
+
+/* Verifies a secure hash digest from DigestBuf() or DigestFinal(),
+ * using [key]. */
+int VerifyDigest(const uint8_t* digest, const VbSignature *sig,
+                 const RSAPublicKey* key);
+
+
+/* Checks the sanity of a key block of size [size] bytes, using public
+ * key [key].  If [key]==NULL, uses only the block checksum to verify
+ * the key block.  Header fields are also checked for sanity.  Does not
+ * verify key index or key block flags. */
+int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
+                   const VbPublicKey *key);
+
+
+/* Checks the sanity of a firmware preamble of size [size] bytes,
+ * using public key [key].
+ *
+ * Returns VBOOT_SUCCESS if successful. */
+int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
+                           uint64_t size, const RSAPublicKey* key);
+
+
+/* Checks the sanity of a kernel preamble of size [size] bytes,
+ * using public key [key].
+ *
+ * Returns VBOOT_SUCCESS if successful. */
+int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble,
+                         uint64_t size, const RSAPublicKey* key);
+
+
+
+
+#endif  /* VBOOT_REFERENCE_VBOOT_COMMON_H_ */

firmware/lib/include/vboot_kernel.h

@@ -0,0 +1,25 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Data structure and API definitions for a verified boot kernel image.
+ * (Firmware Portion)
+ */
+
+#ifndef VBOOT_REFERENCE_VBOOT_KERNEL_H_
+#define VBOOT_REFERENCE_VBOOT_KERNEL_H_
+
+#include "cgptlib.h"
+
+/* Allocates and reads GPT data from the drive.  The sector_bytes and
+ * drive_sectors fields should be filled on input.  The primary and
+ * secondary header and entries are filled on output.
+ *
+ * Returns 0 if successful, 1 if error. */
+int AllocAndReadGptData(GptData* gptdata);
+
+/* Writes any changes for the GPT data back to the drive, then frees the
+ * buffers. */
+int WriteAndFreeGptData(GptData* gptdata);
+
+#endif  /* VBOOT_REFERENCE_VBOOT_KERNEL_H_ */

firmware/lib/include/vboot_struct.h

@@ -0,0 +1,124 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Data structure definitions for verified boot, for on-disk / in-eeprom
+ * data.
+ */
+
+#ifndef VBOOT_REFERENCE_VBOOT_STRUCT_H_
+#define VBOOT_REFERENCE_VBOOT_STRUCT_H_
+
+#include "sysincludes.h"
+
+
+/* Public key data */
+typedef struct VbPublicKey {
+  uint64_t key_offset;     /* Offset of key data from start of this struct */
+  uint64_t key_size;       /* Size of key data in bytes (NOT strength of key
+                           * in bits) */
+  uint64_t algorithm;      /* Signature algorithm used by the key */
+  uint64_t key_version;    /* Key version */
+} __attribute__((packed)) VbPublicKey;
+
+
+/* Signature data (a secure hash, possibly signed) */
+typedef struct VbSignature {
+  uint64_t sig_offset;  /* Offset of signature data from start of this
+                         * struct */
+  uint64_t sig_size;    /* Size of signature data in bytes */
+  uint64_t data_size;   /* Size of the data block which was signed in bytes */
+} __attribute__((packed)) VbSignature;
+
+
+#define KEY_BLOCK_MAGIC "CHROMEOS"
+#define KEY_BLOCK_MAGIC_SIZE 8
+
+#define KEY_BLOCK_HEADER_VERSION_MAJOR 2
+#define KEY_BLOCK_HEADER_VERSION_MINOR 1
+
+/* Flags for key_block_flags */
+/* The following flags set where the key is valid */
+#define KEY_BLOCK_FLAG_DEVELOPER_0  UINT64_C(0x01)  /* Developer switch off */
+#define KEY_BLOCK_FLAG_DEVELOPER_1  UINT64_C(0x02)  /* Developer switch on */
+#define KEY_BLOCK_FLAG_RECOVERY_0   UINT64_C(0x04)  /* Not recovery mode */
+#define KEY_BLOCK_FLAG_RECOVERY_1   UINT64_C(0x08)  /* Recovery mode */
+
+/* Key block, containing the public key used to sign some other chunk
+ * of data. */
+typedef struct VbKeyBlockHeader {
+  uint8_t magic[KEY_BLOCK_MAGIC_SIZE];  /* Magic number */
+  uint32_t header_version_major;     /* Version of this header format */
+  uint32_t header_version_minor;     /* Version of this header format */
+  uint64_t key_block_size;           /* Length of this entire key block,
+                                      * including keys, signatures, and
+                                      * padding, in bytes */
+  VbSignature key_block_signature;   /* Signature for this key block
+                                      * (header + data pointed to by data_key)
+                                      * For use with signed data keys*/
+  VbSignature key_block_checksum;    /* SHA-512 checksum for this key block
+                                      * (header + data pointed to by data_key)
+                                      * For use with unsigned data keys */
+  uint64_t key_block_flags;          /* Flags for key (KEY_BLOCK_FLAG_*) */
+  VbPublicKey data_key;              /* Key to verify the chunk of data */
+} __attribute__((packed)) VbKeyBlockHeader;
+/* This should be followed by:
+ *   1) The data_key key data, pointed to by data_key.key_offset.
+ *   2) The checksum data for (VBKeyBlockHeader + data_key data), pointed to
+ *      by key_block_checksum.sig_offset.
+ *   3) The signature data for (VBKeyBlockHeader + data_key data), pointed to
+ *      by key_block_signature.sig_offset. */
+
+
+#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
+#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 0
+
+/* Preamble block for rewritable firmware */
+typedef struct VbFirmwarePreambleHeader {
+  uint64_t preamble_size;            /* Size of this preamble, including keys,
+                                      * signatures, and padding, in bytes */
+  VbSignature preamble_signature;    /* Signature for this preamble
+                                      * (header + kernel subkey +
+                                      * body signature) */
+  uint32_t header_version_major;     /* Version of this header format */
+  uint32_t header_version_minor;     /* Version of this header format */
+
+  uint64_t firmware_version;         /* Firmware version */
+  VbPublicKey kernel_subkey;         /* Key to verify kernel key block */
+  VbSignature body_signature;        /* Signature for the firmware body */
+} __attribute__((packed)) VbFirmwarePreambleHeader;
+/* This should be followed by:
+ *   1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset.
+ *   2) The signature data for the firmware body, pointed to by
+ *      body_signature.sig_offset.
+ *   3) The signature data for (VBFirmwarePreambleHeader + kernel_subkey data
+ *      + body signature data), pointed to by
+ *      preamble_signature.sig_offset. */
+
+
+#define KERNEL_PREAMBLE_HEADER_VERSION_MAJOR 2
+#define KERNEL_PREAMBLE_HEADER_VERSION_MINOR 0
+
+/* Preamble block for kernel */
+typedef struct VbKernelPreambleHeader {
+  uint64_t preamble_size;            /* Size of this preamble, including keys,
+                                      * signatures, and padding, in bytes */
+  VbSignature preamble_signature;    /* Signature for this preamble
+                                      * (header + body signature) */
+  uint32_t header_version_major;     /* Version of this header format */
+  uint32_t header_version_minor;     /* Version of this header format */
+
+  uint64_t kernel_version;           /* Kernel version */
+  uint64_t body_load_address;        /* Load address for kernel body */
+  uint64_t bootloader_address;       /* Address of bootloader, after body is
+                                      * loaded at body_load_address */
+  uint64_t bootloader_size;          /* Size of bootloader in bytes */
+  VbSignature body_signature;        /* Signature for the kernel body */
+} __attribute__((packed)) VbKernelPreambleHeader;
+/* This should be followed by:
+ *   2) The signature data for the kernel body, pointed to by
+ *      body_signature.sig_offset.
+ *   3) The signature data for (VBFirmwarePreambleHeader + body signature
+ *      data), pointed to by preamble_signature.sig_offset. */
+
+#endif  /* VBOOT_REFERENCE_VBOOT_STRUCT_H_ */