mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-11-24 02:05:01 +00:00
626e0b034d
This patch adds code which dervies secrets from BDS. It's supposed to be done by SP-RO, hence the code is mostly useful for testing (or emulation). vba_extend_secrets_ro takes a function pointer to a hash extend function. It'll be used to try different sha256 extend algorithms. BUG=chromium:649555 BRANCH=none TEST=make runtests Change-Id: I8fef6b851fb84686d8bcdd948b36160016687c51 Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/384354 Reviewed-by: Randall Spangler <rspangler@chromium.org>
195 lines
4.7 KiB
C
195 lines
4.7 KiB
C
/* Copyright 2016 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*/
|
|
|
|
#ifndef VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H
|
|
#define VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H
|
|
|
|
#include <stdint.h>
|
|
#include "vboot_register.h"
|
|
#include "nvm.h"
|
|
#include "secrets.h"
|
|
#include "bdb_flag.h"
|
|
|
|
struct vba_context {
|
|
/* Indicate which slot is being tried: 0 - primary, 1 - secondary */
|
|
uint8_t slot;
|
|
|
|
/* Defined by VBA_CONTEXT_FLAG_* in bdb_flag.h */
|
|
uint32_t flags;
|
|
|
|
/* BDB */
|
|
uint8_t *bdb;
|
|
|
|
/* Secrets */
|
|
struct bdb_secrets *secrets;
|
|
|
|
/* NVM-RW buffer */
|
|
struct nvmrw nvmrw;
|
|
};
|
|
|
|
/**
|
|
* Initialize vboot process
|
|
*
|
|
* @param ctx
|
|
* @return enum bdb_return_code
|
|
*/
|
|
int vba_bdb_init(struct vba_context *ctx);
|
|
|
|
/**
|
|
* Finalize vboot process
|
|
*
|
|
* @param ctx
|
|
* @return enum bdb_return_code
|
|
*/
|
|
int vba_bdb_finalize(struct vba_context *ctx);
|
|
|
|
/**
|
|
* Log failed boot attempt and reset the chip
|
|
*
|
|
* @param ctx
|
|
*/
|
|
void vba_bdb_fail(struct vba_context *ctx);
|
|
|
|
/**
|
|
* Update kernel and its data key version in NVM
|
|
*
|
|
* This is the function called from SP-RW, which receives a kernel version
|
|
* from an AP-RW after successful verification of a kernel.
|
|
*
|
|
* It checks whether the version in NVM-RW is older than the reported version
|
|
* or not. If so, it updates the version in NVM-RW.
|
|
*
|
|
* @param ctx
|
|
* @param kernel_data_key_version
|
|
* @param kernel_version
|
|
* @return BDB_SUCCESS or BDB_ERROR_*
|
|
*/
|
|
int vba_update_kernel_version(struct vba_context *ctx,
|
|
uint32_t kernel_data_key_version,
|
|
uint32_t kernel_version);
|
|
|
|
/**
|
|
* Write new boot unlock code to NVM-RW
|
|
*
|
|
* @param ctx
|
|
* @param new_buc New BUC to be written
|
|
* @return BDB_SUCCESS or BDB_ERROR_*
|
|
*/
|
|
int vba_update_buc(struct vba_context *ctx, uint8_t *new_buc);
|
|
|
|
/**
|
|
* Derive a secret
|
|
*
|
|
* This derives a new secret from a secret passed from SP-RO.
|
|
*
|
|
* @param ctx
|
|
* @param type Type of secret to derive
|
|
* @param buf Buffer containing data to derive secret from
|
|
* @param buf_size Size of <buf>
|
|
* @return BDB_SUCCESS or BDB_ERROR_*
|
|
*/
|
|
int vba_derive_secret(struct vba_context *ctx, enum bdb_secret_type type,
|
|
uint8_t *wsr, const uint8_t *buf, uint32_t buf_size);
|
|
|
|
/**
|
|
* Clear a secret
|
|
*
|
|
* @param ctx
|
|
* @param type Type of secret to clear
|
|
* @return BDB_SUCCESS or BDB_ERROR_*
|
|
*/
|
|
int vba_clear_secret(struct vba_context *ctx, enum bdb_secret_type type);
|
|
|
|
/**
|
|
* Extend secrets for SP-RO
|
|
*
|
|
* @param ctx struct vba_context
|
|
* @param bdb BDB
|
|
* @param wsr Pointer to working secret register contents
|
|
* @param extend Function to be called for extending a secret
|
|
* @return BDB_SUCCESS or BDB_ERROR_*
|
|
*/
|
|
typedef void (*f_extend)(const uint8_t *from, const uint8_t *by, uint8_t *to);
|
|
int vba_extend_secrets_ro(struct vba_context *ctx, const uint8_t *bdb,
|
|
uint8_t *wsr, f_extend extend);
|
|
|
|
/**
|
|
* Get vboot register value
|
|
*
|
|
* Implemented by each chip
|
|
*
|
|
* @param type Type of register to get
|
|
* @return Register value
|
|
*/
|
|
uint32_t vbe_get_vboot_register(enum vboot_register type);
|
|
|
|
/**
|
|
* Set vboot register value
|
|
*
|
|
* Implemented by each chip
|
|
*
|
|
* @param type Type of register to set
|
|
* @param val Value to set
|
|
*/
|
|
void vbe_set_vboot_register(enum vboot_register type, uint32_t val);
|
|
|
|
/**
|
|
* Reset the SoC
|
|
*
|
|
* Implemented by each chip. This is different from reboot (a.k.a. board reset,
|
|
* cold reset).
|
|
*/
|
|
void vbe_reset(void);
|
|
|
|
/**
|
|
* Read contents from Non-Volatile Memory
|
|
*
|
|
* Implemented by each chip.
|
|
*
|
|
* @param type Type of NVM
|
|
* @param buf Buffer where the data will be read to
|
|
* @param size Size of data to read
|
|
* @return Zero if success or non-zero otherwise
|
|
*/
|
|
int vbe_read_nvm(enum nvm_type type, uint8_t *buf, uint32_t size);
|
|
|
|
/**
|
|
* Write contents to Non-Volatile Memory
|
|
*
|
|
* Implemented by each chip.
|
|
*
|
|
* @param type Type of NVM
|
|
* @param buf Buffer where the data will be written from
|
|
* @param size Size of data to write
|
|
* @return Zero if success or non-zero otherwise
|
|
*/
|
|
int vbe_write_nvm(enum nvm_type type, void *buf, uint32_t size);
|
|
|
|
/**
|
|
* Encrypt data by AES-256
|
|
*
|
|
* @param msg Message to be encrypted
|
|
* @param len Length of <msg> in bytes
|
|
* @param key Key used for encryption
|
|
* @param out Buffer where encrypted message is stored
|
|
* @return BDB_SUCCESS or BDB_ERROR_*
|
|
*/
|
|
int vbe_aes256_encrypt(const uint8_t *msg, uint32_t len, const uint8_t *key,
|
|
uint8_t *out);
|
|
|
|
/**
|
|
* Decrypt data by AES-256
|
|
*
|
|
* @param msg Message to be decrypted
|
|
* @param len Length of <msg> in bytes
|
|
* @param key Key used for decryption
|
|
* @param out Buffer where decrypted message is stored
|
|
* @return BDB_SUCCESS or BDB_ERROR_*
|
|
*/
|
|
int vbe_aes256_decrypt(const uint8_t *msg, uint32_t len, const uint8_t *key,
|
|
uint8_t *out);
|
|
|
|
#endif
|