You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
569 lines
20 KiB
569 lines
20 KiB
/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*
|
|
* Data structure definitions for verified boot, for on-disk / in-eeprom
|
|
* data.
|
|
*/
|
|
|
|
#ifndef VBOOT_REFERENCE_VBOOT_STRUCT_H_
|
|
#define VBOOT_REFERENCE_VBOOT_STRUCT_H_
|
|
#include <stdint.h>
|
|
|
|
/* Public key data */
|
|
typedef struct VbPublicKey {
|
|
/* Offset of key data from start of this struct */
|
|
uint64_t key_offset;
|
|
/* Size of key data in bytes (NOT strength of key in bits) */
|
|
uint64_t key_size;
|
|
/* Signature algorithm used by the key */
|
|
uint64_t algorithm;
|
|
/* Key version */
|
|
uint64_t key_version;
|
|
} __attribute__((packed)) VbPublicKey;
|
|
|
|
#define EXPECTED_VBPUBLICKEY_SIZE 32
|
|
|
|
/* Signature data (a secure hash, possibly signed) */
|
|
typedef struct VbSignature {
|
|
/* Offset of signature data from start of this struct */
|
|
uint64_t sig_offset;
|
|
/* Size of signature data in bytes */
|
|
uint64_t sig_size;
|
|
/* Size of the data block which was signed in bytes */
|
|
uint64_t data_size;
|
|
} __attribute__((packed)) VbSignature;
|
|
|
|
#define EXPECTED_VBSIGNATURE_SIZE 24
|
|
|
|
#define KEY_BLOCK_MAGIC "CHROMEOS"
|
|
#define KEY_BLOCK_MAGIC_SIZE 8
|
|
|
|
#define KEY_BLOCK_HEADER_VERSION_MAJOR 2
|
|
#define KEY_BLOCK_HEADER_VERSION_MINOR 1
|
|
|
|
/* Flags for key_block_flags */
|
|
/* The following flags set where the key is valid */
|
|
#define KEY_BLOCK_FLAG_DEVELOPER_0 (0x01ULL) /* Developer switch off */
|
|
#define KEY_BLOCK_FLAG_DEVELOPER_1 (0x02ULL) /* Developer switch on */
|
|
#define KEY_BLOCK_FLAG_RECOVERY_0 (0x04ULL) /* Not recovery mode */
|
|
#define KEY_BLOCK_FLAG_RECOVERY_1 (0x08ULL) /* Recovery mode */
|
|
|
|
/*
|
|
* Key block, containing the public key used to sign some other chunk of data.
|
|
*
|
|
* This should be followed by:
|
|
* 1) The data_key key data, pointed to by data_key.key_offset.
|
|
* 2) The checksum data for (VBKeyBlockHeader + data_key data), pointed to
|
|
* by key_block_checksum.sig_offset.
|
|
* 3) The signature data for (VBKeyBlockHeader + data_key data), pointed to
|
|
* by key_block_signature.sig_offset.
|
|
*/
|
|
typedef struct VbKeyBlockHeader {
|
|
/* Magic number */
|
|
uint8_t magic[KEY_BLOCK_MAGIC_SIZE];
|
|
/* Version of this header format */
|
|
uint32_t header_version_major;
|
|
/* Version of this header format */
|
|
uint32_t header_version_minor;
|
|
/*
|
|
* Length of this entire key block, including keys, signatures, and
|
|
* padding, in bytes
|
|
*/
|
|
uint64_t key_block_size;
|
|
/*
|
|
* Signature for this key block (header + data pointed to by data_key)
|
|
* For use with signed data keys
|
|
*/
|
|
VbSignature key_block_signature;
|
|
/*
|
|
* SHA-512 checksum for this key block (header + data pointed to by
|
|
* data_key) For use with unsigned data keys
|
|
*/
|
|
VbSignature key_block_checksum;
|
|
/* Flags for key (KEY_BLOCK_FLAG_*) */
|
|
uint64_t key_block_flags;
|
|
/* Key to verify the chunk of data */
|
|
VbPublicKey data_key;
|
|
} __attribute__((packed)) VbKeyBlockHeader;
|
|
|
|
#define EXPECTED_VBKEYBLOCKHEADER_SIZE 112
|
|
|
|
/****************************************************************************/
|
|
|
|
#define FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR 2
|
|
#define FIRMWARE_PREAMBLE_HEADER_VERSION_MINOR 1
|
|
|
|
/*
|
|
* Preamble block for rewritable firmware, version 2.0. All 2.x versions of
|
|
* this struct must start with the same data, to be compatible with version 2.0
|
|
* readers.
|
|
*/
|
|
typedef struct VbFirmwarePreambleHeader2_0 {
|
|
/*
|
|
* Size of this preamble, including keys, signatures, and padding, in
|
|
* bytes
|
|
*/
|
|
uint64_t preamble_size;
|
|
/*
|
|
* Signature for this preamble (header + kernel subkey + body
|
|
* signature)
|
|
*/
|
|
VbSignature preamble_signature;
|
|
/* Version of this header format (= 2) */
|
|
uint32_t header_version_major;
|
|
/* Version of this header format (= 0) */
|
|
uint32_t header_version_minor;
|
|
|
|
/* Firmware version */
|
|
uint64_t firmware_version;
|
|
/* Key to verify kernel key block */
|
|
VbPublicKey kernel_subkey;
|
|
/* Signature for the firmware body */
|
|
VbSignature body_signature;
|
|
} __attribute__((packed)) VbFirmwarePreambleHeader2_0;
|
|
|
|
#define EXPECTED_VBFIRMWAREPREAMBLEHEADER2_0_SIZE 104
|
|
|
|
/* Flags for VbFirmwarePreambleHeader.flags */
|
|
/*
|
|
* Use the normal/dev boot path from the read-only firmware, instead of
|
|
* verifying the body signature.
|
|
*/
|
|
#define VB_FIRMWARE_PREAMBLE_USE_RO_NORMAL 0x00000001
|
|
|
|
/* Premable block for rewritable firmware, version 2.1.
|
|
*
|
|
* The firmware preamble header should be followed by:
|
|
* 1) The kernel_subkey key data, pointed to by kernel_subkey.key_offset.
|
|
* 2) The signature data for the firmware body, pointed to by
|
|
* body_signature.sig_offset.
|
|
* 3) The signature data for (header + kernel_subkey data + body signature
|
|
* data), pointed to by preamble_signature.sig_offset.
|
|
*/
|
|
typedef struct VbFirmwarePreambleHeader {
|
|
/*
|
|
* Size of this preamble, including keys, signatures, and padding, in
|
|
* bytes
|
|
*/
|
|
uint64_t preamble_size;
|
|
/*
|
|
* Signature for this preamble (header + kernel subkey + body
|
|
* signature)
|
|
*/
|
|
VbSignature preamble_signature;
|
|
/* Version of this header format */
|
|
uint32_t header_version_major;
|
|
/* Version of this header format */
|
|
uint32_t header_version_minor;
|
|
|
|
/* Firmware version */
|
|
uint64_t firmware_version;
|
|
/* Key to verify kernel key block */
|
|
VbPublicKey kernel_subkey;
|
|
/* Signature for the firmware body */
|
|
VbSignature body_signature;
|
|
|
|
/*
|
|
* Fields added in header version 2.1. You must verify the header
|
|
* version before reading these fields!
|
|
*/
|
|
/*
|
|
* Flags; see VB_FIRMWARE_PREAMBLE_*. Readers should return 0 for
|
|
* header version < 2.1.
|
|
*/
|
|
uint32_t flags;
|
|
} __attribute__((packed)) VbFirmwarePreambleHeader;
|
|
|
|
#define EXPECTED_VBFIRMWAREPREAMBLEHEADER2_1_SIZE 108
|
|
|
|
/****************************************************************************/
|
|
|
|
#define KERNEL_PREAMBLE_HEADER_VERSION_MAJOR 2
|
|
#define KERNEL_PREAMBLE_HEADER_VERSION_MINOR 2
|
|
|
|
/* Preamble block for kernel, version 2.0
|
|
*
|
|
* This should be followed by:
|
|
* 1) The signature data for the kernel body, pointed to by
|
|
* body_signature.sig_offset.
|
|
* 2) The signature data for (VBFirmwarePreambleHeader + body signature
|
|
* data), pointed to by preamble_signature.sig_offset.
|
|
*/
|
|
typedef struct VbKernelPreambleHeader2_0 {
|
|
/*
|
|
* Size of this preamble, including keys, signatures, and padding, in
|
|
* bytes
|
|
*/
|
|
uint64_t preamble_size;
|
|
/* Signature for this preamble (header + body signature) */
|
|
VbSignature preamble_signature;
|
|
/* Version of this header format */
|
|
uint32_t header_version_major;
|
|
/* Version of this header format */
|
|
uint32_t header_version_minor;
|
|
|
|
/* Kernel version */
|
|
uint64_t kernel_version;
|
|
/* Load address for kernel body */
|
|
uint64_t body_load_address;
|
|
/* Address of bootloader, after body is loaded at body_load_address */
|
|
uint64_t bootloader_address;
|
|
/* Size of bootloader in bytes */
|
|
uint64_t bootloader_size;
|
|
/* Signature for the kernel body */
|
|
VbSignature body_signature;
|
|
} __attribute__((packed)) VbKernelPreambleHeader2_0;
|
|
|
|
#define EXPECTED_VBKERNELPREAMBLEHEADER2_0_SIZE 96
|
|
|
|
/* Preamble block for kernel, version 2.1
|
|
*
|
|
* This should be followed by:
|
|
* 1) The signature data for the kernel body, pointed to by
|
|
* body_signature.sig_offset.
|
|
* 2) The signature data for (VBFirmwarePreambleHeader + body signature
|
|
* data), pointed to by preamble_signature.sig_offset.
|
|
* 3) The 16-bit vmlinuz header, which is used for reconstruction of
|
|
* vmlinuz image.
|
|
*/
|
|
typedef struct VbKernelPreambleHeader {
|
|
/*
|
|
* Size of this preamble, including keys, signatures, vmlinuz header,
|
|
* and padding, in bytes
|
|
*/
|
|
uint64_t preamble_size;
|
|
/* Signature for this preamble (header + body signature) */
|
|
VbSignature preamble_signature;
|
|
/* Version of this header format */
|
|
uint32_t header_version_major;
|
|
/* Version of this header format */
|
|
uint32_t header_version_minor;
|
|
|
|
/* Kernel version */
|
|
uint64_t kernel_version;
|
|
/* Load address for kernel body */
|
|
uint64_t body_load_address;
|
|
/* Address of bootloader, after body is loaded at body_load_address */
|
|
uint64_t bootloader_address;
|
|
/* Size of bootloader in bytes */
|
|
uint64_t bootloader_size;
|
|
/* Signature for the kernel body */
|
|
VbSignature body_signature;
|
|
/*
|
|
* Fields added in header version 2.1. You must verify the header
|
|
* version before reading these fields!
|
|
*/
|
|
/* Address of 16-bit header for vmlinuz reassembly. Readers should
|
|
return 0 for header version < 2.1 */
|
|
uint64_t vmlinuz_header_address;
|
|
/* Size of 16-bit header for vmlinuz in bytes. Readers should return 0
|
|
for header version < 2.1 */
|
|
uint64_t vmlinuz_header_size;
|
|
/*
|
|
* Flags passed in by the signer. Readers should return 0 for header
|
|
* version < 2.2. Flags field is currently defined as:
|
|
* [31:2] - Reserved (for future use)
|
|
* [1:0] - Kernel image type (0b00 - CrOS, 0b01 - bootimg)
|
|
*/
|
|
uint32_t flags;
|
|
} __attribute__((packed)) VbKernelPreambleHeader;
|
|
|
|
#define EXPECTED_VBKERNELPREAMBLEHEADER2_1_SIZE 112
|
|
#define EXPECTED_VBKERNELPREAMBLEHEADER2_2_SIZE 116
|
|
|
|
/****************************************************************************/
|
|
|
|
/* Constants and sub-structures for VbSharedDataHeader */
|
|
|
|
/* Magic number for recognizing VbSharedDataHeader ("VbSD") */
|
|
#define VB_SHARED_DATA_MAGIC 0x44536256
|
|
|
|
/* Minimum and recommended size of shared_data_blob in bytes. */
|
|
#define VB_SHARED_DATA_MIN_SIZE 3072
|
|
#define VB_SHARED_DATA_REC_SIZE 16384
|
|
|
|
/* Flags for VbSharedDataHeader */
|
|
/* LoadFirmware() tried firmware B because of VbNvStorage firmware B tries */
|
|
#define VBSD_FWB_TRIED 0x00000001
|
|
/*
|
|
* LoadKernel() verified the good kernel keyblock using the kernel subkey from
|
|
* the firmware. If this flag is not present, it just used the hash of the
|
|
* kernel keyblock.
|
|
*/
|
|
#define VBSD_KERNEL_KEY_VERIFIED 0x00000002
|
|
/* LoadFirmware() was told the developer switch was on */
|
|
#define VBSD_LF_DEV_SWITCH_ON 0x00000004
|
|
/* LoadFirmware() is requesting the read only normal/dev code path */
|
|
#define VBSD_LF_USE_RO_NORMAL 0x00000008
|
|
/* Developer switch was enabled at boot time */
|
|
#define VBSD_BOOT_DEV_SWITCH_ON 0x00000010
|
|
/* Recovery switch was enabled at boot time */
|
|
#define VBSD_BOOT_REC_SWITCH_ON 0x00000020
|
|
/* Firmware write protect was enabled at boot time */
|
|
#define VBSD_BOOT_FIRMWARE_WP_ENABLED 0x00000040
|
|
/* Boot is a S3->S0 resume, not a S5->S0 normal boot */
|
|
#define VBSD_BOOT_S3_RESUME 0x00000100
|
|
/* Read-only firmware supports the normal/developer code path */
|
|
#define VBSD_BOOT_RO_NORMAL_SUPPORT 0x00000200
|
|
/* VbInit() was told that the system has a virtual dev-switch */
|
|
#define VBSD_HONOR_VIRT_DEV_SWITCH 0x00000400
|
|
/* VbInit() was told the system supports EC software sync */
|
|
#define VBSD_EC_SOFTWARE_SYNC 0x00000800
|
|
/* VbInit() was told that the EC firmware is slow to update */
|
|
#define VBSD_EC_SLOW_UPDATE 0x00001000
|
|
/* Firmware software write protect was enabled at boot time */
|
|
#define VBSD_BOOT_FIRMWARE_SW_WP_ENABLED 0x00002000
|
|
/* VbInit() was told that the recovery button is a virtual one */
|
|
#define VBSD_BOOT_REC_SWITCH_VIRTUAL 0x00004000
|
|
/* Firmware used vboot2 for firmware selection */
|
|
#define VBSD_BOOT_FIRMWARE_VBOOT2 0x00008000
|
|
/* Firmware needs VGA Option ROM to display screens */
|
|
#define VBSD_OPROM_MATTERS 0x00010000
|
|
/* Firmware has loaded the VGA Option ROM */
|
|
#define VBSD_OPROM_LOADED 0x00020000
|
|
|
|
/*
|
|
* Supported flags by header version. It's ok to add new flags while keeping
|
|
* struct version 2 as long as flag-NOT-present is the correct value for
|
|
* existing hardware (Stumpy/Lumpy).
|
|
*/
|
|
#define VBSD_FLAGS_VERSION_1 0x00000007 /* Alex, ZGB */
|
|
#define VBSD_FLAGS_VERSION_2 0x00000F7F
|
|
|
|
/* Result codes for VbSharedDataHeader.check_fw_a_result (and b_result) */
|
|
#define VBSD_LF_CHECK_NOT_DONE 0
|
|
#define VBSD_LF_CHECK_DEV_MISMATCH 1
|
|
#define VBSD_LF_CHECK_REC_MISMATCH 2
|
|
#define VBSD_LF_CHECK_VERIFY_KEYBLOCK 3
|
|
#define VBSD_LF_CHECK_KEY_ROLLBACK 4
|
|
#define VBSD_LF_CHECK_DATA_KEY_PARSE 5
|
|
#define VBSD_LF_CHECK_VERIFY_PREAMBLE 6
|
|
#define VBSD_LF_CHECK_FW_ROLLBACK 7
|
|
#define VBSD_LF_CHECK_HEADER_VALID 8
|
|
#define VBSD_LF_CHECK_GET_FW_BODY 9
|
|
#define VBSD_LF_CHECK_HASH_WRONG_SIZE 10
|
|
#define VBSD_LF_CHECK_VERIFY_BODY 11
|
|
#define VBSD_LF_CHECK_VALID 12
|
|
/*
|
|
* Read-only normal path requested by firmware preamble, but unsupported by
|
|
* firmware.
|
|
*/
|
|
#define VBSD_LF_CHECK_NO_RO_NORMAL 13
|
|
|
|
/* Boot mode for VbSharedDataHeader.lk_boot_mode */
|
|
#define VBSD_LK_BOOT_MODE_RECOVERY 0
|
|
#define VBSD_LK_BOOT_MODE_NORMAL 1
|
|
#define VBSD_LK_BOOT_MODE_DEVELOPER 2
|
|
|
|
/* Flags for VbSharedDataKernelPart.flags */
|
|
#define VBSD_LKP_FLAG_KEY_BLOCK_VALID 0x01
|
|
|
|
/* Result codes for VbSharedDataKernelPart.check_result */
|
|
#define VBSD_LKP_CHECK_NOT_DONE 0
|
|
#define VBSD_LKP_CHECK_TOO_SMALL 1
|
|
#define VBSD_LKP_CHECK_READ_START 2
|
|
#define VBSD_LKP_CHECK_KEY_BLOCK_SIG 3
|
|
#define VBSD_LKP_CHECK_KEY_BLOCK_HASH 4
|
|
#define VBSD_LKP_CHECK_DEV_MISMATCH 5
|
|
#define VBSD_LKP_CHECK_REC_MISMATCH 6
|
|
#define VBSD_LKP_CHECK_KEY_ROLLBACK 7
|
|
#define VBSD_LKP_CHECK_DATA_KEY_PARSE 8
|
|
#define VBSD_LKP_CHECK_VERIFY_PREAMBLE 9
|
|
#define VBSD_LKP_CHECK_KERNEL_ROLLBACK 10
|
|
#define VBSD_LKP_CHECK_PREAMBLE_VALID 11
|
|
/*
|
|
* Body load address check is omitted; this result code is deprecated and not
|
|
* used anywhere in the codebase.
|
|
*/
|
|
#define VBSD_LKP_CHECK_BODY_ADDRESS 12
|
|
#define VBSD_LKP_CHECK_BODY_OFFSET 13
|
|
#define VBSD_LKP_CHECK_SELF_SIGNED 14
|
|
#define VBSD_LKP_CHECK_BODY_EXCEEDS_MEM 15
|
|
#define VBSD_LKP_CHECK_BODY_EXCEEDS_PART 16
|
|
#define VBSD_LKP_CHECK_READ_DATA 17
|
|
#define VBSD_LKP_CHECK_VERIFY_DATA 18
|
|
#define VBSD_LKP_CHECK_KERNEL_GOOD 19
|
|
|
|
/* Information about a single kernel partition check in LoadKernel() */
|
|
typedef struct VbSharedDataKernelPart {
|
|
uint64_t sector_start; /* Start sector of partition */
|
|
uint64_t sector_count; /* Sector count of partition */
|
|
uint32_t combined_version; /* Combined key+kernel version */
|
|
uint8_t gpt_index; /* Index of partition in GPT */
|
|
uint8_t check_result; /* Check result; see VBSD_LKP_CHECK_* */
|
|
uint8_t flags; /* Flags (see VBSD_LKP_FLAG_* */
|
|
uint8_t reserved0; /* Reserved for padding */
|
|
} VbSharedDataKernelPart;
|
|
|
|
/* Number of kernel partitions to track per call. Must be power of 2. */
|
|
#define VBSD_MAX_KERNEL_PARTS 8
|
|
|
|
/* Flags for VbSharedDataKernelCall.flags */
|
|
/* Error initializing TPM in recovery mode */
|
|
#define VBSD_LK_FLAG_REC_TPM_INIT_ERROR 0x00000001
|
|
|
|
/* Result codes for VbSharedDataKernelCall.check_result */
|
|
#define VBSD_LKC_CHECK_NOT_DONE 0
|
|
#define VBSD_LKC_CHECK_DEV_SWITCH_MISMATCH 1
|
|
#define VBSD_LKC_CHECK_GPT_READ_ERROR 2
|
|
#define VBSD_LKC_CHECK_GPT_PARSE_ERROR 3
|
|
#define VBSD_LKC_CHECK_GOOD_PARTITION 4
|
|
#define VBSD_LKC_CHECK_INVALID_PARTITIONS 5
|
|
#define VBSD_LKC_CHECK_NO_PARTITIONS 6
|
|
|
|
/* Information about a single call to LoadKernel() */
|
|
typedef struct VbSharedDataKernelCall {
|
|
/* Bottom 32 bits of flags passed in LoadKernelParams.boot_flags */
|
|
uint32_t boot_flags;
|
|
/* Debug flags; see VBSD_LK_FLAG_* */
|
|
uint32_t flags;
|
|
/* Number of sectors on drive */
|
|
uint64_t sector_count;
|
|
/* Sector size in bytes */
|
|
uint32_t sector_size;
|
|
/* Check result; see VBSD_LKC_CHECK_* */
|
|
uint8_t check_result;
|
|
/* Boot mode for LoadKernel(); see VBSD_LK_BOOT_MODE_* constants */
|
|
uint8_t boot_mode;
|
|
/* Test error number, if non-zero */
|
|
uint8_t test_error_num;
|
|
/* Return code from LoadKernel() */
|
|
uint8_t return_code;
|
|
/* Number of kernel partitions found */
|
|
uint8_t kernel_parts_found;
|
|
/* Reserved for padding */
|
|
uint8_t reserved0[7];
|
|
/* Data on kernels */
|
|
VbSharedDataKernelPart parts[VBSD_MAX_KERNEL_PARTS];
|
|
} VbSharedDataKernelCall;
|
|
|
|
/* Number of kernel calls to track. Must be power of 2. */
|
|
#define VBSD_MAX_KERNEL_CALLS 4
|
|
|
|
/*
|
|
* Data shared between LoadFirmware(), LoadKernel(), and OS.
|
|
*
|
|
* The boot process is:
|
|
* 1) Caller allocates buffer, at least VB_SHARED_DATA_MIN bytes, ideally
|
|
* VB_SHARED_DATA_REC_SIZE bytes.
|
|
* 2) If non-recovery boot, this is passed to LoadFirmware(), which
|
|
* initializes the buffer, adding this header and some data.
|
|
* 3) Buffer is passed to LoadKernel(). If this is a recovery boot,
|
|
* LoadKernel() initializes the buffer, adding this header. Regardless
|
|
* of boot type, LoadKernel() adds some data to the buffer.
|
|
* 4) Caller makes data available to the OS in a platform-dependent manner.
|
|
* For example, via ACPI or ATAGs.
|
|
*/
|
|
typedef struct VbSharedDataHeader {
|
|
/* Fields present in version 1 */
|
|
/* Magic number for struct (VB_SHARED_DATA_MAGIC) */
|
|
uint32_t magic;
|
|
/* Version of this structure */
|
|
uint32_t struct_version;
|
|
/* Size of this structure in bytes */
|
|
uint64_t struct_size;
|
|
/* Size of shared data buffer in bytes */
|
|
uint64_t data_size;
|
|
/* Amount of shared data used so far */
|
|
uint64_t data_used;
|
|
/* Flags */
|
|
uint32_t flags;
|
|
/* Reserved for padding */
|
|
uint32_t reserved0;
|
|
/* Kernel subkey, from firmware */
|
|
VbPublicKey kernel_subkey;
|
|
/* Offset of kernel subkey data from start of this struct */
|
|
uint64_t kernel_subkey_data_offset;
|
|
/* Size of kernel subkey data */
|
|
uint64_t kernel_subkey_data_size;
|
|
|
|
/*
|
|
* Timer values from VbExGetTimer(). Unused values are set to 0. Note
|
|
* that these are now the enter/exit times for the wrapper API entry
|
|
* points; see crosbug.com/17018. */
|
|
/* VbInit() enter/exit */
|
|
uint64_t timer_vb_init_enter;
|
|
uint64_t timer_vb_init_exit;
|
|
/* VbSelectFirmware() enter/exit */
|
|
uint64_t timer_vb_select_firmware_enter;
|
|
uint64_t timer_vb_select_firmware_exit;
|
|
/* VbSelectAndLoadKernel() enter/exit */
|
|
uint64_t timer_vb_select_and_load_kernel_enter;
|
|
uint64_t timer_vb_select_and_load_kernel_exit;
|
|
|
|
/* Information stored in TPM, as retrieved by firmware */
|
|
/* Current firmware version in TPM */
|
|
uint32_t fw_version_tpm;
|
|
/* Current kernel version in TPM */
|
|
uint32_t kernel_version_tpm;
|
|
|
|
/* Debugging information from LoadFirmware() */
|
|
/* Result of checking RW firmware A and B */
|
|
uint8_t check_fw_a_result;
|
|
uint8_t check_fw_b_result;
|
|
/* Firmware index returned by LoadFirmware() or 0xFF if failure */
|
|
uint8_t firmware_index;
|
|
/* Reserved for padding */
|
|
uint8_t reserved1;
|
|
/* Firmware TPM version at start of VbSelectFirmware() */
|
|
uint32_t fw_version_tpm_start;
|
|
/* Firmware lowest version found */
|
|
uint32_t fw_version_lowest;
|
|
|
|
/* Debugging information from LoadKernel() */
|
|
/* Number of times LoadKernel() called */
|
|
uint32_t lk_call_count;
|
|
/* Info on calls */
|
|
VbSharedDataKernelCall lk_calls[VBSD_MAX_KERNEL_CALLS];
|
|
|
|
/*
|
|
* Offset and size of supplemental kernel data. Reserve space for
|
|
* these fields now, so that future LoadKernel() versions can store
|
|
* information there without needing to shift down whatever data the
|
|
* original LoadFirmware() might have put immediately following its
|
|
* VbSharedDataHeader.
|
|
*/
|
|
uint64_t kernel_supplemental_offset;
|
|
uint64_t kernel_supplemental_size;
|
|
|
|
/*
|
|
* Fields added in version 2. Before accessing, make sure that
|
|
* struct_version >= 2
|
|
*/
|
|
/* Recovery reason for current boot */
|
|
uint8_t recovery_reason;
|
|
/* Reserved for padding */
|
|
uint8_t reserved2[7];
|
|
/* Flags from firmware keyblock */
|
|
uint64_t fw_keyblock_flags;
|
|
/* Kernel TPM version at start of VbSelectAndLoadKernel() */
|
|
uint32_t kernel_version_tpm_start;
|
|
/* Kernel lowest version found */
|
|
uint32_t kernel_version_lowest;
|
|
|
|
/*
|
|
* After read-only firmware which uses version 2 is released, any
|
|
* additional fields must be added below, and the struct version must
|
|
* be increased. Before reading/writing those fields, make sure that
|
|
* the struct being accessed is at least version 3.
|
|
*
|
|
* It's always ok for an older firmware to access a newer struct, since
|
|
* all the fields it knows about are present. Newer firmware needs to
|
|
* use reasonable defaults when accessing older structs.
|
|
*/
|
|
} __attribute__((packed)) VbSharedDataHeader;
|
|
|
|
/*
|
|
* Size of VbSharedDataheader for each version
|
|
*
|
|
* TODO: crossystem needs not to fail if called on a v1 system where
|
|
* sizeof(VbSharedDataHeader) was smaller
|
|
*/
|
|
#define VB_SHARED_DATA_HEADER_SIZE_V1 1072
|
|
#define VB_SHARED_DATA_HEADER_SIZE_V2 1096
|
|
|
|
#define VB_SHARED_DATA_VERSION 2 /* Version for struct_version */
|
|
|
|
#endif /* VBOOT_REFERENCE_VBOOT_STRUCT_H_ */
|