[J-u-boot.git] / boot / bootmeth_cros.h

/* SPDX-License-Identifier: GPL-2.0+ */
/*
 * Structures used by the ChromiumOS bootmeth
 *
 * See docs at:
 * https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot-data-structures/
 *
 * Original code at:
 * https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/refs/heads/main/firmware/2lib/include/2struct.h
 *
 * Code taken from vboot_reference commit 5b8596ce file 2struct.h
 *
 * Copyright 2023 Google LLC
 * Written by Simon Glass <[email protected]>
 */

#ifndef __BOOTMETH_CROS_H
#define __BOOTMETH_CROS_H

/* Signature data (a secure hash, possibly signed) */
struct vb2_signature {
	/* Offset of signature data from start of this struct */
	uint32_t sig_offset;
	uint32_t reserved0;

	/* Size of signature data in bytes */
	uint32_t sig_size;
	uint32_t reserved1;

	/* Size of the data block which was signed in bytes */
	uint32_t data_size;
	uint32_t reserved2;
} __attribute__((packed));

#define EXPECTED_VB2_SIGNATURE_SIZE 24

/* Packed public key data */
struct vb2_packed_key {
	/* Offset of key data from start of this struct */
	uint32_t key_offset;
	uint32_t reserved0;

	/* Size of key data in bytes (NOT strength of key in bits) */
	uint32_t key_size;
	uint32_t reserved1;

	/* Signature algorithm used by the key (enum vb2_crypto_algorithm) */
	uint32_t algorithm;
	uint32_t reserved2;

	/* Key version */
	uint32_t key_version;
	uint32_t reserved3;

	/* TODO: when redoing this struct, add a text description of the key */
} __attribute__((packed));

#define EXPECTED_VB2_PACKED_KEY_SIZE 32

#define VB2_KEYBLOCK_MAGIC "CHROMEOS"
#define VB2_KEYBLOCK_MAGIC_SIZE 8

/*
 * Keyblock, containing the public key used to sign some other chunk of data.
 *
 * This should be followed by:
 *   1) The data_key key data, pointed to by data_key.key_offset.
 *   2) The checksum data for (vb2_keyblock + data_key data), pointed to
 *      by keyblock_checksum.sig_offset.
 *   3) The signature data for (vb2_keyblock + data_key data), pointed to
 *      by keyblock_signature.sig_offset.
 */
struct vb2_keyblock {
	/* Magic number */
	uint8_t magic[VB2_KEYBLOCK_MAGIC_SIZE];

	/* Version of this header format */
	uint32_t header_version_major;
	uint32_t header_version_minor;

	/*
	 * Length of this entire keyblock, including keys, signatures, and
	 * padding, in bytes
	 */
	uint32_t keyblock_size;
	uint32_t reserved0;

	/*
	 * Signature for this keyblock (header + data pointed to by data_key)
	 * For use with signed data keys
	 */
	struct vb2_signature keyblock_signature;

	/*
	 * SHA-512 hash for this keyblock (header + data pointed to by
	 * data_key) For use with unsigned data keys.
	 *
	 * Only supported for kernel keyblocks, not firmware keyblocks.
	 */
	struct vb2_signature keyblock_hash;

	/* Flags for key (VB2_KEYBLOCK_FLAG_*) */
	uint32_t keyblock_flags;
	uint32_t reserved1;

	/* Key to verify the chunk of data */
	struct vb2_packed_key data_key;
} __attribute__((packed));

#define EXPECTED_VB2_KEYBLOCK_SIZE 112

/*
 * Preamble block for kernel, version 2.2
 *
 * This should be followed by:
 *   1) The signature data for the kernel body, pointed to by
 *      body_signature.sig_offset.
 *   2) The signature data for (vb2_kernel_preamble + body signature data),
 *       pointed to by preamble_signature.sig_offset.
 *   3) The 16-bit vmlinuz header, which is used for reconstruction of
 *      vmlinuz image.
 */
struct vb2_kernel_preamble {
	/*
	 * Size of this preamble, including keys, signatures, vmlinuz header,
	 * and padding, in bytes
	 */
	uint32_t preamble_size;
	uint32_t reserved0;

	/* Signature for this preamble (header + body signature) */
	struct vb2_signature preamble_signature;

	/* Version of this header format */
	uint32_t header_version_major;
	uint32_t header_version_minor;

	/* Kernel version */
	uint32_t kernel_version;
	uint32_t reserved1;

	/* Load address for kernel body */
	uint64_t body_load_address;
	/* TODO (vboot 2.1): we never used that */

	/* Address of bootloader, after body is loaded at body_load_address */
	uint64_t bootloader_address;
	/* TODO (vboot 2.1): should be a 32-bit offset */

	/* Size of bootloader in bytes */
	uint32_t bootloader_size;
	uint32_t reserved2;

	/* Signature for the kernel body */
	struct vb2_signature body_signature;

	/*
	 * TODO (vboot 2.1): fields for kernel offset and size.  Right now the
	 * size is implicitly the same as the size of data signed by the body
	 * signature, and the offset is implicitly at the end of the preamble.
	 * But that forces us to pad the preamble to 64KB rather than just
	 * having a tiny preamble and an offset field.
	 */

	/*
	 * Fields added in header version 2.1.  You must verify the header
	 * version before reading these fields!
	 */

	/*
	 * Address of 16-bit header for vmlinuz reassembly.  Readers should
	 * return 0 for header version < 2.1.
	 */
	uint64_t vmlinuz_header_address;

	/* Size of 16-bit header for vmlinuz in bytes.  Readers should return 0
	   for header version < 2.1 */
	uint32_t vmlinuz_header_size;
	uint32_t reserved3;

	/*
	 * Fields added in header version 2.2.  You must verify the header
	 * version before reading these fields!
	 */

	/*
	 * Flags; see VB2_KERNEL_PREAMBLE_*.  Readers should return 0 for
	 * header version < 2.2.  Flags field is currently defined as:
	 * [31:2] - Reserved (for future use)
	 * [1:0]  - Kernel image type (0b00 - CrOS,
	 *                             0b01 - bootimg,
	 *                             0b10 - multiboot)
	 */
	uint32_t flags;
} __attribute__((packed));

#endif /* __BOOTMETH_CROS_H */
Commit	Line	Data
de30aa9a SG	1	/* SPDX-License-Identifier: GPL-2.0+ */
	2	/*
	3	* Structures used by the ChromiumOS bootmeth
	4	*
	5	* See docs at:
	6	* https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot-data-structures/
	7	*
	8	* Original code at:
	9	* https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/refs/heads/main/firmware/2lib/include/2struct.h
	10	*
	11	* Code taken from vboot_reference commit 5b8596ce file 2struct.h
	12	*
	13	* Copyright 2023 Google LLC
	14	* Written by Simon Glass <[email protected]>
	15	*/
	16
	17	#ifndef __BOOTMETH_CROS_H
	18	#define __BOOTMETH_CROS_H
	19
	20	/* Signature data (a secure hash, possibly signed) */
	21	struct vb2_signature {
	22	/* Offset of signature data from start of this struct */
	23	uint32_t sig_offset;
	24	uint32_t reserved0;
	25
	26	/* Size of signature data in bytes */
	27	uint32_t sig_size;
	28	uint32_t reserved1;
	29
	30	/* Size of the data block which was signed in bytes */
	31	uint32_t data_size;
	32	uint32_t reserved2;
	33	} __attribute__((packed));
	34
	35	#define EXPECTED_VB2_SIGNATURE_SIZE 24
	36
	37	/* Packed public key data */
	38	struct vb2_packed_key {
	39	/* Offset of key data from start of this struct */
	40	uint32_t key_offset;
	41	uint32_t reserved0;
	42
	43	/* Size of key data in bytes (NOT strength of key in bits) */
	44	uint32_t key_size;
	45	uint32_t reserved1;
	46
	47	/* Signature algorithm used by the key (enum vb2_crypto_algorithm) */
	48	uint32_t algorithm;
	49	uint32_t reserved2;
	50
	51	/* Key version */
	52	uint32_t key_version;
	53	uint32_t reserved3;
	54
	55	/* TODO: when redoing this struct, add a text description of the key */
	56	} __attribute__((packed));
	57
	58	#define EXPECTED_VB2_PACKED_KEY_SIZE 32
	59
	60	#define VB2_KEYBLOCK_MAGIC "CHROMEOS"
	61	#define VB2_KEYBLOCK_MAGIC_SIZE 8
	62
	63	/*
	64	* Keyblock, containing the public key used to sign some other chunk of data.
65	*
66	* This should be followed by:
67	* 1) The data_key key data, pointed to by data_key.key_offset.
68	* 2) The checksum data for (vb2_keyblock + data_key data), pointed to
69	* by keyblock_checksum.sig_offset.
70	* 3) The signature data for (vb2_keyblock + data_key data), pointed to
71	* by keyblock_signature.sig_offset.
72	*/
73	struct vb2_keyblock {
74	/* Magic number */
75	uint8_t magic[VB2_KEYBLOCK_MAGIC_SIZE];
76
77	/* Version of this header format */
78	uint32_t header_version_major;
79	uint32_t header_version_minor;
80
81	/*
82	* Length of this entire keyblock, including keys, signatures, and
83	* padding, in bytes
84	*/
85	uint32_t keyblock_size;
86	uint32_t reserved0;
87
88	/*
89	* Signature for this keyblock (header + data pointed to by data_key)
90	* For use with signed data keys
91	*/
92	struct vb2_signature keyblock_signature;
93
94	/*
95	* SHA-512 hash for this keyblock (header + data pointed to by
96	* data_key) For use with unsigned data keys.
97	*
98	* Only supported for kernel keyblocks, not firmware keyblocks.
99	*/
100	struct vb2_signature keyblock_hash;
101
102	/* Flags for key (VB2_KEYBLOCK_FLAG_) /
103	uint32_t keyblock_flags;
104	uint32_t reserved1;
105
106	/* Key to verify the chunk of data */
107	struct vb2_packed_key data_key;
108	} __attribute__((packed));
109
110	#define EXPECTED_VB2_KEYBLOCK_SIZE 112
111
112	/*
113	* Preamble block for kernel, version 2.2
114	*
115	* This should be followed by:
116	* 1) The signature data for the kernel body, pointed to by
117	* body_signature.sig_offset.
118	* 2) The signature data for (vb2_kernel_preamble + body signature data),
119	* pointed to by preamble_signature.sig_offset.
120	* 3) The 16-bit vmlinuz header, which is used for reconstruction of
121	* vmlinuz image.
122	*/
123	struct vb2_kernel_preamble {
124	/*
125	* Size of this preamble, including keys, signatures, vmlinuz header,
126	* and padding, in bytes
127	*/
128	uint32_t preamble_size;
129	uint32_t reserved0;
130
131	/* Signature for this preamble (header + body signature) */
132	struct vb2_signature preamble_signature;
133
134	/* Version of this header format */
135	uint32_t header_version_major;
136	uint32_t header_version_minor;
137
138	/* Kernel version */
139	uint32_t kernel_version;
140	uint32_t reserved1;
141
142	/* Load address for kernel body */
143	uint64_t body_load_address;
144	/* TODO (vboot 2.1): we never used that */
145
146	/* Address of bootloader, after body is loaded at body_load_address */
147	uint64_t bootloader_address;
148	/* TODO (vboot 2.1): should be a 32-bit offset */
149
150	/* Size of bootloader in bytes */
151	uint32_t bootloader_size;
152	uint32_t reserved2;
153
154	/* Signature for the kernel body */
155	struct vb2_signature body_signature;
156
157	/*
158	* TODO (vboot 2.1): fields for kernel offset and size. Right now the
159	* size is implicitly the same as the size of data signed by the body
160	* signature, and the offset is implicitly at the end of the preamble.
161	* But that forces us to pad the preamble to 64KB rather than just
162	* having a tiny preamble and an offset field.
163	*/
164
165	/*
166	* Fields added in header version 2.1. You must verify the header
167	* version before reading these fields!
168	*/
169
170	/*
171	* Address of 16-bit header for vmlinuz reassembly. Readers should
172	* return 0 for header version < 2.1.
173	*/
174	uint64_t vmlinuz_header_address;
175
176	/* Size of 16-bit header for vmlinuz in bytes. Readers should return 0
177	for header version < 2.1 */
178	uint32_t vmlinuz_header_size;
179	uint32_t reserved3;
180
181	/*
182	* Fields added in header version 2.2. You must verify the header
183	* version before reading these fields!
184	*/
185
186	/*
187	* Flags; see VB2_KERNEL_PREAMBLE_*. Readers should return 0 for
188	* header version < 2.2. Flags field is currently defined as:
189	* [31:2] - Reserved (for future use)
190	* [1:0] - Kernel image type (0b00 - CrOS,
191	* 0b01 - bootimg,
192	* 0b10 - multiboot)
193	*/
194	uint32_t flags;
195	} __attribute__((packed));
196
197	#endif /* __BOOTMETH_CROS_H */