seokj
/
vboot


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195
							/* Copyright 2016 The Chromium OS Authors. All rights reserved.
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file.
 */

#ifndef VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H
#define VBOOT_REFERENCE_FIRMWARE_BDB_BDB_API_H

#include <stdint.h>
#include "vboot_register.h"
#include "nvm.h"
#include "secrets.h"
#include "bdb_flag.h"

struct vba_context {
	/* Indicate which slot is being tried: 0 - primary, 1 - secondary */
	uint8_t slot;

	/* Defined by VBA_CONTEXT_FLAG_* in bdb_flag.h */
	uint32_t flags;

	/* BDB */
	uint8_t *bdb;

	/* Secrets */
	struct bdb_secrets *secrets;

	/* NVM-RW buffer */
	struct nvmrw nvmrw;
};

/**
 * Initialize vboot process
 *
 * @param ctx
 * @return	enum bdb_return_code
 */
int vba_bdb_init(struct vba_context *ctx);

/**
 * Finalize vboot process
 *
 * @param ctx
 * @return	enum bdb_return_code
 */
int vba_bdb_finalize(struct vba_context *ctx);

/**
 * Log failed boot attempt and reset the chip
 *
 * @param ctx
 */
void vba_bdb_fail(struct vba_context *ctx);

/**
 * Update kernel and its data key version in NVM
 *
 * This is the function called from SP-RW, which receives a kernel version
 * from an AP-RW after successful verification of a kernel.
 *
 * It checks whether the version in NVM-RW is older than the reported version
 * or not. If so, it updates the version in NVM-RW.
 *
 * @param ctx
 * @param kernel_data_key_version
 * @param kernel_version
 * @return BDB_SUCCESS or BDB_ERROR_*
 */
int vba_update_kernel_version(struct vba_context *ctx,
			      uint32_t kernel_data_key_version,
			      uint32_t kernel_version);

/**
 * Write new boot unlock code to NVM-RW
 *
 * @param ctx
 * @param new_buc	New BUC to be written
 * @return		BDB_SUCCESS or BDB_ERROR_*
 */
int vba_update_buc(struct vba_context *ctx, uint8_t *new_buc);

/**
 * Derive a secret
 *
 * This derives a new secret from a secret passed from SP-RO.
 *
 * @param ctx
 * @param type		Type of secret to derive
 * @param buf		Buffer containing data to derive secret from
 * @param buf_size	Size of <buf>
 * @return		BDB_SUCCESS or BDB_ERROR_*
 */
int vba_derive_secret(struct vba_context *ctx, enum bdb_secret_type type,
		      uint8_t *wsr, const uint8_t *buf, uint32_t buf_size);

/**
 * Clear a secret
 *
 * @param ctx
 * @param type		Type of secret to clear
 * @return		BDB_SUCCESS or BDB_ERROR_*
 */
int vba_clear_secret(struct vba_context *ctx, enum bdb_secret_type type);

/**
 * Extend secrets for SP-RO
 *
 * @param ctx		struct vba_context
 * @param bdb		BDB
 * @param wsr		Pointer to working secret register contents
 * @param extend	Function to be called for extending a secret
 * @return		BDB_SUCCESS or BDB_ERROR_*
 */
typedef void (*f_extend)(const uint8_t *from, const uint8_t *by, uint8_t *to);
int vba_extend_secrets_ro(struct vba_context *ctx, const uint8_t *bdb,
			  uint8_t *wsr, f_extend extend);

/**
 * Get vboot register value
 *
 * Implemented by each chip
 *
 * @param type	Type of register to get
 * @return	Register value
 */
uint32_t vbe_get_vboot_register(enum vboot_register type);

/**
 * Set vboot register value
 *
 * Implemented by each chip
 *
 * @param type	Type of register to set
 * @param val	Value to set
 */
void vbe_set_vboot_register(enum vboot_register type, uint32_t val);

/**
 * Reset the SoC
 *
 * Implemented by each chip. This is different from reboot (a.k.a. board reset,
 * cold reset).
 */
void vbe_reset(void);

/**
 * Read contents from Non-Volatile Memory
 *
 * Implemented by each chip.
 *
 * @param type	Type of NVM
 * @param buf	Buffer where the data will be read to
 * @param size	Size of data to read
 * @return	Zero if success or non-zero otherwise
 */
int vbe_read_nvm(enum nvm_type type, uint8_t *buf, uint32_t size);

/**
 * Write contents to Non-Volatile Memory
 *
 * Implemented by each chip.
 *
 * @param type	Type of NVM
 * @param buf	Buffer where the data will be written from
 * @param size	Size of data to write
 * @return	Zero if success or non-zero otherwise
 */
int vbe_write_nvm(enum nvm_type type, void *buf, uint32_t size);

/**
 * Encrypt data by AES-256
 *
 * @param msg	Message to be encrypted
 * @param len	Length of <msg> in bytes
 * @param key	Key used for encryption
 * @param out	Buffer where encrypted message is stored
 * @return	BDB_SUCCESS or BDB_ERROR_*
 */
int vbe_aes256_encrypt(const uint8_t *msg, uint32_t len, const uint8_t *key,
		       uint8_t *out);

/**
 * Decrypt data by AES-256
 *
 * @param msg	Message to be decrypted
 * @param len	Length of <msg> in bytes
 * @param key	Key used for decryption
 * @param out	Buffer where decrypted message is stored
 * @return	BDB_SUCCESS or BDB_ERROR_*
 */
int vbe_aes256_decrypt(const uint8_t *msg, uint32_t len, const uint8_t *key,
		       uint8_t *out);

#endif