2lib/include/2api.h

*8617a60dSAndroid Build Coastguard Worker/* Copyright 2013 The ChromiumOS Authors
*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be
*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * APIs between calling firmware and vboot_reference
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * General notes:
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * TODO: split this file into a vboot_entry_points.h file which contains the
*8617a60dSAndroid Build Coastguard Worker * entry points for the firmware to call vboot_reference, and a
*8617a60dSAndroid Build Coastguard Worker * vboot_firmware_exports.h which contains the APIs to be implemented by the
*8617a60dSAndroid Build Coastguard Worker * calling firmware and exported to vboot_reference.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Notes:
*8617a60dSAndroid Build Coastguard Worker *    * Assumes this code is never called in the S3 resume path.  TPM resume
*8617a60dSAndroid Build Coastguard Worker *      must be done elsewhere, and VB2_NV_DEBUG_RESET_MODE is ignored.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker#ifndef VBOOT_REFERENCE_2API_H_
*8617a60dSAndroid Build Coastguard Worker#define VBOOT_REFERENCE_2API_H_
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker#include "2constants.h"
*8617a60dSAndroid Build Coastguard Worker#include "2context.h"
*8617a60dSAndroid Build Coastguard Worker#include "2crypto.h"
*8617a60dSAndroid Build Coastguard Worker#include "2fw_hash_tags.h"
*8617a60dSAndroid Build Coastguard Worker#include "2gbb_flags.h"
*8617a60dSAndroid Build Coastguard Worker#include "2hmac.h"
*8617a60dSAndroid Build Coastguard Worker#include "2id.h"
*8617a60dSAndroid Build Coastguard Worker#include "2info.h"
*8617a60dSAndroid Build Coastguard Worker#include "2recovery_reasons.h"
*8617a60dSAndroid Build Coastguard Worker#include "2return_codes.h"
*8617a60dSAndroid Build Coastguard Worker#include "2rsa.h"
*8617a60dSAndroid Build Coastguard Worker#include "2secdata_struct.h"
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker#define _VB2_TRY_IMPL(expr, ctx, recovery_reason, ...) do { \
*8617a60dSAndroid Build Coastguard Worker	vb2_error_t _vb2_try_rv = (expr); \
*8617a60dSAndroid Build Coastguard Worker	struct vb2_context *_vb2_try_ctx = (ctx); \
*8617a60dSAndroid Build Coastguard Worker	uint8_t _vb2_try_reason = (recovery_reason); \
*8617a60dSAndroid Build Coastguard Worker	if (_vb2_try_rv != VB2_SUCCESS) { \
*8617a60dSAndroid Build Coastguard Worker		vb2ex_printf(__func__, \
*8617a60dSAndroid Build Coastguard Worker			     "%s returned %#x\n", #expr, _vb2_try_rv); \
*8617a60dSAndroid Build Coastguard Worker		if (_vb2_try_rv >= VB2_REQUEST_END && \
*8617a60dSAndroid Build Coastguard Worker		    (_vb2_try_ctx) && \
*8617a60dSAndroid Build Coastguard Worker		    (_vb2_try_reason) != VB2_RECOVERY_NOT_REQUESTED) \
*8617a60dSAndroid Build Coastguard Worker			vb2api_fail(_vb2_try_ctx, _vb2_try_reason, \
*8617a60dSAndroid Build Coastguard Worker				    _vb2_try_rv); \
*8617a60dSAndroid Build Coastguard Worker		return _vb2_try_rv; \
*8617a60dSAndroid Build Coastguard Worker	} \
*8617a60dSAndroid Build Coastguard Worker} while (0)
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*
*8617a60dSAndroid Build Coastguard Worker * Evaluate an expression and return *from the caller* on failure or if an
*8617a60dSAndroid Build Coastguard Worker * action (such as reboot) is requested.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This macro supports two forms of usage:
*8617a60dSAndroid Build Coastguard Worker * 1. VB2_TRY(expr)
*8617a60dSAndroid Build Coastguard Worker * 2. VB2_TRY(expr, ctx, recovery_reason)
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * When the second form is used, vb2api_fail() will be called on failure before
*8617a60dSAndroid Build Coastguard Worker * return. Note that nvdata only holds one byte for recovery subcode, so any
*8617a60dSAndroid Build Coastguard Worker * other more significant bytes will be truncated.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param expr			An expression (such as a function call) of type
*8617a60dSAndroid Build Coastguard Worker *				vb2_error_t.
*8617a60dSAndroid Build Coastguard Worker * @param ctx			Vboot context.
*8617a60dSAndroid Build Coastguard Worker * @param recovery_reason	Recovery reason passed to vb2api_fail().
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Worker#define VB2_TRY(expr, ...) _VB2_TRY_IMPL(expr, ##__VA_ARGS__, NULL, 0)
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Check if the return value is an error.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param rv	The return value.
*8617a60dSAndroid Build Coastguard Worker * @return True if the value is an error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerstatic inline int vb2_is_error(vb2_error_t rv)
*8617a60dSAndroid Build Coastguard Worker{
*8617a60dSAndroid Build Coastguard Worker	return rv >= VB2_ERROR_BASE && rv <= VB2_ERROR_MAX;
*8617a60dSAndroid Build Coastguard Worker}
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/* Resource index for vb2ex_read_resource() */
*8617a60dSAndroid Build Coastguard Workerenum vb2_resource_index {
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker	/* Google binary block */
*8617a60dSAndroid Build Coastguard Worker	VB2_RES_GBB,
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker	/*
*8617a60dSAndroid Build Coastguard Worker	 * Firmware verified boot block (keyblock+preamble).  Use
*8617a60dSAndroid Build Coastguard Worker	 * VB2_CONTEXT_FW_SLOT_B to determine whether this refers to slot A or
*8617a60dSAndroid Build Coastguard Worker	 * slot B; vboot will set that flag to the proper state before reading
*8617a60dSAndroid Build Coastguard Worker	 * the vblock.
*8617a60dSAndroid Build Coastguard Worker	 */
*8617a60dSAndroid Build Coastguard Worker	VB2_RES_FW_VBLOCK,
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker	/*
*8617a60dSAndroid Build Coastguard Worker	 * Kernel verified boot block (keyblock+preamble) for the current
*8617a60dSAndroid Build Coastguard Worker	 * kernel partition.  Used only by vb2api_kernel_load_vblock().
*8617a60dSAndroid Build Coastguard Worker	 * Contents are allowed to change between calls to that function (to
*8617a60dSAndroid Build Coastguard Worker	 * allow multiple kernels to be examined).
*8617a60dSAndroid Build Coastguard Worker	 */
*8617a60dSAndroid Build Coastguard Worker	VB2_RES_KERNEL_VBLOCK,
*8617a60dSAndroid Build Coastguard Worker};
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/* Digest ID for vbapi_get_pcr_digest() */
*8617a60dSAndroid Build Coastguard Workerenum vb2_pcr_digest {
*8617a60dSAndroid Build Coastguard Worker	/* Digest based on current developer and recovery mode flags */
*8617a60dSAndroid Build Coastguard Worker	BOOT_MODE_PCR,
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker	/* SHA-256 hash digest of HWID, from GBB */
*8617a60dSAndroid Build Coastguard Worker	HWID_DIGEST_PCR,
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker	/* The firmware version values. */
*8617a60dSAndroid Build Coastguard Worker	FIRMWARE_VERSION_PCR,
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker	/* The kernel version values. */
*8617a60dSAndroid Build Coastguard Worker	KERNEL_VERSION_PCR,
*8617a60dSAndroid Build Coastguard Worker};
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/******************************************************************************
*8617a60dSAndroid Build Coastguard Worker * APIs provided by verified boot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * At a high level, call functions in the order described below.  After each
*8617a60dSAndroid Build Coastguard Worker * call, examine vb2_context.flags to determine whether nvdata or secdata
*8617a60dSAndroid Build Coastguard Worker * needs to be written.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * If you need to cause the boot process to fail at any point, call
*8617a60dSAndroid Build Coastguard Worker * vb2api_fail().  Then check vb2_context.flags to see what data needs to be
*8617a60dSAndroid Build Coastguard Worker * written.  Then reboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Load nvdata from wherever you keep it.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Load secdata_firmware from wherever you keep it.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *      	If it wasn't there at all (for example, this is the first boot
*8617a60dSAndroid Build Coastguard Worker *		of a new system in the factory), call
*8617a60dSAndroid Build Coastguard Worker *		vb2api_secdata_firmware_create() to initialize the data.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *		If access to your storage is unreliable (reads/writes may
*8617a60dSAndroid Build Coastguard Worker *		contain corrupt data), you may call
*8617a60dSAndroid Build Coastguard Worker *		vb2api_secdata_firmware_check() to determine if the data was
*8617a60dSAndroid Build Coastguard Worker *		valid, and retry reading if it wasn't.  (In that case, you
*8617a60dSAndroid Build Coastguard Worker *		should also read back and check the data after any time you
*8617a60dSAndroid Build Coastguard Worker *		write it, to make sure it was written correctly.)
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Call vb2api_fw_phase1().  At present, this nominally decides whether
*8617a60dSAndroid Build Coastguard Worker *	recovery mode is needed this boot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Call vb2api_fw_phase2().  At present, this nominally decides which
*8617a60dSAndroid Build Coastguard Worker *	firmware slot will be attempted (A or B).
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Call vb2api_fw_phase3().  At present, this nominally verifies the
*8617a60dSAndroid Build Coastguard Worker *	firmware keyblock and preamble.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Lock down wherever you keep secdata_firmware.  It should no longer be
*8617a60dSAndroid Build Coastguard Worker *	writable this boot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Verify the hash of each section of code/data you need to boot the RW
*8617a60dSAndroid Build Coastguard Worker *	firmware.  For each section:
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	1) Normal verification:
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *		Call vb2api_init_hash() to see if the hash exists.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *		Load the data for the section.  Call vb2api_extend_hash() on the
*8617a60dSAndroid Build Coastguard Worker *		data as you load it.  You can load it all at once and make one
*8617a60dSAndroid Build Coastguard Worker *		call, or load and hash-extend a block at a time.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *		Call vb2api_check_hash() to see if the hash is valid.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *			If it is valid, you may use the data and/or execute
*8617a60dSAndroid Build Coastguard Worker *			code from that section.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *			If the hash was invalid, you must reboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	2) Verification with CBFS integration:
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *		Call vb2api_get_metadata_hash() to get hash of CBFS metadata.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *		Initialize CBFS using stored hash as correct metadata hash.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *			If CBFS initialization fails because of metadata hash
*8617a60dSAndroid Build Coastguard Worker *			mismatch, you must reboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *			If CBFS initialization succeeds, you may use the data
*8617a60dSAndroid Build Coastguard Worker *			and/or execute code from that section.
*8617a60dSAndroid Build Coastguard Worker *			IMPORTANT: Be aware, that to have full section
*8617a60dSAndroid Build Coastguard Worker *			verification, the CBFS_VERIFICATION has to be enabled.
*8617a60dSAndroid Build Coastguard Worker *			Initialization of CBFS volume only checks hash of files
*8617a60dSAndroid Build Coastguard Worker *			metadata, not their contents!
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * At this point, firmware verification is done, and vb2_context contains the
*8617a60dSAndroid Build Coastguard Worker * kernel key needed to verify the kernel.  That context should be preserved
*8617a60dSAndroid Build Coastguard Worker * and passed on to kernel selection.  The kernel selection process may be
*8617a60dSAndroid Build Coastguard Worker * done by the same firmware image, or may be done by the RW firmware.  The
*8617a60dSAndroid Build Coastguard Worker * recommended order is:
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Load secdata_kernel from wherever you keep it.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *      	If it wasn't there at all (for example, this is the first boot
*8617a60dSAndroid Build Coastguard Worker *		of a new system in the factory), call
*8617a60dSAndroid Build Coastguard Worker *		vb2api_secdata_kernel_create() to initialize the data.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *		If access to your storage is unreliable (reads/writes may
*8617a60dSAndroid Build Coastguard Worker *		contain corrupt data), you may call
*8617a60dSAndroid Build Coastguard Worker *		vb2api_secdata_kernel_check() to determine if the data was
*8617a60dSAndroid Build Coastguard Worker *		valid, and retry reading if it wasn't.  (In that case, you
*8617a60dSAndroid Build Coastguard Worker *		should also read back and check the data after any time you
*8617a60dSAndroid Build Coastguard Worker*		write it, to make sure it was written correctly.)
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Call vb2api_kernel_phase1().  At present, this decides which key to
*8617a60dSAndroid Build Coastguard Worker *	use to verify kernel data - the recovery key from the GBB, or the
*8617a60dSAndroid Build Coastguard Worker *	kernel subkey from the firmware verification stage.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Call vb2api_kernel_phase2().  Do EC and auxfw software sync, clear
*8617a60dSAndroid Build Coastguard Worker *	recovery and commit nvdata if needed.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Find a boot device (you're on your own here).
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Call vb2api_load_kernel_vblock() for each kernel partition on the
*8617a60dSAndroid Build Coastguard Worker *	boot device, until one succeeds.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	When that succeeds, call vb2api_get_kernel_size() to determine where
*8617a60dSAndroid Build Coastguard Worker *	the kernel is located in the stream and how big it is.  Load or map
*8617a60dSAndroid Build Coastguard Worker *	the kernel.  (Again, you're on your own.  This is the responsibility of
*8617a60dSAndroid Build Coastguard Worker *	the caller so that the caller can choose whether to allocate a buffer,
*8617a60dSAndroid Build Coastguard Worker *	load the kernel data into a predefined area of RAM, or directly map a
*8617a60dSAndroid Build Coastguard Worker *	kernel file into the address space.  Note that technically it doesn't
*8617a60dSAndroid Build Coastguard Worker *	matter whether the kernel data is even in the same file or stream as
*8617a60dSAndroid Build Coastguard Worker *	the vblock, as long as the caller loads the right data.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Call vb2api_verify_kernel_data() on the kernel data.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	If you ran out of kernels before finding a good one, call vb2api_fail()
*8617a60dSAndroid Build Coastguard Worker *	with an appropriate recovery reason.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Set the VB2_CONTEXT_ALLOW_KERNEL_ROLL_FORWARD flag if the current
*8617a60dSAndroid Build Coastguard Worker *	kernel partition has the successful flag (that is, it's already known
*8617a60dSAndroid Build Coastguard Worker *	or assumed to be a functional kernel partition).
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Call vb2api_kernel_phase3().  This cleans up from kernel verification
*8617a60dSAndroid Build Coastguard Worker *	and updates the secure data if needed.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *	Lock down wherever you keep secdata_kernel.  It should no longer be
*8617a60dSAndroid Build Coastguard Worker *	writable this boot.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Initialize verified boot data structures.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Needs to be called once per boot, before using any API functions that
*8617a60dSAndroid Build Coastguard Worker * accept a vb2_context object.  Sets up the vboot work buffer, as well as
*8617a60dSAndroid Build Coastguard Worker * vb2_shared_data and vb2_context.  A pointer to the context object is
*8617a60dSAndroid Build Coastguard Worker * written to ctxptr.  After transitioning between different firmware
*8617a60dSAndroid Build Coastguard Worker * applications, or any time the context pointer is lost, vb2api_reinit()
*8617a60dSAndroid Build Coastguard Worker * should be used to restore access to the context and data on the workbuf.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * If the workbuf needs to be relocated, call vb2api_relocate() instead
*8617a60dSAndroid Build Coastguard Worker * of copying memory manually.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param workbuf	Workbuf memory location to initialize
*8617a60dSAndroid Build Coastguard Worker * @param size		Size of workbuf being initialized
*8617a60dSAndroid Build Coastguard Worker * @param ctxptr	Pointer to a context pointer to be filled in
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_init(void *workbuf, uint32_t size,
*8617a60dSAndroid Build Coastguard Worker			struct vb2_context **ctxptr);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Reinitialize vboot data structures.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * After transitioning between different firmware applications, or any time the
*8617a60dSAndroid Build Coastguard Worker * context pointer is lost, this function should be called to restore access to
*8617a60dSAndroid Build Coastguard Worker * the workbuf.  A pointer to the context object is written to ctxptr.  Returns
*8617a60dSAndroid Build Coastguard Worker * an error if the vboot work buffer is inconsistent.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * If the workbuf needs to be relocated, call vb2api_relocate() instead
*8617a60dSAndroid Build Coastguard Worker * of copying memory manually.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param workbuf	Workbuf memory location to check
*8617a60dSAndroid Build Coastguard Worker * @param ctxptr	Pointer to a context pointer to be filled in
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_reinit(void *workbuf, struct vb2_context **ctxptr);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Relocate vboot data structures.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Move the vboot work buffer from one memory location to another, and expand
*8617a60dSAndroid Build Coastguard Worker * or contract the workbuf to fit.  The target memory location may be the same
*8617a60dSAndroid Build Coastguard Worker * as the original (used for a "resize" operation), and it is safe to call this
*8617a60dSAndroid Build Coastguard Worker * function with overlapping memory regions.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * A pointer to the context object is written to ctxptr.  Returns an error if
*8617a60dSAndroid Build Coastguard Worker * the vboot work buffer is inconsistent, or if the new memory space is too
*8617a60dSAndroid Build Coastguard Worker * small to contain the work buffer.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param new_workbuf	Target workbuf memory location
*8617a60dSAndroid Build Coastguard Worker * @param cur_workbuf	Original workbuf memory location to relocate
*8617a60dSAndroid Build Coastguard Worker * @param size		Target size of relocated workbuf
*8617a60dSAndroid Build Coastguard Worker * @param ctxptr	Pointer to a context pointer to be filled in
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_relocate(void *new_workbuf, const void *cur_workbuf,
*8617a60dSAndroid Build Coastguard Worker			    uint32_t size, struct vb2_context **ctxptr);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Export "VBSD" vboot1 data structure.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Copy relevant fields from vboot2 data structures to VbSharedDataHeader
*8617a60dSAndroid Build Coastguard Worker * format.  Takes a pointer to the memory space to be filled in.  Expects
*8617a60dSAndroid Build Coastguard Worker * the memory available to be of size VB2_VBSD_SIZE.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Context pointer
*8617a60dSAndroid Build Coastguard Worker * @param dest		Target memory to store VbSharedDataHeader
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervoid vb2api_export_vbsd(struct vb2_context *ctx, void *dest);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Check the validity of firmware secure storage context.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Checks version and CRC.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Context pointer
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code if error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_secdata_firmware_check(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Create fresh data in firmware secure storage context.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Use this only when initializing the secure storage context on a new machine
*8617a60dSAndroid Build Coastguard Worker * the first time it boots.  Do NOT simply use this if
*8617a60dSAndroid Build Coastguard Worker * vb2api_secdata_firmware_check() (or any other API in this library) fails;
*8617a60dSAndroid Build Coastguard Worker * that could allow the secure data to be rolled back to an insecure state.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Context pointer
*8617a60dSAndroid Build Coastguard Worker * @return size of created firmware secure storage data in bytes
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workeruint32_t vb2api_secdata_firmware_create(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Check the validity of kernel secure storage context (ctx->secdata_kernel).
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Checks version, UID, and CRC.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Context pointer
*8617a60dSAndroid Build Coastguard Worker * @param size		(IN) Size of data to be checked
*8617a60dSAndroid Build Coastguard Worker * 			(OUT) Expected size of data
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code if error. If data is missing,
*8617a60dSAndroid Build Coastguard Worker * 	   it returns VB2_ERROR_SECDATA_KERNEL_INCOMPLETE and informs the caller
*8617a60dSAndroid Build Coastguard Worker * 	   of the expected size.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_secdata_kernel_check(struct vb2_context *ctx, uint8_t *size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Create fresh data in kernel secure storage context.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Use this only when initializing the secure storage context on a new machine
*8617a60dSAndroid Build Coastguard Worker * the first time it boots.  Do NOT simply use this if
*8617a60dSAndroid Build Coastguard Worker * vb2api_secdata_kernel_check() (or any other API in this library) fails; that
*8617a60dSAndroid Build Coastguard Worker * could allow the secure data to be rolled back to an insecure state.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * vb2api_secdata_kernel_create always creates secdata kernel using the latest
*8617a60dSAndroid Build Coastguard Worker * revision.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Context pointer
*8617a60dSAndroid Build Coastguard Worker * @return size of created kernel secure storage data in bytes
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workeruint32_t vb2api_secdata_kernel_create(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Workeruint32_t vb2api_secdata_kernel_create_v0(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Create an empty Firmware Management Parameters (FWMP) in secure storage
*8617a60dSAndroid Build Coastguard Worker * context.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Context pointer
*8617a60dSAndroid Build Coastguard Worker * @return size of created FWMP secure storage data in bytes
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workeruint32_t vb2api_secdata_fwmp_create(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Check the validity of firmware management parameters (FWMP) space.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Checks size, version, and CRC.  If the struct size is larger than the size
*8617a60dSAndroid Build Coastguard Worker * passed in, the size pointer is set to the expected full size of the struct,
*8617a60dSAndroid Build Coastguard Worker * and VB2_ERROR_SECDATA_FWMP_INCOMPLETE is returned.  The caller should
*8617a60dSAndroid Build Coastguard Worker * re-read the returned number of bytes, and call this function again.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Context pointer
*8617a60dSAndroid Build Coastguard Worker * @param size		Amount of struct which has been read
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code if error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_secdata_fwmp_check(struct vb2_context *ctx, uint8_t *size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Report firmware failure to vboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * If the failure occurred after choosing a firmware slot, and the other
*8617a60dSAndroid Build Coastguard Worker * firmware slot is not known-bad, try the other firmware slot after reboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * If the failure occurred before choosing a firmware slot, or both slots have
*8617a60dSAndroid Build Coastguard Worker * failed in successive boots, request recovery.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This may be called before vb2api_phase1() to indicate errors in the boot
*8617a60dSAndroid Build Coastguard Worker * process prior to the start of vboot.  On return, the calling firmware should
*8617a60dSAndroid Build Coastguard Worker * check for updates to secdata and/or nvdata, then reboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param reason	Recovery reason
*8617a60dSAndroid Build Coastguard Worker * @param subcode	Recovery subcode
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervoid vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Report firmware failure from previous boot to vboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This function can only be called before vb2api_fw_phase1 (nvdata is
*8617a60dSAndroid Build Coastguard Worker * initialized). Otherwise an assert is raised. This function is required to be
*8617a60dSAndroid Build Coastguard Worker * called in the following environment:
*8617a60dSAndroid Build Coastguard Worker * - Context has to be initialized using vb2api_init
*8617a60dSAndroid Build Coastguard Worker * - NV data has to be read into context
*8617a60dSAndroid Build Coastguard Worker * - Secdata may or may not have been read
*8617a60dSAndroid Build Coastguard Worker * - vb2api_fw_phase1 must not have been called.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * If the other slot is not known bad then try the other firmware slot.
*8617a60dSAndroid Build Coastguard Worker * If both the slots are known bad, then request recovery.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param reason	Recovery reason
*8617a60dSAndroid Build Coastguard Worker * @param subcode	Recovery subcode
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervoid vb2api_previous_boot_fail(struct vb2_context *ctx,
*8617a60dSAndroid Build Coastguard Worker			       uint8_t reason, uint8_t subcode);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Entry point for setting up a context that can only load and verify a kernel.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * The only allowed usage is to call vb2api_init, then this entry point,
*8617a60dSAndroid Build Coastguard Worker * then vb2api_load_kernel.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx				Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param kernel_packed_key_data	Packed public key for kernel
*8617a60dSAndroid Build Coastguard Worker *					verification
*8617a60dSAndroid Build Coastguard Worker * @param kernel_packed_key_data_size	Size in bytes of kernel_packed_key_data
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_inject_kernel_subkey(struct vb2_context *ctx,
*8617a60dSAndroid Build Coastguard Worker					const uint8_t *kernel_packed_key_data,
*8617a60dSAndroid Build Coastguard Worker					uint32_t kernel_packed_key_data_size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Firmware selection, phase 1.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * If the returned error is VB2_ERROR_API_PHASE1_RECOVERY, the calling firmware
*8617a60dSAndroid Build Coastguard Worker * should jump directly to recovery-mode firmware without rebooting.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * For other errors, the calling firmware should check for updates to secdata
*8617a60dSAndroid Build Coastguard Worker * and/or nvdata, then reboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_fw_phase1(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Firmware selection, phase 2.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * On error, the calling firmware should check for updates to secdata and/or
*8617a60dSAndroid Build Coastguard Worker * nvdata, then reboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_fw_phase2(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Firmware selection, phase 3.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * On error, the calling firmware should check for updates to secdata and/or
*8617a60dSAndroid Build Coastguard Worker * nvdata, then reboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * On success, the calling firmware should lock down secdata before continuing
*8617a60dSAndroid Build Coastguard Worker * with the boot process.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_fw_phase3(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Initialize hashing data for the specified tag.
*8617a60dSAndroid Build Coastguard Worker * This function is not legal when running from a coreboot image that has
*8617a60dSAndroid Build Coastguard Worker * CONFIG_VBOOT_CBFS_INTEGRATION=y set. In that case, vb2api_get_metadata_hash()
*8617a60dSAndroid Build Coastguard Worker * must be used instead.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param tag		Tag to start hashing (enum vb2_hash_tag)
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Extend the hash started by vb2api_init_hash() with additional data.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * (This is the same for both old and new style structs.)
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param buf		Data to hash
*8617a60dSAndroid Build Coastguard Worker * @param size		Size of data in bytes
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_extend_hash(struct vb2_context *ctx, const void *buf,
*8617a60dSAndroid Build Coastguard Worker			       uint32_t size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Check the hash value started by vb2api_init_hash().
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerint vb2api_check_hash(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Check the hash value started by vb2api_init_hash() while retrieving
*8617a60dSAndroid Build Coastguard Worker * calculated digest.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx			Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param digest_out		optional pointer to buffer to store digest
*8617a60dSAndroid Build Coastguard Worker * @param digest_out_size	optional size of buffer to store digest
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_check_hash_get_digest(struct vb2_context *ctx,
*8617a60dSAndroid Build Coastguard Worker					 void *digest_out,
*8617a60dSAndroid Build Coastguard Worker					 uint32_t digest_out_size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Get pointer to metadata hash from body signature in preamble.
*8617a60dSAndroid Build Coastguard Worker * Body signature data size has to be zero to indicate that it contains
*8617a60dSAndroid Build Coastguard Worker * metadata hash. This is only legal to call after vb2api_fw_phase3() has
*8617a60dSAndroid Build Coastguard Worker * returned successfully, and will return with error otherwise.
*8617a60dSAndroid Build Coastguard Worker * This function is only legal to call from coreboot with
*8617a60dSAndroid Build Coastguard Worker * CONFIG_VBOOT_CBFS_INTEGRATION=y. `futility sign` will automatically detect
*8617a60dSAndroid Build Coastguard Worker * the presence of that option in an image and prepare the correct kind
*8617a60dSAndroid Build Coastguard Worker * of signature.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx			Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param hash_ptr_out		pointer to output hash to
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_get_metadata_hash(struct vb2_context *ctx,
*8617a60dSAndroid Build Coastguard Worker				     struct vb2_hash **hash_ptr_out);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Get a PCR digest
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param which_digest	PCR index of the digest
*8617a60dSAndroid Build Coastguard Worker * @param dest		Destination where the digest is copied.
*8617a60dSAndroid Build Coastguard Worker * 			Recommended size is VB2_PCR_DIGEST_RECOMMENDED_SIZE.
*8617a60dSAndroid Build Coastguard Worker * @param dest_size	IN: size of the buffer pointed by dest
*8617a60dSAndroid Build Coastguard Worker * 			OUT: size of the copied digest
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_get_pcr_digest(struct vb2_context *ctx,
*8617a60dSAndroid Build Coastguard Worker				  enum vb2_pcr_digest which_digest,
*8617a60dSAndroid Build Coastguard Worker				  uint8_t *dest, uint32_t *dest_size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Prepare for kernel verification stage.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Must be called before other vb2api kernel functions.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Do kernel verification.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Must be called after vb2api_kernel_phase1.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_kernel_phase2(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Finalize for kernel verification stage.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Handle NO_BOOT flag. Also, check and roll forward kernel version.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_kernel_finalize(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Workerstruct vb2_kernel_params {
*8617a60dSAndroid Build Coastguard Worker	/* Inputs to vb2api_load_kernel(). */
*8617a60dSAndroid Build Coastguard Worker	/* Destination buffer for kernel (normally at 0x100000 on x86). */
*8617a60dSAndroid Build Coastguard Worker	void *kernel_buffer;
*8617a60dSAndroid Build Coastguard Worker	/* Size of kernel buffer in bytes. */
*8617a60dSAndroid Build Coastguard Worker	uint32_t kernel_buffer_size;
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker	/*
*8617a60dSAndroid Build Coastguard Worker	 * Outputs from vb2api_load_kernel(); valid only if it returns success.
*8617a60dSAndroid Build Coastguard Worker	 */
*8617a60dSAndroid Build Coastguard Worker	/* Handle of disk containing loaded kernel. */
*8617a60dSAndroid Build Coastguard Worker	vb2ex_disk_handle_t disk_handle;
*8617a60dSAndroid Build Coastguard Worker	/* Partition number on disk to boot (1...M). */
*8617a60dSAndroid Build Coastguard Worker	uint32_t partition_number;
*8617a60dSAndroid Build Coastguard Worker	/* Offset of bootloader image from `kernel_buffer` address. */
*8617a60dSAndroid Build Coastguard Worker	uint64_t bootloader_offset;
*8617a60dSAndroid Build Coastguard Worker	/* Size of bootloader image in bytes. */
*8617a60dSAndroid Build Coastguard Worker	uint32_t bootloader_size;
*8617a60dSAndroid Build Coastguard Worker	/* UniquePartitionGuid for boot partition. */
*8617a60dSAndroid Build Coastguard Worker	uint8_t partition_guid[16];
*8617a60dSAndroid Build Coastguard Worker	/* Flags set by signer. */
*8617a60dSAndroid Build Coastguard Worker	uint32_t flags;
*8617a60dSAndroid Build Coastguard Worker};
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*****************************************************************************/
*8617a60dSAndroid Build Coastguard Worker/* Disk access */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/* Flags for vb2_disk_info */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*
*8617a60dSAndroid Build Coastguard Worker * Disk selection in the lower 16 bits (where the disk lives), and disk
*8617a60dSAndroid Build Coastguard Worker * attributes in the higher 16 bits (extra information about the disk
*8617a60dSAndroid Build Coastguard Worker * needed to access it correctly).
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Worker#define VB2_DISK_FLAG_SELECT_MASK 0xffff
*8617a60dSAndroid Build Coastguard Worker#define VB2_DISK_FLAG_ATTRIBUTE_MASK (0xffff << 16)
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*
*8617a60dSAndroid Build Coastguard Worker * Disks are used in two ways:
*8617a60dSAndroid Build Coastguard Worker * - As a random-access device to read and write the GPT
*8617a60dSAndroid Build Coastguard Worker * - As a streaming device to read the kernel
*8617a60dSAndroid Build Coastguard Worker * These are implemented differently on raw NAND vs eMMC/SATA/USB
*8617a60dSAndroid Build Coastguard Worker * - On eMMC/SATA/USB, both of these refer to the same underlying
*8617a60dSAndroid Build Coastguard Worker *   storage, so they have the same size and LBA size. In this case,
*8617a60dSAndroid Build Coastguard Worker *   the GPT should not point to the same address as itself.
*8617a60dSAndroid Build Coastguard Worker * - On raw NAND, the GPT is held on a portion of the SPI flash.
*8617a60dSAndroid Build Coastguard Worker *   Random access GPT operations refer to the SPI and streaming
*8617a60dSAndroid Build Coastguard Worker *   operations refer to NAND. The GPT may therefore point into
*8617a60dSAndroid Build Coastguard Worker *   the same offsets as itself.
*8617a60dSAndroid Build Coastguard Worker * These types are distinguished by the following flag and vb2_disk_info
*8617a60dSAndroid Build Coastguard Worker * has separate fields to describe the random-access ("GPT") and
*8617a60dSAndroid Build Coastguard Worker * streaming aspects of the disk. If a disk is random-access (i.e.
*8617a60dSAndroid Build Coastguard Worker * not raw NAND) then these fields are equal.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Worker#define VB2_DISK_FLAG_EXTERNAL_GPT (1 << 16)
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/* Information on a single disk. */
*8617a60dSAndroid Build Coastguard Workerstruct vb2_disk_info {
*8617a60dSAndroid Build Coastguard Worker	/* Disk handle. */
*8617a60dSAndroid Build Coastguard Worker	vb2ex_disk_handle_t handle;
*8617a60dSAndroid Build Coastguard Worker	/* Size of a random-access LBA sector in bytes. */
*8617a60dSAndroid Build Coastguard Worker	uint64_t bytes_per_lba;
*8617a60dSAndroid Build Coastguard Worker	/* Number of random-access LBA sectors on the device.
*8617a60dSAndroid Build Coastguard Worker	 * If streaming_lba_count is 0, this stands in for the size of the
*8617a60dSAndroid Build Coastguard Worker	 * randomly accessed portion as well as the streaming portion.
*8617a60dSAndroid Build Coastguard Worker	 * Otherwise, this is only the randomly-accessed portion. */
*8617a60dSAndroid Build Coastguard Worker	uint64_t lba_count;
*8617a60dSAndroid Build Coastguard Worker	/* Number of streaming sectors on the device. */
*8617a60dSAndroid Build Coastguard Worker	uint64_t streaming_lba_count;
*8617a60dSAndroid Build Coastguard Worker	/* Flags (see VB2_DISK_FLAG_* constants). */
*8617a60dSAndroid Build Coastguard Worker	uint32_t flags;
*8617a60dSAndroid Build Coastguard Worker	/*
*8617a60dSAndroid Build Coastguard Worker	 * Optional name string, for use in debugging.  May be empty or null if
*8617a60dSAndroid Build Coastguard Worker	 * not available.
*8617a60dSAndroid Build Coastguard Worker	 */
*8617a60dSAndroid Build Coastguard Worker	const char *name;
*8617a60dSAndroid Build Coastguard Worker};
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Attempt to load kernel from the specified device. On success, the output
*8617a60dSAndroid Build Coastguard Worker * fields of params will be filled. The caller should set the input fields of
*8617a60dSAndroid Build Coastguard Worker * params.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param params	Params specific to loading the kernel
*8617a60dSAndroid Build Coastguard Worker * @param disk_info	Disk from which to read kernel
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_load_kernel(struct vb2_context *ctx,
*8617a60dSAndroid Build Coastguard Worker			       struct vb2_kernel_params *params,
*8617a60dSAndroid Build Coastguard Worker			       struct vb2_disk_info *disk_info);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/* miniOS flags */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/* Boot from non-active miniOS partition only. */
*8617a60dSAndroid Build Coastguard Worker#define VB2_MINIOS_FLAG_NON_ACTIVE (1 << 0)
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Attempt to load miniOS kernel from the specified device. On success, the
*8617a60dSAndroid Build Coastguard Worker * output fields of params will be filled. The caller should set the input
*8617a60dSAndroid Build Coastguard Worker * fields of params.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param params	Params specific to loading the kernel
*8617a60dSAndroid Build Coastguard Worker * @param disk_info	Disk from which to read kernel
*8617a60dSAndroid Build Coastguard Worker * @param minios_flags	Flags for miniOS
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_load_minios_kernel(struct vb2_context *ctx,
*8617a60dSAndroid Build Coastguard Worker				      struct vb2_kernel_params *params,
*8617a60dSAndroid Build Coastguard Worker				      struct vb2_disk_info *disk_info,
*8617a60dSAndroid Build Coastguard Worker				      uint32_t minios_flags);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Load the verified boot block (vblock) for a kernel.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This function may be called multiple times, to load and verify the
*8617a60dSAndroid Build Coastguard Worker * vblocks from multiple kernel partitions.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param stream	Kernel stream
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_load_kernel_vblock(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Get the size and offset of the kernel data for the most recent vblock.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Valid after a successful call to vb2api_load_kernel_vblock().
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param offset_ptr	Destination for offset in bytes of kernel data as
*8617a60dSAndroid Build Coastguard Worker *			reported by vblock.
*8617a60dSAndroid Build Coastguard Worker * @param size_ptr      Destination for size of kernel data in bytes.
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_get_kernel_size(struct vb2_context *ctx,
*8617a60dSAndroid Build Coastguard Worker				   uint32_t *offset_ptr, uint32_t *size_ptr);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Verify kernel data using the previously loaded kernel vblock.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Valid after a successful call to vb2api_load_kernel_vblock().  This allows
*8617a60dSAndroid Build Coastguard Worker * the caller to load or map the kernel data, as appropriate, and pass the
*8617a60dSAndroid Build Coastguard Worker * pointer to the kernel data into vboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param buf		Pointer to kernel data
*8617a60dSAndroid Build Coastguard Worker * @param size		Size of kernel data in bytes
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_verify_kernel_data(struct vb2_context *ctx, const void *buf,
*8617a60dSAndroid Build Coastguard Worker				      uint32_t size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Clean up after kernel verification.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Call this after successfully loading a vblock and verifying kernel data,
*8617a60dSAndroid Build Coastguard Worker * or if you've run out of boot devices and/or kernel partitions.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This cleans up intermediate data structures in the vboot context, and
*8617a60dSAndroid Build Coastguard Worker * updates the version in the secure data if necessary.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_kernel_phase3(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Read the hardware ID from the GBB, and store it onto the given buffer.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context.
*8617a60dSAndroid Build Coastguard Worker * @param hwid		Buffer to store HWID, which will be null-terminated.
*8617a60dSAndroid Build Coastguard Worker * @param size		Maximum size of HWID including null terminator.  HWID
*8617a60dSAndroid Build Coastguard Worker * 			length may not exceed 256 (VB2_GBB_HWID_MAX_SIZE), so
*8617a60dSAndroid Build Coastguard Worker * 			this value is suggested.  If size is too small, then
*8617a60dSAndroid Build Coastguard Worker * 			VB2_ERROR_INVALID_PARAMETER is returned.  Actual size
*8617a60dSAndroid Build Coastguard Worker * 			of the output HWID string is returned in this pointer,
*8617a60dSAndroid Build Coastguard Worker * 			also including null terminator.
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_gbb_read_hwid(struct vb2_context *ctx, char *hwid,
*8617a60dSAndroid Build Coastguard Worker				 uint32_t *size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Retrieve current GBB flags.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * See enum vb2_gbb_flag in 2gbb_flags.h for a list of all GBB flags.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return vb2_gbb_flags_t representing current GBB flags.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_gbb_flags_t vb2api_gbb_get_flags(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Get the size of the signed firmware body.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This is only legal to call after vb2api_fw_phase3() has returned
*8617a60dSAndroid Build Coastguard Worker * successfully, and will die otherwise. This should never be called when
*8617a60dSAndroid Build Coastguard Worker * running from a coreboot image that has CONFIG_VBOOT_CBFS_INTEGRATION=y set,
*8617a60dSAndroid Build Coastguard Worker * or it will also die (with data size in signature being 0). In that case,
*8617a60dSAndroid Build Coastguard Worker * vb2api_get_metadata_hash() should be used instead.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return The firmware body size in bytes (or 0 if called too early).
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workeruint32_t vb2api_get_firmware_size(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Check if this firmware was bundled with the well-known public developer key
*8617a60dSAndroid Build Coastguard Worker * set (more specifically, checks the recovery key in recovery mode and the
*8617a60dSAndroid Build Coastguard Worker * kernel subkey from the firmware preamble in other modes). This is a best
*8617a60dSAndroid Build Coastguard Worker * effort check that could be misled by a specifically crafted key.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * May only be called after vb2api_kernel_phase1() has run.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return 1 for developer keys, 0 for any others.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerint vb2api_is_developer_signed(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Return the current kernel rollback version from secdata.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return The rollback version number.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workeruint32_t vb2api_get_kernel_rollback_version(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * If no display is available, set DISPLAY_REQUEST in nvdata.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx           Vboot2 context
*8617a60dSAndroid Build Coastguard Worker * @return 1 if DISPLAY_REQUEST is set and a reboot is required, or 0 otherwise.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerint vb2api_need_reboot_for_display(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Get the current recovery reason.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * See enum vb2_nv_recovery in 2recovery_reasons.h.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return Current recovery reason.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workeruint32_t vb2api_get_recovery_reason(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Get the current locale id from nvdata.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return Current locale id.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workeruint32_t vb2api_get_locale_id(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Set the locale id in nvdata.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param locale_id 	The locale id to be set
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervoid vb2api_set_locale_id(struct vb2_context *ctx, uint32_t locale_id);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Whether diagnostic UI functionality is enabled or not.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return 1 if enabled, 0 if disabled.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerint vb2api_diagnostic_ui_enabled(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/* Default boot target in developer mode. */
*8617a60dSAndroid Build Coastguard Workerenum vb2_dev_default_boot_target {
*8617a60dSAndroid Build Coastguard Worker	/* Default to boot from internal disk. */
*8617a60dSAndroid Build Coastguard Worker	VB2_DEV_DEFAULT_BOOT_TARGET_INTERNAL = 0,
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker	/* Default to boot from external disk. */
*8617a60dSAndroid Build Coastguard Worker	VB2_DEV_DEFAULT_BOOT_TARGET_EXTERNAL = 1,
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker	/* Default to boot altfw. */
*8617a60dSAndroid Build Coastguard Worker	VB2_DEV_DEFAULT_BOOT_TARGET_ALTFW = 2,
*8617a60dSAndroid Build Coastguard Worker};
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Get the default boot target in developer mode. This function must be called
*8617a60dSAndroid Build Coastguard Worker * after vb2api_kernel_phase1.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return The developer mode default boot target.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerenum vb2_dev_default_boot_target vb2api_get_dev_default_boot_target(
*8617a60dSAndroid Build Coastguard Worker	struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Whether to use short delay instead of the normal delay in developer screens.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return 1 for short delay and 0 otherwise.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerint vb2api_use_short_dev_screen_delay(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Request to enable developer mode.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Enables the developer flag in vb2_context firmware secdata.  Note that
*8617a60dSAndroid Build Coastguard Worker * modified secdata must be saved for change to apply on reboot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * NOTE: Doesn't update the LAST_BOOT_DEVELOPER secdata flag.  That should be
*8617a60dSAndroid Build Coastguard Worker * done on the next boot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS if success; error if enabling developer mode is not
*8617a60dSAndroid Build Coastguard Worker * allowed.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_enable_developer_mode(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Request to disable developer mode by setting VB2_NV_DISABLE_DEV_REQUEST.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS if success; other errors if the check of
*8617a60dSAndroid Build Coastguard Worker * VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON failed.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_disable_developer_mode(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Request diagnostics by setting VB2_NV_DIAG_REQUEST.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervoid vb2api_request_diagnostics(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*****************************************************************************/
*8617a60dSAndroid Build Coastguard Worker/* APIs provided by the caller to verified boot */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Read a verified boot resource.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @param index		Resource index to read
*8617a60dSAndroid Build Coastguard Worker * @param offset	Byte offset within resource to start at
*8617a60dSAndroid Build Coastguard Worker * @param buf		Destination for data
*8617a60dSAndroid Build Coastguard Worker * @param size		Amount of data to read
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_read_resource(struct vb2_context *ctx,
*8617a60dSAndroid Build Coastguard Worker				enum vb2_resource_index index, uint32_t offset,
*8617a60dSAndroid Build Coastguard Worker				void *buf, uint32_t size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Print debug output.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This should work like printf().  If func!=NULL, it will be a string with
*8617a60dSAndroid Build Coastguard Worker * the current function name; that can be used to generate prettier debug
*8617a60dSAndroid Build Coastguard Worker * output.  If func==NULL, don't print any extra header/trailer so that this
*8617a60dSAndroid Build Coastguard Worker * can be used to composite a bigger output string from several calls - for
*8617a60dSAndroid Build Coastguard Worker * example, when doing a hex dump.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param func		Function name generating output, or NULL.
*8617a60dSAndroid Build Coastguard Worker * @param fmt		Printf format string
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Worker__attribute__((format(printf, 2, 3)))
*8617a60dSAndroid Build Coastguard Workervoid vb2ex_printf(const char *func, const char *fmt, ...);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Initialize the hardware crypto engine to calculate a block-style digest.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param hash_alg	Hash algorithm to use
*8617a60dSAndroid Build Coastguard Worker * @param data_size	Expected total size of data to hash, or 0. If 0, the
*8617a60dSAndroid Build Coastguard Worker *			total size is not known in advance. Implementations that
*8617a60dSAndroid Build Coastguard Worker *			cannot handle unknown sizes should return UNSUPPORTED
*8617a60dSAndroid Build Coastguard Worker *			in that case. If the value is non-zero, implementations
*8617a60dSAndroid Build Coastguard Worker *			can trust it to be accurate.
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code (HWCRYPTO_UNSUPPORTED not fatal).
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg,
*8617a60dSAndroid Build Coastguard Worker				       uint32_t data_size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Extend the hash in the hardware crypto engine with another block of data.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param buf		Next data block to hash
*8617a60dSAndroid Build Coastguard Worker * @param size		Length of data block in bytes
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Finalize the digest in the hardware crypto engine and extract the result.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param digest	Destination buffer for resulting digest
*8617a60dSAndroid Build Coastguard Worker * @param digest_size	Length of digest buffer in bytes
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
*8617a60dSAndroid Build Coastguard Worker					   uint32_t digest_size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Verify a RSA PKCS1.5 signature in hardware crypto engine
*8617a60dSAndroid Build Coastguard Worker * against an expected hash digest.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param key		Key to use in signature verification
*8617a60dSAndroid Build Coastguard Worker * @param sig		Signature to verify (destroyed in process)
*8617a60dSAndroid Build Coastguard Worker * @param digest	Digest of signed data
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code (HWCRYPTO_UNSUPPORTED not fatal).
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
*8617a60dSAndroid Build Coastguard Worker					     const uint8_t *sig,
*8617a60dSAndroid Build Coastguard Worker					     const uint8_t *digest);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Calculate modexp using hardware crypto engine.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param key		Key to use in signing
*8617a60dSAndroid Build Coastguard Worker * @param inout		Input and output big-endian byte array
*8617a60dSAndroid Build Coastguard Worker * @param workbuf	Work buffer
*8617a60dSAndroid Build Coastguard Worker * @param workbuf_size	Work buffer size
*8617a60dSAndroid Build Coastguard Worker * @param exp		RSA public exponent: either 65537 (F4) or 3
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, HWCRYPTO_UNSUPPORTED or WORKBUF_SMALL.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_hwcrypto_modexp(const struct vb2_public_key *key,
*8617a60dSAndroid Build Coastguard Worker				  uint8_t *inout,
*8617a60dSAndroid Build Coastguard Worker				  void *workbuf, size_t workbuf_size,
*8617a60dSAndroid Build Coastguard Worker				  int exp);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*
*8617a60dSAndroid Build Coastguard Worker * Report if hardware crypto is allowed in the current context. It may be
*8617a60dSAndroid Build Coastguard Worker * disabled by TPM flag and is categorically disallowed in recovery mode.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @returns 1 if hardware crypto is allowed, 0 if it is forbidden.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerbool vb2api_hwcrypto_allowed(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*
*8617a60dSAndroid Build Coastguard Worker * Abort vboot flow due to a failed assertion or broken assumption.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Likely due to caller misusing vboot (e.g. calling API functions
*8617a60dSAndroid Build Coastguard Worker * out-of-order, filling in vb2_context fields inappropriately).
*8617a60dSAndroid Build Coastguard Worker * Implementation should reboot or halt the machine, or fall back to some
*8617a60dSAndroid Build Coastguard Worker * alternative boot flow.  Retrying vboot is unlikely to succeed.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervoid vb2ex_abort(void);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Commit any pending data to disk.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Commit nvdata and secdata spaces if modified.  Normally this should be
*8617a60dSAndroid Build Coastguard Worker * performed after vboot has completed executing and control has been passed
*8617a60dSAndroid Build Coastguard Worker * back to the caller.  However, in certain kernel verification cases (e.g.
*8617a60dSAndroid Build Coastguard Worker * right before attempting to boot an OS; from a UI screen which requires
*8617a60dSAndroid Build Coastguard Worker * user-initiated shutdown; just prior to triggering battery cut-off), the
*8617a60dSAndroid Build Coastguard Worker * caller may not get a chance to commit this data.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_commit_data(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*****************************************************************************/
*8617a60dSAndroid Build Coastguard Worker/* TPM functionality */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Initialize the TPM.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_tpm_init(void);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Close and open the TPM.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This is needed for running more complex commands at user level, such as
*8617a60dSAndroid Build Coastguard Worker * TPM_TakeOwnership, since the TPM device can be opened only by one process at
*8617a60dSAndroid Build Coastguard Worker * a time.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_tpm_close(void);
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_tpm_open(void);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Send request to TPM and receive response
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Send a request_length-byte request to the TPM and receive a response.  On
*8617a60dSAndroid Build Coastguard Worker * input, response_length is the size of the response buffer in bytes.  On
*8617a60dSAndroid Build Coastguard Worker * exit, response_length is set to the actual received response length in
*8617a60dSAndroid Build Coastguard Worker * bytes.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param request		Pointer to request buffer
*8617a60dSAndroid Build Coastguard Worker * @param request_length	Number of bytes to send
*8617a60dSAndroid Build Coastguard Worker * @param response		Pointer to response buffer
*8617a60dSAndroid Build Coastguard Worker * @param response_length	Size of response buffer; on return,
*8617a60dSAndroid Build Coastguard Worker * 				set to number of received bytes
*8617a60dSAndroid Build Coastguard Worker * @return TPM_SUCCESS, or non-zero if error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workeruint32_t vb2ex_tpm_send_recv(const uint8_t *request, uint32_t request_length,
*8617a60dSAndroid Build Coastguard Worker			     uint8_t *response, uint32_t *response_length);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker#ifdef CHROMEOS_ENVIRONMENT
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Obtain cryptographically secure random bytes.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This function is used to generate random nonces for TPM auth sessions for
*8617a60dSAndroid Build Coastguard Worker * example. As an implication, the generated random bytes should not be
*8617a60dSAndroid Build Coastguard Worker * predictable for a TPM communication interception attack. This implies a
*8617a60dSAndroid Build Coastguard Worker * local source of randomness should be used, i.e. this should not be wired to
*8617a60dSAndroid Build Coastguard Worker * the TPM RNG directly. Otherwise, an attacker with communication interception
*8617a60dSAndroid Build Coastguard Worker * abilities could launch replay attacks by reusing previous nonces.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_tpm_get_random(uint8_t *buf, uint32_t length);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker#endif  /* CHROMEOS_ENVIRONMENT */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/* Modes for vb2ex_tpm_set_mode. */
*8617a60dSAndroid Build Coastguard Workerenum vb2_tpm_mode {
*8617a60dSAndroid Build Coastguard Worker	/*
*8617a60dSAndroid Build Coastguard Worker	 * TPM is enabled tentatively, and may be set to either
*8617a60dSAndroid Build Coastguard Worker	 * ENABLED or DISABLED mode.
*8617a60dSAndroid Build Coastguard Worker	 */
*8617a60dSAndroid Build Coastguard Worker	VB2_TPM_MODE_ENABLED_TENTATIVE = 0,
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker	/* TPM is enabled, and mode may not be changed. */
*8617a60dSAndroid Build Coastguard Worker	VB2_TPM_MODE_ENABLED = 1,
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker	/* TPM is disabled, and mode may not be changed. */
*8617a60dSAndroid Build Coastguard Worker	VB2_TPM_MODE_DISABLED = 2,
*8617a60dSAndroid Build Coastguard Worker};
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Set the current TPM mode value, and validate that it was changed.  If one
*8617a60dSAndroid Build Coastguard Worker * of the following occurs, the function call fails:
*8617a60dSAndroid Build Coastguard Worker *   - TPM does not understand the instruction (old version)
*8617a60dSAndroid Build Coastguard Worker *   - TPM has already left the TpmModeEnabledTentative mode
*8617a60dSAndroid Build Coastguard Worker *   - TPM responds with a mode other than the requested mode
*8617a60dSAndroid Build Coastguard Worker *   - Some other communication error occurs
*8617a60dSAndroid Build Coastguard Worker *  Otherwise, the function call succeeds.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param mode_val       Desired TPM mode to set.  May be one of ENABLED
*8617a60dSAndroid Build Coastguard Worker *                       or DISABLED from vb2_tpm_mode enum.
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Clear the TPM owner.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*****************************************************************************/
*8617a60dSAndroid Build Coastguard Worker/* Auxiliary firmware (auxfw) */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Sync all auxiliary firmware to the expected versions.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This function will first check if an auxfw update is needed and
*8617a60dSAndroid Build Coastguard Worker * what the "severity" of that update is (i.e., if any auxfw devices
*8617a60dSAndroid Build Coastguard Worker * exist and the relative quickness of updating it.  If the update is
*8617a60dSAndroid Build Coastguard Worker * deemed slow, it may display a screen to notify the user.  The
*8617a60dSAndroid Build Coastguard Worker * platform is then instructed to perform the update.  Finally, an EC
*8617a60dSAndroid Build Coastguard Worker * reboot to its RO section is performed to ensure that auxfw devices
*8617a60dSAndroid Build Coastguard Worker * are also reset and running the new firmware.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx           Vboot2 context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_auxfw_sync(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*
*8617a60dSAndroid Build Coastguard Worker * severity levels for an auxiliary firmware update request
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerenum vb2_auxfw_update_severity {
*8617a60dSAndroid Build Coastguard Worker	/* no update needed and no protection needed */
*8617a60dSAndroid Build Coastguard Worker	VB2_AUXFW_NO_DEVICE = 0,
*8617a60dSAndroid Build Coastguard Worker	/* no update needed */
*8617a60dSAndroid Build Coastguard Worker	VB2_AUXFW_NO_UPDATE = 1,
*8617a60dSAndroid Build Coastguard Worker	/* update needed, can be done quickly */
*8617a60dSAndroid Build Coastguard Worker	VB2_AUXFW_FAST_UPDATE = 2,
*8617a60dSAndroid Build Coastguard Worker	/* update needed, "this would take a while..." */
*8617a60dSAndroid Build Coastguard Worker	VB2_AUXFW_SLOW_UPDATE = 3,
*8617a60dSAndroid Build Coastguard Worker};
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*
*8617a60dSAndroid Build Coastguard Worker * Check if any auxiliary firmware needs updating.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This is called after the EC has been updated and is intended to
*8617a60dSAndroid Build Coastguard Worker * version-check additional firmware blobs such as TCPCs.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param severity	return parameter for health of auxiliary firmware
*8617a60dSAndroid Build Coastguard Worker *			(see vb2_auxfw_update_severity above)
*8617a60dSAndroid Build Coastguard Worker * @return VBERROR_... error, VB2_SUCCESS on success.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_auxfw_check(enum vb2_auxfw_update_severity *severity);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*
*8617a60dSAndroid Build Coastguard Worker * Perform auxiliary firmware update(s).
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This is called after the EC has been updated and is intended to
*8617a60dSAndroid Build Coastguard Worker * update additional firmware blobs such as TCPCs.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return VBERROR_... error, VB2_SUCCESS on success.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_auxfw_update(void);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*
*8617a60dSAndroid Build Coastguard Worker * Notify client that vboot is done with auxfw.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * If auxfw sync was successful, this will be called at the end so that
*8617a60dSAndroid Build Coastguard Worker * the client may perform actions that require the auxfw to be in its
*8617a60dSAndroid Build Coastguard Worker * final state.  This may include protecting the communcations tunnels that
*8617a60dSAndroid Build Coastguard Worker * allow auxiliary firmware updates from the OS.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VBERROR_... error, VB2_SUCCESS on success.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_auxfw_finalize(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*****************************************************************************/
*8617a60dSAndroid Build Coastguard Worker/* Embedded controller (EC) */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*
*8617a60dSAndroid Build Coastguard Worker * Firmware selection type for EC software sync logic.  Note that we store
*8617a60dSAndroid Build Coastguard Worker * these in a uint32_t because enum maps to int, which isn't fixed-size.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerenum vb2_firmware_selection {
*8617a60dSAndroid Build Coastguard Worker	/* Read only firmware for normal or developer path. */
*8617a60dSAndroid Build Coastguard Worker	VB_SELECT_FIRMWARE_READONLY = 3,
*8617a60dSAndroid Build Coastguard Worker	/* Rewritable EC firmware currently set active */
*8617a60dSAndroid Build Coastguard Worker	VB_SELECT_FIRMWARE_EC_ACTIVE = 4,
*8617a60dSAndroid Build Coastguard Worker	/* Rewritable EC firmware currently not set active thus updatable */
*8617a60dSAndroid Build Coastguard Worker	VB_SELECT_FIRMWARE_EC_UPDATE = 5,
*8617a60dSAndroid Build Coastguard Worker	/* Keep this at the end */
*8617a60dSAndroid Build Coastguard Worker	VB_SELECT_FIRMWARE_COUNT,
*8617a60dSAndroid Build Coastguard Worker};
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Sync the Embedded Controller device to the expected version.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This function will check if EC software sync is allowed, and if it
*8617a60dSAndroid Build Coastguard Worker * is, it will compare the expected image hash to the actual image
*8617a60dSAndroid Build Coastguard Worker * hash.  If they are the same, the EC will simply jump to its RW
*8617a60dSAndroid Build Coastguard Worker * firwmare.  Otherwise, the specified flash image will be updated to
*8617a60dSAndroid Build Coastguard Worker * the new version, and the EC will reboot into its new firmware.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero if error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2api_ec_sync(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Check if the EC is currently running rewritable code.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * If the EC is in RO code, sets *in_rw=0.
*8617a60dSAndroid Build Coastguard Worker * If the EC is in RW code, sets *in_rw non-zero.
*8617a60dSAndroid Build Coastguard Worker * If the current EC image is unknown, returns error. */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_ec_running_rw(int *in_rw);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Request the EC jump to its rewritable code.  If successful, returns when the
*8617a60dSAndroid Build Coastguard Worker * EC has booting its RW code far enough to respond to subsequent commands.
*8617a60dSAndroid Build Coastguard Worker * Does nothing if the EC is already in its rewritable code.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_ec_jump_to_rw(void);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Tell the EC to refuse another jump until it reboots. Subsequent calls to
*8617a60dSAndroid Build Coastguard Worker * vb2ex_ec_jump_to_rw() in this boot will fail.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_ec_disable_jump(void);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Read the SHA-256 hash of the selected EC image.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param select    Image to get hash of. RO or RW.
*8617a60dSAndroid Build Coastguard Worker * @param hash      Pointer to the hash.
*8617a60dSAndroid Build Coastguard Worker * @param hash_size Pointer to the hash size.
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_ec_hash_image(enum vb2_firmware_selection select,
*8617a60dSAndroid Build Coastguard Worker				const uint8_t **hash, int *hash_size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Read the SHA-256 hash of the expected contents of the EC image associated
*8617a60dSAndroid Build Coastguard Worker * with the main firmware specified by the "select" argument.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param select	Image to get expected hash for (RO or RW).
*8617a60dSAndroid Build Coastguard Worker * @param hash		Pointer to the hash.
*8617a60dSAndroid Build Coastguard Worker * @param hash_size	Pointer to the hash size (in bytes).
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_ec_get_expected_image_hash(enum vb2_firmware_selection select,
*8617a60dSAndroid Build Coastguard Worker					     const uint8_t **hash,
*8617a60dSAndroid Build Coastguard Worker					     int *hash_size);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Update the selected EC image to the expected version.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param select	Image to get expected hash for (RO or RW).
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_ec_update_image(enum vb2_firmware_selection select);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Lock the EC code to prevent updates until the EC is rebooted.
*8617a60dSAndroid Build Coastguard Worker * Subsequent calls to vb2ex_ec_update_image() during boot will fail.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_ec_protect(void);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Perform EC post-verification / updating / jumping actions.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This routine is called to perform certain actions that must wait until
*8617a60dSAndroid Build Coastguard Worker * after the EC resides in its `final` image (the image the EC will
*8617a60dSAndroid Build Coastguard Worker * run for the duration of boot). These actions include verifying that
*8617a60dSAndroid Build Coastguard Worker * enough power is available to continue with boot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Pointer to vboot context.
*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or error code on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_ec_vboot_done(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Request EC to stop discharging and cut-off battery.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervb2_error_t vb2ex_ec_battery_cutoff(void);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*****************************************************************************/
*8617a60dSAndroid Build Coastguard Worker/* Functions for firmware UI. */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Get the vboot debug info.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Return a pointer to the vboot debug info string which is guaranteed to be
*8617a60dSAndroid Build Coastguard Worker * null-terminated.  The caller owns the string and should call free() when
*8617a60dSAndroid Build Coastguard Worker * finished with it.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return The pointer to the vboot debug info string.  NULL on error.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerchar *vb2api_get_debug_info(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*****************************************************************************/
*8617a60dSAndroid Build Coastguard Worker/* Timer. */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Read a millisecond timer.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This should have a sufficient number of bits to avoid wraparound for at
*8617a60dSAndroid Build Coastguard Worker * least 10 minutes.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @return Current timer value in milliseconds.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workeruint32_t vb2ex_mtime(void);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/*****************************************************************************/
*8617a60dSAndroid Build Coastguard Worker/* Firmware slot information. */
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Workerunion vb2_fw_boot_info {
*8617a60dSAndroid Build Coastguard Worker	uint8_t raw[4];
*8617a60dSAndroid Build Coastguard Worker	struct {
*8617a60dSAndroid Build Coastguard Worker		uint8_t tries       : 4;
*8617a60dSAndroid Build Coastguard Worker		uint8_t slot        : 1;
*8617a60dSAndroid Build Coastguard Worker		uint8_t prev_slot   : 1;
*8617a60dSAndroid Build Coastguard Worker		uint8_t prev_result : 2;
*8617a60dSAndroid Build Coastguard Worker		uint8_t boot_mode;
*8617a60dSAndroid Build Coastguard Worker		/* The following 2 bytes only exist for recovery mode */
*8617a60dSAndroid Build Coastguard Worker		uint8_t recovery_reason;
*8617a60dSAndroid Build Coastguard Worker		uint8_t recovery_subcode;
*8617a60dSAndroid Build Coastguard Worker	};
*8617a60dSAndroid Build Coastguard Worker};
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Return `vb2_fw_boot_info` and can be used
*8617a60dSAndroid Build Coastguard Worker * to log information about the current boot in a compact format.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * Note: Only call this API at minimum after `vb2api_fw_phase2` function
*8617a60dSAndroid Build Coastguard Worker * returns.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx          Vboot context
*8617a60dSAndroid Build Coastguard Worker * @return filled out vb2 info as per `union vb2_fw_boot_info`.
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workerunion vb2_fw_boot_info vb2api_get_fw_boot_info(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker/**
*8617a60dSAndroid Build Coastguard Worker * Clear recovery request appropriately.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * To avoid the recovery request "sticking" and the user being in a permanent
*8617a60dSAndroid Build Coastguard Worker * recovery loop, the recovery request must be cleared and committed to nvdata.
*8617a60dSAndroid Build Coastguard Worker * Note that this should be done at some point after we are certain the system
*8617a60dSAndroid Build Coastguard Worker * does not require any reboots for non-vboot-related reasons (e.g. FSP
*8617a60dSAndroid Build Coastguard Worker * initialization), and before triggering a reboot to exit a transient recovery
*8617a60dSAndroid Build Coastguard Worker * mode (e.g. memory retraining request).
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * In BROKEN cases, the recovery reason will be stowed away as subcode, to be
*8617a60dSAndroid Build Coastguard Worker * retrieved after the user reboots in manual recovery.  In manual recovery,
*8617a60dSAndroid Build Coastguard Worker * subcode will be left alone to keep available for subsequent manual recovery
*8617a60dSAndroid Build Coastguard Worker * requests, or for accessing from userspace on the next boot.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * This function modifies nvdata in vb2_context, but the caller is still
*8617a60dSAndroid Build Coastguard Worker * expected to call vb2_commit_data.
*8617a60dSAndroid Build Coastguard Worker *
*8617a60dSAndroid Build Coastguard Worker * @param ctx		Vboot context
*8617a60dSAndroid Build Coastguard Worker */
*8617a60dSAndroid Build Coastguard Workervoid vb2api_clear_recovery(struct vb2_context *ctx);
*8617a60dSAndroid Build Coastguard Worker
*8617a60dSAndroid Build Coastguard Worker#endif  /* VBOOT_REFERENCE_2API_H_ */