soc/intel/xeon_sp: Revise IIO domain ACPI name encoding
[coreboot2.git] / src / security / vboot / antirollback.h
blobc0f77c9fa708caf007fd7a5c48445a801a68b59c
1 /* SPDX-License-Identifier: BSD-3-Clause */
3 /*
4 * Functions for querying, manipulating and locking rollback indices
5 * stored in the TPM NVRAM.
6 */
8 #ifndef ANTIROLLBACK_H_
9 #define ANTIROLLBACK_H_
11 #include <types.h>
12 #include <security/tpm/tspi.h>
13 #include <security/tpm/tss_errors.h>
14 #include <vb2_sha.h>
16 struct vb2_context;
17 enum vb2_pcr_digest;
19 /* TPM NVRAM location indices. */
20 #define FIRMWARE_NV_INDEX 0x1007
21 #define KERNEL_NV_INDEX 0x1008
22 /* 0x1009 used to be used as a backup space. Think of conflicts if you
23 * want to use 0x1009 for something else. */
24 #define BACKUP_NV_INDEX 0x1009
25 #define FWMP_NV_INDEX 0x100a
26 /* 0x100b: Hash of MRC_CACHE training data for recovery boot */
27 #define MRC_REC_HASH_NV_INDEX 0x100b
28 /* 0x100c: OOBE autoconfig public key hashes */
29 /* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */
30 #define MRC_RW_HASH_NV_INDEX 0x100d
31 #define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE
32 #define ENT_ROLLBACK_SPACE_INDEX 0x100e
33 #define VBIOS_CACHE_NV_INDEX 0x100f
34 /* Widevine Secure Counter space */
35 #define WIDEVINE_COUNTER_NV_INDEX(n) (0x3000 + (n))
36 #define NUM_WIDEVINE_COUNTERS 4
37 #define WIDEVINE_COUNTER_NAME "Widevine Secure Counter"
38 #define WIDEVINE_COUNTER_SIZE sizeof(uint64_t)
39 /* Zero-Touch Enrollment related spaces */
40 #define ZTE_BOARD_ID_NV_INDEX 0x3fff00
41 #define ZTE_RMA_SN_BITS_INDEX 0x3fff01
42 #define ZTE_RMA_BYTES_COUNTER_INDEX 0x3fff04
44 /* Structure definitions for TPM spaces */
46 /* Flags for firmware space */
49 * Last boot was developer mode. TPM ownership is cleared when transitioning
50 * to/from developer mode.
52 #define FLAG_LAST_BOOT_DEVELOPER 0x01
54 /* All functions return TPM_SUCCESS (zero) if successful, non-zero if error */
56 tpm_result_t antirollback_read_space_firmware(struct vb2_context *ctx);
58 /**
59 * Write may be called if the versions change.
61 tpm_result_t antirollback_write_space_firmware(struct vb2_context *ctx);
63 /**
64 * Read and write kernel space in TPM.
66 tpm_result_t antirollback_read_space_kernel(struct vb2_context *ctx);
67 tpm_result_t antirollback_write_space_kernel(struct vb2_context *ctx);
69 /**
70 * Lock must be called.
72 tpm_result_t antirollback_lock_space_firmware(void);
75 * Read MRC hash data from TPM.
76 * @param index index into TPM NVRAM where hash is stored The index
77 * can be set to either MRC_REC_HASH_NV_INDEX or
78 * MRC_RW_HASH_NV_INDEX depending upon whether we are
79 * booting in recovery or normal mode.
80 * @param data pointer to buffer where hash from TPM read into
81 * @param size size of buffer
83 tpm_result_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size);
85 * Write new hash data to MRC space in TPM.\
86 * @param index index into TPM NVRAM where hash is stored The index
87 * can be set to either MRC_REC_HASH_NV_INDEX or
88 * MRC_RW_HASH_NV_INDEX depending upon whether we are
89 * booting in recovery or normal mode.
90 * @param data pointer to buffer of hash value to be written
91 * @param size size of buffer
93 tpm_result_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
94 uint32_t size);
96 * Lock down MRC hash space in TPM.
97 * @param index index into TPM NVRAM where hash is stored The index
98 * can be set to either MRC_REC_HASH_NV_INDEX or
99 * MRC_RW_HASH_NV_INDEX depending upon whether we are
100 * booting in recovery or normal mode.
102 tpm_result_t antirollback_lock_space_mrc_hash(uint32_t index);
105 * Read VBIOS hash data from TPM.
106 * @param data pointer to buffer where hash from TPM read into
107 * @param size size of buffer
109 tpm_result_t antirollback_read_space_vbios_hash(uint8_t *data, uint32_t size);
111 * Write new hash data to VBIOS space in TPM.
112 * @param data pointer to buffer of hash value to be written
113 * @param size size of buffer
115 tpm_result_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size);
117 #endif /* ANTIROLLBACK_H_ */