boot/bootmeth_cros.h

   1 /* SPDX-License-Identifier: GPL-2.0+ */
   2 /*
   3  * Structures used by the ChromiumOS bootmeth
   4  *
   5  * See docs at:
   6  * https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot-data-structures/
   7  *
   8  * Original code at:
   9  * https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/refs/heads/main/firmware/2lib/include/2struct.h
  10  *
  11  * Code taken from vboot_reference commit 5b8596ce file 2struct.h
  12  *
  13  * Copyright 2023 Google LLC
  14  * Written by Simon Glass <sjg@chromium.org>
  15  */
  16
  17 #ifndef __BOOTMETH_CROS_H
  18 #define __BOOTMETH_CROS_H
  19
  20 /* Signature data (a secure hash, possibly signed) */
  21 struct vb2_signature {
  22         /* Offset of signature data from start of this struct */
  23         uint32_t sig_offset;
  24         uint32_t reserved0;
  25
  26         /* Size of signature data in bytes */
  27         uint32_t sig_size;
  28         uint32_t reserved1;
  29
  30         /* Size of the data block which was signed in bytes */
  31         uint32_t data_size;
  32         uint32_t reserved2;
  33 } __attribute__((packed));
  34
  35 #define EXPECTED_VB2_SIGNATURE_SIZE 24
  36
  37 /* Packed public key data */
  38 struct vb2_packed_key {
  39         /* Offset of key data from start of this struct */
  40         uint32_t key_offset;
  41         uint32_t reserved0;
  42
  43         /* Size of key data in bytes (NOT strength of key in bits) */
  44         uint32_t key_size;
  45         uint32_t reserved1;
  46
  47         /* Signature algorithm used by the key (enum vb2_crypto_algorithm) */
  48         uint32_t algorithm;
  49         uint32_t reserved2;
  50
  51         /* Key version */
  52         uint32_t key_version;
  53         uint32_t reserved3;
  54
  55         /* TODO: when redoing this struct, add a text description of the key */
  56 } __attribute__((packed));
  57
  58 #define EXPECTED_VB2_PACKED_KEY_SIZE 32
  59
  60 #define VB2_KEYBLOCK_MAGIC "CHROMEOS"
  61 #define VB2_KEYBLOCK_MAGIC_SIZE 8
  62
  63 /*
  64  * Keyblock, containing the public key used to sign some other chunk of data.
  65  *
  66  * This should be followed by:
  67  *   1) The data_key key data, pointed to by data_key.key_offset.
  68  *   2) The checksum data for (vb2_keyblock + data_key data), pointed to
  69  *      by keyblock_checksum.sig_offset.
  70  *   3) The signature data for (vb2_keyblock + data_key data), pointed to
  71  *      by keyblock_signature.sig_offset.
  72  */
  73 struct vb2_keyblock {
  74         /* Magic number */
  75         uint8_t magic[VB2_KEYBLOCK_MAGIC_SIZE];
  76
  77         /* Version of this header format */
  78         uint32_t header_version_major;
  79         uint32_t header_version_minor;
  80
  81         /*
  82          * Length of this entire keyblock, including keys, signatures, and
  83          * padding, in bytes
  84          */
  85         uint32_t keyblock_size;
  86         uint32_t reserved0;
  87
  88         /*
  89          * Signature for this keyblock (header + data pointed to by data_key)
  90          * For use with signed data keys
  91          */
  92         struct vb2_signature keyblock_signature;
  93
  94         /*
  95          * SHA-512 hash for this keyblock (header + data pointed to by
  96          * data_key) For use with unsigned data keys.
  97          *
  98          * Only supported for kernel keyblocks, not firmware keyblocks.
  99          */
 100         struct vb2_signature keyblock_hash;
 101
 102         /* Flags for key (VB2_KEYBLOCK_FLAG_*) */
 103         uint32_t keyblock_flags;
 104         uint32_t reserved1;
 105
 106         /* Key to verify the chunk of data */
 107         struct vb2_packed_key data_key;
 108 } __attribute__((packed));
 109
 110 #define EXPECTED_VB2_KEYBLOCK_SIZE 112
 111
 112 /*
 113  * Preamble block for kernel, version 2.2
 114  *
 115  * This should be followed by:
 116  *   1) The signature data for the kernel body, pointed to by
 117  *      body_signature.sig_offset.
 118  *   2) The signature data for (vb2_kernel_preamble + body signature data),
 119  *       pointed to by preamble_signature.sig_offset.
 120  *   3) The 16-bit vmlinuz header, which is used for reconstruction of
 121  *      vmlinuz image.
 122  */
 123 struct vb2_kernel_preamble {
 124         /*
 125          * Size of this preamble, including keys, signatures, vmlinuz header,
 126          * and padding, in bytes
 127          */
 128         uint32_t preamble_size;
 129         uint32_t reserved0;
 130
 131         /* Signature for this preamble (header + body signature) */
 132         struct vb2_signature preamble_signature;
 133
 134         /* Version of this header format */
 135         uint32_t header_version_major;
 136         uint32_t header_version_minor;
 137
 138         /* Kernel version */
 139         uint32_t kernel_version;
 140         uint32_t reserved1;
 141
 142         /* Load address for kernel body */
 143         uint64_t body_load_address;
 144         /* TODO (vboot 2.1): we never used that */
 145
 146         /* Address of bootloader, after body is loaded at body_load_address */
 147         uint64_t bootloader_address;
 148         /* TODO (vboot 2.1): should be a 32-bit offset */
 149
 150         /* Size of bootloader in bytes */
 151         uint32_t bootloader_size;
 152         uint32_t reserved2;
 153
 154         /* Signature for the kernel body */
 155         struct vb2_signature body_signature;
 156
 157         /*
 158          * TODO (vboot 2.1): fields for kernel offset and size.  Right now the
 159          * size is implicitly the same as the size of data signed by the body
 160          * signature, and the offset is implicitly at the end of the preamble.
 161          * But that forces us to pad the preamble to 64KB rather than just
 162          * having a tiny preamble and an offset field.
 163          */
 164
 165         /*
 166          * Fields added in header version 2.1.  You must verify the header
 167          * version before reading these fields!
 168          */
 169
 170         /*
 171          * Address of 16-bit header for vmlinuz reassembly.  Readers should
 172          * return 0 for header version < 2.1.
 173          */
 174         uint64_t vmlinuz_header_address;
 175
 176         /* Size of 16-bit header for vmlinuz in bytes.  Readers should return 0
 177            for header version < 2.1 */
 178         uint32_t vmlinuz_header_size;
 179         uint32_t reserved3;
 180
 181         /*
 182          * Fields added in header version 2.2.  You must verify the header
 183          * version before reading these fields!
 184          */
 185
 186         /*
 187          * Flags; see VB2_KERNEL_PREAMBLE_*.  Readers should return 0 for
 188          * header version < 2.2.  Flags field is currently defined as:
 189          * [31:2] - Reserved (for future use)
 190          * [1:0]  - Kernel image type (0b00 - CrOS,
 191          *                             0b01 - bootimg,
 192          *                             0b10 - multiboot)
 193          */
 194         uint32_t flags;
 195 } __attribute__((packed));
 196
 197 #endif /* __BOOTMETH_CROS_H */