1 /* SPDX-License-Identifier: GPL-2.0+ */ 2 /* 3 * Structures used by the ChromiumOS bootmeth 4 * 5 * See docs at: 6 * https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot-data-structures/ 7 * 8 * Original code at: 9 * https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/refs/heads/main/firmware/2lib/include/2struct.h 10 * 11 * Code taken from vboot_reference commit 5b8596ce file 2struct.h 12 * 13 * Copyright 2023 Google LLC 14 * Written by Simon Glass <sjg@chromium.org> 15 */ 16 17 #ifndef __BOOTMETH_CROS_H 18 #define __BOOTMETH_CROS_H 19 20 /* Signature data (a secure hash, possibly signed) */ 21 struct vb2_signature { 22 /* Offset of signature data from start of this struct */ 23 uint32_t sig_offset; 24 uint32_t reserved0; 25 26 /* Size of signature data in bytes */ 27 uint32_t sig_size; 28 uint32_t reserved1; 29 30 /* Size of the data block which was signed in bytes */ 31 uint32_t data_size; 32 uint32_t reserved2; 33 } __attribute__((packed)); 34 35 #define EXPECTED_VB2_SIGNATURE_SIZE 24 36 37 /* Packed public key data */ 38 struct vb2_packed_key { 39 /* Offset of key data from start of this struct */ 40 uint32_t key_offset; 41 uint32_t reserved0; 42 43 /* Size of key data in bytes (NOT strength of key in bits) */ 44 uint32_t key_size; 45 uint32_t reserved1; 46 47 /* Signature algorithm used by the key (enum vb2_crypto_algorithm) */ 48 uint32_t algorithm; 49 uint32_t reserved2; 50 51 /* Key version */ 52 uint32_t key_version; 53 uint32_t reserved3; 54 55 /* TODO: when redoing this struct, add a text description of the key */ 56 } __attribute__((packed)); 57 58 #define EXPECTED_VB2_PACKED_KEY_SIZE 32 59 60 #define VB2_KEYBLOCK_MAGIC "CHROMEOS" 61 #define VB2_KEYBLOCK_MAGIC_SIZE 8 62 63 /* 64 * Keyblock, containing the public key used to sign some other chunk of data. 65 * 66 * This should be followed by: 67 * 1) The data_key key data, pointed to by data_key.key_offset. 68 * 2) The checksum data for (vb2_keyblock + data_key data), pointed to 69 * by keyblock_checksum.sig_offset. 70 * 3) The signature data for (vb2_keyblock + data_key data), pointed to 71 * by keyblock_signature.sig_offset. 72 */ 73 struct vb2_keyblock { 74 /* Magic number */ 75 uint8_t magic[VB2_KEYBLOCK_MAGIC_SIZE]; 76 77 /* Version of this header format */ 78 uint32_t header_version_major; 79 uint32_t header_version_minor; 80 81 /* 82 * Length of this entire keyblock, including keys, signatures, and 83 * padding, in bytes 84 */ 85 uint32_t keyblock_size; 86 uint32_t reserved0; 87 88 /* 89 * Signature for this keyblock (header + data pointed to by data_key) 90 * For use with signed data keys 91 */ 92 struct vb2_signature keyblock_signature; 93 94 /* 95 * SHA-512 hash for this keyblock (header + data pointed to by 96 * data_key) For use with unsigned data keys. 97 * 98 * Only supported for kernel keyblocks, not firmware keyblocks. 99 */ 100 struct vb2_signature keyblock_hash; 101 102 /* Flags for key (VB2_KEYBLOCK_FLAG_*) */ 103 uint32_t keyblock_flags; 104 uint32_t reserved1; 105 106 /* Key to verify the chunk of data */ 107 struct vb2_packed_key data_key; 108 } __attribute__((packed)); 109 110 #define EXPECTED_VB2_KEYBLOCK_SIZE 112 111 112 /* 113 * Preamble block for kernel, version 2.2 114 * 115 * This should be followed by: 116 * 1) The signature data for the kernel body, pointed to by 117 * body_signature.sig_offset. 118 * 2) The signature data for (vb2_kernel_preamble + body signature data), 119 * pointed to by preamble_signature.sig_offset. 120 * 3) The 16-bit vmlinuz header, which is used for reconstruction of 121 * vmlinuz image. 122 */ 123 struct vb2_kernel_preamble { 124 /* 125 * Size of this preamble, including keys, signatures, vmlinuz header, 126 * and padding, in bytes 127 */ 128 uint32_t preamble_size; 129 uint32_t reserved0; 130 131 /* Signature for this preamble (header + body signature) */ 132 struct vb2_signature preamble_signature; 133 134 /* Version of this header format */ 135 uint32_t header_version_major; 136 uint32_t header_version_minor; 137 138 /* Kernel version */ 139 uint32_t kernel_version; 140 uint32_t reserved1; 141 142 /* Load address for kernel body */ 143 uint64_t body_load_address; 144 /* TODO (vboot 2.1): we never used that */ 145 146 /* Address of bootloader, after body is loaded at body_load_address */ 147 uint64_t bootloader_address; 148 /* TODO (vboot 2.1): should be a 32-bit offset */ 149 150 /* Size of bootloader in bytes */ 151 uint32_t bootloader_size; 152 uint32_t reserved2; 153 154 /* Signature for the kernel body */ 155 struct vb2_signature body_signature; 156 157 /* 158 * TODO (vboot 2.1): fields for kernel offset and size. Right now the 159 * size is implicitly the same as the size of data signed by the body 160 * signature, and the offset is implicitly at the end of the preamble. 161 * But that forces us to pad the preamble to 64KB rather than just 162 * having a tiny preamble and an offset field. 163 */ 164 165 /* 166 * Fields added in header version 2.1. You must verify the header 167 * version before reading these fields! 168 */ 169 170 /* 171 * Address of 16-bit header for vmlinuz reassembly. Readers should 172 * return 0 for header version < 2.1. 173 */ 174 uint64_t vmlinuz_header_address; 175 176 /* Size of 16-bit header for vmlinuz in bytes. Readers should return 0 177 for header version < 2.1 */ 178 uint32_t vmlinuz_header_size; 179 uint32_t reserved3; 180 181 /* 182 * Fields added in header version 2.2. You must verify the header 183 * version before reading these fields! 184 */ 185 186 /* 187 * Flags; see VB2_KERNEL_PREAMBLE_*. Readers should return 0 for 188 * header version < 2.2. Flags field is currently defined as: 189 * [31:2] - Reserved (for future use) 190 * [1:0] - Kernel image type (0b00 - CrOS, 191 * 0b01 - bootimg, 192 * 0b10 - multiboot) 193 */ 194 uint32_t flags; 195 } __attribute__((packed)); 196 197 #endif /* __BOOTMETH_CROS_H */ 198