xref: /aosp_15_r20/external/vboot_reference/firmware/2lib/include/2secdata.h (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1 /* Copyright 2014 The ChromiumOS Authors
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  *
5  * Secure non-volatile storage routines
6  */
7 
8 #ifndef VBOOT_REFERENCE_2SECDATA_H_
9 #define VBOOT_REFERENCE_2SECDATA_H_
10 
11 #include "2api.h"
12 
13 /*****************************************************************************/
14 /* Firmware secure storage space */
15 
16 /* Which param to get/set for vb2_secdata_firmware_get/set() */
17 enum vb2_secdata_firmware_param {
18 	/* Flags; see vb2_secdata_firmware_flags */
19 	VB2_SECDATA_FIRMWARE_FLAGS = 0,
20 
21 	/* Firmware versions */
22 	VB2_SECDATA_FIRMWARE_VERSIONS,
23 };
24 
25 /* Flags for firmware space */
26 enum vb2_secdata_firmware_flags {
27 	/*
28 	 * Last boot was developer mode.  TPM ownership is cleared when
29 	 * transitioning to/from developer mode.  Set/cleared by
30 	 * vb2_check_dev_switch().
31 	 */
32 	VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER = (1 << 0),
33 
34 	/*
35 	 * Virtual developer mode switch is on.  Set/cleared by the
36 	 * keyboard-controlled dev screens in recovery mode.  Cleared by
37 	 * vb2_check_dev_switch().
38 	 */
39 	VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE = (1 << 1),
40 };
41 
42 /**
43  * Initialize firmware secure storage context and verify its CRC.
44  *
45  * This must be called before vb2_secdata_firmware_get/set().
46  *
47  * @param ctx		Context pointer
48  * @return VB2_SUCCESS, or non-zero error code if error.
49  */
50 vb2_error_t vb2_secdata_firmware_init(struct vb2_context *ctx);
51 
52 /**
53  * Read a firmware secure storage value.
54  *
55  * @param ctx		Context pointer
56  * @param param		Parameter to read
57  * @return Requested parameter value
58  */
59 uint32_t vb2_secdata_firmware_get(struct vb2_context *ctx,
60 				  enum vb2_secdata_firmware_param param);
61 
62 /**
63  * Write a firmware secure storage value.
64  *
65  * @param ctx		Context pointer
66  * @param param		Parameter to write
67  * @param value		New value
68  */
69 void vb2_secdata_firmware_set(struct vb2_context *ctx,
70 			      enum vb2_secdata_firmware_param param,
71 			      uint32_t value);
72 
73 /*****************************************************************************/
74 /* Kernel secure storage space
75  *
76  * These are separate functions so that they don't bloat the size of the early
77  * boot code which uses the firmware version space functions.
78  */
79 
80 /* Which param to get/set for vb2_secdata_kernel_get/set() */
81 enum vb2_secdata_kernel_param {
82 	/* Kernel versions */
83 	VB2_SECDATA_KERNEL_VERSIONS = 0,
84 
85 	/* Flags; see vb2_secdata_kernel_flags */
86 	VB2_SECDATA_KERNEL_FLAGS,
87 };
88 
89 /* Flags for kernel space */
90 enum vb2_secdata_kernel_flags {
91 	/*
92 	 * Phone recovery functionality is disabled.
93 	 *
94 	 * Deprecated with CL:3718621.
95 	 */
96 	VB2_SECDATA_KERNEL_DEPRECATED_FLAG_PHONE_RECOVERY_DISABLED = (1 << 0),
97 
98 	/* Phone recovery instructions in recovery UI are disabled.
99 	 *
100 	 * Deprecated with CL:3718621.
101 	 */
102 	VB2_SECDATA_KERNEL_DEPRECATED_FLAG_PHONE_RECOVERY_UI_DISABLED = (1 << 1),
103 
104 	/*
105 	 * Diagnostic UI is disabled.  This includes both hiding the entry
106 	 * point on the recovery UI menu ("Launch diagnostics"), and
107 	 * disallowing the user from booting into the diagnostic UI.
108 	 */
109 	VB2_SECDATA_KERNEL_FLAG_DIAGNOSTIC_UI_DISABLED = (1 << 2),
110 
111 	/*
112 	 * Allow HW acceleration for crypto
113 	 *
114 	 * RW firmware currently set this flag to enable HW acceleration
115 	 * for crypto. Verstage will use HW implementation for RSA/SHA
116 	 * only when this flag is set.
117 	 *
118 	 * Note: We used a flag in the FW preamble for this before.
119 	 * FW preamble was checked by verstage so the effect was immediate.
120 	 * However with TPM flag we have to modify this in RW stage which is
121 	 * after verstage, so even if we clear this flag the first boot
122 	 * WILL use hwcrypto, RW stage will run and clear this flag and then
123 	 * hwcrypto will be disabled from next boot.
124 	 */
125 	VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED = (1 << 3),
126 };
127 
128 /**
129  * Initialize kernel secure storage context and verify its CRC.
130  *
131  * This must be called before vb2_secdata_kernel_get/set().
132  *
133  * @param ctx		Context pointer
134  * @return VB2_SUCCESS, or non-zero error code if error.
135  */
136 vb2_error_t vb2_secdata_kernel_init(struct vb2_context *ctx);
137 
138 /**
139  * Read a kernel secure storage value.
140  *
141  * @param ctx		Context pointer
142  * @param param		Parameter to read
143  * @return Requested parameter value
144  */
145 uint32_t vb2_secdata_kernel_get(struct vb2_context *ctx,
146 				enum vb2_secdata_kernel_param param);
147 
148 /**
149  * Write a kernel secure storage value.
150  *
151  * @param ctx		Context pointer
152  * @param param		Parameter to write
153  * @param value		New value
154  */
155 void vb2_secdata_kernel_set(struct vb2_context *ctx,
156 			    enum vb2_secdata_kernel_param param,
157 			    uint32_t value);
158 
159 /**
160  * Get ec_hash from kernel secure storage.
161  *
162  * @param ctx		Context pointer
163  * @return Buffer where hash is stored or NULL on error.
164  */
165 const uint8_t *vb2_secdata_kernel_get_ec_hash(struct vb2_context *ctx);
166 
167 /**
168  * Set ec_hash in kernel secure storage.
169  *
170  * @param ctx		Context pointer
171  * @param sha256	Hash to be set. 32 bytes.
172  */
173 void vb2_secdata_kernel_set_ec_hash(struct vb2_context *ctx,
174 				    const uint8_t *sha256);
175 
176 /*****************************************************************************/
177 /* Firmware management parameters (FWMP) space */
178 
179 /* Flags for FWMP space */
180 enum vb2_secdata_fwmp_flags {
181 	VB2_SECDATA_FWMP_DEV_DISABLE_BOOT = (1 << 0),
182 	VB2_SECDATA_FWMP_DEV_DISABLE_RECOVERY = (1 << 1),
183 	VB2_SECDATA_FWMP_DEV_ENABLE_EXTERNAL = (1 << 2),
184 	VB2_SECDATA_FWMP_DEV_ENABLE_ALTFW = (1 << 3),
185 	VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY = (1 << 4),
186 	VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5),
187 	/* CCD = case-closed debugging on GSC; flag implemented on GSC */
188 	VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6),
189 	VB2_SECDATA_FWMP_DEV_FIPS_MODE = (1 << 7),
190 };
191 
192 /**
193  * Initialize FWMP secure storage context and verify its CRC.
194  *
195  * This must be called before vb2_secdata_fwmp_get_flag/get_dev_key_hash().
196  *
197  * @param ctx		Context pointer
198  * @return VB2_SUCCESS, or non-zero error code if error.
199  */
200 vb2_error_t vb2_secdata_fwmp_init(struct vb2_context *ctx);
201 
202 /**
203  * Read a FWMP secure storage flag value.
204  *
205  * It is unsupported to call before successfully running vb2_secdata_fwmp_init.
206  * In this case, vboot will fail and exit.
207  *
208  * @param ctx		Context pointer
209  * @param flag		Flag to read
210  * @return current flag value (0 or 1)
211  */
212 int vb2_secdata_fwmp_get_flag(struct vb2_context *ctx,
213 			      enum vb2_secdata_fwmp_flags flag);
214 
215 /**
216  * Return a pointer to FWMP dev key hash.
217  *
218  * @param ctx		Context pointer
219  * @return uint8_t pointer to dev_key_hash field
220  */
221 uint8_t *vb2_secdata_fwmp_get_dev_key_hash(struct vb2_context *ctx);
222 
223 #endif  /* VBOOT_REFERENCE_2SECDATA_H_ */
224