1 /* Copyright 2015 The ChromiumOS Authors 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 */ 5 #ifndef __CROS_EC_SIGNED_HEADER_H 6 #define __CROS_EC_SIGNED_HEADER_H 7 8 #include "compile_time_macros.h" 9 #include "stdint.h" 10 11 #define FUSE_PADDING 0x55555555 /* baked in hw! */ 12 #define FUSE_IGNORE 0xa3badaac /* baked in rom! */ 13 #define FUSE_MAX 128 /* baked in rom! */ 14 15 #define INFO_MAX 128 /* baked in rom! */ 16 #define INFO_IGNORE 0xaa3c55c3 /* baked in rom! */ 17 18 #define MAGIC_HAVEN 0xFFFFFFFF 19 #define MAGIC_DAUNTLESS 0xFFFFFFFD 20 21 /* Default value for _pad[] words */ 22 #define SIGNED_HEADER_PADDING 0x33333333 23 24 struct SignedHeader { 25 uint32_t magic; /* -1 (thanks, boot_sys!) */ 26 uint32_t signature[96]; 27 uint32_t img_chk_; /* top 32 bit of expected img_hash */ 28 /* --------------------- everything below is part of img_hash */ 29 uint32_t tag[7]; /* words 0-6 of RWR/FWR */ 30 uint32_t keyid; /* word 7 of RWR */ 31 uint32_t key[96]; /* public key to verify signature with */ 32 uint32_t image_size; 33 uint32_t ro_base; /* readonly region */ 34 uint32_t ro_max; 35 uint32_t rx_base; /* executable region */ 36 uint32_t rx_max; 37 uint32_t fusemap[FUSE_MAX / (8 * sizeof(uint32_t))]; 38 uint32_t infomap[INFO_MAX / (8 * sizeof(uint32_t))]; 39 uint32_t epoch_; /* word 7 of FWR */ 40 uint32_t major_; /* keyladder count */ 41 uint32_t minor_; 42 uint64_t timestamp_; /* time of signing */ 43 uint32_t p4cl_; 44 /* bits to and with FUSE_FW_DEFINED_BROM_APPLYSEC */ 45 uint32_t applysec_; 46 /* bits to mesh with FUSE_FW_DEFINED_BROM_CONFIG1 */ 47 uint32_t config1_; 48 /* bits to or with FUSE_FW_DEFINED_BROM_ERR_RESPONSE */ 49 uint32_t err_response_; 50 /* action to take when expectation is violated */ 51 uint32_t expect_response_; 52 53 union { 54 // 2nd FIPS signature (gnubby RW / Cr51) 55 struct { 56 uint32_t keyid; 57 uint32_t r[8]; 58 uint32_t s[8]; 59 } ext_sig; 60 61 // FLASH trim override (Dauntless RO) 62 // iff config1_ & 65536 63 struct { 64 uint32_t FSH_SMW_SETTING_OPTION3; 65 uint32_t FSH_SMW_SETTING_OPTION2; 66 uint32_t FSH_SMW_SETTING_OPTIONA; 67 uint32_t FSH_SMW_SETTING_OPTIONB; 68 uint32_t FSH_SMW_SMP_WHV_OPTION1; 69 uint32_t FSH_SMW_SMP_WHV_OPTION0; 70 uint32_t FSH_SMW_SME_WHV_OPTION1; 71 uint32_t FSH_SMW_SME_WHV_OPTION0; 72 } fsh; 73 } u; 74 75 /* Padding to bring the total structure size to 1K. */ 76 uint32_t _pad[5]; 77 struct { 78 unsigned size : 12; 79 unsigned offset : 20; 80 } swap_mark; 81 82 /* Field for managing updates between RW product families. */ 83 uint32_t rw_product_family_; 84 /* Board ID type, mask, flags (stored ^SIGNED_HEADER_PADDING) */ 85 uint32_t board_id_type; 86 uint32_t board_id_type_mask; 87 uint32_t board_id_flags; 88 uint32_t dev_id0_; /* node id, if locked */ 89 uint32_t dev_id1_; 90 uint32_t fuses_chk_; /* top 32 bit of expected fuses hash */ 91 uint32_t info_chk_; /* top 32 bit of expected info hash */ 92 }; 93 94 BUILD_ASSERT(sizeof(struct SignedHeader) == 1024); 95 BUILD_ASSERT(offsetof(struct SignedHeader, info_chk_) == 1020); 96 #define TOP_IMAGE_SIZE_BIT \ 97 (1 << (sizeof(((struct SignedHeader *)0)->image_size) * 8 - 1)) 98 99 /* 100 * It is a mere convention, but all prod keys are required to have key IDs 101 * such, that bit D2 is set, and all dev keys are required to have key IDs 102 * such, that bit D2 is not set. 103 * 104 * This convention is enforced at the key generation time. 105 */ 106 #define G_SIGNED_FOR_PROD(h) ((h)->keyid & BIT(2)) 107 108 #endif /* __CROS_EC_SIGNED_HEADER_H */ 109