1*4f2df630SAndroid Build Coastguard Worker /* Copyright 2015 The ChromiumOS Authors 2*4f2df630SAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be 3*4f2df630SAndroid Build Coastguard Worker * found in the LICENSE file. 4*4f2df630SAndroid Build Coastguard Worker */ 5*4f2df630SAndroid Build Coastguard Worker #ifndef __CROS_EC_SIGNED_HEADER_H 6*4f2df630SAndroid Build Coastguard Worker #define __CROS_EC_SIGNED_HEADER_H 7*4f2df630SAndroid Build Coastguard Worker 8*4f2df630SAndroid Build Coastguard Worker #include "compile_time_macros.h" 9*4f2df630SAndroid Build Coastguard Worker #include "stdint.h" 10*4f2df630SAndroid Build Coastguard Worker 11*4f2df630SAndroid Build Coastguard Worker #define FUSE_PADDING 0x55555555 /* baked in hw! */ 12*4f2df630SAndroid Build Coastguard Worker #define FUSE_IGNORE 0xa3badaac /* baked in rom! */ 13*4f2df630SAndroid Build Coastguard Worker #define FUSE_MAX 128 /* baked in rom! */ 14*4f2df630SAndroid Build Coastguard Worker 15*4f2df630SAndroid Build Coastguard Worker #define INFO_MAX 128 /* baked in rom! */ 16*4f2df630SAndroid Build Coastguard Worker #define INFO_IGNORE 0xaa3c55c3 /* baked in rom! */ 17*4f2df630SAndroid Build Coastguard Worker 18*4f2df630SAndroid Build Coastguard Worker #define MAGIC_HAVEN 0xFFFFFFFF 19*4f2df630SAndroid Build Coastguard Worker #define MAGIC_DAUNTLESS 0xFFFFFFFD 20*4f2df630SAndroid Build Coastguard Worker 21*4f2df630SAndroid Build Coastguard Worker /* Default value for _pad[] words */ 22*4f2df630SAndroid Build Coastguard Worker #define SIGNED_HEADER_PADDING 0x33333333 23*4f2df630SAndroid Build Coastguard Worker 24*4f2df630SAndroid Build Coastguard Worker struct SignedHeader { 25*4f2df630SAndroid Build Coastguard Worker uint32_t magic; /* -1 (thanks, boot_sys!) */ 26*4f2df630SAndroid Build Coastguard Worker uint32_t signature[96]; 27*4f2df630SAndroid Build Coastguard Worker uint32_t img_chk_; /* top 32 bit of expected img_hash */ 28*4f2df630SAndroid Build Coastguard Worker /* --------------------- everything below is part of img_hash */ 29*4f2df630SAndroid Build Coastguard Worker uint32_t tag[7]; /* words 0-6 of RWR/FWR */ 30*4f2df630SAndroid Build Coastguard Worker uint32_t keyid; /* word 7 of RWR */ 31*4f2df630SAndroid Build Coastguard Worker uint32_t key[96]; /* public key to verify signature with */ 32*4f2df630SAndroid Build Coastguard Worker uint32_t image_size; 33*4f2df630SAndroid Build Coastguard Worker uint32_t ro_base; /* readonly region */ 34*4f2df630SAndroid Build Coastguard Worker uint32_t ro_max; 35*4f2df630SAndroid Build Coastguard Worker uint32_t rx_base; /* executable region */ 36*4f2df630SAndroid Build Coastguard Worker uint32_t rx_max; 37*4f2df630SAndroid Build Coastguard Worker uint32_t fusemap[FUSE_MAX / (8 * sizeof(uint32_t))]; 38*4f2df630SAndroid Build Coastguard Worker uint32_t infomap[INFO_MAX / (8 * sizeof(uint32_t))]; 39*4f2df630SAndroid Build Coastguard Worker uint32_t epoch_; /* word 7 of FWR */ 40*4f2df630SAndroid Build Coastguard Worker uint32_t major_; /* keyladder count */ 41*4f2df630SAndroid Build Coastguard Worker uint32_t minor_; 42*4f2df630SAndroid Build Coastguard Worker uint64_t timestamp_; /* time of signing */ 43*4f2df630SAndroid Build Coastguard Worker uint32_t p4cl_; 44*4f2df630SAndroid Build Coastguard Worker /* bits to and with FUSE_FW_DEFINED_BROM_APPLYSEC */ 45*4f2df630SAndroid Build Coastguard Worker uint32_t applysec_; 46*4f2df630SAndroid Build Coastguard Worker /* bits to mesh with FUSE_FW_DEFINED_BROM_CONFIG1 */ 47*4f2df630SAndroid Build Coastguard Worker uint32_t config1_; 48*4f2df630SAndroid Build Coastguard Worker /* bits to or with FUSE_FW_DEFINED_BROM_ERR_RESPONSE */ 49*4f2df630SAndroid Build Coastguard Worker uint32_t err_response_; 50*4f2df630SAndroid Build Coastguard Worker /* action to take when expectation is violated */ 51*4f2df630SAndroid Build Coastguard Worker uint32_t expect_response_; 52*4f2df630SAndroid Build Coastguard Worker 53*4f2df630SAndroid Build Coastguard Worker union { 54*4f2df630SAndroid Build Coastguard Worker // 2nd FIPS signature (gnubby RW / Cr51) 55*4f2df630SAndroid Build Coastguard Worker struct { 56*4f2df630SAndroid Build Coastguard Worker uint32_t keyid; 57*4f2df630SAndroid Build Coastguard Worker uint32_t r[8]; 58*4f2df630SAndroid Build Coastguard Worker uint32_t s[8]; 59*4f2df630SAndroid Build Coastguard Worker } ext_sig; 60*4f2df630SAndroid Build Coastguard Worker 61*4f2df630SAndroid Build Coastguard Worker // FLASH trim override (Dauntless RO) 62*4f2df630SAndroid Build Coastguard Worker // iff config1_ & 65536 63*4f2df630SAndroid Build Coastguard Worker struct { 64*4f2df630SAndroid Build Coastguard Worker uint32_t FSH_SMW_SETTING_OPTION3; 65*4f2df630SAndroid Build Coastguard Worker uint32_t FSH_SMW_SETTING_OPTION2; 66*4f2df630SAndroid Build Coastguard Worker uint32_t FSH_SMW_SETTING_OPTIONA; 67*4f2df630SAndroid Build Coastguard Worker uint32_t FSH_SMW_SETTING_OPTIONB; 68*4f2df630SAndroid Build Coastguard Worker uint32_t FSH_SMW_SMP_WHV_OPTION1; 69*4f2df630SAndroid Build Coastguard Worker uint32_t FSH_SMW_SMP_WHV_OPTION0; 70*4f2df630SAndroid Build Coastguard Worker uint32_t FSH_SMW_SME_WHV_OPTION1; 71*4f2df630SAndroid Build Coastguard Worker uint32_t FSH_SMW_SME_WHV_OPTION0; 72*4f2df630SAndroid Build Coastguard Worker } fsh; 73*4f2df630SAndroid Build Coastguard Worker } u; 74*4f2df630SAndroid Build Coastguard Worker 75*4f2df630SAndroid Build Coastguard Worker /* Padding to bring the total structure size to 1K. */ 76*4f2df630SAndroid Build Coastguard Worker uint32_t _pad[5]; 77*4f2df630SAndroid Build Coastguard Worker struct { 78*4f2df630SAndroid Build Coastguard Worker unsigned size : 12; 79*4f2df630SAndroid Build Coastguard Worker unsigned offset : 20; 80*4f2df630SAndroid Build Coastguard Worker } swap_mark; 81*4f2df630SAndroid Build Coastguard Worker 82*4f2df630SAndroid Build Coastguard Worker /* Field for managing updates between RW product families. */ 83*4f2df630SAndroid Build Coastguard Worker uint32_t rw_product_family_; 84*4f2df630SAndroid Build Coastguard Worker /* Board ID type, mask, flags (stored ^SIGNED_HEADER_PADDING) */ 85*4f2df630SAndroid Build Coastguard Worker uint32_t board_id_type; 86*4f2df630SAndroid Build Coastguard Worker uint32_t board_id_type_mask; 87*4f2df630SAndroid Build Coastguard Worker uint32_t board_id_flags; 88*4f2df630SAndroid Build Coastguard Worker uint32_t dev_id0_; /* node id, if locked */ 89*4f2df630SAndroid Build Coastguard Worker uint32_t dev_id1_; 90*4f2df630SAndroid Build Coastguard Worker uint32_t fuses_chk_; /* top 32 bit of expected fuses hash */ 91*4f2df630SAndroid Build Coastguard Worker uint32_t info_chk_; /* top 32 bit of expected info hash */ 92*4f2df630SAndroid Build Coastguard Worker }; 93*4f2df630SAndroid Build Coastguard Worker 94*4f2df630SAndroid Build Coastguard Worker BUILD_ASSERT(sizeof(struct SignedHeader) == 1024); 95*4f2df630SAndroid Build Coastguard Worker BUILD_ASSERT(offsetof(struct SignedHeader, info_chk_) == 1020); 96*4f2df630SAndroid Build Coastguard Worker #define TOP_IMAGE_SIZE_BIT \ 97*4f2df630SAndroid Build Coastguard Worker (1 << (sizeof(((struct SignedHeader *)0)->image_size) * 8 - 1)) 98*4f2df630SAndroid Build Coastguard Worker 99*4f2df630SAndroid Build Coastguard Worker /* 100*4f2df630SAndroid Build Coastguard Worker * It is a mere convention, but all prod keys are required to have key IDs 101*4f2df630SAndroid Build Coastguard Worker * such, that bit D2 is set, and all dev keys are required to have key IDs 102*4f2df630SAndroid Build Coastguard Worker * such, that bit D2 is not set. 103*4f2df630SAndroid Build Coastguard Worker * 104*4f2df630SAndroid Build Coastguard Worker * This convention is enforced at the key generation time. 105*4f2df630SAndroid Build Coastguard Worker */ 106*4f2df630SAndroid Build Coastguard Worker #define G_SIGNED_FOR_PROD(h) ((h)->keyid & BIT(2)) 107*4f2df630SAndroid Build Coastguard Worker 108*4f2df630SAndroid Build Coastguard Worker #endif /* __CROS_EC_SIGNED_HEADER_H */ 109