1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2014 The ChromiumOS Authors
2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be
3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file.
4*8617a60dSAndroid Build Coastguard Worker *
5*8617a60dSAndroid Build Coastguard Worker * Externally-callable APIs
6*8617a60dSAndroid Build Coastguard Worker * (Firmware portion)
7*8617a60dSAndroid Build Coastguard Worker */
8*8617a60dSAndroid Build Coastguard Worker
9*8617a60dSAndroid Build Coastguard Worker #include "2api.h"
10*8617a60dSAndroid Build Coastguard Worker #include "2common.h"
11*8617a60dSAndroid Build Coastguard Worker #include "2misc.h"
12*8617a60dSAndroid Build Coastguard Worker #include "2nvstorage.h"
13*8617a60dSAndroid Build Coastguard Worker #include "2rsa.h"
14*8617a60dSAndroid Build Coastguard Worker #include "2secdata.h"
15*8617a60dSAndroid Build Coastguard Worker #include "2sha.h"
16*8617a60dSAndroid Build Coastguard Worker #include "2sysincludes.h"
17*8617a60dSAndroid Build Coastguard Worker #include "2tpm_bootmode.h"
18*8617a60dSAndroid Build Coastguard Worker
vb2api_inject_kernel_subkey(struct vb2_context * ctx,const uint8_t * kernel_packed_key_data,uint32_t kernel_packed_key_data_size)19*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2api_inject_kernel_subkey(
20*8617a60dSAndroid Build Coastguard Worker struct vb2_context *ctx,
21*8617a60dSAndroid Build Coastguard Worker const uint8_t *kernel_packed_key_data,
22*8617a60dSAndroid Build Coastguard Worker uint32_t kernel_packed_key_data_size)
23*8617a60dSAndroid Build Coastguard Worker {
24*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd;
25*8617a60dSAndroid Build Coastguard Worker enum vb2_boot_mode *boot_mode;
26*8617a60dSAndroid Build Coastguard Worker struct vb2_workbuf wb;
27*8617a60dSAndroid Build Coastguard Worker struct vb2_packed_key *kernel_packed_key;
28*8617a60dSAndroid Build Coastguard Worker uint32_t kernel_packed_key_size;
29*8617a60dSAndroid Build Coastguard Worker void *dst_packed_key;
30*8617a60dSAndroid Build Coastguard Worker
31*8617a60dSAndroid Build Coastguard Worker sd = vb2_get_sd(ctx);
32*8617a60dSAndroid Build Coastguard Worker vb2_workbuf_from_ctx(ctx, &wb);
33*8617a60dSAndroid Build Coastguard Worker
34*8617a60dSAndroid Build Coastguard Worker /* Fully initialize the context and shared data. */
35*8617a60dSAndroid Build Coastguard Worker sd->flags = 0;
36*8617a60dSAndroid Build Coastguard Worker /* Not in recovery. */
37*8617a60dSAndroid Build Coastguard Worker sd->recovery_reason = 0;
38*8617a60dSAndroid Build Coastguard Worker /* FW not used. */
39*8617a60dSAndroid Build Coastguard Worker sd->last_fw_slot = VB2_FW_SLOT_A;
40*8617a60dSAndroid Build Coastguard Worker sd->last_fw_result = VB2_FW_RESULT_UNKNOWN;
41*8617a60dSAndroid Build Coastguard Worker sd->fw_slot = VB2_FW_SLOT_A;
42*8617a60dSAndroid Build Coastguard Worker sd->fw_version = 0;
43*8617a60dSAndroid Build Coastguard Worker sd->fw_version_secdata = 0;
44*8617a60dSAndroid Build Coastguard Worker /* Clear status field. */
45*8617a60dSAndroid Build Coastguard Worker sd->status = 0;
46*8617a60dSAndroid Build Coastguard Worker /* Invalid offset indicating GBB data is not available. */
47*8617a60dSAndroid Build Coastguard Worker sd->gbb_offset = 0;
48*8617a60dSAndroid Build Coastguard Worker sd->kernel_version = 0;
49*8617a60dSAndroid Build Coastguard Worker sd->kernel_version_secdata = 0;
50*8617a60dSAndroid Build Coastguard Worker ctx->flags = 0;
51*8617a60dSAndroid Build Coastguard Worker boot_mode = (enum vb2_boot_mode *)&ctx->boot_mode;
52*8617a60dSAndroid Build Coastguard Worker *boot_mode = VB2_BOOT_MODE_NORMAL;
53*8617a60dSAndroid Build Coastguard Worker
54*8617a60dSAndroid Build Coastguard Worker /* Make sure passed buffer is big enough for the packed key. */
55*8617a60dSAndroid Build Coastguard Worker kernel_packed_key = (struct vb2_packed_key *)kernel_packed_key_data;
56*8617a60dSAndroid Build Coastguard Worker VB2_TRY(vb2_verify_packed_key_inside(kernel_packed_key_data,
57*8617a60dSAndroid Build Coastguard Worker kernel_packed_key_data_size,
58*8617a60dSAndroid Build Coastguard Worker kernel_packed_key));
59*8617a60dSAndroid Build Coastguard Worker
60*8617a60dSAndroid Build Coastguard Worker /* Allocate space in the workbuf in which to copy the key. */
61*8617a60dSAndroid Build Coastguard Worker kernel_packed_key_size =
62*8617a60dSAndroid Build Coastguard Worker kernel_packed_key->key_offset + kernel_packed_key->key_size;
63*8617a60dSAndroid Build Coastguard Worker dst_packed_key = vb2_workbuf_alloc(&wb, kernel_packed_key_size);
64*8617a60dSAndroid Build Coastguard Worker if (!dst_packed_key)
65*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_WORKBUF_SMALL;
66*8617a60dSAndroid Build Coastguard Worker
67*8617a60dSAndroid Build Coastguard Worker /* Copy the packed key data into the workbuf. */
68*8617a60dSAndroid Build Coastguard Worker memcpy(dst_packed_key, kernel_packed_key_data, kernel_packed_key_size);
69*8617a60dSAndroid Build Coastguard Worker
70*8617a60dSAndroid Build Coastguard Worker /* Set the location of the kernel key data in the context. */
71*8617a60dSAndroid Build Coastguard Worker sd->kernel_key_offset = vb2_offset_of(sd, dst_packed_key);
72*8617a60dSAndroid Build Coastguard Worker sd->kernel_key_size = kernel_packed_key_size;
73*8617a60dSAndroid Build Coastguard Worker
74*8617a60dSAndroid Build Coastguard Worker vb2_set_workbuf_used(ctx,
75*8617a60dSAndroid Build Coastguard Worker sd->kernel_key_offset + kernel_packed_key_size);
76*8617a60dSAndroid Build Coastguard Worker
77*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
78*8617a60dSAndroid Build Coastguard Worker }
79*8617a60dSAndroid Build Coastguard Worker
vb2api_fw_phase1(struct vb2_context * ctx)80*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx)
81*8617a60dSAndroid Build Coastguard Worker {
82*8617a60dSAndroid Build Coastguard Worker vb2_error_t rv;
83*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
84*8617a60dSAndroid Build Coastguard Worker
85*8617a60dSAndroid Build Coastguard Worker /* Initialize NV context */
86*8617a60dSAndroid Build Coastguard Worker vb2_nv_init(ctx);
87*8617a60dSAndroid Build Coastguard Worker
88*8617a60dSAndroid Build Coastguard Worker /*
89*8617a60dSAndroid Build Coastguard Worker * Handle caller-requested reboot due to secdata. Do this before we
90*8617a60dSAndroid Build Coastguard Worker * even look at secdata. If we fail because of a reboot loop we'll be
91*8617a60dSAndroid Build Coastguard Worker * the first failure so will get to set the recovery reason.
92*8617a60dSAndroid Build Coastguard Worker */
93*8617a60dSAndroid Build Coastguard Worker if (!(ctx->flags & VB2_CONTEXT_SECDATA_WANTS_REBOOT)) {
94*8617a60dSAndroid Build Coastguard Worker /* No reboot requested */
95*8617a60dSAndroid Build Coastguard Worker vb2_nv_set(ctx, VB2_NV_TPM_REQUESTED_REBOOT, 0);
96*8617a60dSAndroid Build Coastguard Worker } else if (vb2_nv_get(ctx, VB2_NV_TPM_REQUESTED_REBOOT)) {
97*8617a60dSAndroid Build Coastguard Worker /*
98*8617a60dSAndroid Build Coastguard Worker * Reboot requested... again. Fool me once, shame on you.
99*8617a60dSAndroid Build Coastguard Worker * Fool me twice, shame on me. Fail into recovery to avoid
100*8617a60dSAndroid Build Coastguard Worker * a reboot loop.
101*8617a60dSAndroid Build Coastguard Worker */
102*8617a60dSAndroid Build Coastguard Worker vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_REBOOT, 0);
103*8617a60dSAndroid Build Coastguard Worker } else {
104*8617a60dSAndroid Build Coastguard Worker /* Reboot requested for the first time */
105*8617a60dSAndroid Build Coastguard Worker vb2_nv_set(ctx, VB2_NV_TPM_REQUESTED_REBOOT, 1);
106*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_PHASE1_SECDATA_REBOOT;
107*8617a60dSAndroid Build Coastguard Worker }
108*8617a60dSAndroid Build Coastguard Worker
109*8617a60dSAndroid Build Coastguard Worker /* Initialize firmware & kernel secure data */
110*8617a60dSAndroid Build Coastguard Worker rv = vb2_secdata_firmware_init(ctx);
111*8617a60dSAndroid Build Coastguard Worker if (rv)
112*8617a60dSAndroid Build Coastguard Worker vb2api_fail(ctx, VB2_RECOVERY_SECDATA_FIRMWARE_INIT, rv);
113*8617a60dSAndroid Build Coastguard Worker
114*8617a60dSAndroid Build Coastguard Worker rv = vb2_secdata_kernel_init(ctx);
115*8617a60dSAndroid Build Coastguard Worker if (rv)
116*8617a60dSAndroid Build Coastguard Worker vb2api_fail(ctx, VB2_RECOVERY_SECDATA_KERNEL_INIT, rv);
117*8617a60dSAndroid Build Coastguard Worker
118*8617a60dSAndroid Build Coastguard Worker /* Load and parse the GBB header */
119*8617a60dSAndroid Build Coastguard Worker rv = vb2_fw_init_gbb(ctx);
120*8617a60dSAndroid Build Coastguard Worker if (rv)
121*8617a60dSAndroid Build Coastguard Worker vb2api_fail(ctx, VB2_RECOVERY_GBB_HEADER, rv);
122*8617a60dSAndroid Build Coastguard Worker
123*8617a60dSAndroid Build Coastguard Worker /* Check for dev switch */
124*8617a60dSAndroid Build Coastguard Worker rv = vb2_check_dev_switch(ctx);
125*8617a60dSAndroid Build Coastguard Worker if (rv)
126*8617a60dSAndroid Build Coastguard Worker vb2api_fail(ctx, VB2_RECOVERY_DEV_SWITCH, rv);
127*8617a60dSAndroid Build Coastguard Worker
128*8617a60dSAndroid Build Coastguard Worker /*
129*8617a60dSAndroid Build Coastguard Worker * Check for recovery. Note that this function returns void, since any
130*8617a60dSAndroid Build Coastguard Worker * errors result in requesting recovery. That's also why we don't
131*8617a60dSAndroid Build Coastguard Worker * return error from failures in the preceding steps; those failures
132*8617a60dSAndroid Build Coastguard Worker * simply cause us to detect recovery mode here.
133*8617a60dSAndroid Build Coastguard Worker */
134*8617a60dSAndroid Build Coastguard Worker vb2_check_recovery(ctx);
135*8617a60dSAndroid Build Coastguard Worker
136*8617a60dSAndroid Build Coastguard Worker /* Decide the boot mode */
137*8617a60dSAndroid Build Coastguard Worker vb2_set_boot_mode(ctx);
138*8617a60dSAndroid Build Coastguard Worker
139*8617a60dSAndroid Build Coastguard Worker /*
140*8617a60dSAndroid Build Coastguard Worker * Initialize display if VB2_NV_DISPLAY_REQUEST is set or in non-normal
141*8617a60dSAndroid Build Coastguard Worker * boot mode.
142*8617a60dSAndroid Build Coastguard Worker */
143*8617a60dSAndroid Build Coastguard Worker if (vb2_nv_get(ctx, VB2_NV_DISPLAY_REQUEST) ||
144*8617a60dSAndroid Build Coastguard Worker ctx->boot_mode != VB2_BOOT_MODE_NORMAL)
145*8617a60dSAndroid Build Coastguard Worker ctx->flags |= VB2_CONTEXT_DISPLAY_INIT;
146*8617a60dSAndroid Build Coastguard Worker
147*8617a60dSAndroid Build Coastguard Worker /* Mark display as available for downstream vboot and vboot callers. */
148*8617a60dSAndroid Build Coastguard Worker if (ctx->flags & VB2_CONTEXT_DISPLAY_INIT)
149*8617a60dSAndroid Build Coastguard Worker sd->flags |= VB2_SD_FLAG_DISPLAY_AVAILABLE;
150*8617a60dSAndroid Build Coastguard Worker
151*8617a60dSAndroid Build Coastguard Worker /* Return error if recovery is needed */
152*8617a60dSAndroid Build Coastguard Worker if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) {
153*8617a60dSAndroid Build Coastguard Worker /* Always clear RAM when entering recovery mode */
154*8617a60dSAndroid Build Coastguard Worker ctx->flags |= VB2_CONTEXT_CLEAR_RAM;
155*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_PHASE1_RECOVERY;
156*8617a60dSAndroid Build Coastguard Worker }
157*8617a60dSAndroid Build Coastguard Worker
158*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
159*8617a60dSAndroid Build Coastguard Worker }
160*8617a60dSAndroid Build Coastguard Worker
vb2api_fw_phase2(struct vb2_context * ctx)161*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2api_fw_phase2(struct vb2_context *ctx)
162*8617a60dSAndroid Build Coastguard Worker {
163*8617a60dSAndroid Build Coastguard Worker /*
164*8617a60dSAndroid Build Coastguard Worker * Use the slot from the last boot if this is a resume. Do not set
165*8617a60dSAndroid Build Coastguard Worker * VB2_SD_STATUS_CHOSE_SLOT so the try counter is not decremented on
166*8617a60dSAndroid Build Coastguard Worker * failure as we are explicitly not attempting to boot from a new slot.
167*8617a60dSAndroid Build Coastguard Worker */
168*8617a60dSAndroid Build Coastguard Worker if (ctx->flags & VB2_CONTEXT_S3_RESUME) {
169*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
170*8617a60dSAndroid Build Coastguard Worker
171*8617a60dSAndroid Build Coastguard Worker /* Set the current slot to the last booted slot */
172*8617a60dSAndroid Build Coastguard Worker sd->fw_slot = vb2_nv_get(ctx, VB2_NV_FW_TRIED);
173*8617a60dSAndroid Build Coastguard Worker
174*8617a60dSAndroid Build Coastguard Worker /* Set context flag if we're using slot B */
175*8617a60dSAndroid Build Coastguard Worker if (sd->fw_slot)
176*8617a60dSAndroid Build Coastguard Worker ctx->flags |= VB2_CONTEXT_FW_SLOT_B;
177*8617a60dSAndroid Build Coastguard Worker
178*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
179*8617a60dSAndroid Build Coastguard Worker }
180*8617a60dSAndroid Build Coastguard Worker
181*8617a60dSAndroid Build Coastguard Worker /* Always clear RAM when entering developer mode */
182*8617a60dSAndroid Build Coastguard Worker if (ctx->flags & VB2_CONTEXT_DEVELOPER_MODE)
183*8617a60dSAndroid Build Coastguard Worker ctx->flags |= VB2_CONTEXT_CLEAR_RAM;
184*8617a60dSAndroid Build Coastguard Worker
185*8617a60dSAndroid Build Coastguard Worker /* Check for explicit request to clear TPM */
186*8617a60dSAndroid Build Coastguard Worker VB2_TRY(vb2_check_tpm_clear(ctx), ctx, VB2_RECOVERY_TPM_CLEAR_OWNER);
187*8617a60dSAndroid Build Coastguard Worker
188*8617a60dSAndroid Build Coastguard Worker /* Decide which firmware slot to try this boot */
189*8617a60dSAndroid Build Coastguard Worker VB2_TRY(vb2_select_fw_slot(ctx), ctx, VB2_RECOVERY_FW_SLOT);
190*8617a60dSAndroid Build Coastguard Worker
191*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
192*8617a60dSAndroid Build Coastguard Worker }
193*8617a60dSAndroid Build Coastguard Worker
vb2api_extend_hash(struct vb2_context * ctx,const void * buf,uint32_t size)194*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2api_extend_hash(struct vb2_context *ctx,
195*8617a60dSAndroid Build Coastguard Worker const void *buf,
196*8617a60dSAndroid Build Coastguard Worker uint32_t size)
197*8617a60dSAndroid Build Coastguard Worker {
198*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
199*8617a60dSAndroid Build Coastguard Worker struct vb2_digest_context *dc = (struct vb2_digest_context *)
200*8617a60dSAndroid Build Coastguard Worker vb2_member_of(sd, sd->hash_offset);
201*8617a60dSAndroid Build Coastguard Worker
202*8617a60dSAndroid Build Coastguard Worker /* Must have initialized hash digest work area */
203*8617a60dSAndroid Build Coastguard Worker if (!sd->hash_size)
204*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_EXTEND_HASH_WORKBUF;
205*8617a60dSAndroid Build Coastguard Worker
206*8617a60dSAndroid Build Coastguard Worker /* Don't extend past the data we expect to hash */
207*8617a60dSAndroid Build Coastguard Worker if (!size || size > sd->hash_remaining_size)
208*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_EXTEND_HASH_SIZE;
209*8617a60dSAndroid Build Coastguard Worker
210*8617a60dSAndroid Build Coastguard Worker sd->hash_remaining_size -= size;
211*8617a60dSAndroid Build Coastguard Worker
212*8617a60dSAndroid Build Coastguard Worker return vb2_digest_extend(dc, buf, size);
213*8617a60dSAndroid Build Coastguard Worker }
214*8617a60dSAndroid Build Coastguard Worker
vb2api_get_pcr_digest(struct vb2_context * ctx,enum vb2_pcr_digest which_digest,uint8_t * dest,uint32_t * dest_size)215*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2api_get_pcr_digest(struct vb2_context *ctx,
216*8617a60dSAndroid Build Coastguard Worker enum vb2_pcr_digest which_digest,
217*8617a60dSAndroid Build Coastguard Worker uint8_t *dest,
218*8617a60dSAndroid Build Coastguard Worker uint32_t *dest_size)
219*8617a60dSAndroid Build Coastguard Worker {
220*8617a60dSAndroid Build Coastguard Worker const uint8_t *digest;
221*8617a60dSAndroid Build Coastguard Worker uint32_t digest_size;
222*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd;
223*8617a60dSAndroid Build Coastguard Worker
224*8617a60dSAndroid Build Coastguard Worker switch (which_digest) {
225*8617a60dSAndroid Build Coastguard Worker case BOOT_MODE_PCR:
226*8617a60dSAndroid Build Coastguard Worker digest = vb2_get_boot_state_digest(ctx);
227*8617a60dSAndroid Build Coastguard Worker digest_size = VB2_SHA1_DIGEST_SIZE;
228*8617a60dSAndroid Build Coastguard Worker break;
229*8617a60dSAndroid Build Coastguard Worker case HWID_DIGEST_PCR:
230*8617a60dSAndroid Build Coastguard Worker digest = vb2_get_gbb(ctx)->hwid_digest;
231*8617a60dSAndroid Build Coastguard Worker digest_size = VB2_GBB_HWID_DIGEST_SIZE;
232*8617a60dSAndroid Build Coastguard Worker break;
233*8617a60dSAndroid Build Coastguard Worker case FIRMWARE_VERSION_PCR:
234*8617a60dSAndroid Build Coastguard Worker sd = vb2_get_sd(ctx);
235*8617a60dSAndroid Build Coastguard Worker digest = (uint8_t *)&sd->fw_version;
236*8617a60dSAndroid Build Coastguard Worker digest_size = sizeof(sd->fw_version);
237*8617a60dSAndroid Build Coastguard Worker break;
238*8617a60dSAndroid Build Coastguard Worker case KERNEL_VERSION_PCR:
239*8617a60dSAndroid Build Coastguard Worker sd = vb2_get_sd(ctx);
240*8617a60dSAndroid Build Coastguard Worker digest = (uint8_t *)&sd->kernel_version;
241*8617a60dSAndroid Build Coastguard Worker digest_size = sizeof(sd->kernel_version);
242*8617a60dSAndroid Build Coastguard Worker break;
243*8617a60dSAndroid Build Coastguard Worker default:
244*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_PCR_DIGEST;
245*8617a60dSAndroid Build Coastguard Worker }
246*8617a60dSAndroid Build Coastguard Worker
247*8617a60dSAndroid Build Coastguard Worker if (digest == NULL || *dest_size < digest_size)
248*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_PCR_DIGEST_BUF;
249*8617a60dSAndroid Build Coastguard Worker
250*8617a60dSAndroid Build Coastguard Worker memcpy(dest, digest, digest_size);
251*8617a60dSAndroid Build Coastguard Worker if (digest_size < *dest_size)
252*8617a60dSAndroid Build Coastguard Worker memset(dest + digest_size, 0, *dest_size - digest_size);
253*8617a60dSAndroid Build Coastguard Worker
254*8617a60dSAndroid Build Coastguard Worker *dest_size = digest_size;
255*8617a60dSAndroid Build Coastguard Worker
256*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
257*8617a60dSAndroid Build Coastguard Worker }
258*8617a60dSAndroid Build Coastguard Worker
vb2api_fw_phase3(struct vb2_context * ctx)259*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2api_fw_phase3(struct vb2_context *ctx)
260*8617a60dSAndroid Build Coastguard Worker {
261*8617a60dSAndroid Build Coastguard Worker /* Verify firmware keyblock */
262*8617a60dSAndroid Build Coastguard Worker VB2_TRY(vb2_load_fw_keyblock(ctx), ctx, VB2_RECOVERY_RO_INVALID_RW);
263*8617a60dSAndroid Build Coastguard Worker
264*8617a60dSAndroid Build Coastguard Worker /* Verify firmware preamble */
265*8617a60dSAndroid Build Coastguard Worker VB2_TRY(vb2_load_fw_preamble(ctx), ctx, VB2_RECOVERY_RO_INVALID_RW);
266*8617a60dSAndroid Build Coastguard Worker
267*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
268*8617a60dSAndroid Build Coastguard Worker }
269*8617a60dSAndroid Build Coastguard Worker
vb2api_init_hash(struct vb2_context * ctx,uint32_t tag)270*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2api_init_hash(struct vb2_context *ctx, uint32_t tag)
271*8617a60dSAndroid Build Coastguard Worker {
272*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
273*8617a60dSAndroid Build Coastguard Worker const struct vb2_fw_preamble *pre;
274*8617a60dSAndroid Build Coastguard Worker struct vb2_digest_context *dc;
275*8617a60dSAndroid Build Coastguard Worker struct vb2_public_key key;
276*8617a60dSAndroid Build Coastguard Worker struct vb2_workbuf wb;
277*8617a60dSAndroid Build Coastguard Worker
278*8617a60dSAndroid Build Coastguard Worker vb2_workbuf_from_ctx(ctx, &wb);
279*8617a60dSAndroid Build Coastguard Worker
280*8617a60dSAndroid Build Coastguard Worker if (tag == VB2_HASH_TAG_INVALID)
281*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_INIT_HASH_TAG;
282*8617a60dSAndroid Build Coastguard Worker
283*8617a60dSAndroid Build Coastguard Worker /* Get preamble pointer */
284*8617a60dSAndroid Build Coastguard Worker if (!sd->preamble_size)
285*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_INIT_HASH_PREAMBLE;
286*8617a60dSAndroid Build Coastguard Worker pre = (const struct vb2_fw_preamble *)
287*8617a60dSAndroid Build Coastguard Worker vb2_member_of(sd, sd->preamble_offset);
288*8617a60dSAndroid Build Coastguard Worker
289*8617a60dSAndroid Build Coastguard Worker /* For now, we only support the firmware body tag */
290*8617a60dSAndroid Build Coastguard Worker if (tag != VB2_HASH_TAG_FW_BODY)
291*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_INIT_HASH_TAG;
292*8617a60dSAndroid Build Coastguard Worker
293*8617a60dSAndroid Build Coastguard Worker /* Allocate workbuf space for the hash */
294*8617a60dSAndroid Build Coastguard Worker if (sd->hash_size) {
295*8617a60dSAndroid Build Coastguard Worker dc = (struct vb2_digest_context *)
296*8617a60dSAndroid Build Coastguard Worker vb2_member_of(sd, sd->hash_offset);
297*8617a60dSAndroid Build Coastguard Worker } else {
298*8617a60dSAndroid Build Coastguard Worker uint32_t dig_size = sizeof(*dc);
299*8617a60dSAndroid Build Coastguard Worker
300*8617a60dSAndroid Build Coastguard Worker dc = vb2_workbuf_alloc(&wb, dig_size);
301*8617a60dSAndroid Build Coastguard Worker if (!dc)
302*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_INIT_HASH_WORKBUF;
303*8617a60dSAndroid Build Coastguard Worker
304*8617a60dSAndroid Build Coastguard Worker sd->hash_offset = vb2_offset_of(sd, dc);
305*8617a60dSAndroid Build Coastguard Worker sd->hash_size = dig_size;
306*8617a60dSAndroid Build Coastguard Worker vb2_set_workbuf_used(ctx, sd->hash_offset + dig_size);
307*8617a60dSAndroid Build Coastguard Worker }
308*8617a60dSAndroid Build Coastguard Worker
309*8617a60dSAndroid Build Coastguard Worker /*
310*8617a60dSAndroid Build Coastguard Worker * Work buffer now contains:
311*8617a60dSAndroid Build Coastguard Worker * - vb2_shared_data
312*8617a60dSAndroid Build Coastguard Worker * - packed firmware data key
313*8617a60dSAndroid Build Coastguard Worker * - firmware preamble
314*8617a60dSAndroid Build Coastguard Worker * - hash data
315*8617a60dSAndroid Build Coastguard Worker */
316*8617a60dSAndroid Build Coastguard Worker
317*8617a60dSAndroid Build Coastguard Worker /*
318*8617a60dSAndroid Build Coastguard Worker * Unpack the firmware data key to see which hashing algorithm we
319*8617a60dSAndroid Build Coastguard Worker * should use. Zero body data size means, that signature contains
320*8617a60dSAndroid Build Coastguard Worker * metadata hash, so vb2api_get_metadata_hash() should be used instead.
321*8617a60dSAndroid Build Coastguard Worker */
322*8617a60dSAndroid Build Coastguard Worker if (!sd->data_key_size || !pre->body_signature.data_size)
323*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_INIT_HASH_DATA_KEY;
324*8617a60dSAndroid Build Coastguard Worker
325*8617a60dSAndroid Build Coastguard Worker VB2_TRY(vb2_unpack_key_buffer(&key,
326*8617a60dSAndroid Build Coastguard Worker vb2_member_of(sd, sd->data_key_offset),
327*8617a60dSAndroid Build Coastguard Worker sd->data_key_size));
328*8617a60dSAndroid Build Coastguard Worker
329*8617a60dSAndroid Build Coastguard Worker sd->hash_tag = tag;
330*8617a60dSAndroid Build Coastguard Worker sd->hash_remaining_size = pre->body_signature.data_size;
331*8617a60dSAndroid Build Coastguard Worker
332*8617a60dSAndroid Build Coastguard Worker return vb2_digest_init(dc, vb2api_hwcrypto_allowed(ctx),
333*8617a60dSAndroid Build Coastguard Worker key.hash_alg, pre->body_signature.data_size);
334*8617a60dSAndroid Build Coastguard Worker }
335*8617a60dSAndroid Build Coastguard Worker
vb2api_check_hash_get_digest(struct vb2_context * ctx,void * digest_out,uint32_t digest_out_size)336*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2api_check_hash_get_digest(struct vb2_context *ctx,
337*8617a60dSAndroid Build Coastguard Worker void *digest_out,
338*8617a60dSAndroid Build Coastguard Worker uint32_t digest_out_size)
339*8617a60dSAndroid Build Coastguard Worker {
340*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
341*8617a60dSAndroid Build Coastguard Worker struct vb2_digest_context *dc = (struct vb2_digest_context *)
342*8617a60dSAndroid Build Coastguard Worker vb2_member_of(sd, sd->hash_offset);
343*8617a60dSAndroid Build Coastguard Worker struct vb2_workbuf wb;
344*8617a60dSAndroid Build Coastguard Worker
345*8617a60dSAndroid Build Coastguard Worker uint8_t *digest;
346*8617a60dSAndroid Build Coastguard Worker uint32_t digest_size = vb2_digest_size(dc->hash_alg);
347*8617a60dSAndroid Build Coastguard Worker
348*8617a60dSAndroid Build Coastguard Worker struct vb2_fw_preamble *pre;
349*8617a60dSAndroid Build Coastguard Worker struct vb2_public_key key;
350*8617a60dSAndroid Build Coastguard Worker
351*8617a60dSAndroid Build Coastguard Worker vb2_workbuf_from_ctx(ctx, &wb);
352*8617a60dSAndroid Build Coastguard Worker
353*8617a60dSAndroid Build Coastguard Worker /* Get preamble pointer */
354*8617a60dSAndroid Build Coastguard Worker if (!sd->preamble_size)
355*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_CHECK_HASH_PREAMBLE;
356*8617a60dSAndroid Build Coastguard Worker pre = vb2_member_of(sd, sd->preamble_offset);
357*8617a60dSAndroid Build Coastguard Worker
358*8617a60dSAndroid Build Coastguard Worker /* Must have initialized hash digest work area */
359*8617a60dSAndroid Build Coastguard Worker if (!sd->hash_size)
360*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_CHECK_HASH_WORKBUF;
361*8617a60dSAndroid Build Coastguard Worker
362*8617a60dSAndroid Build Coastguard Worker /* Should have hashed the right amount of data */
363*8617a60dSAndroid Build Coastguard Worker if (sd->hash_remaining_size)
364*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_CHECK_HASH_SIZE;
365*8617a60dSAndroid Build Coastguard Worker
366*8617a60dSAndroid Build Coastguard Worker /* Allocate the digest */
367*8617a60dSAndroid Build Coastguard Worker digest = vb2_workbuf_alloc(&wb, digest_size);
368*8617a60dSAndroid Build Coastguard Worker if (!digest)
369*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST;
370*8617a60dSAndroid Build Coastguard Worker
371*8617a60dSAndroid Build Coastguard Worker /* Finalize the digest */
372*8617a60dSAndroid Build Coastguard Worker VB2_TRY(vb2_digest_finalize(dc, digest, digest_size));
373*8617a60dSAndroid Build Coastguard Worker
374*8617a60dSAndroid Build Coastguard Worker /* The code below is specific to the body signature */
375*8617a60dSAndroid Build Coastguard Worker if (sd->hash_tag != VB2_HASH_TAG_FW_BODY)
376*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_CHECK_HASH_TAG;
377*8617a60dSAndroid Build Coastguard Worker
378*8617a60dSAndroid Build Coastguard Worker /*
379*8617a60dSAndroid Build Coastguard Worker * In case of verifying a whole memory region the body signature
380*8617a60dSAndroid Build Coastguard Worker * is a *signature* of the body data, not just its hash.
381*8617a60dSAndroid Build Coastguard Worker * So we need to verify the signature.
382*8617a60dSAndroid Build Coastguard Worker */
383*8617a60dSAndroid Build Coastguard Worker
384*8617a60dSAndroid Build Coastguard Worker /* Unpack the data key */
385*8617a60dSAndroid Build Coastguard Worker if (!sd->data_key_size)
386*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_CHECK_HASH_DATA_KEY;
387*8617a60dSAndroid Build Coastguard Worker
388*8617a60dSAndroid Build Coastguard Worker VB2_TRY(vb2_unpack_key_buffer(&key,
389*8617a60dSAndroid Build Coastguard Worker vb2_member_of(sd, sd->data_key_offset),
390*8617a60dSAndroid Build Coastguard Worker sd->data_key_size));
391*8617a60dSAndroid Build Coastguard Worker
392*8617a60dSAndroid Build Coastguard Worker key.allow_hwcrypto = vb2api_hwcrypto_allowed(ctx);
393*8617a60dSAndroid Build Coastguard Worker
394*8617a60dSAndroid Build Coastguard Worker /*
395*8617a60dSAndroid Build Coastguard Worker * Check digest vs. signature. Note that this destroys the signature.
396*8617a60dSAndroid Build Coastguard Worker * That's ok, because we only check each signature once per boot.
397*8617a60dSAndroid Build Coastguard Worker */
398*8617a60dSAndroid Build Coastguard Worker VB2_TRY(vb2_verify_digest(&key, &pre->body_signature, digest, &wb),
399*8617a60dSAndroid Build Coastguard Worker ctx, VB2_RECOVERY_FW_BODY);
400*8617a60dSAndroid Build Coastguard Worker
401*8617a60dSAndroid Build Coastguard Worker if (digest_out != NULL) {
402*8617a60dSAndroid Build Coastguard Worker if (digest_out_size < digest_size)
403*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_CHECK_DIGEST_SIZE;
404*8617a60dSAndroid Build Coastguard Worker memcpy(digest_out, digest, digest_size);
405*8617a60dSAndroid Build Coastguard Worker }
406*8617a60dSAndroid Build Coastguard Worker
407*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
408*8617a60dSAndroid Build Coastguard Worker }
409*8617a60dSAndroid Build Coastguard Worker
vb2api_check_hash(struct vb2_context * ctx)410*8617a60dSAndroid Build Coastguard Worker int vb2api_check_hash(struct vb2_context *ctx)
411*8617a60dSAndroid Build Coastguard Worker {
412*8617a60dSAndroid Build Coastguard Worker return vb2api_check_hash_get_digest(ctx, NULL, 0);
413*8617a60dSAndroid Build Coastguard Worker }
414*8617a60dSAndroid Build Coastguard Worker
vb2api_get_fw_boot_info(struct vb2_context * ctx)415*8617a60dSAndroid Build Coastguard Worker union vb2_fw_boot_info vb2api_get_fw_boot_info(struct vb2_context *ctx)
416*8617a60dSAndroid Build Coastguard Worker {
417*8617a60dSAndroid Build Coastguard Worker union vb2_fw_boot_info info;
418*8617a60dSAndroid Build Coastguard Worker
419*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
420*8617a60dSAndroid Build Coastguard Worker
421*8617a60dSAndroid Build Coastguard Worker info.tries = vb2_nv_get(ctx, VB2_NV_TRY_COUNT);
422*8617a60dSAndroid Build Coastguard Worker info.slot = sd->fw_slot;
423*8617a60dSAndroid Build Coastguard Worker info.prev_slot = sd->last_fw_slot;
424*8617a60dSAndroid Build Coastguard Worker info.prev_result = sd->last_fw_result;
425*8617a60dSAndroid Build Coastguard Worker info.boot_mode = ctx->boot_mode;
426*8617a60dSAndroid Build Coastguard Worker
427*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("boot_mode=`%s`\n", vb2_boot_mode_string(info.boot_mode));
428*8617a60dSAndroid Build Coastguard Worker
429*8617a60dSAndroid Build Coastguard Worker if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) {
430*8617a60dSAndroid Build Coastguard Worker info.recovery_reason = sd->recovery_reason;
431*8617a60dSAndroid Build Coastguard Worker info.recovery_subcode = vb2_nv_get(ctx, VB2_NV_RECOVERY_SUBCODE);
432*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("recovery_reason: %#x / %#x\n",
433*8617a60dSAndroid Build Coastguard Worker info.recovery_reason, info.recovery_subcode);
434*8617a60dSAndroid Build Coastguard Worker }
435*8617a60dSAndroid Build Coastguard Worker
436*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("fw_tried=`%s` fw_try_count=%d "
437*8617a60dSAndroid Build Coastguard Worker "fw_prev_tried=`%s` fw_prev_result=`%s`.\n",
438*8617a60dSAndroid Build Coastguard Worker vb2_slot_string(info.slot), info.tries,
439*8617a60dSAndroid Build Coastguard Worker vb2_slot_string(info.prev_slot),
440*8617a60dSAndroid Build Coastguard Worker vb2_result_string(info.prev_result));
441*8617a60dSAndroid Build Coastguard Worker
442*8617a60dSAndroid Build Coastguard Worker return info;
443*8617a60dSAndroid Build Coastguard Worker }
444*8617a60dSAndroid Build Coastguard Worker
vb2api_get_metadata_hash(struct vb2_context * ctx,struct vb2_hash ** hash_ptr_out)445*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2api_get_metadata_hash(struct vb2_context *ctx,
446*8617a60dSAndroid Build Coastguard Worker struct vb2_hash **hash_ptr_out)
447*8617a60dSAndroid Build Coastguard Worker {
448*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
449*8617a60dSAndroid Build Coastguard Worker struct vb2_workbuf wb;
450*8617a60dSAndroid Build Coastguard Worker struct vb2_fw_preamble *pre;
451*8617a60dSAndroid Build Coastguard Worker
452*8617a60dSAndroid Build Coastguard Worker vb2_workbuf_from_ctx(ctx, &wb);
453*8617a60dSAndroid Build Coastguard Worker
454*8617a60dSAndroid Build Coastguard Worker if (!sd->preamble_size)
455*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_CHECK_HASH_PREAMBLE;
456*8617a60dSAndroid Build Coastguard Worker pre = vb2_member_of(sd, sd->preamble_offset);
457*8617a60dSAndroid Build Coastguard Worker
458*8617a60dSAndroid Build Coastguard Worker /* Zero size of body signature indicates, that signature holds
459*8617a60dSAndroid Build Coastguard Worker vb2_hash inside. */
460*8617a60dSAndroid Build Coastguard Worker if (pre->body_signature.data_size)
461*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_INIT_HASH_DATA_KEY;
462*8617a60dSAndroid Build Coastguard Worker
463*8617a60dSAndroid Build Coastguard Worker struct vb2_hash *hash =
464*8617a60dSAndroid Build Coastguard Worker (struct vb2_hash *)vb2_signature_data(&pre->body_signature);
465*8617a60dSAndroid Build Coastguard Worker const uint32_t hsize = vb2_digest_size(hash->algo);
466*8617a60dSAndroid Build Coastguard Worker if (!hsize || pre->body_signature.sig_size <
467*8617a60dSAndroid Build Coastguard Worker offsetof(struct vb2_hash, raw) + hsize)
468*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_API_CHECK_HASH_SIG_SIZE;
469*8617a60dSAndroid Build Coastguard Worker
470*8617a60dSAndroid Build Coastguard Worker *hash_ptr_out = hash;
471*8617a60dSAndroid Build Coastguard Worker
472*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
473*8617a60dSAndroid Build Coastguard Worker }
474