xref: /aosp_15_r20/external/vboot_reference/firmware/2lib/2gbb.c (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2019 The ChromiumOS Authors
2*8617a60dSAndroid Build Coastguard Worker  * Use of this source code is governed by a BSD-style license that can be
3*8617a60dSAndroid Build Coastguard Worker  * found in the LICENSE file.
4*8617a60dSAndroid Build Coastguard Worker  *
5*8617a60dSAndroid Build Coastguard Worker  * GBB accessor functions.
6*8617a60dSAndroid Build Coastguard Worker  */
7*8617a60dSAndroid Build Coastguard Worker 
8*8617a60dSAndroid Build Coastguard Worker #include "2common.h"
9*8617a60dSAndroid Build Coastguard Worker #include "2misc.h"
10*8617a60dSAndroid Build Coastguard Worker 
vb2_gbb_read_key(struct vb2_context * ctx,uint32_t offset,uint32_t * size,struct vb2_packed_key ** keyp,struct vb2_workbuf * wb)11*8617a60dSAndroid Build Coastguard Worker static vb2_error_t vb2_gbb_read_key(struct vb2_context *ctx, uint32_t offset,
12*8617a60dSAndroid Build Coastguard Worker 				    uint32_t *size,
13*8617a60dSAndroid Build Coastguard Worker 				    struct vb2_packed_key **keyp,
14*8617a60dSAndroid Build Coastguard Worker 				    struct vb2_workbuf *wb)
15*8617a60dSAndroid Build Coastguard Worker {
16*8617a60dSAndroid Build Coastguard Worker 	struct vb2_workbuf wblocal = *wb;
17*8617a60dSAndroid Build Coastguard Worker 
18*8617a60dSAndroid Build Coastguard Worker 	/* Check offset and size. */
19*8617a60dSAndroid Build Coastguard Worker 	if (offset < sizeof(struct vb2_gbb_header))
20*8617a60dSAndroid Build Coastguard Worker 		return VB2_ERROR_GBB_INVALID;
21*8617a60dSAndroid Build Coastguard Worker 	if (*size < sizeof(**keyp))
22*8617a60dSAndroid Build Coastguard Worker 		return VB2_ERROR_GBB_INVALID;
23*8617a60dSAndroid Build Coastguard Worker 
24*8617a60dSAndroid Build Coastguard Worker 	/* GBB header might be padded.  Retrieve the vb2_packed_key
25*8617a60dSAndroid Build Coastguard Worker 	   header so we can find out what the real size is. */
26*8617a60dSAndroid Build Coastguard Worker 	*keyp = vb2_workbuf_alloc(&wblocal, sizeof(**keyp));
27*8617a60dSAndroid Build Coastguard Worker 	if (!*keyp)
28*8617a60dSAndroid Build Coastguard Worker 		return VB2_ERROR_GBB_WORKBUF;
29*8617a60dSAndroid Build Coastguard Worker 	VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_GBB, offset, *keyp,
30*8617a60dSAndroid Build Coastguard Worker 				    sizeof(**keyp)));
31*8617a60dSAndroid Build Coastguard Worker 
32*8617a60dSAndroid Build Coastguard Worker 	VB2_TRY(vb2_verify_packed_key_inside(*keyp, *size, *keyp));
33*8617a60dSAndroid Build Coastguard Worker 
34*8617a60dSAndroid Build Coastguard Worker 	/* Deal with a zero-size key (used in testing). */
35*8617a60dSAndroid Build Coastguard Worker 	*size = (*keyp)->key_offset + (*keyp)->key_size;
36*8617a60dSAndroid Build Coastguard Worker 	*size = VB2_MAX(*size, sizeof(**keyp));
37*8617a60dSAndroid Build Coastguard Worker 
38*8617a60dSAndroid Build Coastguard Worker 	/* Now that we know the real size of the key, retrieve the key
39*8617a60dSAndroid Build Coastguard Worker 	   data, and write it on the workbuf, directly after vb2_packed_key. */
40*8617a60dSAndroid Build Coastguard Worker 	*keyp = vb2_workbuf_realloc(&wblocal, sizeof(**keyp), *size);
41*8617a60dSAndroid Build Coastguard Worker 	if (!*keyp)
42*8617a60dSAndroid Build Coastguard Worker 		return VB2_ERROR_GBB_WORKBUF;
43*8617a60dSAndroid Build Coastguard Worker 
44*8617a60dSAndroid Build Coastguard Worker 	VB2_TRY(vb2ex_read_resource(ctx, VB2_RES_GBB,
45*8617a60dSAndroid Build Coastguard Worker 				    offset + sizeof(**keyp),
46*8617a60dSAndroid Build Coastguard Worker 				    (void *)*keyp + sizeof(**keyp),
47*8617a60dSAndroid Build Coastguard Worker 				    *size - sizeof(**keyp)));
48*8617a60dSAndroid Build Coastguard Worker 	*wb = wblocal;
49*8617a60dSAndroid Build Coastguard Worker 	return VB2_SUCCESS;
50*8617a60dSAndroid Build Coastguard Worker }
51*8617a60dSAndroid Build Coastguard Worker 
52*8617a60dSAndroid Build Coastguard Worker test_mockable
vb2_gbb_read_root_key(struct vb2_context * ctx,struct vb2_packed_key ** keyp,uint32_t * size,struct vb2_workbuf * wb)53*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_gbb_read_root_key(struct vb2_context *ctx,
54*8617a60dSAndroid Build Coastguard Worker 				  struct vb2_packed_key **keyp, uint32_t *size,
55*8617a60dSAndroid Build Coastguard Worker 				  struct vb2_workbuf *wb)
56*8617a60dSAndroid Build Coastguard Worker {
57*8617a60dSAndroid Build Coastguard Worker 	struct vb2_gbb_header *gbb = vb2_get_gbb(ctx);
58*8617a60dSAndroid Build Coastguard Worker 	uint32_t size_in = gbb->rootkey_size;
59*8617a60dSAndroid Build Coastguard Worker 	vb2_error_t ret = vb2_gbb_read_key(ctx, gbb->rootkey_offset,
60*8617a60dSAndroid Build Coastguard Worker 					   &size_in, keyp, wb);
61*8617a60dSAndroid Build Coastguard Worker 	if (size)
62*8617a60dSAndroid Build Coastguard Worker 		*size = size_in;
63*8617a60dSAndroid Build Coastguard Worker 	return ret;
64*8617a60dSAndroid Build Coastguard Worker }
65*8617a60dSAndroid Build Coastguard Worker 
66*8617a60dSAndroid Build Coastguard Worker test_mockable
vb2_gbb_read_recovery_key(struct vb2_context * ctx,struct vb2_packed_key ** keyp,uint32_t * size,struct vb2_workbuf * wb)67*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_gbb_read_recovery_key(struct vb2_context *ctx,
68*8617a60dSAndroid Build Coastguard Worker 				      struct vb2_packed_key **keyp,
69*8617a60dSAndroid Build Coastguard Worker 				      uint32_t *size, struct vb2_workbuf *wb)
70*8617a60dSAndroid Build Coastguard Worker {
71*8617a60dSAndroid Build Coastguard Worker 	struct vb2_gbb_header *gbb = vb2_get_gbb(ctx);
72*8617a60dSAndroid Build Coastguard Worker 	uint32_t size_in = gbb->recovery_key_size;
73*8617a60dSAndroid Build Coastguard Worker 	vb2_error_t ret = vb2_gbb_read_key(ctx, gbb->recovery_key_offset,
74*8617a60dSAndroid Build Coastguard Worker 					   &size_in, keyp, wb);
75*8617a60dSAndroid Build Coastguard Worker 	if (size)
76*8617a60dSAndroid Build Coastguard Worker 		*size = size_in;
77*8617a60dSAndroid Build Coastguard Worker 	return ret;
78*8617a60dSAndroid Build Coastguard Worker }
79*8617a60dSAndroid Build Coastguard Worker 
vb2api_gbb_read_hwid(struct vb2_context * ctx,char * hwid,uint32_t * size)80*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2api_gbb_read_hwid(struct vb2_context *ctx, char *hwid,
81*8617a60dSAndroid Build Coastguard Worker 				 uint32_t *size)
82*8617a60dSAndroid Build Coastguard Worker {
83*8617a60dSAndroid Build Coastguard Worker 	struct vb2_gbb_header *gbb = vb2_get_gbb(ctx);
84*8617a60dSAndroid Build Coastguard Worker 	uint32_t i;
85*8617a60dSAndroid Build Coastguard Worker 	vb2_error_t ret;
86*8617a60dSAndroid Build Coastguard Worker 
87*8617a60dSAndroid Build Coastguard Worker 	if (gbb->hwid_size == 0) {
88*8617a60dSAndroid Build Coastguard Worker 		VB2_DEBUG("invalid HWID size %d\n", gbb->hwid_size);
89*8617a60dSAndroid Build Coastguard Worker 		return VB2_ERROR_GBB_INVALID;
90*8617a60dSAndroid Build Coastguard Worker 	}
91*8617a60dSAndroid Build Coastguard Worker 
92*8617a60dSAndroid Build Coastguard Worker 	*size = VB2_MIN(*size, VB2_GBB_HWID_MAX_SIZE);
93*8617a60dSAndroid Build Coastguard Worker 	*size = VB2_MIN(*size, gbb->hwid_size);
94*8617a60dSAndroid Build Coastguard Worker 
95*8617a60dSAndroid Build Coastguard Worker 	ret = vb2ex_read_resource(ctx, VB2_RES_GBB, gbb->hwid_offset,
96*8617a60dSAndroid Build Coastguard Worker 				  hwid, *size);
97*8617a60dSAndroid Build Coastguard Worker 	if (ret) {
98*8617a60dSAndroid Build Coastguard Worker 		VB2_DEBUG("read resource failure: %d\n", ret);
99*8617a60dSAndroid Build Coastguard Worker 		return ret;
100*8617a60dSAndroid Build Coastguard Worker 	}
101*8617a60dSAndroid Build Coastguard Worker 
102*8617a60dSAndroid Build Coastguard Worker 	/* Count HWID size, and ensure that it fits in the given buffer. */
103*8617a60dSAndroid Build Coastguard Worker 	for (i = 0; i < *size; i++) {
104*8617a60dSAndroid Build Coastguard Worker 		if (hwid[i] == '\0') {
105*8617a60dSAndroid Build Coastguard Worker 			*size = i + 1;
106*8617a60dSAndroid Build Coastguard Worker 			break;
107*8617a60dSAndroid Build Coastguard Worker 		}
108*8617a60dSAndroid Build Coastguard Worker 	}
109*8617a60dSAndroid Build Coastguard Worker 	if (hwid[*size - 1] != '\0')
110*8617a60dSAndroid Build Coastguard Worker 		return VB2_ERROR_INVALID_PARAMETER;
111*8617a60dSAndroid Build Coastguard Worker 
112*8617a60dSAndroid Build Coastguard Worker 	return VB2_SUCCESS;
113*8617a60dSAndroid Build Coastguard Worker }
114*8617a60dSAndroid Build Coastguard Worker 
vb2api_gbb_get_flags(struct vb2_context * ctx)115*8617a60dSAndroid Build Coastguard Worker vb2_gbb_flags_t vb2api_gbb_get_flags(struct vb2_context *ctx)
116*8617a60dSAndroid Build Coastguard Worker {
117*8617a60dSAndroid Build Coastguard Worker 	struct vb2_gbb_header *gbb = vb2_get_gbb(ctx);
118*8617a60dSAndroid Build Coastguard Worker 	return gbb->flags;
119*8617a60dSAndroid Build Coastguard Worker }
120*8617a60dSAndroid Build Coastguard Worker 
vb2_get_gbb_flag_description(enum vb2_gbb_flag flag,const char ** name,const char ** description)121*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_get_gbb_flag_description(enum vb2_gbb_flag flag,
122*8617a60dSAndroid Build Coastguard Worker 					 const char **name,
123*8617a60dSAndroid Build Coastguard Worker 					 const char **description)
124*8617a60dSAndroid Build Coastguard Worker {
125*8617a60dSAndroid Build Coastguard Worker 	switch (flag) {
126*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_DEV_SCREEN_SHORT_DELAY:
127*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_DEV_SCREEN_SHORT_DELAY";
128*8617a60dSAndroid Build Coastguard Worker 		*description = "Reduce the dev screen delay to 2 sec from 30 sec.";
129*8617a60dSAndroid Build Coastguard Worker 		break;
130*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_LOAD_OPTION_ROMS:
131*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_LOAD_OPTION_ROMS";
132*8617a60dSAndroid Build Coastguard Worker 		*description = "BIOS should load option ROMs from arbitrary PCI devices.";
133*8617a60dSAndroid Build Coastguard Worker 		break;
134*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_ENABLE_ALTERNATE_OS:
135*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_ENABLE_ALTERNATE_OS";
136*8617a60dSAndroid Build Coastguard Worker 		*description = "Boot a non-ChromeOS kernel.";
137*8617a60dSAndroid Build Coastguard Worker 		break;
138*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON:
139*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_FORCE_DEV_SWITCH_ON";
140*8617a60dSAndroid Build Coastguard Worker 		*description = "Force dev switch on, regardless of physical/keyboard dev switch.";
141*8617a60dSAndroid Build Coastguard Worker 		break;
142*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_FORCE_DEV_BOOT_USB:
143*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_FORCE_DEV_BOOT_USB";
144*8617a60dSAndroid Build Coastguard Worker 		*description = "Allow booting from external disk even if dev_boot_usb=0.";
145*8617a60dSAndroid Build Coastguard Worker 		break;
146*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK:
147*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK";
148*8617a60dSAndroid Build Coastguard Worker 		*description = "Disable firmware rollback protection.";
149*8617a60dSAndroid Build Coastguard Worker 		break;
150*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_ENTER_TRIGGERS_TONORM:
151*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_ENTER_TRIGGERS_TONORM";
152*8617a60dSAndroid Build Coastguard Worker 		*description = "Allow Enter key to trigger dev->tonorm screen transition.";
153*8617a60dSAndroid Build Coastguard Worker 		break;
154*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_FORCE_DEV_BOOT_ALTFW:
155*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_FORCE_DEV_BOOT_ALTFW";
156*8617a60dSAndroid Build Coastguard Worker 		*description =
157*8617a60dSAndroid Build Coastguard Worker 			"Allow booting Legacy OSes even if dev_boot_altfw=0.";
158*8617a60dSAndroid Build Coastguard Worker 		break;
159*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_DEPRECATED_RUNNING_FAFT:
160*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_DEPRECATED_RUNNING_FAFT";
161*8617a60dSAndroid Build Coastguard Worker 		*description = "Deprecated, do not use.";
162*8617a60dSAndroid Build Coastguard Worker 		break;
163*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC:
164*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC";
165*8617a60dSAndroid Build Coastguard Worker 		*description = "Disable EC software sync.";
166*8617a60dSAndroid Build Coastguard Worker 		break;
167*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW:
168*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW";
169*8617a60dSAndroid Build Coastguard Worker 		*description = "Default to booting legacy OS when dev screen times out.";
170*8617a60dSAndroid Build Coastguard Worker 		break;
171*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_DISABLE_AUXFW_SOFTWARE_SYNC:
172*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_DISABLE_AUXFW_SOFTWARE_SYNC";
173*8617a60dSAndroid Build Coastguard Worker 		*description =
174*8617a60dSAndroid Build Coastguard Worker 			"Disable auxiliary firmware (auxfw) software sync.";
175*8617a60dSAndroid Build Coastguard Worker 		break;
176*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_DISABLE_LID_SHUTDOWN:
177*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_DISABLE_LID_SHUTDOWN";
178*8617a60dSAndroid Build Coastguard Worker 		*description = "Disable shutdown on lid closed.";
179*8617a60dSAndroid Build Coastguard Worker 		break;
180*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_DEPRECATED_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP:
181*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_DEPRECATED_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP";
182*8617a60dSAndroid Build Coastguard Worker 		*description = "Allow full fastboot capability in firmware even if dev_boot_fastboot_full_cap=0.";
183*8617a60dSAndroid Build Coastguard Worker 		break;
184*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_FORCE_MANUAL_RECOVERY:
185*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_FORCE_MANUAL_RECOVERY";
186*8617a60dSAndroid Build Coastguard Worker 		*description = "Recovery mode always assumes manual recovery, even if EC_IN_RW=1.";
187*8617a60dSAndroid Build Coastguard Worker 		break;
188*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_DISABLE_FWMP:
189*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_DISABLE_FWMP";
190*8617a60dSAndroid Build Coastguard Worker 		*description = "Disable FWMP.";
191*8617a60dSAndroid Build Coastguard Worker 		break;
192*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_ENABLE_UDC:
193*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_ENABLE_UDC";
194*8617a60dSAndroid Build Coastguard Worker 		*description = "Enable USB Device Controller.";
195*8617a60dSAndroid Build Coastguard Worker 		break;
196*8617a60dSAndroid Build Coastguard Worker 	case VB2_GBB_FLAG_FORCE_CSE_SYNC:
197*8617a60dSAndroid Build Coastguard Worker 		*name = "VB2_GBB_FLAG_FORCE_CSE_SYNC";
198*8617a60dSAndroid Build Coastguard Worker 		*description = "Always sync CSE, even if it is same as CBFS CSE";
199*8617a60dSAndroid Build Coastguard Worker 		break;
200*8617a60dSAndroid Build Coastguard Worker 	default:
201*8617a60dSAndroid Build Coastguard Worker 		*name = NULL;
202*8617a60dSAndroid Build Coastguard Worker 		*description = NULL;
203*8617a60dSAndroid Build Coastguard Worker 		return VB2_ERROR_UNKNOWN;
204*8617a60dSAndroid Build Coastguard Worker 	}
205*8617a60dSAndroid Build Coastguard Worker 	return VB2_SUCCESS;
206*8617a60dSAndroid Build Coastguard Worker }
207