1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2015 The ChromiumOS Authors
2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be
3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file.
4*8617a60dSAndroid Build Coastguard Worker *
5*8617a60dSAndroid Build Coastguard Worker * Secure storage APIs - kernel version space
6*8617a60dSAndroid Build Coastguard Worker */
7*8617a60dSAndroid Build Coastguard Worker
8*8617a60dSAndroid Build Coastguard Worker #include "2common.h"
9*8617a60dSAndroid Build Coastguard Worker #include "2crc8.h"
10*8617a60dSAndroid Build Coastguard Worker #include "2misc.h"
11*8617a60dSAndroid Build Coastguard Worker #include "2secdata.h"
12*8617a60dSAndroid Build Coastguard Worker #include "2secdata_struct.h"
13*8617a60dSAndroid Build Coastguard Worker #include "2sysincludes.h"
14*8617a60dSAndroid Build Coastguard Worker
15*8617a60dSAndroid Build Coastguard Worker #define MAJOR_VER(x) (((x) & 0xf0) >> 4)
16*8617a60dSAndroid Build Coastguard Worker #define MINOR_VER(x) ((x) & 0x0f)
17*8617a60dSAndroid Build Coastguard Worker
is_v0(struct vb2_context * ctx)18*8617a60dSAndroid Build Coastguard Worker static inline int is_v0(struct vb2_context *ctx)
19*8617a60dSAndroid Build Coastguard Worker {
20*8617a60dSAndroid Build Coastguard Worker struct vb2_secdata_kernel_v1 *sec = (void *)ctx->secdata_kernel;
21*8617a60dSAndroid Build Coastguard Worker return MAJOR_VER(sec->struct_version) == 0;
22*8617a60dSAndroid Build Coastguard Worker }
23*8617a60dSAndroid Build Coastguard Worker
24*8617a60dSAndroid Build Coastguard Worker /**
25*8617a60dSAndroid Build Coastguard Worker * Calculate crc8 of kernel secure storage.
26*8617a60dSAndroid Build Coastguard Worker *
27*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer
28*8617a60dSAndroid Build Coastguard Worker * @return Calculated crc8 value.
29*8617a60dSAndroid Build Coastguard Worker */
secdata_kernel_crc(struct vb2_context * ctx)30*8617a60dSAndroid Build Coastguard Worker static uint8_t secdata_kernel_crc(struct vb2_context *ctx)
31*8617a60dSAndroid Build Coastguard Worker {
32*8617a60dSAndroid Build Coastguard Worker size_t offset, size;
33*8617a60dSAndroid Build Coastguard Worker
34*8617a60dSAndroid Build Coastguard Worker if (is_v0(ctx)) {
35*8617a60dSAndroid Build Coastguard Worker offset = 0;
36*8617a60dSAndroid Build Coastguard Worker size = offsetof(struct vb2_secdata_kernel_v0, crc8);
37*8617a60dSAndroid Build Coastguard Worker } else {
38*8617a60dSAndroid Build Coastguard Worker struct vb2_secdata_kernel_v1 *sec
39*8617a60dSAndroid Build Coastguard Worker = (void *)ctx->secdata_kernel;
40*8617a60dSAndroid Build Coastguard Worker offset = offsetof(struct vb2_secdata_kernel_v1, flags);
41*8617a60dSAndroid Build Coastguard Worker size = sec->struct_size - offset;
42*8617a60dSAndroid Build Coastguard Worker }
43*8617a60dSAndroid Build Coastguard Worker
44*8617a60dSAndroid Build Coastguard Worker return vb2_crc8(ctx->secdata_kernel + offset, size);
45*8617a60dSAndroid Build Coastguard Worker }
46*8617a60dSAndroid Build Coastguard Worker
secdata_kernel_check_v0(struct vb2_context * ctx,uint8_t * size)47*8617a60dSAndroid Build Coastguard Worker static vb2_error_t secdata_kernel_check_v0(struct vb2_context *ctx,
48*8617a60dSAndroid Build Coastguard Worker uint8_t *size)
49*8617a60dSAndroid Build Coastguard Worker {
50*8617a60dSAndroid Build Coastguard Worker struct vb2_secdata_kernel_v0 *sec = (void *)ctx->secdata_kernel;
51*8617a60dSAndroid Build Coastguard Worker uint8_t ver = sec->struct_version;
52*8617a60dSAndroid Build Coastguard Worker
53*8617a60dSAndroid Build Coastguard Worker if (MINOR_VER(ver) != MINOR_VER(VB2_SECDATA_KERNEL_VERSION_V02)) {
54*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("secdata_kernel: bad struct_version (%d.%d)\n",
55*8617a60dSAndroid Build Coastguard Worker MAJOR_VER(ver), MINOR_VER(ver));
56*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_SECDATA_KERNEL_VERSION;
57*8617a60dSAndroid Build Coastguard Worker }
58*8617a60dSAndroid Build Coastguard Worker
59*8617a60dSAndroid Build Coastguard Worker *size = VB2_SECDATA_KERNEL_SIZE_V02;
60*8617a60dSAndroid Build Coastguard Worker
61*8617a60dSAndroid Build Coastguard Worker /* Verify CRC */
62*8617a60dSAndroid Build Coastguard Worker if (sec->crc8 != secdata_kernel_crc(ctx)) {
63*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("secdata_kernel: bad CRC\n");
64*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_SECDATA_KERNEL_CRC;
65*8617a60dSAndroid Build Coastguard Worker }
66*8617a60dSAndroid Build Coastguard Worker
67*8617a60dSAndroid Build Coastguard Worker /* Verify UID */
68*8617a60dSAndroid Build Coastguard Worker if (sec->uid != VB2_SECDATA_KERNEL_UID) {
69*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("secdata_kernel: bad UID\n");
70*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_SECDATA_KERNEL_UID;
71*8617a60dSAndroid Build Coastguard Worker }
72*8617a60dSAndroid Build Coastguard Worker
73*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
74*8617a60dSAndroid Build Coastguard Worker }
75*8617a60dSAndroid Build Coastguard Worker
secdata_kernel_check_v1(struct vb2_context * ctx,uint8_t * size)76*8617a60dSAndroid Build Coastguard Worker static vb2_error_t secdata_kernel_check_v1(struct vb2_context *ctx,
77*8617a60dSAndroid Build Coastguard Worker uint8_t *size)
78*8617a60dSAndroid Build Coastguard Worker {
79*8617a60dSAndroid Build Coastguard Worker struct vb2_secdata_kernel_v1 *sec = (void *)ctx->secdata_kernel;
80*8617a60dSAndroid Build Coastguard Worker uint8_t ver = sec->struct_version;
81*8617a60dSAndroid Build Coastguard Worker
82*8617a60dSAndroid Build Coastguard Worker if (MAJOR_VER(ver) != MAJOR_VER(VB2_SECDATA_KERNEL_VERSION_V10)) {
83*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("secdata_kernel: bad struct_version (%d.%d)\n",
84*8617a60dSAndroid Build Coastguard Worker MAJOR_VER(ver), MINOR_VER(ver));
85*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_SECDATA_KERNEL_VERSION;
86*8617a60dSAndroid Build Coastguard Worker }
87*8617a60dSAndroid Build Coastguard Worker
88*8617a60dSAndroid Build Coastguard Worker if (sec->struct_size < VB2_SECDATA_KERNEL_SIZE_V10 ||
89*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_KERNEL_MAX_SIZE < sec->struct_size) {
90*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("secdata_kernel: bad struct_size (%d)\n",
91*8617a60dSAndroid Build Coastguard Worker sec->struct_size);
92*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_SECDATA_KERNEL_STRUCT_SIZE;
93*8617a60dSAndroid Build Coastguard Worker }
94*8617a60dSAndroid Build Coastguard Worker
95*8617a60dSAndroid Build Coastguard Worker if (*size < sec->struct_size) {
96*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("secdata_kernel: incomplete data (missing %d bytes)\n",
97*8617a60dSAndroid Build Coastguard Worker sec->struct_size - *size);
98*8617a60dSAndroid Build Coastguard Worker *size = sec->struct_size;
99*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_SECDATA_KERNEL_INCOMPLETE;
100*8617a60dSAndroid Build Coastguard Worker }
101*8617a60dSAndroid Build Coastguard Worker
102*8617a60dSAndroid Build Coastguard Worker /*
103*8617a60dSAndroid Build Coastguard Worker * In case larger data should be passed, kindly let the caller know
104*8617a60dSAndroid Build Coastguard Worker * the right size.
105*8617a60dSAndroid Build Coastguard Worker */
106*8617a60dSAndroid Build Coastguard Worker *size = sec->struct_size;
107*8617a60dSAndroid Build Coastguard Worker
108*8617a60dSAndroid Build Coastguard Worker /* Verify CRC */
109*8617a60dSAndroid Build Coastguard Worker if (sec->crc8 != secdata_kernel_crc(ctx)) {
110*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("secdata_kernel: bad CRC\n");
111*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_SECDATA_KERNEL_CRC;
112*8617a60dSAndroid Build Coastguard Worker }
113*8617a60dSAndroid Build Coastguard Worker
114*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
115*8617a60dSAndroid Build Coastguard Worker }
116*8617a60dSAndroid Build Coastguard Worker
vb2api_secdata_kernel_check(struct vb2_context * ctx,uint8_t * size)117*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2api_secdata_kernel_check(struct vb2_context *ctx, uint8_t *size)
118*8617a60dSAndroid Build Coastguard Worker {
119*8617a60dSAndroid Build Coastguard Worker if (*size < VB2_SECDATA_KERNEL_MIN_SIZE) {
120*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("secdata_kernel: data size too small!\n");
121*8617a60dSAndroid Build Coastguard Worker *size = VB2_SECDATA_KERNEL_MIN_SIZE;
122*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_SECDATA_KERNEL_INCOMPLETE;
123*8617a60dSAndroid Build Coastguard Worker }
124*8617a60dSAndroid Build Coastguard Worker
125*8617a60dSAndroid Build Coastguard Worker if (is_v0(ctx))
126*8617a60dSAndroid Build Coastguard Worker return secdata_kernel_check_v0(ctx, size);
127*8617a60dSAndroid Build Coastguard Worker else
128*8617a60dSAndroid Build Coastguard Worker return secdata_kernel_check_v1(ctx, size);
129*8617a60dSAndroid Build Coastguard Worker }
130*8617a60dSAndroid Build Coastguard Worker
vb2api_secdata_kernel_create(struct vb2_context * ctx)131*8617a60dSAndroid Build Coastguard Worker uint32_t vb2api_secdata_kernel_create(struct vb2_context *ctx)
132*8617a60dSAndroid Build Coastguard Worker {
133*8617a60dSAndroid Build Coastguard Worker struct vb2_secdata_kernel_v1 *sec = (void *)ctx->secdata_kernel;
134*8617a60dSAndroid Build Coastguard Worker
135*8617a60dSAndroid Build Coastguard Worker /* Populate the struct */
136*8617a60dSAndroid Build Coastguard Worker memset(sec, 0, sizeof(*sec));
137*8617a60dSAndroid Build Coastguard Worker sec->struct_version = VB2_SECDATA_KERNEL_VERSION_LATEST;
138*8617a60dSAndroid Build Coastguard Worker sec->struct_size = sizeof(*sec);
139*8617a60dSAndroid Build Coastguard Worker sec->crc8 = secdata_kernel_crc(ctx);
140*8617a60dSAndroid Build Coastguard Worker
141*8617a60dSAndroid Build Coastguard Worker /* Mark as changed */
142*8617a60dSAndroid Build Coastguard Worker ctx->flags |= VB2_CONTEXT_SECDATA_KERNEL_CHANGED;
143*8617a60dSAndroid Build Coastguard Worker
144*8617a60dSAndroid Build Coastguard Worker return sizeof(*sec);
145*8617a60dSAndroid Build Coastguard Worker }
146*8617a60dSAndroid Build Coastguard Worker
147*8617a60dSAndroid Build Coastguard Worker /* For TPM 1.2 */
vb2api_secdata_kernel_create_v0(struct vb2_context * ctx)148*8617a60dSAndroid Build Coastguard Worker uint32_t vb2api_secdata_kernel_create_v0(struct vb2_context *ctx)
149*8617a60dSAndroid Build Coastguard Worker {
150*8617a60dSAndroid Build Coastguard Worker struct vb2_secdata_kernel_v0 *sec = (void *)ctx->secdata_kernel;
151*8617a60dSAndroid Build Coastguard Worker
152*8617a60dSAndroid Build Coastguard Worker /* Clear the entire struct */
153*8617a60dSAndroid Build Coastguard Worker memset(sec, 0, sizeof(*sec));
154*8617a60dSAndroid Build Coastguard Worker
155*8617a60dSAndroid Build Coastguard Worker /* Set to current version */
156*8617a60dSAndroid Build Coastguard Worker sec->struct_version = VB2_SECDATA_KERNEL_VERSION_V02;
157*8617a60dSAndroid Build Coastguard Worker
158*8617a60dSAndroid Build Coastguard Worker /* Set UID */
159*8617a60dSAndroid Build Coastguard Worker sec->uid = VB2_SECDATA_KERNEL_UID;
160*8617a60dSAndroid Build Coastguard Worker
161*8617a60dSAndroid Build Coastguard Worker /* Calculate initial CRC */
162*8617a60dSAndroid Build Coastguard Worker sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_kernel_v0, crc8));
163*8617a60dSAndroid Build Coastguard Worker
164*8617a60dSAndroid Build Coastguard Worker /* Mark as changed */
165*8617a60dSAndroid Build Coastguard Worker ctx->flags |= VB2_CONTEXT_SECDATA_KERNEL_CHANGED;
166*8617a60dSAndroid Build Coastguard Worker
167*8617a60dSAndroid Build Coastguard Worker return sizeof(*sec);
168*8617a60dSAndroid Build Coastguard Worker }
169*8617a60dSAndroid Build Coastguard Worker
vb2_secdata_kernel_init(struct vb2_context * ctx)170*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_secdata_kernel_init(struct vb2_context *ctx)
171*8617a60dSAndroid Build Coastguard Worker {
172*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
173*8617a60dSAndroid Build Coastguard Worker uint8_t size = VB2_SECDATA_KERNEL_MAX_SIZE;
174*8617a60dSAndroid Build Coastguard Worker
175*8617a60dSAndroid Build Coastguard Worker VB2_TRY(vb2api_secdata_kernel_check(ctx, &size));
176*8617a60dSAndroid Build Coastguard Worker
177*8617a60dSAndroid Build Coastguard Worker /* Set status flag */
178*8617a60dSAndroid Build Coastguard Worker sd->status |= VB2_SD_STATUS_SECDATA_KERNEL_INIT;
179*8617a60dSAndroid Build Coastguard Worker
180*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
181*8617a60dSAndroid Build Coastguard Worker }
182*8617a60dSAndroid Build Coastguard Worker
183*8617a60dSAndroid Build Coastguard Worker test_mockable
vb2_secdata_kernel_get(struct vb2_context * ctx,enum vb2_secdata_kernel_param param)184*8617a60dSAndroid Build Coastguard Worker uint32_t vb2_secdata_kernel_get(struct vb2_context *ctx,
185*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_kernel_param param)
186*8617a60dSAndroid Build Coastguard Worker {
187*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
188*8617a60dSAndroid Build Coastguard Worker const char *msg;
189*8617a60dSAndroid Build Coastguard Worker const struct vb2_secdata_kernel_v0 *v0 = (void *)ctx->secdata_kernel;
190*8617a60dSAndroid Build Coastguard Worker const struct vb2_secdata_kernel_v1 *v1 = (void *)ctx->secdata_kernel;
191*8617a60dSAndroid Build Coastguard Worker
192*8617a60dSAndroid Build Coastguard Worker if (!(sd->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT)) {
193*8617a60dSAndroid Build Coastguard Worker msg = "get before init";
194*8617a60dSAndroid Build Coastguard Worker goto fail;
195*8617a60dSAndroid Build Coastguard Worker }
196*8617a60dSAndroid Build Coastguard Worker
197*8617a60dSAndroid Build Coastguard Worker switch (param) {
198*8617a60dSAndroid Build Coastguard Worker case VB2_SECDATA_KERNEL_VERSIONS:
199*8617a60dSAndroid Build Coastguard Worker return is_v0(ctx) ? v0->kernel_versions : v1->kernel_versions;
200*8617a60dSAndroid Build Coastguard Worker case VB2_SECDATA_KERNEL_FLAGS:
201*8617a60dSAndroid Build Coastguard Worker if (is_v0(ctx)) {
202*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("VB2_SECDATA_KERNEL_FLAGS not supported for "
203*8617a60dSAndroid Build Coastguard Worker "secdata_kernel v0, return 0\n");
204*8617a60dSAndroid Build Coastguard Worker return 0;
205*8617a60dSAndroid Build Coastguard Worker }
206*8617a60dSAndroid Build Coastguard Worker return v1->flags;
207*8617a60dSAndroid Build Coastguard Worker default:
208*8617a60dSAndroid Build Coastguard Worker msg = "invalid param";
209*8617a60dSAndroid Build Coastguard Worker }
210*8617a60dSAndroid Build Coastguard Worker
211*8617a60dSAndroid Build Coastguard Worker fail:
212*8617a60dSAndroid Build Coastguard Worker VB2_REC_OR_DIE(ctx, "%s\n", msg);
213*8617a60dSAndroid Build Coastguard Worker return 0;
214*8617a60dSAndroid Build Coastguard Worker }
215*8617a60dSAndroid Build Coastguard Worker
216*8617a60dSAndroid Build Coastguard Worker test_mockable
vb2_secdata_kernel_set(struct vb2_context * ctx,enum vb2_secdata_kernel_param param,uint32_t value)217*8617a60dSAndroid Build Coastguard Worker void vb2_secdata_kernel_set(struct vb2_context *ctx,
218*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_kernel_param param,
219*8617a60dSAndroid Build Coastguard Worker uint32_t value)
220*8617a60dSAndroid Build Coastguard Worker {
221*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
222*8617a60dSAndroid Build Coastguard Worker const char *msg;
223*8617a60dSAndroid Build Coastguard Worker struct vb2_secdata_kernel_v0 *v0 = (void *)ctx->secdata_kernel;
224*8617a60dSAndroid Build Coastguard Worker struct vb2_secdata_kernel_v1 *v1 = (void *)ctx->secdata_kernel;
225*8617a60dSAndroid Build Coastguard Worker uint32_t *ptr;
226*8617a60dSAndroid Build Coastguard Worker
227*8617a60dSAndroid Build Coastguard Worker if (!(sd->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT)) {
228*8617a60dSAndroid Build Coastguard Worker msg = "set before init";
229*8617a60dSAndroid Build Coastguard Worker goto fail;
230*8617a60dSAndroid Build Coastguard Worker }
231*8617a60dSAndroid Build Coastguard Worker
232*8617a60dSAndroid Build Coastguard Worker /* If not changing the value, just return early */
233*8617a60dSAndroid Build Coastguard Worker if (value == vb2_secdata_kernel_get(ctx, param))
234*8617a60dSAndroid Build Coastguard Worker return;
235*8617a60dSAndroid Build Coastguard Worker
236*8617a60dSAndroid Build Coastguard Worker switch (param) {
237*8617a60dSAndroid Build Coastguard Worker case VB2_SECDATA_KERNEL_VERSIONS:
238*8617a60dSAndroid Build Coastguard Worker ptr = is_v0(ctx) ? &v0->kernel_versions : &v1->kernel_versions;
239*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("secdata_kernel versions updated from %#x to %#x\n",
240*8617a60dSAndroid Build Coastguard Worker *ptr, value);
241*8617a60dSAndroid Build Coastguard Worker *ptr = value;
242*8617a60dSAndroid Build Coastguard Worker break;
243*8617a60dSAndroid Build Coastguard Worker case VB2_SECDATA_KERNEL_FLAGS:
244*8617a60dSAndroid Build Coastguard Worker if (is_v0(ctx)) {
245*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("VB2_SECDATA_KERNEL_FLAGS not supported for "
246*8617a60dSAndroid Build Coastguard Worker "secdata_kernel v0, silently ignore\n");
247*8617a60dSAndroid Build Coastguard Worker return;
248*8617a60dSAndroid Build Coastguard Worker }
249*8617a60dSAndroid Build Coastguard Worker
250*8617a60dSAndroid Build Coastguard Worker /* Make sure flags is in valid range */
251*8617a60dSAndroid Build Coastguard Worker if (value > UINT8_MAX) {
252*8617a60dSAndroid Build Coastguard Worker msg = "flags out of range";
253*8617a60dSAndroid Build Coastguard Worker goto fail;
254*8617a60dSAndroid Build Coastguard Worker }
255*8617a60dSAndroid Build Coastguard Worker
256*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("secdata_kernel flags updated from %#x to %#x\n",
257*8617a60dSAndroid Build Coastguard Worker v1->flags, value);
258*8617a60dSAndroid Build Coastguard Worker v1->flags = value;
259*8617a60dSAndroid Build Coastguard Worker break;
260*8617a60dSAndroid Build Coastguard Worker default:
261*8617a60dSAndroid Build Coastguard Worker msg = "invalid param";
262*8617a60dSAndroid Build Coastguard Worker goto fail;
263*8617a60dSAndroid Build Coastguard Worker }
264*8617a60dSAndroid Build Coastguard Worker
265*8617a60dSAndroid Build Coastguard Worker if (is_v0(ctx))
266*8617a60dSAndroid Build Coastguard Worker v0->crc8 = secdata_kernel_crc(ctx);
267*8617a60dSAndroid Build Coastguard Worker else
268*8617a60dSAndroid Build Coastguard Worker v1->crc8 = secdata_kernel_crc(ctx);
269*8617a60dSAndroid Build Coastguard Worker
270*8617a60dSAndroid Build Coastguard Worker ctx->flags |= VB2_CONTEXT_SECDATA_KERNEL_CHANGED;
271*8617a60dSAndroid Build Coastguard Worker return;
272*8617a60dSAndroid Build Coastguard Worker
273*8617a60dSAndroid Build Coastguard Worker fail:
274*8617a60dSAndroid Build Coastguard Worker VB2_REC_OR_DIE(ctx, "%s\n", msg);
275*8617a60dSAndroid Build Coastguard Worker }
276*8617a60dSAndroid Build Coastguard Worker
277*8617a60dSAndroid Build Coastguard Worker test_mockable
vb2_secdata_kernel_get_ec_hash(struct vb2_context * ctx)278*8617a60dSAndroid Build Coastguard Worker const uint8_t *vb2_secdata_kernel_get_ec_hash(struct vb2_context *ctx)
279*8617a60dSAndroid Build Coastguard Worker {
280*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
281*8617a60dSAndroid Build Coastguard Worker struct vb2_secdata_kernel_v1 *sec = (void *)ctx->secdata_kernel;
282*8617a60dSAndroid Build Coastguard Worker
283*8617a60dSAndroid Build Coastguard Worker if (!(sd->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT)) {
284*8617a60dSAndroid Build Coastguard Worker VB2_REC_OR_DIE(ctx, "Get kernel secdata before init\n");
285*8617a60dSAndroid Build Coastguard Worker return NULL;
286*8617a60dSAndroid Build Coastguard Worker }
287*8617a60dSAndroid Build Coastguard Worker if (is_v0(ctx)) {
288*8617a60dSAndroid Build Coastguard Worker VB2_DEBUG("kernel secdata v.0* doesn't support EC hash\n");
289*8617a60dSAndroid Build Coastguard Worker return NULL;
290*8617a60dSAndroid Build Coastguard Worker }
291*8617a60dSAndroid Build Coastguard Worker
292*8617a60dSAndroid Build Coastguard Worker return sec->ec_hash;
293*8617a60dSAndroid Build Coastguard Worker }
294*8617a60dSAndroid Build Coastguard Worker
295*8617a60dSAndroid Build Coastguard Worker test_mockable
vb2_secdata_kernel_set_ec_hash(struct vb2_context * ctx,const uint8_t * sha256)296*8617a60dSAndroid Build Coastguard Worker void vb2_secdata_kernel_set_ec_hash(struct vb2_context *ctx,
297*8617a60dSAndroid Build Coastguard Worker const uint8_t *sha256)
298*8617a60dSAndroid Build Coastguard Worker {
299*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
300*8617a60dSAndroid Build Coastguard Worker struct vb2_secdata_kernel_v1 *sec = (void *)ctx->secdata_kernel;
301*8617a60dSAndroid Build Coastguard Worker
302*8617a60dSAndroid Build Coastguard Worker if (!(sd->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT)) {
303*8617a60dSAndroid Build Coastguard Worker VB2_REC_OR_DIE(ctx, "Get kernel secdata before init\n");
304*8617a60dSAndroid Build Coastguard Worker return;
305*8617a60dSAndroid Build Coastguard Worker }
306*8617a60dSAndroid Build Coastguard Worker if (is_v0(ctx)) {
307*8617a60dSAndroid Build Coastguard Worker VB2_REC_OR_DIE(ctx, "Invalid version of kernel secdata\n");
308*8617a60dSAndroid Build Coastguard Worker return;
309*8617a60dSAndroid Build Coastguard Worker }
310*8617a60dSAndroid Build Coastguard Worker
311*8617a60dSAndroid Build Coastguard Worker memcpy(sec->ec_hash, sha256, sizeof(sec->ec_hash));
312*8617a60dSAndroid Build Coastguard Worker sec->crc8 = secdata_kernel_crc(ctx);
313*8617a60dSAndroid Build Coastguard Worker
314*8617a60dSAndroid Build Coastguard Worker ctx->flags |= VB2_CONTEXT_SECDATA_KERNEL_CHANGED;
315*8617a60dSAndroid Build Coastguard Worker
316*8617a60dSAndroid Build Coastguard Worker return;
317*8617a60dSAndroid Build Coastguard Worker }
318*8617a60dSAndroid Build Coastguard Worker
vb2api_get_kernel_rollback_version(struct vb2_context * ctx)319*8617a60dSAndroid Build Coastguard Worker uint32_t vb2api_get_kernel_rollback_version(struct vb2_context *ctx)
320*8617a60dSAndroid Build Coastguard Worker {
321*8617a60dSAndroid Build Coastguard Worker return vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS);
322*8617a60dSAndroid Build Coastguard Worker }
323