| /* Copyright (c) 2015, The Linux Foundation. All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions are |
| * met: |
| * * Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * * Redistributions in binary form must reproduce the above |
| * copyright notice, this list of conditions and the following |
| * disclaimer in the documentation and/or other materials provided |
| * with the distribution. |
| * * Neither the name of The Linux Foundation nor the names of its |
| * contributors may be used to endorse or promote products derived |
| * from this software without specific prior written permission. |
| * |
| * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED |
| * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| */ |
| |
| #ifndef __APP_MDTP_H |
| #define __APP_MDTP_H |
| |
| #define TOKEN_LEN (16) |
| #define MAX_BLOCKS (512) |
| #define MAX_PARTITIONS (3) |
| #define MAX_PARTITION_NAME_LEN (100) |
| #define HASH_LEN (32) |
| #define MDTP_MAX_PIN_LEN (8) |
| #define MDTP_MIN_PIN_LEN (5) |
| #define DIP_PADDING (15) |
| |
| #define INITIAL_DELAY_MSECONDS 5000 |
| #define INVALID_PIN_DELAY_MSECONDS 5000 |
| |
| #define ROUND_TO_PAGE(x,y) (((x) + (y)) & (~(y))) |
| #define MDTP_FWLOCK_BLOCK_SIZE (1024*1024*16) |
| #define MDTP_FWLOCK_MAX_FILES (100) |
| #define MDTP_FWLOCK_MAX_FILE_NAME_LEN (100) |
| #define MDTP_SCRATCH_OFFSET 0x8000000 |
| |
| #ifdef MDTP_SUPPORT |
| #ifndef VERIFIED_BOOT |
| #error MDTP feature requires VERIFIED_BOOT feature |
| #endif |
| #endif |
| |
| #pragma pack(push, mdtp, 1) |
| |
| typedef enum { |
| DIP_STATUS_DEACTIVATED = 0, |
| DIP_STATUS_ACTIVATED, |
| DIP_STATUS_SIZE = 0x7FFFFFFF |
| } dip_status_t; |
| |
| typedef enum { |
| MDTP_FWLOCK_MODE_SINGLE = 0, |
| MDTP_FWLOCK_MODE_BLOCK, |
| MDTP_FWLOCK_MODE_FILES, |
| MDTP_FWLOCK_MODE_SIZE = 0x7FFFFFFF |
| } mdtp_fwlock_mode_t; |
| |
| typedef struct DIP_hash_table_entry { |
| unsigned char hash[HASH_LEN]; /* Hash on block */ |
| } DIP_hash_table_entry_t; |
| |
| typedef struct DIP_partition_cfg { |
| uint64_t size; /* Partition size in bytes */ |
| char name[MAX_PARTITION_NAME_LEN]; /* Partition name */ |
| uint8_t lock_enabled; /* Image locked? */ |
| mdtp_fwlock_mode_t hash_mode; /* Hash per IMAGE or BLOCK */ |
| uint8_t force_verify_block[MAX_BLOCKS]; /* Verify only given block numbers. */ |
| char files_to_protect[MDTP_FWLOCK_MAX_FILES][MDTP_FWLOCK_MAX_FILE_NAME_LEN]; /* Verify given files */ |
| uint32_t verify_ratio; /* Statistically verify this ratio of blocks */ |
| DIP_hash_table_entry_t hash_table[MAX_BLOCKS]; /* Hash table */ |
| } DIP_partition_cfg_t; |
| |
| typedef struct mdtp_pin { |
| char mdtp_pin[MDTP_MAX_PIN_LEN+1]; /* A null terminated PIN. */ |
| } mdtp_pin_t; |
| |
| /** MDTP configuration. */ |
| typedef struct mdtp_cfg { |
| uint8_t enable_local_pin_authentication;/* Allow local authentication using a PIN. */ |
| mdtp_pin_t mdtp_pin; /* Null terminated PIN provided by the user for local deactivation. |
| PIN length should be from MDTP_MIN_PIN_LEN to MDTP_MAX_PIN_LEN digits. */ |
| } mdtp_cfg_t; |
| |
| typedef struct DIP { |
| /* Management area of the DIP */ |
| uint32_t version; /* DIP version */ |
| dip_status_t status; /* DIP activated/deactivated */ |
| mdtp_cfg_t mdtp_cfg; /* MDTP configuration, such as PIN */ |
| |
| /* Firmware Lock area of the DIP */ |
| DIP_partition_cfg_t partition_cfg[MAX_PARTITIONS]; /* Config for each partition */ |
| |
| /* Footer area of the DIP */ |
| uint8_t padding[DIP_PADDING]; /* Pad to multiple of 16 bytes */ |
| unsigned char hash[HASH_LEN]; /* DIP integrity */ |
| } DIP_t; |
| |
| #pragma pack(pop, mdtp) |
| |
| typedef enum { |
| MDTP_PARTITION_BOOT = 0, |
| MDTP_PARTITION_RECOVERY, |
| MDTP_PARTITION_NONE, |
| MDTP_PARTITION_NUM, |
| } mdtp_ext_partition_t; |
| |
| typedef enum { |
| MDTP_PARTITION_STATE_UNSET = 0, |
| MDTP_PARTITION_STATE_VALID, |
| MDTP_PARTITION_STATE_INVALID, |
| MDTP_PARTITION_STATE_SIZE, |
| } mdtp_ext_partition_state_t; |
| |
| typedef struct mdtp_ext_partition { |
| mdtp_ext_partition_t partition; |
| mdtp_ext_partition_state_t integrity_state; |
| uint32_t page_size; |
| uint32_t image_addr; |
| uint32_t image_size; |
| bool sig_avail; |
| } mdtp_ext_partition_verification_t; |
| |
| typedef enum { |
| VERIFY_SKIPPED = 0, |
| VERIFY_OK, |
| VERIFY_FAILED, |
| } verify_result_t; |
| |
| /** |
| * mdtp_fuse_get_enabled |
| * |
| * Return whether the MDTP is currently enabled or |
| * disabled in HW. |
| * |
| * @param[out] enabled: set to true if MDTP enabled, |
| * false otherwise. |
| * |
| * @return - negative value for an error, 0 for success. |
| */ |
| int mdtp_fuse_get_enabled(bool *enabled); |
| |
| /** |
| * get_pin_from_user |
| * |
| * Display the recovery PIN screen and set received buffer |
| * with the PIN the user has entered. |
| * |
| * @param[out] entered_pin: buffer holding the received PIN. |
| * @param[in] pin_length: PIN length (and also entered_pin buffer length). |
| * |
| * @return - None. |
| */ |
| void get_pin_from_user(char *entered_pin, uint32_t pin_length); |
| |
| /** |
| * display_invalid_pin_msg |
| * |
| * User has entered invalid PIN, display error message and |
| * allow the user to try again. |
| * |
| * @return - None. |
| */ |
| void display_invalid_pin_msg(); |
| |
| /** |
| * display_error_msg |
| * |
| * Display error message and stop boot process. |
| * |
| * @return - None. |
| */ |
| void display_error_msg(); |
| |
| /** |
| * mdtp_activated |
| * |
| * Indicates whether the MDTP is currently in ACTIVATED state. |
| * You must call this function only after calling to mdtp_fwlock_verify_lock(); |
| * |
| * @param[out] activated: MDTP is in ACTIVATED state (TRUE/FALSE). |
| * |
| * @return - negative value for an error, 0 for success. |
| */ |
| int mdtp_activated(bool * activated); |
| |
| |
| // External functions |
| |
| /** Entry point of the MDTP Firmware Lock. |
| * If needed, verify the DIP and all protected partitions. |
| * Allow passing information about partition verified using an external method |
| * (either boot or recovery). For boot and recovery, either use aboot's |
| * verification result, or use boot_verifier APIs to verify internally. |
| **/ |
| void mdtp_fwlock_verify_lock(mdtp_ext_partition_verification_t *ext_partition); |
| |
| #endif |