blob: 03e3b7c26c1125ee4d5edbc3e10ad1ec4945beb7 [file] [log] [blame]
/* Copyright (c) 2015, The Linux Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
* * Neither the name of The Linux Foundation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __APP_MDTP_H
#define __APP_MDTP_H
#define TOKEN_LEN (16)
#define MAX_BLOCKS (512)
#define MAX_PARTITIONS (3)
#define MAX_PARTITION_NAME_LEN (100)
#define HASH_LEN (32)
#define MDTP_MAX_PIN_LEN (8)
#define MDTP_MIN_PIN_LEN (5)
#define DIP_PADDING (15)
#define INITIAL_DELAY_MSECONDS 5000
#define INVALID_PIN_DELAY_MSECONDS 5000
#define ROUND_TO_PAGE(x,y) (((x) + (y)) & (~(y)))
#define MDTP_FWLOCK_BLOCK_SIZE (1024*1024*16)
#define MDTP_FWLOCK_MAX_FILES (100)
#define MDTP_FWLOCK_MAX_FILE_NAME_LEN (100)
#define MDTP_SCRATCH_OFFSET 0x8000000
#ifdef MDTP_SUPPORT
#ifndef VERIFIED_BOOT
#error MDTP feature requires VERIFIED_BOOT feature
#endif
#endif
#pragma pack(push, mdtp, 1)
typedef enum {
DIP_STATUS_DEACTIVATED = 0,
DIP_STATUS_ACTIVATED,
DIP_STATUS_SIZE = 0x7FFFFFFF
} dip_status_t;
typedef enum {
MDTP_FWLOCK_MODE_SINGLE = 0,
MDTP_FWLOCK_MODE_BLOCK,
MDTP_FWLOCK_MODE_FILES,
MDTP_FWLOCK_MODE_SIZE = 0x7FFFFFFF
} mdtp_fwlock_mode_t;
typedef struct DIP_hash_table_entry {
unsigned char hash[HASH_LEN]; /* Hash on block */
} DIP_hash_table_entry_t;
typedef struct DIP_partition_cfg {
uint64_t size; /* Partition size in bytes */
char name[MAX_PARTITION_NAME_LEN]; /* Partition name */
uint8_t lock_enabled; /* Image locked? */
mdtp_fwlock_mode_t hash_mode; /* Hash per IMAGE or BLOCK */
uint8_t force_verify_block[MAX_BLOCKS]; /* Verify only given block numbers. */
char files_to_protect[MDTP_FWLOCK_MAX_FILES][MDTP_FWLOCK_MAX_FILE_NAME_LEN]; /* Verify given files */
uint32_t verify_ratio; /* Statistically verify this ratio of blocks */
DIP_hash_table_entry_t hash_table[MAX_BLOCKS]; /* Hash table */
} DIP_partition_cfg_t;
typedef struct mdtp_pin {
char mdtp_pin[MDTP_MAX_PIN_LEN+1]; /* A null terminated PIN. */
} mdtp_pin_t;
/** MDTP configuration. */
typedef struct mdtp_cfg {
uint8_t enable_local_pin_authentication;/* Allow local authentication using a PIN. */
mdtp_pin_t mdtp_pin; /* Null terminated PIN provided by the user for local deactivation.
PIN length should be from MDTP_MIN_PIN_LEN to MDTP_MAX_PIN_LEN digits. */
} mdtp_cfg_t;
typedef struct DIP {
/* Management area of the DIP */
uint32_t version; /* DIP version */
dip_status_t status; /* DIP activated/deactivated */
mdtp_cfg_t mdtp_cfg; /* MDTP configuration, such as PIN */
/* Firmware Lock area of the DIP */
DIP_partition_cfg_t partition_cfg[MAX_PARTITIONS]; /* Config for each partition */
/* Footer area of the DIP */
uint8_t padding[DIP_PADDING]; /* Pad to multiple of 16 bytes */
unsigned char hash[HASH_LEN]; /* DIP integrity */
} DIP_t;
#pragma pack(pop, mdtp)
typedef enum {
MDTP_PARTITION_BOOT = 0,
MDTP_PARTITION_RECOVERY,
MDTP_PARTITION_NONE,
MDTP_PARTITION_NUM,
} mdtp_ext_partition_t;
typedef enum {
MDTP_PARTITION_STATE_UNSET = 0,
MDTP_PARTITION_STATE_VALID,
MDTP_PARTITION_STATE_INVALID,
MDTP_PARTITION_STATE_SIZE,
} mdtp_ext_partition_state_t;
typedef struct mdtp_ext_partition {
mdtp_ext_partition_t partition;
mdtp_ext_partition_state_t integrity_state;
uint32_t page_size;
uint32_t image_addr;
uint32_t image_size;
bool sig_avail;
} mdtp_ext_partition_verification_t;
typedef enum {
VERIFY_SKIPPED = 0,
VERIFY_OK,
VERIFY_FAILED,
} verify_result_t;
/**
* mdtp_fuse_get_enabled
*
* Return whether the MDTP is currently enabled or
* disabled in HW.
*
* @param[out] enabled: set to true if MDTP enabled,
* false otherwise.
*
* @return - negative value for an error, 0 for success.
*/
int mdtp_fuse_get_enabled(bool *enabled);
/**
* get_pin_from_user
*
* Display the recovery PIN screen and set received buffer
* with the PIN the user has entered.
*
* @param[out] entered_pin: buffer holding the received PIN.
* @param[in] pin_length: PIN length (and also entered_pin buffer length).
*
* @return - None.
*/
void get_pin_from_user(char *entered_pin, uint32_t pin_length);
/**
* display_invalid_pin_msg
*
* User has entered invalid PIN, display error message and
* allow the user to try again.
*
* @return - None.
*/
void display_invalid_pin_msg();
/**
* display_error_msg
*
* Display error message and stop boot process.
*
* @return - None.
*/
void display_error_msg();
/**
* mdtp_activated
*
* Indicates whether the MDTP is currently in ACTIVATED state.
* You must call this function only after calling to mdtp_fwlock_verify_lock();
*
* @param[out] activated: MDTP is in ACTIVATED state (TRUE/FALSE).
*
* @return - negative value for an error, 0 for success.
*/
int mdtp_activated(bool * activated);
// External functions
/** Entry point of the MDTP Firmware Lock.
* If needed, verify the DIP and all protected partitions.
* Allow passing information about partition verified using an external method
* (either boot or recovery). For boot and recovery, either use aboot's
* verification result, or use boot_verifier APIs to verify internally.
**/
void mdtp_fwlock_verify_lock(mdtp_ext_partition_verification_t *ext_partition);
#endif