Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 1 | /* |
Gaurav Nebhwani | c7313cc | 2015-12-15 22:25:04 +0530 | [diff] [blame] | 2 | * Copyright (c) 2014-2016, The Linux Foundation. All rights reserved. |
Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 3 | * |
| 4 | * Redistribution and use in source and binary forms, with or without |
Sridhar Parasuram | 8b79242 | 2015-07-05 11:38:13 -0700 | [diff] [blame] | 5 | * modification, are permitted provided that the following conditions are |
| 6 | * met: |
Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 7 | * * Redistributions of source code must retain the above copyright |
| 8 | * notice, this list of conditions and the following disclaimer. |
Sridhar Parasuram | 8b79242 | 2015-07-05 11:38:13 -0700 | [diff] [blame] | 9 | * * Redistributions in binary form must reproduce the above |
| 10 | * copyright notice, this list of conditions and the following |
| 11 | * disclaimer in the documentation and/or other materials provided |
| 12 | * with the distribution. |
| 13 | * * Neither the name of The Linux Foundation nor the names of its |
| 14 | * contributors may be used to endorse or promote products derived |
| 15 | * from this software without specific prior written permission. |
| 16 | |
| 17 | * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED |
| 18 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| 19 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| 20 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| 21 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 22 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 23 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| 24 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| 25 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| 26 | * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| 27 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 28 | */ |
Sridhar Parasuram | 8b79242 | 2015-07-05 11:38:13 -0700 | [diff] [blame] | 29 | |
Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 30 | #ifndef __BOOT_VERIFIER_H |
| 31 | #define __BOOT_VERIFIER_H |
| 32 | |
| 33 | #include <asn1.h> |
| 34 | #include <rsa.h> |
| 35 | |
| 36 | /** |
| 37 | * AndroidVerifiedBootSignature DEFINITIONS ::= |
| 38 | * BEGIN |
| 39 | * FormatVersion ::= INTEGER |
Sridhar Parasuram | 8b79242 | 2015-07-05 11:38:13 -0700 | [diff] [blame] | 40 | * Certificate ::= Certificate |
Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 41 | * AlgorithmIdentifier ::= SEQUENCE { |
| 42 | * algorithm OBJECT IDENTIFIER, |
| 43 | * parameters ANY DEFINED BY algorithm OPTIONAL |
| 44 | * } |
| 45 | * AuthenticatedAttributes ::= SEQUENCE { |
| 46 | * target CHARACTER STRING, |
| 47 | * length INTEGER |
| 48 | * } |
| 49 | * Signature ::= OCTET STRING |
| 50 | * END |
| 51 | */ |
| 52 | |
| 53 | typedef struct auth_attr_st |
| 54 | { |
| 55 | ASN1_PRINTABLESTRING *target; |
| 56 | ASN1_INTEGER *len; |
| 57 | }AUTH_ATTR; |
| 58 | |
| 59 | DECLARE_STACK_OF(AUTH_ATTR) |
| 60 | DECLARE_ASN1_SET_OF(AUTH_ATTR) |
| 61 | DECLARE_ASN1_FUNCTIONS(AUTH_ATTR) |
| 62 | |
| 63 | typedef struct verif_boot_sig_st |
| 64 | { |
| 65 | ASN1_INTEGER *version; |
Unnati Gandhi | 9333499 | 2015-02-25 19:38:38 +0530 | [diff] [blame] | 66 | X509 *certificate; |
Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 67 | X509_ALGOR *algor; |
| 68 | AUTH_ATTR *auth_attr; |
| 69 | ASN1_OCTET_STRING *sig; |
| 70 | }VERIFIED_BOOT_SIG; |
| 71 | |
| 72 | DECLARE_STACK_OF(VERIFIED_BOOT_SIG) |
| 73 | DECLARE_ASN1_SET_OF(VERIFIED_BOOT_SIG) |
| 74 | DECLARE_ASN1_FUNCTIONS(VERIFIED_BOOT_SIG) |
| 75 | |
| 76 | /** |
| 77 | * AndroidVerifiedBootKeystore DEFINITIONS ::= |
| 78 | * BEGIN |
| 79 | * FormatVersion ::= INTEGER |
| 80 | * KeyBag ::= SEQUENCE { |
| 81 | * Key ::= SEQUENCE { |
| 82 | * AlgorithmIdentifier ::= SEQUENCE { |
| 83 | * algorithm OBJECT IDENTIFIER, |
| 84 | * parameters ANY DEFINED BY algorithm OPTIONAL |
| 85 | * } |
| 86 | * KeyMaterial ::= RSAPublicKey |
| 87 | * } |
| 88 | * } |
| 89 | * Signature ::= AndroidVerifiedBootSignature |
| 90 | * END |
| 91 | */ |
| 92 | |
| 93 | typedef struct key_st |
| 94 | { |
| 95 | X509_ALGOR *algorithm_id; |
| 96 | RSA *key_material; |
| 97 | }KEY; |
| 98 | |
| 99 | DECLARE_STACK_OF(KEY) |
| 100 | DECLARE_ASN1_SET_OF(KEY) |
| 101 | DECLARE_ASN1_FUNCTIONS(KEY) |
| 102 | |
| 103 | typedef struct keybag_st |
| 104 | { |
| 105 | KEY *mykey; |
| 106 | }KEYBAG; |
| 107 | |
| 108 | DECLARE_STACK_OF(KEYBAG) |
| 109 | DECLARE_ASN1_SET_OF(KEYBAG) |
| 110 | DECLARE_ASN1_FUNCTIONS(KEYBAG) |
| 111 | |
| 112 | typedef struct keystore_inner_st |
| 113 | { |
| 114 | ASN1_INTEGER *version; |
| 115 | KEYBAG *mykeybag; |
| 116 | }KEYSTORE_INNER; |
| 117 | |
| 118 | DECLARE_STACK_OF(KEYSTORE_INNER) |
| 119 | DECLARE_ASN1_SET_OF(KEYSTORE_INNER) |
| 120 | DECLARE_ASN1_FUNCTIONS(KEYSTORE_INNER) |
| 121 | |
| 122 | typedef struct keystore_st |
| 123 | { |
| 124 | ASN1_INTEGER *version; |
| 125 | KEYBAG *mykeybag; |
| 126 | VERIFIED_BOOT_SIG *sig; |
| 127 | }KEYSTORE; |
| 128 | |
| 129 | DECLARE_STACK_OF(KEYSTORE) |
| 130 | DECLARE_ASN1_SET_OF(KEYSTORE) |
| 131 | DECLARE_ASN1_FUNCTIONS(KEYSTORE) |
| 132 | |
| 133 | enum boot_state |
| 134 | { |
| 135 | GREEN, |
| 136 | ORANGE, |
| 137 | YELLOW, |
| 138 | RED, |
Monika Singh | 5a2f7de | 2018-03-16 16:57:44 +0530 | [diff] [blame] | 139 | BOOT_STATE_MAX = (uint32_t)0xFFFFFFFF, |
Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 140 | }; |
| 141 | |
Sridhar Parasuram | d69f790 | 2015-07-10 13:31:17 -0700 | [diff] [blame] | 142 | struct verified_boot_verity_mode |
| 143 | { |
| 144 | bool verity_mode_enforcing; |
| 145 | char *name; |
| 146 | }; |
| 147 | |
Sridhar Parasuram | 4311b8e | 2015-05-28 17:01:59 -0700 | [diff] [blame] | 148 | struct verified_boot_state_name |
| 149 | { |
| 150 | uint32_t boot_state; |
| 151 | char *name; |
| 152 | }; |
| 153 | |
Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 154 | enum boot_verfiy_event |
| 155 | { |
| 156 | BOOT_INIT, |
| 157 | DEV_UNLOCK, |
Sridhar Parasuram | 8b79242 | 2015-07-05 11:38:13 -0700 | [diff] [blame] | 158 | BOOTIMG_EMBEDDED_CERT_VERIFICATION_PASS, |
| 159 | BOOTIMG_KEYSTORE_VERIFICATION_PASS, |
| 160 | BOOTIMG_VERIFICATION_FAIL, |
Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 161 | USER_DENIES, |
| 162 | }; |
| 163 | |
| 164 | extern char KEYSTORE_PTN_NAME[]; |
| 165 | /* Function to initialize keystore */ |
| 166 | uint32_t boot_verify_keystore_init(); |
| 167 | /* Function to verify boot/recovery image */ |
Monika Singh | 5a2f7de | 2018-03-16 16:57:44 +0530 | [diff] [blame] | 168 | bool boot_verify_image(unsigned char* img_addr, uint32_t img_size, char *pname, uint32_t *bs); |
Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 169 | /* Function to send event to boot state machine */ |
| 170 | void boot_verify_send_event(uint32_t event); |
| 171 | /* Read current boot state */ |
| 172 | uint32_t boot_verify_get_state(); |
| 173 | /* Print current boot state */ |
| 174 | void boot_verify_print_state(); |
| 175 | /* Function to validate keystore */ |
Gaurav Nebhwani | c7313cc | 2015-12-15 22:25:04 +0530 | [diff] [blame] | 176 | bool boot_verify_validate_keystore(unsigned char * user_addr, unsigned sz); |
Sridhar Parasuram | 00bfedb | 2015-05-26 14:21:27 -0700 | [diff] [blame] | 177 | /* Function to send root of trust to trust zone */ |
Sridhar Parasuram | 96300dc | 2015-06-11 10:37:11 -0700 | [diff] [blame] | 178 | bool send_rot_command(uint32_t is_unlocked); |
Brahmaji K | 708fc50 | 2017-08-07 21:08:04 +0530 | [diff] [blame] | 179 | /* function to set the os version and patch level. */ |
| 180 | void set_os_version(unsigned char* img_addr); |
lijuang | f214e22 | 2015-07-16 20:06:22 +0800 | [diff] [blame] | 181 | unsigned char* get_boot_fingerprint(unsigned int* buf_size); |
Channagoud Kadabi | 583ea4c | 2015-09-08 14:55:09 -0700 | [diff] [blame] | 182 | bool boot_verify_compare_sha256(unsigned char *image_ptr, |
| 183 | unsigned int image_size, unsigned char *signature_ptr, RSA *rsa); |
| 184 | KEYSTORE *boot_gerity_get_oem_keystore(); |
P.V. Phani Kumar | bbe8c8e | 2016-03-09 19:43:24 +0530 | [diff] [blame] | 185 | uint32_t read_der_message_length(unsigned char* input, unsigned sz); |
Monika Singh | 0b15c02 | 2019-04-10 15:24:20 +0530 | [diff] [blame^] | 186 | /* Function to set verified boot hash in keymaster */ |
| 187 | int set_verified_boot_hash (const char *vbh, size_t vbh_size); |
Shashank Mittal | 64d0485 | 2014-08-28 15:02:46 -0700 | [diff] [blame] | 188 | #endif |