| Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 1 | /* Copyright (c) 2015, The Linux Foundation. All rights reserved. |
| 2 | * |
| 3 | * Redistribution and use in source and binary forms, with or without |
| 4 | * modification, are permitted provided that the following conditions are |
| 5 | * met: |
| 6 | * * Redistributions of source code must retain the above copyright |
| 7 | * notice, this list of conditions and the following disclaimer. |
| 8 | * * Redistributions in binary form must reproduce the above |
| 9 | * copyright notice, this list of conditions and the following |
| 10 | * disclaimer in the documentation and/or other materials provided |
| 11 | * with the distribution. |
| 12 | * * Neither the name of The Linux Foundation nor the names of its |
| 13 | * contributors may be used to endorse or promote products derived |
| 14 | * from this software without specific prior written permission. |
| 15 | * |
| 16 | * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED |
| 17 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| 18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| 20 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| 23 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| 24 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| 25 | * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | */ |
| 28 | |
| 29 | #ifndef __APP_MDTP_H |
| 30 | #define __APP_MDTP_H |
| 31 | |
| 32 | #define TOKEN_LEN 16 |
| 33 | #define MAX_BLOCKS 512 |
| 34 | #define MAX_PARTITIONS 3 |
| 35 | #define MAX_PARTITION_NAME_LEN 100 |
| 36 | #define HASH_LEN 32 |
| 37 | #define MDTP_MAX_PIN_LEN 8 |
| 38 | #define DIP_PADDING 11 |
| 39 | |
| 40 | #define ROUND_TO_PAGE(x,y) (((x) + (y)) & (~(y))) |
| 41 | #define MDTP_FWLOCK_BLOCK_SIZE (1024*1024*16) |
| 42 | #define MDTP_FWLOCK_MAX_FILES (100) |
| 43 | #define MDTP_FWLOCK_MAX_FILE_NAME_LEN (100) |
| 44 | |
| 45 | #pragma pack(push, mdtp, 1) |
| 46 | |
| 47 | typedef enum { |
| 48 | DIP_STATUS_DEACTIVATED = 0, |
| 49 | DIP_STATUS_ACTIVATED, |
| 50 | DIP_STATUS_SIZE = 0x7FFFFFFF |
| 51 | } dip_status_t; |
| 52 | |
| 53 | typedef enum { |
| 54 | MDTP_FWLOCK_MODE_SINGLE = 0, |
| 55 | MDTP_FWLOCK_MODE_BLOCK, |
| 56 | MDTP_FWLOCK_MODE_FILES, |
| 57 | MDTP_FWLOCK_MODE_SIZE = 0x7FFFFFFF |
| 58 | } mdtp_fwlock_mode_t; |
| 59 | |
| 60 | typedef struct DIP_hash_table_entry { |
| 61 | unsigned char hash[HASH_LEN]; /* Hash on block */ |
| 62 | } DIP_hash_table_entry_t; |
| 63 | |
| 64 | typedef struct DIP_partition_cfg { |
| 65 | uint32_t size; /* DIP size */ |
| 66 | char name[MAX_PARTITION_NAME_LEN]; /* Partition name */ |
| 67 | uint8_t lock_enabled; /* Image locked? */ |
| 68 | mdtp_fwlock_mode_t hash_mode; /* Hash per IMAGE or BLOCK */ |
| 69 | uint8_t force_verify_block[MAX_BLOCKS]; /* Verify only given block numbers. */ |
| 70 | char files_to_protect[MDTP_FWLOCK_MAX_FILES][MDTP_FWLOCK_MAX_FILE_NAME_LEN]; /* Verify given files */ |
| 71 | uint32_t verify_ratio; /* Statistically verify this ratio of blocks */ |
| 72 | DIP_hash_table_entry_t hash_table[MAX_BLOCKS]; /* Hash table */ |
| 73 | } DIP_partition_cfg_t; |
| 74 | |
| 75 | typedef struct mdtp_pin { |
| 76 | char mdtp_pin[MDTP_MAX_PIN_LEN+1]; /* A null terminated PIN. */ |
| 77 | } mdtp_pin_t; |
| 78 | |
| 79 | /** MDTP configuration. */ |
| 80 | typedef struct mdtp_cfg { |
| 81 | uint8_t enable_local_pin_authentication;/* Allow local authentication using a PIN. */ |
| 82 | mdtp_pin_t mdtp_pin; /* Null terminated PIN provided by the user for local deactivation. |
| 83 | PIN length should be from MDTP_MIN_PIN_LEN to MDTP_MAX_PIN_LEN digits. */ |
| 84 | } mdtp_cfg_t; |
| 85 | |
| 86 | typedef struct DIP { |
| 87 | /* Management area of the DIP */ |
| 88 | uint32_t version; /* DIP version */ |
| 89 | dip_status_t status; /* DIP activated/deactivated */ |
| 90 | mdtp_cfg_t mdtp_cfg; /* MDTP configuration, such as PIN */ |
| 91 | |
| 92 | /* Firmware Lock area of the DIP */ |
| 93 | DIP_partition_cfg_t partition_cfg[MAX_PARTITIONS]; /* Config for each partition */ |
| 94 | |
| 95 | /* Footer area of the DIP */ |
| 96 | uint8_t padding[DIP_PADDING]; /* Pad to multiple of 16 bytes */ |
| 97 | unsigned char hash[HASH_LEN]; /* DIP integrity */ |
| 98 | } DIP_t; |
| 99 | |
| 100 | #pragma pack(pop, mdtp) |
| 101 | typedef enum { |
| 102 | VERIFY_SKIPPED = 0, |
| 103 | VERIFY_OK, |
| 104 | VERIFY_FAILED, |
| 105 | } verify_result_t; |
| 106 | |
| 107 | /* Start Firmware Lock verification process */ |
| 108 | int mdtp_fwlock_verify_lock(); |
| 109 | |
| Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 110 | /* Return whether the MDTP is currently enabled or disabled in HW */ |
| 111 | int mdtp_fuse_get_enabled(bool *enabled); |
| 112 | |
| Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 113 | /* Display the "Firmware Valid" screen */ |
| 114 | void show_OK_msg(); |
| 115 | |
| 116 | /* Display the "Firmware Invalid" screen */ |
| 117 | void show_invalid_msg(); |
| 118 | |
| 119 | /* Display the "Verifying Firmware" screen */ |
| 120 | void show_checking_msg(); |
| 121 | |
| 122 | #endif |