Blame - platform/msm_shared/include/boot_verifier.h - kernel/lk

blob: efe0c1b8fbbccfa9678047632fbc451433bd2455 [file] [log] [blame]

Shashank Mittal	64d0485	2014-08-28 15:02:46 -0700	[diff] [blame]	1	/*
Channagoud Kadabi	1420b00	2015-01-13 14:48:12 -0800	[diff] [blame]	2	* Copyright (c) 2014-2015 The Linux Foundation. All rights reserved.
Shashank Mittal	64d0485	2014-08-28 15:02:46 -0700	[diff] [blame]	3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* * Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* * Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in
				11	* the documentation and/or other materials provided with the
				12	* distribution.
				13	*
				14	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
				15	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
				16	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
				17	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
				18	* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
				19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
				20	* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
				21	* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
				22	* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
				23	* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
				24	* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
				25	* SUCH DAMAGE.
				26	*/
				27	#ifndef __BOOT_VERIFIER_H
				28	#define __BOOT_VERIFIER_H
				29
				30	#include <asn1.h>
				31	#include <rsa.h>
				32
				33	/**
				34	* AndroidVerifiedBootSignature DEFINITIONS ::=
				35	* BEGIN
				36	* FormatVersion ::= INTEGER
				37	* AlgorithmIdentifier ::= SEQUENCE {
				38	* algorithm OBJECT IDENTIFIER,
				39	* parameters ANY DEFINED BY algorithm OPTIONAL
				40	* }
				41	* AuthenticatedAttributes ::= SEQUENCE {
				42	* target CHARACTER STRING,
				43	* length INTEGER
				44	* }
				45	* Signature ::= OCTET STRING
				46	* END
				47	*/
				48
				49	typedef struct auth_attr_st
				50	{
				51	ASN1_PRINTABLESTRING *target;
				52	ASN1_INTEGER *len;
				53	}AUTH_ATTR;
				54
				55	DECLARE_STACK_OF(AUTH_ATTR)
				56	DECLARE_ASN1_SET_OF(AUTH_ATTR)
				57	DECLARE_ASN1_FUNCTIONS(AUTH_ATTR)
				58
				59	typedef struct verif_boot_sig_st
				60	{
				61	ASN1_INTEGER *version;
Unnati Gandhi	9333499	2015-02-25 19:38:38 +0530	[diff] [blame]	62	X509 *certificate;
Shashank Mittal	64d0485	2014-08-28 15:02:46 -0700	[diff] [blame]	63	X509_ALGOR *algor;
				64	AUTH_ATTR *auth_attr;
				65	ASN1_OCTET_STRING *sig;
				66	}VERIFIED_BOOT_SIG;
				67
				68	DECLARE_STACK_OF(VERIFIED_BOOT_SIG)
				69	DECLARE_ASN1_SET_OF(VERIFIED_BOOT_SIG)
				70	DECLARE_ASN1_FUNCTIONS(VERIFIED_BOOT_SIG)
				71
				72	/**
				73	* AndroidVerifiedBootKeystore DEFINITIONS ::=
				74	* BEGIN
				75	* FormatVersion ::= INTEGER
				76	* KeyBag ::= SEQUENCE {
				77	* Key ::= SEQUENCE {
				78	* AlgorithmIdentifier ::= SEQUENCE {
				79	* algorithm OBJECT IDENTIFIER,
				80	* parameters ANY DEFINED BY algorithm OPTIONAL
				81	* }
				82	* KeyMaterial ::= RSAPublicKey
				83	* }
				84	* }
				85	* Signature ::= AndroidVerifiedBootSignature
				86	* END
				87	*/
				88
				89	typedef struct key_st
				90	{
				91	X509_ALGOR *algorithm_id;
				92	RSA *key_material;
				93	}KEY;
				94
				95	DECLARE_STACK_OF(KEY)
				96	DECLARE_ASN1_SET_OF(KEY)
				97	DECLARE_ASN1_FUNCTIONS(KEY)
				98
				99	typedef struct keybag_st
				100	{
				101	KEY *mykey;
				102	}KEYBAG;
				103
				104	DECLARE_STACK_OF(KEYBAG)
				105	DECLARE_ASN1_SET_OF(KEYBAG)
				106	DECLARE_ASN1_FUNCTIONS(KEYBAG)
				107
				108	typedef struct keystore_inner_st
				109	{
				110	ASN1_INTEGER *version;
				111	KEYBAG *mykeybag;
				112	}KEYSTORE_INNER;
				113
				114	DECLARE_STACK_OF(KEYSTORE_INNER)
				115	DECLARE_ASN1_SET_OF(KEYSTORE_INNER)
				116	DECLARE_ASN1_FUNCTIONS(KEYSTORE_INNER)
				117
				118	typedef struct keystore_st
				119	{
				120	ASN1_INTEGER *version;
				121	KEYBAG *mykeybag;
				122	VERIFIED_BOOT_SIG *sig;
				123	}KEYSTORE;
				124
				125	DECLARE_STACK_OF(KEYSTORE)
				126	DECLARE_ASN1_SET_OF(KEYSTORE)
				127	DECLARE_ASN1_FUNCTIONS(KEYSTORE)
				128
				129	enum boot_state
				130	{
				131	GREEN,
				132	ORANGE,
				133	YELLOW,
				134	RED,
				135	};
				136
				137	enum boot_verfiy_event
				138	{
				139	BOOT_INIT,
				140	DEV_UNLOCK,
				141	KEYSTORE_VERIFICATION_FAIL,
				142	BOOT_VERIFICATION_FAIL,
				143	USER_DENIES,
				144	};
				145
				146	extern char KEYSTORE_PTN_NAME[];
				147	/* Function to initialize keystore */
				148	uint32_t boot_verify_keystore_init();
				149	/* Function to verify boot/recovery image */
				150	bool boot_verify_image(unsigned char* img_addr, uint32_t img_size, char *pname);
				151	/* Function to send event to boot state machine */
				152	void boot_verify_send_event(uint32_t event);
				153	/* Read current boot state */
				154	uint32_t boot_verify_get_state();
				155	/* Print current boot state */
				156	void boot_verify_print_state();
				157	/* Function to validate keystore */
				158	bool boot_verify_validate_keystore(unsigned char * user_addr);
				159	/* Function to check if partition is allowed to flash in verified mode */
Channagoud Kadabi	1420b00	2015-01-13 14:48:12 -0800	[diff] [blame]	160	bool boot_verify_flash_allowed(const char * entry);
Shashank Mittal	64d0485	2014-08-28 15:02:46 -0700	[diff] [blame]	161	#endif