Blame - platform/msm_shared/include/boot_verifier.h - kernel/lk

blob: 616f23c9a25dc4127958038ca746738e925b0fa0 [file] [log] [blame]

Shashank Mittal	64d0485	2014-08-28 15:02:46 -0700	[diff] [blame^]	1	/*
				2	* Copyright (c) 2014 The Linux Foundation. All rights reserved.
				3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* * Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* * Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in
				11	* the documentation and/or other materials provided with the
				12	* distribution.
				13	*
				14	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
				15	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
				16	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
				17	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
				18	* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
				19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
				20	* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
				21	* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
				22	* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
				23	* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
				24	* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
				25	* SUCH DAMAGE.
				26	*/
				27	#ifndef __BOOT_VERIFIER_H
				28	#define __BOOT_VERIFIER_H
				29
				30	#include <asn1.h>
				31	#include <rsa.h>
				32
				33	/**
				34	* AndroidVerifiedBootSignature DEFINITIONS ::=
				35	* BEGIN
				36	* FormatVersion ::= INTEGER
				37	* AlgorithmIdentifier ::= SEQUENCE {
				38	* algorithm OBJECT IDENTIFIER,
				39	* parameters ANY DEFINED BY algorithm OPTIONAL
				40	* }
				41	* AuthenticatedAttributes ::= SEQUENCE {
				42	* target CHARACTER STRING,
				43	* length INTEGER
				44	* }
				45	* Signature ::= OCTET STRING
				46	* END
				47	*/
				48
				49	typedef struct auth_attr_st
				50	{
				51	ASN1_PRINTABLESTRING *target;
				52	ASN1_INTEGER *len;
				53	}AUTH_ATTR;
				54
				55	DECLARE_STACK_OF(AUTH_ATTR)
				56	DECLARE_ASN1_SET_OF(AUTH_ATTR)
				57	DECLARE_ASN1_FUNCTIONS(AUTH_ATTR)
				58
				59	typedef struct verif_boot_sig_st
				60	{
				61	ASN1_INTEGER *version;
				62	X509_ALGOR *algor;
				63	AUTH_ATTR *auth_attr;
				64	ASN1_OCTET_STRING *sig;
				65	}VERIFIED_BOOT_SIG;
				66
				67	DECLARE_STACK_OF(VERIFIED_BOOT_SIG)
				68	DECLARE_ASN1_SET_OF(VERIFIED_BOOT_SIG)
				69	DECLARE_ASN1_FUNCTIONS(VERIFIED_BOOT_SIG)
				70
				71	/**
				72	* AndroidVerifiedBootKeystore DEFINITIONS ::=
				73	* BEGIN
				74	* FormatVersion ::= INTEGER
				75	* KeyBag ::= SEQUENCE {
				76	* Key ::= SEQUENCE {
				77	* AlgorithmIdentifier ::= SEQUENCE {
				78	* algorithm OBJECT IDENTIFIER,
				79	* parameters ANY DEFINED BY algorithm OPTIONAL
				80	* }
				81	* KeyMaterial ::= RSAPublicKey
				82	* }
				83	* }
				84	* Signature ::= AndroidVerifiedBootSignature
				85	* END
				86	*/
				87
				88	typedef struct key_st
				89	{
				90	X509_ALGOR *algorithm_id;
				91	RSA *key_material;
				92	}KEY;
				93
				94	DECLARE_STACK_OF(KEY)
				95	DECLARE_ASN1_SET_OF(KEY)
				96	DECLARE_ASN1_FUNCTIONS(KEY)
				97
				98	typedef struct keybag_st
				99	{
				100	KEY *mykey;
				101	}KEYBAG;
				102
				103	DECLARE_STACK_OF(KEYBAG)
				104	DECLARE_ASN1_SET_OF(KEYBAG)
				105	DECLARE_ASN1_FUNCTIONS(KEYBAG)
				106
				107	typedef struct keystore_inner_st
				108	{
				109	ASN1_INTEGER *version;
				110	KEYBAG *mykeybag;
				111	}KEYSTORE_INNER;
				112
				113	DECLARE_STACK_OF(KEYSTORE_INNER)
				114	DECLARE_ASN1_SET_OF(KEYSTORE_INNER)
				115	DECLARE_ASN1_FUNCTIONS(KEYSTORE_INNER)
				116
				117	typedef struct keystore_st
				118	{
				119	ASN1_INTEGER *version;
				120	KEYBAG *mykeybag;
				121	VERIFIED_BOOT_SIG *sig;
				122	}KEYSTORE;
				123
				124	DECLARE_STACK_OF(KEYSTORE)
				125	DECLARE_ASN1_SET_OF(KEYSTORE)
				126	DECLARE_ASN1_FUNCTIONS(KEYSTORE)
				127
				128	enum boot_state
				129	{
				130	GREEN,
				131	ORANGE,
				132	YELLOW,
				133	RED,
				134	};
				135
				136	enum boot_verfiy_event
				137	{
				138	BOOT_INIT,
				139	DEV_UNLOCK,
				140	KEYSTORE_VERIFICATION_FAIL,
				141	BOOT_VERIFICATION_FAIL,
				142	USER_DENIES,
				143	};
				144
				145	extern char KEYSTORE_PTN_NAME[];
				146	/* Function to initialize keystore */
				147	uint32_t boot_verify_keystore_init();
				148	/* Function to verify boot/recovery image */
				149	bool boot_verify_image(unsigned char* img_addr, uint32_t img_size, char *pname);
				150	/* Function to send event to boot state machine */
				151	void boot_verify_send_event(uint32_t event);
				152	/* Read current boot state */
				153	uint32_t boot_verify_get_state();
				154	/* Print current boot state */
				155	void boot_verify_print_state();
				156	/* Function to validate keystore */
				157	bool boot_verify_validate_keystore(unsigned char * user_addr);
				158	/* Function to check if partition is allowed to flash in verified mode */
				159	bool boot_verify_flash_allowed(char * entry);
				160	#endif