Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 1 | /* Copyright (c) 2015, The Linux Foundation. All rights reserved. |
| 2 | * |
| 3 | * Redistribution and use in source and binary forms, with or without |
| 4 | * modification, are permitted provided that the following conditions are |
| 5 | * met: |
| 6 | * * Redistributions of source code must retain the above copyright |
| 7 | * notice, this list of conditions and the following disclaimer. |
| 8 | * * Redistributions in binary form must reproduce the above |
| 9 | * copyright notice, this list of conditions and the following |
| 10 | * disclaimer in the documentation and/or other materials provided |
| 11 | * with the distribution. |
| 12 | * * Neither the name of The Linux Foundation nor the names of its |
| 13 | * contributors may be used to endorse or promote products derived |
| 14 | * from this software without specific prior written permission. |
| 15 | * |
| 16 | * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED |
| 17 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| 18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| 20 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| 23 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| 24 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| 25 | * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | */ |
| 28 | |
| 29 | #ifndef __APP_MDTP_H |
| 30 | #define __APP_MDTP_H |
| 31 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame] | 32 | #define TOKEN_LEN (16) |
| 33 | #define MAX_BLOCKS (512) |
| 34 | #define MAX_PARTITIONS (3) |
| 35 | #define MAX_PARTITION_NAME_LEN (100) |
| 36 | #define HASH_LEN (32) |
| 37 | #define MDTP_MAX_PIN_LEN (8) |
| 38 | #define MDTP_MIN_PIN_LEN (5) |
| 39 | #define DIP_PADDING (15) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 40 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 41 | #define INITIAL_DELAY_MSECONDS 5000 |
| 42 | #define INVALID_PIN_DELAY_MSECONDS 5000 |
| 43 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 44 | #define ROUND_TO_PAGE(x,y) (((x) + (y)) & (~(y))) |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame] | 45 | #define MDTP_FWLOCK_BLOCK_SIZE (1024*1024*16) |
| 46 | #define MDTP_FWLOCK_MAX_FILES (100) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 47 | #define MDTP_FWLOCK_MAX_FILE_NAME_LEN (100) |
Amit Blay | 4aa292f | 2015-04-28 21:55:59 +0300 | [diff] [blame] | 48 | #define MDTP_SCRATCH_OFFSET 0x8000000 |
| 49 | |
| 50 | #ifdef MDTP_SUPPORT |
| 51 | #ifndef VERIFIED_BOOT |
| 52 | #error MDTP feature requires VERIFIED_BOOT feature |
| 53 | #endif |
| 54 | #endif |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 55 | |
| 56 | #pragma pack(push, mdtp, 1) |
| 57 | |
| 58 | typedef enum { |
| 59 | DIP_STATUS_DEACTIVATED = 0, |
| 60 | DIP_STATUS_ACTIVATED, |
| 61 | DIP_STATUS_SIZE = 0x7FFFFFFF |
| 62 | } dip_status_t; |
| 63 | |
| 64 | typedef enum { |
| 65 | MDTP_FWLOCK_MODE_SINGLE = 0, |
| 66 | MDTP_FWLOCK_MODE_BLOCK, |
| 67 | MDTP_FWLOCK_MODE_FILES, |
| 68 | MDTP_FWLOCK_MODE_SIZE = 0x7FFFFFFF |
| 69 | } mdtp_fwlock_mode_t; |
| 70 | |
| 71 | typedef struct DIP_hash_table_entry { |
| 72 | unsigned char hash[HASH_LEN]; /* Hash on block */ |
| 73 | } DIP_hash_table_entry_t; |
| 74 | |
| 75 | typedef struct DIP_partition_cfg { |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame] | 76 | uint64_t size; /* Partition size in bytes */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 77 | char name[MAX_PARTITION_NAME_LEN]; /* Partition name */ |
| 78 | uint8_t lock_enabled; /* Image locked? */ |
| 79 | mdtp_fwlock_mode_t hash_mode; /* Hash per IMAGE or BLOCK */ |
| 80 | uint8_t force_verify_block[MAX_BLOCKS]; /* Verify only given block numbers. */ |
| 81 | char files_to_protect[MDTP_FWLOCK_MAX_FILES][MDTP_FWLOCK_MAX_FILE_NAME_LEN]; /* Verify given files */ |
| 82 | uint32_t verify_ratio; /* Statistically verify this ratio of blocks */ |
| 83 | DIP_hash_table_entry_t hash_table[MAX_BLOCKS]; /* Hash table */ |
| 84 | } DIP_partition_cfg_t; |
| 85 | |
| 86 | typedef struct mdtp_pin { |
| 87 | char mdtp_pin[MDTP_MAX_PIN_LEN+1]; /* A null terminated PIN. */ |
| 88 | } mdtp_pin_t; |
| 89 | |
| 90 | /** MDTP configuration. */ |
| 91 | typedef struct mdtp_cfg { |
| 92 | uint8_t enable_local_pin_authentication;/* Allow local authentication using a PIN. */ |
| 93 | mdtp_pin_t mdtp_pin; /* Null terminated PIN provided by the user for local deactivation. |
| 94 | PIN length should be from MDTP_MIN_PIN_LEN to MDTP_MAX_PIN_LEN digits. */ |
| 95 | } mdtp_cfg_t; |
| 96 | |
| 97 | typedef struct DIP { |
| 98 | /* Management area of the DIP */ |
| 99 | uint32_t version; /* DIP version */ |
| 100 | dip_status_t status; /* DIP activated/deactivated */ |
| 101 | mdtp_cfg_t mdtp_cfg; /* MDTP configuration, such as PIN */ |
| 102 | |
| 103 | /* Firmware Lock area of the DIP */ |
| 104 | DIP_partition_cfg_t partition_cfg[MAX_PARTITIONS]; /* Config for each partition */ |
| 105 | |
| 106 | /* Footer area of the DIP */ |
| 107 | uint8_t padding[DIP_PADDING]; /* Pad to multiple of 16 bytes */ |
| 108 | unsigned char hash[HASH_LEN]; /* DIP integrity */ |
| 109 | } DIP_t; |
| 110 | |
| 111 | #pragma pack(pop, mdtp) |
Amit Blay | 4aa292f | 2015-04-28 21:55:59 +0300 | [diff] [blame] | 112 | |
| 113 | typedef enum { |
| 114 | MDTP_PARTITION_BOOT = 0, |
| 115 | MDTP_PARTITION_RECOVERY, |
Amit Blay | 8a51030 | 2015-08-17 09:20:01 +0300 | [diff] [blame^] | 116 | MDTP_PARTITION_NONE, |
Amit Blay | 4aa292f | 2015-04-28 21:55:59 +0300 | [diff] [blame] | 117 | MDTP_PARTITION_NUM, |
| 118 | } mdtp_ext_partition_t; |
| 119 | |
| 120 | typedef enum { |
| 121 | MDTP_PARTITION_STATE_UNSET = 0, |
| 122 | MDTP_PARTITION_STATE_VALID, |
| 123 | MDTP_PARTITION_STATE_INVALID, |
| 124 | MDTP_PARTITION_STATE_SIZE, |
| 125 | } mdtp_ext_partition_state_t; |
| 126 | |
| 127 | typedef struct mdtp_ext_partition { |
| 128 | mdtp_ext_partition_t partition; |
| 129 | mdtp_ext_partition_state_t integrity_state; |
| 130 | uint32_t page_size; |
| 131 | uint32_t image_addr; |
| 132 | uint32_t image_size; |
| 133 | bool sig_avail; |
| 134 | } mdtp_ext_partition_verification_t; |
| 135 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 136 | typedef enum { |
| 137 | VERIFY_SKIPPED = 0, |
| 138 | VERIFY_OK, |
| 139 | VERIFY_FAILED, |
| 140 | } verify_result_t; |
| 141 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 142 | /** |
| 143 | * mdtp_fuse_get_enabled |
| 144 | * |
| 145 | * Return whether the MDTP is currently enabled or |
| 146 | * disabled in HW. |
| 147 | * |
| 148 | * @param[out] enabled: set to true if MDTP enabled, |
| 149 | * false otherwise. |
| 150 | * |
| 151 | * @return - negative value for an error, 0 for success. |
| 152 | */ |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 153 | int mdtp_fuse_get_enabled(bool *enabled); |
| 154 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 155 | /** |
| 156 | * get_pin_from_user |
| 157 | * |
| 158 | * Display the recovery PIN screen and set received buffer |
| 159 | * with the PIN the user has entered. |
| 160 | * |
| 161 | * @param[out] entered_pin: buffer holding the received PIN. |
| 162 | * @param[in] pin_length: PIN length (and also entered_pin buffer length). |
| 163 | * |
| 164 | * @return - None. |
| 165 | */ |
| 166 | void get_pin_from_user(char *entered_pin, uint32_t pin_length); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 167 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 168 | /** |
| 169 | * display_invalid_pin_msg |
| 170 | * |
| 171 | * User has entered invalid PIN, display error message and |
| 172 | * allow the user to try again. |
| 173 | * |
| 174 | * @return - None. |
| 175 | */ |
| 176 | void display_invalid_pin_msg(); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 177 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 178 | /** |
| 179 | * display_error_msg |
| 180 | * |
| 181 | * Display error message and stop boot process. |
| 182 | * |
| 183 | * @return - None. |
| 184 | */ |
| 185 | void display_error_msg(); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 186 | |
Shay Nachmani | bc10dfe | 2015-02-10 14:45:55 +0200 | [diff] [blame] | 187 | /** |
| 188 | * mdtp_activated |
| 189 | * |
| 190 | * Indicates whether the MDTP is currently in ACTIVATED state. |
| 191 | * You must call this function only after calling to mdtp_fwlock_verify_lock(); |
| 192 | * |
| 193 | * @param[out] activated: MDTP is in ACTIVATED state (TRUE/FALSE). |
| 194 | * |
| 195 | * @return - negative value for an error, 0 for success. |
| 196 | */ |
| 197 | int mdtp_activated(bool * activated); |
| 198 | |
Amit Blay | 4aa292f | 2015-04-28 21:55:59 +0300 | [diff] [blame] | 199 | |
| 200 | // External functions |
| 201 | |
| 202 | /** Entry point of the MDTP Firmware Lock. |
| 203 | * If needed, verify the DIP and all protected partitions. |
| 204 | * Allow passing information about partition verified using an external method |
| 205 | * (either boot or recovery). For boot and recovery, either use aboot's |
| 206 | * verification result, or use boot_verifier APIs to verify internally. |
| 207 | **/ |
| 208 | void mdtp_fwlock_verify_lock(mdtp_ext_partition_verification_t *ext_partition); |
| 209 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 210 | #endif |