Reut Zysman | ff6bab9 | 2016-02-09 14:06:31 +0200 | [diff] [blame] | 1 | /* Copyright (c) 2015-2016, The Linux Foundation. All rights reserved. |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 2 | * |
| 3 | * Redistribution and use in source and binary forms, with or without |
| 4 | * modification, are permitted provided that the following conditions are |
| 5 | * met: |
| 6 | * * Redistributions of source code must retain the above copyright |
| 7 | * notice, this list of conditions and the following disclaimer. |
| 8 | * * Redistributions in binary form must reproduce the above |
| 9 | * copyright notice, this list of conditions and the following |
| 10 | * disclaimer in the documentation and/or other materials provided |
| 11 | * with the distribution. |
| 12 | * * Neither the name of The Linux Foundation nor the names of its |
| 13 | * contributors may be used to endorse or promote products derived |
| 14 | * from this software without specific prior written permission. |
| 15 | * |
| 16 | * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED |
| 17 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| 18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| 20 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| 23 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| 24 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| 25 | * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | */ |
| 28 | |
| 29 | #ifndef __APP_MDTP_H |
| 30 | #define __APP_MDTP_H |
| 31 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame] | 32 | #define TOKEN_LEN (16) |
| 33 | #define MAX_BLOCKS (512) |
| 34 | #define MAX_PARTITIONS (3) |
| 35 | #define MAX_PARTITION_NAME_LEN (100) |
| 36 | #define HASH_LEN (32) |
Amir Kotzer | 20716f1 | 2016-02-24 10:31:18 +0200 | [diff] [blame] | 37 | #define MDTP_PIN_LEN (8) |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame] | 38 | #define DIP_PADDING (15) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 39 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 40 | #define INITIAL_DELAY_MSECONDS 5000 |
| 41 | #define INVALID_PIN_DELAY_MSECONDS 5000 |
| 42 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame] | 43 | #define MDTP_FWLOCK_BLOCK_SIZE (1024*1024*16) |
| 44 | #define MDTP_FWLOCK_MAX_FILES (100) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 45 | #define MDTP_FWLOCK_MAX_FILE_NAME_LEN (100) |
Amit Blay | 4aa292f | 2015-04-28 21:55:59 +0300 | [diff] [blame] | 46 | #define MDTP_SCRATCH_OFFSET 0x8000000 |
| 47 | |
| 48 | #ifdef MDTP_SUPPORT |
| 49 | #ifndef VERIFIED_BOOT |
| 50 | #error MDTP feature requires VERIFIED_BOOT feature |
| 51 | #endif |
| 52 | #endif |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 53 | |
| 54 | #pragma pack(push, mdtp, 1) |
| 55 | |
| 56 | typedef enum { |
| 57 | DIP_STATUS_DEACTIVATED = 0, |
| 58 | DIP_STATUS_ACTIVATED, |
| 59 | DIP_STATUS_SIZE = 0x7FFFFFFF |
| 60 | } dip_status_t; |
| 61 | |
| 62 | typedef enum { |
| 63 | MDTP_FWLOCK_MODE_SINGLE = 0, |
| 64 | MDTP_FWLOCK_MODE_BLOCK, |
| 65 | MDTP_FWLOCK_MODE_FILES, |
| 66 | MDTP_FWLOCK_MODE_SIZE = 0x7FFFFFFF |
| 67 | } mdtp_fwlock_mode_t; |
| 68 | |
| 69 | typedef struct DIP_hash_table_entry { |
| 70 | unsigned char hash[HASH_LEN]; /* Hash on block */ |
| 71 | } DIP_hash_table_entry_t; |
| 72 | |
| 73 | typedef struct DIP_partition_cfg { |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame] | 74 | uint64_t size; /* Partition size in bytes */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 75 | char name[MAX_PARTITION_NAME_LEN]; /* Partition name */ |
| 76 | uint8_t lock_enabled; /* Image locked? */ |
| 77 | mdtp_fwlock_mode_t hash_mode; /* Hash per IMAGE or BLOCK */ |
| 78 | uint8_t force_verify_block[MAX_BLOCKS]; /* Verify only given block numbers. */ |
| 79 | char files_to_protect[MDTP_FWLOCK_MAX_FILES][MDTP_FWLOCK_MAX_FILE_NAME_LEN]; /* Verify given files */ |
| 80 | uint32_t verify_ratio; /* Statistically verify this ratio of blocks */ |
| 81 | DIP_hash_table_entry_t hash_table[MAX_BLOCKS]; /* Hash table */ |
| 82 | } DIP_partition_cfg_t; |
| 83 | |
| 84 | typedef struct mdtp_pin { |
Amir Kotzer | 20716f1 | 2016-02-24 10:31:18 +0200 | [diff] [blame] | 85 | char mdtp_pin[MDTP_PIN_LEN+1]; /* A null terminated PIN. */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 86 | } mdtp_pin_t; |
| 87 | |
| 88 | /** MDTP configuration. */ |
| 89 | typedef struct mdtp_cfg { |
| 90 | uint8_t enable_local_pin_authentication;/* Allow local authentication using a PIN. */ |
| 91 | mdtp_pin_t mdtp_pin; /* Null terminated PIN provided by the user for local deactivation. |
Amir Kotzer | 20716f1 | 2016-02-24 10:31:18 +0200 | [diff] [blame] | 92 | PIN length should be MDTP_PIN_LEN digits. */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 93 | } mdtp_cfg_t; |
| 94 | |
| 95 | typedef struct DIP { |
| 96 | /* Management area of the DIP */ |
| 97 | uint32_t version; /* DIP version */ |
| 98 | dip_status_t status; /* DIP activated/deactivated */ |
| 99 | mdtp_cfg_t mdtp_cfg; /* MDTP configuration, such as PIN */ |
| 100 | |
| 101 | /* Firmware Lock area of the DIP */ |
| 102 | DIP_partition_cfg_t partition_cfg[MAX_PARTITIONS]; /* Config for each partition */ |
| 103 | |
| 104 | /* Footer area of the DIP */ |
| 105 | uint8_t padding[DIP_PADDING]; /* Pad to multiple of 16 bytes */ |
| 106 | unsigned char hash[HASH_LEN]; /* DIP integrity */ |
| 107 | } DIP_t; |
| 108 | |
| 109 | #pragma pack(pop, mdtp) |
Amit Blay | 4aa292f | 2015-04-28 21:55:59 +0300 | [diff] [blame] | 110 | |
| 111 | typedef enum { |
| 112 | MDTP_PARTITION_BOOT = 0, |
| 113 | MDTP_PARTITION_RECOVERY, |
Amit Blay | 8a51030 | 2015-08-17 09:20:01 +0300 | [diff] [blame] | 114 | MDTP_PARTITION_NONE, |
Amit Blay | 4aa292f | 2015-04-28 21:55:59 +0300 | [diff] [blame] | 115 | MDTP_PARTITION_NUM, |
| 116 | } mdtp_ext_partition_t; |
| 117 | |
| 118 | typedef enum { |
| 119 | MDTP_PARTITION_STATE_UNSET = 0, |
| 120 | MDTP_PARTITION_STATE_VALID, |
| 121 | MDTP_PARTITION_STATE_INVALID, |
| 122 | MDTP_PARTITION_STATE_SIZE, |
| 123 | } mdtp_ext_partition_state_t; |
| 124 | |
| 125 | typedef struct mdtp_ext_partition { |
| 126 | mdtp_ext_partition_t partition; |
| 127 | mdtp_ext_partition_state_t integrity_state; |
| 128 | uint32_t page_size; |
| 129 | uint32_t image_addr; |
| 130 | uint32_t image_size; |
| 131 | bool sig_avail; |
| 132 | } mdtp_ext_partition_verification_t; |
| 133 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 134 | typedef enum { |
| 135 | VERIFY_SKIPPED = 0, |
| 136 | VERIFY_OK, |
| 137 | VERIFY_FAILED, |
Reut Zysman | ff6bab9 | 2016-02-09 14:06:31 +0200 | [diff] [blame] | 138 | VERIFY_MDTP_FAILED, |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 139 | } verify_result_t; |
| 140 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 141 | /** |
| 142 | * mdtp_fuse_get_enabled |
| 143 | * |
| 144 | * Return whether the MDTP is currently enabled or |
| 145 | * disabled in HW. |
| 146 | * |
| 147 | * @param[out] enabled: set to true if MDTP enabled, |
| 148 | * false otherwise. |
| 149 | * |
| 150 | * @return - negative value for an error, 0 for success. |
| 151 | */ |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 152 | int mdtp_fuse_get_enabled(bool *enabled); |
| 153 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 154 | /** |
| 155 | * get_pin_from_user |
| 156 | * |
| 157 | * Display the recovery PIN screen and set received buffer |
| 158 | * with the PIN the user has entered. |
| 159 | * |
| 160 | * @param[out] entered_pin: buffer holding the received PIN. |
| 161 | * @param[in] pin_length: PIN length (and also entered_pin buffer length). |
| 162 | * |
| 163 | * @return - None. |
| 164 | */ |
| 165 | void get_pin_from_user(char *entered_pin, uint32_t pin_length); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 166 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 167 | /** |
| 168 | * display_invalid_pin_msg |
| 169 | * |
| 170 | * User has entered invalid PIN, display error message and |
| 171 | * allow the user to try again. |
| 172 | * |
| 173 | * @return - None. |
| 174 | */ |
| 175 | void display_invalid_pin_msg(); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 176 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 177 | /** |
| 178 | * display_error_msg |
| 179 | * |
| 180 | * Display error message and stop boot process. |
| 181 | * |
| 182 | * @return - None. |
| 183 | */ |
| 184 | void display_error_msg(); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 185 | |
Shay Nachmani | bc10dfe | 2015-02-10 14:45:55 +0200 | [diff] [blame] | 186 | /** |
Reut Zysman | ff6bab9 | 2016-02-09 14:06:31 +0200 | [diff] [blame] | 187 | * display_error_msg_mdtp |
| 188 | * |
| 189 | * Display error message in case mdtp image corrupted and stop boot process. |
| 190 | * |
| 191 | * @return - None. |
| 192 | */ |
| 193 | void display_error_msg_mdtp(); |
| 194 | |
| 195 | /** |
Shay Nachmani | bc10dfe | 2015-02-10 14:45:55 +0200 | [diff] [blame] | 196 | * mdtp_activated |
| 197 | * |
| 198 | * Indicates whether the MDTP is currently in ACTIVATED state. |
| 199 | * You must call this function only after calling to mdtp_fwlock_verify_lock(); |
| 200 | * |
| 201 | * @param[out] activated: MDTP is in ACTIVATED state (TRUE/FALSE). |
| 202 | * |
| 203 | * @return - negative value for an error, 0 for success. |
| 204 | */ |
| 205 | int mdtp_activated(bool * activated); |
| 206 | |
Amit Blay | 4aa292f | 2015-04-28 21:55:59 +0300 | [diff] [blame] | 207 | |
| 208 | // External functions |
| 209 | |
| 210 | /** Entry point of the MDTP Firmware Lock. |
| 211 | * If needed, verify the DIP and all protected partitions. |
| 212 | * Allow passing information about partition verified using an external method |
| 213 | * (either boot or recovery). For boot and recovery, either use aboot's |
| 214 | * verification result, or use boot_verifier APIs to verify internally. |
| 215 | **/ |
| 216 | void mdtp_fwlock_verify_lock(mdtp_ext_partition_verification_t *ext_partition); |
| 217 | |
Amir Kotzer | bb8be14 | 2016-02-23 09:38:25 +0200 | [diff] [blame] | 218 | |
| 219 | //UT functions |
| 220 | |
| 221 | /** Entry point of the MDTP LK UT. |
| 222 | * Start UT on LK mdtp components during fastboot. |
| 223 | **/ |
| 224 | void cmd_mdtp_runtests(); |
| 225 | |
| 226 | int mdtp_verify_hash_ut(); |
| 227 | int mdtp_validate_partition_params_ut(); |
| 228 | int mdtp_verify_partition_ut(); |
| 229 | int mdtp_verify_external_partition_ut(mdtp_ext_partition_verification_t* ext_partition); |
| 230 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 231 | #endif |