Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / lk / f00ffc84ac353c7a5b5b5b3d055b20598d9acca0 / . / platform / msm_shared / include / boot_verifier.h
blob: 07fb923124c32e9f0762ab612c73c7495335bc9a [file] [log] [blame]
Sridhar Parasuram5620ded2015-08-29 10:01:57 -0700[diff] [blame]1/*
2 * Copyright (c) 2014-2015, The Linux Foundation. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * * Redistributions in binary form must reproduce the above
10 * copyright notice, this list of conditions and the following
11 * disclaimer in the documentation and/or other materials provided
12 * with the distribution.
13 * * Neither the name of The Linux Foundation nor the names of its
14 * contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16
17 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
24 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
25 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
26 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
27 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30#ifndef __BOOT_VERIFIER_H
31#define __BOOT_VERIFIER_H
32
33#include <asn1.h>
34#include <rsa.h>
35
36/**
37 * AndroidVerifiedBootSignature DEFINITIONS ::=
38 * BEGIN
39 * FormatVersion ::= INTEGER
40 * Certificate ::= Certificate
41 * AlgorithmIdentifier ::= SEQUENCE {
42 * algorithm OBJECT IDENTIFIER,
43 * parameters ANY DEFINED BY algorithm OPTIONAL
44 * }
45 * AuthenticatedAttributes ::= SEQUENCE {
46 * target CHARACTER STRING,
47 * length INTEGER
48 * }
49 * Signature ::= OCTET STRING
50 * END
51 */
52
53typedef struct auth_attr_st
54{
55 ASN1_PRINTABLESTRING *target;
56 ASN1_INTEGER *len;
57}AUTH_ATTR;
58
59DECLARE_STACK_OF(AUTH_ATTR)
60DECLARE_ASN1_SET_OF(AUTH_ATTR)
61DECLARE_ASN1_FUNCTIONS(AUTH_ATTR)
62
63typedef struct verif_boot_sig_st
64{
65 ASN1_INTEGER *version;
66 X509 *certificate;
67 X509_ALGOR *algor;
68 AUTH_ATTR *auth_attr;
69 ASN1_OCTET_STRING *sig;
70}VERIFIED_BOOT_SIG;
71
72DECLARE_STACK_OF(VERIFIED_BOOT_SIG)
73DECLARE_ASN1_SET_OF(VERIFIED_BOOT_SIG)
74DECLARE_ASN1_FUNCTIONS(VERIFIED_BOOT_SIG)
75
76/**
77 * AndroidVerifiedBootKeystore DEFINITIONS ::=
78 * BEGIN
79 * FormatVersion ::= INTEGER
80 * KeyBag ::= SEQUENCE {
81 * Key ::= SEQUENCE {
82 * AlgorithmIdentifier ::= SEQUENCE {
83 * algorithm OBJECT IDENTIFIER,
84 * parameters ANY DEFINED BY algorithm OPTIONAL
85 * }
86 * KeyMaterial ::= RSAPublicKey
87 * }
88 * }
89 * Signature ::= AndroidVerifiedBootSignature
90 * END
91 */
92
93typedef struct key_st
94{
95 X509_ALGOR *algorithm_id;
96 RSA *key_material;
97}KEY;
98
99DECLARE_STACK_OF(KEY)
100DECLARE_ASN1_SET_OF(KEY)
101DECLARE_ASN1_FUNCTIONS(KEY)
102
103typedef struct keybag_st
104{
105 KEY *mykey;
106}KEYBAG;
107
108DECLARE_STACK_OF(KEYBAG)
109DECLARE_ASN1_SET_OF(KEYBAG)
110DECLARE_ASN1_FUNCTIONS(KEYBAG)
111
112typedef struct keystore_inner_st
113{
114 ASN1_INTEGER *version;
115 KEYBAG *mykeybag;
116}KEYSTORE_INNER;
117
118DECLARE_STACK_OF(KEYSTORE_INNER)
119DECLARE_ASN1_SET_OF(KEYSTORE_INNER)
120DECLARE_ASN1_FUNCTIONS(KEYSTORE_INNER)
121
122typedef struct keystore_st
123{
124 ASN1_INTEGER *version;
125 KEYBAG *mykeybag;
126 VERIFIED_BOOT_SIG *sig;
127}KEYSTORE;
128
129DECLARE_STACK_OF(KEYSTORE)
130DECLARE_ASN1_SET_OF(KEYSTORE)
131DECLARE_ASN1_FUNCTIONS(KEYSTORE)
132
133enum boot_state
134{
135 GREEN,
136 ORANGE,
137 YELLOW,
138 RED,
139};
140
141struct verified_boot_verity_mode
142{
143 bool verity_mode_enforcing;
144 char *name;
145};
146
147struct verified_boot_state_name
148{
149 uint32_t boot_state;
150 char *name;
151};
152
153enum boot_verfiy_event
154{
155 BOOT_INIT,
156 DEV_UNLOCK,
157 BOOTIMG_EMBEDDED_CERT_VERIFICATION_PASS,
158 BOOTIMG_KEYSTORE_VERIFICATION_PASS,
159 BOOTIMG_VERIFICATION_FAIL,
160 USER_DENIES,
161};
162
163extern char KEYSTORE_PTN_NAME[];
164/* Function to initialize keystore */
165uint32_t boot_verify_keystore_init();
166/* Function to verify boot/recovery image */
167bool boot_verify_image(unsigned char* img_addr, uint32_t img_size, char *pname);
168/* Function to send event to boot state machine */
169void boot_verify_send_event(uint32_t event);
170/* Read current boot state */
171uint32_t boot_verify_get_state();
172/* Print current boot state */
173void boot_verify_print_state();
174/* Function to validate keystore */
175bool boot_verify_validate_keystore(unsigned char * user_addr);
176/* Function to check if partition is allowed to flash in verified mode */
177bool boot_verify_flash_allowed(const char * entry);
178/* Function to send root of trust to trust zone */
179bool send_rot_command(uint32_t is_unlocked);
lijuangf00ffc82015-07-16 20:06:22 +0800[diff] [blame^]180unsigned char* get_boot_fingerprint(unsigned int* buf_size);
Sridhar Parasuram5620ded2015-08-29 10:01:57 -0700[diff] [blame]181#endif