1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
/* Copyright 2015 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#ifndef __EC_UTIL_SIGNER_COMMON_SIGNED_HEADER_H
#define __EC_UTIL_SIGNER_COMMON_SIGNED_HEADER_H
#include <assert.h>
#include <string.h>
#include <inttypes.h>
#define FUSE_PADDING 0x55555555 // baked in hw!
#define FUSE_IGNORE 0xa3badaac // baked in rom!
#define FUSE_MAX 128 // baked in rom!
#define INFO_MAX 128 // baked in rom!
#define INFO_IGNORE 0xaa3c55c3 // baked in rom!
typedef struct SignedHeader {
#ifdef __cplusplus
SignedHeader() : magic(-1), image_size(0),
epoch_(0x1337), major_(0), minor_(0xbabe),
p4cl_(0), applysec_(0), config1_(0) {
memset(signature, 'S', sizeof(signature));
memset(tag, 'T', sizeof(tag));
memset(fusemap, 0, sizeof(fusemap));
memset(infomap, 0, sizeof(infomap));
memset(_pad, '3', sizeof(_pad));
}
void markFuse(uint32_t n) {
assert(n < FUSE_MAX);
fusemap[n / 32] |= 1 << (n & 31);
}
void markInfo(uint32_t n) {
assert(n < INFO_MAX);
infomap[n / 32] |= 1 << (n & 31);
}
#endif // __cplusplus
uint32_t magic; // -1 (thanks, boot_sys!)
uint32_t signature[96];
uint32_t img_chk_; // top 32 bit of expected img_hash
// --------------------- everything below is part of img_hash
uint32_t tag[7]; // words 0-6 of RWR/FWR
uint32_t keyid; // word 7 of RWR
uint32_t key[96]; // public key to verify signature with
uint32_t image_size;
uint32_t ro_base; // readonly region
uint32_t ro_max;
uint32_t rx_base; // executable region
uint32_t rx_max;
uint32_t fusemap[FUSE_MAX / (8 * sizeof(uint32_t))];
uint32_t infomap[INFO_MAX / (8 * sizeof(uint32_t))];
uint32_t epoch_; // word 7 of FWR
uint32_t major_; // keyladder count
uint32_t minor_;
uint64_t timestamp_; // time of signing
uint32_t p4cl_;
uint32_t applysec_; // bits per FUSE_FW_DEFINED_BROM_APPLYSEC
uint32_t config1_; // bits per FUSE_FW_DEFINED_BROM_CONFIG1
uint32_t _pad[256 - 1 - 96 - 1 - 7 - 1 - 96 - 5*1 - 4 - 4 - 7*1 - 2 - 1];
uint32_t fuses_chk_; // top 32 bit of expected fuses hash
uint32_t info_chk_; // top 32 bit of expected info hash
} SignedHeader;
#ifdef __cplusplus
static_assert(sizeof(SignedHeader) == 1024, "SignedHeader should be 1024 bytes");
static_assert(offsetof(SignedHeader, info_chk_) == 1020, "SignedHeader should be 1024 bytes");
#endif // __cplusplus
#endif // __EC_UTIL_SIGNER_COMMON_SIGNED_HEADER_H
|