futility: add subcommand for creating and verifying the RO_GSCVD area

The help text of the new subcommand is as follows:

-------
  This utility creates an RO verification space in the Chrome OS AP
  firmware image or allows to validate a previously prepared image
  containing the RO verification space.

  Usage: futilitygscvd PARAMS <AP FIRMWARE FILE> [<root key hash>]

  Creation of RO Verification space:

  Required PARAMS:
    -R|--ranges        STRING        Comma separated colon delimited
                                       hex tuples <offset>:<size>, the
                                       areas of the RO covered by the
                                       signature
    -r|--root_pub_key  <file>        The main public key, in .vbpubk
                                       format, used to verify platform
                                       key
    -k|--keyblock      <file>        Signed platform public key in
                                       .keyblock format, used for run
                                       time RO verifcation
    -p|--platform_priv <file>        Private platform key in .vbprivk
                                       format, used for signing RO
                                       verification data
  Optional PARAMS:
    [--outfile]        OUTFILE       Output firmware image containing
                                       RO verification information

  Validation of RO Verification space:

     The only required parameter is <AP FIRMWARE FILE>, if optional
     <root key hash> is given, it is compared to the hash of the body
     of the root key found in <AP_FIRMWARE_FILE>.

    -h|--help                        Print this message
-------

When creating GVD section, the sha256 hash of the root public key
payload is printed on stdout, this is the hash to include in the GSC
image to for the root key verification.

Code converting ASCII hex string into binary is refactored into a misc
function.

BRANCH=none
BUG=b:141191727
TEST=testing included the following steps:

   . modified guybrush coreboot to allocate an 8KB RO_GSCVD area in
     FMAP and built a guybrush BIOS image
   . filled GVD space as described in the source file comments
   . verified the created space as described in the source file comments
   . verified AP RO integrity on the GSC size using crrev.com/c/3172256

Change-Id: I51a80be5007a32d5286b93499f71da84f41b3d81
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3174570
Reviewed-by: Julius Werner <jwerner@chromium.org>

1 files changed, 59 insertions, 0 deletions

diff --git a/host/lib/include/gsc_ro.h b/host/lib/include/gsc_ro.h
new file mode 100644
index 00000000..00a40111
--- /dev/null
+++ b/host/lib/include/gsc_ro.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2021 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#ifndef __VBOOT_REFERENCE_HOST_LIB_INCLUDE_GSC_RO_H
+#define __VBOOT_REFERENCE_HOST_LIB_INCLUDE_GSC_RO_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "2sha.h"
+
+struct gscvd_ro_range {
+	uint32_t offset;
+	uint32_t size; /* Use uint32_t as opposed to size_to be portable. */
+};
+
+#define GSC_VD_MAGIC 0x65666135 /* Little endian '5 a f e' */
+#define GSC_VD_ROLLBACK_COUNTER 1
+
+struct gsc_verification_data {
+	uint32_t gv_magic;
+	/*
+	 * Size of this structure in bytes, including the ranges array,
+	 * signature and root key bodies.
+	 */
+	uint16_t size;
+	uint16_t major_version; /* Version of this struct layout. Starts at 0 */
+	uint16_t minor_version;
+	/*
+	 * GSC will cache the counter value and will not accept verification
+	 * data blobs with a lower value.
+	 */
+	uint16_t rollback_counter;
+	uint32_t gsc_board_id; /* Locks blob to certain platform. */
+	uint32_t gsc_flags; /* A field for future enhancements. */
+	/*
+	 * The location of fmap that points to this blob. This location must
+	 * also be in one of the verified sections, expressed as offset in
+	 * flash
+	 */
+	uint32_t fmap_location;
+	uint32_t hash_alg; /* one of enum vb2_hash_algorithm alg. */
+	struct vb2_signature sig_header;
+	struct vb2_packed_key root_key_header;
+	/*
+	 * SHAxxx(ranges[0].offset..ranges[0].size || ... ||
+	 *        ranges[n].offset..ranges[n].size)
+	 *
+	 * Let the digest space allow to accommodate the largest possible one.
+	 */
+	uint8_t ranges_digest[VB2_SHA512_DIGEST_SIZE];
+	uint32_t range_count; /* Number of gscvd_ro_range entries. */
+	struct gscvd_ro_range ranges[0];
+};
+
+#endif /* ! __VBOOT_REFERENCE_HOST_LIB_INCLUDE_GSC_RO_H */