1 /* 2 * SPDX-License-Identifier: Apache-2.0 3 * 4 * Copyright (c) 2016-2019 Linaro LTD 5 * Copyright (c) 2016-2019 JUUL Labs 6 * Copyright (c) 2019-2023 Arm Limited 7 * 8 * Original license: 9 * 10 * Licensed to the Apache Software Foundation (ASF) under one 11 * or more contributor license agreements. See the NOTICE file 12 * distributed with this work for additional information 13 * regarding copyright ownership. The ASF licenses this file 14 * to you under the Apache License, Version 2.0 (the 15 * "License"); you may not use this file except in compliance 16 * with the License. You may obtain a copy of the License at 17 * 18 * http://www.apache.org/licenses/LICENSE-2.0 19 * 20 * Unless required by applicable law or agreed to in writing, 21 * software distributed under the License is distributed on an 22 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 23 * KIND, either express or implied. See the License for the 24 * specific language governing permissions and limitations 25 * under the License. 26 */ 27 28 #ifndef H_IMAGE_ 29 #define H_IMAGE_ 30 31 #include <inttypes.h> 32 #include <stdbool.h> 33 #include "bootutil/fault_injection_hardening.h" 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 #ifndef __packed 40 #define __packed __attribute__((__packed__)) 41 #endif 42 43 struct flash_area; 44 45 #define IMAGE_MAGIC 0x96f3b83d 46 #define IMAGE_MAGIC_V1 0x96f3b83c 47 #define IMAGE_MAGIC_NONE 0xffffffff 48 #define IMAGE_TLV_INFO_MAGIC 0x6907 49 #define IMAGE_TLV_PROT_INFO_MAGIC 0x6908 50 51 #define IMAGE_HEADER_SIZE 32 52 #define IMAGE_HASH_LEN 32 /* Size of SHA256 TLV hash */ 53 54 /* 55 * Image header flags. 56 */ 57 #define IMAGE_F_PIC 0x00000001 /* Not supported. */ 58 #define IMAGE_F_ENCRYPTED_AES128 0x00000004 /* Encrypted using AES128. */ 59 #define IMAGE_F_ENCRYPTED_AES256 0x00000008 /* Encrypted using AES256. */ 60 #define IMAGE_F_NON_BOOTABLE 0x00000010 /* Split image app. */ 61 /* 62 * Indicates that this image should be loaded into RAM instead of run 63 * directly from flash. The address to load should be in the 64 * ih_load_addr field of the header. 65 */ 66 #define IMAGE_F_RAM_LOAD 0x00000020 67 68 /* 69 * Indicates that ih_load_addr stores information on flash/ROM address the 70 * image has been built for. 71 */ 72 #define IMAGE_F_ROM_FIXED 0x00000100 73 74 /* 75 * Flags that indicate if the image data is compressed 76 */ 77 #define IMAGE_F_COMPRESSED_LZMA1 0x00000200 78 #define IMAGE_F_COMPRESSED_LZMA2 0x00000400 79 #define IMAGE_F_COMPRESSED_ARM_THUMB_FLT 0x00000800 80 81 /* 82 * ECSDA224 is with NIST P-224 83 * ECSDA256 is with NIST P-256 84 */ 85 86 /* 87 * Image trailer TLV types. 88 * 89 * Signature is generated by computing signature over the image hash. 90 * 91 * Signature comes in the form of 2 TLVs. 92 * 1st on identifies the public key which should be used to verify it. 93 * 2nd one is the actual signature. 94 */ 95 #define IMAGE_TLV_KEYHASH 0x01 /* hash of the public key */ 96 #define IMAGE_TLV_PUBKEY 0x02 /* public key */ 97 #define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */ 98 #define IMAGE_TLV_SHA384 0x11 /* SHA384 of image hdr and body */ 99 #define IMAGE_TLV_SHA512 0x12 /* SHA512 of image hdr and body */ 100 #define IMAGE_TLV_RSA2048_PSS 0x20 /* RSA2048 of hash output */ 101 #define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output - Not supported anymore */ 102 #define IMAGE_TLV_ECDSA_SIG 0x22 /* ECDSA of hash output */ 103 #define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */ 104 #define IMAGE_TLV_ED25519 0x24 /* ed25519 of hash output */ 105 #define IMAGE_TLV_SIG_PURE 0x25 /* Indicator that attached signature has been prepared 106 * over image rather than its digest. 107 */ 108 #define IMAGE_TLV_ENC_RSA2048 0x30 /* Key encrypted with RSA-OAEP-2048 */ 109 #define IMAGE_TLV_ENC_KW 0x31 /* Key encrypted with AES-KW 128 or 256*/ 110 #define IMAGE_TLV_ENC_EC256 0x32 /* Key encrypted with ECIES-EC256 */ 111 #define IMAGE_TLV_ENC_X25519 0x33 /* Key encrypted with ECIES-X25519 */ 112 #define IMAGE_TLV_DEPENDENCY 0x40 /* Image depends on other image */ 113 #define IMAGE_TLV_SEC_CNT 0x50 /* security counter */ 114 #define IMAGE_TLV_BOOT_RECORD 0x60 /* measured boot record */ 115 /* The following flags relate to compressed images and are for the decompressed image data */ 116 #define IMAGE_TLV_DECOMP_SIZE 0x70 /* Decompressed image size excluding header/TLVs */ 117 #define IMAGE_TLV_DECOMP_SHA 0x71 /* 118 * Decompressed image shaX hash, this field must match 119 * the format and size of the raw slot (compressed) 120 * shaX hash 121 */ 122 #define IMAGE_TLV_DECOMP_SIGNATURE 0x72 /* 123 * Decompressed image signature, this field must match 124 * the format and size of the raw slot (compressed) 125 * signature 126 */ 127 /* 128 * vendor reserved TLVs at xxA0-xxFF, 129 * where xx denotes the upper byte 130 * range. Examples: 131 * 0x00a0 - 0x00ff 132 * 0x01a0 - 0x01ff 133 * 0x02a0 - 0x02ff 134 * ... 135 * 0xffa0 - 0xfffe 136 */ 137 #define IMAGE_TLV_ANY 0xffff /* Used to iterate over all TLV */ 138 139 struct image_version { 140 uint8_t iv_major; 141 uint8_t iv_minor; 142 uint16_t iv_revision; 143 uint32_t iv_build_num; 144 } __packed; 145 146 struct image_dependency { 147 uint8_t image_id; /* Image index (from 0) */ 148 uint8_t _pad1; 149 uint16_t _pad2; 150 struct image_version image_min_version; /* Indicates at minimum which 151 * version of firmware must be 152 * available to satisfy compliance 153 */ 154 }; 155 156 /** Image header. All fields are in little endian byte order. */ 157 struct image_header { 158 uint32_t ih_magic; 159 uint32_t ih_load_addr; 160 uint16_t ih_hdr_size; /* Size of image header (bytes). */ 161 uint16_t ih_protect_tlv_size; /* Size of protected TLV area (bytes). */ 162 uint32_t ih_img_size; /* Does not include header. */ 163 uint32_t ih_flags; /* IMAGE_F_[...]. */ 164 struct image_version ih_ver; 165 uint32_t _pad1; 166 } __packed; 167 168 /** Image TLV header. All fields in little endian. */ 169 struct image_tlv_info { 170 uint16_t it_magic; 171 uint16_t it_tlv_tot; /* size of TLV area (including tlv_info header) */ 172 } __packed; 173 174 /** Image trailer TLV format. All fields in little endian. */ 175 struct image_tlv { 176 uint16_t it_type; /* IMAGE_TLV_[...]. */ 177 uint16_t it_len; /* Data length (not including TLV header). */ 178 } __packed; 179 180 #define ENCRYPTIONFLAGS (IMAGE_F_ENCRYPTED_AES128 | IMAGE_F_ENCRYPTED_AES256) 181 #define IS_ENCRYPTED(hdr) (((hdr)->ih_flags & IMAGE_F_ENCRYPTED_AES128) \ 182 || ((hdr)->ih_flags & IMAGE_F_ENCRYPTED_AES256)) 183 #define MUST_DECRYPT(fap, idx, hdr) \ 184 (flash_area_get_id(fap) == FLASH_AREA_IMAGE_SECONDARY(idx) && IS_ENCRYPTED(hdr)) 185 186 #define COMPRESSIONFLAGS (IMAGE_F_COMPRESSED_LZMA1 | IMAGE_F_COMPRESSED_LZMA2 \ 187 | IMAGE_F_COMPRESSED_ARM_THUMB_FLT) 188 #define IS_COMPRESSED(hdr) ((hdr)->ih_flags & COMPRESSIONFLAGS) 189 #define MUST_DECOMPRESS(fap, idx, hdr) \ 190 (flash_area_get_id(fap) == FLASH_AREA_IMAGE_SECONDARY(idx) && IS_COMPRESSED(hdr)) 191 192 _Static_assert(sizeof(struct image_header) == IMAGE_HEADER_SIZE, 193 "struct image_header not required size"); 194 195 struct enc_key_data; 196 fih_ret bootutil_img_validate(struct enc_key_data *enc_state, int image_index, 197 struct image_header *hdr, 198 const struct flash_area *fap, 199 uint8_t *tmp_buf, uint32_t tmp_buf_sz, 200 uint8_t *seed, int seed_len, uint8_t *out_hash); 201 202 struct image_tlv_iter { 203 const struct image_header *hdr; 204 const struct flash_area *fap; 205 uint16_t type; 206 bool prot; 207 uint32_t prot_end; 208 uint32_t tlv_off; 209 uint32_t tlv_end; 210 }; 211 212 int bootutil_tlv_iter_begin(struct image_tlv_iter *it, 213 const struct image_header *hdr, 214 const struct flash_area *fap, uint16_t type, 215 bool prot); 216 int bootutil_tlv_iter_next(struct image_tlv_iter *it, uint32_t *off, 217 uint16_t *len, uint16_t *type); 218 int bootutil_tlv_iter_is_prot(struct image_tlv_iter *it, uint32_t off); 219 220 int32_t bootutil_get_img_security_cnt(struct image_header *hdr, 221 const struct flash_area *fap, 222 uint32_t *security_cnt); 223 224 #ifdef __cplusplus 225 } 226 #endif 227 228 #endif 229
