blob: d42e412090743d5440ae1c55db7d4658a6aba44c
1 | /* |
2 | * Copyright (C) 2007 The Android Open Source Project |
3 | * |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
5 | * you may not use this file except in compliance with the License. |
6 | * You may obtain a copy of the License at |
7 | * |
8 | * http://www.apache.org/licenses/LICENSE-2.0 |
9 | * |
10 | * Unless required by applicable law or agreed to in writing, software |
11 | * distributed under the License is distributed on an "AS IS" BASIS, |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | * See the License for the specific language governing permissions and |
14 | * limitations under the License. |
15 | */ |
16 | |
17 | #ifndef _SECURITY_H_ |
18 | #define _SECURITY_H_ |
19 | |
20 | #define DTB_IMG "dtb.img" |
21 | #define BOOT_IMG "boot.img" |
22 | #define RECOVERY_IMG "recovery.img" |
23 | #define BOOTLOADER_IMG "bootloader.img" |
24 | #define ARRAY_SIZE(x) (int)(sizeof(x)/sizeof(x[0])) |
25 | |
26 | #define NORMALBOOT_NAME_SIZE 16 |
27 | #define NORMALBOOT_ARGS_SIZE 512 |
28 | #define NORMALBOOT_MAGIC_SIZE 8 |
29 | #define NORMALBOOT_MAGIC "ANDROID!" |
30 | |
31 | #define SECUREBOOT_MAGIC "AMLSECU!" |
32 | #define SECUREBOOT_MAGIC_SIZE 16 |
33 | #define SECUREBOOT_MAGIC_VESRION 0x0801 |
34 | |
35 | #define DECRYPT_DTB "/sys/class/defendkey/decrypt_dtb" |
36 | |
37 | #define DEFEND_KEY \ |
38 | "/dev/defendkey" |
39 | #define SECURE_CHECK \ |
40 | "/sys/class/defendkey/defendkey/secure_check" |
41 | |
42 | #define SECURE_CHECK_BAK \ |
43 | "/sys/class/defendkey/secure_check" |
44 | |
45 | |
46 | #ifndef SECURITY_DEBUG |
47 | #define secureDbg(fmt ...) |
48 | #else |
49 | #define secureDbg(fmt ...) printf(fmt) |
50 | #endif |
51 | |
52 | typedef enum Kernel_version { |
53 | KernelV_3_10, |
54 | KernelV_3_14 |
55 | }T_KernelVersion; |
56 | |
57 | typedef enum SecureCheck { |
58 | FAIL, |
59 | ENCRYPT, |
60 | UNENCRYPT, |
61 | TYPE_MAX, |
62 | } T_SecureCheck; |
63 | |
64 | static const char *s_pStatus[TYPE_MAX] = { |
65 | "fail", |
66 | "encrypt", |
67 | "raw", |
68 | }; |
69 | |
70 | typedef struct NormalBootImgHdr { |
71 | unsigned char magic[NORMALBOOT_MAGIC_SIZE]; |
72 | unsigned kernel_size; |
73 | unsigned kernel_addr; |
74 | unsigned ramdisk_size; |
75 | unsigned ramdisk_addr; |
76 | unsigned second_size; |
77 | unsigned second_addr; |
78 | unsigned tags_addr; // physical addr for kernel tags |
79 | unsigned page_size; // flash page size we assume |
80 | unsigned unused[2]; |
81 | unsigned char name[NORMALBOOT_NAME_SIZE]; |
82 | unsigned char cmdline[NORMALBOOT_ARGS_SIZE]; |
83 | unsigned id[8]; |
84 | } T_NormalBootImgHdr; |
85 | |
86 | typedef struct EncryptBootImgInfo { |
87 | // magic to identify whether it is a encrypted boot image |
88 | unsigned char magic[SECUREBOOT_MAGIC_SIZE]; |
89 | |
90 | // version for this header struct |
91 | unsigned int version; |
92 | |
93 | // total length after encrypted with AMLETool (including the 2K header) |
94 | unsigned int totalLenAfterEncrypted; |
95 | |
96 | unsigned char unused[1024 - SECUREBOOT_MAGIC_SIZE - 2 * sizeof(unsigned int)]; |
97 | } T_EncryptBootImgInfo, *pT_EncryptBootImgInfo; |
98 | |
99 | typedef struct SecureBootImgHdr { |
100 | T_NormalBootImgHdr normalBootImgHdr; |
101 | unsigned char reserve4Other[1024 - sizeof(T_NormalBootImgHdr)]; |
102 | T_EncryptBootImgInfo encryptBootImgInfo; |
103 | } *pT_SecureBootImgHdr; |
104 | |
105 | |
106 | //S905 SECURE BOOT HEAD |
107 | #define AML_SECU_BOOT_IMG_HDR_MAGIC "AMLSECU!" |
108 | #define AML_SECU_BOOT_IMG_HDR_MAGIC_SIZE (8) |
109 | #define AML_SECU_BOOT_IMG_HDR_VESRION (0x0905) |
110 | |
111 | |
112 | typedef struct __aml_enc_blk{ |
113 | unsigned int nOffset; |
114 | unsigned int nRawLength; |
115 | unsigned int nSigLength; |
116 | unsigned int nAlignment; |
117 | unsigned int nTotalLength; |
118 | unsigned char szPad[12]; |
119 | unsigned char szSHA2IMG[32]; |
120 | unsigned char szSHA2KeyID[32]; |
121 | }t_aml_enc_blk; |
122 | |
123 | typedef struct { |
124 | |
125 | unsigned char magic[AML_SECU_BOOT_IMG_HDR_MAGIC_SIZE];//magic to identify whether it is a encrypted boot image |
126 | |
127 | unsigned int version; //ersion for this header struct |
128 | unsigned int nBlkCnt; |
129 | |
130 | unsigned char szTimeStamp[16]; |
131 | |
132 | t_aml_enc_blk amlKernel; |
133 | t_aml_enc_blk amlRamdisk; |
134 | t_aml_enc_blk amlDTB; |
135 | |
136 | }AmlEncryptBootImgInfo, *p_AmlEncryptBootImgInfo; |
137 | |
138 | typedef struct _boot_img_hdr_secure_boot |
139 | { |
140 | unsigned char reserve4ImgHdr[1024]; |
141 | |
142 | AmlEncryptBootImgInfo encrypteImgInfo; |
143 | |
144 | }*AmlSecureBootImgHeader; |
145 | |
146 | int RecoverySecureCheck(const ZipArchiveHandle zipArchive); |
147 | |
148 | int DtbImgEncrypted( |
149 | const char *imageName, |
150 | const unsigned char *imageBuffer, |
151 | const int imageSize, |
152 | const char *flag, |
153 | unsigned char *encryptedbuf); |
154 | |
155 | |
156 | //extern RecoveryUI *ui; |
157 | |
158 | #endif /* _SECURITY_H_ */ |
159 |