| /* |
| * MNH Firmware for firmware authentication |
| * |
| * Copyright 2017 Google Inc. |
| * |
| * This program is free software; you can redistribute it and/or modify it |
| * under the terms and conditions of the GNU General Public License, |
| * version 2, as published by the Free Software Foundation. |
| * |
| * This program is distributed in the hope it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for |
| * more details. |
| */ |
| |
| #ifndef __MNH_CRYPTO |
| #define __MNH_CRYPTO |
| |
| /* |
| * Signed firmware image blob as generated by signing tool |
| * +--------------+------------+-------------+--------------+ |
| * | firmware | signature | esl_img_ | ESL_SIG | |
| * | image | | signature | _STRING | |
| * +--------------+------------+-------------+--------------+ |
| * <- cert_info.img_len -> |
| * <- cert_info.cert_size -> |
| */ |
| struct esl_img_signature { |
| __u8 algo; /* Public key crypto algorithm */ |
| __u8 hash; /* Digest algorithm */ |
| __u8 id_type; /* Key identifier type */ |
| __u8 signer_len; /* Length of signer's name */ |
| __u8 key_id_len; /* Length of key identifier */ |
| __u8 __pad[3]; /* */ |
| __be32 sig_len; /* Length of the signature data */ |
| }; |
| |
| enum cert_state { |
| FW_IMAGE_TAINTED = 0, /* initialization value */ |
| FW_IMAGE_NO_CERT, /* firmware has no valid certificate */ |
| FW_IMAGE_CERT_OK, /* firmware's signature verified correct */ |
| }; |
| |
| struct cert_info { |
| const __u8 *img; /* pointer to the image file in memory */ |
| unsigned long img_len; /* length of the image file */ |
| enum cert_state cert; /* signature checked out */ |
| size_t cert_size; /* length of the appended signature */ |
| }; |
| |
| #if IS_ENABLED(CONFIG_MNH_SIG) |
| int mnh_crypto_config_sysfs(void); |
| #else |
| static inline int mnh_crypto_config_sysfs(void) { return 0; } |
| #endif |
| int mnh_crypto_verify_fw(struct device *dev, const char *path); |
| int mnh_crypto_verify(struct device *dev, struct cert_info *info); |
| int mnh_crypto_verify_sig(struct device *dev, struct cert_info *info); |
| |
| #endif /* __MNH_CRYPTO */ |