opentitanlib/chip/
boot_log.rs

1// Copyright lowRISC contributors (OpenTitan project).
2// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3// SPDX-License-Identifier: Apache-2.0
4
5use anyhow::Result;
6use byteorder::{LittleEndian, ReadBytesExt};
7use serde_annotate::Annotate;
8use sha2::{Digest, Sha256};
9use std::convert::TryFrom;
10
11use super::ChipDataError;
12use super::boot_svc::BootSlot;
13use crate::with_unknown;
14
15with_unknown! {
16    pub enum OwnershipState: u32 [default = Self::Recovery] {
17        Recovery = 0,
18        LockedOwner = 0x444e574f,
19        UnlockedSelf = 0x464c5355,
20        UnlockedAny = 0x594e4155,
21        UnlockedEndorsed = 0x444e4555,
22    }
23
24}
25
26/// The BootLog provides information about how the ROM and ROM_EXT
27/// booted the chip.
28#[derive(Debug, Default, Annotate)]
29pub struct BootLog {
30    /// A SHA256 digest over all other fields in this struct.
31    #[annotate(format=hex)]
32    pub digest: [u32; 8],
33    /// A tag that identifies this struct as the boot log ('BLOG').
34    #[annotate(format=hex)]
35    pub identifier: u32,
36    /// The chip version (a git hash prefix from the ROM).
37    #[annotate(format=hex)]
38    pub chip_version: u64,
39    /// The boot slot the ROM chose to boot the ROM_EXT.
40    pub rom_ext_slot: BootSlot,
41    /// The ROM_EXT major version number.
42    pub rom_ext_major: u32,
43    /// The ROM_EXT minor version number.
44    pub rom_ext_minor: u32,
45    /// The ROM_EXT size in bytes.
46    #[annotate(format=hex)]
47    pub rom_ext_size: u32,
48    /// The ROM_EXT nonce (a value used to prevent replay of signed commands).
49    #[annotate(format=hex)]
50    pub rom_ext_nonce: u64,
51    /// The boot slot the ROM_EXT chose to boot the owner firmware.
52    pub bl0_slot: BootSlot,
53    /// The chip's ownership state.
54    pub ownership_state: OwnershipState,
55    /// Reserved for future use.
56    #[annotate(format=hex)]
57    pub reserved: [u32; 13],
58}
59
60impl TryFrom<&[u8]> for BootLog {
61    type Error = ChipDataError;
62    fn try_from(buf: &[u8]) -> std::result::Result<Self, Self::Error> {
63        if buf.len() < Self::SIZE {
64            return Err(ChipDataError::BadSize(Self::SIZE, buf.len()));
65        }
66        if !BootLog::valid_digest(buf) {
67            return Err(ChipDataError::InvalidDigest);
68        }
69        let mut reader = std::io::Cursor::new(buf);
70        let mut val = BootLog::default();
71        reader.read_u32_into::<LittleEndian>(&mut val.digest)?;
72        val.identifier = reader.read_u32::<LittleEndian>()?;
73        val.chip_version = reader.read_u64::<LittleEndian>()?;
74        val.rom_ext_slot = BootSlot(reader.read_u32::<LittleEndian>()?);
75        val.rom_ext_major = reader.read_u32::<LittleEndian>()?;
76        val.rom_ext_minor = reader.read_u32::<LittleEndian>()?;
77        val.rom_ext_size = reader.read_u32::<LittleEndian>()?;
78        val.rom_ext_nonce = reader.read_u64::<LittleEndian>()?;
79        val.bl0_slot = BootSlot(reader.read_u32::<LittleEndian>()?);
80        val.ownership_state = OwnershipState(reader.read_u32::<LittleEndian>()?);
81        reader.read_u32_into::<LittleEndian>(&mut val.reserved)?;
82        Ok(val)
83    }
84}
85
86impl BootLog {
87    pub const SIZE: usize = 128;
88    const HASH_LEN: usize = 32;
89
90    fn valid_digest(buf: &[u8]) -> bool {
91        let mut digest = Sha256::digest(&buf[Self::HASH_LEN..Self::SIZE]);
92        digest.reverse();
93        digest[..] == buf[..Self::HASH_LEN]
94    }
95}