1/* SPDX-License-Identifier: GPL-2.0-or-later
2 *
3 * Copyright (c) 2023 Huawei Device Co., Ltd.
4 */
5
6#ifndef _CODE_SIGN_ELF_H
7#define _CODE_SIGN_ELF_H
8
9#include <linux/fs.h>
10#include <linux/code_sign.h>
11
12#define PAGE_SIZE_4K 12
13
14/*
15 * Sign block of ELF file consists of
16 * sign data and sign head
17 *
18 * Detailed structure:
19 * +-------------------------------------------------+
20 * |       |type              (4 bytes)| code signing|
21 * |       |length            (4 bytes)| block       |
22 * |       |offset            (4 bytes)| header      |
23 * |       +---------------------------+-------------|
24 * |       |type              (4 bytes)| profile     |
25 * |       |length            (4 bytes)| block       |
26 * |       |offset            (4 bytes)| header      |
27 * |       +---------------------------+-------------|
28 * |       | .. other block headers .. |             |
29 * |       +---------------------------+-------------|
30 * | SIGN  |type              (4 bytes)| merkle      |
31 * |       |length            (4 bytes)| tree        |
32 * | DATA  |merkle tree data  (N bytes)| block       |
33 * |       +---------------------------+-------------|
34 * |       |type              (4 bytes)|             |
35 * |       |length            (4 bytes)|             |
36 * |       |version           (1 byte )|             |
37 * |       |hash alg          (1 byte )|             |
38 * |       |log2blocksize     (1 byte )|             |
39 * |       |salt size         (1 byte )|             |
40 * |       |signature size    (4 bytes)|  code sign  |
41 * |       |data size         (8 bytes)|  block      |
42 * |       |root hash        (64 bytes)|             |
43 * |       |salt             (32 bytes)|             |
44 * |       |flags             (4 bytes)|             |
45 * |       |reserved          (4 bytes)|             |
46 * |       |tree offset       (8 bytes)|             |
47 * |       |reserved        (127 bytes)|             |
48 * |       |cs version        (1 byte )|             |
49 * |       |signature         (N bytes)|             |
50 * |-------+---------------------------+-------------|
51 * |       | magic string    (16 bytes)|             |
52 * | SIGN  | version         (4 bytes) |             |
53 * |       | sign data size  (4 bytes) |             |
54 * | HEAD  | sign block num  (4 bytes) |             |
55 * |       | padding         (4 bytes) |             |
56 * +-------+-----------------------------------------+
57 */
58
59static const __u32 MAGIC_STRING_LEN = 16;
60static const char SIGN_MAGIC_STR[] = "elf sign block  ";
61
62enum CODE_SIGNING_DATA_TYPE {
63	TYPE_FS_VERITY_DESC = 0x1,
64	TYPE_MERKLE_TREE = 0x2
65};
66
67enum BLOCK_TYPE {
68	BLOCK_TYPE_UNSIGNED_PROFILE = 0x1,
69	BLOCK_TYPE_SIGNED_PROFILE = 0x2,
70	BLOCK_TYPE_CODE_SIGNING = 0x3
71};
72
73#pragma pack(push, 1)
74typedef struct
75{
76	__u8 magic[16];
77	__u8 version[4];
78	__u32 sign_data_size;
79	__u32 sign_block_num;
80	__u32 padding;
81} sign_head_t;
82
83typedef struct
84{
85	__u32 type;
86	__u32 length;
87} tl_header_t;
88
89typedef struct
90{
91	__u32 type;
92	__u32 length;
93	__u32 offset;
94} block_hdr_t;
95
96#pragma pack(pop)
97
98typedef struct
99{
100	__u32 padding_length;
101	char *merkle_tree_data;
102	__u32 merkle_tree_length;
103} merkle_tree_t;
104
105typedef struct
106{
107	/* sign data */
108	block_hdr_t code_signing_block_hdr;
109	block_hdr_t profile_block_hdr;
110	/* code signing block */
111	tl_header_t merkle_tree_hdr;
112	merkle_tree_t *merkle_tree;
113	tl_header_t fsverity_desc_hdr;
114	struct code_sign_descriptor *fsverity_desc;
115
116	/* sign head */
117	sign_head_t sign_head;
118} sign_block_t;
119
120int elf_file_enable_fs_verity(struct file *file);
121
122#endif /* _CODE_SIGN_ELF_H */
123