psb

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 11, 2023 License: BSD-3-Clause Imports: 16 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	// AMDPublicKeyEntry denotes AMD public key entry in PSP Directory table
	AMDPublicKeyEntry amd_manifest.PSPDirectoryTableEntryType = 0x00

	// PSPRecoveryBootloader is a recovery instance of PSP bootloader
	PSPRecoveryBootloader amd_manifest.PSPDirectoryTableEntryType = 0x03

	// SMUOffChipFirmwareEntry points to a region of firmware containing SMU offchip firmware
	SMUOffChipFirmwareEntry amd_manifest.PSPDirectoryTableEntryType = 0x08

	// ABLPublicKey represents the key used to sign ABL firmware
	ABLPublicKey amd_manifest.PSPDirectoryTableEntryType = 0x0A

	// SMUOffChipFirmware2Entry points to a region of firmware containing SMU offchip firmware
	SMUOffChipFirmware2Entry amd_manifest.PSPDirectoryTableEntryType = 0x12

	// UnlockDebugImageEntry points to a region of firmware containing PSP early secure unlock debug image
	UnlockDebugImageEntry amd_manifest.PSPDirectoryTableEntryType = 0x13

	// SecurityPolicyBinaryEntry points to a region of firmware containing Security Policy Binary
	SecurityPolicyBinaryEntry amd_manifest.PSPDirectoryTableEntryType = 0x24

	// MP5FirmwareEntry points to a region of firmware containing MP5 Firmware
	MP5FirmwareEntry amd_manifest.PSPDirectoryTableEntryType = 0x2A

	// AGESABinary0Entry points to a region of firmware containing PSP AGESA Binary 0
	AGESABinary0Entry amd_manifest.PSPDirectoryTableEntryType = 0x30

	// SEVCodeEntry points to a region of firmware containing SEV Code
	SEVCodeEntry amd_manifest.PSPDirectoryTableEntryType = 0x39

	// DXIOPHYSRAMFirmwareEntry points to a region of firmware containing DXIO PHY SRAM firmware
	DXIOPHYSRAMFirmwareEntry amd_manifest.PSPDirectoryTableEntryType = 0x42

	//DRTMTAEntry points to a region of firmware containing DRTM TA
	DRTMTAEntry amd_manifest.PSPDirectoryTableEntryType = 0x47

	// KeyDatabaseEntry points to region of firmware containing key database
	KeyDatabaseEntry amd_manifest.PSPDirectoryTableEntryType = 0x50

	// OEMSigningKeyEntry represents the OEM signing key
	OEMSigningKeyEntry amd_manifest.BIOSDirectoryTableEntryType = 0x05

	// BIOSRTMVolumeEntry represents the RTM volume
	BIOSRTMVolumeEntry amd_manifest.BIOSDirectoryTableEntryType = 0x62

	// BIOSRTMSignatureEntry represents the entry holding the RTM volume signature
	BIOSRTMSignatureEntry amd_manifest.BIOSDirectoryTableEntryType = 0x07
)

Variables

This section is empty.

Functions

func DumpBIOSEntry 

func DumpBIOSEntry(amdFw *amd_manifest.AMDFirmware, biosLevel uint, entryID amd_manifest.BIOSDirectoryTableEntryType, instance uint8, w io.Writer) (int, error)

DumpBIOSEntry dumps an entry from BIOS directory

func DumpPSPEntry 

func DumpPSPEntry(amdFw *amd_manifest.AMDFirmware, pspLevel uint, entryID amd_manifest.PSPDirectoryTableEntryType, w io.Writer) (int, error)

DumpPSPEntry dumps an entry from PSP Directory

func ExtractBIOSEntry 

func ExtractBIOSEntry(amdFw *amd_manifest.AMDFirmware, biosLevel uint, entryID amd_manifest.BIOSDirectoryTableEntryType, instance uint8) ([]byte, error)

ExtractBIOSEntry extracts a single generic raw entry from BIOS Directory.

func ExtractPSPEntry 

func ExtractPSPEntry(amdFw *amd_manifest.AMDFirmware, pspLevel uint, entryID amd_manifest.PSPDirectoryTableEntryType) ([]byte, error)

ExtractPSPEntry extracts a single generic raw entry from PSP Directory. Returns an error if multiple entries are found as PSP directory is supposed to have no more than a single entry for each type

func GetBIOSEntries 

func GetBIOSEntries(
	pspFirmware *amd_manifest.PSPFirmware,
	biosLevel uint,
	entryID amd_manifest.BIOSDirectoryTableEntryType,
) ([]amd_manifest.BIOSDirectoryTableEntry, error)

GetBIOSEntries returns all entries of a certain type from BIOS directory sorted by instance

func GetBIOSEntry 

func GetBIOSEntry(
	pspFirmware *amd_manifest.PSPFirmware,
	biosLevel uint,
	entryID amd_manifest.BIOSDirectoryTableEntryType,
	instance uint8,
) (*amd_manifest.BIOSDirectoryTableEntry, error)

GetBIOSEntry returns a singe entry of a certain type from BIOS directory, returns error if multiple entries are found

func GetEntries 

func GetEntries(pspFirmware *amd_manifest.PSPFirmware, directory DirectoryType, entryID uint32) ([]bytes2.Range, error)

GetEntries returns a list of specific type PSP entries

func GetPSPEntries 

func GetPSPEntries(
	pspFirmware *amd_manifest.PSPFirmware,
	pspLevel uint,
	entryID amd_manifest.PSPDirectoryTableEntryType,
) ([]amd_manifest.PSPDirectoryTableEntry, error)

GetPSPEntries returns all entries of a certain type from PSP directory

func GetPSPEntry 

func GetPSPEntry(
	pspFirmware *amd_manifest.PSPFirmware,
	pspLevel uint,
	entryID amd_manifest.PSPDirectoryTableEntryType,
) (*amd_manifest.PSPDirectoryTableEntry, error)

GetPSPEntry returns a singe entry of a certain type from PSP directory, returns error if multiple entries are found

func GetRangeBytes 

func GetRangeBytes(image []byte, start, length uint64) ([]byte, error)

GetRangeBytes converts firmware range to continues bytes sequence TODO: should be moved to fiano's bytes2

func IsPSBEnabled 

func IsPSBEnabled(amdFw *amd_manifest.AMDFirmware) (bool, error)

IsPSBEnabled checks if firmware has PSB enabled

func NewMultiKeySignedBlob 

func NewMultiKeySignedBlob(signature []byte, signedData []byte, keySet KeySet) (*SignedBlob, *Key, error)

NewMultiKeySignedBlob validates the signature of a blob against multiple possible keys stored in a KeySet, returning the key which validates the signature of the blob

func OutputBIOSEntries 

func OutputBIOSEntries(amdFw *amd_manifest.AMDFirmware) error

OutputBIOSEntries outputs the BIOS entries in an ASCII table format

func OutputPSPEntries 

func OutputPSPEntries(amdFw *amd_manifest.AMDFirmware) error

OutputPSPEntries outputs the PSP entries in an ASCII table format

func ParseAMDFirmware 

func ParseAMDFirmware(image []byte) (*amd_manifest.AMDFirmware, error)

ParseAMDFirmware parses AMD firmware from the image bytes

func PatchBIOSEntry 

func PatchBIOSEntry(amdFw *amd_manifest.AMDFirmware, biosLevel uint, entryID amd_manifest.BIOSDirectoryTableEntryType, instance uint8, r io.Reader, w io.Writer) (int, error)

PatchBIOSEntry takes an AmdFirmware object and modifies one entry in BIOS directory. The modified entry is read from `r` reader object, while the modified firmware is written into `w` writer object.

func PatchPSPEntry 

func PatchPSPEntry(amdFw *amd_manifest.AMDFirmware, pspLevel uint, entryID amd_manifest.PSPDirectoryTableEntryType, r io.Reader, w io.Writer) (int, error)

PatchPSPEntry takes an AmdFirmware object and modifies one entry in PSP directory. The modified entry is read from `r` reader object, while the modified firmware is written into `w` writer object.

Types

type BIOSDirectoryEntryItem 

type BIOSDirectoryEntryItem struct {
	Level    uint8
	Entry    amd_manifest.BIOSDirectoryTableEntryType
	Instance uint8
}

BIOSDirectoryEntryItem determines a BIOS directory entry

func (BIOSDirectoryEntryItem) String 

func (biosEntry BIOSDirectoryEntryItem) String() string

type BIOSEntryType 

type BIOSEntryType uint8

BIOSEntryType defines the type to hold BIOS Entry Type fields

func (BIOSEntryType) String 

func (_type BIOSEntryType) String() string

* Nicely output human-readable names for BIOS Entry Types * * This doesn't have all the entries mapped, there are still * several more pages left. It does have all the types * encountered in the firmware images used to test * however. *

type Buf16B 

type Buf16B = [16]uint8

Buf16B is a binary buffer 16 bytes long

type Buf32B 

type Buf32B = [32]uint8

Buf32B is a binary buffer 32 bytes long

type Buf36B 

type Buf36B = [36]uint8

Buf36B is a binary buffer 36 bytes long

type Buf3B 

type Buf3B = [3]uint8

Buf3B is a binary buffer 3 bytes long

type Buf44B 

type Buf44B = [44]uint8

Buf44B is a binary buffer 44 bytes long

type Buf4B 

type Buf4B = [4]uint8

Buf4B is a binary buffer 4 bytes long

type Buf8B 

type Buf8B = [8]uint8

Buf8B is a binary buffer 8 bytes long

type DirectoryType 

type DirectoryType uint8

DirectoryType denotes specific firmware table in PSP firmware 

const (
	// PSPDirectoryLevel1 represents PSP directory table level 1
	PSPDirectoryLevel1 DirectoryType = iota

	// PSPDirectoryLevel2 represents PSP directory table level 2
	PSPDirectoryLevel2

	// BIOSDirectoryLevel1 represents BIOS directory table level 1
	BIOSDirectoryLevel1

	// BIOSDirectoryLevel2 represents BIOS directory table level 2
	BIOSDirectoryLevel2
)

func AllDirectoryTypes 

func AllDirectoryTypes() []DirectoryType

AllDirectoryTypes returns all directory types

func DirectoryTypeFromString 

func DirectoryTypeFromString(in string) (DirectoryType, error)

DirectoryTypeFromString converts a string into DirectoryType

func GetBIOSDirectoryOfLevel 

func GetBIOSDirectoryOfLevel(level uint) (DirectoryType, error)

GetBIOSDirectoryOfLevel returns the BIOS directory of a certain level

func GetPSPDirectoryOfLevel 

func GetPSPDirectoryOfLevel(level uint) (DirectoryType, error)

GetPSPDirectoryOfLevel returns the PSP directory of a certain level

func (DirectoryType) Level 

func (t DirectoryType) Level() uint

Level returns the directory level

func (DirectoryType) ShortName 

func (t DirectoryType) ShortName() string

ShortName returns a short name of directory type

func (DirectoryType) String 

func (t DirectoryType) String() string

type ErrInvalidFormat 

type ErrInvalidFormat struct {
	// contains filtered or unexported fields
}

ErrInvalidFormat describes a situation when parsing of firmware failed because of invalid format

func (ErrInvalidFormat) Error 

func (err ErrInvalidFormat) Error() string

func (ErrInvalidFormat) GetItem 

func (err ErrInvalidFormat) GetItem() FirmwareItem

GetItem returns the affected item (could be nil)

func (ErrInvalidFormat) Unwrap 

func (err ErrInvalidFormat) Unwrap() error

type ErrNotFound 

type ErrNotFound struct {
	// contains filtered or unexported fields
}

ErrNotFound describes a situation when firmware item is not found

func (ErrNotFound) Error 

func (err ErrNotFound) Error() string

Error returns the string representation of the UnknownSigningKeyError

func (ErrNotFound) GetItem 

func (err ErrNotFound) GetItem() FirmwareItem

GetItem returns a not found item

type FirmwareItem 

type FirmwareItem interface{}

FirmwareItem is a special item that references a PSP firmware item and could be one of the following types: DirectoryType or BIOSDirectoryEntryItem or PSPDirectoryEntryItem

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Key structure extracted from the firmware

func GetPSBSignBIOSKey 

func GetPSBSignBIOSKey(amdFw *amd_manifest.AMDFirmware, biosLevel uint) (*Key, error)

GetPSBSignBIOSKey returns and OEM Key that is used to sign BIOS during PSB enabled

func NewKeyFromDatabase 

func NewKeyFromDatabase(buff *bytes.Buffer) (*Key, error)

NewKeyFromDatabase creates a new key object from key database entry

func NewRootKey 

func NewRootKey(buff *bytes.Buffer) (*Key, error)

NewRootKey creates a new root key object which is considered trusted without any need for signature check

func NewTokenKey 

func NewTokenKey(buff *bytes.Buffer, keySet KeySet) (*Key, error)

NewTokenKey create a new key object from a signed token

func (*Key) Get 

func (k *Key) Get() (interface{}, error)

Get returns the PublicKey object from golang standard library. AMD Milan supports only RSA Keys (2048, 4096), future platforms might add support for additional key types.

func (*Key) SignatureSize 

func (k *Key) SignatureSize() (int, error)

SignatureSize returns the size of the signature

func (*Key) String 

func (k *Key) String() string

String returns a string representation of the key

type KeyData 

type KeyData struct {
	VersionID       uint32
	KeyID           KeyID
	CertifyingKeyID Buf16B
	KeyUsageFlag    KeyUsageFlag
	Reserved        Buf16B
	ExponentSize    uint32
	ModulusSize     uint32
	Exponent        []byte
	Modulus         []byte
}

KeyData represents the binary format (as it is stored in an image) of the information associated with a key

type KeyID 

type KeyID Buf16B

KeyID is the primary identifier of a key

func (*KeyID) Hex 

func (kid *KeyID) Hex() string

Hex returns a hexadecimal string representation of a KeyID

func (*KeyID) String 

func (kid *KeyID) String() string

String returns the hexadecimal string representation of a KeyID

type KeyIDs 

type KeyIDs []KeyID

KeyIDs represents a list of KeyID

func (KeyIDs) String 

func (kids KeyIDs) String() string

String returns a string representation of all KeyIDs

type KeySet 

type KeySet struct {
	// contains filtered or unexported fields
}

KeySet is a container for all keys known to the system

func GetKeys 

func GetKeys(amdFw *amd_manifest.AMDFirmware, level uint) (KeySet, error)

GetKeys returns all the keys known to the system in the form of a KeySet. The firmware itself contains a key database, but that is not comprehensive of all the keys known to the system (e.g. additional keys might be OEM key, ABL signing key, etc.).

func NewKeySet 

func NewKeySet() KeySet

NewKeySet builds an empty key set object

func (KeySet) AddKey 

func (kdb KeySet) AddKey(k *Key, keyType KeyType) error

AddKey adds a key to the key set

func (KeySet) AllKeyIDs 

func (kdb KeySet) AllKeyIDs() KeyIDs

AllKeyIDs returns a list of all KeyIDs stored in the KeySet

func (KeySet) GetKey 

func (kdb KeySet) GetKey(id KeyID) *Key

GetKey returns a key if known to the KeySet. If the key is not known, null is returned

func (KeySet) KeysetFromType 

func (kdb KeySet) KeysetFromType(keyType KeyType) (KeySet, error)

KeysetFromType returns a KeySet containing all KeyIDs of a specific type

func (*KeySet) String 

func (kdb *KeySet) String() string

String returns a string representation of the key in the set

type KeyType 

type KeyType string

KeyType represents the type of the key stored in KeySet 

const (
	// OEMKey represents the OEM signing key
	OEMKey KeyType = "OEMKey"
	// AMDRootKey represents the AMD signing key
	AMDRootKey KeyType = "AMDRootKey"
	// KeyDatabaseKey represents a key extracted from KeyDatabase
	KeyDatabaseKey KeyType = "KeyDatabaseKey"
	// ABLKey represents the ABL signing key
	ABLKey KeyType = "ALBKey"
)

type KeyUsageFlag 

type KeyUsageFlag uint32

KeyUsageFlag describes a known values for KeyUsageFlag field of AMD PSP Key structure 

const (
	// SignAMDBootloaderPSPSMU tells that the corresponding key is authorized to sign AMD developed PSP Boot
	// Loader and AMD developed PSP FW components and SMU FW.
	// See Table 26. RSA Key Format Fields of AMD Platform Security Processor BIOS Architecture Design Guide for AMD Family 17h and 19h Processors
	// Revision 1.11
	SignAMDBootloaderPSPSMU KeyUsageFlag = 0

	// SignBIOS tells that the corresponding key is authorized to sign BIOS
	SignBIOS KeyUsageFlag = 1

	// SignAMDOEMPSP tells that the corresponding key is authorized to sign PSP FW (both AMD developed and OEM developed)
	SignAMDOEMPSP KeyUsageFlag = 2

	// PSBSignBIOS tells that a key is authorized to sign BIOS for platform secure boot.
	// See Table 8. RSA Key Format Fields of Enabling Platform Secure Boot
	// for AMD Family 17h Models 00h–0Fh and 30h–3Fh and Family 19h Models 00h–0Fh Processor-Based Server Platforms
	// Revision 0.91
	PSBSignBIOS KeyUsageFlag = 8
)

type PSPBinary 

type PSPBinary struct {
	// contains filtered or unexported fields
}

PSPBinary represents a generic PSPBinary with pre-pended header structure

func (*PSPBinary) Header 

func (b *PSPBinary) Header() *PspHeader

Header returns a pointer to the PspHeader structure of the binary. Fields of the PspHeader structure are not exported

type PSPDirectoryEntryItem 

type PSPDirectoryEntryItem struct {
	Level uint8
	Entry amd_manifest.PSPDirectoryTableEntryType
}

PSPDirectoryEntryItem determines a PSP directory entry

func (PSPDirectoryEntryItem) String 

func (pspEntry PSPDirectoryEntryItem) String() string

type PSPEntryType 

type PSPEntryType uint8

PSPEntryType defines the type to hold PSP Entry Type fields

func (PSPEntryType) String 

func (_type PSPEntryType) String() string

* Nicely output human-readable names for PSP Entry Types * * This doesn't have all the entries mapped, there are still * several more pages left. It does have all the types * encountered in the firmware images used to test * however. *

type PSPHeaderData 

type PSPHeaderData struct {
	Nonce                 Buf16B
	HeaderVersion         uint32
	SizeSigned            uint32
	EncryptionOptions     uint32
	IKEKType              uint8
	Reserved0             Buf3B
	EncryptionParameters  Buf16B
	SignatureOption       uint32
	SignatureAlgorithmID  uint32
	SignatureParameters   Buf16B
	CompressionOptions    uint32
	SecurityPatchLevel    uint32
	UncompressedImageSize uint32
	CompressedImageSize   uint32
	CompressionParameters Buf8B
	ImageVersion          uint32
	ApuFamilyID           uint32
	FirmwareLoadAddress   uint32
	SizeImage             uint32
	SizeFwUnsigned        uint32
	FirmwareSplitAddress  uint32
	Reserved              Buf4B
	FwType                uint8
	FwSubType             uint8
	Reserved1             uint16
	EncryptionKey         Buf16B
	SigningInfo           Buf16B
	FwSpecificData        Buf32B
	DebugEncKey           Buf16B
}

PSPHeaderData embeds the data of PspHeader

type PlatformBindingInfo 

type PlatformBindingInfo struct {
	VendorID        uint8
	KeyRevisionID   uint8
	PlatformModelID uint8
}

PlatformBindingInfo describes information of BIOS Signing Key to Platform Binding information

func GetPlatformBindingInfo 

func GetPlatformBindingInfo(k *Key) (PlatformBindingInfo, error)

GetPlatformBindingInfo for PSBSignBIOS key returns BIOS Signing Key to Platform Binding information

func (PlatformBindingInfo) String 

func (b PlatformBindingInfo) String() string

type PspHeader 

type PspHeader struct {
	// contains filtered or unexported fields
}

PspHeader models the header pre-pended to PSP binaries

func (*PspHeader) Version 

func (h *PspHeader) Version() uint32

Version returns the headerVersion field of the pspHeader structure

type SecurityFeatureVector 

type SecurityFeatureVector struct {
	DisableBIOSKeyAntiRollback bool
	DisableAMDBIOSKeyUse       bool
	DisableSecureDebugUnlock   bool
}

SecurityFeatureVector represents a security feature selection vector of BIOS OEM key

func GetSecurityFeatureVector 

func GetSecurityFeatureVector(k *Key) (SecurityFeatureVector, error)

GetSecurityFeatureVector for PSBSignBIOS key returns a security feature selection vector

func (SecurityFeatureVector) String 

func (sfv SecurityFeatureVector) String() string

type Signature 

type Signature struct {
	// contains filtered or unexported fields
}

Signature represents the raw signature bytes of a blob

func NewSignature 

func NewSignature(signature []byte, signingKey *Key) Signature

NewSignature creates a new signature object

func (*Signature) SigningKey 

func (s *Signature) SigningKey() *Key

SigningKey returns the signing key associated to the signature

func (*Signature) String 

func (s *Signature) String() string

String returns a string representation of the signature

type SignatureCheckError 

type SignatureCheckError struct {
	// contains filtered or unexported fields
}

SignatureCheckError is an error type which indicates that signature of an element cannot be validated against its signing key

func (*SignatureCheckError) Error 

func (m *SignatureCheckError) Error() string

Error returns the string representation of SignatureCheckError

func (*SignatureCheckError) SignedElement 

func (m *SignatureCheckError) SignedElement() FirmwareItem

SignedElement returns an optional item whose signature check failed

func (*SignatureCheckError) SigningKey 

func (m *SignatureCheckError) SigningKey() *Key

SigningKey returns the SigningKey associated to the error. Might return nil value

func (*SignatureCheckError) Unwrap 

func (m *SignatureCheckError) Unwrap() error

type SignatureValidationResult 

type SignatureValidationResult struct {
	// contains filtered or unexported fields
}

SignatureValidationResult represents the result of a signature validate

func ValidatePSPEntries 

func ValidatePSPEntries(amdFw *amd_manifest.AMDFirmware, keyDB KeySet, directory DirectoryType, entries []uint32) ([]SignatureValidationResult, error)

ValidatePSPEntries validates signature of PSP entries given their entry values in PSP/BIOS Table

func ValidatePSPEntry 

func ValidatePSPEntry(amdFw *amd_manifest.AMDFirmware, keyDB KeySet, offset, length uint64) (SignatureValidationResult, error)

ValidatePSPEntry validates signature of a PSP entry

func ValidateRTM 

func ValidateRTM(amdFw *amd_manifest.AMDFirmware, biosLevel uint) (*SignatureValidationResult, error)

ValidateRTM validates signature of RTM volume and BIOS directory table concatenated

func (*SignatureValidationResult) Error 

func (v *SignatureValidationResult) Error() error

Error returns a signature verification error if any

func (*SignatureValidationResult) SigningKey 

func (v *SignatureValidationResult) SigningKey() *Key

SigningKey returns a key that was used to validate the signature

func (*SignatureValidationResult) String 

func (v *SignatureValidationResult) String() string

String returns a string representation of the signature validation result

type SignedBlob 

type SignedBlob struct {
	// contains filtered or unexported fields
}

SignedBlob represents an object whose signature is guaranteed to be validated

func NewSignedBlob 

func NewSignedBlob(signature []byte, signedData []byte, signingKey *Key) (*SignedBlob, error)

NewSignedBlob creates a new signed blob object and validates its signature

func (*SignedBlob) Signature 

func (b *SignedBlob) Signature() *Signature

Signature returns the signature of the blob

func (*SignedBlob) SignedData 

func (b *SignedBlob) SignedData() []byte

SignedData returns a buffer of signed data held by the SignedBlob object

type UnknownSigningKeyError 

type UnknownSigningKeyError struct {
	// contains filtered or unexported fields
}

UnknownSigningKeyError is an error type which indicates that the signing key is unknown

func (*UnknownSigningKeyError) Error 

func (s *UnknownSigningKeyError) Error() string

Error returns the string representation of the UnknownSigningKeyError

func (*UnknownSigningKeyError) SignedElement 

func (s *UnknownSigningKeyError) SignedElement() FirmwareItem

SignedElement returns an optional item whose signature check failed

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.