From b93af40f0cf491d813a2effb34813a236f4c3381 Mon Sep 17 00:00:00 2001 From: bunnie Date: Mon, 6 May 2024 18:46:36 +0800 Subject: [PATCH] add the swap image layout docs --- src/ch10-00-swap-overview.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/ch10-00-swap-overview.md b/src/ch10-00-swap-overview.md index 75f61d3..ba43fff 100644 --- a/src/ch10-00-swap-overview.md +++ b/src/ch10-00-swap-overview.md @@ -110,6 +110,19 @@ The nonce for the `swap.img` AEAD is 96 bits, where the lower 32 bits track the The AAD shall be the ASCII string 'swap'. I don't think it's strictly necessary, but might as well have domain separation. +Thus the swap image has the following layout: +- `0x0:0xFFF`: unencrypted header containing the version field, partial nonce, mac offset, and the AAD. +- `0x1000:0x1FFF`: Encrypted XArgs description of the swap blob, padded to a page +- `0x2000:...`: Successive `IniS` images. + +Note that this format introduces two offsets in the swap data: + +1. Offset from disk start to start of encrypted images, equal to 0x1000. +2. Offset from encrypted image start to `IniS` start (e.g., space for the XArgs block) + +Note that if the XArgs block overflows its page of space, the loader may not handle this gracefully. There is an assert +in the image creator to catch this issue. + ### Boot Setup: Loader The loader gets new responsibilities when `swap` is enabled: