diff options
| author | Bill Richardson <wfrichar@chromium.org> | 2014-10-02 18:50:33 -0700 |
|---|---|---|
| committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-10-21 22:44:12 +0000 |
| commit | 6df3e33912baf2633ed27fce6fe166d87e2f04a8 (patch) | |
| tree | 97ae4ca1d602d15715a77888f332b708e9a4abf1 | |
| parent | 8bb3689d42089241b209ccea2860f03aeaddd8f8 (diff) | |
| download | vboot-6df3e33912baf2633ed27fce6fe166d87e2f04a8.tar.gz | |
Add hwid digest field to GBB header
This adds a field in the GBB header to store the sha256 digest of
the HWID string, and updates gbb_utility so that it stores the
digest when it modifies the HWID. Because this is a new field,
the GBB_MINOR_VER is incremented.
BUG=chromium:415227
BRANCH=ToT
TEST=make runtests, VBOOT2=1 make runtests
Since the GBB is in the RO firmware, there should be no side
effects for existing devices (but even without that, they should
handle a minor version change without complaint).
Change-Id: Icdb2a0b564677b0b65e58df897d2ec5af3964998
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/221360
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | firmware/2lib/include/2struct.h | 11 | ||||
| -rw-r--r-- | firmware/include/gbb_header.h | 7 | ||||
| -rw-r--r-- | futility/cmd_gbb_utility.c | 16 | ||||
| -rw-r--r-- | futility/cmd_show.c | 4 | ||||
| -rw-r--r-- | futility/futility.c | 2 | ||||
| -rw-r--r-- | futility/futility.h | 8 | ||||
| -rw-r--r-- | futility/misc.c | 51 | ||||
| -rwxr-xr-x | tests/futility/test_gbb_utility.sh | 27 | ||||
| -rw-r--r-- | tests/futility/test_not_really.c | 12 | ||||
| -rw-r--r-- | tests/vb2_misc_tests.c | 4 | ||||
| -rw-r--r-- | utility/bmpblk_utility.cc | 2 |
12 files changed, 132 insertions, 14 deletions
@@ -175,7 +175,7 @@ endif # And a few more default utilities LD = ${CC} -CXX ?= g++ # HEY: really? +CXX ?= g++ PKG_CONFIG ?= pkg-config # Determine QEMU architecture needed, if any diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 339283ef..13eb8c19 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -315,7 +315,8 @@ struct vb2_shared_data { /* VB2 GBB struct version */ #define VB2_GBB_MAJOR_VER 1 -#define VB2_GBB_MINOR_VER 1 +#define VB2_GBB_MINOR_VER 2 +/* v1.2 - added fields for sha256 digest of the HWID */ /* Flags for vb2_gbb_header.flags */ enum vb2_gbb_flag { @@ -388,7 +389,13 @@ struct vb2_gbb_header { uint32_t recovery_key_offset; /* Recovery key */ uint32_t recovery_key_size; - uint8_t pad[80]; /* To match GBB_HEADER_SIZE. Initialize to 0. */ + /* Added in version 1.2 */ + uint8_t hwid_digest[32]; /* sha256 */ + + uint8_t pad[48]; /* To match EXPECTED_GBB_HEADER_SIZE. Init to 0. */ } __attribute__((packed)); +/* The GBB is used outside of vboot_reference, so this size is important. */ +#define EXPECTED_GBB_HEADER_SIZE 128 + #endif /* VBOOT_REFERENCE_VBOOT_2STRUCT_H_ */ diff --git a/firmware/include/gbb_header.h b/firmware/include/gbb_header.h index 8a1b2aae..8a457c12 100644 --- a/firmware/include/gbb_header.h +++ b/firmware/include/gbb_header.h @@ -26,7 +26,8 @@ * return default values for those fields. */ #define GBB_MAJOR_VER 1 -#define GBB_MINOR_VER 1 +#define GBB_MINOR_VER 2 +/* v1.2 - added field to hold sha256 digest of the HWID */ /* Maximum length of a HWID in bytes, counting terminating null. */ #define GBB_HWID_MAX_SIZE 256 @@ -86,8 +87,10 @@ typedef struct GoogleBinaryBlockHeader uint32_t bmpfv_size; uint32_t recovery_key_offset; /* Recovery key */ uint32_t recovery_key_size; + /* Added in version 1.2 */ + uint8_t hwid_digest[32]; /* sha256 */ - uint8_t pad[80]; /* To match GBB_HEADER_SIZE. Initialize to 0. */ + uint8_t pad[48]; /* To match GBB_HEADER_SIZE. Initialize to 0. */ } __attribute__((packed)) GoogleBinaryBlockHeader; #ifdef __cplusplus diff --git a/futility/cmd_gbb_utility.c b/futility/cmd_gbb_utility.c index e8910e67..9e608d1f 100644 --- a/futility/cmd_gbb_utility.c +++ b/futility/cmd_gbb_utility.c @@ -29,6 +29,7 @@ static void print_help(const char *prog) "with following options:\n" " --hwid \tReport hardware id (default).\n" " --flags \tReport header flags.\n" + " --digest \tReport digest of hwid (>= v1.2)\n" " -k, --rootkey=FILE \tFile name to export Root Key.\n" " -b, --bmpfv=FILE \tFile name to export Bitmap FV.\n" " -r --recoverykey=FILE\tFile name to export Recovery Key.\n" @@ -55,6 +56,10 @@ static void print_help(const char *prog) prog, prog, prog, prog); } +enum { + OPT_DIGEST = 1000, +}; + /* Command line options */ static const struct option long_opts[] = { /* name hasarg *flag val */ @@ -67,6 +72,7 @@ static const struct option long_opts[] = { {"recoverykey", 1, NULL, 'R'}, {"hwid", 2, NULL, 'i'}, {"flags", 2, NULL, 'L'}, + {"digest", 0, NULL, OPT_DIGEST}, {NULL, 0, NULL, 0}, }; @@ -340,6 +346,7 @@ static int do_gbb_utility(int argc, char *argv[]) char *opt_hwid = NULL; char *opt_flags = NULL; int sel_hwid = 0; + int sel_digest = 0; int sel_flags = 0; uint8_t *inbuf = NULL; off_t filesize; @@ -386,6 +393,9 @@ static int do_gbb_utility(int argc, char *argv[]) opt_flags = optarg; sel_flags = 1; break; + case OPT_DIGEST: + sel_digest = 1; + break; case '?': errorcnt++; if (optopt) @@ -437,7 +447,7 @@ static int do_gbb_utility(int argc, char *argv[]) /* With no args, show the HWID */ if (!opt_rootkey && !opt_bmpfv && !opt_recoverykey - && !sel_flags) + && !sel_flags && !sel_digest) sel_hwid = 1; inbuf = read_entire_file(infile, &filesize); @@ -457,6 +467,9 @@ static int do_gbb_utility(int argc, char *argv[]) gbb->hwid_size ? (char *)(gbb_base + gbb-> hwid_offset) : ""); + if (sel_digest) + print_hwid_digest(gbb, "digest: ", "\n"); + if (sel_flags) printf("flags: 0x%08x\n", gbb->flags); if (opt_rootkey) @@ -540,6 +553,7 @@ static int do_gbb_utility(int argc, char *argv[]) gbb->hwid_size); strcpy((char *)(gbb_base + gbb->hwid_offset), opt_hwid); + update_hwid_digest(gbb); } } diff --git a/futility/cmd_show.c b/futility/cmd_show.c index 2873f60b..f065b42c 100644 --- a/futility/cmd_show.c +++ b/futility/cmd_show.c @@ -141,8 +141,8 @@ int futil_cb_show_gbb(struct futil_traverse_state_s *state) } printf("GBB content:\n"); - printf(" HWID: %s\n", - (const char *)(buf + gbb->hwid_offset)); + printf(" HWID: %s\n", buf + gbb->hwid_offset); + print_hwid_digest(gbb, " digest: ", "\n"); pubkey = (VbPublicKey *)(buf + gbb->rootkey_offset); if (PublicKeyLooksOkay(pubkey, gbb->rootkey_size)) { diff --git a/futility/futility.c b/futility/futility.c index 19ee65b7..b4070618 100644 --- a/futility/futility.c +++ b/futility/futility.c @@ -129,7 +129,7 @@ static void log_args(int argc, char *argv[]) log_open(); /* delimiter */ - log_str(NULL, "##### HEY #####"); + log_str(NULL, "##### LOG #####"); /* Can we tell who called us? */ parent = getppid(); diff --git a/futility/futility.h b/futility/futility.h index 7892c5ad..52c007cc 100644 --- a/futility/futility.h +++ b/futility/futility.h @@ -71,6 +71,14 @@ int futil_looks_like_gbb(GoogleBinaryBlockHeader *gbb, uint32_t len); int futil_valid_gbb_header(GoogleBinaryBlockHeader *gbb, uint32_t len, uint32_t *maxlen); +/* For GBB v1.2 and later, update the hwid_digest */ +void update_hwid_digest(GoogleBinaryBlockHeader *gbb); + +/* For GBB v1.2 and later, print the stored digest of the HWID (and whether + * it's correct). Return true if it is correct. */ +int print_hwid_digest(GoogleBinaryBlockHeader *gbb, + const char *banner, const char *footer); + /* Copies a file or dies with an error message */ void futil_copy_file_or_die(const char *infile, const char *outfile); diff --git a/futility/misc.c b/futility/misc.c index 513fc8b6..42e8bb44 100644 --- a/futility/misc.c +++ b/futility/misc.c @@ -114,6 +114,57 @@ int futil_valid_gbb_header(GoogleBinaryBlockHeader *gbb, uint32_t len, return 1; } +/* For GBB v1.2 and later, print the stored digest of the HWID (and whether + * it's correct). Return true if it is correct. */ +int print_hwid_digest(GoogleBinaryBlockHeader *gbb, + const char *banner, const char *footer) +{ + printf("%s", banner); + + /* There isn't one for v1.1 and earlier, so assume it's good. */ + if (gbb->minor_version < 2) { + printf("<none>%s", footer); + return 1; + } + + uint8_t *buf = (uint8_t *)gbb; + char *hwid_str = (char *)(buf + gbb->hwid_offset); + int is_valid = 0; + uint8_t* digest = DigestBuf(buf + gbb->hwid_offset, + strlen(hwid_str), + SHA256_DIGEST_ALGORITHM); + if (digest) { + int i; + is_valid = 1; + /* print it, comparing as we go */ + for (i = 0; i < SHA256_DIGEST_SIZE; i++) { + printf("%02x", gbb->hwid_digest[i]); + if (gbb->hwid_digest[i] != digest[i]) + is_valid = 0; + } + free(digest); + } + + printf(" %s", is_valid ? "valid" : "<invalid>"); + printf("%s", footer); + return is_valid; +} + +/* For GBB v1.2 and later, update the hwid_digest field. */ +void update_hwid_digest(GoogleBinaryBlockHeader *gbb) +{ + /* There isn't one for v1.1 and earlier */ + if (gbb->minor_version < 2) + return; + + uint8_t *buf = (uint8_t *)gbb; + char *hwid_str = (char *)(buf + gbb->hwid_offset); + uint8_t* digest = DigestBuf(buf + gbb->hwid_offset, + strlen(hwid_str), + SHA256_DIGEST_ALGORITHM); + memcpy(gbb->hwid_digest, digest, SHA256_DIGEST_SIZE); + free(digest); +} /* * TODO: All sorts of race conditions likely here, and everywhere this is used. diff --git a/tests/futility/test_gbb_utility.sh b/tests/futility/test_gbb_utility.sh index 26e5ef1a..3d8e576b 100755 --- a/tests/futility/test_gbb_utility.sh +++ b/tests/futility/test_gbb_utility.sh @@ -201,6 +201,33 @@ cat ${TMP}.blob | ${REPLACE} 0x2c 0x00 > ${TMP}.blob.bad ${FUTILITY} gbb_utility -g --recoverykey ${TMP}.read2 ${TMP}.blob.bad if ${FUTILITY} gbb_utility -s --recoverykey ${TMP}.data2 ${TMP}.blob.bad; then false; fi + +# GBB v1.2 adds a sha256 digest field in what was previously padding: +# +# hwid_digest: 0x0030 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx +# 0x0040 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx +# pad: 0x0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +# 0x0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +# 0x0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +# (HWID) 0x0080 30 31 32 33 34 35 36 37 38 39 41 42 43 44 45 00 + +# See that the digest is updated properly. +hwid="123456789ABCDEF" +${FUTILITY} gbb_utility -s -i ${hwid} ${TMP}.blob +expect=$(echo -n "$hwid" | sha256sum | cut -d ' ' -f 1) +[ $(echo -n ${expect} | wc -c) == "64" ] +${FUTILITY} gbb_utility -g --digest ${TMP}.blob | grep ${expect} + +# Garble the digest, see that it's noticed. +# (assuming these zeros aren't present) +cat ${TMP}.blob | ${REPLACE} 0x33 0x00 0x00 0x00 0x00 0x00 > ${TMP}.blob.bad +${FUTILITY} gbb_utility -g --digest ${TMP}.blob.bad | grep '0000000000' +${FUTILITY} gbb_utility -g --digest ${TMP}.blob.bad | grep 'invalid' + +# Garble the HWID. The digest is unchanged, but now invalid. +cat ${TMP}.blob | ${REPLACE} 0x84 0x70 0x71 0x72 > ${TMP}.blob.bad +${FUTILITY} gbb_utility -g --digest ${TMP}.blob.bad | grep 'invalid' + # cleanup rm -f ${TMP}* exit 0 diff --git a/tests/futility/test_not_really.c b/tests/futility/test_not_really.c index 6a6555c4..91756ac3 100644 --- a/tests/futility/test_not_really.c +++ b/tests/futility/test_not_really.c @@ -1,15 +1,19 @@ /* - * Copyright (c) 2013 The Chromium OS Authors. All rights reserved. + * Copyright (c) 2014 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #include <stdio.h> +#include "gbb_header.h" #include "test_common.h" int main(int argc, char *argv[]) { - TEST_EQ(0, 0, "Not Really A"); + TEST_EQ(sizeof(GoogleBinaryBlockHeader), + GBB_HEADER_SIZE, + "sizeof(GoogleBinaryBlockHeader)"); - return !gTestSuccess; -} + TEST_EQ(0, 0, "Not Really A"); + return !gTestSuccess; +} diff --git a/tests/vb2_misc_tests.c b/tests/vb2_misc_tests.c index 6155f23e..8c3fc333 100644 --- a/tests/vb2_misc_tests.c +++ b/tests/vb2_misc_tests.c @@ -134,6 +134,10 @@ static void gbb_tests(void) struct vb2_gbb_header gbbdest; + TEST_EQ(sizeof(struct vb2_gbb_header), + EXPECTED_GBB_HEADER_SIZE, + "sizeof(struct vb2_gbb_header)"); + reset_common_data(); /* Good contents */ diff --git a/utility/bmpblk_utility.cc b/utility/bmpblk_utility.cc index b3af1414..5069e4a8 100644 --- a/utility/bmpblk_utility.cc +++ b/utility/bmpblk_utility.cc @@ -499,7 +499,7 @@ namespace vboot_reference { config_.header.minor_version = minor_version_; config_.header.number_of_localizations = config_.localizations.size(); config_.header.number_of_screenlayouts = config_.localizations[0].size(); - // HEY: this is part of the yaml consistency check + // NOTE: this is part of the yaml consistency check for (unsigned int i = 1; i < config_.localizations.size(); ++i) { assert(config_.header.number_of_screenlayouts == config_.localizations[i].size()); |