diff options
| author | Joel Kitching <kitching@google.com> | 2019-08-30 16:00:28 +0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-10-02 21:48:18 +0000 |
| commit | 9c6c9c9f35dc5e1022f864a5420b53339b4e3d31 (patch) | |
| tree | 6b3c9b7ddbd1cbbdd8d78b7c64082ffc6ca7b123 | |
| parent | 592d9ee007d982bf3b9b687b3589899702fc7b1d (diff) | |
| download | vboot-9c6c9c9f35dc5e1022f864a5420b53339b4e3d31.tar.gz | |
vboot: remove VbVerifyMemoryBootImage function
Previously used for fastboot.
BUG=b:124141368, chromium:995172
TEST=make clean && make runtests
BRANCH=none
Change-Id: I960932526bbd4482707125700cfa63e94c9f356b
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1776290
Commit-Queue: Joel Kitching <kitching@chromium.org>
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | firmware/include/vboot_api.h | 21 | ||||
| -rw-r--r-- | firmware/lib/vboot_api_kernel.c | 132 | ||||
| -rw-r--r-- | tests/vboot_api_kernel5_tests.c | 335 |
4 files changed, 0 insertions, 490 deletions
@@ -682,7 +682,6 @@ TEST_NAMES = \ tests/vboot_api_devmode_tests \ tests/vboot_api_kernel2_tests \ tests/vboot_api_kernel4_tests \ - tests/vboot_api_kernel5_tests \ tests/vboot_api_kernel_tests \ tests/vboot_common_tests \ tests/vboot_detach_menu_tests \ @@ -1243,7 +1242,6 @@ endif ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_devmode_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel2_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel4_tests - ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel5_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_api_kernel_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_common_tests ${RUNTEST} ${BUILD_RUN}/tests/vboot_detach_menu_tests diff --git a/firmware/include/vboot_api.h b/firmware/include/vboot_api.h index ace9afa1..9f1b9551 100644 --- a/firmware/include/vboot_api.h +++ b/firmware/include/vboot_api.h @@ -151,27 +151,6 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, VbSharedDataHeader *shared, VbSelectAndLoadKernelParams *kparams); -/** - * Verify Kernel Image loaded in memory. - * - * This routine is used by fastboot boot command to verify the kernel image in - * memory sent by the host device using fastboot protocol. It checks if the - * image in memory is signed using official recovery keys. In case of GBB - * override to allow full fastboot functionality, it checks image integrity, but - * does not check the image signature. - * - * @param ctx Vboot context - * @param shared Vboot1 VBSD struct - * @param kparams kernel params - * @param boot_image Image in memory that needs to be verified - * @param image_size Size of the image in memory - * @return VBERROR_... error, VB2_SUCCESS on success. - */ -vb2_error_t VbVerifyMemoryBootImage(struct vb2_context *ctx, - VbSharedDataHeader *shared, - VbSelectAndLoadKernelParams *kparams, - void *boot_image, size_t image_size); - /*****************************************************************************/ /* Timer and delay (first two from utility.h) */ diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index a52412fd..853fd82c 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -456,135 +456,3 @@ vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, VB2_DEBUG("Returning %d\n", (int)retval); return retval; } - -vb2_error_t VbVerifyMemoryBootImage(struct vb2_context *ctx, - VbSharedDataHeader *shared, - VbSelectAndLoadKernelParams *kparams, - void *boot_image, size_t image_size) -{ - struct vb2_packed_key *kernel_subkey = NULL; - uint8_t *kbuf; - VbKeyBlockHeader *key_block; - VbKernelPreambleHeader *preamble; - uint64_t body_offset; - int hash_only = 0; - int dev_switch; - struct vb2_workbuf wb; - vb2_error_t retval; - vb2_error_t rv; - - /* Allocate work buffer */ - vb2_workbuf_from_ctx(ctx, &wb); - - retval = vb2_kernel_setup(ctx, shared, kparams); - if (retval) - goto fail; - - if ((boot_image == NULL) || (image_size == 0)) { - retval = VB2_ERROR_INVALID_PARAMETER; - goto fail; - } - - kbuf = boot_image; - - /* Get recovery key. */ - rv = vb2_gbb_read_recovery_key(ctx, &kernel_subkey, NULL, &wb); - if (VB2_SUCCESS != rv) { - VB2_DEBUG("GBB read recovery key failed.\n"); - retval = VBERROR_INVALID_GBB; - goto fail; - } - - /* If we fail at any step, retval returned would be invalid kernel. */ - retval = VBERROR_INVALID_KERNEL_FOUND; - - /* Verify the key block. */ - key_block = (VbKeyBlockHeader *)kbuf; - struct vb2_keyblock *keyblock2 = (struct vb2_keyblock *)kbuf; - rv = VB2_SUCCESS; - if (hash_only) { - rv = vb2_verify_keyblock_hash(keyblock2, image_size, &wb); - } else { - /* Unpack kernel subkey */ - struct vb2_public_key kernel_subkey2; - if (VB2_SUCCESS != - vb2_unpack_key(&kernel_subkey2, kernel_subkey)) { - VB2_DEBUG("Unable to unpack kernel subkey\n"); - goto fail; - } - rv = vb2_verify_keyblock(keyblock2, image_size, - &kernel_subkey2, &wb); - } - - if (VB2_SUCCESS != rv) { - VB2_DEBUG("Verifying key block signature/hash failed.\n"); - goto fail; - } - - /* Check the key block flags against the current boot mode. */ - dev_switch = shared->flags & VBSD_BOOT_DEV_SWITCH_ON; - if (!(key_block->key_block_flags & - (dev_switch ? KEY_BLOCK_FLAG_DEVELOPER_1 : - KEY_BLOCK_FLAG_DEVELOPER_0))) { - VB2_DEBUG("Key block developer flag mismatch.\n"); - if (hash_only == 0) - goto fail; - } - - if (!(key_block->key_block_flags & KEY_BLOCK_FLAG_RECOVERY_1)) { - VB2_DEBUG("Key block recovery flag mismatch.\n"); - if (hash_only == 0) - goto fail; - } - - /* Get key for preamble/data verification from the key block. */ - struct vb2_public_key data_key2; - if (VB2_SUCCESS != vb2_unpack_key(&data_key2, &keyblock2->data_key)) { - VB2_DEBUG("Unable to unpack kernel data key\n"); - goto fail; - } - - /* Verify the preamble, which follows the key block */ - preamble = (VbKernelPreambleHeader *)(kbuf + key_block->key_block_size); - struct vb2_kernel_preamble *preamble2 = - (struct vb2_kernel_preamble *) - (kbuf + key_block->key_block_size); - - if (VB2_SUCCESS != vb2_verify_kernel_preamble( - preamble2, - image_size - key_block->key_block_size, - &data_key2, - &wb)) { - VB2_DEBUG("Preamble verification failed.\n"); - goto fail; - } - - VB2_DEBUG("Kernel preamble is good.\n"); - - /* Verify kernel data */ - body_offset = key_block->key_block_size + preamble->preamble_size; - if (VB2_SUCCESS != vb2_verify_data( - (const uint8_t *)(kbuf + body_offset), - image_size - body_offset, - (struct vb2_signature *)&preamble->body_signature, - &data_key2, &wb)) { - VB2_DEBUG("Kernel data verification failed.\n"); - goto fail; - } - - VB2_DEBUG("Kernel is good.\n"); - - /* Fill in output parameters. */ - kparams->kernel_buffer = kbuf + body_offset; - kparams->kernel_buffer_size = image_size - body_offset; - kparams->bootloader_address = preamble->bootloader_address; - kparams->bootloader_size = preamble->bootloader_size; - if (VbKernelHasFlags(preamble) == VBOOT_SUCCESS) - kparams->flags = preamble->flags; - - retval = VB2_SUCCESS; - - fail: - vb2_kernel_cleanup(ctx); - return retval; -} diff --git a/tests/vboot_api_kernel5_tests.c b/tests/vboot_api_kernel5_tests.c deleted file mode 100644 index c392d7cf..00000000 --- a/tests/vboot_api_kernel5_tests.c +++ /dev/null @@ -1,335 +0,0 @@ -/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Tests for vboot_api_kernel.c - */ - -#include "2api.h" -#include "2common.h" -#include "2misc.h" -#include "2nvstorage.h" -#include "2rsa.h" -#include "2secdata.h" -#include "2struct.h" -#include "2sysincludes.h" -#include "host_common.h" -#include "load_kernel_fw.h" -#include "secdata_tpm.h" -#include "test_common.h" -#include "tss_constants.h" -#include "vb2_common.h" -#include "vboot_api.h" -#include "vboot_common.h" -#include "vboot_kernel.h" -#include "vboot_struct.h" - -/* Mock data */ -static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE]; -static struct vb2_context ctx; -static struct vb2_context ctx_nvram_backend; -static VbSelectAndLoadKernelParams kparams; -static uint8_t shared_data[VB_SHARED_DATA_MIN_SIZE]; -static VbSharedDataHeader *shared = (VbSharedDataHeader *)shared_data; -static struct vb2_gbb_header gbb; -static struct vb2_packed_key mock_key; - -static uint8_t kernel_buffer[80000]; -static int key_block_verify_fail; /* 0=ok, 1=sig, 2=hash */ -static int preamble_verify_fail; -static int verify_data_fail; -static int unpack_key_fail; - -static VbKeyBlockHeader kbh; -static VbKernelPreambleHeader kph; - -static int hash_only_check; - -/** - * Reset mock data (for use before each test) - */ -static void ResetMocks(void) -{ - memset(&kparams, 0, sizeof(kparams)); - - memset(&gbb, 0, sizeof(gbb)); - gbb.major_version = VB2_GBB_MAJOR_VER; - gbb.minor_version = VB2_GBB_MINOR_VER; - gbb.flags = 0; - gbb.rootkey_offset = sizeof(gbb); - gbb.rootkey_size = sizeof(struct vb2_packed_key); - - memset(&mock_key, 0, sizeof(mock_key)); - - /* ctx.workbuf will be initialized by VbVerifyMemoryBootImage. */ - memset(&ctx, 0, sizeof(ctx)); - ctx.workbuf = workbuf; - ctx.workbuf_size = sizeof(workbuf); - vb2_init_context(&ctx); - - /* - * ctx_nvram_backend is only used as an NVRAM backend (see - * VbExNvStorageRead and VbExNvStorageWrite), and with - * vb2_set_nvdata and nv2_get_nvdata to manually read and tweak - * contents. No other initialization is needed. - */ - memset(&ctx_nvram_backend, 0, sizeof(ctx_nvram_backend)); - vb2_nv_init(&ctx_nvram_backend); - - memset(&shared_data, 0, sizeof(shared_data)); - VbSharedDataInit(shared, sizeof(shared_data)); - - key_block_verify_fail = 0; - preamble_verify_fail = 0; - verify_data_fail = 0; - - memset(&kbh, 0, sizeof(kbh)); - kbh.data_key.key_version = 2; - kbh.key_block_flags = -1; - kbh.key_block_size = sizeof(kbh); - - memset(&kph, 0, sizeof(kph)); - kph.kernel_version = 1; - kph.preamble_size = 4096 - kbh.key_block_size; - kph.body_signature.data_size = 70144; - kph.bootloader_address = 0xbeadd008; - kph.bootloader_size = 0x1234; - - memcpy(kernel_buffer, &kbh, sizeof(kbh)); - memcpy((kernel_buffer + kbh.key_block_size), &kph, sizeof(kph)); - - hash_only_check = -1; -} - -static void copy_kbh(void) -{ - memcpy(kernel_buffer, &kbh, sizeof(kbh)); -} - -/* Mock functions */ - -struct vb2_gbb_header *vb2_get_gbb(struct vb2_context *c) -{ - return &gbb; -} - -uint32_t ReadSpaceFirmware(RollbackSpaceFirmware *rsk) -{ - return VB2_SUCCESS; -} - -uint32_t WriteSpaceFirmware(RollbackSpaceFirmware *rsk) -{ - return VB2_SUCCESS; -} - -uint32_t ReadSpaceKernel(RollbackSpaceKernel *rsk) -{ - return VB2_SUCCESS; -} - -uint32_t WriteSpaceKernel(RollbackSpaceKernel *rsk) -{ - return VB2_SUCCESS; -} - -uint32_t RollbackKernelLock(int recovery_mode) -{ - return TPM_SUCCESS; -} - -uint32_t RollbackFwmpRead(struct RollbackSpaceFwmp *fwmp) -{ - return TPM_SUCCESS; -} - -vb2_error_t vb2ex_read_resource(struct vb2_context *c, - enum vb2_resource_index index, uint32_t offset, - void *buf, uint32_t size) -{ - memset(buf, 0, size); - return VB2_SUCCESS; -} - -vb2_error_t vb2_gbb_read_root_key(struct vb2_context *c, - struct vb2_packed_key **keyp, uint32_t *size, - struct vb2_workbuf *wb) -{ - *keyp = &mock_key; - return VB2_SUCCESS; -} - -vb2_error_t vb2_gbb_read_recovery_key(struct vb2_context *c, - struct vb2_packed_key **keyp, - uint32_t *size, struct vb2_workbuf *wb) -{ - *keyp = &mock_key; - return VB2_SUCCESS; -} - -vb2_error_t vb2_unpack_key_buffer(struct vb2_public_key *key, - const uint8_t *buf, uint32_t size) -{ - if (--unpack_key_fail == 0) - return VB2_ERROR_MOCK; - - return VB2_SUCCESS; -} - -vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - hash_only_check = 0; - - if (key_block_verify_fail) - return VB2_ERROR_MOCK; - - /* Use this as an opportunity to override the key block */ - memcpy((void *)block, &kbh, sizeof(kbh)); - return VB2_SUCCESS; -} - -vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block, - uint32_t size, - const struct vb2_workbuf *wb) -{ - hash_only_check = 1; - - if (key_block_verify_fail) - return VB2_ERROR_MOCK; - - /* Use this as an opportunity to override the key block */ - memcpy((void *)block, &kbh, sizeof(kbh)); - return VB2_SUCCESS; -} - -vb2_error_t vb2_verify_kernel_preamble(struct vb2_kernel_preamble *preamble, - uint32_t size, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - if (preamble_verify_fail) - return VB2_ERROR_MOCK; - - /* Use this as an opportunity to override the preamble */ - memcpy((void *)preamble, &kph, sizeof(kph)); - return VB2_SUCCESS; -} - -vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size, - struct vb2_signature *sig, - const struct vb2_public_key *key, - const struct vb2_workbuf *wb) -{ - if (verify_data_fail) - return VB2_ERROR_MOCK; - - return VB2_SUCCESS; -} - -vb2_error_t VbExNvStorageRead(uint8_t *buf) -{ - memcpy(buf, ctx_nvram_backend.nvdata, - vb2_nv_get_size(&ctx_nvram_backend)); - return VB2_SUCCESS; -} - -static void VerifyMemoryBootImageTest(void) -{ - uint32_t u; - - int kernel_body_offset; - int kernel_body_size; - uintptr_t kernel_body_start; - size_t kernel_buffer_size = sizeof(kernel_buffer); - - ResetMocks(); - - kernel_body_offset = kbh.key_block_size + kph.preamble_size; - kernel_body_size = sizeof(kernel_buffer) - kernel_body_offset; - kernel_body_start = (uintptr_t)kernel_buffer + kernel_body_offset; - - u = VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - kernel_buffer_size); - TEST_EQ(u, 0, "Image good"); - TEST_EQ(kparams.partition_number, 0, " part num"); - TEST_EQ(kparams.bootloader_address, 0xbeadd008, " bootloader addr"); - TEST_EQ(kparams.bootloader_size, 0x1234, " bootloader size"); - TEST_PTR_EQ(kparams.kernel_buffer, (void *)(kernel_body_start), - " kernel buffer"); - TEST_EQ(kparams.kernel_buffer_size, kernel_body_size, - " kernel buffer size"); - - /* Empty image buffer. */ - ResetMocks(); - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, NULL, - kernel_buffer_size), - VB2_ERROR_INVALID_PARAMETER, "Empty image"); - - /* Illegal image size. */ - ResetMocks(); - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - 0), - VB2_ERROR_INVALID_PARAMETER, "Illegal image size"); - - /* Key Block Verification Failure */ - ResetMocks(); - key_block_verify_fail = 1; - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - kernel_buffer_size), - VBERROR_INVALID_KERNEL_FOUND, "Key verify failed"); - TEST_EQ(hash_only_check, 0, " hash check"); - - /* Developer flag mismatch - dev switch on */ - ResetMocks(); - kbh.key_block_flags = KEY_BLOCK_FLAG_DEVELOPER_0 | - KEY_BLOCK_FLAG_RECOVERY_1; - copy_kbh(); - shared->flags = VBSD_BOOT_DEV_SWITCH_ON; - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - kernel_buffer_size), - VBERROR_INVALID_KERNEL_FOUND, - "Developer flag mismatch - dev switch on"); - - /* Developer flag mismatch - dev switch off */ - ResetMocks(); - kbh.key_block_flags = KEY_BLOCK_FLAG_DEVELOPER_1 | - KEY_BLOCK_FLAG_RECOVERY_1; - copy_kbh(); - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - kernel_buffer_size), - VBERROR_INVALID_KERNEL_FOUND, - "Developer flag mismatch - dev switch off"); - - /* Recovery flag mismatch */ - ResetMocks(); - kbh.key_block_flags = KEY_BLOCK_FLAG_DEVELOPER_0 | - KEY_BLOCK_FLAG_RECOVERY_0; - shared->flags = 0; - copy_kbh(); - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - kernel_buffer_size), - VBERROR_INVALID_KERNEL_FOUND, "Recovery flag mismatch"); - - /* Preamble verification */ - ResetMocks(); - preamble_verify_fail = 1; - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - kernel_buffer_size), - VBERROR_INVALID_KERNEL_FOUND, "Preamble verification"); - - /* Data verification */ - ResetMocks(); - verify_data_fail = 1; - TEST_EQ(VbVerifyMemoryBootImage(&ctx, shared, &kparams, kernel_buffer, - kernel_buffer_size), - VBERROR_INVALID_KERNEL_FOUND, "Data verification"); -} - -int main(void) -{ - VerifyMemoryBootImageTest(); - - return gTestSuccess ? 0 : 255; -} |