summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVic Yang <victoryang@chromium.org>2012-07-20 18:51:57 -0700
committerVic Yang <victoryang@chromium.org>2012-07-20 18:54:46 -0700
commit8a301be7e9b82560a1103f7dae8ebb31500845f7 (patch)
tree64ffc64b70a619cbaced00035cea59aaa3cbbf51
parentb15fc814bd95d2f084a5278bb51906edc61b02d4 (diff)
downloadvboot-8a301be7e9b82560a1103f7dae8ebb31500845f7.tar.gz
This is failing EC unit test and blocking CQ. Since I can get to Randall and Hung-Te, revert now to unblock others.
Revert "vboot_reference: Change EC signing to apply new FMAP areas." This reverts commit ef0ab3a616acc0d8d18d45c3145852f38744b856 Change-Id: I9248b76c0896190ac6febac9d8239a709554b1ee Reviewed-on: https://gerrit.chromium.org/gerrit/28107 Tested-by: Vic Yang <victoryang@chromium.org> Commit-Ready: Vic Yang <victoryang@chromium.org> Reviewed-by: Vic Yang <victoryang@chromium.org>
Diffstat
-rw-r--r--utility/vbutil_ec.c194
1 files changed, 123 insertions, 71 deletions
diff --git a/utility/vbutil_ec.c b/utility/vbutil_ec.c
index ec791813..4aa0d3f8 100644
--- a/utility/vbutil_ec.c
+++ b/utility/vbutil_ec.c
@@ -194,13 +194,13 @@ static void SignImage(const char *filename,
}
- /* Sign RW Firmware */
- if (!FindInFmap(fmap, "FW_MAIN", image, image_size, &fv_data, &fv_size))
- VbExError("Can't find FW_MAIN in %s\n", filename);
+ /* Sign FW A */
+ if (!FindInFmap(fmap, "FW_MAIN_A", image, image_size, &fv_data, &fv_size))
+ VbExError("Can't find FW_MAIN_A in %s\n", filename);
- if (!FindInFmap(fmap, "VBLOCK", image, image_size,
+ if (!FindInFmap(fmap, "VBLOCK_A", image, image_size,
&vblock_data, &vblock_size))
- VbExError("Can't find VBLOCK in %s\n", filename);
+ VbExError("Can't find VBLOCK_A in %s\n", filename);
fv_size = FindImageEnd(fv_data, fv_size);
@@ -223,6 +223,35 @@ static void SignImage(const char *filename,
free(body_digest);
free(preamble);
+
+ /* Sign FW B - skip if there isn't one */
+ if (!FindInFmap(fmap, "FW_MAIN_B", image, image_size, &fv_data, &fv_size) ||
+ !FindInFmap(fmap, "VBLOCK_B", image, image_size,
+ &vblock_data, &vblock_size)) {
+ printf("Image does not contain FW B - ignoring that part\n");
+ } else {
+ fv_size = FindImageEnd(fv_data, fv_size);
+
+ body_digest = CalculateHash(fv_data, fv_size, privkey);
+ if (!body_digest)
+ VbExError("Error calculating body digest\n");
+
+ preamble = CreateECPreamble(version, body_digest, privkey,
+ preamble_flags, name);
+ if (!preamble)
+ VbExError("Error creating preamble.\n");
+
+ if (key_block_size + preamble->preamble_size > vblock_size)
+ VbExError("VBLOCK_B is too small for digest (%d bytes, needs %d)\n",
+ vblock_size, key_block_size + preamble->preamble_size);
+
+ memcpy(vblock_data, key_block, key_block_size);
+ memcpy(vblock_data + key_block_size, preamble, preamble->preamble_size);
+
+ free(body_digest);
+ free(preamble);
+ }
+
/* Unmap to write changes to disk. */
if (0 != munmap(image, sb.st_size))
VbExError("Can't munmap %s: %s\n", filename, strerror(errno));
@@ -248,6 +277,7 @@ static int Verify(const char *filename) {
RSAPublicKey* rsa;
int errorcnt = 0;
char buf[80];
+ int i;
if (0 != stat(filename, &sb))
VbExError("Can't stat %s: %s\n", filename, strerror(errno));
@@ -290,73 +320,95 @@ static int Verify(const char *filename) {
printf("\n");
}
- fv_data = 0;
- key_block = 0;
- preamble = 0;
-
- sprintf(buf, "FW_MAIN");
- if (!FindInFmap(fmap, buf, image, image_size, &fv_data, &fv_size))
- VbExError("Can't find %s in %s\n", buf, filename);
-
- sprintf(buf, "VBLOCK");
- if (!FindInFmap(fmap, buf, image, image_size,
- (uint8_t **)&key_block, &key_block_size))
- VbExError("Can't find %s in %s\n", buf, filename);
-
- if (0 != KeyBlockVerify(key_block, key_block_size, pubkey, !pubkey))
- VbExError("Error verifying key block for %s.\n", buf);
- printf(" Key block:\n");
-
- data_key = &key_block->data_key;
- printf(" Size: %" PRIu64 "\n",
- key_block->key_block_size);
- printf(" Flags: %" PRIu64 " (ignored)\n",
- key_block->key_block_flags);
- printf(" Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm,
- (data_key->algorithm < kNumAlgorithms ?
- algo_strings[data_key->algorithm] : "(invalid)"));
- printf(" Data key version: %" PRIu64 "\n", data_key->key_version);
- printf(" Data key sha1sum: ");
- PrintPubKeySha1Sum(data_key);
- printf("\n");
-
- preamble = (VbECPreambleHeader*)
- ((uint8_t *)key_block + key_block->key_block_size);
-
- rsa = PublicKeyToRSA(&key_block->data_key);
- if (!rsa)
- VbExError("Error parsing data key.\n");
-
- /* Verify preamble */
- if (0 != VerifyECPreamble(preamble,
- key_block_size - key_block->key_block_size,
- rsa))
- VbExError("Error verifying preamble.\n");
-
- printf(" Preamble:\n");
- printf(" Size: %" PRIu64 "\n",
- preamble->preamble_size);
- printf(" Header version: %" PRIu32 ".%" PRIu32"\n",
- preamble->header_version_major,
- preamble->header_version_minor);
- printf(" Firmware version: %" PRIu64 "\n",
- preamble->firmware_version);
- printf(" Firmware body size: %" PRIu64 "\n",
- preamble->body_digest.data_size);
- printf(" Preamble flags: %" PRIu32 "\n", preamble->flags);
- printf(" Preamble name: %s\n", preamble->name);
-
- /* TODO: verify body size same as signature size */
-
- /* Verify body */
- if (preamble->flags & VB_FIRMWARE_PREAMBLE_USE_RO_NORMAL) {
- printf("Preamble requests USE_RO_NORMAL; skipping verification.\n");
- } else {
- if (0 != EqualData(fv_data, fv_size,
- &preamble->body_digest, rsa))
- VbExError("Error verifying firmware body.\n");
+ for (i = 'A'; i <= 'B'; i++) {
+
+ fv_data = 0;
+ key_block = 0;
+ preamble = 0;
+
+ printf("FW %c\n", i);
+ sprintf(buf, "FW_MAIN_%c", i);
+ if (!FindInFmap(fmap, buf, image, image_size, &fv_data, &fv_size)) {
+ printf("Can't find %s in %s\n", buf, filename);
+ /* Not an error for firmware B */
+ if (i != 'B')
+ errorcnt++;
+ continue;
+ }
+
+ sprintf(buf, "VBLOCK_%c", i);
+ if (!FindInFmap(fmap, buf, image, image_size,
+ (uint8_t **)&key_block, &key_block_size)) {
+ printf("Can't find %s in %s\n", buf, filename);
+ /* Not an error for firmware B */
+ if (i != 'B')
+ errorcnt++;
+ continue;
+ }
+
+ if (0 != KeyBlockVerify(key_block, key_block_size, pubkey, !pubkey)) {
+ printf("Error verifying key block for %s.\n", buf);
+ errorcnt++;
+ continue;
+ }
+ printf(" Key block:\n");
+ data_key = &key_block->data_key;
+ printf(" Size: %" PRIu64 "\n",
+ key_block->key_block_size);
+ printf(" Flags: %" PRIu64 " (ignored)\n",
+ key_block->key_block_flags);
+ printf(" Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm,
+ (data_key->algorithm < kNumAlgorithms ?
+ algo_strings[data_key->algorithm] : "(invalid)"));
+ printf(" Data key version: %" PRIu64 "\n", data_key->key_version);
+ printf(" Data key sha1sum: ");
+ PrintPubKeySha1Sum(data_key);
+ printf("\n");
+
+ preamble = (VbECPreambleHeader*)
+ ((uint8_t *)key_block + key_block->key_block_size);
+
+ rsa = PublicKeyToRSA(&key_block->data_key);
+ if (!rsa) {
+ printf("Error parsing data key.\n");
+ errorcnt++;
+ }
+ /* Verify preamble */
+ if (0 != VerifyECPreamble(preamble,
+ key_block_size - key_block->key_block_size,
+ rsa)) {
+ printf("Error verifying preamble.\n");
+ errorcnt++;
+ free(rsa);
+ continue;
+ }
+ printf(" Preamble:\n");
+ printf(" Size: %" PRIu64 "\n",
+ preamble->preamble_size);
+ printf(" Header version: %" PRIu32 ".%" PRIu32"\n",
+ preamble->header_version_major,
+ preamble->header_version_minor);
+ printf(" Firmware version: %" PRIu64 "\n",
+ preamble->firmware_version);
+ printf(" Firmware body size: %" PRIu64 "\n",
+ preamble->body_digest.data_size);
+ printf(" Preamble flags: %" PRIu32 "\n", preamble->flags);
+ printf(" Preamble name: %s\n", preamble->name);
+
+ /* TODO: verify body size same as signature size */
+
+ /* Verify body */
+ if (preamble->flags & VB_FIRMWARE_PREAMBLE_USE_RO_NORMAL) {
+ printf("Preamble requests USE_RO_NORMAL; skipping verification.\n");
+ } else {
+ if (0 != EqualData(fv_data, fv_size,
+ &preamble->body_digest, rsa)) {
+ printf("Error verifying firmware body.\n");
+ errorcnt++;
+ }
+ }
+ free(rsa);
}
- free(rsa);
/* Done */
if (0 != munmap(image, sb.st_size))
View Lorry Controller Status