diff options
| author | Furquan Shaikh <furquan@google.com> | 2015-05-29 18:00:46 -0700 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-06-02 18:40:57 +0000 |
| commit | 04e2338857e66ee1af7a826e320e6fe755711f65 (patch) | |
| tree | 86da63d1fed480baa19dae5f91660a67716def90 | |
| parent | 7e21698e42dba31cc3e3c6b58a31bd050d3698ac (diff) | |
| download | vboot-04e2338857e66ee1af7a826e320e6fe755711f65.tar.gz | |
vboot_api_kernel: Do not pre-populate variables in
VbVerifyMemoryBootImage
Do not use values from the header or preamble until it is known to be
good.
BUG=None
BRANCH=None
TEST=Compiles successfully and VbVerifyMemoryBootImage returns early
for images with bad values in header.
Change-Id: Ic026f49292a139e0a04c2556ca9fa62ff277b18f
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/274141
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
| -rw-r--r-- | firmware/lib/vboot_api_kernel.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index 623711b9..0fd1fa3e 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -1223,11 +1223,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams, kparams->flags = 0; Memset(kparams->partition_guid, 0, sizeof(kparams->partition_guid)); - /* Populate pointers to all components in the image. */ kbuf = boot_image; - key_block = (VbKeyBlockHeader *)kbuf; - preamble = (VbKernelPreambleHeader *)(kbuf + key_block->key_block_size); - body_offset = key_block->key_block_size + preamble->preamble_size; /* Read GBB Header */ cparams->bmp = NULL; @@ -1263,6 +1259,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams, retval = VBERROR_INVALID_KERNEL_FOUND; /* Verify the key block. */ + key_block = (VbKeyBlockHeader *)kbuf; if (0 != KeyBlockVerify(key_block, image_size, kernel_subkey, hash_only)) { VBDEBUG(("Verifying key block signature/hash failed.\n")); @@ -1292,6 +1289,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams, } /* Verify the preamble, which follows the key block */ + preamble = (VbKernelPreambleHeader *)(kbuf + key_block->key_block_size); if ((0 != VerifyKernelPreamble(preamble, image_size - key_block->key_block_size, @@ -1303,6 +1301,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams, VBDEBUG(("Kernel preamble is good.\n")); /* Verify kernel data */ + body_offset = key_block->key_block_size + preamble->preamble_size; if (0 != VerifyData((const uint8_t *)(kbuf + body_offset), image_size - body_offset, &preamble->body_signature, data_key)) { |