diff options
| author | Daisuke Nojiri <dnojiri@chromium.org> | 2014-06-24 12:26:39 -0700 |
|---|---|---|
| committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-06-25 01:31:51 +0000 |
| commit | fc17308c39d23fe64959854dc5a858429b37539f (patch) | |
| tree | f11b062edbae88672514949e5165afd52b8ca184 | |
| parent | 25c95d0774b122c28276251961d7cbe9b6f34d41 (diff) | |
| download | vboot-fc17308c39d23fe64959854dc5a858429b37539f.tar.gz | |
vboot2: Scramble the GBB magic number
Compiling in the GBB magic number as is causes any tools that search for the
number to fail. This patch allows firmware to embed XOR'ed signature.
TEST=Booted Nyan in normal mode. FAFT:firmware_DevMode passes.
BUG=none
BRANCH=none
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: Id18905a9969af3db24151e7c51332d0e94405108
Reviewed-on: https://chromium-review.googlesource.com/205416
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org>
Tested-by: Daisuke Nojiri <dnojiri@chromium.org>
| -rw-r--r-- | firmware/2lib/2misc.c | 18 | ||||
| -rw-r--r-- | firmware/2lib/include/2misc.h | 8 | ||||
| -rw-r--r-- | firmware/2lib/include/2struct.h | 7 |
3 files changed, 28 insertions, 5 deletions
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index f5571dc6..5d063b94 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -14,6 +14,17 @@ #include "2sha.h" #include "2rsa.h" +int vb2_validate_gbb_signature(uint8_t *sig) { + const static uint8_t sig_xor[VB2_GBB_SIGNATURE_SIZE] = + VB2_GBB_XOR_SIGNATURE; + int i; + for (i = 0; i < VB2_GBB_SIGNATURE_SIZE; i++) { + if (sig[i] != (sig_xor[i] ^ VB2_GBB_XOR_CHARS[i])) + return VB2_ERROR_GBB_MAGIC; + } + return VB2_SUCCESS; +} + void vb2_workbuf_from_ctx(struct vb2_context *ctx, struct vb2_workbuf *wb) { vb2_workbuf_init(wb, ctx->workbuf + ctx->workbuf_used, @@ -22,8 +33,6 @@ void vb2_workbuf_from_ctx(struct vb2_context *ctx, struct vb2_workbuf *wb) int vb2_read_gbb_header(struct vb2_context *ctx, struct vb2_gbb_header *gbb) { - static const uint8_t expect_sig[VB2_GBB_SIGNATURE_SIZE] = - VB2_GBB_SIGNATURE; int rv; /* Read the entire header */ @@ -32,8 +41,9 @@ int vb2_read_gbb_header(struct vb2_context *ctx, struct vb2_gbb_header *gbb) return rv; /* Make sure it's really a GBB */ - if (memcmp(gbb->signature, expect_sig, sizeof(expect_sig))) - return VB2_ERROR_GBB_MAGIC; + rv = vb2_validate_gbb_signature(gbb->signature); + if (rv) + return rv; /* Check for compatible version */ if (gbb->major_version != VB2_GBB_MAJOR_VER) diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index d90399a4..d6f48e86 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -23,6 +23,14 @@ static __inline struct vb2_shared_data *vb2_get_sd(struct vb2_context *ctx) { } /** + * Validate gbb signature (the magic number) + * + * @param sig pointer to the signature bytes to validate + * @return VB2_SUCCESS if valid or VB2_ERROR_GBB_MAGIC otherwise. + */ +int vb2_validate_gbb_signature(uint8_t *sig); + +/** * Initialize a work buffer from the vboot context. * * This sets the work buffer to the unused portion of the context work buffer. diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 7a6d0ce7..646d0915 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -301,9 +301,14 @@ struct vb2_shared_data { /****************************************************************************/ -/* Signature at start of the GBB */ +/* Signature at start of the GBB + * Note that if you compile in the signature as is, you are likely to break any + * tools that search for the signature. */ #define VB2_GBB_SIGNATURE "$GBB" #define VB2_GBB_SIGNATURE_SIZE 4 +#define VB2_GBB_XOR_CHARS "****" +/* TODO: can we write a macro to produce this at compile time? */ +#define VB2_GBB_XOR_SIGNATURE { 0x0e, 0x6d, 0x68, 0x68 } /* VB2 GBB struct version */ #define VB2_GBB_MAJOR_VER 1 |