diff options
author | Joel Kitching <kitching@google.com> | 2019-09-04 14:12:42 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-10-23 16:28:16 +0000 |
commit | d3b2117f9abe2f7413f6315867ae3c3dbfaf5db1 (patch) | |
tree | d25a53c589d3547d25edfc299d68df55cc472652 | |
parent | 53ce884528f734958d4845f6528809957b09934c (diff) | |
download | vboot-d3b2117f9abe2f7413f6315867ae3c3dbfaf5db1.tar.gz |
vboot: standardize on "keyblock" as one word
Stardardize on inconsistency between "keyblock" and "key block"
both in code, comments, and textual output.
BUG=b:124141368, chromium:968464
TEST=make clean && make runtests
BRANCH=none
Change-Id: Ib8819a2426c1179286663f21f0d254f3de9d94a4
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1786385
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
37 files changed, 231 insertions, 231 deletions
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index e15b59fd..e0232a57 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -242,7 +242,7 @@ const struct vb2_id *vb2_hash_id(enum vb2_hash_algorithm hash_alg); sizeof(struct vb2_digest_context))) /* Size of work buffer sufficient for vb2_verify_keyblock() worst case. */ -#define VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES +#define VB2_KEYBLOCK_VERIFY_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES /* Size of work buffer sufficient for vb2_verify_fw_preamble() worst case. */ #define VB2_VERIFY_FIRMWARE_PREAMBLE_WORKBUF_BYTES VB2_VERIFY_DATA_WORKBUF_BYTES diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 52d905ae..fafc72b7 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -21,15 +21,15 @@ #include "2sysincludes.h" /* - * Key block flags. + * Keyblock flags. * *The following flags set where the key is valid. Not used by firmware * verification; only kernel verification. */ -#define VB2_KEY_BLOCK_FLAG_DEVELOPER_0 0x01 /* Developer switch off */ -#define VB2_KEY_BLOCK_FLAG_DEVELOPER_1 0x02 /* Developer switch on */ -#define VB2_KEY_BLOCK_FLAG_RECOVERY_0 0x04 /* Not recovery mode */ -#define VB2_KEY_BLOCK_FLAG_RECOVERY_1 0x08 /* Recovery mode */ +#define VB2_KEYBLOCK_FLAG_DEVELOPER_0 0x01 /* Developer switch off */ +#define VB2_KEYBLOCK_FLAG_DEVELOPER_1 0x02 /* Developer switch on */ +#define VB2_KEYBLOCK_FLAG_RECOVERY_0 0x04 /* Not recovery mode */ +#define VB2_KEYBLOCK_FLAG_RECOVERY_1 0x08 /* Recovery mode */ #define VB2_GBB_HWID_DIGEST_SIZE 32 /****************************************************************************/ diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h index 33a24885..688de60b 100644 --- a/firmware/include/vboot_struct.h +++ b/firmware/include/vboot_struct.h @@ -35,53 +35,53 @@ typedef struct VbSignature { #define EXPECTED_VBSIGNATURE_SIZE 24 -#define KEY_BLOCK_MAGIC "CHROMEOS" -#define KEY_BLOCK_MAGIC_SIZE 8 +#define KEYBLOCK_MAGIC "CHROMEOS" +#define KEYBLOCK_MAGIC_SIZE 8 -#define KEY_BLOCK_HEADER_VERSION_MAJOR 2 -#define KEY_BLOCK_HEADER_VERSION_MINOR 1 +#define KEYBLOCK_HEADER_VERSION_MAJOR 2 +#define KEYBLOCK_HEADER_VERSION_MINOR 1 -/* Flags for key_block_flags */ +/* Flags for keyblock_flags */ /* The following flags set where the key is valid */ -#define KEY_BLOCK_FLAG_DEVELOPER_0 (0x01ULL) /* Developer switch off */ -#define KEY_BLOCK_FLAG_DEVELOPER_1 (0x02ULL) /* Developer switch on */ -#define KEY_BLOCK_FLAG_RECOVERY_0 (0x04ULL) /* Not recovery mode */ -#define KEY_BLOCK_FLAG_RECOVERY_1 (0x08ULL) /* Recovery mode */ +#define KEYBLOCK_FLAG_DEVELOPER_0 (0x01ULL) /* Developer switch off */ +#define KEYBLOCK_FLAG_DEVELOPER_1 (0x02ULL) /* Developer switch on */ +#define KEYBLOCK_FLAG_RECOVERY_0 (0x04ULL) /* Not recovery mode */ +#define KEYBLOCK_FLAG_RECOVERY_1 (0x08ULL) /* Recovery mode */ /* - * Key block, containing the public key used to sign some other chunk of data. + * Keyblock, containing the public key used to sign some other chunk of data. * * This should be followed by: * 1) The data_key key data, pointed to by data_key.key_offset. * 2) The checksum data for (VBKeyBlockHeader + data_key data), pointed to - * by key_block_checksum.sig_offset. + * by keyblock_checksum.sig_offset. * 3) The signature data for (VBKeyBlockHeader + data_key data), pointed to - * by key_block_signature.sig_offset. + * by keyblock_signature.sig_offset. */ typedef struct VbKeyBlockHeader { /* Magic number */ - uint8_t magic[KEY_BLOCK_MAGIC_SIZE]; + uint8_t magic[KEYBLOCK_MAGIC_SIZE]; /* Version of this header format */ uint32_t header_version_major; /* Version of this header format */ uint32_t header_version_minor; /* - * Length of this entire key block, including keys, signatures, and + * Length of this entire keyblock, including keys, signatures, and * padding, in bytes */ - uint64_t key_block_size; + uint64_t keyblock_size; /* - * Signature for this key block (header + data pointed to by data_key) + * Signature for this keyblock (header + data pointed to by data_key) * For use with signed data keys */ - VbSignature key_block_signature; + VbSignature keyblock_signature; /* - * SHA-512 checksum for this key block (header + data pointed to by + * SHA-512 checksum for this keyblock (header + data pointed to by * data_key) For use with unsigned data keys */ - VbSignature key_block_checksum; - /* Flags for key (KEY_BLOCK_FLAG_*) */ - uint64_t key_block_flags; + VbSignature keyblock_checksum; + /* Flags for key (KEYBLOCK_FLAG_*) */ + uint64_t keyblock_flags; /* Key to verify the chunk of data */ struct vb2_packed_key data_key; } __attribute__((packed)) VbKeyBlockHeader; @@ -284,14 +284,14 @@ typedef struct VbKernelPreambleHeader { #define VBSD_LK_BOOT_MODE_DEVELOPER 2 /* Flags for VbSharedDataKernelPart.flags */ -#define VBSD_LKP_FLAG_KEY_BLOCK_VALID 0x01 +#define VBSD_LKP_FLAG_KEYBLOCK_VALID 0x01 /* Result codes for VbSharedDataKernelPart.check_result */ #define VBSD_LKP_CHECK_NOT_DONE 0 #define VBSD_LKP_CHECK_TOO_SMALL 1 #define VBSD_LKP_CHECK_READ_START 2 -#define VBSD_LKP_CHECK_KEY_BLOCK_SIG 3 -#define VBSD_LKP_CHECK_KEY_BLOCK_HASH 4 +#define VBSD_LKP_CHECK_KEYBLOCK_SIG 3 +#define VBSD_LKP_CHECK_KEYBLOCK_HASH 4 #define VBSD_LKP_CHECK_DEV_MISMATCH 5 #define VBSD_LKP_CHECK_REC_MISMATCH 6 #define VBSD_LKP_CHECK_KEY_ROLLBACK 7 diff --git a/firmware/lib/include/vboot_common.h b/firmware/lib/include/vboot_common.h index ac020cc3..46c135cf 100644 --- a/firmware/lib/include/vboot_common.h +++ b/firmware/lib/include/vboot_common.h @@ -24,12 +24,12 @@ /* Error Codes for all common functions. */ enum { VBOOT_SUCCESS = 0, - /* Key block internal structure is invalid, or not a key block */ - VBOOT_KEY_BLOCK_INVALID, - /* Key block signature check failed */ - VBOOT_KEY_BLOCK_SIGNATURE, - /* Key block hash check failed */ - VBOOT_KEY_BLOCK_HASH, + /* Keyblock internal structure is invalid, or not a keyblock */ + VBOOT_KEYBLOCK_INVALID, + /* Keyblock signature check failed */ + VBOOT_KEYBLOCK_SIGNATURE, + /* Keyblock hash check failed */ + VBOOT_KEYBLOCK_HASH, /* Invalid public key passed to a signature verficiation function. */ VBOOT_PUBLIC_KEY_INVALID, /* Preamble internal structure is invalid */ diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c index 75492080..f68b387b 100644 --- a/firmware/lib/vboot_common.c +++ b/firmware/lib/vboot_common.c @@ -17,9 +17,9 @@ const char *kVbootErrors[VBOOT_ERROR_MAX] = { "Success.", - "Key block invalid.", - "Key block signature failed.", - "Key block hash failed.", + "Keyblock invalid.", + "Keyblock signature failed.", + "Keyblock hash failed.", "Public key invalid.", "Preamble invalid.", "Preamble signature check failed.", diff --git a/firmware/lib/vboot_display.c b/firmware/lib/vboot_display.c index 13107d37..b9473347 100644 --- a/firmware/lib/vboot_display.c +++ b/firmware/lib/vboot_display.c @@ -122,7 +122,7 @@ const char *RecoveryReasonString(uint8_t code) case VB2_RECOVERY_RO_SHARED_DATA: return "Shared data error in read-only firmware"; case VB2_RECOVERY_FW_KEYBLOCK: - return "RW firmware unable to verify key block"; + return "RW firmware unable to verify keyblock"; case VB2_RECOVERY_FW_KEY_ROLLBACK: return "RW firmware key version rollback detected"; case VB2_RECOVERY_FW_PREAMBLE: diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c index ce4828fd..1c90f470 100644 --- a/firmware/lib/vboot_kernel.c +++ b/firmware/lib/vboot_kernel.c @@ -138,13 +138,13 @@ static vb2_error_t vb2_verify_kernel_vblock( return VB2_ERROR_VBLOCK_KERNEL_SUBKEY; } - /* Verify the key block. */ + /* Verify the keyblock. */ int keyblock_valid = 1; /* Assume valid */ struct vb2_keyblock *keyblock = get_keyblock(kbuf); if (VB2_SUCCESS != vb2_verify_keyblock(keyblock, kbuf_size, &kernel_subkey2, wb)) { - VB2_DEBUG("Verifying key block signature failed.\n"); - shpart->check_result = VBSD_LKP_CHECK_KEY_BLOCK_SIG; + VB2_DEBUG("Verifying keyblock signature failed.\n"); + shpart->check_result = VBSD_LKP_CHECK_KEYBLOCK_SIG; keyblock_valid = 0; /* Check if we must have an officially signed kernel */ @@ -154,27 +154,27 @@ static vb2_error_t vb2_verify_kernel_vblock( return VB2_ERROR_VBLOCK_SELF_SIGNED; } - /* Otherwise, allow the kernel if the key block hash is valid */ + /* Otherwise, allow the kernel if the keyblock hash is valid */ if (VB2_SUCCESS != vb2_verify_keyblock_hash(keyblock, kbuf_size, wb)) { - VB2_DEBUG("Verifying key block hash failed.\n"); - shpart->check_result = VBSD_LKP_CHECK_KEY_BLOCK_HASH; + VB2_DEBUG("Verifying keyblock hash failed.\n"); + shpart->check_result = VBSD_LKP_CHECK_KEYBLOCK_HASH; return VB2_ERROR_VBLOCK_KEYBLOCK_HASH; } } - /* Check the key block flags against boot flags. */ + /* Check the keyblock flags against boot flags. */ if (!(keyblock->keyblock_flags & ((ctx->flags & VB2_CONTEXT_DEVELOPER_MODE) ? - KEY_BLOCK_FLAG_DEVELOPER_1 : KEY_BLOCK_FLAG_DEVELOPER_0))) { - VB2_DEBUG("Key block developer flag mismatch.\n"); + KEYBLOCK_FLAG_DEVELOPER_1 : KEYBLOCK_FLAG_DEVELOPER_0))) { + VB2_DEBUG("Keyblock developer flag mismatch.\n"); shpart->check_result = VBSD_LKP_CHECK_DEV_MISMATCH; keyblock_valid = 0; } if (!(keyblock->keyblock_flags & ((ctx->flags & VB2_CONTEXT_RECOVERY_MODE) ? - KEY_BLOCK_FLAG_RECOVERY_1 : KEY_BLOCK_FLAG_RECOVERY_0))) { - VB2_DEBUG("Key block recovery flag mismatch.\n"); + KEYBLOCK_FLAG_RECOVERY_1 : KEYBLOCK_FLAG_RECOVERY_0))) { + VB2_DEBUG("Keyblock recovery flag mismatch.\n"); shpart->check_result = VBSD_LKP_CHECK_REC_MISMATCH; keyblock_valid = 0; } @@ -200,9 +200,9 @@ static vb2_error_t vb2_verify_kernel_vblock( } } - /* If not in developer mode, key block required to be valid. */ + /* If not in developer mode, keyblock required to be valid. */ if (kBootDev != boot_mode && !keyblock_valid) { - VB2_DEBUG("Key block is invalid.\n"); + VB2_DEBUG("Keyblock is invalid.\n"); return VB2_ERROR_VBLOCK_KEYBLOCK; } @@ -235,7 +235,7 @@ static vb2_error_t vb2_verify_kernel_vblock( } } - /* Get key for preamble verification from the key block. */ + /* Get key for preamble verification from the keyblock. */ struct vb2_public_key data_key; if (VB2_SUCCESS != vb2_unpack_key(&data_key, &keyblock->data_key)) { VB2_DEBUG("Unable to unpack kernel data key\n"); @@ -243,7 +243,7 @@ static vb2_error_t vb2_verify_kernel_vblock( return VB2_ERROR_UNKNOWN; } - /* Verify the preamble, which follows the key block */ + /* Verify the preamble, which follows the keyblock */ struct vb2_kernel_preamble *preamble = get_preamble(kbuf); if (VB2_SUCCESS != vb2_verify_kernel_preamble(preamble, @@ -256,7 +256,7 @@ static vb2_error_t vb2_verify_kernel_vblock( } /* - * If the key block is valid and we're not in recovery mode, check for + * If the keyblock is valid and we're not in recovery mode, check for * rollback of the kernel version. */ uint32_t combined_version = (key_version << 16) | @@ -278,7 +278,7 @@ static vb2_error_t vb2_verify_kernel_vblock( VB2_DEBUG("Kernel preamble is good.\n"); shpart->check_result = VBSD_LKP_CHECK_PREAMBLE_VALID; if (keyblock_valid) - shpart->flags |= VBSD_LKP_FLAG_KEY_BLOCK_VALID; + shpart->flags |= VBSD_LKP_FLAG_KEYBLOCK_VALID; return VB2_SUCCESS; } @@ -394,7 +394,7 @@ static vb2_error_t vb2_load_partition( ((uint64_t)(body_toread + KBUF_SIZE) * 1000 * 1000) / (read_us * 1024)); - /* Get key for preamble/data verification from the key block. */ + /* Get key for preamble/data verification from the keyblock. */ struct vb2_public_key data_key; if (VB2_SUCCESS != vb2_unpack_key(&data_key, &keyblock->data_key)) { VB2_DEBUG("Unable to unpack kernel data key\n"); @@ -561,14 +561,14 @@ vb2_error_t LoadKernel(struct vb2_context *ctx, LoadKernelParams *params) } int keyblock_valid = (shpart->flags & - VBSD_LKP_FLAG_KEY_BLOCK_VALID); + VBSD_LKP_FLAG_KEYBLOCK_VALID); if (keyblock_valid) { shared->flags |= VBSD_KERNEL_KEY_VERIFIED; /* Track lowest version from a valid header. */ if (lowest_version > shpart->combined_version) lowest_version = shpart->combined_version; } - VB2_DEBUG("Key block valid: %d\n", keyblock_valid); + VB2_DEBUG("Keyblock valid: %d\n", keyblock_valid); VB2_DEBUG("Combined version: %u\n", shpart->combined_version); /* diff --git a/firmware/lib20/common.c b/firmware/lib20/common.c index c9d52e97..2c6886c5 100644 --- a/firmware/lib20/common.c +++ b/firmware/lib20/common.c @@ -94,27 +94,27 @@ vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size, const struct vb2_signature *sig) { if(size < sizeof(*block)) { - VB2_DEBUG("Not enough space for key block header.\n"); + VB2_DEBUG("Not enough space for keyblock header.\n"); return VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER; } - if (memcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) { - VB2_DEBUG("Not a valid verified boot key block.\n"); + if (memcmp(block->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE)) { + VB2_DEBUG("Not a valid verified boot keyblock.\n"); return VB2_ERROR_KEYBLOCK_MAGIC; } - if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) { - VB2_DEBUG("Incompatible key block header version.\n"); + if (block->header_version_major != KEYBLOCK_HEADER_VERSION_MAJOR) { + VB2_DEBUG("Incompatible keyblock header version.\n"); return VB2_ERROR_KEYBLOCK_HEADER_VERSION; } if (size < block->keyblock_size) { - VB2_DEBUG("Not enough data for key block.\n"); + VB2_DEBUG("Not enough data for keyblock.\n"); return VB2_ERROR_KEYBLOCK_SIZE; } if (vb2_verify_signature_inside(block, block->keyblock_size, sig)) { - VB2_DEBUG("Key block signature off end of block\n"); + VB2_DEBUG("Keyblock signature off end of block\n"); return VB2_ERROR_KEYBLOCK_SIG_OUTSIDE; } @@ -133,7 +133,7 @@ vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size, /* Verify data key is inside the block and inside signed data */ if (vb2_verify_packed_key_inside(block, block->keyblock_size, &block->data_key)) { - VB2_DEBUG("Data key off end of key block\n"); + VB2_DEBUG("Data key off end of keyblock\n"); return VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE; } if (vb2_verify_packed_key_inside(block, sig->data_size, @@ -157,10 +157,10 @@ vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, if (rv) return rv; - VB2_DEBUG("Checking key block signature...\n"); + VB2_DEBUG("Checking keyblock signature...\n"); rv = vb2_verify_data((const uint8_t *)block, size, sig, key, wb); if (rv) { - VB2_DEBUG("Invalid key block signature.\n"); + VB2_DEBUG("Invalid keyblock signature.\n"); return VB2_ERROR_KEYBLOCK_SIG_INVALID; } diff --git a/firmware/lib20/include/vb2_common.h b/firmware/lib20/include/vb2_common.h index d16572a5..911dc0a3 100644 --- a/firmware/lib20/include/vb2_common.h +++ b/firmware/lib20/include/vb2_common.h @@ -94,28 +94,28 @@ vb2_error_t vb2_verify_data(const uint8_t *data, uint32_t size, const struct vb2_workbuf *wb); /** - * Check the sanity of a key block structure. + * Check the sanity of a keyblock structure. * - * Verifies all the header fields. Does not verify key index or key block - * flags. Should be called before verifying the key block data itself using + * Verifies all the header fields. Does not verify key index or keyblock + * flags. Should be called before verifying the keyblock data itself using * the key. (This function does not itself verify the signature - just that * the right amount of data is claimed to be signed.) * - * @param block Key block to verify - * @param size Size of key block buffer + * @param block Keyblock to verify + * @param size Size of keyblock buffer * @param sig Which signature inside the keyblock to use */ vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size, const struct vb2_signature *sig); /** - * Verify a key block using a public key. + * Verify a keyblock using a public key. * * Header fields are also checked for sanity. Does not verify key index or key * block flags. Signature inside block is destroyed during check. * - * @param block Key block to verify - * @param size Size of key block buffer + * @param block Keyblock to verify + * @param size Size of keyblock buffer * @param key Key to use to verify block * @param wb Work buffer * @return VB2_SUCCESS, or non-zero error code if error. @@ -125,13 +125,13 @@ vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, const struct vb2_workbuf *wb); /** - * Verify a key block using its hash. + * Verify a keyblock using its hash. * * Header fields are also checked for sanity. Does not verify key index or key * block flags. Use this for self-signed keyblocks in developer mode. * - * @param block Key block to verify - * @param size Size of key block buffer + * @param block Keyblock to verify + * @param size Size of keyblock buffer * @param key Key to use to verify block * @param wb Work buffer * @return VB2_SUCCESS, or non-zero error code if error. diff --git a/firmware/lib20/include/vb2_struct.h b/firmware/lib20/include/vb2_struct.h index 2024bde5..d6279e19 100644 --- a/firmware/lib20/include/vb2_struct.h +++ b/firmware/lib20/include/vb2_struct.h @@ -46,14 +46,14 @@ struct vb2_signature { #define EXPECTED_VB2_SIGNATURE_SIZE 24 -#define KEY_BLOCK_MAGIC "CHROMEOS" -#define KEY_BLOCK_MAGIC_SIZE 8 +#define KEYBLOCK_MAGIC "CHROMEOS" +#define KEYBLOCK_MAGIC_SIZE 8 -#define KEY_BLOCK_HEADER_VERSION_MAJOR 2 -#define KEY_BLOCK_HEADER_VERSION_MINOR 1 +#define KEYBLOCK_HEADER_VERSION_MAJOR 2 +#define KEYBLOCK_HEADER_VERSION_MINOR 1 /* - * Key block, containing the public key used to sign some other chunk of data. + * Keyblock, containing the public key used to sign some other chunk of data. * * This should be followed by: * 1) The data_key key data, pointed to by data_key.key_offset. @@ -64,34 +64,34 @@ struct vb2_signature { */ struct vb2_keyblock { /* Magic number */ - uint8_t magic[KEY_BLOCK_MAGIC_SIZE]; + uint8_t magic[KEYBLOCK_MAGIC_SIZE]; /* Version of this header format */ uint32_t header_version_major; uint32_t header_version_minor; /* - * Length of this entire key block, including keys, signatures, and + * Length of this entire keyblock, including keys, signatures, and * padding, in bytes */ uint32_t keyblock_size; uint32_t reserved0; /* - * Signature for this key block (header + data pointed to by data_key) + * Signature for this keyblock (header + data pointed to by data_key) * For use with signed data keys */ struct vb2_signature keyblock_signature; /* - * SHA-512 hash for this key block (header + data pointed to by + * SHA-512 hash for this keyblock (header + data pointed to by * data_key) For use with unsigned data keys. * * Only supported for kernel keyblocks, not firmware keyblocks. */ struct vb2_signature keyblock_hash; - /* Flags for key (VB2_KEY_BLOCK_FLAG_*) */ + /* Flags for key (VB2_KEYBLOCK_FLAG_*) */ uint32_t keyblock_flags; uint32_t reserved1; @@ -143,7 +143,7 @@ struct vb2_fw_preamble { uint32_t firmware_version; uint32_t reserved1; - /* Key to verify kernel key block */ + /* Key to verify kernel keyblock */ struct vb2_packed_key kernel_subkey; /* Signature for the firmware body */ diff --git a/firmware/lib20/kernel.c b/firmware/lib20/kernel.c index a40a4971..172f7ffb 100644 --- a/firmware/lib20/kernel.c +++ b/firmware/lib20/kernel.c @@ -56,7 +56,7 @@ vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block, if (rv) return rv; - VB2_DEBUG("Checking key block hash...\n"); + VB2_DEBUG("Checking keyblock hash...\n"); /* Digest goes at start of work buffer */ digest_size = vb2_digest_size(VB2_HASH_SHA512); @@ -83,7 +83,7 @@ vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block, if (vb2_safe_memcmp(vb2_signature_data_const(sig), digest, digest_size) != 0) { - VB2_DEBUG("Invalid key block hash.\n"); + VB2_DEBUG("Invalid keyblock hash.\n"); return VB2_ERROR_KEYBLOCK_SIG_INVALID; } @@ -166,19 +166,19 @@ vb2_error_t vb2_load_kernel_keyblock(struct vb2_context *ctx) return rv; } - /* Check the key block flags against the current boot mode */ + /* Check the keyblock flags against the current boot mode */ if (!(kb->keyblock_flags & - (dev_switch ? VB2_KEY_BLOCK_FLAG_DEVELOPER_1 : - VB2_KEY_BLOCK_FLAG_DEVELOPER_0))) { - VB2_DEBUG("Key block developer flag mismatch.\n"); + (dev_switch ? VB2_KEYBLOCK_FLAG_DEVELOPER_1 : + VB2_KEYBLOCK_FLAG_DEVELOPER_0))) { + VB2_DEBUG("Keyblock developer flag mismatch.\n"); keyblock_is_valid = 0; if (need_keyblock_valid) return VB2_ERROR_KERNEL_KEYBLOCK_DEV_FLAG; } if (!(kb->keyblock_flags & - (rec_switch ? VB2_KEY_BLOCK_FLAG_RECOVERY_1 : - VB2_KEY_BLOCK_FLAG_RECOVERY_0))) { - VB2_DEBUG("Key block recovery flag mismatch.\n"); + (rec_switch ? VB2_KEYBLOCK_FLAG_RECOVERY_1 : + VB2_KEYBLOCK_FLAG_RECOVERY_0))) { + VB2_DEBUG("Keyblock recovery flag mismatch.\n"); keyblock_is_valid = 0; if (need_keyblock_valid) return VB2_ERROR_KERNEL_KEYBLOCK_REC_FLAG; diff --git a/firmware/lib21/include/vb21_common.h b/firmware/lib21/include/vb21_common.h index 7ca5b4f5..6362a150 100644 --- a/firmware/lib21/include/vb21_common.h +++ b/firmware/lib21/include/vb21_common.h @@ -145,13 +145,13 @@ vb2_error_t vb21_verify_data(const void *data, uint32_t size, const struct vb2_workbuf *wb); /** - * Check the sanity of a key block using a public key. + * Check the sanity of a keyblock using a public key. * * Header fields are also checked for sanity. Does not verify key index or key * block flags. Signature inside block is destroyed during check. * - * @param block Key block to verify - * @param size Size of key block buffer + * @param block Keyblock to verify + * @param size Size of keyblock buffer * @param key Key to use to verify block * @param wb Work buffer * @return VB2_SUCCESS, or non-zero error code if error. diff --git a/firmware/lib21/include/vb21_struct.h b/firmware/lib21/include/vb21_struct.h index 5bb2b63e..18cfb8dd 100644 --- a/firmware/lib21/include/vb21_struct.h +++ b/firmware/lib21/include/vb21_struct.h @@ -242,10 +242,10 @@ struct vb21_signature { #define VB21_KEYBLOCK_VERSION_MINOR 0 /* - * Key block. This contains a signed, versioned key for use in the next stage + * Keyblock. This contains a signed, versioned key for use in the next stage * of verified boot. * - * The key block data must be arranged like this: + * The keyblock data must be arranged like this: * 1) vb21_keyblock header struct h * 2) Keyblock description (pointed to by h.c.fixed_size) * 3) Data key (pointed to by h.data_key_offset) @@ -258,7 +258,7 @@ struct vb21_keyblock { /* Common header fields */ struct vb21_struct_common c; - /* Flags (VB2_KEY_BLOCK_FLAG_*) */ + /* Flags (VB2_KEYBLOCK_FLAG_*) */ uint32_t flags; /* diff --git a/futility/cmd_show.c b/futility/cmd_show.c index a0e2bb62..cf747f89 100644 --- a/futility/cmd_show.c +++ b/futility/cmd_show.c @@ -57,20 +57,20 @@ static void show_keyblock(struct vb2_keyblock *keyblock, const char *name, int sign_key, int good_sig) { if (name) - printf("Key block: %s\n", name); + printf("Keyblock: %s\n", name); else - printf("Key block:\n"); + printf("Keyblock:\n"); printf(" Signature: %s\n", sign_key ? (good_sig ? "valid" : "invalid") : "ignored"); printf(" Size: %#x\n", keyblock->keyblock_size); printf(" Flags: %d ", keyblock->keyblock_flags); - if (keyblock->keyblock_flags & VB2_KEY_BLOCK_FLAG_DEVELOPER_0) + if (keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_DEVELOPER_0) printf(" !DEV"); - if (keyblock->keyblock_flags & VB2_KEY_BLOCK_FLAG_DEVELOPER_1) + if (keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_DEVELOPER_1) printf(" DEV"); - if (keyblock->keyblock_flags & VB2_KEY_BLOCK_FLAG_RECOVERY_0) + if (keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_RECOVERY_0) printf(" !REC"); - if (keyblock->keyblock_flags & VB2_KEY_BLOCK_FLAG_RECOVERY_1) + if (keyblock->keyblock_flags & VB2_KEYBLOCK_FLAG_RECOVERY_1) printf(" REC"); printf("\n"); diff --git a/futility/cmd_vbutil_firmware.c b/futility/cmd_vbutil_firmware.c index b8e9bc63..1c954aef 100644 --- a/futility/cmd_vbutil_firmware.c +++ b/futility/cmd_vbutil_firmware.c @@ -60,7 +60,7 @@ static void print_help(int argc, char *argv[]) "\n" "For '--vblock <file>', required OPTIONS are:\n" "\n" - " --keyblock <file> Key block in .keyblock format\n" + " --keyblock <file> Keyblock in .keyblock format\n" " --signprivate <file>" " Signing private key in .vbprivk format\n" " --version <number> Firmware version\n" @@ -109,10 +109,10 @@ static int do_vblock(const char *outfile, const char *keyblock_file, goto vblock_cleanup; } - /* Read the key block and keys */ + /* Read the keyblock and keys */ keyblock = vb2_read_keyblock(keyblock_file); if (!keyblock) { - FATAL("Error reading key block.\n"); + FATAL("Error reading keyblock.\n"); goto vblock_cleanup; } @@ -230,17 +230,17 @@ static int do_verify(const char *infile, const char *signpubkey, goto verify_cleanup; } - /* Verify key block */ + /* Verify keyblock */ struct vb2_keyblock *keyblock = (struct vb2_keyblock *)blob; if (VB2_SUCCESS != vb2_verify_keyblock(keyblock, blob_size, &sign_key, &wb)) { - FATAL("Error verifying key block.\n"); + FATAL("Error verifying keyblock.\n"); goto verify_cleanup; } now += keyblock->keyblock_size; - printf("Key block:\n"); + printf("Keyblock:\n"); printf(" Size: %d\n", keyblock->keyblock_size); printf(" Flags: %d (ignored)\n", keyblock->keyblock_flags); @@ -327,7 +327,7 @@ static int do_vbutil_firmware(int argc, char *argv[]) { char *filename = NULL; - char *key_block_file = NULL; + char *keyblock_file = NULL; char *signpubkey = NULL; char *signprivate = NULL; uint32_t version = 0; @@ -357,7 +357,7 @@ static int do_vbutil_firmware(int argc, char *argv[]) break; case OPT_KEYBLOCK: - key_block_file = optarg; + keyblock_file = optarg; break; case OPT_SIGNPUBKEY: @@ -401,7 +401,7 @@ static int do_vbutil_firmware(int argc, char *argv[]) switch (mode) { case OPT_MODE_VBLOCK: - return do_vblock(filename, key_block_file, signprivate, version, + return do_vblock(filename, keyblock_file, signprivate, version, fv_file, kernelkey_file, preamble_flags); case OPT_MODE_VERIFY: return do_verify(filename, signpubkey, fv_file, kernelkey_file); diff --git a/futility/cmd_vbutil_kernel.c b/futility/cmd_vbutil_kernel.c index cdcce0b1..125debb4 100644 --- a/futility/cmd_vbutil_kernel.c +++ b/futility/cmd_vbutil_kernel.c @@ -91,7 +91,7 @@ static const char usage[] = "Usage: " MYNAME " %s --pack <file> [PARAMETERS]\n" "\n" " Required parameters:\n" - " --keyblock <file> Key block in .keyblock format\n" + " --keyblock <file> Keyblock in .keyblock format\n" " --signprivate <file> Private key to sign kernel data,\n" " in .vbprivk format\n" " --version <number> Kernel version\n" @@ -115,7 +115,7 @@ static const char usage[] = " (including verfication blob)\n" "\n" " Optional:\n" - " --keyblock <file> Key block in .keyblock format\n" + " --keyblock <file> Keyblock in .keyblock format\n" " --config <file> New command line file\n" " --version <number> Kernel version\n" " --kloadaddr <address> Assign kernel body load address\n" @@ -129,7 +129,7 @@ static const char usage[] = " Public key to verify kernel keyblock,\n" " in .vbpubk format\n" " --verbose Print a more detailed report\n" - " --keyblock <file> Outputs the verified key block,\n" + " --keyblock <file> Outputs the verified keyblock,\n" " in .keyblock format\n" " --pad <number> Verification padding size in bytes\n" " --minversion <number> Minimum combined kernel key version\n" @@ -392,7 +392,7 @@ static int do_vbutil_kernel(int argc, char *argv[]) t_keyblock = (struct vb2_keyblock *)ReadFile(keyblock_file, 0); if (!t_keyblock) - FATAL("Error reading key block.\n"); + FATAL("Error reading keyblock.\n"); if (!signprivkey_file) FATAL("Missing required signprivate file.\n"); @@ -523,7 +523,7 @@ static int do_vbutil_kernel(int argc, char *argv[]) t_keyblock = (struct vb2_keyblock *) ReadFile(keyblock_file, 0); if (!t_keyblock) - FATAL("Error reading key block.\n"); + FATAL("Error reading keyblock.\n"); } /* Reuse previous body size */ diff --git a/futility/cmd_vbutil_keyblock.c b/futility/cmd_vbutil_keyblock.c index d526d553..b81da878 100644 --- a/futility/cmd_vbutil_keyblock.c +++ b/futility/cmd_vbutil_keyblock.c @@ -2,7 +2,7 @@ * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * - * Verified boot key block utility + * Verified boot keyblock utility */ #include <getopt.h> @@ -152,7 +152,7 @@ static int Pack(const char *outfile, const char *datapubkey, free(signing_key); if (VB2_SUCCESS != vb2_write_keyblock(outfile, block)) { - fprintf(stderr, "vbutil_keyblock: Error writing key block.\n"); + fprintf(stderr, "vbutil_keyblock: Error writing keyblock.\n"); return 1; } free(block); @@ -171,7 +171,7 @@ static int Unpack(const char *infile, const char *datapubkey, struct vb2_keyblock *block = vb2_read_keyblock(infile); if (!block) { - fprintf(stderr, "vbutil_keyblock: Error reading key block.\n"); + fprintf(stderr, "vbutil_keyblock: Error reading keyblock.\n"); return 1; } @@ -206,22 +206,22 @@ static int Unpack(const char *infile, const char *datapubkey, vb2_verify_keyblock(block, block->keyblock_size, &key, &wb)) { fprintf(stderr, "vbutil_keyblock:" - " Error verifying key block.\n"); + " Error verifying keyblock.\n"); return 1; } free(sign_key); } - printf("Key block file: %s\n", infile); + printf("Keyblock file: %s\n", infile); printf("Signature %s\n", sign_key ? "valid" : "ignored"); printf("Flags: %u ", block->keyblock_flags); - if (block->keyblock_flags & KEY_BLOCK_FLAG_DEVELOPER_0) + if (block->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_0) printf(" !DEV"); - if (block->keyblock_flags & KEY_BLOCK_FLAG_DEVELOPER_1) + if (block->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_1) printf(" DEV"); - if (block->keyblock_flags & KEY_BLOCK_FLAG_RECOVERY_0) + if (block->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_0) printf(" !REC"); - if (block->keyblock_flags & KEY_BLOCK_FLAG_RECOVERY_1) + if (block->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_1) printf(" REC"); printf("\n"); diff --git a/futility/dump_kernel_config_lib.c b/futility/dump_kernel_config_lib.c index 83800565..2315a0ab 100644 --- a/futility/dump_kernel_config_lib.c +++ b/futility/dump_kernel_config_lib.c @@ -66,7 +66,7 @@ static char *FindKernelConfigFromStream(void *ctx, ReadFullyFn read_fn, uint32_t now = 0; uint32_t offset = 0; - /* Skip the key block */ + /* Skip the keyblock */ if (read_fn(ctx, &keyblock, sizeof(keyblock)) != sizeof(keyblock)) { FATAL("not enough data to fill keyblock header\n"); return NULL; diff --git a/futility/updater.c b/futility/updater.c index d7ac2ab1..18fc339f 100644 --- a/futility/updater.c +++ b/futility/updater.c @@ -1220,7 +1220,7 @@ static const struct vb2_packed_key *get_rootkey( } /* - * Returns a key block key from given image section, or NULL on failure. + * Returns a keyblock key from given image section, or NULL on failure. */ static const struct vb2_keyblock *get_keyblock( const struct firmware_image *image, @@ -1239,8 +1239,8 @@ static const struct vb2_keyblock *get_keyblock( } /* - * Duplicates a key block and returns the duplicated block. - * The caller must free the returned key block after being used. + * Duplicates a keyblock and returns the duplicated block. + * The caller must free the returned keyblock after being used. */ static struct vb2_keyblock *dupe_keyblock(const struct vb2_keyblock *block) { @@ -1283,7 +1283,7 @@ static int verify_keyblock(const struct vb2_keyblock *block, free(new_block); if (r != VB2_SUCCESS) { - ERROR("Failed verifying key block.\n"); + ERROR("Failed verifying keyblock.\n"); return -1; } return 0; @@ -1292,7 +1292,7 @@ static int verify_keyblock(const struct vb2_keyblock *block, /* * Gets the data key and firmware version from a section on firmware image. * The section should contain a vb2_keyblock and a vb2_fw_preamble immediately - * after key block so we can decode and save the data key and firmware version + * after keyblock so we can decode and save the data key and firmware version * into argument `data_key_version` and `firmware_version`. * Returns 0 for success, otherwise failure. */ diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c index 66f0b5dc..a106b5b8 100644 --- a/futility/vb1_helper.c +++ b/futility/vb1_helper.c @@ -521,30 +521,30 @@ int VerifyKernelBlob(uint8_t *kernel_blob, if (VB2_SUCCESS != vb2_verify_keyblock(g_keyblock, g_keyblock->keyblock_size, &pubkey, &wb)) { - fprintf(stderr, "Error verifying key block.\n"); + fprintf(stderr, "Error verifying keyblock.\n"); goto done; } } else if (VB2_SUCCESS != vb2_verify_keyblock_hash(g_keyblock, g_keyblock->keyblock_size, &wb)) { - fprintf(stderr, "Error verifying key block.\n"); + fprintf(stderr, "Error verifying keyblock.\n"); goto done; } - printf("Key block:\n"); + printf("Keyblock:\n"); struct vb2_packed_key *data_key = &g_keyblock->data_key; printf(" Signature: %s\n", signpub_key ? "valid" : "ignored"); printf(" Size: %#x\n", g_keyblock->keyblock_size); printf(" Flags: %u ", g_keyblock->keyblock_flags); - if (g_keyblock->keyblock_flags & KEY_BLOCK_FLAG_DEVELOPER_0) + if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_0) printf(" !DEV"); - if (g_keyblock->keyblock_flags & KEY_BLOCK_FLAG_DEVELOPER_1) + if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_DEVELOPER_1) printf(" DEV"); - if (g_keyblock->keyblock_flags & KEY_BLOCK_FLAG_RECOVERY_0) + if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_0) printf(" !REC"); - if (g_keyblock->keyblock_flags & KEY_BLOCK_FLAG_RECOVERY_1) + if (g_keyblock->keyblock_flags & KEYBLOCK_FLAG_RECOVERY_1) printf(" REC"); printf("\n"); printf(" Data key algorithm: %u %s\n", data_key->algorithm, @@ -557,12 +557,12 @@ int VerifyKernelBlob(uint8_t *kernel_blob, FILE *f = NULL; f = fopen(keyblock_outfile, "wb"); if (!f) { - fprintf(stderr, "Can't open key block file %s: %s\n", + fprintf(stderr, "Can't open keyblock file %s: %s\n", keyblock_outfile, strerror(errno)); goto done; } if (1 != fwrite(g_keyblock, g_keyblock->keyblock_size, 1, f)) { - fprintf(stderr, "Can't write key block file %s: %s\n", + fprintf(stderr, "Can't write keyblock file %s: %s\n", keyblock_outfile, strerror(errno)); fclose(f); goto done; diff --git a/host/lib/host_common.c b/host/lib/host_common.c index 414050f4..68f06265 100644 --- a/host/lib/host_common.c +++ b/host/lib/host_common.c @@ -29,7 +29,7 @@ struct vb2_fw_preamble *vb2_create_fw_preamble( uint32_t block_size = signed_size + vb2_rsa_sig_size(signing_key->sig_alg); - /* Allocate key block */ + /* Allocate keyblock */ struct vb2_fw_preamble *h = (struct vb2_fw_preamble *)calloc(block_size, 1); if (!h) @@ -98,7 +98,7 @@ struct vb2_kernel_preamble *vb2_create_kernel_preamble( if (block_size < desired_size) block_size = desired_size; - /* Allocate key block */ + /* Allocate keyblock */ struct vb2_kernel_preamble *h = (struct vb2_kernel_preamble *)calloc(block_size, 1); if (!h) diff --git a/host/lib/host_keyblock.c b/host/lib/host_keyblock.c index be1aa085..53a382e4 100644 --- a/host/lib/host_keyblock.c +++ b/host/lib/host_keyblock.c @@ -26,7 +26,7 @@ struct vb2_keyblock *vb2_create_keyblock( const struct vb2_private_key *signing_key, uint32_t flags) { - /* Allocate key block */ + /* Allocate keyblock */ uint32_t signed_size = sizeof(struct vb2_keyblock) + data_key->key_size; uint32_t sig_data_size = (signing_key ? vb2_rsa_sig_size(signing_key->sig_alg) : 0); @@ -40,9 +40,9 @@ struct vb2_keyblock *vb2_create_keyblock( uint8_t *block_chk_dest = data_key_dest + data_key->key_size; uint8_t *block_sig_dest = block_chk_dest + VB2_SHA512_DIGEST_SIZE; - memcpy(h->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE); - h->header_version_major = KEY_BLOCK_HEADER_VERSION_MAJOR; - h->header_version_minor = KEY_BLOCK_HEADER_VERSION_MINOR; + memcpy(h->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE); + h->header_version_major = KEYBLOCK_HEADER_VERSION_MAJOR; + h->header_version_minor = KEYBLOCK_HEADER_VERSION_MINOR; h->keyblock_size = block_size; h->keyblock_flags = flags; @@ -99,7 +99,7 @@ struct vb2_keyblock *vb2_create_keyblock_external( uint32_t block_size = signed_size + VB2_SHA512_DIGEST_SIZE + sig_data_size; - /* Allocate key block */ + /* Allocate keyblock */ struct vb2_keyblock *h = (struct vb2_keyblock *)calloc(block_size, 1); if (!h) return NULL; @@ -108,9 +108,9 @@ struct vb2_keyblock *vb2_create_keyblock_external( uint8_t *block_chk_dest = data_key_dest + data_key->key_size; uint8_t *block_sig_dest = block_chk_dest + VB2_SHA512_DIGEST_SIZE; - memcpy(h->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE); - h->header_version_major = KEY_BLOCK_HEADER_VERSION_MAJOR; - h->header_version_minor = KEY_BLOCK_HEADER_VERSION_MINOR; + memcpy(h->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE); + h->header_version_major = KEYBLOCK_HEADER_VERSION_MAJOR; + h->header_version_minor = KEYBLOCK_HEADER_VERSION_MINOR; h->keyblock_size = block_size; h->keyblock_flags = flags; @@ -152,14 +152,14 @@ struct vb2_keyblock *vb2_read_keyblock(const char *filename) uint32_t file_size; if (VB2_SUCCESS != vb2_read_file(filename, (uint8_t **)&block, &file_size)) { - fprintf(stderr, "Error reading key block file: %s\n", filename); + fprintf(stderr, "Error reading keyblock file: %s\n", filename); return NULL; } - /* Verify the hash of the key block, since we can do that without + /* Verify the hash of the keyblock, since we can do that without * the public signing key. */ if (VB2_SUCCESS != vb2_verify_keyblock_hash(block, file_size, &wb)) { - fprintf(stderr, "Invalid key block file: %s\n", filename); + fprintf(stderr, "Invalid keyblock file: %s\n", filename); free(block); return NULL; } diff --git a/scripts/image_signing/make_dev_firmware.sh b/scripts/image_signing/make_dev_firmware.sh index 2140d34b..0db56382 100755 --- a/scripts/image_signing/make_dev_firmware.sh +++ b/scripts/image_signing/make_dev_firmware.sh @@ -316,7 +316,7 @@ main() { vbutil_keyblock --unpack "$firmware_keyblock" | sed -n '/^ *Data key version:/s/.*:[ \t]*//p')" - # TODO(hungte) Change key block by data_key_version. + # TODO(hungte) Change keyblock by data_key_version. if [ "$data_key_version" -gt "$new_data_key_version" ]; then echo "$(tput bold)$(tput setaf 1) Warning: firmware data key version <$new_data_key_version> in your new keys diff --git a/tests/futility/expect_output/show.tests_devkeys_kernel.keyblock b/tests/futility/expect_output/show.tests_devkeys_kernel.keyblock index 69c128e4..6505d91e 100644 --- a/tests/futility/expect_output/show.tests_devkeys_kernel.keyblock +++ b/tests/futility/expect_output/show.tests_devkeys_kernel.keyblock @@ -1,4 +1,4 @@ -Key block: tests/devkeys/kernel.keyblock +Keyblock: tests/devkeys/kernel.keyblock Signature: ignored Size: 0x4b8 Flags: 7 !DEV DEV !REC diff --git a/tests/futility/expect_output/show.tests_futility_data_bios_mario_mp.bin b/tests/futility/expect_output/show.tests_futility_data_bios_mario_mp.bin index 36c9ab8b..60398559 100644 --- a/tests/futility/expect_output/show.tests_futility_data_bios_mario_mp.bin +++ b/tests/futility/expect_output/show.tests_futility_data_bios_mario_mp.bin @@ -27,7 +27,7 @@ Firmware body: Firmware A Data Firmware body: Firmware B Data Offset: 0x00120000 Size: 0x000d0000 -Key block: Firmware A Key +Keyblock: Firmware A Key Signature: valid Size: 0x8b8 Flags: 7 !DEV DEV !REC @@ -44,7 +44,7 @@ Firmware Preamble: Firmware body size: 851968 Preamble flags: 0 Body verification succeeded. -Key block: Firmware B Key +Keyblock: Firmware B Key Signature: valid Size: 0x8b8 Flags: 7 !DEV DEV !REC diff --git a/tests/futility/expect_output/show.tests_futility_data_bios_zgb_mp.bin b/tests/futility/expect_output/show.tests_futility_data_bios_zgb_mp.bin index 5dfa5874..2f9f8073 100644 --- a/tests/futility/expect_output/show.tests_futility_data_bios_zgb_mp.bin +++ b/tests/futility/expect_output/show.tests_futility_data_bios_zgb_mp.bin @@ -27,7 +27,7 @@ Firmware body: FW_MAIN_A Firmware body: FW_MAIN_B Offset: 0x00120000 Size: 0x000dffc0 -Key block: VBLOCK_A +Keyblock: VBLOCK_A Signature: valid Size: 0x8b8 Flags: 6 DEV !REC @@ -44,7 +44,7 @@ Firmware Preamble: Firmware body size: 917440 Preamble flags: 0 Body verification succeeded. -Key block: VBLOCK_B +Keyblock: VBLOCK_B Signature: valid Size: 0x8b8 Flags: 7 !DEV DEV !REC diff --git a/tests/futility/expect_output/show.tests_futility_data_fw_vblock.bin b/tests/futility/expect_output/show.tests_futility_data_fw_vblock.bin index da764fb5..ff25ed7e 100644 --- a/tests/futility/expect_output/show.tests_futility_data_fw_vblock.bin +++ b/tests/futility/expect_output/show.tests_futility_data_fw_vblock.bin @@ -1,4 +1,4 @@ -Key block: tests/futility/data/fw_vblock.bin +Keyblock: tests/futility/data/fw_vblock.bin Signature: ignored Size: 0x8b8 Flags: 7 !DEV DEV !REC diff --git a/tests/futility/expect_output/show.tests_futility_data_kern_preamble.bin b/tests/futility/expect_output/show.tests_futility_data_kern_preamble.bin index 3dba77ff..d1ceb039 100644 --- a/tests/futility/expect_output/show.tests_futility_data_kern_preamble.bin +++ b/tests/futility/expect_output/show.tests_futility_data_kern_preamble.bin @@ -1,5 +1,5 @@ Kernel partition: tests/futility/data/kern_preamble.bin -Key block: +Keyblock: Signature: ignored Size: 0x5b8 Flags: 15 !DEV DEV !REC REC diff --git a/tests/futility/expect_output/vbutil_firmware.verify b/tests/futility/expect_output/vbutil_firmware.verify index 87b35a6a..edc9c654 100644 --- a/tests/futility/expect_output/vbutil_firmware.verify +++ b/tests/futility/expect_output/vbutil_firmware.verify @@ -1,4 +1,4 @@ -Key block: +Keyblock: Size: 2232 Flags: 7 (ignored) Data key algorithm: 7 RSA4096 SHA256 diff --git a/tests/futility/expect_output/vbutil_keyblock.tests_devkeys_kernel.keyblock b/tests/futility/expect_output/vbutil_keyblock.tests_devkeys_kernel.keyblock index b25c7f2c..d55fce3a 100644 --- a/tests/futility/expect_output/vbutil_keyblock.tests_devkeys_kernel.keyblock +++ b/tests/futility/expect_output/vbutil_keyblock.tests_devkeys_kernel.keyblock @@ -1,4 +1,4 @@ -Key block file: tests/devkeys/kernel.keyblock +Keyblock file: tests/devkeys/kernel.keyblock Signature valid Flags: 7 !DEV DEV !REC Data key algorithm: 4 RSA2048 SHA256 diff --git a/tests/gen_fuzz_test_cases.sh b/tests/gen_fuzz_test_cases.sh index 9ca2043f..2b4255de 100755 --- a/tests/gen_fuzz_test_cases.sh +++ b/tests/gen_fuzz_test_cases.sh @@ -23,15 +23,15 @@ TEST_CONFIG_FILE=${TESTCASE_DIR}/testconfig TEST_CONFIG_SIZE=3000 function generate_fuzzing_images { - echo "Generating key blocks..." - # Firmware key block - RSA8192/SHA512 root key, RSA4096/SHA512 firmware + echo "Generating keyblocks..." + # Firmware keyblock - RSA8192/SHA512 root key, RSA4096/SHA512 firmware # signing key. ${FUTILITY} vbutil_keyblock \ --pack ${TESTCASE_DIR}/firmware.keyblock \ --datapubkey ${TESTKEY_DIR}/key_rsa4096.sha512.vbpubk \ --signprivate ${TESTKEY_DIR}/key_rsa8192.sha1.vbprivk - # Kernel key block - RSA4096/SHA512 kernel signing subkey, RSA4096/SHA512 + # Kernel keyblock - RSA4096/SHA512 kernel signing subkey, RSA4096/SHA512 # kernel signing key. ${FUTILITY} vbutil_keyblock \ --pack ${TESTCASE_DIR}/kernel.keyblock \ diff --git a/tests/vb20_common3_tests.c b/tests/vb20_common3_tests.c index e3489e6c..cf74b72d 100644 --- a/tests/vb20_common3_tests.c +++ b/tests/vb20_common3_tests.c @@ -140,7 +140,7 @@ static void test_verify_keyblock(const struct vb2_public_key *public_key, const struct vb2_private_key *private_key, const struct vb2_packed_key *data_key) { - uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES] + uint8_t workbuf[VB2_KEYBLOCK_VERIFY_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; struct vb2_keyblock *hdr; diff --git a/tests/vb20_kernel_tests.c b/tests/vb20_kernel_tests.c index 1beec5fd..90f7e5ff 100644 --- a/tests/vb20_kernel_tests.c +++ b/tests/vb20_kernel_tests.c @@ -109,13 +109,13 @@ static void reset_common_data(enum reset_type t) mock_gbb.recovery_key.key_size = sizeof(mock_gbb.recovery_key_data); kb->keyblock_size = sizeof(mock_vblock.k); - memcpy(kb->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE); + memcpy(kb->magic, KEYBLOCK_MAGIC, KEYBLOCK_MAGIC_SIZE); - kb->keyblock_flags = VB2_KEY_BLOCK_FLAG_DEVELOPER_1 | - VB2_KEY_BLOCK_FLAG_DEVELOPER_0 | - VB2_KEY_BLOCK_FLAG_RECOVERY_1 | VB2_KEY_BLOCK_FLAG_RECOVERY_0; - kb->header_version_major = KEY_BLOCK_HEADER_VERSION_MAJOR; - kb->header_version_minor = KEY_BLOCK_HEADER_VERSION_MINOR; + kb->keyblock_flags = VB2_KEYBLOCK_FLAG_DEVELOPER_1 | + VB2_KEYBLOCK_FLAG_DEVELOPER_0 | + VB2_KEYBLOCK_FLAG_RECOVERY_1 | VB2_KEYBLOCK_FLAG_RECOVERY_0; + kb->header_version_major = KEYBLOCK_HEADER_VERSION_MAJOR; + kb->header_version_minor = KEYBLOCK_HEADER_VERSION_MINOR; kb->data_key.algorithm = 7; kb->data_key.key_version = 2; kb->data_key.key_offset = @@ -322,35 +322,35 @@ static void load_kernel_keyblock_tests(void) /* Test keyblock flags matching mode */ reset_common_data(FOR_KEYBLOCK); - kb->keyblock_flags &= ~VB2_KEY_BLOCK_FLAG_DEVELOPER_0; + kb->keyblock_flags &= ~VB2_KEYBLOCK_FLAG_DEVELOPER_0; TEST_EQ(vb2_load_kernel_keyblock(&ctx), VB2_ERROR_KERNEL_KEYBLOCK_DEV_FLAG, "Kernel keyblock dev only"); reset_common_data(FOR_KEYBLOCK); - kb->keyblock_flags &= ~VB2_KEY_BLOCK_FLAG_RECOVERY_0; + kb->keyblock_flags &= ~VB2_KEYBLOCK_FLAG_RECOVERY_0; TEST_EQ(vb2_load_kernel_keyblock(&ctx), VB2_ERROR_KERNEL_KEYBLOCK_REC_FLAG, "Kernel keyblock rec only"); reset_common_data(FOR_KEYBLOCK); - kb->keyblock_flags &= ~VB2_KEY_BLOCK_FLAG_RECOVERY_1; + kb->keyblock_flags &= ~VB2_KEYBLOCK_FLAG_RECOVERY_1; ctx.flags |= VB2_CONTEXT_RECOVERY_MODE; TEST_EQ(vb2_load_kernel_keyblock(&ctx), VB2_ERROR_KERNEL_KEYBLOCK_REC_FLAG, "Kernel keyblock not rec"); reset_common_data(FOR_KEYBLOCK); - kb->keyblock_flags &= ~VB2_KEY_BLOCK_FLAG_DEVELOPER_0; - kb->keyblock_flags &= ~VB2_KEY_BLOCK_FLAG_RECOVERY_0; + kb->keyblock_flags &= ~VB2_KEYBLOCK_FLAG_DEVELOPER_0; + kb->keyblock_flags &= ~VB2_KEYBLOCK_FLAG_RECOVERY_0; ctx.flags |= VB2_CONTEXT_RECOVERY_MODE; TEST_EQ(vb2_load_kernel_keyblock(&ctx), VB2_ERROR_KERNEL_KEYBLOCK_DEV_FLAG, "Kernel keyblock rec but not dev+rec"); reset_common_data(FOR_KEYBLOCK); - kb->keyblock_flags &= ~VB2_KEY_BLOCK_FLAG_DEVELOPER_0; - kb->keyblock_flags &= ~VB2_KEY_BLOCK_FLAG_RECOVERY_0; + kb->keyblock_flags &= ~VB2_KEYBLOCK_FLAG_DEVELOPER_0; + kb->keyblock_flags &= ~VB2_KEYBLOCK_FLAG_RECOVERY_0; ctx.flags |= VB2_CONTEXT_DEVELOPER_MODE | VB2_CONTEXT_RECOVERY_MODE; TEST_SUCC(vb2_load_kernel_keyblock(&ctx), "Kernel keyblock flags dev+rec"); diff --git a/tests/vb21_common_tests.c b/tests/vb21_common_tests.c index 16f8318f..797c934a 100644 --- a/tests/vb21_common_tests.c +++ b/tests/vb21_common_tests.c @@ -259,7 +259,7 @@ static void test_verify_keyblock(void) uint32_t buf_size; uint8_t *buf, *buf2; - uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES] + uint8_t workbuf[VB2_KEYBLOCK_VERIFY_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; diff --git a/tests/vb21_host_keyblock_tests.c b/tests/vb21_host_keyblock_tests.c index 069157b9..451e3d3e 100644 --- a/tests/vb21_host_keyblock_tests.c +++ b/tests/vb21_host_keyblock_tests.c @@ -28,7 +28,7 @@ static void keyblock_tests(const char *keys_dir) char fname[1024]; const char test_desc[] = "Test keyblock"; - uint8_t workbuf[VB2_KEY_BLOCK_VERIFY_WORKBUF_BYTES] + uint8_t workbuf[VB2_KEYBLOCK_VERIFY_WORKBUF_BYTES] __attribute__ ((aligned (VB2_WORKBUF_ALIGN))); struct vb2_workbuf wb; diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c index 9c80eed7..33705f2c 100644 --- a/tests/vboot_kernel_tests.c +++ b/tests/vboot_kernel_tests.c @@ -50,7 +50,7 @@ static uint8_t kernel_buffer[80000]; static int disk_read_to_fail; static int disk_write_to_fail; static int gpt_init_fail; -static int key_block_verify_fail; /* 0=ok, 1=sig, 2=hash */ +static int keyblock_verify_fail; /* 0=ok, 1=sig, 2=hash */ static int preamble_verify_fail; static int verify_data_fail; static int unpack_key_fail; @@ -127,7 +127,7 @@ static void ResetMocks(void) disk_write_to_fail = -1; gpt_init_fail = 0; - key_block_verify_fail = 0; + keyblock_verify_fail = 0; preamble_verify_fail = 0; verify_data_fail = 0; unpack_key_fail = 0; @@ -153,12 +153,12 @@ static void ResetMocks(void) memset(&kbh, 0, sizeof(kbh)); kbh.data_key.key_version = 2; - kbh.key_block_flags = -1; - kbh.key_block_size = sizeof(kbh); + kbh.keyblock_flags = -1; + kbh.keyblock_size = sizeof(kbh); memset(&kph, 0, sizeof(kph)); kph.kernel_version = 1; - kph.preamble_size = 4096 - kbh.key_block_size; + kph.preamble_size = 4096 - kbh.keyblock_size; kph.body_signature.data_size = 70144; kph.bootloader_address = 0xbeadd008; kph.bootloader_size = 0x1234; @@ -284,10 +284,10 @@ vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size, const struct vb2_public_key *key, const struct vb2_workbuf *wb) { - if (key_block_verify_fail >= 1) + if (keyblock_verify_fail >= 1) return VB2_ERROR_MOCK; - /* Use this as an opportunity to override the key block */ + /* Use this as an opportunity to override the keyblock */ memcpy((void *)block, &kbh, sizeof(kbh)); return VB2_SUCCESS; } @@ -296,10 +296,10 @@ vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block, uint32_t size, const struct vb2_workbuf *wb) { - if (key_block_verify_fail >= 2) + if (keyblock_verify_fail >= 2) return VB2_ERROR_MOCK; - /* Use this as an opportunity to override the key block */ + /* Use this as an opportunity to override the keyblock */ memcpy((void *)block, &kbh, sizeof(kbh)); return VB2_SUCCESS; } @@ -650,76 +650,76 @@ static void LoadKernelTest(void) "Fail reading kernel start"); ResetMocks(); - key_block_verify_fail = 1; - TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, "Fail key block sig"); + keyblock_verify_fail = 1; + TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, "Fail keyblock sig"); /* In dev mode, fail if hash is bad too */ ResetMocks(); ctx.flags |= VB2_CONTEXT_DEVELOPER_MODE; - key_block_verify_fail = 2; - TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, "Fail key block dev hash"); + keyblock_verify_fail = 2; + TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, "Fail keyblock dev hash"); /* But just bad sig is ok */ ResetMocks(); ctx.flags |= VB2_CONTEXT_DEVELOPER_MODE; - key_block_verify_fail = 1; - TestLoadKernel(0, "Succeed key block dev sig"); + keyblock_verify_fail = 1; + TestLoadKernel(0, "Succeed keyblock dev sig"); /* In dev mode and requiring signed kernel, fail if sig is bad */ ResetMocks(); ctx.flags |= VB2_CONTEXT_DEVELOPER_MODE; vb2_nv_set(&ctx, VB2_NV_DEV_BOOT_SIGNED_ONLY, 1); - key_block_verify_fail = 1; - TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, "Fail key block dev sig"); + keyblock_verify_fail = 1; + TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, "Fail keyblock dev sig"); ResetMocks(); ctx.flags |= VB2_CONTEXT_DEVELOPER_MODE; lkp.fwmp = &fwmp; fwmp.flags |= FWMP_DEV_ENABLE_OFFICIAL_ONLY; - key_block_verify_fail = 1; + keyblock_verify_fail = 1; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, - "Fail key block dev sig fwmp"); + "Fail keyblock dev sig fwmp"); - /* Check key block flag mismatches */ + /* Check keyblock flag mismatches */ ResetMocks(); - kbh.key_block_flags = - KEY_BLOCK_FLAG_RECOVERY_0 | KEY_BLOCK_FLAG_DEVELOPER_1; + kbh.keyblock_flags = + KEYBLOCK_FLAG_RECOVERY_0 | KEYBLOCK_FLAG_DEVELOPER_1; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, - "Key block dev flag mismatch"); + "Keyblock dev flag mismatch"); ResetMocks(); - kbh.key_block_flags = - KEY_BLOCK_FLAG_RECOVERY_1 | KEY_BLOCK_FLAG_DEVELOPER_0; + kbh.keyblock_flags = + KEYBLOCK_FLAG_RECOVERY_1 | KEYBLOCK_FLAG_DEVELOPER_0; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, - "Key block rec flag mismatch"); + "Keyblock rec flag mismatch"); ResetMocks(); ctx.flags |= VB2_CONTEXT_RECOVERY_MODE; - kbh.key_block_flags = - KEY_BLOCK_FLAG_RECOVERY_1 | KEY_BLOCK_FLAG_DEVELOPER_1; + kbh.keyblock_flags = + KEYBLOCK_FLAG_RECOVERY_1 | KEYBLOCK_FLAG_DEVELOPER_1; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, - "Key block recdev flag mismatch"); + "Keyblock recdev flag mismatch"); ResetMocks(); ctx.flags |= VB2_CONTEXT_RECOVERY_MODE | VB2_CONTEXT_DEVELOPER_MODE; - kbh.key_block_flags = - KEY_BLOCK_FLAG_RECOVERY_1 | KEY_BLOCK_FLAG_DEVELOPER_0; + kbh.keyblock_flags = + KEYBLOCK_FLAG_RECOVERY_1 | KEYBLOCK_FLAG_DEVELOPER_0; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, - "Key block rec!dev flag mismatch"); + "Keyblock rec!dev flag mismatch"); ResetMocks(); kbh.data_key.key_version = 1; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, - "Key block kernel key rollback"); + "Keyblock kernel key rollback"); ResetMocks(); kbh.data_key.key_version = 0x10000; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, - "Key block kernel key version too big"); + "Keyblock kernel key version too big"); ResetMocks(); kbh.data_key.key_version = 3; - TestLoadKernel(0, "Key block version roll forward"); + TestLoadKernel(0, "Keyblock version roll forward"); TEST_EQ(shared->kernel_version_tpm, 0x30001, " shared version"); ResetMocks(); @@ -769,14 +769,14 @@ static void LoadKernelTest(void) fwmp.flags |= FWMP_DEV_USE_KEY_HASH; fwmp.dev_key_hash[0]++; TestLoadKernel(VBERROR_INVALID_KERNEL_FOUND, - "Fail key block dev fwmp hash"); + "Fail keyblock dev fwmp hash"); /* Check developer key hash - good */ ResetMocks(); ctx.flags |= VB2_CONTEXT_DEVELOPER_MODE; lkp.fwmp = &fwmp; fwmp.flags |= FWMP_DEV_USE_KEY_HASH; - TestLoadKernel(0, "Good key block dev fwmp hash"); + TestLoadKernel(0, "Good keyblock dev fwmp hash"); ResetMocks(); kph.preamble_size |= 0x07; diff --git a/utility/crossystem.c b/utility/crossystem.c index 946e587b..0fb01ad3 100644 --- a/utility/crossystem.c +++ b/utility/crossystem.c @@ -68,7 +68,7 @@ const Param sys_param_list[] = { {"kern_nv", 0, "Non-volatile field for kernel use", "0x%04x"}, {"kernel_max_rollforward", CAN_WRITE, "Max kernel version to store into TPM", "0x%08x"}, - {"kernkey_vfy", IS_STRING, "Type of verification done on kernel key block"}, + {"kernkey_vfy", IS_STRING, "Type of verification done on kernel keyblock"}, {"loc_idx", CAN_WRITE, "Localization index for firmware screens"}, {"mainfw_act", IS_STRING, "Active main firmware"}, {"mainfw_type", IS_STRING, "Active main firmware type"}, |