diff options
author | David Riley <davidriley@chromium.org> | 2018-11-06 15:10:34 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-03-21 03:31:42 -0700 |
commit | c4daa6e936a5dc2dad28bb1e07af995c05b37a99 (patch) | |
tree | 8c8d66858554b03fcb5e111b9a53e668ec88a16b | |
parent | d728c3c9a9154893b52e5053387f3625d1132b57 (diff) | |
download | vboot-c4daa6e936a5dc2dad28bb1e07af995c05b37a99.tar.gz |
image_signing: Verify cr50 signing manifest compliance
When signing Cr50 images, Board ID flags and major version number
fields of the manifest must follow the following convention:
- even major version numbers indicate pre-pvt branch, Board ID flag
bit 0x10 must be set;
- odd major version numbers indicate mp branch, Board ID flag bit
0x10000 must be set;
BRANCH=none
BUG=b:74100307
TEST=extracted pre-pvt branch produced Cr50 tarball into /tmp/cr50.cp,
and ran the following command:
scripts/image_signing/sign_cr50_firmware.sh /tmp/cr50.cp tests/devkeys \
signed
observed successful completion. Modified
/tmp/cr50.cp/ec_RW-manifest-prod.json to set major version number
to 3 instead of 4 and tried again, got the following error, as
expected:
sign_cr50_firmware.sh: ERROR : Inconsistent manifest \
/tmp/cr50.cp/ec_RW-manifest-prod.json: major = "3", board_id_flags = "16"
Change-Id: Ic123df4396d7d497347de40a5ff448940c0b1982
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1321410
Reviewed-by: David Riley <davidriley@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
-rwxr-xr-x | scripts/image_signing/sign_cr50_firmware.sh | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/scripts/image_signing/sign_cr50_firmware.sh b/scripts/image_signing/sign_cr50_firmware.sh index ae61cee5..b39babac 100755 --- a/scripts/image_signing/sign_cr50_firmware.sh +++ b/scripts/image_signing/sign_cr50_firmware.sh @@ -23,6 +23,41 @@ eval set -- "${FLAGS_ARGV}" set -e set -u +PRE_PVT_BID_FLAG=0x10 +MP_BID_FLAG=0x10000 +# This function accepts one argument, the name of the Cr50 manifest file which +# needs to be verified. +# +# The function verifies that the manifest is a proper json file, and that the +# manifest conforms to Cr50 version numbering and board ID flags convention: +# when signing pre-pvt images (major version number is even) the 0x10 flags +# bit must be set. When signing mp images (major version number is odd), the +# 0x10000 flags bit must be set. +verify_cr50_manifest() { + if [[ $# -ne 1 ]]; then + die "Usage: verify_cr50_manifest <manifest .json file>" + fi + + local manifest_json="$1" + local major + local bid_flags + + major="$(jq '.major' "${manifest_json}")" + bid_flags="$(jq '.board_id_flags' "${manifest_json}")" + + if (( major & 1 )); then + if (( bid_flags & MP_BID_FLAG )); then + return 0 + fi + else + if (( bid_flags & PRE_PVT_BID_FLAG )); then + return 0 + fi + fi + die "Inconsistent manifest ${manifest_source}: major = '${major}'," \ + "board_id_flags = '${bid_flags}'" +} + # This function accepts two arguments, names of two binary files. # # It searches the first passed-in file for the first 8 bytes of the second @@ -243,6 +278,8 @@ sign_cr50_firmware() { die "failed to convert ${manifest_source} into valid json" fi + verify_cr50_manifest "${manifest_file}" + dd if=/dev/zero bs="${IMAGE_SIZE}" count=1 status=none | tr '\000' '\377' > "${output_file}" if [[ "$(stat -c '%s' "${output_file}")" != "${IMAGE_SIZE}" ]]; then |