diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2015-04-07 17:07:33 -0700 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-04-10 05:48:00 +0000 |
| commit | c1a96b0f42673494a4378876e03c394c30b75a83 (patch) | |
| tree | 20c5fed94d3e2e20e0aff42a1df28d8368688a09 | |
| parent | ccca6669d3c8c43cac00205b04fa167f219f2cae (diff) | |
| download | vboot-c1a96b0f42673494a4378876e03c394c30b75a83.tar.gz | |
Report if firmware is signed by developer key
Recent experience shows that users often get confused and try running
pre-mp signed images under dev firmware control and vice versa. The
matters are further aggravated by the fact that the signage mismatch
is allowed when the device is in dev mode and not in normal mode.
While the users usually can tell what class of keys the Chrome OS
image is signed with, it is much mode difficult to tell what keys the
firmware was signed with.
This patch, reports in the log if the firmware was signed with dev
keys, by comparing the hash calculated over the packed root public key
body with a precompiled value.
A test tweak was required to avoid using uninitialized data.
BRANCH=none
BUG=none
TEST=booted the new code on storm, observed the following message
included in the log:
VB2:vb2_report_key_class() This is developer signed firmware
- verified that 'make run2tests' succeeds in chroot
Change-Id: I97ed6ba384cee59ff3f42943630e92ebae10dd03
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/264469
Reviewed-by: Randall Spangler <rspangler@chromium.org>
| -rw-r--r-- | firmware/lib20/misc.c | 45 | ||||
| -rw-r--r-- | tests/vb20_misc_tests.c | 2 |
2 files changed, 47 insertions, 0 deletions
diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c index a446022d..0e61e858 100644 --- a/firmware/lib20/misc.c +++ b/firmware/lib20/misc.c @@ -14,6 +14,50 @@ #include "2rsa.h" #include "vb2_common.h" +/* + * The blob below is the sha1 digest calculated over the packed developer + * root public key structure. + */ + +static const uint8_t dev_key_digest[] = { + 0xb1, 0x1d, 0x74, 0xed, 0xd2, 0x86, 0xc1, 0x44, + 0xe1, 0x13, 0x5b, 0x49, 0xe7, 0xf0, 0xbc, 0x20, + 0xcf, 0x04, 0x1f, 0x10, +}; + +static void vb2_report_dev_firmware(struct vb2_public_key *root) +{ + struct vb2_digest_context dc; + uint8_t digest[sizeof(dev_key_digest)]; + int size = root->arrsize * 4; + + if (!root->arrsize) + return; /* Must be a test run. */ + + if (vb2_digest_init(&dc, VB2_HASH_SHA1) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)&root->arrsize, + sizeof(root->arrsize)) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)&root->n0inv, + sizeof(root->n0inv)) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)root->n, size) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)root->rr, size) != VB2_SUCCESS) + return; + + if (vb2_digest_finalize(&dc, digest, sizeof(digest)) != VB2_SUCCESS) + return; + + if (!memcmp(digest, dev_key_digest, sizeof(dev_key_digest))) + VB2_DEBUG("This is developer signed firmware\n"); +} + int vb2_load_fw_keyblock(struct vb2_context *ctx) { struct vb2_shared_data *sd = vb2_get_sd(ctx); @@ -89,6 +133,7 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx) return rv; } + vb2_report_dev_firmware(&root_key); sd->fw_version = kb->data_key.key_version << 16; /* diff --git a/tests/vb20_misc_tests.c b/tests/vb20_misc_tests.c index 65ceea97..8021888c 100644 --- a/tests/vb20_misc_tests.c +++ b/tests/vb20_misc_tests.c @@ -12,6 +12,7 @@ #include "2common.h" #include "2misc.h" #include "2nvstorage.h" +#include "2rsa.h" #include "2secdata.h" #include "vb2_common.h" #include "test_common.h" @@ -149,6 +150,7 @@ int vb2_unpack_key(struct vb2_public_key *key, const uint8_t *buf, uint32_t size) { + key->arrsize = 0; return mock_unpack_key_retval; } |