diff options
author | Gaurav Shah <gauravsh@google.com> | 2010-03-03 13:15:53 -0800 |
---|---|---|
committer | Gaurav Shah <gauravsh@google.com> | 2010-03-03 13:15:53 -0800 |
commit | 56c9f4dfa7cd00c8bd87da3813360f73f6df9546 (patch) | |
tree | c9a762ee48786c89c37f91090b22f8cbe2618662 /README | |
parent | f5564fa98c7e37b6644b92993894ebbe56306f4c (diff) | |
download | vboot-56c9f4dfa7cd00c8bd87da3813360f73f6df9546.tar.gz |
Add a README and turn-on optimizations.
Review URL: http://codereview.chromium.org/665009
Diffstat (limited to 'README')
-rw-r--r-- | README | 58 |
1 files changed, 58 insertions, 0 deletions
@@ -0,0 +1,58 @@ +This directory contains a reference implementation for Chrome OS +verified boot in firmware. + +---------- +Directory Structure +---------- + +include/ - Contains all the code headers. firmware_image.h and +kernel_image.h contains the structures that represent a verified boot +firmware and kernel image. Note that the + +crypto/ - Contains the implementation for the crypto library. This +includes implementations for SHA1, SHA256, SHA512, and RSA signature +verification (for PKCS #1 v1.5 signatures). + +common/ - Contains some utility functions and stub implementations for +certain wrapper functions used in the verification code. Some of these +(for example Free(), Malloc()) will need to be replaced with +appropriate firmware-land equivalent. + +utils/ - This contains the implementation of kernel and firmware image +verification (see firmware_image.c and kernel_image.c) and some +utilities (e.g. firmware_utility - for generating verified boot +firmware images). + +tests/ - User-land tests and benchmarks that test the reference +implementation. Please have a look at these if you'd like to +understand how to use the reference implementation. + + +---------- +Some useful utilities: +---------- + +firmware_utility.c To generate verified boot firmware images. + +dumpRSAPublicKey.c Dump RSA Public key (from a DER-encoded X509 + certificate) in a format suitable for + use by RSAVerify* functions in + crypto/. + +verify_data.c Verify a given signature on a given file. + + +---------- +Here's what is required for a minimal verified boot implementation +---------- + +1) Crypto implementation from crypto/. The verified boot code should +use the wrappers from rsa_utility.h and sha_utility.h - RSAVerify_f() +and Digest*() functions. + +2) Verified Firmware and Kernel image verification functions - only +functions that work on binary blobs (VerifyFirmware() and +VerifyKernel()) are required. The functions that work on Firmware and +Kernel images (e.g. VerifyFirmwareImage()) are only useful for +user-land utilities that manipulate signed firmware and kernel images. + |