diff options
author | Randall Spangler <rspangler@chromium.org> | 2015-05-20 17:22:17 -0700 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-05-22 01:22:04 +0000 |
commit | 3d5cd88f90ca38e7b2736bb1569c50049e710453 (patch) | |
tree | 691881177554996b0a9dd51c00976b69491e2600 /firmware/2lib/include | |
parent | b87d1ec11813e0f75dafd15fa0a309b506208bc6 (diff) | |
download | vboot-3d5cd88f90ca38e7b2736bb1569c50049e710453.tar.gz |
vboot2: Add routines to load and verify kernel keyblock
These are slightly more complex than the firmware versions, because
they need to deal with developer-signed keyblocks and keyblock flags.
BUG=chromium:487699
BRANCH=none
TEST=make -j runtests
Change-Id: I682c14ddfe729984f2629dfbe66750e5cd5ab75e
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/272541
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Diffstat (limited to 'firmware/2lib/include')
-rw-r--r-- | firmware/2lib/include/2api.h | 16 | ||||
-rw-r--r-- | firmware/2lib/include/2misc.h | 10 | ||||
-rw-r--r-- | firmware/2lib/include/2return_codes.h | 21 | ||||
-rw-r--r-- | firmware/2lib/include/2struct.h | 42 |
4 files changed, 86 insertions, 3 deletions
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 0b436842..1341528b 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -177,17 +177,27 @@ struct vb2_context { uint8_t secdatak[VB2_SECDATAK_SIZE]; }; +/* Resource index for vb2ex_read_resource() */ enum vb2_resource_index { /* Google binary block */ VB2_RES_GBB, /* - * Verified boot block (keyblock+preamble). Use VB2_CONTEXT_FW_SLOT_B - * to determine whether this refers to slot A or slot B; vboot will - * set that flag to the proper state before reading the vblock. + * Firmware verified boot block (keyblock+preamble). Use + * VB2_CONTEXT_FW_SLOT_B to determine whether this refers to slot A or + * slot B; vboot will set that flag to the proper state before reading + * the vblock. */ VB2_RES_FW_VBLOCK, + + /* + * Kernel verified boot block (keyblock+preamble) for the current + * kernel partition. Used only by vb2api_kernel_load_vblock(). + * Contents are allowed to change between calls to that function (to + * allow multiple kernels to be examined). + */ + VB2_RES_KERNEL_VBLOCK, }; /* Digest ID for vbapi_get_pcr_digest() */ diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index 1eccde9b..34d6fb82 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -141,4 +141,14 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx); */ int vb2_load_fw_preamble(struct vb2_context *ctx); +/** + * Verify the kernel keyblock using the previously-loaded kernel key. + * + * After this call, the data key is stored in the work buffer. + * + * @param ctx Vboot context + * @return VB2_SUCCESS, or error code on error. + */ +int vb2_load_kernel_keyblock(struct vb2_context *ctx); + #endif /* VBOOT_REFERENCE_VBOOT_2MISC_H_ */ diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 671e3d27..d05cd58b 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -406,6 +406,27 @@ enum vb2_return_code { /* Not enough space in work buffer for resource object */ VB2_ERROR_READ_RESOURCE_OBJECT_BUF, + /* Work buffer too small for header in vb2_load_kernel_keyblock() */ + VB2_ERROR_KERNEL_KEYBLOCK_WORKBUF_HEADER, + + /* Work buffer too small for keyblock in vb2_load_kernel_keyblock() */ + VB2_ERROR_KERNEL_KEYBLOCK_WORKBUF, + + /* Keyblock version out of range in vb2_load_kernel_keyblock() */ + VB2_ERROR_KERNEL_KEYBLOCK_VERSION_RANGE, + + /* Keyblock version rollback in vb2_load_kernel_keyblock() */ + VB2_ERROR_KERNEL_KEYBLOCK_VERSION_ROLLBACK, + + /* + * Keyblock flags don't match current mode in + * vb2_load_kernel_keyblock(). + */ + VB2_ERROR_KERNEL_KEYBLOCK_DEV_FLAG, + VB2_ERROR_KERNEL_KEYBLOCK_REC_FLAG, + + + /********************************************************************** * API-level errors */ diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index aa820b70..ca05dfca 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -31,12 +31,16 @@ enum vb2_shared_data_flags { VB2_SD_FLAG_MANUAL_RECOVERY = (1 << 0), /* Developer mode is enabled */ + /* TODO: should have been VB2_SD_FLAG_DEV_MODE_ENABLED */ VB2_SD_DEV_MODE_ENABLED = (1 << 1), /* * TODO: might be nice to add flags for why dev mode is enabled - via * gbb, virtual dev switch, or forced on for testing. */ + + /* Kernel keyblock was verified by signature (not just hash) */ + VB2_SD_FLAG_KERNEL_SIGNED = (1 << 2), }; /* Flags for vb2_shared_data.status */ @@ -101,6 +105,25 @@ struct vb2_shared_data { uint32_t status; /********************************************************************** + * Data from kernel verification stage. + * + * TODO: shouldn't be part of the main struct, since that needlessly + * uses more memory during firmware verification. + */ + + /* + * Version for the current kernel (top 16 bits = key, lower 16 bits = + * kernel preamble). + * + * TODO: Make this a union to allow getting/setting those versions + * separately? + */ + uint32_t kernel_version; + + /* Kernel version from secdatak (must be <= kernel_version to boot) */ + uint32_t kernel_version_secdatak; + + /********************************************************************** * Temporary variables used during firmware verification. These don't * really need to persist through to the OS, but there's nowhere else * we can put them. @@ -151,6 +174,25 @@ struct vb2_shared_data { /* Amount of data we still expect to hash */ uint32_t hash_remaining_size; + /********************************************************************** + * Temporary variables used during kernel verification. These don't + * really need to persist through to the OS, but there's nowhere else + * we can put them. + * + * TODO: make a union with the firmware verification temp variables, + * or make both of them workbuf-allocated sub-structs, so that we can + * overlap them so kernel variables don't bloat firmware verification + * stage memory requirements. + */ + + /* + * Offset and size of packed kernel key in work buffer. Size is 0 if + * subkey is not stored in the work buffer. Note that kernel key may + * be inside the firmware preamble. + */ + uint32_t workbuf_kernel_key_offset; + uint32_t workbuf_kernel_key_size; + } __attribute__((packed)); /****************************************************************************/ |