diff options
| author | Bill Richardson <wfrichar@chromium.org> | 2014-09-03 14:20:10 -0700 |
|---|---|---|
| committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-09-05 09:58:45 +0000 |
| commit | e051975c900caf43046a97cda682629915c62c7e (patch) | |
| tree | 1dc878a7cc14c2a61b6bc56d4545a9ee0ca06bc6 /futility | |
| parent | 2e25e813419f2cd437164929543e452b28b89260 (diff) | |
| download | vboot-e051975c900caf43046a97cda682629915c62c7e.tar.gz | |
futility: sign command works on unsigned images
This allows the sign command to work on BIOS images with
invalid VBLOCK areas. When re-signing an existing image, the
length of the firmware body is part of the firmware preamble
in the VBLOCK areas. If those are invalid, the BIOS can
still be signed, but it will have to sign the entire FW_MAIN
area. That's a little slower to verify, so we'd prefer not
to do that, but it works.
BUG=chromium:224734
BRANCH=ToT
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: If58b5c86c5df12f004eabff72c22bfb1e84de7fd
Reviewed-on: https://chromium-review.googlesource.com/216229
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'futility')
| -rw-r--r-- | futility/cmd_sign.c | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c index 41f3d9f7..3a65b22e 100644 --- a/futility/cmd_sign.c +++ b/futility/cmd_sign.c @@ -76,21 +76,37 @@ int futil_cb_sign_fw_main(struct futil_traverse_state_s *state) int futil_cb_sign_fw_preamble(struct futil_traverse_state_s *state) { VbKeyBlockHeader *key_block = (VbKeyBlockHeader *)state->my_area->buf; - struct cb_area_s *fw_body_area = 0; + uint32_t len = state->my_area->len; /* We don't (yet) handle standalone VBLOCKs */ if (state->component == CB_FW_PREAMBLE) return futil_cb_sign_notyet(state); + /* - * We've already checked the Keyblock hash and taken a look at the - * preamble or we wouldn't be here. + * If we have a valid keyblock and fw_preamble, then we can use them to + * determine the size of the firmware body. Otherwise, we'll have to + * just sign the whole region. */ + if (VBOOT_SUCCESS != KeyBlockVerify(key_block, len, NULL, 1)) { + fprintf(stderr, "Warning: %s keyblock is invalid. " + "Signing the entire FW FMAP region...\n", + state->name); + goto whatever; + } + RSAPublicKey *rsa = PublicKeyToRSA(&key_block->data_key); + if (!rsa) { + fprintf(stderr, "Warning: %s public key is invalid. " + "Signing the entire FW FMAP region...\n", + state->name); + goto whatever; + } uint32_t more = key_block->key_block_size; VbFirmwarePreambleHeader *preamble = (VbFirmwarePreambleHeader *)(state->my_area->buf + more); uint32_t fw_size = preamble->body_signature.data_size; + struct cb_area_s *fw_body_area = 0; switch (state->component) { case CB_FMAP_VBLOCK_A: @@ -111,8 +127,11 @@ int futil_cb_sign_fw_preamble(struct futil_traverse_state_s *state) } /* Update the firmware size */ + fprintf(stderr, "HEY: set FW size from %d to %d\n", + fw_body_area->len, fw_size); fw_body_area->len = fw_size; +whatever: state->my_area->_flags |= AREA_IS_VALID; return 0; |