kernel flags: Add flags field to kernel preamble.

1. Increase kernel preamble revision from 2.1 to 2.2. 2. Add flags field to kernel preamble. 3. Update futility to accept flags parameter for vbutil_kernel and cmd_sign for kernel. 4. Pass in an extra flags field to SignKernelBlob and CreateKernelPreamble. BUG=chrome-os-partner:35861 BRANCH=None TEST=1) "make runalltests" completes successfully. 2) vboot_reference compiles successfully for ryu. 3) Verified flags field in header using futility show. Change-Id: If9f06f98778a7339194c77090cbef4807d5e34e2 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/245950 Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
author: Furquan Shaikh <furquan@google.com> 2015-02-03 15:34:29 -0800
committer: ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> 2015-02-12 04:40:35 +0000
commit: 80e779d50b52cd97c9d5896a3b75fa8118ee488f (patch)
tree: 18417a40d0f494546b6cc8b35cbd47938451facc /futility
parent: 623d6c4744ed92b53ac929edd94de22c61a93daf (diff)
download: vboot-80e779d50b52cd97c9d5896a3b75fa8118ee488f.tar.gz
5 files changed, 46 insertions, 7 deletions
diff --git a/futility/cmd_show.c b/futility/cmd_show.c
index dc7c8141..b6c2574a 100644
--- a/futility/cmd_show.c
+++ b/futility/cmd_show.c
@@ -419,6 +419,7 @@ int futil_cb_show_kernel_preamble(struct futil_traverse_state_s *state)
 	int retval = 0;
 	uint64_t vmlinuz_header_size = 0;
 	uint64_t vmlinuz_header_address = 0;
+	uint32_t flags = 0;
 
 	/* Check the hash... */
 	if (VBOOT_SUCCESS != KeyBlockVerify(key_block, len, NULL, 1)) {
@@ -483,6 +484,10 @@ int futil_cb_show_kernel_preamble(struct futil_traverse_state_s *state)
 		       vmlinuz_header_size);
 	}
 
+	if (VbKernelHasFlags(preamble) == VBOOT_SUCCESS)
+		flags = preamble->flags;
+	printf("  Flags:                 0x%" PRIx32 "\n", flags);
+
 	/* Verify kernel body */
 	if (option.fv) {
 		/* It's in a separate file, which we've already read in */
diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c
index a960abd6..2d247bcd 100644
--- a/futility/cmd_sign.c
+++ b/futility/cmd_sign.c
@@ -219,7 +219,7 @@ int futil_cb_create_kernel_part(struct futil_traverse_state_s *state)
 	vblock_data = SignKernelBlob(kblob_data, kblob_size, option.padding,
 				     option.version, option.kloadaddr,
 				     option.keyblock, option.signprivate,
-				     &vblock_size);
+				     option.flags, &vblock_size);
 	if (!vblock_data) {
 		fprintf(stderr, "Unable to sign kernel blob\n");
 		free(kblob_data);
@@ -288,6 +288,12 @@ int futil_cb_resign_kernel_part(struct futil_traverse_state_s *state)
 	if (!option.version_specified)
 		option.version = preamble->kernel_version;
 
+	/* Preserve the flags if not specified */
+	if (VbKernelHasFlags(preamble) == VBOOT_SUCCESS) {
+		if (option.flags_specified == 0)
+			option.flags = preamble->flags;
+	}
+
 	/* Replace the keyblock if asked */
 	if (option.keyblock)
 		keyblock = option.keyblock;
@@ -296,7 +302,7 @@ int futil_cb_resign_kernel_part(struct futil_traverse_state_s *state)
 	vblock_data = SignKernelBlob(kblob_data, kblob_size, option.padding,
 				     option.version, option.kloadaddr,
 				     keyblock, option.signprivate,
-				     &vblock_size);
+				     option.flags, &vblock_size);
 	if (!vblock_data) {
 		fprintf(stderr, "Unable to sign kernel blob\n");
 		return 1;
@@ -612,7 +618,8 @@ static const char usage_new_kpart[] = "\n"
 	"  --pad            NUM             The vblock padding size in bytes\n"
 	"                                     (default 0x%x)\n"
 	" --vblockonly                      Emit just the vblock (requires a\n"
-	"                                     distinct outfile)\n";
+	"                                     distinct outfile)\n"
+	"  -f|--flags       NUM             The preamble flags value\n";
 
 static const char usage_old_kpart[] = "\n"
 	"-----------------------------------------------------------------\n"
@@ -634,6 +641,7 @@ static const char usage_old_kpart[] = "\n"
 	"  [--outfile]      OUTFILE         Output kernel partition or vblock\n"
 	"  --vblockonly                     Emit just the vblock (requires a\n"
 	"                                     distinct OUTFILE)\n"
+	"  -f|--flags       NUM             The preamble flags value\n"
 	"\n";
 
 static void print_help(const char *prog)
diff --git a/futility/cmd_vbutil_kernel.c b/futility/cmd_vbutil_kernel.c
index ae4fd3f9..3322e4b8 100644
--- a/futility/cmd_vbutil_kernel.c
+++ b/futility/cmd_vbutil_kernel.c
@@ -63,6 +63,7 @@ enum {
 	OPT_VERBOSE,
 	OPT_MINVERSION,
 	OPT_VMLINUZ_OUT,
+	OPT_FLAGS,
 };
 
 static const struct option long_opts[] = {
@@ -86,6 +87,7 @@ static const struct option long_opts[] = {
 	{"verbose", 0, &opt_verbose, 1},
 	{"debug", 0, &debugging_enabled, 1},
 	{"vmlinuz-out", 1, 0, OPT_VMLINUZ_OUT},
+	{"flags", 1, 0, OPT_FLAGS},
 	{NULL, 0, 0, 0}
 };
 
@@ -109,6 +111,7 @@ static const char usage[] =
 	"    --kloadaddr <address>     Assign kernel body load address\n"
 	"    --pad <number>            Verification padding size in bytes\n"
 	"    --vblockonly              Emit just the verification blob\n"
+	"    --flags NUM               Flags to be passed in the header\n"
 	"\nOR\n\n"
 	"Usage:  " MYNAME " %s --repack <file> [PARAMETERS]\n"
 	"\n"
@@ -253,6 +256,7 @@ static int do_vbutil_kernel(int argc, char *argv[])
 	uint64_t kblob_size = 0;
 	uint8_t *vblock_data = NULL;
 	uint64_t vblock_size = 0;
+	uint32_t flags = 0;
 	FILE *f;
 
 	while (((i = getopt_long(argc, argv, ":", long_opts, NULL)) != -1) &&
@@ -328,6 +332,14 @@ static int do_vbutil_kernel(int argc, char *argv[])
 			vmlinuz_file = optarg;
 			break;
 
+		case OPT_FLAGS:
+			flags = (uint32_t)strtoul(optarg, &e, 0);
+			if (!*optarg || (e && *e)) {
+				fprintf(stderr, "Invalid --flags\n");
+				parse_error = 1;
+			}
+			break;
+
 		case OPT_BOOTLOADER:
 			bootloader_file = optarg;
 			break;
@@ -435,7 +447,7 @@ static int do_vbutil_kernel(int argc, char *argv[])
 
 		vblock_data = SignKernelBlob(kblob_data, kblob_size, opt_pad,
 					     version, kernel_body_load_address,
-					     t_keyblock, signpriv_key,
+					     t_keyblock, signpriv_key, flags,
 					     &vblock_size);
 		if (!vblock_data)
 			Fatal("Unable to sign kernel blob\n");
@@ -498,6 +510,9 @@ static int do_vbutil_kernel(int argc, char *argv[])
 		if (!version_str)
 			version = preamble->kernel_version;
 
+		if (VbKernelHasFlags(preamble) == VBOOT_SUCCESS)
+			flags = preamble->flags;
+
 		if (keyblock_file) {
 			t_keyblock =
 				(VbKeyBlockHeader *)ReadFile(keyblock_file, 0);
@@ -509,7 +524,7 @@ static int do_vbutil_kernel(int argc, char *argv[])
 		vblock_data = SignKernelBlob(kblob_data, kblob_size, opt_pad,
 					     version, kernel_body_load_address,
 					     t_keyblock ? t_keyblock : keyblock,
-					     signpriv_key, &vblock_size);
+					     signpriv_key, flags, &vblock_size);
 		if (!vblock_data)
 			Fatal("Unable to sign kernel blob\n");
 
diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c
index f40b7ac8..3d3225a1 100644
--- a/futility/vb1_helper.c
+++ b/futility/vb1_helper.c
@@ -305,6 +305,7 @@ uint8_t *UnpackKPart(uint8_t *kpart_data, uint64_t kpart_size,
 	uint64_t vmlinuz_header_size = 0;
 	uint64_t vmlinuz_header_address = 0;
 	uint64_t now = 0;
+	uint32_t flags = 0;
 
 	/* Sanity-check the keyblock */
 	keyblock = (VbKeyBlockHeader *)kpart_data;
@@ -347,6 +348,11 @@ uint8_t *UnpackKPart(uint8_t *kpart_data, uint64_t kpart_size,
 	Debug(" bootloader_size = 0x%" PRIx64 "\n", preamble->bootloader_size);
 	Debug(" kern_blob_size = 0x%" PRIx64 "\n",
 	      preamble->body_signature.data_size);
+
+	if (VbKernelHasFlags(preamble) == VBOOT_SUCCESS)
+		flags = preamble->flags;
+	Debug(" flags = 0x%" PRIx32 "\n", flags);
+
 	g_preamble = preamble;
 	g_ondisk_bootloader_addr = g_preamble->bootloader_address;
 
@@ -392,7 +398,7 @@ uint8_t *SignKernelBlob(uint8_t *kernel_blob, uint64_t kernel_size,
 			uint64_t padding,
 			int version, uint64_t kernel_body_load_address,
 			VbKeyBlockHeader *keyblock, VbPrivateKey *signpriv_key,
-			uint64_t *vblock_size_ptr)
+			uint32_t flags, uint64_t *vblock_size_ptr)
 {
 	VbSignature *body_sig;
 	VbKernelPreambleHeader *preamble;
@@ -416,6 +422,7 @@ uint8_t *SignKernelBlob(uint8_t *kernel_blob, uint64_t kernel_size,
 					body_sig,
 					g_ondisk_vmlinuz_header_addr,
 					g_vmlinuz_header_size,
+					flags,
 					min_size,
 					signpriv_key);
 	if (!preamble) {
@@ -591,6 +598,10 @@ int VerifyKernelBlob(uint8_t *kernel_blob,
 		       vmlinuz_header_size);
 	}
 
+	if (VbKernelHasFlags(g_preamble) == VBOOT_SUCCESS)
+		printf("  Flags          :       0x%" PRIx32 "\n",
+		       g_preamble->flags);
+
 	if (g_preamble->kernel_version < (min_version & 0xFFFF)) {
 		fprintf(stderr,
 			"Kernel version %" PRIu64 " is lower than minimum %"
diff --git a/futility/vb1_helper.h b/futility/vb1_helper.h
index fd976e0e..2cf71f4e 100644
--- a/futility/vb1_helper.h
+++ b/futility/vb1_helper.h
@@ -18,7 +18,7 @@ uint8_t *SignKernelBlob(uint8_t *kernel_blob, uint64_t kernel_size,
 			uint64_t padding,
 			int version, uint64_t kernel_body_load_address,
 			VbKeyBlockHeader *keyblock, VbPrivateKey *signpriv_key,
-			uint64_t *vblock_size_ptr);
+			uint32_t flags, uint64_t *vblock_size_ptr);
 
 int WriteSomeParts(const char *outfile,
 		   void *part1_data, uint64_t part1_size,
author	Furquan Shaikh <furquan@google.com>	2015-02-03 15:34:29 -0800
committer	ChromeOS Commit Bot <chromeos-commit-bot@chromium.org>	2015-02-12 04:40:35 +0000
commit	80e779d50b52cd97c9d5896a3b75fa8118ee488f (patch)
tree	18417a40d0f494546b6cc8b35cbd47938451facc /futility
parent	623d6c4744ed92b53ac929edd94de22c61a93daf (diff)
download	vboot-80e779d50b52cd97c9d5896a3b75fa8118ee488f.tar.gz