diff options
| author | Bill Richardson <wfrichar@chromium.org> | 2010-09-09 14:53:56 -0700 |
|---|---|---|
| committer | Bill Richardson <wfrichar@chromium.org> | 2010-09-09 14:53:56 -0700 |
| commit | 60bcbe3cd4c3921e6499170fd91eb47a040933a9 (patch) | |
| tree | e8fc49cf9a6de79bb625ce682d2b047fedd31978 /utility/vbutil_kernel.c | |
| parent | 7c88d4c31df2bd05494d0fdd2a300d69d7e503bd (diff) | |
| download | vboot-60bcbe3cd4c3921e6499170fd91eb47a040933a9.tar.gz | |
New tools to help debug vboot failures.
This adds some tools to help us figure out why a particular kernel isn't
booting. Often we suspect it's because it was signed with the wrong keys, or
has flags restricting its use to certain boot modes. This change adds some
tools to extract and display all the keys from the BIOS, and try them on the
various kernels. We also display the sha1sum of all the keys we find, to
make comparing them easier.
Change-Id: I38e447bf95cb6c3a0b87aa949611bb135f2f94b4
BUG=chromeos-partner:888
TEST=manual
To test, obtain a root shell, and run dev_debug_vboot. You should see lots
of useful information go by.
Review URL: http://codereview.chromium.org/3303018
Diffstat (limited to 'utility/vbutil_kernel.c')
| -rw-r--r-- | utility/vbutil_kernel.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/utility/vbutil_kernel.c b/utility/vbutil_kernel.c index 80197194..acf156f7 100644 --- a/utility/vbutil_kernel.c +++ b/utility/vbutil_kernel.c @@ -661,11 +661,23 @@ static int Verify(const char* infile, const char* signpubkey, int verbose) { if (verbose) printf(" Signature: %s\n", sign_key ? "valid" : "ignored"); printf(" Size: 0x%" PRIx64 "\n", key_block->key_block_size); + printf(" Flags: %" PRIu64 " ", key_block->key_block_flags); + if (key_block->key_block_flags & KEY_BLOCK_FLAG_DEVELOPER_0) + printf(" !DEV"); + if (key_block->key_block_flags & KEY_BLOCK_FLAG_DEVELOPER_1) + printf(" DEV"); + if (key_block->key_block_flags & KEY_BLOCK_FLAG_RECOVERY_0) + printf(" !REC"); + if (key_block->key_block_flags & KEY_BLOCK_FLAG_RECOVERY_1) + printf(" REC"); + printf("\n"); printf(" Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm, (data_key->algorithm < kNumAlgorithms ? algo_strings[data_key->algorithm] : "(invalid)")); printf(" Data key version: %" PRIu64 "\n", data_key->key_version); - printf(" Flags: %" PRIu64 "\n", key_block->key_block_flags); + printf(" Data key sha1sum: "); + PrintPubKeySha1Sum(data_key); + printf("\n"); rsa = PublicKeyToRSA(&key_block->data_key); if (!rsa) { |