diff options
| -rw-r--r-- | firmware/2lib/2misc.c | 18 | ||||
| -rw-r--r-- | firmware/2lib/include/2misc.h | 8 | ||||
| -rw-r--r-- | firmware/2lib/include/2struct.h | 7 |
3 files changed, 28 insertions, 5 deletions
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index f5571dc6..5d063b94 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -14,6 +14,17 @@ #include "2sha.h" #include "2rsa.h" +int vb2_validate_gbb_signature(uint8_t *sig) { + const static uint8_t sig_xor[VB2_GBB_SIGNATURE_SIZE] = + VB2_GBB_XOR_SIGNATURE; + int i; + for (i = 0; i < VB2_GBB_SIGNATURE_SIZE; i++) { + if (sig[i] != (sig_xor[i] ^ VB2_GBB_XOR_CHARS[i])) + return VB2_ERROR_GBB_MAGIC; + } + return VB2_SUCCESS; +} + void vb2_workbuf_from_ctx(struct vb2_context *ctx, struct vb2_workbuf *wb) { vb2_workbuf_init(wb, ctx->workbuf + ctx->workbuf_used, @@ -22,8 +33,6 @@ void vb2_workbuf_from_ctx(struct vb2_context *ctx, struct vb2_workbuf *wb) int vb2_read_gbb_header(struct vb2_context *ctx, struct vb2_gbb_header *gbb) { - static const uint8_t expect_sig[VB2_GBB_SIGNATURE_SIZE] = - VB2_GBB_SIGNATURE; int rv; /* Read the entire header */ @@ -32,8 +41,9 @@ int vb2_read_gbb_header(struct vb2_context *ctx, struct vb2_gbb_header *gbb) return rv; /* Make sure it's really a GBB */ - if (memcmp(gbb->signature, expect_sig, sizeof(expect_sig))) - return VB2_ERROR_GBB_MAGIC; + rv = vb2_validate_gbb_signature(gbb->signature); + if (rv) + return rv; /* Check for compatible version */ if (gbb->major_version != VB2_GBB_MAJOR_VER) diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index d90399a4..d6f48e86 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -23,6 +23,14 @@ static __inline struct vb2_shared_data *vb2_get_sd(struct vb2_context *ctx) { } /** + * Validate gbb signature (the magic number) + * + * @param sig pointer to the signature bytes to validate + * @return VB2_SUCCESS if valid or VB2_ERROR_GBB_MAGIC otherwise. + */ +int vb2_validate_gbb_signature(uint8_t *sig); + +/** * Initialize a work buffer from the vboot context. * * This sets the work buffer to the unused portion of the context work buffer. diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 7a6d0ce7..646d0915 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -301,9 +301,14 @@ struct vb2_shared_data { /****************************************************************************/ -/* Signature at start of the GBB */ +/* Signature at start of the GBB + * Note that if you compile in the signature as is, you are likely to break any + * tools that search for the signature. */ #define VB2_GBB_SIGNATURE "$GBB" #define VB2_GBB_SIGNATURE_SIZE 4 +#define VB2_GBB_XOR_CHARS "****" +/* TODO: can we write a macro to produce this at compile time? */ +#define VB2_GBB_XOR_SIGNATURE { 0x0e, 0x6d, 0x68, 0x68 } /* VB2 GBB struct version */ #define VB2_GBB_MAJOR_VER 1 |