diff options
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | tests/Makefile | 26 | ||||
-rw-r--r-- | tests/big_kernel_tests.c | 4 | ||||
-rwxr-xr-x | tests/run_image_verification_tests.sh | 7 | ||||
-rw-r--r-- | tests/test_common.c | 104 | ||||
-rw-r--r-- | tests/test_common.h | 25 | ||||
-rw-r--r-- | tests/vboot_common2_tests.c | 1 | ||||
-rw-r--r-- | tests/vboot_common3_tests.c | 1 | ||||
-rw-r--r-- | utility/Makefile | 7 | ||||
-rw-r--r-- | utility/firmware_utility.cc | 485 | ||||
-rw-r--r-- | vboot_firmware/Makefile | 2 | ||||
-rw-r--r-- | vboot_firmware/lib/firmware_image_fw.c | 355 | ||||
-rw-r--r-- | vboot_firmware/lib/include/vboot_firmware.h | 22 | ||||
-rw-r--r-- | vboot_firmware/lib/load_firmware_fw.c | 26 | ||||
-rw-r--r-- | vboot_firmware/lib/vboot_firmware.c | 4 | ||||
-rw-r--r-- | vboot_firmware/linktest/main.c | 14 | ||||
-rw-r--r-- | vfirmware/Makefile | 18 | ||||
-rw-r--r-- | vfirmware/firmware_image.c | 522 | ||||
-rw-r--r-- | vfirmware/include/firmware_image.h | 100 |
19 files changed, 23 insertions, 1702 deletions
@@ -16,7 +16,7 @@ export BUILD = ${TOP}/build export FWLIB = ${BUILD}/vboot_fw.a export HOSTLIB= ${BUILD}/vboot_host.a -SUBDIRS = vboot_firmware misclibs host vfirmware vkernel utility cgpt tests +SUBDIRS = vboot_firmware misclibs host vkernel utility cgpt tests all: set -e; \ diff --git a/tests/Makefile b/tests/Makefile index 181d1d1d..733d68fd 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -9,21 +9,14 @@ INCLUDES += -I./include \ -I../host/include \ -I../misclibs/include \ -I../vboot_firmware/lib/include\ - -I../vfirmware/include\ -I../vkernel/include -IMAGE_LIBS = $(BUILD)/vfirmware/firmware_image.o \ - $(BUILD)/vkernel/kernel_image.o +IMAGE_LIBS = $(BUILD)/vkernel/kernel_image.o UTIL_LIBS = $(BUILD)/misclibs/file_keys.o $(BUILD)/misclibs/signature_digest.o LIBS = $(IMAGE_LIBS) $(UTIL_LIBS) $(HOSTLIB) $(FWLIB) -lcrypto BUILD_ROOT = ${BUILD}/tests -TEST_NAMES = big_firmware_tests \ - big_kernel_tests \ +TEST_NAMES = big_kernel_tests \ cgptlib_test \ - firmware_image_tests \ - firmware_rollback_tests \ - firmware_splicing_tests \ - firmware_verify_benchmark \ kernel_image_tests \ kernel_rollback_tests \ kernel_splicing_tests \ @@ -35,11 +28,20 @@ TEST_NAMES = big_firmware_tests \ vboot_common_tests \ vboot_common2_tests \ vboot_common3_tests \ - verify_firmware_fuzz_driver \ verify_kernel_fuzz_driver TEST_BINS = $(addprefix ${BUILD_ROOT}/,$(TEST_NAMES)) ALL_DEPS = $(addsuffix .d,${TEST_BINS}) +# TODO: port these tests to vboot_firmware, if not already eqivalent +# functionality +# big_firmware_tests +# firmware_image_tests +# firmware_rollback_tests +# firmware_splicing_tests +# firmware_verify_benchmark +# verify_firmware_fuzz_driver + + ifneq (${RUNTESTS},) EXTRA_TARGET = runtests endif @@ -132,10 +134,10 @@ runtests: ./run_vboot_common_tests.sh ./run_image_verification_tests.sh # Splicing tests - ${BUILD_ROOT}/firmware_splicing_tests + #${BUILD_ROOT}/firmware_splicing_tests ${BUILD_ROOT}/kernel_splicing_tests # Rollback Tests - ${BUILD_ROOT}/firmware_rollback_tests + #${BUILD_ROOT}/firmware_rollback_tests ${BUILD_ROOT}/kernel_rollback_tests # Helper Library Tests ${BUILD_ROOT}/cgptlib_test diff --git a/tests/big_kernel_tests.c b/tests/big_kernel_tests.c index a7bbcd84..b511c726 100644 --- a/tests/big_kernel_tests.c +++ b/tests/big_kernel_tests.c @@ -50,11 +50,11 @@ int BigKernelTest() { } debug("Done.\n"); TEST_EQ(VerifyKernelImage(firmware_key, image, 0), - VERIFY_FIRMWARE_SUCCESS, + VERIFY_KERNEL_SUCCESS, "Big KernelImage Verification"); kernel_blob = GetKernelBlob(image, &len); TEST_EQ(VerifyKernel(firmware_key_blob, kernel_blob, 0), - VERIFY_FIRMWARE_SUCCESS, + VERIFY_KERNEL_SUCCESS, "Big Kernel Blob Verification"); cleanup: diff --git a/tests/run_image_verification_tests.sh b/tests/run_image_verification_tests.sh index 025066a4..9a2e68cb 100755 --- a/tests/run_image_verification_tests.sh +++ b/tests/run_image_verification_tests.sh @@ -70,9 +70,10 @@ ${kernel_hashalgo}${COL_STOP}" check_test_keys -echo -echo "Testing high-level firmware image verification..." -test_firmware_verification +# TODO: re-enable when tests are ported to new vboot +#echo +#echo "Testing high-level firmware image verification..." +#test_firmware_verification echo echo "Testing high-level kernel image verification..." diff --git a/tests/test_common.c b/tests/test_common.c index 8270c3ad..1c0fae23 100644 --- a/tests/test_common.c +++ b/tests/test_common.c @@ -45,110 +45,6 @@ int TEST_NEQ(int result, int not_expected_result, char* testname) { } } -FirmwareImage* GenerateTestFirmwareImage(int algorithm, - const uint8_t* firmware_sign_key, - int firmware_key_version, - int firmware_version, - uint64_t firmware_len, - const char* root_key_file, - const char* firmware_key_file, - uint8_t firmware_data_fill_char) { - FirmwareImage* image = FirmwareImageNew(); - - Memcpy(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); - image->firmware_sign_algorithm = algorithm; - image->firmware_sign_key = (uint8_t*) Malloc( - RSAProcessedKeySize(image->firmware_sign_algorithm)); - Memcpy(image->firmware_sign_key, firmware_sign_key, - RSAProcessedKeySize(image->firmware_sign_algorithm)); - image->firmware_key_version = firmware_key_version; - - /* Update correct header length. */ - image->header_len = GetFirmwareHeaderLen(image); - - /* Calculate SHA-512 digest on header and populate header_checksum. */ - CalculateFirmwareHeaderChecksum(image, image->header_checksum); - - /* Populate firmware and preamble with dummy data. */ - image->firmware_version = firmware_version; - image->firmware_len = firmware_len; - /* Make the kernel subkey the same as the firmware signing key. */ - image->kernel_subkey_sign_algorithm = algorithm; - image->kernel_subkey_sign_key = (uint8_t*) Malloc( - RSAProcessedKeySize(image->kernel_subkey_sign_algorithm)); - Memcpy(image->kernel_subkey_sign_key, firmware_sign_key, - RSAProcessedKeySize(image->kernel_subkey_sign_algorithm)); - image->preamble_signature = image->firmware_signature = NULL; - Memset(image->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); - image->firmware_data = Malloc(image->firmware_len); - Memset(image->firmware_data, firmware_data_fill_char, image->firmware_len); - - /* Generate and populate signatures. */ - if (!AddFirmwareKeySignature(image, root_key_file)) { - debug("Couldn't create key signature.\n"); - FirmwareImageFree(image); - return NULL; - } - - if (!AddFirmwareSignature(image, firmware_key_file)) { - debug("Couldn't create firmware and preamble signature.\n"); - FirmwareImageFree(image); - return NULL; - } - return image; -} - -uint8_t* GenerateTestVerificationBlob(int algorithm, - const uint8_t* firmware_sign_key, - int firmware_key_version, - int firmware_version, - uint64_t firmware_len, - const char* root_key_file, - const char* firmware_key_file) { - FirmwareImage* image = NULL; - uint8_t* firmware_blob = NULL; - uint64_t firmware_blob_len = 0; - - image = GenerateTestFirmwareImage(algorithm, - firmware_sign_key, - firmware_key_version, - firmware_version, - firmware_len, - root_key_file, - firmware_key_file, - 'F'); - firmware_blob = GetFirmwareBlob(image, &firmware_blob_len); - FirmwareImageFree(image); - return firmware_blob; -} - -uint8_t* GenerateRollbackTestVerificationBlob(int firmware_key_version, - int firmware_version) { - FirmwareImage* image = NULL; - uint64_t len; - uint8_t* verification_blob = NULL; - uint8_t* firmware_sign_key = NULL; - - firmware_sign_key = BufferFromFile("testkeys/key_rsa1024.keyb", - &len); - if (!firmware_sign_key) - return NULL; - image = GenerateTestFirmwareImage(0, /* RSA1024/SHA1 */ - firmware_sign_key, - firmware_key_version, - firmware_version, - 1, /* Firmware length. */ - "testkeys/key_rsa8192.pem", - "testkeys/key_rsa1024.pem", - 'F'); - if (!image) - return NULL; - verification_blob = GetFirmwareBlob(image, &len); - FirmwareImageFree(image); - return verification_blob; -} - - KernelImage* GenerateTestKernelImage(int firmware_sign_algorithm, int kernel_sign_algorithm, const uint8_t* kernel_sign_key, diff --git a/tests/test_common.h b/tests/test_common.h index c8404154..5485fc45 100644 --- a/tests/test_common.h +++ b/tests/test_common.h @@ -9,7 +9,6 @@ #include <stdint.h> -#include "firmware_image.h" #include "kernel_image.h" extern int gTestSuccess; @@ -21,23 +20,6 @@ int TEST_EQ(int result, int expected_result, char* testname); * Also update the global gTestSuccess flag if test fails. */ int TEST_NEQ(int result, int not_expected_result, char* testname); -/* Test firmware image generation functions. */ -FirmwareImage* GenerateTestFirmwareImage(int algorithm, - const uint8_t* firmware_sign_key, - int firmware_key_version, - int firmware_version, - uint64_t firmware_len, - const char* root_key_file, - const char* firmware_key_file, - uint8_t firmware_data_fill_char); -uint8_t* GenerateTestVerificationBlob(int algorithm, - const uint8_t* firmware_sign_key, - int firmware_key_version, - int firmware_version, - uint64_t firmware_len, - const char* root_key_file, - const char* firmware_key_file); - /* Test kernel image generation functions. */ KernelImage* GenerateTestKernelImage(int firmware_sign_algorithm, int kernel_sign_algorithm, @@ -57,13 +39,6 @@ uint8_t* GenerateTestKernelBlob(int firmware_sign_algorithm, const char* firmware_key_file, const char* kernel_key_file); -/* Generates a test verification block for rollback tests with a given - * [firmware_key_version] and [firmware_version]. The firmware length is - * assumed to be 1 bytes, and containing { 'F' }. - */ -uint8_t* GenerateRollbackTestVerificationBlob(int firmware_key_version, - int firmware_version); - /* Generates a test kernel iamge for rollback tests with a given * [kernel_key_version} and [kernel_version]. If [is_corrupt] is 1, * then the image has invalid signatures and will fail verification. */ diff --git a/tests/vboot_common2_tests.c b/tests/vboot_common2_tests.c index 86a560f0..b4c9096a 100644 --- a/tests/vboot_common2_tests.c +++ b/tests/vboot_common2_tests.c @@ -10,7 +10,6 @@ #include "cryptolib.h" #include "file_keys.h" -#include "firmware_image.h" #include "host_common.h" #include "test_common.h" #include "utility.h" diff --git a/tests/vboot_common3_tests.c b/tests/vboot_common3_tests.c index f3ac92a7..e094d635 100644 --- a/tests/vboot_common3_tests.c +++ b/tests/vboot_common3_tests.c @@ -10,7 +10,6 @@ #include "cryptolib.h" #include "file_keys.h" -#include "firmware_image.h" #include "host_common.h" #include "test_common.h" #include "utility.h" diff --git a/utility/Makefile b/utility/Makefile index aef52ad4..9a05aa7c 100644 --- a/utility/Makefile +++ b/utility/Makefile @@ -8,14 +8,12 @@ INCLUDES += -I./include \ -I$(FWDIR)/lib/cryptolib/include \ -I$(HOSTDIR)/include \ -I../misclibs/include \ - -I../vfirmware/include\ -I../vboot_firmware/include\ -I../vkernel/include CFLAGS += $(INCLUDES) CFLAGS += -MMD -MF $@.d LIBS = $(BUILD)/misclibs/file_keys.o \ $(BUILD)/misclibs/signature_digest.o \ - $(BUILD)/vfirmware/firmware_image.o \ $(BUILD)/vkernel/kernel_image.o \ $(HOSTLIB) \ $(FWLIB) @@ -25,7 +23,6 @@ BUILD_ROOT = ${BUILD}/utility DESTDIR ?= /usr/bin TARGET_NAMES = dumpRSAPublicKey \ - firmware_utility \ gbb_utility \ kernel_utility \ load_kernel_test \ @@ -46,10 +43,6 @@ all: $(TARGET_BINS) ${BUILD_ROOT}/dumpRSAPublicKey: dumpRSAPublicKey.c $(CC) $(CFLAGS) $(INCLUDES) $< -o $@ -lcrypto -${BUILD_ROOT}/firmware_utility: firmware_utility.cc $(LIBS) - $(CXX) $(CFLAGS) $(INCLUDES) -ggdb -D__STDC_LIMIT_MACROS $< \ - -o $@ $(LIBS) -lcrypto - ${BUILD_ROOT}/gbb_utility: gbb_utility.cc $(CXX) -DWITH_UTIL_MAIN $(CFLAGS) $< -o $@ diff --git a/utility/firmware_utility.cc b/utility/firmware_utility.cc deleted file mode 100644 index f154010e..00000000 --- a/utility/firmware_utility.cc +++ /dev/null @@ -1,485 +0,0 @@ -// Copyright (c) 2010 The Chromium OS Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// Utility for manipulating verified boot firmware images. -// - -#include "firmware_utility.h" - -#include <getopt.h> -#include <stdint.h> // Needed for UINT16_MAX. -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> - -#include <iostream> - -extern "C" { -#include "cryptolib.h" -#include "file_keys.h" -#include "firmware_image.h" -#include "stateful_util.h" -} - -using std::cerr; - -// Macro to determine the size of a field structure in the FirmwareImage -// structure. -#define FIELD_LEN(field) (sizeof(((FirmwareImage*)0)->field)) - -namespace vboot_reference { - -FirmwareUtility::FirmwareUtility(): - image_(NULL), - root_key_pub_(NULL), - firmware_key_version_(-1), - firmware_sign_algorithm_(-1), - firmware_version_(-1), - kernel_subkey_sign_algorithm_(-1), - is_generate_(false), - is_verify_(false), - is_describe_(false), - is_only_vblock_(false), - is_subkey_out_(false) { -} - -FirmwareUtility::~FirmwareUtility() { - RSAPublicKeyFree(root_key_pub_); - FirmwareImageFree(image_); -} - -void FirmwareUtility::PrintUsage(void) { - cerr << - "Utility to generate/verify a verified boot firmware image\n" - "\n" - "Usage: firmware_utility <--generate|--verify> [OPTIONS]\n" - "\n" - "For \"--verify\", required OPTIONS are:\n" - " --in <infile>\t\t\tVerified boot firmware image to verify.\n" - " --root_key_pub <pubkeyfile>\tPre-processed public root key " - "to use for verification.\n" - "\n" - "For \"--generate\", required OPTIONS are:\n" - " --root_key <privkeyfile>\t\tPrivate root key file\n" - " --firmware_key_pub <pubkeyfile>\tPre-processed public signing" - " key\n" - " --firmware_sign_algorithm <algoid>\tSigning algorithm to use\n" - " --firmware_key_version <version#>\tSigning Key Version#\n" - "OR\n" - " --subkey_in <subkeyfile>\t\tExisting key signature header\n" - "\n" - " --firmware_key <privkeyfile>\tPrivate signing key file\n" - " --firmware_version <version#>\tFirmware Version#\n" - " --in <infile>\t\t\tFirmware Image to sign\n" - " --out <outfile>\t\tOutput file for verified boot firmware image\n" - "\n" - "Optional:\n" - " --kernel_root_algorithm\tKernel subkey signing algorithm\n" - " --kernel_root_key_pub\t\tKernel subkey signing key to use\n" - " --subkey_out\t\t\tJust output the subkey (key verification) header\n" - " --vblock\t\t\tJust output the verification block\n" - "\n" - "<algoid> (for --sign-algorithm) is one of the following:\n"; - for (int i = 0; i < kNumAlgorithms; i++) { - cerr << i << " for " << algo_strings[i] << "\n"; - } - cerr << "\n\n"; -} - -bool FirmwareUtility::ParseCmdLineOptions(int argc, char* argv[]) { - int option_index, i; - char *e = 0; - enum { - OPT_ROOT_KEY = 1000, - OPT_ROOT_KEY_PUB, - OPT_FIRMWARE_KEY, - OPT_FIRMWARE_KEY_PUB, - OPT_SUBKEY_IN, - OPT_FIRMWARE_SIGN_ALGORITHM, - OPT_FIRMWARE_KEY_VERSION, - OPT_FIRMWARE_VERSION, - OPT_IN, - OPT_OUT, - OPT_GENERATE, - OPT_VERIFY, - OPT_DESCRIBE, - OPT_VBLOCK, - OPT_SUBKEY_OUT, - OPT_KERNEL_ROOT_KEY_PUB, - OPT_KERNEL_ROOT_ALGORITHM, - }; - static struct option long_options[] = { - {"root_key", 1, 0, OPT_ROOT_KEY }, - {"root_key_pub", 1, 0, OPT_ROOT_KEY_PUB }, - {"firmware_key", 1, 0, OPT_FIRMWARE_KEY }, - {"firmware_key_pub", 1, 0, OPT_FIRMWARE_KEY_PUB }, - {"subkey_in", 1, 0, OPT_SUBKEY_IN }, - {"firmware_sign_algorithm", 1, 0, OPT_FIRMWARE_SIGN_ALGORITHM }, - {"firmware_key_version", 1, 0, OPT_FIRMWARE_KEY_VERSION }, - {"firmware_version", 1, 0, OPT_FIRMWARE_VERSION }, - {"in", 1, 0, OPT_IN }, - {"out", 1, 0, OPT_OUT }, - {"generate", 0, 0, OPT_GENERATE }, - {"verify", 0, 0, OPT_VERIFY }, - {"describe", 0, 0, OPT_DESCRIBE }, - {"vblock", 0, 0, OPT_VBLOCK }, - {"subkey_out", 0, 0, OPT_SUBKEY_OUT }, - {"kernel_root_key_pub", 1, 0, OPT_KERNEL_ROOT_KEY_PUB }, - {"kernel_root_algorithm", 1, 0, OPT_KERNEL_ROOT_ALGORITHM }, - {NULL, 0, 0, 0} - }; - while ((i = getopt_long(argc, argv, "", long_options, &option_index)) != -1) { - switch (i) { - case '?': - return false; - break; - case OPT_ROOT_KEY: - root_key_file_ = optarg; - break; - case OPT_ROOT_KEY_PUB: - root_key_pub_file_ = optarg; - break; - case OPT_FIRMWARE_KEY: - firmware_key_file_ = optarg; - break; - case OPT_FIRMWARE_KEY_PUB: - firmware_key_pub_file_ = optarg; - break; - case OPT_SUBKEY_IN: - subkey_in_file_ = optarg; - break; - case OPT_FIRMWARE_SIGN_ALGORITHM: - firmware_sign_algorithm_ = strtol(optarg, &e, 0); - if (!*optarg || (e && *e)) { - cerr << "Invalid argument to --" - << long_options[option_index].name - << ": " << optarg << "\n"; - return false; - } - break; - case OPT_FIRMWARE_KEY_VERSION: - firmware_key_version_ = strtol(optarg, &e, 0); - if (!*optarg || (e && *e)) { - cerr << "Invalid argument to --" - << long_options[option_index].name - << ": " << optarg << "\n"; - return false; - } - break; - case OPT_FIRMWARE_VERSION: - firmware_version_ = strtol(optarg, &e, 0); - if (!*optarg || (e && *e)) { - cerr << "Invalid argument to --" - << long_options[option_index].name - << ": " << optarg << "\n"; - return false; - } - break; - case OPT_IN: - in_file_ = optarg; - break; - case OPT_OUT: - out_file_ = optarg; - break; - case OPT_GENERATE: - is_generate_ = true; - break; - case OPT_VERIFY: - is_verify_ = true; - break; - case OPT_DESCRIBE: - is_describe_ = true; - break; - case OPT_VBLOCK: - is_only_vblock_ = true; - break; - case OPT_SUBKEY_OUT: - is_subkey_out_ = true; - break; - case OPT_KERNEL_ROOT_ALGORITHM: - kernel_subkey_sign_algorithm_ = strtol(optarg, &e, 0); - if (!*optarg || (e && *e)) { - cerr << "Invalid argument to --" - << long_options[option_index].name - << ": " << optarg << "\n"; - return false; - } - break; - case OPT_KERNEL_ROOT_KEY_PUB: - kernel_subkey_sign_pub_file_ = optarg; - break; - } - } - return CheckOptions(); -} - - -void FirmwareUtility::OutputSignedImage(void) { - if (image_) { - if (!WriteFirmwareImage(out_file_.c_str(), image_, - is_only_vblock_, - is_subkey_out_)) { - cerr << "Couldn't write verified boot image to file " - << out_file_ <<".\n"; - } - } -} - -void FirmwareUtility::DescribeSignedImage(void) { - image_ = ReadFirmwareImage(in_file_.c_str()); - if (!image_) { - cerr << "Couldn't read firmware image or malformed image.\n"; - } - PrintFirmwareImage(image_); -} - -bool FirmwareUtility::GenerateSignedImage(void) { - uint64_t firmware_sign_key_pub_len; - - image_ = FirmwareImageNew(); - Memcpy(image_->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); - - if (subkey_in_file_.empty()) { - // We muse generate the firmware key signature header (subkey header) - // ourselves. - // Copy pre-processed public signing key. - image_->firmware_sign_algorithm = (uint16_t) firmware_sign_algorithm_; - image_->firmware_sign_key = BufferFromFile( - firmware_key_pub_file_.c_str(), - &firmware_sign_key_pub_len); - if (!image_->firmware_sign_key) - return false; - image_->firmware_key_version = firmware_key_version_; - - // Update header length. - image_->header_len = GetFirmwareHeaderLen(image_); - - // Calculate header checksum. - CalculateFirmwareHeaderChecksum(image_, image_->header_checksum); - - // Generate and add the key signatures. - if (!AddFirmwareKeySignature(image_, root_key_file_.c_str())) { - cerr << "Couldn't write key signature to verified boot image.\n"; - return false; - } - } else { - // Use existing subkey header. - MemcpyState st; - uint8_t* subkey_header_buf = NULL; - uint64_t subkey_len; - int header_len; - int firmware_sign_key_len; - uint8_t header_checksum[FIELD_LEN(header_checksum)]; - - subkey_header_buf = BufferFromFile(subkey_in_file_.c_str(), &subkey_len); - if (!subkey_header_buf) { - cerr << "Couldn't read subkey header from file %s\n" - << subkey_in_file_.c_str(); - return false; - } - st.remaining_len = subkey_len; - st.remaining_buf = subkey_header_buf; - st.overrun = 0; - - // TODO(gauravsh): This is basically the same code as the first half of - // of ReadFirmwareImage(). Refactor to eliminate code duplication. - - StatefulMemcpy(&st, &image_->header_len, FIELD_LEN(header_len)); - StatefulMemcpy(&st, &image_->firmware_sign_algorithm, - FIELD_LEN(firmware_sign_algorithm)); - - // Valid Algorithm? - if (image_->firmware_sign_algorithm >= kNumAlgorithms) { - Free(subkey_header_buf); - return NULL; - } - - // Compute size of pre-processed RSA public key and signature. - firmware_sign_key_len = RSAProcessedKeySize(image_->firmware_sign_algorithm); - - // Check whether the header length is correct. - header_len = GetFirmwareHeaderLen(image_); - if (header_len != image_->header_len) { - debug("Header length mismatch. Got: %d Expected: %d\n", - image_->header_len, header_len); - Free(subkey_header_buf); - return NULL; - } - - // Read pre-processed public half of the sign key. - StatefulMemcpy(&st, &image_->firmware_key_version, - FIELD_LEN(firmware_key_version)); - image_->firmware_sign_key = (uint8_t*) Malloc(firmware_sign_key_len); - StatefulMemcpy(&st, image_->firmware_sign_key, firmware_sign_key_len); - StatefulMemcpy(&st, image_->header_checksum, FIELD_LEN(header_checksum)); - - // Check whether the header checksum matches. - CalculateFirmwareHeaderChecksum(image_, header_checksum); - if (SafeMemcmp(header_checksum, image_->header_checksum, - FIELD_LEN(header_checksum))) { - debug("Invalid firmware header checksum!\n"); - Free(subkey_header_buf); - return NULL; - } - - // Read key signature. - StatefulMemcpy(&st, image_->firmware_key_signature, - FIELD_LEN(firmware_key_signature)); - - Free(subkey_header_buf); - if (st.overrun || st.remaining_len != 0) // Overrun or underrun. - return false; - } - - image_->firmware_version = firmware_version_; - image_->firmware_len = 0; - if (!kernel_subkey_sign_pub_file_.empty()) { - uint64_t subkey_len; - image_->kernel_subkey_sign_algorithm = kernel_subkey_sign_algorithm_; - image_->kernel_subkey_sign_key = BufferFromFile( - kernel_subkey_sign_pub_file_.c_str(), &subkey_len); - if (static_cast<int>(subkey_len) != - RSAProcessedKeySize(kernel_subkey_sign_algorithm_)) { - cerr << "Invalid kernel subkey signing key." - << "\n"; - return false; - } - } else { - // Reuse firmware signing key as kernel subkey signing key. - image_->kernel_subkey_sign_algorithm = image_->firmware_sign_algorithm; - image_->kernel_subkey_sign_key = (uint8_t*) Malloc(RSAProcessedKeySize( - image_->firmware_sign_algorithm)); - Memcpy(image_->kernel_subkey_sign_key, - image_->firmware_sign_key, - RSAProcessedKeySize(image_->firmware_sign_algorithm)); - } - // TODO(gauravsh): Populate this with the right bytes once we decide - // what goes into the preamble. - Memset(image_->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); - - image_->firmware_data = BufferFromFile(in_file_.c_str(), - &image_->firmware_len); - if (!image_->firmware_data) - return false; - - if (!AddFirmwareSignature(image_, firmware_key_file_.c_str())) { - cerr << "Couldn't write firmware signature to verified boot image.\n"; - return false; - } - return true; -} - -bool FirmwareUtility::VerifySignedImage(void) { - int error; - root_key_pub_ = RSAPublicKeyFromFile(root_key_pub_file_.c_str()); - image_ = ReadFirmwareImage(in_file_.c_str()); - - if (!root_key_pub_) { - cerr << "Couldn't read pre-processed public root key.\n"; - return false; - } - - if (!image_) { - cerr << "Couldn't read firmware image or malformed image.\n"; - return false; - } - if (VERIFY_FIRMWARE_SUCCESS == - (error = VerifyFirmwareImage(root_key_pub_, image_))) - return true; - cerr << VerifyFirmwareErrorString(error) << "\n"; - return false;; -} - -bool FirmwareUtility::CheckOptions(void) { - // Ensure that only one of --{describe|generate|verify} is set. - if (!((is_describe_ && !is_generate_ && !is_verify_) || - (!is_describe_ && is_generate_ && !is_verify_) || - (!is_describe_ && !is_generate_ && is_verify_))) { - cerr << "One (and only one) of --describe, --generate or --verify " - << "must be specified.\n"; - return false; - } - // Common required options. - if (in_file_.empty()) { - cerr << "No input file specified." << "\n"; - return false; - } - // Required options for --verify. - if (is_verify_ && root_key_pub_file_.empty()) { - cerr << "No pre-processed public root key file specified." << "\n"; - return false; - } - // Required options for --generate. - if (is_generate_) { - if (subkey_in_file_.empty()) { - // Root key, kernel signing public key, and firmware signing - // algorithm are required to generate the key signature header. - if (root_key_file_.empty()) { - cerr << "No root key file specified." << "\n"; - return false; - } - if (firmware_key_pub_file_.empty()) { - cerr << "No pre-processed public signing key file specified." << "\n"; - return false; - } - if (firmware_key_version_ <= 0 || firmware_key_version_ > UINT16_MAX) { - cerr << "Invalid or no key version specified." << "\n"; - return false; - } - if (firmware_sign_algorithm_ < 0 || - firmware_sign_algorithm_ >= kNumAlgorithms) { - cerr << "Invalid or no signing key algorithm specified." << "\n"; - return false; - } - } - if (firmware_key_file_.empty()) { - cerr << "No signing key file specified." << "\n"; - return false; - } - if (firmware_version_ <= 0 || firmware_version_ > UINT16_MAX) { - cerr << "Invalid or no firmware version specified." << "\n"; - return false; - } - if (out_file_.empty()) { - cerr <<"No output file specified." << "\n"; - return false; - } - if (!kernel_subkey_sign_pub_file_.empty()) { - // kernel subkey signing algorithm must be valid. - if (kernel_subkey_sign_algorithm_ < 0 || - kernel_subkey_sign_algorithm_ >= kNumAlgorithms) { - cerr << "Invalid or no kernel subkey signing algorithm specified." - << "\n"; - return false; - } - } - } - return true; -} - -} // namespace vboot_reference - -int main(int argc, char* argv[]) { - vboot_reference::FirmwareUtility fu; - if (!fu.ParseCmdLineOptions(argc, argv)) { - fu.PrintUsage(); - return -1; - } - if (fu.is_describe()) { - fu.DescribeSignedImage(); - } - if (fu.is_generate()) { - if (!fu.GenerateSignedImage()) - return -1; - fu.OutputSignedImage(); - } - if (fu.is_verify()) { - cerr << "Verification "; - if (fu.VerifySignedImage()) - cerr << "SUCCESS.\n"; - else - cerr << "FAILURE.\n"; - } - return 0; -} diff --git a/vboot_firmware/Makefile b/vboot_firmware/Makefile index 24404870..60eaa0c8 100644 --- a/vboot_firmware/Makefile +++ b/vboot_firmware/Makefile @@ -26,9 +26,7 @@ LIB_SRCS = \ ./lib/cryptolib/sha1.c \ ./lib/cryptolib/sha2.c \ ./lib/cryptolib/sha_utility.c \ - ./lib/firmware_image_fw.c \ ./lib/kernel_image_fw.c \ - ./lib/load_firmware_fw.c \ ./lib/load_kernel_fw.c \ ./lib/rollback_index.c \ ./lib/stateful_util.c \ diff --git a/vboot_firmware/lib/firmware_image_fw.c b/vboot_firmware/lib/firmware_image_fw.c deleted file mode 100644 index d7e50b4c..00000000 --- a/vboot_firmware/lib/firmware_image_fw.c +++ /dev/null @@ -1,355 +0,0 @@ -/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Functions for verifying a verified boot firmware image. - * (Firmware Portion) - */ - -#include "firmware_image_fw.h" - -#include "cryptolib.h" -#include "rollback_index.h" -#include "tss_constants.h" -#include "utility.h" - -/* Macro to determine the size of a field structure in the FirmwareImage - * structure. */ -#define FIELD_LEN(field) (sizeof(((FirmwareImage*)0)->field)) - -char* kVerifyFirmwareErrors[VERIFY_FIRMWARE_MAX] = { - "Success.", - "Invalid Image.", - "Root Key Signature Failed.", - "Invalid Verification Algorithm.", - "Preamble Signature Failed.", - "Firmware Signature Failed.", - "Wrong Firmware Magic.", - "Invalid Firmware Header Checksum.", - "Firmware Signing Key Rollback.", - "Firmware Version Rollback." -}; - -uint64_t GetFirmwarePreambleLen(int algorithm) { - return (FIELD_LEN(firmware_version) + - FIELD_LEN(firmware_len) + - FIELD_LEN(kernel_subkey_sign_algorithm) + - RSAProcessedKeySize(algorithm) + - FIELD_LEN(preamble)); -} - - -int VerifyFirmwareHeader(const uint8_t* root_key_blob, - const uint8_t* header_blob, - int* algorithm, - int* header_len) { - int firmware_sign_key_len; - int root_key_len; - uint16_t hlen, algo; - uint8_t* header_checksum = NULL; - - /* Base Offset for the header_checksum field. Actual offset is - * this + firmware_sign_key_len. */ - int base_header_checksum_offset = (FIELD_LEN(header_len) + - FIELD_LEN(firmware_sign_algorithm) + - FIELD_LEN(firmware_key_version)); - - - root_key_len = RSAProcessedKeySize(ROOT_SIGNATURE_ALGORITHM); - Memcpy(&hlen, header_blob, sizeof(hlen)); - Memcpy(&algo, - header_blob + FIELD_LEN(firmware_sign_algorithm), - sizeof(algo)); - if (algo >= kNumAlgorithms) - return VERIFY_FIRMWARE_INVALID_ALGORITHM; - *algorithm = (int) algo; - firmware_sign_key_len = RSAProcessedKeySize(*algorithm); - - /* Verify that header len is correct. */ - if (hlen != (base_header_checksum_offset + - firmware_sign_key_len + - FIELD_LEN(header_checksum))) - return VERIFY_FIRMWARE_INVALID_IMAGE; - - *header_len = (int) hlen; - - /* Verify if the hash of the header is correct. */ - header_checksum = DigestBuf(header_blob, - *header_len - FIELD_LEN(header_checksum), - SHA512_DIGEST_ALGORITHM); - if (SafeMemcmp(header_checksum, - header_blob + (base_header_checksum_offset + - firmware_sign_key_len), - FIELD_LEN(header_checksum))) { - Free(header_checksum); - return VERIFY_FIRMWARE_WRONG_HEADER_CHECKSUM; - } - Free(header_checksum); - - /* Root key signature on the firmware signing key is always checked - * irrespective of dev mode. */ - if (!RSAVerifyBinary_f(root_key_blob, NULL, /* Key to use */ - header_blob, /* Data to verify */ - *header_len, /* Length of data */ - header_blob + *header_len, /* Expected Signature */ - ROOT_SIGNATURE_ALGORITHM)) - return VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED; - return 0; -} - -int VerifyFirmwarePreamble(RSAPublicKey* firmware_sign_key, - const uint8_t* preamble_blob, - int firmware_sign_algorithm, - uint64_t* firmware_len) { - uint64_t len; - int preamble_len; - uint16_t firmware_version; - uint16_t kernel_subkey_sign_algorithm; - - Memcpy(&firmware_version, preamble_blob, sizeof(firmware_version)); - Memcpy(&kernel_subkey_sign_algorithm, - preamble_blob + (FIELD_LEN(firmware_version) + - FIELD_LEN(firmware_len)), - FIELD_LEN(kernel_subkey_sign_algorithm)); - - if (kernel_subkey_sign_algorithm >= kNumAlgorithms) - return VERIFY_FIRMWARE_INVALID_ALGORITHM; - - preamble_len = GetFirmwarePreambleLen(kernel_subkey_sign_algorithm); - if (!RSAVerifyBinary_f(NULL, firmware_sign_key, /* Key to use */ - preamble_blob, /* Data to verify */ - preamble_len, /* Length of data */ - preamble_blob + preamble_len, /* Expected Signature */ - firmware_sign_algorithm)) - return VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; - - Memcpy(&len, preamble_blob + FIELD_LEN(firmware_version), - sizeof(len)); - *firmware_len = len; - return 0; -} - -int VerifyFirmwareData(RSAPublicKey* firmware_sign_key, - const uint8_t* preamble_start, - const uint8_t* firmware_data, - uint64_t firmware_len, - int firmware_sign_algorithm) { - int signature_len = siglen_map[firmware_sign_algorithm]; - int preamble_len; - uint16_t kernel_subkey_sign_algorithm; - uint8_t* digest = NULL; - const uint8_t* firmware_signature = NULL; - DigestContext ctx; - Memcpy(&kernel_subkey_sign_algorithm, - preamble_start + (FIELD_LEN(firmware_version) + - FIELD_LEN(firmware_len)), - FIELD_LEN(kernel_subkey_sign_algorithm)); - - if (kernel_subkey_sign_algorithm >= kNumAlgorithms) - return VERIFY_FIRMWARE_INVALID_ALGORITHM; - - preamble_len = GetFirmwarePreambleLen(kernel_subkey_sign_algorithm); - - /* Since the firmware signature is over the preamble and the firmware data, - * which does not form a contiguous region of memory, we calculate the - * message digest ourselves. */ - DigestInit(&ctx, firmware_sign_algorithm); - DigestUpdate(&ctx, preamble_start, preamble_len); - DigestUpdate(&ctx, firmware_data, firmware_len); - digest = DigestFinal(&ctx); - /* Firmware signature is at the end of preamble and preamble signature. */ - firmware_signature = preamble_start + preamble_len + signature_len; - if (!RSAVerifyBinaryWithDigest_f( - NULL, firmware_sign_key, /* Key to use. */ - digest, /* Digest of the data to verify. */ - firmware_signature, /* Expected Signature */ - firmware_sign_algorithm)) { - Free(digest); - return VERIFY_FIRMWARE_SIGNATURE_FAILED; - } - Free(digest); - return 0; -} - -int VerifyFirmware(const uint8_t* root_key_blob, - const uint8_t* verification_header_blob, - const uint8_t* firmware_blob) { - int error_code = 0; - int firmware_sign_algorithm; /* Signing key algorithm. */ - RSAPublicKey* firmware_sign_key = NULL; - int firmware_sign_key_len, signature_len, header_len; - uint64_t firmware_len; - const uint8_t* header_ptr = NULL; /* Pointer to header. */ - const uint8_t* firmware_sign_key_ptr = NULL; /* Pointer to signing key. */ - const uint8_t* preamble_ptr = NULL; /* Pointer to preamble block. */ - - /* Note: All the offset calculations are based on struct FirmwareImage which - * is defined in include/firmware_image_fw.h. */ - - /* Compare magic bytes. */ - if (SafeMemcmp(verification_header_blob, FIRMWARE_MAGIC, - FIRMWARE_MAGIC_SIZE)) { - debug("Wrong Firmware Magic.\n"); - return VERIFY_FIRMWARE_WRONG_MAGIC; - } - header_ptr = verification_header_blob + FIRMWARE_MAGIC_SIZE; - - /* Only continue if header verification succeeds. */ - if ((error_code = VerifyFirmwareHeader(root_key_blob, header_ptr, - &firmware_sign_algorithm, - &header_len))) { - debug("Couldn't verify Firmware header.\n"); - return error_code; /* AKA jump to revovery. */ - } - /* Parse signing key into RSAPublicKey structure since it is required multiple - * times. */ - firmware_sign_key_len = RSAProcessedKeySize(firmware_sign_algorithm); - firmware_sign_key_ptr = header_ptr + (FIELD_LEN(header_len) + - FIELD_LEN(firmware_sign_algorithm) + - FIELD_LEN(firmware_key_version)); - firmware_sign_key = RSAPublicKeyFromBuf(firmware_sign_key_ptr, - firmware_sign_key_len); - signature_len = siglen_map[firmware_sign_algorithm]; - - /* Only continue if preamble verification succeeds. */ - preamble_ptr = (header_ptr + header_len + - FIELD_LEN(firmware_key_signature)); - if ((error_code = VerifyFirmwarePreamble(firmware_sign_key, preamble_ptr, - firmware_sign_algorithm, - &firmware_len))) { - RSAPublicKeyFree(firmware_sign_key); - debug("Couldn't verify Firmware preamble.\n"); - return error_code; /* AKA jump to recovery. */ - } - - if ((error_code = VerifyFirmwareData(firmware_sign_key, preamble_ptr, - firmware_blob, - firmware_len, - firmware_sign_algorithm))) { - RSAPublicKeyFree(firmware_sign_key); - debug("Couldn't verify Firmware data.\n"); - return error_code; /* AKA jump to recovery. */ - } - - RSAPublicKeyFree(firmware_sign_key); - return VERIFY_FIRMWARE_SUCCESS; /* Success! */ -} - -uint32_t GetLogicalFirmwareVersion(uint8_t* verification_header_blob) { - uint16_t firmware_key_version; - uint16_t firmware_version; - uint16_t firmware_sign_algorithm; - int firmware_sign_key_len; - Memcpy(&firmware_sign_algorithm, - verification_header_blob + (FIELD_LEN(magic) + /* Offset to field. */ - FIELD_LEN(header_len)), - sizeof(firmware_sign_algorithm)); - Memcpy(&firmware_key_version, - verification_header_blob + (FIELD_LEN(magic) + /* Offset to field. */ - FIELD_LEN(header_len) + - FIELD_LEN(firmware_sign_algorithm)), - sizeof(firmware_key_version)); - if (firmware_sign_algorithm >= kNumAlgorithms) - return 0; - firmware_sign_key_len = RSAProcessedKeySize(firmware_sign_algorithm); - Memcpy(&firmware_version, - verification_header_blob + (FIELD_LEN(magic) + /* Offset to field. */ - FIELD_LEN(header_len) + - FIELD_LEN(firmware_sign_algorithm) + - FIELD_LEN(firmware_key_version) + - firmware_sign_key_len + - FIELD_LEN(header_checksum) + - FIELD_LEN(firmware_key_signature)), - sizeof(firmware_version)); - return CombineUint16Pair(firmware_key_version, firmware_version); -} - -int VerifyFirmwareDriver_f(uint8_t* root_key_blob, - uint8_t* verification_headerA, - uint8_t* firmwareA, - uint8_t* verification_headerB, - uint8_t* firmwareB) { - /* Contains the logical firmware version (32-bit) which is calculated as - * (firmware_key_version << 16 | firmware_version) where - * [firmware_key_version] [firmware_version] are both 16-bit. - */ - uint32_t firmwareA_lversion, firmwareB_lversion; - uint8_t firmwareA_is_verified = 0; /* Whether firmwareA verify succeeded. */ - uint32_t min_lversion; /* Minimum of firmware A and firmware lversion. */ - uint32_t stored_lversion; /* Stored logical version in the TPM. */ - uint16_t version, key_version; /* Temporary variables */ - - /* Initialize the TPM since we'll be reading the rollback indices. */ - SetupTPM(0, 0); - - /* We get the key versions by reading directly from the image blobs without - * any additional (expensive) sanity checking on the blob since it's faster to - * outright reject a firmware with an older firmware key version. A malformed - * or corrupted firmware blob will still fail when VerifyFirmware() is called - * on it. - */ - firmwareA_lversion = GetLogicalFirmwareVersion(verification_headerA); - firmwareB_lversion = GetLogicalFirmwareVersion(verification_headerB); - min_lversion = Min(firmwareA_lversion, firmwareB_lversion); - GetStoredVersions(FIRMWARE_VERSIONS, &key_version, &version); - stored_lversion = CombineUint16Pair(key_version, version); - /* Always try FirmwareA first. */ - if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, - verification_headerA, - firmwareA)) - firmwareA_is_verified = 1; - if (firmwareA_is_verified && (stored_lversion < firmwareA_lversion)) { - /* Stored version may need to be updated but only if FirmwareB - * is successfully verified and has a logical version greater than - * the stored logical version. */ - if (stored_lversion < firmwareB_lversion) { - if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, - verification_headerB, - firmwareB)) { - WriteStoredVersions(FIRMWARE_VERSIONS, - (uint16_t) (min_lversion >> 16), - (uint16_t) (min_lversion & 0xFFFF)); - stored_lversion = min_lversion; /* Update stored version as it's used - * later. */ - } - } - } - /* Lock Firmware TPM rollback indices from further writes. In this design, - * this is done by setting the globalLock bit, which is cleared only by - * TPM_Init at reboot. - */ - if (TPM_SUCCESS != LockFirmwareVersions()) { - return VERIFY_FIRMWARE_TPM_ERROR; - } - - /* Determine which firmware (if any) to jump to. - * - * We always attempt to jump to FirmwareA first. If verification of FirmwareA - * fails, we try FirmwareB. In all cases, if the firmware successfully - * verified but is a rollback, we jump to recovery. - * - * Note: This means that if FirmwareA verified successfully and is a - * rollback, then no attempt is made to check FirmwareB. We still jump to - * recovery. FirmwareB is only used as a backup in case FirmwareA gets - * corrupted. Since newer firmware updates are always written to A, - * the case where firmware A is verified but a rollback should not occur in - * normal operation. - */ - if (firmwareA_is_verified) { - if (stored_lversion <= firmwareA_lversion) - return BOOT_FIRMWARE_A_CONTINUE; - } else { - /* If FirmwareA was not valid, then we skipped over the - * check to update the rollback indices and a Verify of FirmwareB wasn't - * attempted. - * If FirmwareB is not a rollback, then we attempt to do the verification. - */ - if (stored_lversion <= firmwareB_lversion && - (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, - verification_headerB, - firmwareB))) - return BOOT_FIRMWARE_B_CONTINUE; - } - /* D'oh: No bootable firmware. */ - return BOOT_FIRMWARE_RECOVERY_CONTINUE; -} diff --git a/vboot_firmware/lib/include/vboot_firmware.h b/vboot_firmware/lib/include/vboot_firmware.h deleted file mode 100644 index ac8595f0..00000000 --- a/vboot_firmware/lib/include/vboot_firmware.h +++ /dev/null @@ -1,22 +0,0 @@ -/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Data structure and API definitions for a verified boot kernel image. - * (Firmware Portion) - */ - -#ifndef VBOOT_REFERENCE_VBOOT_FIRMWARE_H_ -#define VBOOT_REFERENCE_VBOOT_FIRMWARE_H_ - -#include <stdint.h> - -#include "cgptlib.h" -#include "cryptolib.h" -#include "load_firmware_fw.h" -#include "vboot_common.h" - -/* Alternate LoadFirmware() implementation; see load_firmware_fw.h */ -int LoadFirmware2(LoadFirmwareParams* params); - -#endif /* VBOOT_REFERENCE_VBOOT_FIRMWARE_H_ */ diff --git a/vboot_firmware/lib/load_firmware_fw.c b/vboot_firmware/lib/load_firmware_fw.c deleted file mode 100644 index 0b0bf5e9..00000000 --- a/vboot_firmware/lib/load_firmware_fw.c +++ /dev/null @@ -1,26 +0,0 @@ -/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * High-level firmware API for loading and verifying rewritable firmware. - * (Firmware portion) - */ - -#include "load_firmware_fw.h" - -#include "firmware_image_fw.h" -#include "utility.h" - - -static const char kFakeKernelBlob[2088] = "Fake kernel sign key blob"; - - -int LoadFirmware(LoadFirmwareParams* params) { - /* TODO: real implementation! This is now sufficiently broken due - * to refactoring that we'll just trust firmware A. */ - Memcpy(params->kernel_sign_key_blob, kFakeKernelBlob, - sizeof(kFakeKernelBlob)); - params->kernel_sign_key_size = sizeof(kFakeKernelBlob); - params->firmware_index = 0; - return LOAD_FIRMWARE_SUCCESS; -} diff --git a/vboot_firmware/lib/vboot_firmware.c b/vboot_firmware/lib/vboot_firmware.c index 8c5f0f1d..88d6bb64 100644 --- a/vboot_firmware/lib/vboot_firmware.c +++ b/vboot_firmware/lib/vboot_firmware.c @@ -6,8 +6,6 @@ * (Firmware portion) */ -#include "vboot_firmware.h" - #include "load_firmware_fw.h" #include "rollback_index.h" #include "utility.h" @@ -33,7 +31,7 @@ void UpdateFirmwareBodyHash(LoadFirmwareParams* params, } -int LoadFirmware2(LoadFirmwareParams* params) { +int LoadFirmware(LoadFirmwareParams* params) { VbPublicKey* root_key = (VbPublicKey*)params->firmware_root_key_blob; VbLoadFirmwareInternal* lfi; diff --git a/vboot_firmware/linktest/main.c b/vboot_firmware/linktest/main.c index 10500809..0b3bb700 100644 --- a/vboot_firmware/linktest/main.c +++ b/vboot_firmware/linktest/main.c @@ -8,7 +8,6 @@ #include "rollback_index.h" #include "tlcl.h" #include "vboot_common.h" -#include "vboot_firmware.h" #include "vboot_kernel.h" int main(void) @@ -20,14 +19,6 @@ int main(void) GptNextKernelEntry(0, 0, 0); GptUpdateKernelEntry(0, 0); - /* firmware_image_fw.h */ - VerifyFirmwareHeader(0, 0, 0, 0); - VerifyFirmwarePreamble(0, 0, 0, 0); - VerifyFirmwareData(0, 0, 0, 0, 0); - VerifyFirmware(0, 0, 0); - GetLogicalFirmwareVersion(0); - VerifyFirmwareDriver_f(0, 0, 0, 0, 0); - /* kernel_image_fw.h */ VerifyKernelKeyHeader(0, 0, 0, 0, 0, 0); VerifyKernelPreamble(0, 0, 0, 0); @@ -37,6 +28,7 @@ int main(void) GetLogicalKernelVersion(0); /* load_firmware_fw.h */ + UpdateFirmwareBodyHash(0, 0, 0); LoadFirmware(0); /* load_kernel_fw.h */ @@ -88,9 +80,5 @@ int main(void) /* vboot_kernel.h */ LoadKernel2(0); - /* vboot_firmware.h */ - UpdateFirmwareBodyHash(0, 0, 0); - LoadFirmware2(0); - return 0; } diff --git a/vfirmware/Makefile b/vfirmware/Makefile deleted file mode 100644 index d18d19fd..00000000 --- a/vfirmware/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -INCLUDES += -I./include \ - -I$(FWDIR)/lib/include \ - -I$(FWDIR)/lib/cryptolib/include \ - -I../common/include \ - -I../misclibs/include - -BUILD_ROOT := ${BUILD}/vfirmware - -ALL_SRCS = firmware_image.c - -include ../common.mk - -all: $(ALL_OBJS) - diff --git a/vfirmware/firmware_image.c b/vfirmware/firmware_image.c deleted file mode 100644 index 829d72ad..00000000 --- a/vfirmware/firmware_image.c +++ /dev/null @@ -1,522 +0,0 @@ -/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * Functions for generating and manipulating a verified boot firmware image. - */ - -#include "firmware_image.h" - -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <unistd.h> - -#include "cryptolib.h" -#include "file_keys.h" -#include "signature_digest.h" -#include "stateful_util.h" - -/* Macro to determine the size of a field structure in the FirmwareImage - * structure. */ -#define FIELD_LEN(field) (sizeof(((FirmwareImage*)0)->field)) - -FirmwareImage* FirmwareImageNew(void) { - FirmwareImage* image = (FirmwareImage*) Malloc(sizeof(FirmwareImage)); - if (image) { - image->firmware_sign_key = NULL; - image->kernel_subkey_sign_key = NULL; - image->preamble_signature = NULL; - image->firmware_signature = NULL; - image->firmware_data = NULL; - } - return image; -} - -void FirmwareImageFree(FirmwareImage* image) { - if (image) { - Free(image->firmware_sign_key); - Free(image->kernel_subkey_sign_key); - Free(image->preamble_signature); - Free(image->firmware_signature); - Free(image->firmware_data); - Free(image); - } -} - -FirmwareImage* ReadFirmwareImage(const char* input_file) { - uint64_t file_size; - int image_len = 0; /* Total size of the firmware image. */ - int header_len = 0; - int firmware_sign_key_len; - int signature_len; - uint8_t* firmware_buf; - uint8_t header_checksum[FIELD_LEN(header_checksum)]; - MemcpyState st; - FirmwareImage* image = FirmwareImageNew(); - - if (!image) - return NULL; - - firmware_buf = BufferFromFile(input_file, &file_size); - image_len = file_size; - - st.remaining_len = image_len; - st.remaining_buf = firmware_buf; - st.overrun = 0; - - /* Read and compare magic bytes. */ - StatefulMemcpy(&st, &image->magic, FIRMWARE_MAGIC_SIZE); - if (SafeMemcmp(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE)) { - debug("Wrong Firmware Magic.\n"); - Free(firmware_buf); - return NULL; - } - StatefulMemcpy(&st, &image->header_len, FIELD_LEN(header_len)); - StatefulMemcpy(&st, &image->firmware_sign_algorithm, - FIELD_LEN(firmware_sign_algorithm)); - - /* Valid Algorithm? */ - if (image->firmware_sign_algorithm >= kNumAlgorithms) { - Free(firmware_buf); - return NULL; - } - - /* Compute size of pre-processed RSA public key and signature. */ - firmware_sign_key_len = RSAProcessedKeySize(image->firmware_sign_algorithm); - signature_len = siglen_map[image->firmware_sign_algorithm]; - - /* Check whether the header length is correct. */ - header_len = GetFirmwareHeaderLen(image); - if (header_len != image->header_len) { - debug("Header length mismatch. Got: %d Expected: %d\n", - image->header_len, header_len); - Free(firmware_buf); - return NULL; - } - - /* Read pre-processed public half of the sign key. */ - StatefulMemcpy(&st, &image->firmware_key_version, - FIELD_LEN(firmware_key_version)); - image->firmware_sign_key = (uint8_t*) Malloc(firmware_sign_key_len); - StatefulMemcpy(&st, image->firmware_sign_key, firmware_sign_key_len); - StatefulMemcpy(&st, image->header_checksum, FIELD_LEN(header_checksum)); - - /* Check whether the header checksum matches. */ - CalculateFirmwareHeaderChecksum(image, header_checksum); - if (SafeMemcmp(header_checksum, image->header_checksum, - FIELD_LEN(header_checksum))) { - debug("Invalid firmware header checksum!\n"); - Free(firmware_buf); - return NULL; - } - - /* Read key signature. */ - StatefulMemcpy(&st, image->firmware_key_signature, - FIELD_LEN(firmware_key_signature)); - - /* Read the firmware preamble. */ - StatefulMemcpy(&st,&image->firmware_version, FIELD_LEN(firmware_version)); - StatefulMemcpy(&st, &image->firmware_len, FIELD_LEN(firmware_len)); - StatefulMemcpy(&st, &image->kernel_subkey_sign_algorithm, - FIELD_LEN(kernel_subkey_sign_algorithm)); - StatefulMemcpy(&st, image->kernel_subkey_sign_key, - RSAProcessedKeySize(image->kernel_subkey_sign_algorithm)); - StatefulMemcpy(&st, image->preamble, FIELD_LEN(preamble)); - - /* Read firmware preamble signature. */ - image->preamble_signature = (uint8_t*) Malloc(signature_len); - StatefulMemcpy(&st, image->preamble_signature, signature_len); - - image->firmware_signature = (uint8_t*) Malloc(signature_len); - StatefulMemcpy(&st, image->firmware_signature, signature_len); - - image->firmware_data = (uint8_t*) Malloc(image->firmware_len); - StatefulMemcpy(&st, image->firmware_data, image->firmware_len); - - if(st.overrun || st.remaining_len != 0) { /* Overrun or underrun. */ - Free(firmware_buf); - return NULL; - } - - Free(firmware_buf); - return image; -} - -int GetFirmwareHeaderLen(const FirmwareImage* image) { - return (FIELD_LEN(header_len) + FIELD_LEN(firmware_sign_algorithm) + - RSAProcessedKeySize(image->firmware_sign_algorithm) + - FIELD_LEN(firmware_key_version) + FIELD_LEN(header_checksum)); -} - -void CalculateFirmwareHeaderChecksum(const FirmwareImage* image, - uint8_t* header_checksum) { - uint8_t* checksum; - DigestContext ctx; - DigestInit(&ctx, SHA512_DIGEST_ALGORITHM); - DigestUpdate(&ctx, (uint8_t*) &image->header_len, - sizeof(image->header_len)); - DigestUpdate(&ctx, (uint8_t*) &image->firmware_sign_algorithm, - sizeof(image->firmware_sign_algorithm)); - DigestUpdate(&ctx, (uint8_t*) &image->firmware_key_version, - sizeof(image->firmware_key_version)); - DigestUpdate(&ctx, image->firmware_sign_key, - RSAProcessedKeySize(image->firmware_sign_algorithm)); - checksum = DigestFinal(&ctx); - Memcpy(header_checksum, checksum, FIELD_LEN(header_checksum)); - Free(checksum); - return; -} - - -uint8_t* GetFirmwareHeaderBlob(const FirmwareImage* image) { - uint8_t* header_blob = NULL; - MemcpyState st; - - header_blob = (uint8_t*) Malloc(GetFirmwareHeaderLen(image)); - st.remaining_len = GetFirmwareHeaderLen(image); - st.remaining_buf = header_blob; - st.overrun = 0; - - StatefulMemcpy_r(&st, &image->header_len, FIELD_LEN(header_len)); - StatefulMemcpy_r(&st, &image->firmware_sign_algorithm, FIELD_LEN(header_len)); - StatefulMemcpy_r(&st, &image->firmware_key_version, - FIELD_LEN(firmware_key_version)); - StatefulMemcpy_r(&st, image->firmware_sign_key, - RSAProcessedKeySize(image->firmware_sign_algorithm)); - StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum)); - - if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */ - Free(header_blob); - return NULL; - } - return header_blob; -} - - -uint8_t* GetFirmwarePreambleBlob(const FirmwareImage* image) { - uint8_t* preamble_blob = NULL; - MemcpyState st; - uint64_t preamble_len = GetFirmwarePreambleLen( - image->kernel_subkey_sign_algorithm); - - preamble_blob = (uint8_t*) Malloc(preamble_len); - st.remaining_len = preamble_len; - st.remaining_buf = preamble_blob; - st.overrun = 0; - - StatefulMemcpy_r(&st, &image->firmware_version, FIELD_LEN(firmware_version)); - StatefulMemcpy_r(&st, &image->firmware_len, FIELD_LEN(firmware_len)); - StatefulMemcpy_r(&st, &image->kernel_subkey_sign_algorithm, - FIELD_LEN(kernel_subkey_sign_algorithm)); - StatefulMemcpy_r(&st, image->kernel_subkey_sign_key, - RSAProcessedKeySize(image->kernel_subkey_sign_algorithm)); - StatefulMemcpy_r(&st, image->preamble, FIELD_LEN(preamble)); - - if (st.overrun || st.remaining_len != 0 ) { /* Underrun or Overrun. */ - Free(preamble_blob); - return NULL; - } - return preamble_blob; -} - - -uint8_t* GetFirmwareBlob(const FirmwareImage* image, uint64_t* blob_len) { - int firmware_signature_len; - uint8_t* firmware_blob = NULL; - uint8_t* header_blob = NULL; - uint8_t* preamble_blob = NULL; - MemcpyState st; - - if (!image) - return NULL; - - firmware_signature_len = siglen_map[image->firmware_sign_algorithm]; - *blob_len = (FIELD_LEN(magic) + - GetFirmwareHeaderLen(image) + - FIELD_LEN(firmware_key_signature) + - GetFirmwarePreambleLen(image->kernel_subkey_sign_algorithm) + - 2 * firmware_signature_len + - image->firmware_len); - firmware_blob = (uint8_t*) Malloc(*blob_len); - st.remaining_len = *blob_len; - st.remaining_buf = firmware_blob; - st.overrun = 0; - - header_blob = GetFirmwareHeaderBlob(image); - preamble_blob = GetFirmwarePreambleBlob(image); - - StatefulMemcpy_r(&st, image->magic, FIELD_LEN(magic)); - StatefulMemcpy_r(&st, header_blob, GetFirmwareHeaderLen(image)); - StatefulMemcpy_r(&st, image->firmware_key_signature, - FIELD_LEN(firmware_key_signature)); - StatefulMemcpy_r(&st, preamble_blob, - GetFirmwarePreambleLen(image->kernel_subkey_sign_algorithm)); - StatefulMemcpy_r(&st, image->preamble_signature, firmware_signature_len); - StatefulMemcpy_r(&st, image->firmware_signature, firmware_signature_len); - StatefulMemcpy_r(&st, image->firmware_data, image->firmware_len); - - Free(preamble_blob); - Free(header_blob); - - if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */ - Free(firmware_blob); - return NULL; - } - return firmware_blob; -} - -int WriteFirmwareImage(const char* output_file, - const FirmwareImage* image, - int is_only_vblock, - int is_subkey_out) { - int fd; - int success = 1; - uint8_t* firmware_blob; - uint8_t* subkey_out_buf = NULL; - uint8_t* subkey_header = NULL; - uint64_t blob_len; - - if (!image) - return 0; - if (-1 == (fd = creat(output_file, 0666))) { - debug("Couldn't open file for writing.\n"); - return 0; - } - if (is_subkey_out) { - blob_len = GetFirmwareHeaderLen(image) + - siglen_map[ROOT_SIGNATURE_ALGORITHM]; - subkey_out_buf = (uint8_t*) Malloc(blob_len); - subkey_header = GetFirmwareHeaderBlob(image); - Memcpy(subkey_out_buf, subkey_header, GetFirmwareHeaderLen(image)); - Memcpy(subkey_out_buf + GetFirmwareHeaderLen(image), - image->firmware_key_signature, - siglen_map[ROOT_SIGNATURE_ALGORITHM]); - if (blob_len != write(fd, subkey_out_buf, blob_len)) { - debug("Couldn't write kernel subkey header to file: %s\n", - output_file); - success = 0; - } - Free(subkey_header); - Free(subkey_out_buf); - close(fd); - return success; - } - - firmware_blob = GetFirmwareBlob(image, &blob_len); - if (!firmware_blob) { - debug("Couldn't create firmware blob from FirmwareImage.\n"); - return 0; - } - if (!is_only_vblock) { - if (blob_len != write(fd, firmware_blob, blob_len)) { - debug("Couldn't write Firmware Image to file: %s\n", output_file); - success = 0; - } - } else { - /* Exclude the firmware_data. */ - int vblock_len = blob_len - image->firmware_len; - if (vblock_len != write(fd, firmware_blob, vblock_len)) { - debug("Couldn't write Firmware Image verifcation block to file: %s\n", - output_file); - success = 0; - } - } - Free(firmware_blob); - close(fd); - return success; -} - -void PrintFirmwareImage(const FirmwareImage* image) { - if (!image) - return; - - /* Print header. */ - debug("Header Length = %d\n" - "Firmware Signature Algorithm = %s\n" - "Firmware Key Version = %d\n\n", - image->header_len, - algo_strings[image->firmware_sign_algorithm], - image->firmware_key_version); - /* TODO(gauravsh): Output hash and key signature here? */ - /* Print preamble. */ - debug("Firmware Version = %d\n" - "Firmware Length = %" PRIu64 "\n\n", - image->firmware_version, - image->firmware_len); - /* Output key signature here? */ -} - -int VerifyFirmwareImage(const RSAPublicKey* root_key, - const FirmwareImage* image) { - RSAPublicKey* firmware_sign_key = NULL; - uint8_t* header_digest = NULL; - uint8_t* preamble_digest = NULL; - uint8_t* firmware_digest = NULL; - int firmware_sign_key_size; - int signature_size; - int error_code = 0; - DigestContext ctx; - DigestContext firmware_ctx; - - if (!image) - return VERIFY_FIRMWARE_INVALID_IMAGE; - - /* Verify root key signature on the sign key header if we - * are not in dev mode. - * - * TODO(gauravsh): Add additional sanity checks here for: - * 1) verifying the header length is correct. - * 2) header_checksum is correct. - */ - - /* Check key signature. */ - DigestInit(&ctx, ROOT_SIGNATURE_ALGORITHM); - DigestUpdate(&ctx, (uint8_t*) &image->header_len, - FIELD_LEN(header_len)); - DigestUpdate(&ctx, (uint8_t*) &image->firmware_sign_algorithm, - FIELD_LEN(firmware_sign_algorithm)); - DigestUpdate(&ctx, (uint8_t*) &image->firmware_key_version, - FIELD_LEN(firmware_key_version)); - DigestUpdate(&ctx, image->firmware_sign_key, - RSAProcessedKeySize(image->firmware_sign_algorithm)); - DigestUpdate(&ctx, image->header_checksum, - FIELD_LEN(header_checksum)); - header_digest = DigestFinal(&ctx); - if (!RSAVerify(root_key, image->firmware_key_signature, - FIELD_LEN(firmware_key_signature), - ROOT_SIGNATURE_ALGORITHM, - header_digest)) { - error_code = VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED; - goto verify_failure; - } - - /* Get sign key to verify the rest of the firmware. */ - firmware_sign_key_size = RSAProcessedKeySize(image->firmware_sign_algorithm); - firmware_sign_key = RSAPublicKeyFromBuf(image->firmware_sign_key, - firmware_sign_key_size); - signature_size = siglen_map[image->firmware_sign_algorithm]; - - if (image->firmware_sign_algorithm >= kNumAlgorithms) - return VERIFY_FIRMWARE_INVALID_ALGORITHM; - - /* Verify firmware preamble signature. */ - DigestInit(&ctx, image->firmware_sign_algorithm); - DigestUpdate(&ctx, (uint8_t*) &image->firmware_version, - FIELD_LEN(firmware_version)); - DigestUpdate(&ctx, (uint8_t*) &image->firmware_len, - FIELD_LEN(firmware_len)); - DigestUpdate(&ctx, (uint8_t*) &image->kernel_subkey_sign_algorithm, - FIELD_LEN(kernel_subkey_sign_algorithm)); - DigestUpdate(&ctx, (uint8_t*) image->kernel_subkey_sign_key, - RSAProcessedKeySize(image->kernel_subkey_sign_algorithm)); - DigestUpdate(&ctx, (uint8_t*) &image->preamble, - FIELD_LEN(preamble)); - preamble_digest = DigestFinal(&ctx); - if (!RSAVerify(firmware_sign_key, image->preamble_signature, - signature_size, image->firmware_sign_algorithm, - preamble_digest)) { - error_code = VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; - goto verify_failure; - } - - /* Verify firmware signature - firmware signature is on the contents - of firmware preamble + firmware_data. */ - DigestInit(&firmware_ctx, image->firmware_sign_algorithm); - DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_version, - FIELD_LEN(firmware_version)); - DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_len, - FIELD_LEN(firmware_len)); - DigestUpdate(&firmware_ctx, (uint8_t*) &image->kernel_subkey_sign_algorithm, - FIELD_LEN(kernel_subkey_sign_algorithm)); - DigestUpdate(&firmware_ctx, (uint8_t*) image->kernel_subkey_sign_key, - RSAProcessedKeySize(image->kernel_subkey_sign_algorithm)); - DigestUpdate(&firmware_ctx, (uint8_t*) &image->preamble, - FIELD_LEN(preamble)); - DigestUpdate(&firmware_ctx, image->firmware_data, image->firmware_len); - firmware_digest = DigestFinal(&firmware_ctx); - if (!RSAVerify(firmware_sign_key, image->firmware_signature, - signature_size, image->firmware_sign_algorithm, - firmware_digest)) { - error_code = VERIFY_FIRMWARE_SIGNATURE_FAILED; - goto verify_failure; - } - -verify_failure: - RSAPublicKeyFree(firmware_sign_key); - Free(firmware_digest); - Free(preamble_digest); - Free(header_digest); - return error_code; -} - -const char* VerifyFirmwareErrorString(int error) { - return kVerifyFirmwareErrors[error]; -} - -int AddFirmwareKeySignature(FirmwareImage* image, const char* root_key_file) { - uint8_t* header_blob = NULL; - uint8_t* signature; - if (!image || !root_key_file) - return 0; - header_blob = GetFirmwareHeaderBlob(image); - if (!header_blob) - return 0; - if (!(signature = SignatureBuf(header_blob, - GetFirmwareHeaderLen(image), - root_key_file, - ROOT_SIGNATURE_ALGORITHM))) { - Free(header_blob); - return 0; - } - Memcpy(image->firmware_key_signature, signature, RSA8192NUMBYTES); - Free(header_blob); - Free(signature); - return 1; -} - -int AddFirmwareSignature(FirmwareImage* image, const char* signing_key_file) { - uint8_t* preamble_blob = NULL; - uint8_t* preamble_signature = NULL; - uint8_t* firmware_signature = NULL; - uint8_t* firmware_buf = NULL; - int signature_len = siglen_map[image->firmware_sign_algorithm]; - uint64_t preamble_len = GetFirmwarePreambleLen( - image->kernel_subkey_sign_algorithm); - - preamble_blob = GetFirmwarePreambleBlob(image); - if (!preamble_blob) - return 0; - if (!(preamble_signature = SignatureBuf(preamble_blob, - preamble_len, - signing_key_file, - image->firmware_sign_algorithm))) { - Free(preamble_blob); - return 0; - } - image->preamble_signature = (uint8_t*) Malloc(signature_len); - Memcpy(image->preamble_signature, preamble_signature, signature_len); - Free(preamble_signature); - /* Firmware signature must be calculated on preamble + firmware_data - * to avoid splicing attacks. */ - firmware_buf = (uint8_t*) Malloc(preamble_len + - image->firmware_len); - Memcpy(firmware_buf, preamble_blob, preamble_len); - Memcpy(firmware_buf + preamble_len, image->firmware_data, - image->firmware_len); - if (!(firmware_signature = SignatureBuf(firmware_buf, - preamble_len + - image->firmware_len, - signing_key_file, - image->firmware_sign_algorithm))) { - Free(preamble_blob); - Free(firmware_buf); - return 0; - } - image->firmware_signature = (uint8_t*) Malloc(signature_len); - Memcpy(image->firmware_signature, firmware_signature, signature_len); - Free(firmware_signature); - Free(firmware_buf); - Free(preamble_blob); - return 1; -} diff --git a/vfirmware/include/firmware_image.h b/vfirmware/include/firmware_image.h deleted file mode 100644 index 7bf53604..00000000 --- a/vfirmware/include/firmware_image.h +++ /dev/null @@ -1,100 +0,0 @@ -/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - * - * API definitions for a verified boot firmware image. - * (Userland Portion) - */ - -#ifndef VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ -#define VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ - -#include "firmware_image_fw.h" - -/* Allocate and return a new FirmwareImage structure. */ -FirmwareImage* FirmwareImageNew(void); - -/* Deep free the contents of [fw]. */ -void FirmwareImageFree(FirmwareImage* fw); - -/* Read firmware data from file named [input_file]. - * - * Returns a filled up FirmwareImage structure on success, NULL on error. - */ -FirmwareImage* ReadFirmwareImage(const char* input_file); - -/* Get the length of the header for image [image]. */ -int GetFirmwareHeaderLen(const FirmwareImage* image); - -/* Calculate and store the firmware header checksum of [image] - * in [header_checksum]. - * - * [header_checksum] must be a valid pointer to a buffer of - * SHA512_DIGEST_SIZE. - */ -void CalculateFirmwareHeaderChecksum(const FirmwareImage *image, - uint8_t* header_checksum); - -/* Get firmware header binary blob from an [image]. - * - * Caller owns the returned pointer and must Free() it. - */ -uint8_t* GetFirmwareHeaderBlob(const FirmwareImage* image); - -/* Get firmware preamble binary blob from an [image]. - * - * Caller owns the returned pointer and must Free() it. - */ -uint8_t* GetFirmwarePreambleBlob(const FirmwareImage* image); - -/* Get a verified firmware binary blob from an [image] and fill its - * length into blob_len. - * - * Caller owns the returned pointer and must Free() it. - */ -uint8_t* GetFirmwareBlob(const FirmwareImage* image, uint64_t* blob_len); - -/* Write firmware data from [image] into a file named [input_file]. - * - * If [is_just_vblock] is non-zero, only the verification block (excluding the - * actual firmware_data) is output. - * if [is_subkey_out] is non-zero, only the firmware key verification (subkey) - * header is output. - * - * Return 1 on success, 0 on failure. - */ -int WriteFirmwareImage(const char* input_file, - const FirmwareImage* image, - int is_only_vblock, - int is_subkey_out); - -/* Pretty print the contents of [image]. Only headers and metadata information - * is printed. - */ -void PrintFirmwareImage(const FirmwareImage* image); - -/* Performs a chained verify of the firmware [image]. - * - * Returns 0 on success, error code on failure. - */ -int VerifyFirmwareImage(const RSAPublicKey* root_key, - const FirmwareImage* image); - -/* Maps error codes from VerifyFirmware() to error description. */ -const char* VerifyFirmwareErrorString(int error); - -/* Add a root key signature to the key header to a firmware image [image] - * using the private root key in file [root_key_file]. - * - * Return 1 on success, 0 on failure. - */ -int AddFirmwareKeySignature(FirmwareImage* image, const char* root_key_file); - -/* Add firmware and preamble signature to a firmware image [image] - * using the private signing key in file [signing_key_file]. - * - * Return 1 on success, 0 on failure. - */ -int AddFirmwareSignature(FirmwareImage* image, const char* signing_key_file); - -#endif /* VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ */ |