diff options
| -rw-r--r-- | firmware/lib20/misc.c | 45 | ||||
| -rw-r--r-- | tests/vb20_misc_tests.c | 2 |
2 files changed, 47 insertions, 0 deletions
diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c index a446022d..0e61e858 100644 --- a/firmware/lib20/misc.c +++ b/firmware/lib20/misc.c @@ -14,6 +14,50 @@ #include "2rsa.h" #include "vb2_common.h" +/* + * The blob below is the sha1 digest calculated over the packed developer + * root public key structure. + */ + +static const uint8_t dev_key_digest[] = { + 0xb1, 0x1d, 0x74, 0xed, 0xd2, 0x86, 0xc1, 0x44, + 0xe1, 0x13, 0x5b, 0x49, 0xe7, 0xf0, 0xbc, 0x20, + 0xcf, 0x04, 0x1f, 0x10, +}; + +static void vb2_report_dev_firmware(struct vb2_public_key *root) +{ + struct vb2_digest_context dc; + uint8_t digest[sizeof(dev_key_digest)]; + int size = root->arrsize * 4; + + if (!root->arrsize) + return; /* Must be a test run. */ + + if (vb2_digest_init(&dc, VB2_HASH_SHA1) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)&root->arrsize, + sizeof(root->arrsize)) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)&root->n0inv, + sizeof(root->n0inv)) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)root->n, size) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)root->rr, size) != VB2_SUCCESS) + return; + + if (vb2_digest_finalize(&dc, digest, sizeof(digest)) != VB2_SUCCESS) + return; + + if (!memcmp(digest, dev_key_digest, sizeof(dev_key_digest))) + VB2_DEBUG("This is developer signed firmware\n"); +} + int vb2_load_fw_keyblock(struct vb2_context *ctx) { struct vb2_shared_data *sd = vb2_get_sd(ctx); @@ -89,6 +133,7 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx) return rv; } + vb2_report_dev_firmware(&root_key); sd->fw_version = kb->data_key.key_version << 16; /* diff --git a/tests/vb20_misc_tests.c b/tests/vb20_misc_tests.c index 65ceea97..8021888c 100644 --- a/tests/vb20_misc_tests.c +++ b/tests/vb20_misc_tests.c @@ -12,6 +12,7 @@ #include "2common.h" #include "2misc.h" #include "2nvstorage.h" +#include "2rsa.h" #include "2secdata.h" #include "vb2_common.h" #include "test_common.h" @@ -149,6 +150,7 @@ int vb2_unpack_key(struct vb2_public_key *key, const uint8_t *buf, uint32_t size) { + key->arrsize = 0; return mock_unpack_key_retval; } |