diff options
Diffstat (limited to 'firmware/lib/vboot_common.c')
-rw-r--r-- | firmware/lib/vboot_common.c | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c index 308bfeed..3535952f 100644 --- a/firmware/lib/vboot_common.c +++ b/firmware/lib/vboot_common.c @@ -311,93 +311,6 @@ int KeyBlockVerify(const VbKeyBlockHeader *block, uint64_t size, return VBOOT_SUCCESS; } -int VerifyFirmwarePreamble(const VbFirmwarePreambleHeader *preamble, - uint64_t size, const RSAPublicKey *key) -{ - const VbSignature *sig = &preamble->preamble_signature; - - VBDEBUG(("Verifying preamble.\n")); - /* Sanity checks before attempting signature of data */ - if(size < EXPECTED_VBFIRMWAREPREAMBLEHEADER2_0_SIZE) { - VBDEBUG(("Not enough data for preamble header 2.0.\n")); - return VBOOT_PREAMBLE_INVALID; - } - if (preamble->header_version_major != - FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) { - VBDEBUG(("Incompatible firmware preamble header version.\n")); - return VBOOT_PREAMBLE_INVALID; - } - if (size < preamble->preamble_size) { - VBDEBUG(("Not enough data for preamble.\n")); - return VBOOT_PREAMBLE_INVALID; - } - - /* Check signature */ - if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) { - VBDEBUG(("Preamble signature off end of preamble\n")); - return VBOOT_PREAMBLE_INVALID; - } - - /* Make sure advertised signature data sizes are sane. */ - if (preamble->preamble_size < sig->data_size) { - VBDEBUG(("Signature calculated past end of the block\n")); - return VBOOT_PREAMBLE_INVALID; - } - - if (VerifyData((const uint8_t *)preamble, size, sig, key)) { - VBDEBUG(("Preamble signature validation failed\n")); - return VBOOT_PREAMBLE_SIGNATURE; - } - - /* Verify we signed enough data */ - if (sig->data_size < sizeof(VbFirmwarePreambleHeader)) { - VBDEBUG(("Didn't sign enough data\n")); - return VBOOT_PREAMBLE_INVALID; - } - - /* Verify body signature is inside the signed data */ - if (VerifySignatureInside(preamble, sig->data_size, - &preamble->body_signature)) { - VBDEBUG(("Firmware body signature off end of preamble\n")); - return VBOOT_PREAMBLE_INVALID; - } - - /* Verify kernel subkey is inside the signed data */ - if (VerifyPublicKeyInside(preamble, sig->data_size, - &preamble->kernel_subkey)) { - VBDEBUG(("Kernel subkey off end of preamble\n")); - return VBOOT_PREAMBLE_INVALID; - } - - /* - * If the preamble header version is at least 2.1, verify we have space - * for the added fields from 2.1. - */ - if (preamble->header_version_minor >= 1) { - if(size < EXPECTED_VBFIRMWAREPREAMBLEHEADER2_1_SIZE) { - VBDEBUG(("Not enough data for preamble header 2.1.\n")); - return VBOOT_PREAMBLE_INVALID; - } - } - - /* Success */ - return VBOOT_SUCCESS; -} - -uint32_t VbGetFirmwarePreambleFlags(const VbFirmwarePreambleHeader *preamble) -{ - if (preamble->header_version_minor < 1) { - /* - * Old structure; return default flags. (Note that we don't - * need to check header_version_major; if that's not 2 then - * VerifyFirmwarePreamble() would have already failed. - */ - return 0; - } - - return preamble->flags; -} - int VerifyKernelPreamble(const VbKernelPreambleHeader *preamble, uint64_t size, const RSAPublicKey *key) { |