diff options
Diffstat (limited to 'futility/cmd_sign.c')
-rw-r--r-- | futility/cmd_sign.c | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c index 41f3d9f7..3a65b22e 100644 --- a/futility/cmd_sign.c +++ b/futility/cmd_sign.c @@ -76,21 +76,37 @@ int futil_cb_sign_fw_main(struct futil_traverse_state_s *state) int futil_cb_sign_fw_preamble(struct futil_traverse_state_s *state) { VbKeyBlockHeader *key_block = (VbKeyBlockHeader *)state->my_area->buf; - struct cb_area_s *fw_body_area = 0; + uint32_t len = state->my_area->len; /* We don't (yet) handle standalone VBLOCKs */ if (state->component == CB_FW_PREAMBLE) return futil_cb_sign_notyet(state); + /* - * We've already checked the Keyblock hash and taken a look at the - * preamble or we wouldn't be here. + * If we have a valid keyblock and fw_preamble, then we can use them to + * determine the size of the firmware body. Otherwise, we'll have to + * just sign the whole region. */ + if (VBOOT_SUCCESS != KeyBlockVerify(key_block, len, NULL, 1)) { + fprintf(stderr, "Warning: %s keyblock is invalid. " + "Signing the entire FW FMAP region...\n", + state->name); + goto whatever; + } + RSAPublicKey *rsa = PublicKeyToRSA(&key_block->data_key); + if (!rsa) { + fprintf(stderr, "Warning: %s public key is invalid. " + "Signing the entire FW FMAP region...\n", + state->name); + goto whatever; + } uint32_t more = key_block->key_block_size; VbFirmwarePreambleHeader *preamble = (VbFirmwarePreambleHeader *)(state->my_area->buf + more); uint32_t fw_size = preamble->body_signature.data_size; + struct cb_area_s *fw_body_area = 0; switch (state->component) { case CB_FMAP_VBLOCK_A: @@ -111,8 +127,11 @@ int futil_cb_sign_fw_preamble(struct futil_traverse_state_s *state) } /* Update the firmware size */ + fprintf(stderr, "HEY: set FW size from %d to %d\n", + fw_body_area->len, fw_size); fw_body_area->len = fw_size; +whatever: state->my_area->_flags |= AREA_IS_VALID; return 0; |