summaryrefslogtreecommitdiff
path: root/firmware/lib/vboot_common.c
Commit message (Collapse)AuthorAgeFilesLines
* firmware: replace VBDEBUG(()) macro with VB2_DEBUG()Randall Spangler2017-01-121-5/+5
| | | | | | | | | | | | | | | | The original VBDEBUG macro used doubly-nested parens to work with MSVC, which didn't support varargs in macros. We now only use more modern compilers, so replace it with the VB2_DEBUG macro and get rid of the ugly and fragile double parens. BUG=chromium:611535 BRANCH=none TEST=make runtests; build_packages --board=reef chromeos-firmware Change-Id: Ifc0cb0733b14daaa1fde095fab7da4215a538c77 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/425133 Reviewed-by: Shelley Chen <shchen@chromium.org>
* vboot: Remove vboot1 cryptolib padding sourceRandall Spangler2016-11-061-2/+4
| | | | | | | | | | | | | | | | | The old vboot1 cryptolib hard-coded many of its padding arrays in a padding.c file. Use the equivalent vboot2 apis instead. This change is almost exclusively on the host and test side; the only firmware impact is on a single line of debug output. BUG=chromium:611535 BRANCH=none TEST=make runtests; emerge-kevin coreboot depthcharge Change-Id: If689ffd92f0255847bea2424950da4547b2c0df3 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/400902 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
* vboot: use vb2 verification functions for kernel verificationRandall Spangler2016-10-291-255/+0
| | | | | | | | | | | | | This removes old vboot1 functions in favor of the new vboot2 functions. BUG=chromium:611535 BRANCH=none TEST=make runtests; emerge-kevin coreboot depthcharge Change-Id: Idc64f7714bbd9d4fa82d14b6b5d73d71c61de854 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/400900 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
* vboot: use vb2_safe_memcmp instead of SafeMemcmpRandall Spangler2016-10-291-3/+5
| | | | | | | | | | | | | No need to have two implementations of this now. BUG=chromium:611535 BRANCH=none TEST=make runtests; emerge-kevin coreboot depthcharge Change-Id: I18bac928eb09971c37f3e1d7cbfd2009999b1f31 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/400899 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
* vboot: use standard memcmp, memcpy, memsetRandall Spangler2016-10-231-1/+1
| | | | | | | | | | | | | | Originally, we didn't trust the firmware to provide these functions from a standard library. Now, with coreboot, we do. BUG=chromium:611535 BRANCH=none TEST=make runtests; emerge-kevin coreboot depthcharge Change-Id: I4e624c40085f2b665275a38624340b2f6aabcf11 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/399120 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
* Fix coverity warnings in firmwareRandall Spangler2016-09-061-4/+4
| | | | | | | | | | | | | | Assorted minor code issues, which we should fix so any new errors stand out more. BUG=chromium:643769 BRANCH=none TEST=make runtests Change-Id: I84182df0d0e222f4f60206c621ec62e1ee283adb Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/380697 Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
* vboot: Upgrade VerifyFirmwarePreamble() to vboot2.0Randall Spangler2016-07-261-87/+0
| | | | | | | | | | | | | | | This replaces all calls to vboot1 VerifyFirmwarePreamble() with equivalent vb2.0 functions. No effect on ToT firmware, which already uses the vboot2.0 functions. BUG=chromium:611535 BRANCH=none TEST=make runtests Change-Id: I5c84e9ed0e0c75e2ea8dbd9bfcde0597bc457f24 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/349322 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
* vboot: Convert vboot1 SHA calls to use vboot2Randall Spangler2016-07-221-8/+14
| | | | | | | | | | | | | | | | | | This change replaces all calls to the old vboot1 SHA library with their vboot2 equivalents. This is the first in a long series of changes to move the core vboot kernel verification into vb2, and the control/display loop out to depthcharge. BUG=chromium:611535 BRANCH=none TEST=make runtests; build samus firmware and boot it Change-Id: I31986eb766176c0e39a192c5ce15730471c3cf94 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/344342 Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
* kernel flags: Add flags field to kernel preamble.Furquan Shaikh2015-02-121-2/+17
| | | | | | | | | | | | | | | | | | | | | | 1. Increase kernel preamble revision from 2.1 to 2.2. 2. Add flags field to kernel preamble. 3. Update futility to accept flags parameter for vbutil_kernel and cmd_sign for kernel. 4. Pass in an extra flags field to SignKernelBlob and CreateKernelPreamble. BUG=chrome-os-partner:35861 BRANCH=None TEST=1) "make runalltests" completes successfully. 2) vboot_reference compiles successfully for ryu. 3) Verified flags field in header using futility show. Change-Id: If9f06f98778a7339194c77090cbef4807d5e34e2 Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/245950 Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org>
* vboot: Add flag to vbutil_kernel for reconstruction of vmlinuz imageShelley Chen2015-01-231-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | Adding functionality to allow for rebuilding of vmlinuz after it has been processed into vblock and header stripped. Basically appends the 16-bit header of a vmlinuz image onto the end of the vblock. BUG=chromium:438302 BRANCH=none TEST=Successfully ran "make runalltests". Also, ran: 1. Repack kernel block (so that 16-bit header is included): "vbutil_kernel --pack kern_0 ..." 2. Verify kernel: "vbutil_kernel --verify kern_0 ... ". This should be done before booting into kernel, but not necessary for it to work. 3. Rebuild vmlinuz image: "vbutil_kernel --get-vmlinuz kern_0 --vmlinuz-out vm.out" 4. Set up kexec with vmlinuz (this should complete with no errors): "kexec -l vm.out (other kernel cmd line args)" 5. Boot into kernel: "kexec -e" Change-Id: Iaa1582a1aedf70b43cdb3a56cde1fb248f1793d4 Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/232750 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* Workaround for failing tests when DEBUG=1Bill Richardson2014-05-311-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | Two changes here. First are some failing assertions in tlcl.c. These have always failed, but only when DEBUG=1, so no one noticed. I've opened a bug to find out why, but it's blocking something else. We're refactoring anyway, so for now we'll just comment around it. Second is a null-pointer dereference in VbSharedDataSetKernelKey(). Again, only when DEBUG=1. BUG=chromium:379255 BRANCH=ToT TEST=manual cd src/platform/ec \rm -rf build DEBUG=1 make runtests Change-Id: Ia5e0a742f75057b449f3c19b778c5d2f0408d7cd Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/202303 Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
* Enable vboot for sandbox and improve debugging/format stringsSimon Glass2013-08-241-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | Some functions of vboot are disabled for sandbox because sandbox could not support them. This has changed, so remove the sandbox #ifdefs in the code. Some printf() strings cause warnings on sandbox - mostly that uin64_t is not 'long long' on a 64-bit machine. The existing format strings in U-Boot do not seem to take account of this, so add casts to remove the warnings. Also add a few more debug strings to make it easier to see what is happening in the vboot flow. BUG=chrome-os-partner:21115 BRANCH=pit TEST=manual crosfw -b sandbox -V See there are no warnings. Change-Id: I86f90a693e4bd23fcacf6d48297dd32229348dd4 Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/65621 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
* Massive refactoring of external header files.Bill Richardson2013-04-021-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | This reduces the number of exported header files to the minimum needed by the existing userspace utilities and firmware implementations. BUG=chromium:221544 BRANCH=none TEST=manual, trybots CQ-DEPEND=CL:47019,CL:47022,CL:47023 sudo FEATURES=test emerge vboot_reference FEATURES=test emerge-$BOARD \ vboot_reference \ chromeos-cryptohome \ chromeos-installer \ chromeos-u-boot \ peach-u-boot \ depthcharge Change-Id: I2946cc2dbaf5459a6c5eca92ca57d546498e6d85 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/47021 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* Split off modules required for VbInit() and VbSelectFirmware()Randall Spangler2013-02-261-33/+1
| | | | | | | | | | | | | | | | | This makes it more obvious which modules and VbEx*() functions must be implemented to call these entry points. This change only moves functions between modules and adds two link-test binaries; it doesn't change any functionality. BUG=chromium-os:39262 BRANCH=none TEST=make && make runtests Change-Id: If3edf0b1989b631f0e7ad18de7ccdad8315181b5 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/44076 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
* Reformat files to kernel styleRandall Spangler2013-01-251-429/+437
| | | | | | | | | | | | | No code changes, just reformatting. BUG=none BRANCH=none TEST=make runtests Change-Id: I30c7f74217c10ac7cc618aee30a22febe1e41f5c Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/42053 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
* Remove unused vbutil_ecRandall Spangler2013-01-241-79/+0
| | | | | | | | | | | | | | | | | EC verification is done via software sync; the EC doesn't do vboot on its own. BUG=chromium-os:38139 BRANCH=none TEST=manual make runtests emerge-link vboot_reference chromeos-u-boot chromeos-bootimage Change-Id: I6e5c0db8fc54b474f044d37c2603a9c116747a85 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/41953 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
* Fix potential memory leak in KeyBlockVerify()Bill Richardson2012-05-091-0/+1
| | | | | | | | | | | BUG=none TEST=none Change-Id: I17f1cff7d6f750dfd862d71941c6b8cfec57b6bf Reviewed-on: https://gerrit.chromium.org/gerrit/22312 Commit-Ready: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org> Tested-by: Bill Richardson <wfrichar@chromium.org>
* Create vbutil_ec tool for signing EC firmware.Bill Richardson2012-05-041-0/+78
| | | | | | | | | | | | | | | | | | This just adds the vbutil_ec tool (and a simple test of the library functions related to it). BUG=chrome-os-partner:7459, chromium-os:27142 TEST=manual make make runtests Change-Id: I2a2c4e7cfb8ac6ce2229c5de4252a5cc89321fa5 Reviewed-on: https://gerrit.chromium.org/gerrit/21868 Commit-Ready: Bill Richardson <wfrichar@chromium.org> Tested-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Stefan Reinauer <reinauer@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* Add support for flags in the firmware preamble.Randall Spangler2011-07-131-2/+23
| | | | | | | | | | | | | | | | | | The old (v2.0) parser is compatible with new (v2.1) structs. That is, this won't break existing firmware or vbutil_firmware. A new (v2.1) parser parsing an old (v2.0) struct will return 0 for the flags. This will be used to support the RO-normal code path in a subsequent CL. BUG=chromium-os:17304 TEST=added unit tests; make && make runtests Change-Id: I73bcd8acd3330b0d7d143061b5ef838e6d79cf1a Reviewed-on: http://gerrit.chromium.org/gerrit/4030 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Tested-by: Randall Spangler <rspangler@chromium.org>
* Port vboot_reference to use new wrapper API utility functionsRandall Spangler2011-07-081-1/+2
| | | | | | | | | | | | | | | | Third time's the charm. Now that we've moved to u-boot-next, this won't break the ARM build. BUG=chromium-os:17006 TEST=make && make runtests; emerge vboot_reference; emerge-tegra2_seaboard chromeos-bootimage Change-Id: Ib4fa26c7a23868dd2ffd2b321ee8dc08c66ea322 Original-Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f Original-Reviewed-on: http://gerrit.chromium.org/gerrit/3263 Original-Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-on: http://gerrit.chromium.org/gerrit/3803 Tested-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org>
* Revert "Verified boot wrapper - replace utility functions"Randall Spangler2011-07-011-2/+1
| | | | | | | | | | | This reverts commit 0184886c8cb35e8e01d610622df448a7cb063e06 (This works with uboot-next, but not uboot, which doesn't implement its half of the new wrapper API. So rolling back to leave uboot working. Change-Id: I1f9e3c63e5bbdb20b9195cd68787bef89f24afee Reviewed-on: http://gerrit.chromium.org/gerrit/3588 Reviewed-by: Randall Spangler <rspangler@chromium.org> Tested-by: Randall Spangler <rspangler@chromium.org>
* Verified boot wrapper - replace utility functionsRandall Spangler2011-07-011-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is part 3 of the vboot wrapper API refactoring. It replaces the function calls to utility.c functions with new API calls. (It also fixes up some integer type mismatches in cryptolib that were causing warnings on the H2C build; those had been fixed a while ago in H2C but hadn't been propagated across.) This is a re-commit of the original; I've verified it compiles on both x86-alex and tegra2, for both vboot_reference and vboot_reference-firmware, now that the patch from 1c1a883bc746a6216bb634825d33d80562853020 is checked in. BUG=chromium-os:17006 TEST=make && make runtests, and emerged on both x86-alex and tegra2 Original-Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f Original-Reviewed-on: http://gerrit.chromium.org/gerrit/3263 Original-Reviewed-by: Simon Glass <sjg@chromium.org> Tested-by: Randall Spangler <rspangler@chromium.org> (cherry picked from commit bd81b3a7d3b7fe4ca6179ade665e565800ab17fc) Change-Id: Iefdbfb3d10eb9aa385fb6dfc3bf0896f637cb64b Reviewed-on: http://gerrit.chromium.org/gerrit/3582 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Tested-by: Randall Spangler <rspangler@chromium.org>
* Revert "Verified boot wrapper - replace utility functions"mukesh agrawal2011-06-271-2/+1
| | | | | | | | | This reverts commit bd81b3a7d3b7fe4ca6179ade665e565800ab17fc. Change-Id: I2be2c076a37bf0e49569248691fceac417254f0b Reviewed-on: http://gerrit.chromium.org/gerrit/3295 Reviewed-by: mukesh agrawal <quiche@chromium.org> Tested-by: mukesh agrawal <quiche@chromium.org>
* Verified boot wrapper - replace utility functionsRandall Spangler2011-06-271-1/+2
| | | | | | | | | | | | | | | | This is part 3 of the vboot wrapper API refactoring. It replaces the function calls to utility.c functions with new API calls. (It also fixes up some integer type mismatches in cryptolib that were causing warnings on the H2C build; those had been fixed a while ago in H2C but hadn't been propagated across.) BUG=chromium-os:17006 TEST=make && make runtests Change-Id: I771085dcdf79d9592de64f35e3b758111a80dd9f Reviewed-on: http://gerrit.chromium.org/gerrit/3263 Reviewed-by: Simon Glass <sjg@chromium.org> Tested-by: Randall Spangler <rspangler@chromium.org>
* Fix preamble range checks0.12.362.BRandall Spangler2011-04-011-6/+6
| | | | | | | | | | Change-Id: I0571f4524703566b8840e2b264d868c404f87c80 R=gauravsh@chromium.org,wfrichar@chromium.org BUG=chrome-os-partner:2910 TEST=make && make runtests Review URL: http://codereview.chromium.org/6759075
* Add additional checks for size greater than header size.Randall Spangler2011-03-251-0/+12
| | | | | | | | | | Change-Id: Iea64e3df795d1f9299117cbd161b203295211629 R=wfrichar@chromium.org,gauravsh@chromium.org BUG=chrome-os-partner:2908 TEST=make && make runtests Review URL: http://codereview.chromium.org/6745027
* Fix not checking hashed data sizeRandall Spangler2011-03-251-0/+7
| | | | | | | | | | R=wfrichar@chromium.org,gauravsh@chromium.org BUG=chrome-os-partner:2909 TEST=make && make runtests Review URL: http://codereview.chromium.org/6748009 Change-Id: I3251aa6e6dd62ff4351fdf33ca9182b19a29cbbf
* Use uint64_t and avoid down casting as much as possible.Gaurav Shah2011-03-251-5/+5
| | | | | | | | | Change-Id: I231d1b3a059907c3806feced7e1b8f1c06575ba5 BUG=chromeos-partner:2912 TEST=make clean all && make runtests Review URL: http://codereview.chromium.org/6733018
* Add VbSharedData field parsingRandall Spangler2011-03-171-0/+8
| | | | | | | | | | | | | | | | | | | | | R=reinauer@chromium.org BUG=chrome-os-partner:2578 TEST=manual crossystem vdat_timers should show 'LFS=0,0 LF=number1,number2 LK=number3,number4' where number1 < number2 < number3 < number4 crossystem vdat_lfdebug run from a dev mode console, should show 'check=12,0 index=0x00 tpmver=(hex number) lowestver=(hex number)' crossystem vdat_flags run from a dev mode console, flags should be 0x04. Review URL: http://codereview.chromium.org/6685068 Change-Id: Id7b958ae300d10cdcdc1b17a1bb17b7e5069166f
* This is necessary to pass additional information about whether firmware A or ↵Randall Spangler2011-03-091-1/+66
| | | | | | | | | | | | | | | | | | | | | | | B is being run. This change also passes the GBB directly into LoadFirmware() and LoadKernel(). Change-Id: I976c11c82c3d665a4feb88226e919f16c2440f60 BUG=chrome-os-partner:1657 TEST=manual - see below make && make runtests Then test verifying a test image in both dev mode (-b1, no key specified) and recovery mode (key specified) build/utility/load_kernel_test -b1 ~/b/USB_images/0.11.224.0-alex/chromiumos_test_image.bin build/utility/load_kernel_test ~/b/USB_images/0.11.224.0-alex/chromiumos_test_image.bin tests/devkeys/recovery_key.vbpubk And make sure the firmware with this change actually boots to USB and SSD. NOTE: u-boot-next needs to change to work with this change. will attempt a follow-up CL with that change Review URL: http://codereview.chromium.org/6626045
* Add additional sanity checks to RSA verification code.Gaurav Shah2010-08-171-1/+3
| | | | | | | | | Also, make algorithm unsigned int in most places. BUG=chrome-os-partner:701 TEST=existing RSA verification tests still pass Review URL: http://codereview.chromium.org/3136017
* Fix KeyBlockVerify() to take an explicit param for whether to use hash only.Randall Spangler2010-08-171-29/+40
| | | | | | | | | Fix VerifyMemberInside(). BUG=chrome-os-partner:703 TEST=make && make runtests Review URL: http://codereview.chromium.org/3126013
* Changes to allow user-signed kernels to be generated.Bill Richardson2010-08-091-2/+10
| | | | | | | | | | | | | Make vbutil_keyblock handle unsigned blocks. Also enable --unpack option and add tests for it. Modify vbutil_kernel to allow unsigned keyblocks, correct usage message, and fix the --debug option which was somehow disabled. Update load_kernel_test to accept /dev/null for the public key, to test non-signed kernel keyblocks. Review URL: http://codereview.chromium.org/3124004
* Added size param to VerifyData()Randall Spangler2010-07-191-6/+10
| | | | | | | | | | | Also renamed verify preamble functions, now that they do not need the '2' at the end to differentiate them from the now-deleted original implementation. BUG=4501 TEST=Ran make runtests; all pass. Review URL: http://codereview.chromium.org/3027009
* Make sure advertised signature data size is sane.Gaurav Shah2010-06-301-1/+13
| | | | | | TEST=make runtests -- All the tests in the test suite pass. Review URL: http://codereview.chromium.org/2849036
* Add VBDEBUG macro for debug output.Randall Spangler2010-06-231-28/+28
| | | | | | Replaced in firmware/ lib; not replaced in host-side utils/tests. Review URL: http://codereview.chromium.org/2810026
* Fixes to compiler warnings in MSVCRandall Spangler2010-06-211-4/+5
| | | | Review URL: http://codereview.chromium.org/2851015
* Remove unused files, and tidy the directory structure of the remaining ones.Randall Spangler2010-06-171-0/+341
Review URL: http://codereview.chromium.org/2815011
View Lorry Controller Status