From c1a96b0f42673494a4378876e03c394c30b75a83 Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Tue, 7 Apr 2015 17:07:33 -0700 Subject: Report if firmware is signed by developer key Recent experience shows that users often get confused and try running pre-mp signed images under dev firmware control and vice versa. The matters are further aggravated by the fact that the signage mismatch is allowed when the device is in dev mode and not in normal mode. While the users usually can tell what class of keys the Chrome OS image is signed with, it is much mode difficult to tell what keys the firmware was signed with. This patch, reports in the log if the firmware was signed with dev keys, by comparing the hash calculated over the packed root public key body with a precompiled value. A test tweak was required to avoid using uninitialized data. BRANCH=none BUG=none TEST=booted the new code on storm, observed the following message included in the log: VB2:vb2_report_key_class() This is developer signed firmware - verified that 'make run2tests' succeeds in chroot Change-Id: I97ed6ba384cee59ff3f42943630e92ebae10dd03 Signed-off-by: Vadim Bendebury Reviewed-on: https://chromium-review.googlesource.com/264469 Reviewed-by: Randall Spangler --- firmware/lib20/misc.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ tests/vb20_misc_tests.c | 2 ++ 2 files changed, 47 insertions(+) diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c index a446022d..0e61e858 100644 --- a/firmware/lib20/misc.c +++ b/firmware/lib20/misc.c @@ -14,6 +14,50 @@ #include "2rsa.h" #include "vb2_common.h" +/* + * The blob below is the sha1 digest calculated over the packed developer + * root public key structure. + */ + +static const uint8_t dev_key_digest[] = { + 0xb1, 0x1d, 0x74, 0xed, 0xd2, 0x86, 0xc1, 0x44, + 0xe1, 0x13, 0x5b, 0x49, 0xe7, 0xf0, 0xbc, 0x20, + 0xcf, 0x04, 0x1f, 0x10, +}; + +static void vb2_report_dev_firmware(struct vb2_public_key *root) +{ + struct vb2_digest_context dc; + uint8_t digest[sizeof(dev_key_digest)]; + int size = root->arrsize * 4; + + if (!root->arrsize) + return; /* Must be a test run. */ + + if (vb2_digest_init(&dc, VB2_HASH_SHA1) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)&root->arrsize, + sizeof(root->arrsize)) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)&root->n0inv, + sizeof(root->n0inv)) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)root->n, size) != VB2_SUCCESS) + return; + + if (vb2_digest_extend(&dc, (uint8_t *)root->rr, size) != VB2_SUCCESS) + return; + + if (vb2_digest_finalize(&dc, digest, sizeof(digest)) != VB2_SUCCESS) + return; + + if (!memcmp(digest, dev_key_digest, sizeof(dev_key_digest))) + VB2_DEBUG("This is developer signed firmware\n"); +} + int vb2_load_fw_keyblock(struct vb2_context *ctx) { struct vb2_shared_data *sd = vb2_get_sd(ctx); @@ -89,6 +133,7 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx) return rv; } + vb2_report_dev_firmware(&root_key); sd->fw_version = kb->data_key.key_version << 16; /* diff --git a/tests/vb20_misc_tests.c b/tests/vb20_misc_tests.c index 65ceea97..8021888c 100644 --- a/tests/vb20_misc_tests.c +++ b/tests/vb20_misc_tests.c @@ -12,6 +12,7 @@ #include "2common.h" #include "2misc.h" #include "2nvstorage.h" +#include "2rsa.h" #include "2secdata.h" #include "vb2_common.h" #include "test_common.h" @@ -149,6 +150,7 @@ int vb2_unpack_key(struct vb2_public_key *key, const uint8_t *buf, uint32_t size) { + key->arrsize = 0; return mock_unpack_key_retval; } -- cgit v1.2.1