From fc17308c39d23fe64959854dc5a858429b37539f Mon Sep 17 00:00:00 2001 From: Daisuke Nojiri Date: Tue, 24 Jun 2014 12:26:39 -0700 Subject: vboot2: Scramble the GBB magic number Compiling in the GBB magic number as is causes any tools that search for the number to fail. This patch allows firmware to embed XOR'ed signature. TEST=Booted Nyan in normal mode. FAFT:firmware_DevMode passes. BUG=none BRANCH=none Signed-off-by: Daisuke Nojiri Change-Id: Id18905a9969af3db24151e7c51332d0e94405108 Reviewed-on: https://chromium-review.googlesource.com/205416 Reviewed-by: Randall Spangler Commit-Queue: Daisuke Nojiri Tested-by: Daisuke Nojiri --- firmware/2lib/2misc.c | 18 ++++++++++++++---- firmware/2lib/include/2misc.h | 8 ++++++++ firmware/2lib/include/2struct.h | 7 ++++++- 3 files changed, 28 insertions(+), 5 deletions(-) diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c index f5571dc6..5d063b94 100644 --- a/firmware/2lib/2misc.c +++ b/firmware/2lib/2misc.c @@ -14,6 +14,17 @@ #include "2sha.h" #include "2rsa.h" +int vb2_validate_gbb_signature(uint8_t *sig) { + const static uint8_t sig_xor[VB2_GBB_SIGNATURE_SIZE] = + VB2_GBB_XOR_SIGNATURE; + int i; + for (i = 0; i < VB2_GBB_SIGNATURE_SIZE; i++) { + if (sig[i] != (sig_xor[i] ^ VB2_GBB_XOR_CHARS[i])) + return VB2_ERROR_GBB_MAGIC; + } + return VB2_SUCCESS; +} + void vb2_workbuf_from_ctx(struct vb2_context *ctx, struct vb2_workbuf *wb) { vb2_workbuf_init(wb, ctx->workbuf + ctx->workbuf_used, @@ -22,8 +33,6 @@ void vb2_workbuf_from_ctx(struct vb2_context *ctx, struct vb2_workbuf *wb) int vb2_read_gbb_header(struct vb2_context *ctx, struct vb2_gbb_header *gbb) { - static const uint8_t expect_sig[VB2_GBB_SIGNATURE_SIZE] = - VB2_GBB_SIGNATURE; int rv; /* Read the entire header */ @@ -32,8 +41,9 @@ int vb2_read_gbb_header(struct vb2_context *ctx, struct vb2_gbb_header *gbb) return rv; /* Make sure it's really a GBB */ - if (memcmp(gbb->signature, expect_sig, sizeof(expect_sig))) - return VB2_ERROR_GBB_MAGIC; + rv = vb2_validate_gbb_signature(gbb->signature); + if (rv) + return rv; /* Check for compatible version */ if (gbb->major_version != VB2_GBB_MAJOR_VER) diff --git a/firmware/2lib/include/2misc.h b/firmware/2lib/include/2misc.h index d90399a4..d6f48e86 100644 --- a/firmware/2lib/include/2misc.h +++ b/firmware/2lib/include/2misc.h @@ -22,6 +22,14 @@ static __inline struct vb2_shared_data *vb2_get_sd(struct vb2_context *ctx) { return (struct vb2_shared_data *)ctx->workbuf; } +/** + * Validate gbb signature (the magic number) + * + * @param sig pointer to the signature bytes to validate + * @return VB2_SUCCESS if valid or VB2_ERROR_GBB_MAGIC otherwise. + */ +int vb2_validate_gbb_signature(uint8_t *sig); + /** * Initialize a work buffer from the vboot context. * diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 7a6d0ce7..646d0915 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -301,9 +301,14 @@ struct vb2_shared_data { /****************************************************************************/ -/* Signature at start of the GBB */ +/* Signature at start of the GBB + * Note that if you compile in the signature as is, you are likely to break any + * tools that search for the signature. */ #define VB2_GBB_SIGNATURE "$GBB" #define VB2_GBB_SIGNATURE_SIZE 4 +#define VB2_GBB_XOR_CHARS "****" +/* TODO: can we write a macro to produce this at compile time? */ +#define VB2_GBB_XOR_SIGNATURE { 0x0e, 0x6d, 0x68, 0x68 } /* VB2 GBB struct version */ #define VB2_GBB_MAJOR_VER 1 -- cgit v1.2.1