1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
|
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Misc functions which need access to vb2_context but are not public APIs
*/
#include "2sysincludes.h"
#include "2api.h"
#include "2misc.h"
#include "2nvstorage.h"
#include "2secdata.h"
#include "2sha.h"
#include "2rsa.h"
#include "vb2_common.h"
/*
* The blob below is the sha1 digest calculated over the packed developer
* root public key structure.
*/
static const uint8_t dev_key_digest[] = {
0xb1, 0x1d, 0x74, 0xed, 0xd2, 0x86, 0xc1, 0x44,
0xe1, 0x13, 0x5b, 0x49, 0xe7, 0xf0, 0xbc, 0x20,
0xcf, 0x04, 0x1f, 0x10,
};
/**
* Determine if the root key is the developer key checked into the
* vboot_reference repository. Has no effect on boot; just logs this to the
* debug console.
*
* @param root Root key
*/
static void vb2_report_dev_firmware(struct vb2_public_key *root)
{
struct vb2_digest_context dc;
uint8_t digest[sizeof(dev_key_digest)];
int size = root->arrsize * 4;
if (!root->arrsize)
return; /* Must be a test run. */
if (vb2_digest_init(&dc, VB2_HASH_SHA1) != VB2_SUCCESS)
return;
if (vb2_digest_extend(&dc, (uint8_t *)&root->arrsize,
sizeof(root->arrsize)) != VB2_SUCCESS)
return;
if (vb2_digest_extend(&dc, (uint8_t *)&root->n0inv,
sizeof(root->n0inv)) != VB2_SUCCESS)
return;
if (vb2_digest_extend(&dc, (uint8_t *)root->n, size) != VB2_SUCCESS)
return;
if (vb2_digest_extend(&dc, (uint8_t *)root->rr, size) != VB2_SUCCESS)
return;
if (vb2_digest_finalize(&dc, digest, sizeof(digest)) != VB2_SUCCESS)
return;
if (!memcmp(digest, dev_key_digest, sizeof(dev_key_digest)))
VB2_DEBUG("This is developer signed firmware\n");
}
vb2_error_t vb2_load_fw_keyblock(struct vb2_context *ctx)
{
struct vb2_shared_data *sd = vb2_get_sd(ctx);
struct vb2_gbb_header *gbb = vb2_get_gbb(ctx);
struct vb2_workbuf wb;
uint8_t *key_data;
uint32_t key_size;
struct vb2_packed_key *packed_key;
struct vb2_public_key root_key;
struct vb2_keyblock *kb;
uint32_t block_size;
vb2_error_t rv;
vb2_workbuf_from_ctx(ctx, &wb);
/* Read the root key */
key_size = gbb->rootkey_size;
key_data = vb2_workbuf_alloc(&wb, key_size);
if (!key_data)
return VB2_ERROR_FW_KEYBLOCK_WORKBUF_ROOT_KEY;
rv = vb2ex_read_resource(ctx, VB2_RES_GBB, gbb->rootkey_offset,
key_data, key_size);
if (rv)
return rv;
/* Unpack the root key */
rv = vb2_unpack_key_buffer(&root_key, key_data, key_size);
if (rv)
return rv;
/* If that's the checked-in root key, this is dev-signed firmware */
vb2_report_dev_firmware(&root_key);
/* Load the firmware keyblock header after the root key */
kb = vb2_workbuf_alloc(&wb, sizeof(*kb));
if (!kb)
return VB2_ERROR_FW_KEYBLOCK_WORKBUF_HEADER;
rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0, kb, sizeof(*kb));
if (rv)
return rv;
block_size = kb->keyblock_size;
/*
* Load the entire keyblock, now that we know how big it is. Note that
* we're loading the entire keyblock instead of just the piece after
* the header. That means we re-read the header. But that's a tiny
* amount of data, and it makes the code much more straightforward.
*/
kb = vb2_workbuf_realloc(&wb, sizeof(*kb), block_size);
if (!kb)
return VB2_ERROR_FW_KEYBLOCK_WORKBUF;
rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0, kb, block_size);
if (rv)
return rv;
/* Verify the keyblock */
rv = vb2_verify_keyblock(kb, block_size, &root_key, &wb);
if (rv) {
vb2_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv);
return rv;
}
/* Key version is the upper 16 bits of the composite firmware version */
if (kb->data_key.key_version > VB2_MAX_KEY_VERSION)
rv = VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE;
if (!rv && kb->data_key.key_version < (sd->fw_version_secdata >> 16)) {
if (gbb->flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK)
VB2_DEBUG("Ignoring FW key rollback due to GBB flag\n");
else
rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK;
}
if (rv) {
vb2_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv);
return rv;
}
sd->fw_version = kb->data_key.key_version << 16;
/*
* Save the data key in the work buffer. This overwrites the root key
* we read above. That's ok, because now that we have the data key we
* no longer need the root key.
*/
packed_key = (struct vb2_packed_key *)key_data;
packed_key->algorithm = kb->data_key.algorithm;
packed_key->key_version = kb->data_key.key_version;
packed_key->key_size = kb->data_key.key_size;
/*
* Use memmove() instead of memcpy(). In theory, the destination will
* never overlap because with the source because the root key is likely
* to be at least as large as the data key, but there's no harm here in
* being paranoid.
*/
memmove(key_data + packed_key->key_offset,
(uint8_t*)&kb->data_key + kb->data_key.key_offset,
packed_key->key_size);
/* Save the packed key offset and size */
sd->data_key_offset = vb2_offset_of(sd, key_data);
sd->data_key_size =
packed_key->key_offset + packed_key->key_size;
/* Preamble follows the keyblock in the vblock */
sd->vblock_preamble_offset = kb->keyblock_size;
/*
* Data key will persist in the workbuf after we return.
*
* Work buffer now contains:
* - vb2_shared_data
* - packed firmware data key
*/
vb2_set_workbuf_used(ctx, sd->data_key_offset +
sd->data_key_size);
return VB2_SUCCESS;
}
vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx)
{
struct vb2_shared_data *sd = vb2_get_sd(ctx);
struct vb2_gbb_header *gbb = vb2_get_gbb(ctx);
struct vb2_workbuf wb;
uint8_t *key_data = vb2_member_of(sd, sd->data_key_offset);
uint32_t key_size = sd->data_key_size;
struct vb2_public_key data_key;
/* Preamble goes in the next unused chunk of work buffer */
struct vb2_fw_preamble *pre;
uint32_t pre_size;
vb2_error_t rv;
vb2_workbuf_from_ctx(ctx, &wb);
/* Unpack the firmware data key */
if (!sd->data_key_size)
return VB2_ERROR_FW_PREAMBLE2_DATA_KEY;
rv = vb2_unpack_key_buffer(&data_key, key_data, key_size);
if (rv)
return rv;
/* Load the firmware preamble header */
pre = vb2_workbuf_alloc(&wb, sizeof(*pre));
if (!pre)
return VB2_ERROR_FW_PREAMBLE2_WORKBUF_HEADER;
rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK,
sd->vblock_preamble_offset,
pre, sizeof(*pre));
if (rv)
return rv;
pre_size = pre->preamble_size;
/* Load the entire firmware preamble, now that we know how big it is */
pre = vb2_workbuf_realloc(&wb, sizeof(*pre), pre_size);
if (!pre)
return VB2_ERROR_FW_PREAMBLE2_WORKBUF;
rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK,
sd->vblock_preamble_offset,
pre, pre_size);
if (rv)
return rv;
/* Work buffer now contains the data subkey data and the preamble */
/* Verify the preamble */
rv = vb2_verify_fw_preamble(pre, pre_size, &data_key, &wb);
if (rv) {
vb2_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv);
return rv;
}
/*
* Firmware version is the lower 16 bits of the composite firmware
* version.
*/
if (pre->firmware_version > VB2_MAX_PREAMBLE_VERSION)
rv = VB2_ERROR_FW_PREAMBLE_VERSION_RANGE;
/* Combine with the key version from vb2_load_fw_keyblock() */
sd->fw_version |= pre->firmware_version;
if (!rv && sd->fw_version < sd->fw_version_secdata) {
if (gbb->flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK)
VB2_DEBUG("Ignoring FW rollback due to GBB flag\n");
else
rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK;
}
if (rv) {
vb2_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv);
return rv;
}
/*
* If this is a newer version than in secure storage, and we
* successfully booted the same slot last boot, roll forward the
* version in secure storage.
*
* Note that this happens before we've verified the firmware data this
* boot; we're relying on the indicator that the last boot was
* successful. That's ok, because even if the firmware data has a
* valid hash, the only way we can know if it's functional is to trust
* the status from the last boot.
*/
if (sd->fw_version > sd->fw_version_secdata &&
sd->last_fw_slot == sd->fw_slot &&
sd->last_fw_result == VB2_FW_RESULT_SUCCESS) {
sd->fw_version_secdata = sd->fw_version;
rv = vb2_secdata_set(ctx, VB2_SECDATA_VERSIONS, sd->fw_version);
if (rv)
return rv;
}
/* Keep track of where we put the preamble */
sd->preamble_offset = vb2_offset_of(sd, pre);
sd->preamble_size = pre_size;
/*
* Preamble will persist in work buffer after we return.
*
* Work buffer now contains:
* - vb2_shared_data
* - vb2_gbb_header
* - packed firmware data key
* - firmware preamble
*
* TODO: we could move the preamble down over the firmware data key
* since we don't need it anymore.
*/
vb2_set_workbuf_used(ctx, sd->preamble_offset + pre_size);
return VB2_SUCCESS;
}
|
