| Index: src/platform/vboot_reference/utils/kernel_utility.cc
|
| diff --git a/src/platform/vboot_reference/utils/kernel_utility.cc b/src/platform/vboot_reference/utils/kernel_utility.cc
|
| index 03d4037a5e655eda1cff3b21c1890915ece1a0a8..9a4f34b832baace8a70a698a3839a625c9d353c3 100644
|
| --- a/src/platform/vboot_reference/utils/kernel_utility.cc
|
| +++ b/src/platform/vboot_reference/utils/kernel_utility.cc
|
| @@ -38,7 +38,8 @@ KernelUtility::KernelUtility(): image_(NULL),
|
| kernel_key_version_(-1),
|
| kernel_version_(-1),
|
| is_generate_(false),
|
| - is_verify_(false) {
|
| + is_verify_(false),
|
| + is_describe_(false){
|
| // Populate kernel config options with defaults.
|
| options_.version[0] = 1;
|
| options_.version[1] = 0;
|
| @@ -54,8 +55,8 @@ KernelUtility::~KernelUtility() {
|
|
|
| void KernelUtility::PrintUsage(void) {
|
| cerr <<
|
| - "Utility to generate/verify a verified boot kernel image\n\n"
|
| - "Usage: kernel_utility <--generate|--verify> [OPTIONS]\n\n"
|
| + "Utility to generate/verify/describe a verified boot kernel image\n\n"
|
| + "Usage: kernel_utility <--generate|--verify|--describe> [OPTIONS]\n\n"
|
| "For \"--verify\", required OPTIONS are:\n"
|
| "--in <infile>\t\t\tVerified boot kernel image to verify.\n"
|
| "--firmware_key_pub <pubkeyfile>\tPre-processed public firmware key "
|
| @@ -101,6 +102,7 @@ bool KernelUtility::ParseCmdLineOptions(int argc, char* argv[]) {
|
| {"config_version", 1, 0, 0},
|
| {"kernel_load_addr", 1, 0, 0},
|
| {"kernel_entry_addr", 1, 0, 0},
|
| + {"describe", 0, 0, 0},
|
| {NULL, 0, 0, 0}
|
| };
|
| while (1) {
|
| @@ -180,10 +182,12 @@ bool KernelUtility::ParseCmdLineOptions(int argc, char* argv[]) {
|
| errno = 0;
|
| options_.kernel_entry_addr =
|
| strtol(optarg, reinterpret_cast<char**>(NULL), 10);
|
| -
|
| if (errno)
|
| return false;
|
| break;
|
| + case 15: // describe
|
| + is_describe_ = true;
|
| + break;
|
| }
|
| }
|
| }
|
| @@ -199,10 +203,17 @@ void KernelUtility::OutputSignedImage(void) {
|
| }
|
| }
|
|
|
| +void KernelUtility::DescribeSignedImage(void) {
|
| + image_ = ReadKernelImage(in_file_.c_str());
|
| + if (!image_) {
|
| + cerr << "Couldn't read kernel image or malformed image.\n";
|
| + return;
|
| + }
|
| + PrintKernelImage(image_);
|
| +}
|
| +
|
| bool KernelUtility::GenerateSignedImage(void) {
|
| uint64_t kernel_key_pub_len;
|
| - uint8_t* header_checksum;
|
| - DigestContext ctx;
|
| image_ = KernelImageNew();
|
|
|
| Memcpy(image_->magic, KERNEL_MAGIC, KERNEL_MAGIC_SIZE);
|
| @@ -222,28 +233,13 @@ bool KernelUtility::GenerateSignedImage(void) {
|
| image_->header_len = GetKernelHeaderLen(image_);
|
|
|
| // Calculate header checksum.
|
| - DigestInit(&ctx, SHA512_DIGEST_ALGORITHM);
|
| - DigestUpdate(&ctx, reinterpret_cast<uint8_t*>(&image_->header_version),
|
| - sizeof(image_->header_version));
|
| - DigestUpdate(&ctx, reinterpret_cast<uint8_t*>(&image_->header_len),
|
| - sizeof(image_->header_len));
|
| - DigestUpdate(&ctx,
|
| - reinterpret_cast<uint8_t*>(&image_->firmware_sign_algorithm),
|
| - sizeof(image_->firmware_sign_algorithm));
|
| - DigestUpdate(&ctx,
|
| - reinterpret_cast<uint8_t*>(&image_->kernel_sign_algorithm),
|
| - sizeof(image_->kernel_sign_algorithm));
|
| - DigestUpdate(&ctx, reinterpret_cast<uint8_t*>(&image_->kernel_key_version),
|
| - sizeof(image_->kernel_key_version));
|
| - DigestUpdate(&ctx, image_->kernel_sign_key,
|
| - RSAProcessedKeySize(image_->kernel_sign_algorithm));
|
| - header_checksum = DigestFinal(&ctx);
|
| - Memcpy(image_->header_checksum, header_checksum, SHA512_DIGEST_SIZE);
|
| - Free(header_checksum);
|
| + CalculateKernelHeaderChecksum(image_, image_->header_checksum);
|
|
|
| image_->kernel_version = kernel_version_;
|
| image_->options.version[0] = options_.version[0];
|
| image_->options.version[1] = options_.version[1];
|
| + // TODO(gauravsh): Add a command line option for this.
|
| + Memset(image_->options.cmd_line, 0, sizeof(image_->options.cmd_line));
|
| image_->options.kernel_load_addr = options_.kernel_load_addr;
|
| image_->options.kernel_entry_addr = options_.kernel_entry_addr;
|
| image_->kernel_data = BufferFromFile(in_file_.c_str(),
|
| @@ -284,8 +280,12 @@ bool KernelUtility::VerifySignedImage(void) {
|
| }
|
|
|
| bool KernelUtility::CheckOptions(void) {
|
| - if (is_generate_ == is_verify_) {
|
| - cerr << "One of --generate or --verify must be specified.\n";
|
| + // Ensure that only one of --{describe|generate|verify} is set.
|
| + if (!((is_describe_ && !is_generate_ && !is_verify_) ||
|
| + (!is_describe_ && is_generate_ && !is_verify_) ||
|
| + (!is_describe_ && !is_generate_ && is_verify_))) {
|
| + cerr << "One (and only one) of --describe, --generate or --verify "
|
| + << "must be specified.\n";
|
| return false;
|
| }
|
| // Common required options.
|
| @@ -341,19 +341,22 @@ bool KernelUtility::CheckOptions(void) {
|
| } // namespace vboot_reference
|
|
|
| int main(int argc, char* argv[]) {
|
| - vboot_reference::KernelUtility fu;
|
| - if (!fu.ParseCmdLineOptions(argc, argv)) {
|
| - fu.PrintUsage();
|
| + vboot_reference::KernelUtility ku;
|
| + if (!ku.ParseCmdLineOptions(argc, argv)) {
|
| + ku.PrintUsage();
|
| return -1;
|
| }
|
| - if (fu.is_generate()) {
|
| - if (!fu.GenerateSignedImage())
|
| + if (ku.is_describe()) {
|
| + ku.DescribeSignedImage();
|
| + }
|
| + else if (ku.is_generate()) {
|
| + if (!ku.GenerateSignedImage())
|
| return -1;
|
| - fu.OutputSignedImage();
|
| + ku.OutputSignedImage();
|
| }
|
| - if (fu.is_verify()) {
|
| + else if (ku.is_verify()) {
|
| cerr << "Verification ";
|
| - if (fu.VerifySignedImage())
|
| + if (ku.VerifySignedImage())
|
| cerr << "SUCCESS.\n";
|
| else
|
| cerr << "FAILURE.\n";
|
|
|
Chromium Code Reviews
Issue 1088001:
Add --describe flag to {firmware|kernel}_utility. (Closed)
