| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Functions for generating and manipulating a verified boot firmware image. | 5 * Functions for generating and manipulating a verified boot firmware image. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include "firmware_image.h" | 8 #include "firmware_image.h" |
| 9 | 9 |
| 10 #include <fcntl.h> | 10 #include <fcntl.h> |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 59 FirmwareImage* image = FirmwareImageNew(); | 59 FirmwareImage* image = FirmwareImageNew(); |
| 60 | 60 |
| 61 if (!image) | 61 if (!image) |
| 62 return NULL; | 62 return NULL; |
| 63 | 63 |
| 64 firmware_buf = BufferFromFile(input_file, &file_size); | 64 firmware_buf = BufferFromFile(input_file, &file_size); |
| 65 image_len = file_size; | 65 image_len = file_size; |
| 66 | 66 |
| 67 st.remaining_len = image_len; | 67 st.remaining_len = image_len; |
| 68 st.remaining_buf = firmware_buf; | 68 st.remaining_buf = firmware_buf; |
| 69 st.overrun = 0; |
| 69 | 70 |
| 70 /* Read and compare magic bytes. */ | 71 /* Read and compare magic bytes. */ |
| 71 StatefulMemcpy(&st, &image->magic, FIRMWARE_MAGIC_SIZE); | 72 StatefulMemcpy(&st, &image->magic, FIRMWARE_MAGIC_SIZE); |
| 72 if (SafeMemcmp(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE)) { | 73 if (SafeMemcmp(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE)) { |
| 73 fprintf(stderr, "Wrong Firmware Magic.\n"); | 74 fprintf(stderr, "Wrong Firmware Magic.\n"); |
| 74 Free(firmware_buf); | 75 Free(firmware_buf); |
| 75 return NULL; | 76 return NULL; |
| 76 } | 77 } |
| 77 StatefulMemcpy(&st, &image->header_len, FIELD_LEN(header_len)); | 78 StatefulMemcpy(&st, &image->header_len, FIELD_LEN(header_len)); |
| 78 StatefulMemcpy(&st, &image->firmware_sign_algorithm, | 79 StatefulMemcpy(&st, &image->firmware_sign_algorithm, |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 125 /* Read firmware preamble signature. */ | 126 /* Read firmware preamble signature. */ |
| 126 image->preamble_signature = (uint8_t*) Malloc(signature_len); | 127 image->preamble_signature = (uint8_t*) Malloc(signature_len); |
| 127 StatefulMemcpy(&st, image->preamble_signature, signature_len); | 128 StatefulMemcpy(&st, image->preamble_signature, signature_len); |
| 128 | 129 |
| 129 image->firmware_signature = (uint8_t*) Malloc(signature_len); | 130 image->firmware_signature = (uint8_t*) Malloc(signature_len); |
| 130 StatefulMemcpy(&st, image->firmware_signature, signature_len); | 131 StatefulMemcpy(&st, image->firmware_signature, signature_len); |
| 131 | 132 |
| 132 image->firmware_data = (uint8_t*) Malloc(image->firmware_len); | 133 image->firmware_data = (uint8_t*) Malloc(image->firmware_len); |
| 133 StatefulMemcpy(&st, image->firmware_data, image->firmware_len); | 134 StatefulMemcpy(&st, image->firmware_data, image->firmware_len); |
| 134 | 135 |
| 135 if(st.remaining_len != 0) { /* Overrun or underrun. */ | 136 if(st.overrun || st.remaining_len != 0) { /* Overrun or underrun. */ |
| 136 Free(firmware_buf); | 137 Free(firmware_buf); |
| 137 return NULL; | 138 return NULL; |
| 138 } | 139 } |
| 139 | 140 |
| 140 Free(firmware_buf); | 141 Free(firmware_buf); |
| 141 return image; | 142 return image; |
| 142 } | 143 } |
| 143 | 144 |
| 144 int GetFirmwareHeaderLen(const FirmwareImage* image) { | 145 int GetFirmwareHeaderLen(const FirmwareImage* image) { |
| 145 return (FIELD_LEN(header_len) + FIELD_LEN(firmware_sign_algorithm) + | 146 return (FIELD_LEN(header_len) + FIELD_LEN(firmware_sign_algorithm) + |
| (...skipping 21 matching lines...) Expand all Loading... |
| 167 } | 168 } |
| 168 | 169 |
| 169 | 170 |
| 170 uint8_t* GetFirmwareHeaderBlob(const FirmwareImage* image) { | 171 uint8_t* GetFirmwareHeaderBlob(const FirmwareImage* image) { |
| 171 uint8_t* header_blob = NULL; | 172 uint8_t* header_blob = NULL; |
| 172 MemcpyState st; | 173 MemcpyState st; |
| 173 | 174 |
| 174 header_blob = (uint8_t*) Malloc(GetFirmwareHeaderLen(image)); | 175 header_blob = (uint8_t*) Malloc(GetFirmwareHeaderLen(image)); |
| 175 st.remaining_len = GetFirmwareHeaderLen(image); | 176 st.remaining_len = GetFirmwareHeaderLen(image); |
| 176 st.remaining_buf = header_blob; | 177 st.remaining_buf = header_blob; |
| 178 st.overrun = 0; |
| 177 | 179 |
| 178 StatefulMemcpy_r(&st, &image->header_len, FIELD_LEN(header_len)); | 180 StatefulMemcpy_r(&st, &image->header_len, FIELD_LEN(header_len)); |
| 179 StatefulMemcpy_r(&st, &image->firmware_sign_algorithm, FIELD_LEN(header_len)); | 181 StatefulMemcpy_r(&st, &image->firmware_sign_algorithm, FIELD_LEN(header_len)); |
| 180 StatefulMemcpy_r(&st, &image->firmware_key_version, | 182 StatefulMemcpy_r(&st, &image->firmware_key_version, |
| 181 FIELD_LEN(firmware_key_version)); | 183 FIELD_LEN(firmware_key_version)); |
| 182 StatefulMemcpy_r(&st, image->firmware_sign_key, | 184 StatefulMemcpy_r(&st, image->firmware_sign_key, |
| 183 RSAProcessedKeySize(image->firmware_sign_algorithm)); | 185 RSAProcessedKeySize(image->firmware_sign_algorithm)); |
| 184 StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum)); | 186 StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum)); |
| 185 | 187 |
| 186 if (st.remaining_len != 0) { /* Underrun or Overrun. */ | 188 if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */ |
| 187 Free(header_blob); | 189 Free(header_blob); |
| 188 return NULL; | 190 return NULL; |
| 189 } | 191 } |
| 190 return header_blob; | 192 return header_blob; |
| 191 } | 193 } |
| 192 | 194 |
| 193 int GetFirmwarePreambleLen(void) { | 195 int GetFirmwarePreambleLen(void) { |
| 194 return (FIELD_LEN(firmware_version) + FIELD_LEN(firmware_len) + | 196 return (FIELD_LEN(firmware_version) + FIELD_LEN(firmware_len) + |
| 195 FIELD_LEN(preamble)); | 197 FIELD_LEN(preamble)); |
| 196 } | 198 } |
| 197 | 199 |
| 198 uint8_t* GetFirmwarePreambleBlob(const FirmwareImage* image) { | 200 uint8_t* GetFirmwarePreambleBlob(const FirmwareImage* image) { |
| 199 uint8_t* preamble_blob = NULL; | 201 uint8_t* preamble_blob = NULL; |
| 200 MemcpyState st; | 202 MemcpyState st; |
| 201 | 203 |
| 202 preamble_blob = (uint8_t*) Malloc(GetFirmwarePreambleLen()); | 204 preamble_blob = (uint8_t*) Malloc(GetFirmwarePreambleLen()); |
| 203 st.remaining_len = GetFirmwarePreambleLen(); | 205 st.remaining_len = GetFirmwarePreambleLen(); |
| 204 st.remaining_buf = preamble_blob; | 206 st.remaining_buf = preamble_blob; |
| 207 st.overrun = 0; |
| 205 | 208 |
| 206 StatefulMemcpy_r(&st, &image->firmware_version, FIELD_LEN(firmware_version)); | 209 StatefulMemcpy_r(&st, &image->firmware_version, FIELD_LEN(firmware_version)); |
| 207 StatefulMemcpy_r(&st, &image->firmware_len, FIELD_LEN(firmware_len)); | 210 StatefulMemcpy_r(&st, &image->firmware_len, FIELD_LEN(firmware_len)); |
| 208 StatefulMemcpy_r(&st, image->preamble, FIELD_LEN(preamble)); | 211 StatefulMemcpy_r(&st, image->preamble, FIELD_LEN(preamble)); |
| 209 | 212 |
| 210 if (st.remaining_len != 0 ) { /* Underrun or Overrun. */ | 213 if (st.overrun || st.remaining_len != 0 ) { /* Underrun or Overrun. */ |
| 211 Free(preamble_blob); | 214 Free(preamble_blob); |
| 212 return NULL; | 215 return NULL; |
| 213 } | 216 } |
| 214 return preamble_blob; | 217 return preamble_blob; |
| 215 } | 218 } |
| 216 | 219 |
| 217 | 220 |
| 218 uint8_t* GetFirmwareBlob(const FirmwareImage* image, uint64_t* blob_len) { | 221 uint8_t* GetFirmwareBlob(const FirmwareImage* image, uint64_t* blob_len) { |
| 219 int firmware_signature_len; | 222 int firmware_signature_len; |
| 220 uint8_t* firmware_blob = NULL; | 223 uint8_t* firmware_blob = NULL; |
| 221 uint8_t* header_blob = NULL; | 224 uint8_t* header_blob = NULL; |
| 222 uint8_t* preamble_blob = NULL; | 225 uint8_t* preamble_blob = NULL; |
| 223 MemcpyState st; | 226 MemcpyState st; |
| 224 | 227 |
| 225 if (!image) | 228 if (!image) |
| 226 return NULL; | 229 return NULL; |
| 227 | 230 |
| 228 firmware_signature_len = siglen_map[image->firmware_sign_algorithm]; | 231 firmware_signature_len = siglen_map[image->firmware_sign_algorithm]; |
| 229 *blob_len = (FIELD_LEN(magic) + | 232 *blob_len = (FIELD_LEN(magic) + |
| 230 GetFirmwareHeaderLen(image) + | 233 GetFirmwareHeaderLen(image) + |
| 231 FIELD_LEN(firmware_key_signature) + | 234 FIELD_LEN(firmware_key_signature) + |
| 232 GetFirmwarePreambleLen() + | 235 GetFirmwarePreambleLen() + |
| 233 2 * firmware_signature_len + | 236 2 * firmware_signature_len + |
| 234 image->firmware_len); | 237 image->firmware_len); |
| 235 firmware_blob = (uint8_t*) Malloc(*blob_len); | 238 firmware_blob = (uint8_t*) Malloc(*blob_len); |
| 236 st.remaining_len = *blob_len; | 239 st.remaining_len = *blob_len; |
| 237 st.remaining_buf = firmware_blob; | 240 st.remaining_buf = firmware_blob; |
| 241 st.overrun = 0; |
| 238 | 242 |
| 239 header_blob = GetFirmwareHeaderBlob(image); | 243 header_blob = GetFirmwareHeaderBlob(image); |
| 240 preamble_blob = GetFirmwarePreambleBlob(image); | 244 preamble_blob = GetFirmwarePreambleBlob(image); |
| 241 | 245 |
| 242 StatefulMemcpy_r(&st, image->magic, FIELD_LEN(magic)); | 246 StatefulMemcpy_r(&st, image->magic, FIELD_LEN(magic)); |
| 243 StatefulMemcpy_r(&st, header_blob, GetFirmwareHeaderLen(image)); | 247 StatefulMemcpy_r(&st, header_blob, GetFirmwareHeaderLen(image)); |
| 244 StatefulMemcpy_r(&st, image->firmware_key_signature, | 248 StatefulMemcpy_r(&st, image->firmware_key_signature, |
| 245 FIELD_LEN(firmware_key_signature)); | 249 FIELD_LEN(firmware_key_signature)); |
| 246 StatefulMemcpy_r(&st, preamble_blob, GetFirmwarePreambleLen()); | 250 StatefulMemcpy_r(&st, preamble_blob, GetFirmwarePreambleLen()); |
| 247 StatefulMemcpy_r(&st, image->preamble_signature, firmware_signature_len); | 251 StatefulMemcpy_r(&st, image->preamble_signature, firmware_signature_len); |
| 248 StatefulMemcpy_r(&st, image->firmware_signature, firmware_signature_len); | 252 StatefulMemcpy_r(&st, image->firmware_signature, firmware_signature_len); |
| 249 StatefulMemcpy_r(&st, image->firmware_data, image->firmware_len); | 253 StatefulMemcpy_r(&st, image->firmware_data, image->firmware_len); |
| 250 | 254 |
| 251 Free(preamble_blob); | 255 Free(preamble_blob); |
| 252 Free(header_blob); | 256 Free(header_blob); |
| 253 | 257 |
| 254 if (st.remaining_len != 0) { /* Underrun or Overrun. */ | 258 if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */ |
| 255 Free(firmware_blob); | 259 Free(firmware_blob); |
| 256 return NULL; | 260 return NULL; |
| 257 } | 261 } |
| 258 return firmware_blob; | 262 return firmware_blob; |
| 259 } | 263 } |
| 260 | 264 |
| 261 int WriteFirmwareImage(const char* input_file, | 265 int WriteFirmwareImage(const char* input_file, |
| 262 const FirmwareImage* image) { | 266 const FirmwareImage* image) { |
| 263 int fd; | 267 int fd; |
| 264 uint8_t* firmware_blob; | 268 uint8_t* firmware_blob; |
| (...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 374 *header_len, /* Length of data */ | 378 *header_len, /* Length of data */ |
| 375 header_blob + *header_len, /* Expected Signature */ | 379 header_blob + *header_len, /* Expected Signature */ |
| 376 ROOT_SIGNATURE_ALGORITHM)) | 380 ROOT_SIGNATURE_ALGORITHM)) |
| 377 return VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED; | 381 return VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED; |
| 378 return 0; | 382 return 0; |
| 379 } | 383 } |
| 380 | 384 |
| 381 int VerifyFirmwarePreamble(RSAPublicKey* firmware_sign_key, | 385 int VerifyFirmwarePreamble(RSAPublicKey* firmware_sign_key, |
| 382 const uint8_t* preamble_blob, | 386 const uint8_t* preamble_blob, |
| 383 int algorithm, | 387 int algorithm, |
| 384 int* firmware_len) { | 388 uint64_t* firmware_len) { |
| 385 uint32_t len; | 389 uint64_t len; |
| 386 int preamble_len; | 390 int preamble_len; |
| 387 uint16_t firmware_version; | 391 uint16_t firmware_version; |
| 388 | 392 |
| 389 Memcpy(&firmware_version, preamble_blob, sizeof(firmware_version)); | 393 Memcpy(&firmware_version, preamble_blob, sizeof(firmware_version)); |
| 390 | 394 |
| 391 preamble_len = (FIELD_LEN(firmware_version) + | 395 preamble_len = (FIELD_LEN(firmware_version) + |
| 392 FIELD_LEN(firmware_len) + | 396 FIELD_LEN(firmware_len) + |
| 393 FIELD_LEN(preamble)); | 397 FIELD_LEN(preamble)); |
| 394 if (!RSAVerifyBinary_f(NULL, firmware_sign_key, /* Key to use */ | 398 if (!RSAVerifyBinary_f(NULL, firmware_sign_key, /* Key to use */ |
| 395 preamble_blob, /* Data to verify */ | 399 preamble_blob, /* Data to verify */ |
| 396 preamble_len, /* Length of data */ | 400 preamble_len, /* Length of data */ |
| 397 preamble_blob + preamble_len, /* Expected Signature */ | 401 preamble_blob + preamble_len, /* Expected Signature */ |
| 398 algorithm)) | 402 algorithm)) |
| 399 return VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; | 403 return VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; |
| 400 | 404 |
| 401 Memcpy(&len, preamble_blob + FIELD_LEN(firmware_version), | 405 Memcpy(&len, preamble_blob + FIELD_LEN(firmware_version), |
| 402 sizeof(len)); | 406 sizeof(len)); |
| 403 *firmware_len = (int) len; | 407 *firmware_len = len; |
| 404 return 0; | 408 return 0; |
| 405 } | 409 } |
| 406 | 410 |
| 407 int VerifyFirmwareData(RSAPublicKey* firmware_sign_key, | 411 int VerifyFirmwareData(RSAPublicKey* firmware_sign_key, |
| 408 const uint8_t* preamble_start, | 412 const uint8_t* preamble_start, |
| 409 const uint8_t* firmware_data_start, | 413 const uint8_t* firmware_data_start, |
| 410 int firmware_len, | 414 uint64_t firmware_len, |
| 411 int algorithm) { | 415 int algorithm) { |
| 412 int signature_len = siglen_map[algorithm]; | 416 int signature_len = siglen_map[algorithm]; |
| 413 uint8_t* digest; | 417 uint8_t* digest; |
| 414 DigestContext ctx; | 418 DigestContext ctx; |
| 415 | 419 |
| 416 /* Since the firmware signature is over the preamble and the firmware data, | 420 /* Since the firmware signature is over the preamble and the firmware data, |
| 417 * which does not form a contiguous region of memory, we calculate the | 421 * which does not form a contiguous region of memory, we calculate the |
| 418 * message digest ourselves. */ | 422 * message digest ourselves. */ |
| 419 DigestInit(&ctx, algorithm); | 423 DigestInit(&ctx, algorithm); |
| 420 DigestUpdate(&ctx, preamble_start, GetFirmwarePreambleLen()); | 424 DigestUpdate(&ctx, preamble_start, GetFirmwarePreambleLen()); |
| 421 DigestUpdate(&ctx, firmware_data_start + signature_len, firmware_len); | 425 DigestUpdate(&ctx, firmware_data_start + signature_len, firmware_len); |
| 422 digest = DigestFinal(&ctx); | 426 digest = DigestFinal(&ctx); |
| 423 if (!RSAVerifyBinaryWithDigest_f( | 427 if (!RSAVerifyBinaryWithDigest_f( |
| 424 NULL, firmware_sign_key, /* Key to use. */ | 428 NULL, firmware_sign_key, /* Key to use. */ |
| 425 digest, /* Digest of the data to verify. */ | 429 digest, /* Digest of the data to verify. */ |
| 426 firmware_data_start, /* Expected Signature */ | 430 firmware_data_start, /* Expected Signature */ |
| 427 algorithm)) { | 431 algorithm)) { |
| 428 Free(digest); | 432 Free(digest); |
| 429 return VERIFY_FIRMWARE_SIGNATURE_FAILED; | 433 return VERIFY_FIRMWARE_SIGNATURE_FAILED; |
| 430 } | 434 } |
| 431 Free(digest); | 435 Free(digest); |
| 432 return 0; | 436 return 0; |
| 433 } | 437 } |
| 434 | 438 |
| 435 int VerifyFirmware(const uint8_t* root_key_blob, | 439 int VerifyFirmware(const uint8_t* root_key_blob, |
| 436 const uint8_t* firmware_blob) { | 440 const uint8_t* firmware_blob) { |
| 437 int error_code = 0; | 441 int error_code = 0; |
| 438 int algorithm; /* Signing key algorithm. */ | 442 int algorithm; /* Signing key algorithm. */ |
| 439 RSAPublicKey* firmware_sign_key = NULL; | 443 RSAPublicKey* firmware_sign_key = NULL; |
| 440 int firmware_sign_key_len, signature_len, header_len, firmware_len; | 444 int firmware_sign_key_len, signature_len, header_len; |
| 445 uint64_t firmware_len; |
| 441 const uint8_t* header_ptr = NULL; /* Pointer to header. */ | 446 const uint8_t* header_ptr = NULL; /* Pointer to header. */ |
| 442 const uint8_t* firmware_sign_key_ptr = NULL; /* Pointer to signing key. */ | 447 const uint8_t* firmware_sign_key_ptr = NULL; /* Pointer to signing key. */ |
| 443 const uint8_t* preamble_ptr = NULL; /* Pointer to preamble block. */ | 448 const uint8_t* preamble_ptr = NULL; /* Pointer to preamble block. */ |
| 444 const uint8_t* firmware_ptr = NULL; /* Pointer to firmware signature/data. */ | 449 const uint8_t* firmware_ptr = NULL; /* Pointer to firmware signature/data. */ |
| 445 | 450 |
| 446 /* Note: All the offset calculations are based on struct FirmwareImage which | 451 /* Note: All the offset calculations are based on struct FirmwareImage which |
| 447 * is defined in include/firmware_image.h. */ | 452 * is defined in include/firmware_image.h. */ |
| 448 | 453 |
| 449 /* Compare magic bytes. */ | 454 /* Compare magic bytes. */ |
| 450 if (SafeMemcmp(firmware_blob, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE)) | 455 if (SafeMemcmp(firmware_blob, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE)) |
| (...skipping 15 matching lines...) Expand all Loading... |
| 466 firmware_sign_key_len); | 471 firmware_sign_key_len); |
| 467 signature_len = siglen_map[algorithm]; | 472 signature_len = siglen_map[algorithm]; |
| 468 | 473 |
| 469 /* Only continue if preamble verification succeeds. */ | 474 /* Only continue if preamble verification succeeds. */ |
| 470 preamble_ptr = (header_ptr + header_len + | 475 preamble_ptr = (header_ptr + header_len + |
| 471 FIELD_LEN(firmware_key_signature)); | 476 FIELD_LEN(firmware_key_signature)); |
| 472 if ((error_code = VerifyFirmwarePreamble(firmware_sign_key, preamble_ptr, | 477 if ((error_code = VerifyFirmwarePreamble(firmware_sign_key, preamble_ptr, |
| 473 algorithm, | 478 algorithm, |
| 474 &firmware_len))) { | 479 &firmware_len))) { |
| 475 RSAPublicKeyFree(firmware_sign_key); | 480 RSAPublicKeyFree(firmware_sign_key); |
| 481 fprintf(stderr, "Couldn't verify Firmware preamble.\n"); |
| 476 return error_code; /* AKA jump to recovery. */ | 482 return error_code; /* AKA jump to recovery. */ |
| 477 } | 483 } |
| 478 /* Only continue if firmware data verification succeeds. */ | 484 /* Only continue if firmware data verification succeeds. */ |
| 479 firmware_ptr = (preamble_ptr + | 485 firmware_ptr = (preamble_ptr + |
| 480 GetFirmwarePreambleLen() + | 486 GetFirmwarePreambleLen() + |
| 481 signature_len); | 487 signature_len); |
| 482 | 488 |
| 483 if ((error_code = VerifyFirmwareData(firmware_sign_key, preamble_ptr, | 489 if ((error_code = VerifyFirmwareData(firmware_sign_key, preamble_ptr, |
| 484 firmware_ptr, | 490 firmware_ptr, |
| 485 firmware_len, | 491 firmware_len, |
| 486 algorithm))) { | 492 algorithm))) { |
| 487 RSAPublicKeyFree(firmware_sign_key); | 493 RSAPublicKeyFree(firmware_sign_key); |
| 494 fprintf(stderr, "Couldn't verify Firmware data.\n"); |
| 488 return error_code; /* AKA jump to recovery. */ | 495 return error_code; /* AKA jump to recovery. */ |
| 489 } | 496 } |
| 490 | 497 |
| 491 RSAPublicKeyFree(firmware_sign_key); | 498 RSAPublicKeyFree(firmware_sign_key); |
| 492 return 0; /* Success! */ | 499 return 0; /* Success! */ |
| 493 } | 500 } |
| 494 | 501 |
| 495 int VerifyFirmwareImage(const RSAPublicKey* root_key, | 502 int VerifyFirmwareImage(const RSAPublicKey* root_key, |
| 496 const FirmwareImage* image) { | 503 const FirmwareImage* image) { |
| 497 RSAPublicKey* firmware_sign_key = NULL; | 504 RSAPublicKey* firmware_sign_key = NULL; |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 532 FIELD_LEN(firmware_key_signature), | 539 FIELD_LEN(firmware_key_signature), |
| 533 ROOT_SIGNATURE_ALGORITHM, | 540 ROOT_SIGNATURE_ALGORITHM, |
| 534 header_digest)) { | 541 header_digest)) { |
| 535 error_code = VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED; | 542 error_code = VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED; |
| 536 goto verify_failure; | 543 goto verify_failure; |
| 537 } | 544 } |
| 538 | 545 |
| 539 /* Get sign key to verify the rest of the firmware. */ | 546 /* Get sign key to verify the rest of the firmware. */ |
| 540 firmware_sign_key_size = RSAProcessedKeySize(image->firmware_sign_algorithm); | 547 firmware_sign_key_size = RSAProcessedKeySize(image->firmware_sign_algorithm); |
| 541 firmware_sign_key = RSAPublicKeyFromBuf(image->firmware_sign_key, | 548 firmware_sign_key = RSAPublicKeyFromBuf(image->firmware_sign_key, |
| 542 firmware_sign_key_size); | 549 firmware_sign_key_size); |
| 543 signature_size = siglen_map[image->firmware_sign_algorithm]; | 550 signature_size = siglen_map[image->firmware_sign_algorithm]; |
| 544 | 551 |
| 545 if (image->firmware_sign_algorithm >= kNumAlgorithms) | 552 if (image->firmware_sign_algorithm >= kNumAlgorithms) |
| 546 return VERIFY_FIRMWARE_INVALID_ALGORITHM; | 553 return VERIFY_FIRMWARE_INVALID_ALGORITHM; |
| 547 | 554 |
| 548 /* Verify firmware preamble signature. */ | 555 /* Verify firmware preamble signature. */ |
| 549 DigestInit(&ctx, image->firmware_sign_algorithm); | 556 DigestInit(&ctx, image->firmware_sign_algorithm); |
| 550 DigestUpdate(&ctx, (uint8_t*) &image->firmware_version, | 557 DigestUpdate(&ctx, (uint8_t*) &image->firmware_version, |
| 551 FIELD_LEN(firmware_version)); | 558 FIELD_LEN(firmware_version)); |
| 552 DigestUpdate(&ctx, (uint8_t*) &image->firmware_len, | 559 DigestUpdate(&ctx, (uint8_t*) &image->firmware_len, |
| 553 FIELD_LEN(firmware_len)); | 560 FIELD_LEN(firmware_len)); |
| 554 DigestUpdate(&ctx, (uint8_t*) &image->preamble, | 561 DigestUpdate(&ctx, (uint8_t*) &image->preamble, |
| 555 FIELD_LEN(preamble)); | 562 FIELD_LEN(preamble)); |
| 556 preamble_digest = DigestFinal(&ctx); | 563 preamble_digest = DigestFinal(&ctx); |
| 557 if (!RSAVerify(firmware_sign_key, image->preamble_signature, | 564 if (!RSAVerify(firmware_sign_key, image->preamble_signature, |
| 558 signature_size, image->firmware_sign_algorithm, | 565 signature_size, image->firmware_sign_algorithm, |
| 559 preamble_digest)) { | 566 preamble_digest)) { |
| 560 error_code = VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; | 567 error_code = VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; |
| 561 goto verify_failure; | 568 goto verify_failure; |
| 562 } | 569 } |
| 563 | 570 |
| 564 /* Verify firmware signature - firmware signature is on the contents | 571 /* Verify firmware signature - firmware signature is on the contents |
| 565 of firmware preamble + firmware_data. */ | 572 of firmware preamble + firmware_data. */ |
| 566 DigestInit(&firmware_ctx, image->firmware_sign_algorithm); | 573 DigestInit(&firmware_ctx, image->firmware_sign_algorithm); |
| 567 DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_version, | 574 DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_version, |
| 568 FIELD_LEN(firmware_version)); | 575 FIELD_LEN(firmware_version)); |
| 569 DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_len, | 576 DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_len, |
| (...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 759 * attempted. | 766 * attempted. |
| 760 * If FirmwareB is not a rollback, then we attempt to do the verification. | 767 * If FirmwareB is not a rollback, then we attempt to do the verification. |
| 761 */ | 768 */ |
| 762 if (stored_lversion <= firmwareB_lversion && | 769 if (stored_lversion <= firmwareB_lversion && |
| 763 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareB))) | 770 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareB))) |
| 764 return BOOT_FIRMWARE_B_CONTINUE; | 771 return BOOT_FIRMWARE_B_CONTINUE; |
| 765 } | 772 } |
| 766 /* D'oh: No bootable firmware. */ | 773 /* D'oh: No bootable firmware. */ |
| 767 return BOOT_FIRMWARE_RECOVERY_CONTINUE; | 774 return BOOT_FIRMWARE_RECOVERY_CONTINUE; |
| 768 } | 775 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1519008:
VBoot Reference: 18 Exabytes ought to be enough for everybody (Closed)
