OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for generating and manipulating a verified boot firmware image. | 5 * Functions for generating and manipulating a verified boot firmware image. |
6 */ | 6 */ |
7 | 7 |
8 #include "firmware_image.h" | 8 #include "firmware_image.h" |
9 | 9 |
10 #include <fcntl.h> | 10 #include <fcntl.h> |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
59 FirmwareImage* image = FirmwareImageNew(); | 59 FirmwareImage* image = FirmwareImageNew(); |
60 | 60 |
61 if (!image) | 61 if (!image) |
62 return NULL; | 62 return NULL; |
63 | 63 |
64 firmware_buf = BufferFromFile(input_file, &file_size); | 64 firmware_buf = BufferFromFile(input_file, &file_size); |
65 image_len = file_size; | 65 image_len = file_size; |
66 | 66 |
67 st.remaining_len = image_len; | 67 st.remaining_len = image_len; |
68 st.remaining_buf = firmware_buf; | 68 st.remaining_buf = firmware_buf; |
| 69 st.overrun = 0; |
69 | 70 |
70 /* Read and compare magic bytes. */ | 71 /* Read and compare magic bytes. */ |
71 StatefulMemcpy(&st, &image->magic, FIRMWARE_MAGIC_SIZE); | 72 StatefulMemcpy(&st, &image->magic, FIRMWARE_MAGIC_SIZE); |
72 if (SafeMemcmp(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE)) { | 73 if (SafeMemcmp(image->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE)) { |
73 fprintf(stderr, "Wrong Firmware Magic.\n"); | 74 fprintf(stderr, "Wrong Firmware Magic.\n"); |
74 Free(firmware_buf); | 75 Free(firmware_buf); |
75 return NULL; | 76 return NULL; |
76 } | 77 } |
77 StatefulMemcpy(&st, &image->header_len, FIELD_LEN(header_len)); | 78 StatefulMemcpy(&st, &image->header_len, FIELD_LEN(header_len)); |
78 StatefulMemcpy(&st, &image->firmware_sign_algorithm, | 79 StatefulMemcpy(&st, &image->firmware_sign_algorithm, |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
125 /* Read firmware preamble signature. */ | 126 /* Read firmware preamble signature. */ |
126 image->preamble_signature = (uint8_t*) Malloc(signature_len); | 127 image->preamble_signature = (uint8_t*) Malloc(signature_len); |
127 StatefulMemcpy(&st, image->preamble_signature, signature_len); | 128 StatefulMemcpy(&st, image->preamble_signature, signature_len); |
128 | 129 |
129 image->firmware_signature = (uint8_t*) Malloc(signature_len); | 130 image->firmware_signature = (uint8_t*) Malloc(signature_len); |
130 StatefulMemcpy(&st, image->firmware_signature, signature_len); | 131 StatefulMemcpy(&st, image->firmware_signature, signature_len); |
131 | 132 |
132 image->firmware_data = (uint8_t*) Malloc(image->firmware_len); | 133 image->firmware_data = (uint8_t*) Malloc(image->firmware_len); |
133 StatefulMemcpy(&st, image->firmware_data, image->firmware_len); | 134 StatefulMemcpy(&st, image->firmware_data, image->firmware_len); |
134 | 135 |
135 if(st.remaining_len != 0) { /* Overrun or underrun. */ | 136 if(st.overrun || st.remaining_len != 0) { /* Overrun or underrun. */ |
136 Free(firmware_buf); | 137 Free(firmware_buf); |
137 return NULL; | 138 return NULL; |
138 } | 139 } |
139 | 140 |
140 Free(firmware_buf); | 141 Free(firmware_buf); |
141 return image; | 142 return image; |
142 } | 143 } |
143 | 144 |
144 int GetFirmwareHeaderLen(const FirmwareImage* image) { | 145 int GetFirmwareHeaderLen(const FirmwareImage* image) { |
145 return (FIELD_LEN(header_len) + FIELD_LEN(firmware_sign_algorithm) + | 146 return (FIELD_LEN(header_len) + FIELD_LEN(firmware_sign_algorithm) + |
(...skipping 21 matching lines...) Expand all Loading... |
167 } | 168 } |
168 | 169 |
169 | 170 |
170 uint8_t* GetFirmwareHeaderBlob(const FirmwareImage* image) { | 171 uint8_t* GetFirmwareHeaderBlob(const FirmwareImage* image) { |
171 uint8_t* header_blob = NULL; | 172 uint8_t* header_blob = NULL; |
172 MemcpyState st; | 173 MemcpyState st; |
173 | 174 |
174 header_blob = (uint8_t*) Malloc(GetFirmwareHeaderLen(image)); | 175 header_blob = (uint8_t*) Malloc(GetFirmwareHeaderLen(image)); |
175 st.remaining_len = GetFirmwareHeaderLen(image); | 176 st.remaining_len = GetFirmwareHeaderLen(image); |
176 st.remaining_buf = header_blob; | 177 st.remaining_buf = header_blob; |
| 178 st.overrun = 0; |
177 | 179 |
178 StatefulMemcpy_r(&st, &image->header_len, FIELD_LEN(header_len)); | 180 StatefulMemcpy_r(&st, &image->header_len, FIELD_LEN(header_len)); |
179 StatefulMemcpy_r(&st, &image->firmware_sign_algorithm, FIELD_LEN(header_len)); | 181 StatefulMemcpy_r(&st, &image->firmware_sign_algorithm, FIELD_LEN(header_len)); |
180 StatefulMemcpy_r(&st, &image->firmware_key_version, | 182 StatefulMemcpy_r(&st, &image->firmware_key_version, |
181 FIELD_LEN(firmware_key_version)); | 183 FIELD_LEN(firmware_key_version)); |
182 StatefulMemcpy_r(&st, image->firmware_sign_key, | 184 StatefulMemcpy_r(&st, image->firmware_sign_key, |
183 RSAProcessedKeySize(image->firmware_sign_algorithm)); | 185 RSAProcessedKeySize(image->firmware_sign_algorithm)); |
184 StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum)); | 186 StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum)); |
185 | 187 |
186 if (st.remaining_len != 0) { /* Underrun or Overrun. */ | 188 if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */ |
187 Free(header_blob); | 189 Free(header_blob); |
188 return NULL; | 190 return NULL; |
189 } | 191 } |
190 return header_blob; | 192 return header_blob; |
191 } | 193 } |
192 | 194 |
193 int GetFirmwarePreambleLen(void) { | 195 int GetFirmwarePreambleLen(void) { |
194 return (FIELD_LEN(firmware_version) + FIELD_LEN(firmware_len) + | 196 return (FIELD_LEN(firmware_version) + FIELD_LEN(firmware_len) + |
195 FIELD_LEN(preamble)); | 197 FIELD_LEN(preamble)); |
196 } | 198 } |
197 | 199 |
198 uint8_t* GetFirmwarePreambleBlob(const FirmwareImage* image) { | 200 uint8_t* GetFirmwarePreambleBlob(const FirmwareImage* image) { |
199 uint8_t* preamble_blob = NULL; | 201 uint8_t* preamble_blob = NULL; |
200 MemcpyState st; | 202 MemcpyState st; |
201 | 203 |
202 preamble_blob = (uint8_t*) Malloc(GetFirmwarePreambleLen()); | 204 preamble_blob = (uint8_t*) Malloc(GetFirmwarePreambleLen()); |
203 st.remaining_len = GetFirmwarePreambleLen(); | 205 st.remaining_len = GetFirmwarePreambleLen(); |
204 st.remaining_buf = preamble_blob; | 206 st.remaining_buf = preamble_blob; |
| 207 st.overrun = 0; |
205 | 208 |
206 StatefulMemcpy_r(&st, &image->firmware_version, FIELD_LEN(firmware_version)); | 209 StatefulMemcpy_r(&st, &image->firmware_version, FIELD_LEN(firmware_version)); |
207 StatefulMemcpy_r(&st, &image->firmware_len, FIELD_LEN(firmware_len)); | 210 StatefulMemcpy_r(&st, &image->firmware_len, FIELD_LEN(firmware_len)); |
208 StatefulMemcpy_r(&st, image->preamble, FIELD_LEN(preamble)); | 211 StatefulMemcpy_r(&st, image->preamble, FIELD_LEN(preamble)); |
209 | 212 |
210 if (st.remaining_len != 0 ) { /* Underrun or Overrun. */ | 213 if (st.overrun || st.remaining_len != 0 ) { /* Underrun or Overrun. */ |
211 Free(preamble_blob); | 214 Free(preamble_blob); |
212 return NULL; | 215 return NULL; |
213 } | 216 } |
214 return preamble_blob; | 217 return preamble_blob; |
215 } | 218 } |
216 | 219 |
217 | 220 |
218 uint8_t* GetFirmwareBlob(const FirmwareImage* image, uint64_t* blob_len) { | 221 uint8_t* GetFirmwareBlob(const FirmwareImage* image, uint64_t* blob_len) { |
219 int firmware_signature_len; | 222 int firmware_signature_len; |
220 uint8_t* firmware_blob = NULL; | 223 uint8_t* firmware_blob = NULL; |
221 uint8_t* header_blob = NULL; | 224 uint8_t* header_blob = NULL; |
222 uint8_t* preamble_blob = NULL; | 225 uint8_t* preamble_blob = NULL; |
223 MemcpyState st; | 226 MemcpyState st; |
224 | 227 |
225 if (!image) | 228 if (!image) |
226 return NULL; | 229 return NULL; |
227 | 230 |
228 firmware_signature_len = siglen_map[image->firmware_sign_algorithm]; | 231 firmware_signature_len = siglen_map[image->firmware_sign_algorithm]; |
229 *blob_len = (FIELD_LEN(magic) + | 232 *blob_len = (FIELD_LEN(magic) + |
230 GetFirmwareHeaderLen(image) + | 233 GetFirmwareHeaderLen(image) + |
231 FIELD_LEN(firmware_key_signature) + | 234 FIELD_LEN(firmware_key_signature) + |
232 GetFirmwarePreambleLen() + | 235 GetFirmwarePreambleLen() + |
233 2 * firmware_signature_len + | 236 2 * firmware_signature_len + |
234 image->firmware_len); | 237 image->firmware_len); |
235 firmware_blob = (uint8_t*) Malloc(*blob_len); | 238 firmware_blob = (uint8_t*) Malloc(*blob_len); |
236 st.remaining_len = *blob_len; | 239 st.remaining_len = *blob_len; |
237 st.remaining_buf = firmware_blob; | 240 st.remaining_buf = firmware_blob; |
| 241 st.overrun = 0; |
238 | 242 |
239 header_blob = GetFirmwareHeaderBlob(image); | 243 header_blob = GetFirmwareHeaderBlob(image); |
240 preamble_blob = GetFirmwarePreambleBlob(image); | 244 preamble_blob = GetFirmwarePreambleBlob(image); |
241 | 245 |
242 StatefulMemcpy_r(&st, image->magic, FIELD_LEN(magic)); | 246 StatefulMemcpy_r(&st, image->magic, FIELD_LEN(magic)); |
243 StatefulMemcpy_r(&st, header_blob, GetFirmwareHeaderLen(image)); | 247 StatefulMemcpy_r(&st, header_blob, GetFirmwareHeaderLen(image)); |
244 StatefulMemcpy_r(&st, image->firmware_key_signature, | 248 StatefulMemcpy_r(&st, image->firmware_key_signature, |
245 FIELD_LEN(firmware_key_signature)); | 249 FIELD_LEN(firmware_key_signature)); |
246 StatefulMemcpy_r(&st, preamble_blob, GetFirmwarePreambleLen()); | 250 StatefulMemcpy_r(&st, preamble_blob, GetFirmwarePreambleLen()); |
247 StatefulMemcpy_r(&st, image->preamble_signature, firmware_signature_len); | 251 StatefulMemcpy_r(&st, image->preamble_signature, firmware_signature_len); |
248 StatefulMemcpy_r(&st, image->firmware_signature, firmware_signature_len); | 252 StatefulMemcpy_r(&st, image->firmware_signature, firmware_signature_len); |
249 StatefulMemcpy_r(&st, image->firmware_data, image->firmware_len); | 253 StatefulMemcpy_r(&st, image->firmware_data, image->firmware_len); |
250 | 254 |
251 Free(preamble_blob); | 255 Free(preamble_blob); |
252 Free(header_blob); | 256 Free(header_blob); |
253 | 257 |
254 if (st.remaining_len != 0) { /* Underrun or Overrun. */ | 258 if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */ |
255 Free(firmware_blob); | 259 Free(firmware_blob); |
256 return NULL; | 260 return NULL; |
257 } | 261 } |
258 return firmware_blob; | 262 return firmware_blob; |
259 } | 263 } |
260 | 264 |
261 int WriteFirmwareImage(const char* input_file, | 265 int WriteFirmwareImage(const char* input_file, |
262 const FirmwareImage* image) { | 266 const FirmwareImage* image) { |
263 int fd; | 267 int fd; |
264 uint8_t* firmware_blob; | 268 uint8_t* firmware_blob; |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
374 *header_len, /* Length of data */ | 378 *header_len, /* Length of data */ |
375 header_blob + *header_len, /* Expected Signature */ | 379 header_blob + *header_len, /* Expected Signature */ |
376 ROOT_SIGNATURE_ALGORITHM)) | 380 ROOT_SIGNATURE_ALGORITHM)) |
377 return VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED; | 381 return VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED; |
378 return 0; | 382 return 0; |
379 } | 383 } |
380 | 384 |
381 int VerifyFirmwarePreamble(RSAPublicKey* firmware_sign_key, | 385 int VerifyFirmwarePreamble(RSAPublicKey* firmware_sign_key, |
382 const uint8_t* preamble_blob, | 386 const uint8_t* preamble_blob, |
383 int algorithm, | 387 int algorithm, |
384 int* firmware_len) { | 388 uint64_t* firmware_len) { |
385 uint32_t len; | 389 uint64_t len; |
386 int preamble_len; | 390 int preamble_len; |
387 uint16_t firmware_version; | 391 uint16_t firmware_version; |
388 | 392 |
389 Memcpy(&firmware_version, preamble_blob, sizeof(firmware_version)); | 393 Memcpy(&firmware_version, preamble_blob, sizeof(firmware_version)); |
390 | 394 |
391 preamble_len = (FIELD_LEN(firmware_version) + | 395 preamble_len = (FIELD_LEN(firmware_version) + |
392 FIELD_LEN(firmware_len) + | 396 FIELD_LEN(firmware_len) + |
393 FIELD_LEN(preamble)); | 397 FIELD_LEN(preamble)); |
394 if (!RSAVerifyBinary_f(NULL, firmware_sign_key, /* Key to use */ | 398 if (!RSAVerifyBinary_f(NULL, firmware_sign_key, /* Key to use */ |
395 preamble_blob, /* Data to verify */ | 399 preamble_blob, /* Data to verify */ |
396 preamble_len, /* Length of data */ | 400 preamble_len, /* Length of data */ |
397 preamble_blob + preamble_len, /* Expected Signature */ | 401 preamble_blob + preamble_len, /* Expected Signature */ |
398 algorithm)) | 402 algorithm)) |
399 return VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; | 403 return VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; |
400 | 404 |
401 Memcpy(&len, preamble_blob + FIELD_LEN(firmware_version), | 405 Memcpy(&len, preamble_blob + FIELD_LEN(firmware_version), |
402 sizeof(len)); | 406 sizeof(len)); |
403 *firmware_len = (int) len; | 407 *firmware_len = len; |
404 return 0; | 408 return 0; |
405 } | 409 } |
406 | 410 |
407 int VerifyFirmwareData(RSAPublicKey* firmware_sign_key, | 411 int VerifyFirmwareData(RSAPublicKey* firmware_sign_key, |
408 const uint8_t* preamble_start, | 412 const uint8_t* preamble_start, |
409 const uint8_t* firmware_data_start, | 413 const uint8_t* firmware_data_start, |
410 int firmware_len, | 414 uint64_t firmware_len, |
411 int algorithm) { | 415 int algorithm) { |
412 int signature_len = siglen_map[algorithm]; | 416 int signature_len = siglen_map[algorithm]; |
413 uint8_t* digest; | 417 uint8_t* digest; |
414 DigestContext ctx; | 418 DigestContext ctx; |
415 | 419 |
416 /* Since the firmware signature is over the preamble and the firmware data, | 420 /* Since the firmware signature is over the preamble and the firmware data, |
417 * which does not form a contiguous region of memory, we calculate the | 421 * which does not form a contiguous region of memory, we calculate the |
418 * message digest ourselves. */ | 422 * message digest ourselves. */ |
419 DigestInit(&ctx, algorithm); | 423 DigestInit(&ctx, algorithm); |
420 DigestUpdate(&ctx, preamble_start, GetFirmwarePreambleLen()); | 424 DigestUpdate(&ctx, preamble_start, GetFirmwarePreambleLen()); |
421 DigestUpdate(&ctx, firmware_data_start + signature_len, firmware_len); | 425 DigestUpdate(&ctx, firmware_data_start + signature_len, firmware_len); |
422 digest = DigestFinal(&ctx); | 426 digest = DigestFinal(&ctx); |
423 if (!RSAVerifyBinaryWithDigest_f( | 427 if (!RSAVerifyBinaryWithDigest_f( |
424 NULL, firmware_sign_key, /* Key to use. */ | 428 NULL, firmware_sign_key, /* Key to use. */ |
425 digest, /* Digest of the data to verify. */ | 429 digest, /* Digest of the data to verify. */ |
426 firmware_data_start, /* Expected Signature */ | 430 firmware_data_start, /* Expected Signature */ |
427 algorithm)) { | 431 algorithm)) { |
428 Free(digest); | 432 Free(digest); |
429 return VERIFY_FIRMWARE_SIGNATURE_FAILED; | 433 return VERIFY_FIRMWARE_SIGNATURE_FAILED; |
430 } | 434 } |
431 Free(digest); | 435 Free(digest); |
432 return 0; | 436 return 0; |
433 } | 437 } |
434 | 438 |
435 int VerifyFirmware(const uint8_t* root_key_blob, | 439 int VerifyFirmware(const uint8_t* root_key_blob, |
436 const uint8_t* firmware_blob) { | 440 const uint8_t* firmware_blob) { |
437 int error_code = 0; | 441 int error_code = 0; |
438 int algorithm; /* Signing key algorithm. */ | 442 int algorithm; /* Signing key algorithm. */ |
439 RSAPublicKey* firmware_sign_key = NULL; | 443 RSAPublicKey* firmware_sign_key = NULL; |
440 int firmware_sign_key_len, signature_len, header_len, firmware_len; | 444 int firmware_sign_key_len, signature_len, header_len; |
| 445 uint64_t firmware_len; |
441 const uint8_t* header_ptr = NULL; /* Pointer to header. */ | 446 const uint8_t* header_ptr = NULL; /* Pointer to header. */ |
442 const uint8_t* firmware_sign_key_ptr = NULL; /* Pointer to signing key. */ | 447 const uint8_t* firmware_sign_key_ptr = NULL; /* Pointer to signing key. */ |
443 const uint8_t* preamble_ptr = NULL; /* Pointer to preamble block. */ | 448 const uint8_t* preamble_ptr = NULL; /* Pointer to preamble block. */ |
444 const uint8_t* firmware_ptr = NULL; /* Pointer to firmware signature/data. */ | 449 const uint8_t* firmware_ptr = NULL; /* Pointer to firmware signature/data. */ |
445 | 450 |
446 /* Note: All the offset calculations are based on struct FirmwareImage which | 451 /* Note: All the offset calculations are based on struct FirmwareImage which |
447 * is defined in include/firmware_image.h. */ | 452 * is defined in include/firmware_image.h. */ |
448 | 453 |
449 /* Compare magic bytes. */ | 454 /* Compare magic bytes. */ |
450 if (SafeMemcmp(firmware_blob, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE)) | 455 if (SafeMemcmp(firmware_blob, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE)) |
(...skipping 15 matching lines...) Expand all Loading... |
466 firmware_sign_key_len); | 471 firmware_sign_key_len); |
467 signature_len = siglen_map[algorithm]; | 472 signature_len = siglen_map[algorithm]; |
468 | 473 |
469 /* Only continue if preamble verification succeeds. */ | 474 /* Only continue if preamble verification succeeds. */ |
470 preamble_ptr = (header_ptr + header_len + | 475 preamble_ptr = (header_ptr + header_len + |
471 FIELD_LEN(firmware_key_signature)); | 476 FIELD_LEN(firmware_key_signature)); |
472 if ((error_code = VerifyFirmwarePreamble(firmware_sign_key, preamble_ptr, | 477 if ((error_code = VerifyFirmwarePreamble(firmware_sign_key, preamble_ptr, |
473 algorithm, | 478 algorithm, |
474 &firmware_len))) { | 479 &firmware_len))) { |
475 RSAPublicKeyFree(firmware_sign_key); | 480 RSAPublicKeyFree(firmware_sign_key); |
| 481 fprintf(stderr, "Couldn't verify Firmware preamble.\n"); |
476 return error_code; /* AKA jump to recovery. */ | 482 return error_code; /* AKA jump to recovery. */ |
477 } | 483 } |
478 /* Only continue if firmware data verification succeeds. */ | 484 /* Only continue if firmware data verification succeeds. */ |
479 firmware_ptr = (preamble_ptr + | 485 firmware_ptr = (preamble_ptr + |
480 GetFirmwarePreambleLen() + | 486 GetFirmwarePreambleLen() + |
481 signature_len); | 487 signature_len); |
482 | 488 |
483 if ((error_code = VerifyFirmwareData(firmware_sign_key, preamble_ptr, | 489 if ((error_code = VerifyFirmwareData(firmware_sign_key, preamble_ptr, |
484 firmware_ptr, | 490 firmware_ptr, |
485 firmware_len, | 491 firmware_len, |
486 algorithm))) { | 492 algorithm))) { |
487 RSAPublicKeyFree(firmware_sign_key); | 493 RSAPublicKeyFree(firmware_sign_key); |
| 494 fprintf(stderr, "Couldn't verify Firmware data.\n"); |
488 return error_code; /* AKA jump to recovery. */ | 495 return error_code; /* AKA jump to recovery. */ |
489 } | 496 } |
490 | 497 |
491 RSAPublicKeyFree(firmware_sign_key); | 498 RSAPublicKeyFree(firmware_sign_key); |
492 return 0; /* Success! */ | 499 return 0; /* Success! */ |
493 } | 500 } |
494 | 501 |
495 int VerifyFirmwareImage(const RSAPublicKey* root_key, | 502 int VerifyFirmwareImage(const RSAPublicKey* root_key, |
496 const FirmwareImage* image) { | 503 const FirmwareImage* image) { |
497 RSAPublicKey* firmware_sign_key = NULL; | 504 RSAPublicKey* firmware_sign_key = NULL; |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
532 FIELD_LEN(firmware_key_signature), | 539 FIELD_LEN(firmware_key_signature), |
533 ROOT_SIGNATURE_ALGORITHM, | 540 ROOT_SIGNATURE_ALGORITHM, |
534 header_digest)) { | 541 header_digest)) { |
535 error_code = VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED; | 542 error_code = VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED; |
536 goto verify_failure; | 543 goto verify_failure; |
537 } | 544 } |
538 | 545 |
539 /* Get sign key to verify the rest of the firmware. */ | 546 /* Get sign key to verify the rest of the firmware. */ |
540 firmware_sign_key_size = RSAProcessedKeySize(image->firmware_sign_algorithm); | 547 firmware_sign_key_size = RSAProcessedKeySize(image->firmware_sign_algorithm); |
541 firmware_sign_key = RSAPublicKeyFromBuf(image->firmware_sign_key, | 548 firmware_sign_key = RSAPublicKeyFromBuf(image->firmware_sign_key, |
542 firmware_sign_key_size); | 549 firmware_sign_key_size); |
543 signature_size = siglen_map[image->firmware_sign_algorithm]; | 550 signature_size = siglen_map[image->firmware_sign_algorithm]; |
544 | 551 |
545 if (image->firmware_sign_algorithm >= kNumAlgorithms) | 552 if (image->firmware_sign_algorithm >= kNumAlgorithms) |
546 return VERIFY_FIRMWARE_INVALID_ALGORITHM; | 553 return VERIFY_FIRMWARE_INVALID_ALGORITHM; |
547 | 554 |
548 /* Verify firmware preamble signature. */ | 555 /* Verify firmware preamble signature. */ |
549 DigestInit(&ctx, image->firmware_sign_algorithm); | 556 DigestInit(&ctx, image->firmware_sign_algorithm); |
550 DigestUpdate(&ctx, (uint8_t*) &image->firmware_version, | 557 DigestUpdate(&ctx, (uint8_t*) &image->firmware_version, |
551 FIELD_LEN(firmware_version)); | 558 FIELD_LEN(firmware_version)); |
552 DigestUpdate(&ctx, (uint8_t*) &image->firmware_len, | 559 DigestUpdate(&ctx, (uint8_t*) &image->firmware_len, |
553 FIELD_LEN(firmware_len)); | 560 FIELD_LEN(firmware_len)); |
554 DigestUpdate(&ctx, (uint8_t*) &image->preamble, | 561 DigestUpdate(&ctx, (uint8_t*) &image->preamble, |
555 FIELD_LEN(preamble)); | 562 FIELD_LEN(preamble)); |
556 preamble_digest = DigestFinal(&ctx); | 563 preamble_digest = DigestFinal(&ctx); |
557 if (!RSAVerify(firmware_sign_key, image->preamble_signature, | 564 if (!RSAVerify(firmware_sign_key, image->preamble_signature, |
558 signature_size, image->firmware_sign_algorithm, | 565 signature_size, image->firmware_sign_algorithm, |
559 preamble_digest)) { | 566 preamble_digest)) { |
560 error_code = VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; | 567 error_code = VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; |
561 goto verify_failure; | 568 goto verify_failure; |
562 } | 569 } |
563 | 570 |
564 /* Verify firmware signature - firmware signature is on the contents | 571 /* Verify firmware signature - firmware signature is on the contents |
565 of firmware preamble + firmware_data. */ | 572 of firmware preamble + firmware_data. */ |
566 DigestInit(&firmware_ctx, image->firmware_sign_algorithm); | 573 DigestInit(&firmware_ctx, image->firmware_sign_algorithm); |
567 DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_version, | 574 DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_version, |
568 FIELD_LEN(firmware_version)); | 575 FIELD_LEN(firmware_version)); |
569 DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_len, | 576 DigestUpdate(&firmware_ctx, (uint8_t*) &image->firmware_len, |
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
759 * attempted. | 766 * attempted. |
760 * If FirmwareB is not a rollback, then we attempt to do the verification. | 767 * If FirmwareB is not a rollback, then we attempt to do the verification. |
761 */ | 768 */ |
762 if (stored_lversion <= firmwareB_lversion && | 769 if (stored_lversion <= firmwareB_lversion && |
763 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareB))) | 770 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareB))) |
764 return BOOT_FIRMWARE_B_CONTINUE; | 771 return BOOT_FIRMWARE_B_CONTINUE; |
765 } | 772 } |
766 /* D'oh: No bootable firmware. */ | 773 /* D'oh: No bootable firmware. */ |
767 return BOOT_FIRMWARE_RECOVERY_CONTINUE; | 774 return BOOT_FIRMWARE_RECOVERY_CONTINUE; |
768 } | 775 } |
OLD | NEW |