| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Functions for verifying a verified boot firmware image. | 5 * Functions for verifying a verified boot firmware image. |
| 6 * (Firmware Portion) | 6 * (Firmware Portion) |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include "firmware_image_fw.h" | 9 #include "firmware_image_fw.h" |
| 10 | 10 |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 108 return VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; | 108 return VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; |
| 109 | 109 |
| 110 Memcpy(&len, preamble_blob + FIELD_LEN(firmware_version), | 110 Memcpy(&len, preamble_blob + FIELD_LEN(firmware_version), |
| 111 sizeof(len)); | 111 sizeof(len)); |
| 112 *firmware_len = len; | 112 *firmware_len = len; |
| 113 return 0; | 113 return 0; |
| 114 } | 114 } |
| 115 | 115 |
| 116 int VerifyFirmwareData(RSAPublicKey* firmware_sign_key, | 116 int VerifyFirmwareData(RSAPublicKey* firmware_sign_key, |
| 117 const uint8_t* preamble_start, | 117 const uint8_t* preamble_start, |
| 118 const uint8_t* firmware_data_start, | 118 const uint8_t* firmware_data, |
| 119 uint64_t firmware_len, | 119 uint64_t firmware_len, |
| 120 int algorithm) { | 120 int algorithm) { |
| 121 int signature_len = siglen_map[algorithm]; | 121 int signature_len = siglen_map[algorithm]; |
| 122 uint8_t* digest; | 122 int preamble_len = (FIELD_LEN(firmware_version) + |
| 123 FIELD_LEN(firmware_len) + |
| 124 FIELD_LEN(preamble));; |
| 125 uint8_t* digest = NULL; |
| 126 const uint8_t* firmware_signature = NULL; |
| 123 DigestContext ctx; | 127 DigestContext ctx; |
| 124 | 128 |
| 125 /* Since the firmware signature is over the preamble and the firmware data, | 129 /* Since the firmware signature is over the preamble and the firmware data, |
| 126 * which does not form a contiguous region of memory, we calculate the | 130 * which does not form a contiguous region of memory, we calculate the |
| 127 * message digest ourselves. */ | 131 * message digest ourselves. */ |
| 128 DigestInit(&ctx, algorithm); | 132 DigestInit(&ctx, algorithm); |
| 129 DigestUpdate(&ctx, preamble_start, | 133 DigestUpdate(&ctx, preamble_start, preamble_len); |
| 130 (FIELD_LEN(firmware_version) + | 134 DigestUpdate(&ctx, firmware_data, firmware_len); |
| 131 FIELD_LEN(firmware_len) + | |
| 132 FIELD_LEN(preamble))); | |
| 133 DigestUpdate(&ctx, firmware_data_start + signature_len, firmware_len); | |
| 134 digest = DigestFinal(&ctx); | 135 digest = DigestFinal(&ctx); |
| 136 /* Firmware signature is at the end of preamble and preamble signature. */ |
| 137 firmware_signature = preamble_start + preamble_len + signature_len; |
| 135 if (!RSAVerifyBinaryWithDigest_f( | 138 if (!RSAVerifyBinaryWithDigest_f( |
| 136 NULL, firmware_sign_key, /* Key to use. */ | 139 NULL, firmware_sign_key, /* Key to use. */ |
| 137 digest, /* Digest of the data to verify. */ | 140 digest, /* Digest of the data to verify. */ |
| 138 firmware_data_start, /* Expected Signature */ | 141 firmware_signature, /* Expected Signature */ |
| 139 algorithm)) { | 142 algorithm)) { |
| 140 Free(digest); | 143 Free(digest); |
| 141 return VERIFY_FIRMWARE_SIGNATURE_FAILED; | 144 return VERIFY_FIRMWARE_SIGNATURE_FAILED; |
| 142 } | 145 } |
| 143 Free(digest); | 146 Free(digest); |
| 144 return 0; | 147 return 0; |
| 145 } | 148 } |
| 146 | 149 |
| 147 int VerifyFirmware(const uint8_t* root_key_blob, | 150 int VerifyFirmware(const uint8_t* root_key_blob, |
| 151 const uint8_t* verification_header_blob, |
| 148 const uint8_t* firmware_blob) { | 152 const uint8_t* firmware_blob) { |
| 149 int error_code = 0; | 153 int error_code = 0; |
| 150 int algorithm; /* Signing key algorithm. */ | 154 int algorithm; /* Signing key algorithm. */ |
| 151 RSAPublicKey* firmware_sign_key = NULL; | 155 RSAPublicKey* firmware_sign_key = NULL; |
| 152 int firmware_sign_key_len, signature_len, header_len; | 156 int firmware_sign_key_len, signature_len, header_len; |
| 153 uint64_t firmware_len; | 157 uint64_t firmware_len; |
| 154 const uint8_t* header_ptr = NULL; /* Pointer to header. */ | 158 const uint8_t* header_ptr = NULL; /* Pointer to header. */ |
| 155 const uint8_t* firmware_sign_key_ptr = NULL; /* Pointer to signing key. */ | 159 const uint8_t* firmware_sign_key_ptr = NULL; /* Pointer to signing key. */ |
| 156 const uint8_t* preamble_ptr = NULL; /* Pointer to preamble block. */ | 160 const uint8_t* preamble_ptr = NULL; /* Pointer to preamble block. */ |
| 157 const uint8_t* firmware_ptr = NULL; /* Pointer to firmware signature/data. */ | |
| 158 | 161 |
| 159 /* Note: All the offset calculations are based on struct FirmwareImage which | 162 /* Note: All the offset calculations are based on struct FirmwareImage which |
| 160 * is defined in include/firmware_image.h. */ | 163 * is defined in include/firmware_image_fw.h. */ |
| 161 | 164 |
| 162 /* Compare magic bytes. */ | 165 /* Compare magic bytes. */ |
| 163 if (SafeMemcmp(firmware_blob, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE)) | 166 if (SafeMemcmp(verification_header_blob, FIRMWARE_MAGIC, |
| 167 FIRMWARE_MAGIC_SIZE)) { |
| 168 debug("Wrong Firmware Magic.\n"); |
| 164 return VERIFY_FIRMWARE_WRONG_MAGIC; | 169 return VERIFY_FIRMWARE_WRONG_MAGIC; |
| 165 header_ptr = firmware_blob + FIRMWARE_MAGIC_SIZE; | 170 } |
| 171 header_ptr = verification_header_blob + FIRMWARE_MAGIC_SIZE; |
| 166 | 172 |
| 167 /* Only continue if header verification succeeds. */ | 173 /* Only continue if header verification succeeds. */ |
| 168 if ((error_code = VerifyFirmwareHeader(root_key_blob, header_ptr, | 174 if ((error_code = VerifyFirmwareHeader(root_key_blob, header_ptr, |
| 169 &algorithm, &header_len))) | 175 &algorithm, &header_len))) { |
| 176 debug("Couldn't verify Firmware header.\n"); |
| 170 return error_code; /* AKA jump to revovery. */ | 177 return error_code; /* AKA jump to revovery. */ |
| 171 | 178 } |
| 172 /* Parse signing key into RSAPublicKey structure since it is required multiple | 179 /* Parse signing key into RSAPublicKey structure since it is required multiple |
| 173 * times. */ | 180 * times. */ |
| 174 firmware_sign_key_len = RSAProcessedKeySize(algorithm); | 181 firmware_sign_key_len = RSAProcessedKeySize(algorithm); |
| 175 firmware_sign_key_ptr = header_ptr + (FIELD_LEN(header_len) + | 182 firmware_sign_key_ptr = header_ptr + (FIELD_LEN(header_len) + |
| 176 FIELD_LEN(firmware_sign_algorithm) + | 183 FIELD_LEN(firmware_sign_algorithm) + |
| 177 FIELD_LEN(firmware_key_version)); | 184 FIELD_LEN(firmware_key_version)); |
| 178 firmware_sign_key = RSAPublicKeyFromBuf(firmware_sign_key_ptr, | 185 firmware_sign_key = RSAPublicKeyFromBuf(firmware_sign_key_ptr, |
| 179 firmware_sign_key_len); | 186 firmware_sign_key_len); |
| 180 signature_len = siglen_map[algorithm]; | 187 signature_len = siglen_map[algorithm]; |
| 181 | 188 |
| 182 /* Only continue if preamble verification succeeds. */ | 189 /* Only continue if preamble verification succeeds. */ |
| 183 preamble_ptr = (header_ptr + header_len + | 190 preamble_ptr = (header_ptr + header_len + |
| 184 FIELD_LEN(firmware_key_signature)); | 191 FIELD_LEN(firmware_key_signature)); |
| 185 if ((error_code = VerifyFirmwarePreamble(firmware_sign_key, preamble_ptr, | 192 if ((error_code = VerifyFirmwarePreamble(firmware_sign_key, preamble_ptr, |
| 186 algorithm, | 193 algorithm, |
| 187 &firmware_len))) { | 194 &firmware_len))) { |
| 188 RSAPublicKeyFree(firmware_sign_key); | 195 RSAPublicKeyFree(firmware_sign_key); |
| 189 debug("Couldn't verify Firmware preamble.\n"); | 196 debug("Couldn't verify Firmware preamble.\n"); |
| 190 return error_code; /* AKA jump to recovery. */ | 197 return error_code; /* AKA jump to recovery. */ |
| 191 } | 198 } |
| 192 /* Only continue if firmware data verification succeeds. */ | |
| 193 firmware_ptr = (preamble_ptr + | |
| 194 (FIELD_LEN(firmware_version) + /* Skip the preamble. */ | |
| 195 FIELD_LEN(firmware_len) + | |
| 196 FIELD_LEN(preamble)) + | |
| 197 signature_len); | |
| 198 | 199 |
| 199 if ((error_code = VerifyFirmwareData(firmware_sign_key, preamble_ptr, | 200 if ((error_code = VerifyFirmwareData(firmware_sign_key, preamble_ptr, |
| 200 firmware_ptr, | 201 firmware_blob, |
| 201 firmware_len, | 202 firmware_len, |
| 202 algorithm))) { | 203 algorithm))) { |
| 203 RSAPublicKeyFree(firmware_sign_key); | 204 RSAPublicKeyFree(firmware_sign_key); |
| 204 debug("Couldn't verify Firmware data.\n"); | 205 debug("Couldn't verify Firmware data.\n"); |
| 205 return error_code; /* AKA jump to recovery. */ | 206 return error_code; /* AKA jump to recovery. */ |
| 206 } | 207 } |
| 207 | 208 |
| 208 RSAPublicKeyFree(firmware_sign_key); | 209 RSAPublicKeyFree(firmware_sign_key); |
| 209 return 0; /* Success! */ | 210 return VERIFY_FIRMWARE_SUCCESS; /* Success! */ |
| 210 } | 211 } |
| 211 | 212 |
| 212 uint32_t GetLogicalFirmwareVersion(uint8_t* firmware_blob) { | 213 uint32_t GetLogicalFirmwareVersion(uint8_t* verification_header_blob) { |
| 213 uint16_t firmware_key_version; | 214 uint16_t firmware_key_version; |
| 214 uint16_t firmware_version; | 215 uint16_t firmware_version; |
| 215 uint16_t firmware_sign_algorithm; | 216 uint16_t firmware_sign_algorithm; |
| 216 int firmware_sign_key_len; | 217 int firmware_sign_key_len; |
| 217 Memcpy(&firmware_sign_algorithm, | 218 Memcpy(&firmware_sign_algorithm, |
| 218 firmware_blob + (FIELD_LEN(magic) + /* Offset to field. */ | 219 verification_header_blob + (FIELD_LEN(magic) + /* Offset to field. */ |
| 219 FIELD_LEN(header_len)), | 220 FIELD_LEN(header_len)), |
| 220 sizeof(firmware_sign_algorithm)); | 221 sizeof(firmware_sign_algorithm)); |
| 221 Memcpy(&firmware_key_version, | 222 Memcpy(&firmware_key_version, |
| 222 firmware_blob + (FIELD_LEN(magic) + /* Offset to field. */ | 223 verification_header_blob + (FIELD_LEN(magic) + /* Offset to field. */ |
| 223 FIELD_LEN(header_len) + | 224 FIELD_LEN(header_len) + |
| 224 FIELD_LEN(firmware_sign_algorithm)), | 225 FIELD_LEN(firmware_sign_algorithm)), |
| 225 sizeof(firmware_key_version)); | 226 sizeof(firmware_key_version)); |
| 226 if (firmware_sign_algorithm >= kNumAlgorithms) | 227 if (firmware_sign_algorithm >= kNumAlgorithms) |
| 227 return 0; | 228 return 0; |
| 228 firmware_sign_key_len = RSAProcessedKeySize(firmware_sign_algorithm); | 229 firmware_sign_key_len = RSAProcessedKeySize(firmware_sign_algorithm); |
| 229 Memcpy(&firmware_version, | 230 Memcpy(&firmware_version, |
| 230 firmware_blob + (FIELD_LEN(magic) + /* Offset to field. */ | 231 verification_header_blob + (FIELD_LEN(magic) + /* Offset to field. */ |
| 231 FIELD_LEN(header_len) + | 232 FIELD_LEN(header_len) + |
| 232 FIELD_LEN(firmware_key_version) + | 233 FIELD_LEN(firmware_key_version) + |
| 233 firmware_sign_key_len + | 234 firmware_sign_key_len + |
| 234 FIELD_LEN(header_checksum) + | 235 FIELD_LEN(header_checksum) + |
| 235 FIELD_LEN(firmware_key_signature)), | 236 FIELD_LEN(firmware_key_signature)), |
| 236 sizeof(firmware_version)); | 237 sizeof(firmware_version)); |
| 237 return CombineUint16Pair(firmware_key_version, firmware_version); | 238 return CombineUint16Pair(firmware_key_version, firmware_version); |
| 238 } | 239 } |
| 239 | 240 |
| 240 int VerifyFirmwareDriver_f(uint8_t* root_key_blob, | 241 int VerifyFirmwareDriver_f(uint8_t* root_key_blob, |
| 242 uint8_t* verification_headerA, |
| 241 uint8_t* firmwareA, | 243 uint8_t* firmwareA, |
| 244 uint8_t* verification_headerB, |
| 242 uint8_t* firmwareB) { | 245 uint8_t* firmwareB) { |
| 243 /* Contains the logical firmware version (32-bit) which is calculated as | 246 /* Contains the logical firmware version (32-bit) which is calculated as |
| 244 * (firmware_key_version << 16 | firmware_version) where | 247 * (firmware_key_version << 16 | firmware_version) where |
| 245 * [firmware_key_version] [firmware_version] are both 16-bit. | 248 * [firmware_key_version] [firmware_version] are both 16-bit. |
| 246 */ | 249 */ |
| 247 uint32_t firmwareA_lversion, firmwareB_lversion; | 250 uint32_t firmwareA_lversion, firmwareB_lversion; |
| 248 uint8_t firmwareA_is_verified = 0; /* Whether firmwareA verify succeeded. */ | 251 uint8_t firmwareA_is_verified = 0; /* Whether firmwareA verify succeeded. */ |
| 249 uint32_t min_lversion; /* Minimum of firmware A and firmware lversion. */ | 252 uint32_t min_lversion; /* Minimum of firmware A and firmware lversion. */ |
| 250 uint32_t stored_lversion; /* Stored logical version in the TPM. */ | 253 uint32_t stored_lversion; /* Stored logical version in the TPM. */ |
| 251 | 254 |
| 252 /* Initialize the TPM since we'll be reading the rollback indices. */ | 255 /* Initialize the TPM since we'll be reading the rollback indices. */ |
| 253 SetupTPM(); | 256 SetupTPM(); |
| 254 | 257 |
| 255 /* We get the key versions by reading directly from the image blobs without | 258 /* We get the key versions by reading directly from the image blobs without |
| 256 * any additional (expensive) sanity checking on the blob since it's faster to | 259 * any additional (expensive) sanity checking on the blob since it's faster to |
| 257 * outright reject a firmware with an older firmware key version. A malformed | 260 * outright reject a firmware with an older firmware key version. A malformed |
| 258 * or corrupted firmware blob will still fail when VerifyFirmware() is called | 261 * or corrupted firmware blob will still fail when VerifyFirmware() is called |
| 259 * on it. | 262 * on it. |
| 260 */ | 263 */ |
| 261 firmwareA_lversion = GetLogicalFirmwareVersion(firmwareA); | 264 firmwareA_lversion = GetLogicalFirmwareVersion(verification_headerA); |
| 262 firmwareB_lversion = GetLogicalFirmwareVersion(firmwareB); | 265 firmwareB_lversion = GetLogicalFirmwareVersion(verification_headerB); |
| 263 min_lversion = Min(firmwareA_lversion, firmwareB_lversion); | 266 min_lversion = Min(firmwareA_lversion, firmwareB_lversion); |
| 264 stored_lversion = CombineUint16Pair(GetStoredVersion(FIRMWARE_KEY_VERSION), | 267 stored_lversion = CombineUint16Pair(GetStoredVersion(FIRMWARE_KEY_VERSION), |
| 265 GetStoredVersion(FIRMWARE_VERSION)); | 268 GetStoredVersion(FIRMWARE_VERSION)); |
| 266 /* Always try FirmwareA first. */ | 269 /* Always try FirmwareA first. */ |
| 267 if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareA)) | 270 if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, |
| 271 verification_headerA, |
| 272 firmwareA)) |
| 268 firmwareA_is_verified = 1; | 273 firmwareA_is_verified = 1; |
| 269 if (firmwareA_is_verified && (stored_lversion < firmwareA_lversion)) { | 274 if (firmwareA_is_verified && (stored_lversion < firmwareA_lversion)) { |
| 270 /* Stored version may need to be updated but only if FirmwareB | 275 /* Stored version may need to be updated but only if FirmwareB |
| 271 * is successfully verified and has a logical version greater than | 276 * is successfully verified and has a logical version greater than |
| 272 * the stored logical version. */ | 277 * the stored logical version. */ |
| 273 if (stored_lversion < firmwareB_lversion) { | 278 if (stored_lversion < firmwareB_lversion) { |
| 274 if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareB)) { | 279 if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, |
| 280 verification_headerB, |
| 281 firmwareB)) { |
| 275 WriteStoredVersion(FIRMWARE_KEY_VERSION, | 282 WriteStoredVersion(FIRMWARE_KEY_VERSION, |
| 276 (uint16_t) (min_lversion >> 16)); | 283 (uint16_t) (min_lversion >> 16)); |
| 277 WriteStoredVersion(FIRMWARE_VERSION, | 284 WriteStoredVersion(FIRMWARE_VERSION, |
| 278 (uint16_t) (min_lversion & 0x00FFFF)); | 285 (uint16_t) (min_lversion & 0x00FFFF)); |
| 279 stored_lversion = min_lversion; /* Update stored version as it's used | 286 stored_lversion = min_lversion; /* Update stored version as it's used |
| 280 * later. */ | 287 * later. */ |
| 281 } | 288 } |
| 282 } | 289 } |
| 283 } | 290 } |
| 284 /* Lock Firmware TPM rollback indices from further writes. */ | 291 /* Lock Firmware TPM rollback indices from further writes. */ |
| (...skipping 21 matching lines...) Expand all Loading... |
| 306 if (firmwareA_is_verified) { | 313 if (firmwareA_is_verified) { |
| 307 if (stored_lversion <= firmwareA_lversion) | 314 if (stored_lversion <= firmwareA_lversion) |
| 308 return BOOT_FIRMWARE_A_CONTINUE; | 315 return BOOT_FIRMWARE_A_CONTINUE; |
| 309 } else { | 316 } else { |
| 310 /* If FirmwareA was not valid, then we skipped over the | 317 /* If FirmwareA was not valid, then we skipped over the |
| 311 * check to update the rollback indices and a Verify of FirmwareB wasn't | 318 * check to update the rollback indices and a Verify of FirmwareB wasn't |
| 312 * attempted. | 319 * attempted. |
| 313 * If FirmwareB is not a rollback, then we attempt to do the verification. | 320 * If FirmwareB is not a rollback, then we attempt to do the verification. |
| 314 */ | 321 */ |
| 315 if (stored_lversion <= firmwareB_lversion && | 322 if (stored_lversion <= firmwareB_lversion && |
| 316 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, firmwareB))) | 323 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, |
| 324 verification_headerB, |
| 325 firmwareB))) |
| 317 return BOOT_FIRMWARE_B_CONTINUE; | 326 return BOOT_FIRMWARE_B_CONTINUE; |
| 318 } | 327 } |
| 319 /* D'oh: No bootable firmware. */ | 328 /* D'oh: No bootable firmware. */ |
| 320 return BOOT_FIRMWARE_RECOVERY_CONTINUE; | 329 return BOOT_FIRMWARE_RECOVERY_CONTINUE; |
| 321 } | 330 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1578035:
Change VerifyFirmware() to take separate pointers to firmware verification header and firmware data. (Closed)
