VBoot Reference: Make kernel_config a 4K byte block, and move it after the verified boot block.

src/platform/vboot_reference/utility/kernel_utility.cc

 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // Utility for manipulating verified boot kernel images.
 //
 
 #include "kernel_utility.h"
 
 #include <errno.h>
@@ skipping 17 matching lines @@
 
 namespace vboot_reference {
 
 KernelUtility::KernelUtility(): image_(NULL),
                                 firmware_key_pub_(NULL),
                                 header_version_(1),
                                 firmware_sign_algorithm_(-1),
                                 kernel_sign_algorithm_(-1),
                                 kernel_key_version_(-1),
                                 kernel_version_(-1),
-                                cmd_line_(NULL),
+                                kernel_len_(0),
+                                kernel_config_(NULL),
                                 is_generate_(false),
                                 is_verify_(false),
                                 is_describe_(false),
                                 is_only_vblock_(false) {
-  // Populate kernel config options with defaults.
-  options_.version[0] = 1;
-  options_.version[1] = 0;
-  options_.kernel_len = 0;
-  options_.kernel_load_addr = 0;
-  options_.kernel_entry_addr = 0;
 }
 
 KernelUtility::~KernelUtility() {
-  Free(cmd_line_);
+  Free(kernel_config_);
   RSAPublicKeyFree(firmware_key_pub_);
   KernelImageFree(image_);
 }
 
 void KernelUtility::PrintUsage(void) {
   cerr <<
       "Utility to generate/verify/describe a verified boot kernel image\n\n"
       "Usage: kernel_utility <--generate|--verify|--describe> [OPTIONS]\n\n"
       "For \"--verify\",  required OPTIONS are:\n"
       "--in <infile>\t\t\tVerified boot kernel image to verify.\n"
       "--firmware_key_pub <pubkeyfile>\tPre-processed public firmware key "
       "to use for verification.\n\n"
       "For \"--generate\", required OPTIONS are:\n"
       "--firmware_key <privkeyfile>\tPrivate firmware signing key file\n"
       "--kernel_key <privkeyfile>\tPrivate kernel signing key file\n"
       "--kernel_key_pub <pubkeyfile>\tPre-processed public kernel signing"
       " key\n"
       "--firmware_sign_algorithm <algoid>\tSigning algorithm used by "
       "the firmware\n"
       "--kernel_sign_algorithm <algoid>\tSigning algorithm to use for kernel\n"
       "--kernel_key_version <version#>\tKernel signing Key Version#\n"
       "--kernel_version <version#>\tKernel Version#\n"
       "--in <infile>\t\tKernel Image to sign\n"
       "--out <outfile>\t\tOutput file for verified boot Kernel image\n\n"
       "Optional arguments for \"--generate\" include:\n"
       "--config <file>\t\t\tPopulate contents of kernel config from a file\n"
-      "--config_version <version>\n"
-      "--kernel_load_addr <addr>\n"
-      "--kernel_entry_addr <addr>\n"
       "--vblock\t\t\tJust output the verification block\n\n"
       "<algoid> (for --*_sign_algorithm) is one of the following:\n";
   for (int i = 0; i < kNumAlgorithms; i++) {
     cerr << i << " for " << algo_strings[i] << "\n";
   }
   cerr << "\n\n";
 }
 
 bool KernelUtility::ParseCmdLineOptions(int argc, char* argv[]) {
   int option_index;
   static struct option long_options[] = {
     {"firmware_key", 1, 0, 0},
     {"firmware_key_pub", 1, 0, 0},
     {"kernel_key", 1, 0, 0},
     {"kernel_key_pub", 1, 0, 0},
     {"firmware_sign_algorithm", 1, 0, 0},
     {"kernel_sign_algorithm", 1, 0, 0},
     {"kernel_key_version", 1, 0, 0},
     {"kernel_version", 1, 0, 0},
     {"in", 1, 0, 0},
     {"out", 1, 0, 0},
     {"generate", 0, 0, 0},
     {"verify", 0, 0, 0},
-    {"config_version", 1, 0, 0},
-    {"kernel_load_addr", 1, 0, 0},
-    {"kernel_entry_addr", 1, 0, 0},
     {"describe", 0, 0, 0},
     {"config", 1, 0, 0},
     {"vblock", 0, 0, 0},
     {NULL, 0, 0, 0}
   };
   while (1) {
     int i = getopt_long(argc, argv, "", long_options, &option_index);
     if (-1 == i)  // Done with option processing.
       break;
     if ('?' == i)  // Invalid option found.
@@ skipping 46 matching lines @@
           break;
         case 9:  // out
           out_file_ = optarg;
           break;
         case 10:  // generate
           is_generate_ = true;
           break;
         case 11:  // verify
           is_verify_ = true;
           break;
-        case 12:  // config_version
-          if (2 != sscanf(optarg, "%d.%d", &options_.version[0],
-                          &options_.version[1]))
-            return false;
-          break;
-        case 13:  // kernel_load_addr
-          errno = 0;
-          options_.kernel_load_addr =
-              strtol(optarg, reinterpret_cast<char**>(NULL), 10);
-          if (errno)
-            return false;
-          break;
-        case 14:  // kernel_entry_addr
-          errno = 0;
-          options_.kernel_entry_addr =
-              strtol(optarg, reinterpret_cast<char**>(NULL), 10);
-          if (errno)
-            return false;
-          break;
-        case 15:  // describe
+        case 12:  // describe
           is_describe_ = true;
           break;
-        case 16:  // config
+        case 13:  // config
           config_file_ = optarg;
           break;
-        case 17:  // vblock
+        case 14:  // vblock
           is_only_vblock_ = true;
           break;
       }
     }
   }
   return CheckOptions();
 }
 
 void KernelUtility::OutputSignedImage(void) {
   if (image_) {
@@ skipping 31 matching lines @@
     return false;
   image_->kernel_key_version = kernel_key_version_;
 
   // Update header length.
   image_->header_len = GetKernelHeaderLen(image_);
 
   // Calculate header checksum.
   CalculateKernelHeaderChecksum(image_, image_->header_checksum);
 
   image_->kernel_version = kernel_version_;
-  image_->options.version[0] = options_.version[0];
-  image_->options.version[1] = options_.version[1];
   if (!config_file_.empty()) {
-    cmd_line_ = BufferFromFile(config_file_.c_str(), &len);
-    if (len >= sizeof(image_->options.cmd_line)) {
+    kernel_config_ = BufferFromFile(config_file_.c_str(), &len);
+    if (len >= sizeof(image_->kernel_config)) {
       cerr << "Input kernel config file is too big!";
       return false;
     }
-    Memcpy(image_->options.cmd_line, cmd_line_, len);
+    Memcpy(image_->kernel_config,
+           kernel_config_, len);
   } else {
-    Memset(image_->options.cmd_line, 0, sizeof(image_->options.cmd_line));
+    Memset(image_->kernel_config, 0,
+           sizeof(image_->kernel_config));
   }
-  image_->options.kernel_load_addr = options_.kernel_load_addr;
-  image_->options.kernel_entry_addr = options_.kernel_entry_addr;
   image_->kernel_data = BufferFromFile(in_file_.c_str(),
-                                       &image_->options.kernel_len);
+                                       &image_->kernel_len);
   if (!image_)
     return false;
   // Generate and add the signatures.
   if (!AddKernelKeySignature(image_, firmware_key_file_.c_str())) {
     cerr << "Couldn't write key signature to verified boot kernel image.\n";
     return false;
   }
 
   if (!AddKernelSignature(image_, kernel_key_file_.c_str())) {
     cerr << "Couldn't write firmware signature to verified boot kernel image.\n";
@@ skipping 99 matching lines @@
   }
   else if (ku.is_verify()) {
     cerr << "Verification ";
     if (ku.VerifySignedImage())
       cerr << "SUCCESS.\n";
     else
       cerr << "FAILURE.\n";
   }
   return 0;
 }