VBoot Reference: Make kernel_config a 4K byte block, and move it after the verified boot block.

src/platform/vboot_reference/vkernel/include/kernel_image_fw.h

 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Data structure and API definitions for a verified boot kernel image.
  * (Firmware Portion)
  */
 
 #ifndef VBOOT_REFERENCE_KERNEL_IMAGE_FW_H_
 #define VBOOT_REFERENCE_KERNEL_IMAGE_FW_H_
 
 #include <stdint.h>
 
 #include "cryptolib.h"
 
 #define KERNEL_MAGIC "CHROMEOS"
 #define KERNEL_MAGIC_SIZE 8
-#define KERNEL_CMD_LINE_SIZE 4096
+#define KERNEL_CONFIG_SIZE 4096
 
 #define DEV_MODE_ENABLED 1
 #define DEV_MODE_DISABLED 0
 
-/* Kernel config file options according to the Chrome OS drive map design. */
-typedef struct kconfig_options {
-  uint32_t version[2];  /* Configuration file version. */
-  uint8_t cmd_line[KERNEL_CMD_LINE_SIZE];  /* Kernel command line option string
-                                            * terminated by a NULL character. */
-  uint64_t kernel_len;  /* Size of the kernel. */
-  uint64_t kernel_load_addr;  /* Load address in memory for the kernel image */
-  uint64_t kernel_entry_addr;  /* Address to jump to after kernel is loaded. */
-} kconfig_options;
-
 typedef struct KernelImage {
   uint8_t magic[KERNEL_MAGIC_SIZE];
   /* Key header */
   uint16_t header_version;  /* Header version. */
   uint16_t header_len;  /* Length of the header. */
   uint16_t firmware_sign_algorithm;  /* Signature algorithm used by the firmware
                                       * signing key (used to sign this kernel
                                       * header. */
   uint16_t kernel_sign_algorithm;  /* Signature algorithm used by the kernel
                                     * signing key. */
   uint16_t kernel_key_version;  /* Key Version# for preventing rollbacks. */
   uint8_t* kernel_sign_key;  /* Pre-processed public half of signing key. */
   /* TODO(gauravsh): Do we need a choice of digest algorithms for the header
    * checksum? */
   uint8_t header_checksum[SHA512_DIGEST_SIZE];  /* SHA-512 Crytographic hash of
                                                  * the concatenation of the
                                                  * header fields, i.e.
                                                  * [header_len,
                                                  * firmware_sign_algorithm,
                                                  * sign_algorithm, sign_key,
                                                  * key_version] */
 
   uint8_t* kernel_key_signature;   /* Signature of the header above. */
 
   uint16_t kernel_version;  /* Kernel Version# for preventing rollbacks. */
-  kconfig_options options;  /* Other kernel/bootloader options. */
-
-  uint8_t* config_signature;  /* Signature of the kernel config file. */
-
+  uint64_t kernel_len;  /* Length of the actual kernel image. */
+  uint8_t* config_signature;  /* Signature on the concatenation of
+                               * [kernel_version], [kernel_len] and
+                               * [kernel_config]. */
   /* The kernel signature comes first as it may allow us to parallelize
    * the kernel data fetch and RSA public key operation.
    */
   uint8_t* kernel_signature;  /* Signature on the concatenation of
-                               * [kernel_version], [options] and
-                               * [kernel_data]. */
+                               * [kernel_version], [kernel_len], [kernel_config]
+                               * and [kernel_data]. */
+  /* The kernel config string is stored right before the kernel image data for
+   * easy mapping while loading into the memory. */
+  uint8_t kernel_config[KERNEL_CONFIG_SIZE];  /* Kernel Config command line. */
   uint8_t* kernel_data;  /* Actual kernel data. */
 
 } KernelImage;
 
 /* Error Codes for VerifyFirmware. */
 #define VERIFY_KERNEL_SUCCESS 0
 #define VERIFY_KERNEL_INVALID_IMAGE 1
 #define VERIFY_KERNEL_KEY_SIGNATURE_FAILED 2
 #define VERIFY_KERNEL_INVALID_ALGORITHM 3
 #define VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED 4
 #define VERIFY_KERNEL_SIGNATURE_FAILED 5
 #define VERIFY_KERNEL_WRONG_MAGIC 6
 #define VERIFY_KERNEL_MAX 7  /* Generic catch-all. */
 
 extern char* kVerifyKernelErrors[VERIFY_KERNEL_MAX];
 
+/* Returns the length of the Kernel Verified Boot header excluding
+ * [kernel_config] and [kernel_data].
+ *
+ * This is always non-zero, so a return value of 0 signifies an error.
+ */
+uint64_t GetVBlockHeaderSize(const uint8_t* vkernel_blob);
+
 /* Checks for the sanity of the kernel header pointed by [kernel_header_blob].
  * If [dev_mode] is enabled, also checks the firmware key signature using the
  * pre-processed public firmware signing  key [firmware_sign_key_blob].
  *
  * On success, put firmware signature algorithm in [firmware_algorithm],
  * kernel signature algorithm in [kernel_algorithm], kernel header
  * length in [header_len], and return 0.
  * Else, return error code on failure.
  */
 int VerifyKernelHeader(const uint8_t* firmware_sign_key_blob,
@@ skipping 80 matching lines @@
  * BOOT_KERNEL_A_CONTINUE          Boot from Kenrel A
  * BOOT_KERNEL_B_CONTINUE          Boot from Kernel B
  * BOOT_KERNEL_RECOVERY_CONTINUE   Jump to recovery mode
  */
 int VerifyKernelDriver_f(uint8_t* firmware_key_blob,
                          kernel_entry* kernelA,
                          kernel_entry* kernelB,
                          int dev_mode);
 
 #endif  /* VBOOT_REFERENCE_KERNEL_IMAGE_FW_H_ */