OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for generating and manipulating a verified boot kernel image. | 5 * Functions for generating and manipulating a verified boot kernel image. |
6 * (Userland portion) | 6 * (Userland portion) |
7 */ | 7 */ |
8 | 8 |
9 #include "kernel_image.h" | 9 #include "kernel_image.h" |
10 | 10 |
(...skipping 11 matching lines...) Expand all Loading... |
22 | 22 |
23 /* Macro to determine the size of a field structure in the KernelImage | 23 /* Macro to determine the size of a field structure in the KernelImage |
24 * structure. */ | 24 * structure. */ |
25 #define FIELD_LEN(field) (sizeof(((KernelImage*)0)->field)) | 25 #define FIELD_LEN(field) (sizeof(((KernelImage*)0)->field)) |
26 | 26 |
27 KernelImage* KernelImageNew(void) { | 27 KernelImage* KernelImageNew(void) { |
28 KernelImage* image = (KernelImage*) Malloc(sizeof(KernelImage)); | 28 KernelImage* image = (KernelImage*) Malloc(sizeof(KernelImage)); |
29 if (image) { | 29 if (image) { |
30 image->kernel_sign_key = NULL; | 30 image->kernel_sign_key = NULL; |
31 image->kernel_key_signature = NULL; | 31 image->kernel_key_signature = NULL; |
32 Memset(image->options.cmd_line, 0, sizeof(image->options.cmd_line)); | 32 Memset(image->kernel_config, |
| 33 0, |
| 34 sizeof(image->kernel_config)); |
33 image->config_signature = NULL; | 35 image->config_signature = NULL; |
34 image->kernel_signature = NULL; | 36 image->kernel_signature = NULL; |
35 image->kernel_data = NULL; | 37 image->kernel_data = NULL; |
36 } | 38 } |
37 return image; | 39 return image; |
38 } | 40 } |
39 | 41 |
40 void KernelImageFree(KernelImage* image) { | 42 void KernelImageFree(KernelImage* image) { |
41 if (image) { | 43 if (image) { |
42 Free(image->kernel_sign_key); | 44 Free(image->kernel_sign_key); |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
129 return NULL; | 131 return NULL; |
130 } | 132 } |
131 | 133 |
132 /* Read key signature. */ | 134 /* Read key signature. */ |
133 image->kernel_key_signature = (uint8_t*) Malloc(kernel_key_signature_len); | 135 image->kernel_key_signature = (uint8_t*) Malloc(kernel_key_signature_len); |
134 StatefulMemcpy(&st, image->kernel_key_signature, | 136 StatefulMemcpy(&st, image->kernel_key_signature, |
135 kernel_key_signature_len); | 137 kernel_key_signature_len); |
136 | 138 |
137 /* Read the kernel config. */ | 139 /* Read the kernel config. */ |
138 StatefulMemcpy(&st, &image->kernel_version, FIELD_LEN(kernel_version)); | 140 StatefulMemcpy(&st, &image->kernel_version, FIELD_LEN(kernel_version)); |
139 StatefulMemcpy(&st, &image->options.version, FIELD_LEN(options.version)); | 141 StatefulMemcpy(&st, &image->kernel_len, FIELD_LEN(kernel_len)); |
140 StatefulMemcpy(&st, &image->options.cmd_line, FIELD_LEN(options.cmd_line)); | |
141 StatefulMemcpy(&st, &image->options.kernel_len, | |
142 FIELD_LEN(options.kernel_len)); | |
143 StatefulMemcpy(&st, &image->options.kernel_load_addr, | |
144 FIELD_LEN(options.kernel_load_addr)); | |
145 StatefulMemcpy(&st, &image->options.kernel_entry_addr, | |
146 FIELD_LEN(options.kernel_entry_addr)); | |
147 | 142 |
148 /* Read kernel config signature. */ | 143 /* Read config and kernel signatures. */ |
149 image->config_signature = (uint8_t*) Malloc(kernel_signature_len); | 144 image->config_signature = (uint8_t*) Malloc(kernel_signature_len); |
150 StatefulMemcpy(&st, image->config_signature, kernel_signature_len); | 145 StatefulMemcpy(&st, image->config_signature, kernel_signature_len); |
151 | |
152 image->kernel_signature = (uint8_t*) Malloc(kernel_signature_len); | 146 image->kernel_signature = (uint8_t*) Malloc(kernel_signature_len); |
153 StatefulMemcpy(&st, image->kernel_signature, kernel_signature_len); | 147 StatefulMemcpy(&st, image->kernel_signature, kernel_signature_len); |
154 | 148 |
155 image->kernel_data = (uint8_t*) Malloc(image->options.kernel_len); | 149 /* Read kernel config command line and kernel image data. */ |
156 StatefulMemcpy(&st, image->kernel_data, image->options.kernel_len); | 150 StatefulMemcpy(&st, image->kernel_config, FIELD_LEN(kernel_config)); |
| 151 image->kernel_data = (uint8_t*) Malloc(image->kernel_len); |
| 152 StatefulMemcpy(&st, image->kernel_data, image->kernel_len); |
157 | 153 |
158 if(st.overrun || st.remaining_len != 0) { /* Overrun or underrun. */ | 154 if(st.overrun || st.remaining_len != 0) { /* Overrun or underrun. */ |
159 Free(kernel_buf); | 155 Free(kernel_buf); |
160 return NULL; | 156 return NULL; |
161 } | 157 } |
162 Free(kernel_buf); | 158 Free(kernel_buf); |
163 return image; | 159 return image; |
164 } | 160 } |
165 | 161 |
166 int GetKernelHeaderLen(const KernelImage* image) { | 162 int GetKernelHeaderLen(const KernelImage* image) { |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
215 RSAProcessedKeySize(image->kernel_sign_algorithm)); | 211 RSAProcessedKeySize(image->kernel_sign_algorithm)); |
216 StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum)); | 212 StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum)); |
217 | 213 |
218 if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */ | 214 if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */ |
219 Free(header_blob); | 215 Free(header_blob); |
220 return NULL; | 216 return NULL; |
221 } | 217 } |
222 return header_blob; | 218 return header_blob; |
223 } | 219 } |
224 | 220 |
225 int GetKernelConfigLen() { | 221 int GetKernelConfigLen(const KernelImage* image) { |
226 return (FIELD_LEN(kernel_version) + | 222 return (FIELD_LEN(kernel_version) + |
227 FIELD_LEN(options.version) + FIELD_LEN(options.cmd_line) + | 223 FIELD_LEN(kernel_len) + |
228 FIELD_LEN(options.kernel_len) + FIELD_LEN(options.kernel_load_addr) + | 224 FIELD_LEN(kernel_config)); |
229 FIELD_LEN(options.kernel_entry_addr)); | |
230 } | 225 } |
231 | 226 |
232 uint8_t* GetKernelConfigBlob(const KernelImage* image) { | 227 uint8_t* GetKernelConfigBlob(const KernelImage* image) { |
233 uint8_t* config_blob = NULL; | 228 uint8_t* config_blob = NULL; |
234 MemcpyState st; | 229 MemcpyState st; |
235 | 230 |
236 config_blob = (uint8_t*) Malloc(GetKernelConfigLen()); | 231 config_blob = (uint8_t*) Malloc(GetKernelConfigLen(image)); |
237 st.remaining_len = GetKernelConfigLen(); | 232 st.remaining_len = GetKernelConfigLen(image); |
238 st.remaining_buf = config_blob; | 233 st.remaining_buf = config_blob; |
239 st.overrun = 0; | 234 st.overrun = 0; |
240 | 235 |
241 StatefulMemcpy_r(&st, &image->kernel_version, FIELD_LEN(kernel_version)); | 236 StatefulMemcpy_r(&st, &image->kernel_version, FIELD_LEN(kernel_version)); |
242 StatefulMemcpy_r(&st, image->options.version, FIELD_LEN(options.version)); | 237 StatefulMemcpy_r(&st, &image->kernel_len, FIELD_LEN(kernel_len)); |
243 StatefulMemcpy_r(&st, image->options.cmd_line, FIELD_LEN(options.cmd_line)); | 238 StatefulMemcpy_r(&st, image->kernel_config, FIELD_LEN(kernel_config)); |
244 StatefulMemcpy_r(&st, &image->options.kernel_len, | 239 |
245 FIELD_LEN(options.kernel_len)); | |
246 StatefulMemcpy_r(&st, &image->options.kernel_load_addr, | |
247 FIELD_LEN(options.kernel_load_addr)); | |
248 StatefulMemcpy_r(&st, &image->options.kernel_entry_addr, | |
249 FIELD_LEN(options.kernel_entry_addr)); | |
250 if (st.overrun || st.remaining_len != 0) { /* Overrun or Underrun. */ | 240 if (st.overrun || st.remaining_len != 0) { /* Overrun or Underrun. */ |
251 Free(config_blob); | 241 Free(config_blob); |
252 return NULL; | 242 return NULL; |
253 } | 243 } |
254 return config_blob; | 244 return config_blob; |
255 } | 245 } |
256 | 246 |
257 uint8_t* GetKernelBlob(const KernelImage* image, uint64_t* blob_len) { | 247 uint8_t* GetKernelBlob(const KernelImage* image, uint64_t* blob_len) { |
258 int kernel_key_signature_len; | 248 int kernel_key_signature_len; |
259 int kernel_signature_len; | 249 int kernel_signature_len; |
260 uint8_t* kernel_blob = NULL; | 250 uint8_t* kernel_blob = NULL; |
261 uint8_t* header_blob = NULL; | 251 uint8_t* header_blob = NULL; |
262 uint8_t* config_blob = NULL; | |
263 MemcpyState st; | 252 MemcpyState st; |
264 | 253 |
265 if (!image) | 254 if (!image) |
266 return NULL; | 255 return NULL; |
267 kernel_key_signature_len = siglen_map[image->firmware_sign_algorithm]; | 256 kernel_key_signature_len = siglen_map[image->firmware_sign_algorithm]; |
268 kernel_signature_len = siglen_map[image->kernel_sign_algorithm]; | 257 kernel_signature_len = siglen_map[image->kernel_sign_algorithm]; |
269 *blob_len = (FIELD_LEN(magic) + | 258 *blob_len = (FIELD_LEN(magic) + |
270 GetKernelHeaderLen(image) + | 259 GetKernelHeaderLen(image) + |
271 kernel_key_signature_len + | 260 kernel_key_signature_len + |
272 GetKernelConfigLen() + | 261 GetKernelConfigLen(image) + |
273 2 * kernel_signature_len + | 262 2 * kernel_signature_len + |
274 image->options.kernel_len); | 263 image->kernel_len); |
275 kernel_blob = (uint8_t*) Malloc(*blob_len); | 264 kernel_blob = (uint8_t*) Malloc(*blob_len); |
276 st.remaining_len = *blob_len; | 265 st.remaining_len = *blob_len; |
277 st.remaining_buf = kernel_blob; | 266 st.remaining_buf = kernel_blob; |
278 st.overrun = 0; | 267 st.overrun = 0; |
279 | 268 |
280 header_blob = GetKernelHeaderBlob(image); | 269 header_blob = GetKernelHeaderBlob(image); |
281 config_blob = GetKernelConfigBlob(image); | |
282 | 270 |
283 StatefulMemcpy_r(&st, image->magic, FIELD_LEN(magic)); | 271 StatefulMemcpy_r(&st, image->magic, FIELD_LEN(magic)); |
284 StatefulMemcpy_r(&st, header_blob, GetKernelHeaderLen(image)); | 272 StatefulMemcpy_r(&st, header_blob, GetKernelHeaderLen(image)); |
285 StatefulMemcpy_r(&st, image->kernel_key_signature, kernel_key_signature_len); | 273 StatefulMemcpy_r(&st, image->kernel_key_signature, kernel_key_signature_len); |
286 StatefulMemcpy_r(&st, config_blob, GetKernelConfigLen()); | 274 /* Copy over kernel config blob (including signatures.) */ |
| 275 StatefulMemcpy_r(&st, &image->kernel_version, FIELD_LEN(kernel_version)); |
| 276 StatefulMemcpy_r(&st, &image->kernel_len, FIELD_LEN(kernel_len)); |
287 StatefulMemcpy_r(&st, image->config_signature, kernel_signature_len); | 277 StatefulMemcpy_r(&st, image->config_signature, kernel_signature_len); |
288 StatefulMemcpy_r(&st, image->kernel_signature, kernel_signature_len); | 278 StatefulMemcpy_r(&st, image->kernel_signature, kernel_signature_len); |
289 StatefulMemcpy_r(&st, image->kernel_data, image->options.kernel_len); | 279 StatefulMemcpy_r(&st, image->kernel_config, FIELD_LEN(kernel_config)); |
| 280 StatefulMemcpy_r(&st, image->kernel_data, image->kernel_len); |
290 | 281 |
291 Free(config_blob); | |
292 Free(header_blob); | 282 Free(header_blob); |
293 | 283 |
294 if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */ | 284 if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */ |
295 Free(kernel_blob); | 285 Free(kernel_blob); |
296 return NULL; | 286 return NULL; |
297 } | 287 } |
298 return kernel_blob; | 288 return kernel_blob; |
299 } | 289 } |
300 | 290 |
301 int WriteKernelImage(const char* input_file, | 291 int WriteKernelImage(const char* input_file, |
(...skipping 16 matching lines...) Expand all Loading... |
318 debug("Couldn't create kernel blob from KernelImage.\n"); | 308 debug("Couldn't create kernel blob from KernelImage.\n"); |
319 return 0; | 309 return 0; |
320 } | 310 } |
321 if (!is_only_vblock) { | 311 if (!is_only_vblock) { |
322 if (blob_len != write(fd, kernel_blob, blob_len)) { | 312 if (blob_len != write(fd, kernel_blob, blob_len)) { |
323 debug("Couldn't write Kernel Image to file: %s\n", | 313 debug("Couldn't write Kernel Image to file: %s\n", |
324 input_file); | 314 input_file); |
325 success = 0; | 315 success = 0; |
326 } | 316 } |
327 } else { | 317 } else { |
328 /* Exclude the kernel_data. */ | 318 /* Exclude kernel_config and kernel_data. */ |
329 int vblock_len = blob_len - image->options.kernel_len; | 319 int vblock_len = blob_len - (image->kernel_len + |
| 320 sizeof(image->kernel_config)); |
330 if (vblock_len != write(fd, kernel_blob, vblock_len)) { | 321 if (vblock_len != write(fd, kernel_blob, vblock_len)) { |
331 debug("Couldn't write Kernel Image Verification block to file: %s\n", | 322 debug("Couldn't write Kernel Image Verification block to file: %s\n", |
332 input_file); | 323 input_file); |
333 success = 0; | 324 success = 0; |
334 } | 325 } |
335 } | 326 } |
336 Free(kernel_blob); | 327 Free(kernel_blob); |
337 close(fd); | 328 close(fd); |
338 return success; | 329 return success; |
339 } | 330 } |
340 | 331 |
341 void PrintKernelImage(const KernelImage* image) { | 332 void PrintKernelImage(const KernelImage* image) { |
342 if (!image) | 333 if (!image) |
343 return; | 334 return; |
344 | 335 |
345 /* Print header. */ | 336 /* Print header. */ |
346 printf("Header Version = %d\n" | 337 printf("Header Version = %d\n" |
347 "Header Length = %d\n" | 338 "Header Length = %d\n" |
348 "Kernel Key Signature Algorithm = %s\n" | 339 "Kernel Key Signature Algorithm = %s\n" |
349 "Kernel Signature Algorithm = %s\n" | 340 "Kernel Signature Algorithm = %s\n" |
350 "Kernel Key Version = %d\n\n", | 341 "Kernel Key Version = %d\n\n", |
351 image->header_version, | 342 image->header_version, |
352 image->header_len, | 343 image->header_len, |
353 algo_strings[image->firmware_sign_algorithm], | 344 algo_strings[image->firmware_sign_algorithm], |
354 algo_strings[image->kernel_sign_algorithm], | 345 algo_strings[image->kernel_sign_algorithm], |
355 image->kernel_key_version); | 346 image->kernel_key_version); |
356 /* TODO(gauravsh): Output hash and key signature here? */ | 347 /* TODO(gauravsh): Output hash and key signature here? */ |
357 /* Print preamble. */ | 348 /* Print preamble. */ |
358 printf("Kernel Version = %d\n" | 349 printf("Kernel Version = %d\n" |
359 "Kernel Config Version = %d.%d\n" | |
360 "Kernel Config command line = \"%s\"\n" | 350 "Kernel Config command line = \"%s\"\n" |
361 "kernel Length = %" PRId64 "\n" | 351 "kernel Length = %" PRId64 "\n", |
362 "Kernel Load Address = %" PRId64 "\n" | |
363 "Kernel Entry Address = %" PRId64 "\n\n", | |
364 image->kernel_version, | 352 image->kernel_version, |
365 image->options.version[0], image->options.version[1], | 353 image->kernel_config, |
366 image->options.cmd_line, | 354 image->kernel_len); |
367 image->options.kernel_len, | |
368 image->options.kernel_load_addr, | |
369 image->options.kernel_entry_addr); | |
370 /* TODO(gauravsh): Output kernel signature here? */ | 355 /* TODO(gauravsh): Output kernel signature here? */ |
371 } | 356 } |
372 | 357 |
373 | 358 |
374 int VerifyKernelImage(const RSAPublicKey* firmware_key, | 359 int VerifyKernelImage(const RSAPublicKey* firmware_key, |
375 const KernelImage* image, | 360 const KernelImage* image, |
376 const int dev_mode) { | 361 const int dev_mode) { |
377 RSAPublicKey* kernel_sign_key = NULL; | 362 RSAPublicKey* kernel_sign_key = NULL; |
378 uint8_t* header_digest = NULL; | 363 uint8_t* header_digest = NULL; |
379 uint8_t* config_digest = NULL; | 364 uint8_t* config_digest = NULL; |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
429 /* Get kernel signing key to verify the rest of the kernel. */ | 414 /* Get kernel signing key to verify the rest of the kernel. */ |
430 kernel_sign_key_size = RSAProcessedKeySize(image->kernel_sign_algorithm); | 415 kernel_sign_key_size = RSAProcessedKeySize(image->kernel_sign_algorithm); |
431 kernel_sign_key = RSAPublicKeyFromBuf(image->kernel_sign_key, | 416 kernel_sign_key = RSAPublicKeyFromBuf(image->kernel_sign_key, |
432 kernel_sign_key_size); | 417 kernel_sign_key_size); |
433 kernel_signature_size = siglen_map[image->kernel_sign_algorithm]; | 418 kernel_signature_size = siglen_map[image->kernel_sign_algorithm]; |
434 | 419 |
435 /* Verify kernel config signature. */ | 420 /* Verify kernel config signature. */ |
436 DigestInit(&ctx, image->kernel_sign_algorithm); | 421 DigestInit(&ctx, image->kernel_sign_algorithm); |
437 DigestUpdate(&ctx, (uint8_t*) &image->kernel_version, | 422 DigestUpdate(&ctx, (uint8_t*) &image->kernel_version, |
438 FIELD_LEN(kernel_version)); | 423 FIELD_LEN(kernel_version)); |
439 DigestUpdate(&ctx, (uint8_t*) image->options.version, | 424 DigestUpdate(&ctx, (uint8_t*) &image->kernel_len, |
440 FIELD_LEN(options.version)); | 425 FIELD_LEN(kernel_len)); |
441 DigestUpdate(&ctx, (uint8_t*) image->options.cmd_line, | 426 DigestUpdate(&ctx, (uint8_t*) image->kernel_config, |
442 FIELD_LEN(options.cmd_line)); | 427 FIELD_LEN(kernel_config)); |
443 DigestUpdate(&ctx, (uint8_t*) &image->options.kernel_len, | |
444 FIELD_LEN(options.kernel_len)); | |
445 DigestUpdate(&ctx, (uint8_t*) &image->options.kernel_load_addr, | |
446 FIELD_LEN(options.kernel_load_addr)); | |
447 DigestUpdate(&ctx, (uint8_t*) &image->options.kernel_entry_addr, | |
448 FIELD_LEN(options.kernel_entry_addr)); | |
449 config_digest = DigestFinal(&ctx); | 428 config_digest = DigestFinal(&ctx); |
450 if (!RSAVerify(kernel_sign_key, image->config_signature, | 429 if (!RSAVerify(kernel_sign_key, image->config_signature, |
451 kernel_signature_size, image->kernel_sign_algorithm, | 430 kernel_signature_size, image->kernel_sign_algorithm, |
452 config_digest)) { | 431 config_digest)) { |
453 error_code = VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED; | 432 error_code = VERIFY_KERNEL_CONFIG_SIGNATURE_FAILED; |
454 goto verify_failure; | 433 goto verify_failure; |
455 } | 434 } |
456 | 435 |
457 /* Verify kernel signature - kernel signature is computed on the contents | 436 /* Verify kernel signature - kernel signature is computed on the contents |
458 of kernel version + kernel options + kernel_data. */ | 437 of kernel version + kernel options + kernel_data. */ |
459 DigestInit(&kernel_ctx, image->kernel_sign_algorithm); | 438 DigestInit(&kernel_ctx, image->kernel_sign_algorithm); |
460 DigestUpdate(&kernel_ctx, (uint8_t*) &image->kernel_version, | 439 DigestUpdate(&kernel_ctx, (uint8_t*) &image->kernel_version, |
461 FIELD_LEN(kernel_version)); | 440 FIELD_LEN(kernel_version)); |
462 DigestUpdate(&kernel_ctx, (uint8_t*) image->options.version, | 441 DigestUpdate(&kernel_ctx, (uint8_t*) &image->kernel_len, |
463 FIELD_LEN(options.version)); | 442 FIELD_LEN(kernel_len)); |
464 DigestUpdate(&kernel_ctx, (uint8_t*) image->options.cmd_line, | 443 DigestUpdate(&kernel_ctx, (uint8_t*) image->kernel_config, |
465 FIELD_LEN(options.cmd_line)); | 444 FIELD_LEN(kernel_config)); |
466 DigestUpdate(&kernel_ctx, (uint8_t*) &image->options.kernel_len, | 445 DigestUpdate(&kernel_ctx, image->kernel_data, image->kernel_len); |
467 FIELD_LEN(options.kernel_len)); | |
468 DigestUpdate(&kernel_ctx, (uint8_t*) &image->options.kernel_load_addr, | |
469 FIELD_LEN(options.kernel_load_addr)); | |
470 DigestUpdate(&kernel_ctx, (uint8_t*) &image->options.kernel_entry_addr, | |
471 FIELD_LEN(options.kernel_entry_addr)); | |
472 DigestUpdate(&kernel_ctx, image->kernel_data, image->options.kernel_len); | |
473 kernel_digest = DigestFinal(&kernel_ctx); | 446 kernel_digest = DigestFinal(&kernel_ctx); |
474 if (!RSAVerify(kernel_sign_key, image->kernel_signature, | 447 if (!RSAVerify(kernel_sign_key, image->kernel_signature, |
475 kernel_signature_size, image->kernel_sign_algorithm, | 448 kernel_signature_size, image->kernel_sign_algorithm, |
476 kernel_digest)) { | 449 kernel_digest)) { |
477 error_code = VERIFY_KERNEL_SIGNATURE_FAILED; | 450 error_code = VERIFY_KERNEL_SIGNATURE_FAILED; |
478 goto verify_failure; | 451 goto verify_failure; |
479 } | 452 } |
480 | 453 |
481 verify_failure: | 454 verify_failure: |
482 RSAPublicKeyFree(kernel_sign_key); | 455 RSAPublicKeyFree(kernel_sign_key); |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
516 int AddKernelSignature(KernelImage* image, | 489 int AddKernelSignature(KernelImage* image, |
517 const char* kernel_signing_key_file) { | 490 const char* kernel_signing_key_file) { |
518 uint8_t* config_blob = NULL; | 491 uint8_t* config_blob = NULL; |
519 uint8_t* config_signature = NULL; | 492 uint8_t* config_signature = NULL; |
520 uint8_t* kernel_signature = NULL; | 493 uint8_t* kernel_signature = NULL; |
521 uint8_t* kernel_buf; | 494 uint8_t* kernel_buf; |
522 int signature_len = siglen_map[image->kernel_sign_algorithm]; | 495 int signature_len = siglen_map[image->kernel_sign_algorithm]; |
523 | 496 |
524 config_blob = GetKernelConfigBlob(image); | 497 config_blob = GetKernelConfigBlob(image); |
525 if (!(config_signature = SignatureBuf(config_blob, | 498 if (!(config_signature = SignatureBuf(config_blob, |
526 GetKernelConfigLen(), | 499 GetKernelConfigLen(image), |
527 kernel_signing_key_file, | 500 kernel_signing_key_file, |
528 image->kernel_sign_algorithm))) { | 501 image->kernel_sign_algorithm))) { |
529 debug("Could not compute signature on the kernel config.\n"); | 502 debug("Could not compute signature on the kernel config.\n"); |
530 Free(config_blob); | 503 Free(config_blob); |
531 return 0; | 504 return 0; |
532 } | 505 } |
533 | 506 |
534 image->config_signature = (uint8_t*) Malloc(signature_len); | 507 image->config_signature = (uint8_t*) Malloc(signature_len); |
535 Memcpy(image->config_signature, config_signature, signature_len); | 508 Memcpy(image->config_signature, config_signature, signature_len); |
536 Free(config_signature); | 509 Free(config_signature); |
537 /* Kernel signature muse be calculated on the kernel version, options and | 510 /* Kernel signature muse be calculated on the kernel version, options and |
538 * kernel data to avoid splicing attacks. */ | 511 * kernel data to avoid splicing attacks. */ |
539 kernel_buf = (uint8_t*) Malloc(GetKernelConfigLen() + | 512 kernel_buf = (uint8_t*) Malloc(GetKernelConfigLen(image) + |
540 image->options.kernel_len); | 513 image->kernel_len); |
541 Memcpy(kernel_buf, config_blob, GetKernelConfigLen()); | 514 Memcpy(kernel_buf, config_blob, GetKernelConfigLen(image)); |
542 Memcpy(kernel_buf + GetKernelConfigLen(), image->kernel_data, | 515 Memcpy(kernel_buf + GetKernelConfigLen(image), image->kernel_data, |
543 image->options.kernel_len); | 516 image->kernel_len); |
544 if (!(kernel_signature = SignatureBuf(kernel_buf, | 517 if (!(kernel_signature = SignatureBuf(kernel_buf, |
545 GetKernelConfigLen() + | 518 GetKernelConfigLen(image) + |
546 image->options.kernel_len, | 519 image->kernel_len, |
547 kernel_signing_key_file, | 520 kernel_signing_key_file, |
548 image->kernel_sign_algorithm))) { | 521 image->kernel_sign_algorithm))) { |
549 Free(config_blob); | 522 Free(config_blob); |
550 Free(kernel_buf); | 523 Free(kernel_buf); |
551 debug("Could not compute signature on the kernel.\n"); | 524 debug("Could not compute signature on the kernel.\n"); |
552 return 0; | 525 return 0; |
553 } | 526 } |
554 image->kernel_signature = (uint8_t*) Malloc(signature_len); | 527 image->kernel_signature = (uint8_t*) Malloc(signature_len); |
555 Memcpy(image->kernel_signature, kernel_signature, signature_len); | 528 Memcpy(image->kernel_signature, kernel_signature, signature_len); |
556 Free(kernel_signature); | 529 Free(kernel_signature); |
557 Free(kernel_buf); | 530 Free(kernel_buf); |
558 Free(config_blob); | 531 Free(config_blob); |
559 return 1; | 532 return 1; |
560 } | 533 } |
561 | 534 |
562 void PrintKernelEntry(kernel_entry* entry) { | 535 void PrintKernelEntry(kernel_entry* entry) { |
563 debug("Boot Priority = %d\n", entry->boot_priority); | 536 debug("Boot Priority = %d\n", entry->boot_priority); |
564 debug("Boot Tries Remaining = %d\n", entry->boot_tries_remaining); | 537 debug("Boot Tries Remaining = %d\n", entry->boot_tries_remaining); |
565 debug("Boot Success Flag = %d\n", entry->boot_success_flag); | 538 debug("Boot Success Flag = %d\n", entry->boot_success_flag); |
566 } | 539 } |
OLD | NEW |