| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // Utility for manipulating verified boot kernel images. | 5 // Utility for manipulating verified boot kernel images. |
| 6 // | 6 // |
| 7 | 7 |
| 8 #include "kernel_utility.h" | 8 #include "kernel_utility.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 73 "--config <file>\t\t\tPopulate contents of kernel config from a file\n" | 73 "--config <file>\t\t\tPopulate contents of kernel config from a file\n" |
| 74 "--vblock\t\t\tJust output the verification block\n\n" | 74 "--vblock\t\t\tJust output the verification block\n\n" |
| 75 "<algoid> (for --*_sign_algorithm) is one of the following:\n"; | 75 "<algoid> (for --*_sign_algorithm) is one of the following:\n"; |
| 76 for (int i = 0; i < kNumAlgorithms; i++) { | 76 for (int i = 0; i < kNumAlgorithms; i++) { |
| 77 cerr << i << " for " << algo_strings[i] << "\n"; | 77 cerr << i << " for " << algo_strings[i] << "\n"; |
| 78 } | 78 } |
| 79 cerr << "\n\n"; | 79 cerr << "\n\n"; |
| 80 } | 80 } |
| 81 | 81 |
| 82 bool KernelUtility::ParseCmdLineOptions(int argc, char* argv[]) { | 82 bool KernelUtility::ParseCmdLineOptions(int argc, char* argv[]) { |
| 83 int option_index; | 83 int option_index, i; |
| 84 enum { |
| 85 OPT_FIRMWARE_KEY = 1000, |
| 86 OPT_FIRMWARE_KEY_PUB, |
| 87 OPT_KERNEL_KEY, |
| 88 OPT_KERNEL_KEY_PUB, |
| 89 OPT_FIRMWARE_SIGN_ALGORITHM, |
| 90 OPT_KERNEL_SIGN_ALGORITHM, |
| 91 OPT_KERNEL_KEY_VERSION, |
| 92 OPT_KERNEL_VERSION, |
| 93 OPT_IN, |
| 94 OPT_OUT, |
| 95 OPT_GENERATE, |
| 96 OPT_VERIFY, |
| 97 OPT_DESCRIBE, |
| 98 OPT_CONFIG, |
| 99 OPT_VBLOCK, |
| 100 }; |
| 84 static struct option long_options[] = { | 101 static struct option long_options[] = { |
| 85 {"firmware_key", 1, 0, 0}, | 102 {"firmware_key", 1, 0, OPT_FIRMWARE_KEY }, |
| 86 {"firmware_key_pub", 1, 0, 0}, | 103 {"firmware_key_pub", 1, 0, OPT_FIRMWARE_KEY_PUB }, |
| 87 {"kernel_key", 1, 0, 0}, | 104 {"kernel_key", 1, 0, OPT_KERNEL_KEY }, |
| 88 {"kernel_key_pub", 1, 0, 0}, | 105 {"kernel_key_pub", 1, 0, OPT_KERNEL_KEY_PUB }, |
| 89 {"firmware_sign_algorithm", 1, 0, 0}, | 106 {"firmware_sign_algorithm", 1, 0, OPT_FIRMWARE_SIGN_ALGORITHM }, |
| 90 {"kernel_sign_algorithm", 1, 0, 0}, | 107 {"kernel_sign_algorithm", 1, 0, OPT_KERNEL_SIGN_ALGORITHM }, |
| 91 {"kernel_key_version", 1, 0, 0}, | 108 {"kernel_key_version", 1, 0, OPT_KERNEL_KEY_VERSION }, |
| 92 {"kernel_version", 1, 0, 0}, | 109 {"kernel_version", 1, 0, OPT_KERNEL_VERSION }, |
| 93 {"in", 1, 0, 0}, | 110 {"in", 1, 0, OPT_IN }, |
| 94 {"out", 1, 0, 0}, | 111 {"out", 1, 0, OPT_OUT }, |
| 95 {"generate", 0, 0, 0}, | 112 {"generate", 0, 0, OPT_GENERATE }, |
| 96 {"verify", 0, 0, 0}, | 113 {"verify", 0, 0, OPT_VERIFY }, |
| 97 {"describe", 0, 0, 0}, | 114 {"describe", 0, 0, OPT_DESCRIBE }, |
| 98 {"config", 1, 0, 0}, | 115 {"config", 1, 0, OPT_CONFIG }, |
| 99 {"vblock", 0, 0, 0}, | 116 {"vblock", 0, 0, OPT_VBLOCK }, |
| 100 {NULL, 0, 0, 0} | 117 {NULL, 0, 0, 0} |
| 101 }; | 118 }; |
| 102 while (1) { | 119 while ((i = getopt_long(argc, argv, "", long_options, &option_index)) != -1) { |
| 103 int i = getopt_long(argc, argv, "", long_options, &option_index); | 120 switch (i) { |
| 104 if (-1 == i) // Done with option processing. | 121 case '?': |
| 122 return false; |
| 105 break; | 123 break; |
| 106 if ('?' == i) // Invalid option found. | 124 case OPT_FIRMWARE_KEY: |
| 107 return false; | 125 firmware_key_file_ = optarg; |
| 108 | 126 break; |
| 109 if (0 == i) { | 127 case OPT_FIRMWARE_KEY_PUB: |
| 110 switch (option_index) { | 128 firmware_key_pub_file_ = optarg; |
| 111 case 0: // firmware_key | 129 break; |
| 112 firmware_key_file_ = optarg; | 130 case OPT_KERNEL_KEY: |
| 113 break; | 131 kernel_key_file_ = optarg; |
| 114 case 1: // firmware_key_pub | 132 break; |
| 115 firmware_key_pub_file_ = optarg; | 133 case OPT_KERNEL_KEY_PUB: |
| 116 break; | 134 kernel_key_pub_file_ = optarg; |
| 117 case 2: // kernel_key | 135 break; |
| 118 kernel_key_file_ = optarg; | 136 case OPT_FIRMWARE_SIGN_ALGORITHM: |
| 119 break; | 137 errno = 0; // strtol() returns an error via errno |
| 120 case 3: // kernel_key_pub | 138 firmware_sign_algorithm_ = strtol(optarg, |
| 121 kernel_key_pub_file_ = optarg; | 139 reinterpret_cast<char**>(NULL), 10); |
| 122 break; | 140 if (errno) |
| 123 case 4: // firmware_sign_algorithm | 141 return false; |
| 124 errno = 0; // strtol() returns an error via errno | 142 break; |
| 125 firmware_sign_algorithm_ = strtol(optarg, | 143 case OPT_KERNEL_SIGN_ALGORITHM: |
| 126 reinterpret_cast<char**>(NULL), 10); | 144 errno = 0; |
| 127 if (errno) | 145 kernel_sign_algorithm_ = strtol(optarg, |
| 128 return false; | 146 reinterpret_cast<char**>(NULL), 10); |
| 129 break; | 147 if (errno) |
| 130 case 5: // kernel_sign_algorithm | 148 return false; |
| 131 errno = 0; | 149 break; |
| 132 kernel_sign_algorithm_ = strtol(optarg, | 150 case OPT_KERNEL_KEY_VERSION: |
| 133 reinterpret_cast<char**>(NULL), 10); | 151 errno = 0; |
| 134 if (errno) | 152 kernel_key_version_ = strtol(optarg, |
| 135 return false; | |
| 136 break; | |
| 137 case 6: // kernel_key_version | |
| 138 errno = 0; | |
| 139 kernel_key_version_ = strtol(optarg, | |
| 140 reinterpret_cast<char**>(NULL), 10); | |
| 141 if (errno) | |
| 142 return false; | |
| 143 break; | |
| 144 case 7: // kernel_version | |
| 145 errno = 0; | |
| 146 kernel_version_ = strtol(optarg, | |
| 147 reinterpret_cast<char**>(NULL), 10); | 153 reinterpret_cast<char**>(NULL), 10); |
| 148 if (errno) | 154 if (errno) |
| 149 return false; | 155 return false; |
| 150 break; | 156 break; |
| 151 case 8: // in | 157 case OPT_KERNEL_VERSION: |
| 152 in_file_ = optarg; | 158 errno = 0; |
| 153 break; | 159 kernel_version_ = strtol(optarg, |
| 154 case 9: // out | 160 reinterpret_cast<char**>(NULL), 10); |
| 155 out_file_ = optarg; | 161 if (errno) |
| 156 break; | 162 return false; |
| 157 case 10: // generate | 163 break; |
| 158 is_generate_ = true; | 164 case OPT_IN: |
| 159 break; | 165 in_file_ = optarg; |
| 160 case 11: // verify | 166 break; |
| 161 is_verify_ = true; | 167 case OPT_OUT: |
| 162 break; | 168 out_file_ = optarg; |
| 163 case 12: // describe | 169 break; |
| 164 is_describe_ = true; | 170 case OPT_GENERATE: |
| 165 break; | 171 is_generate_ = true; |
| 166 case 13: // config | 172 break; |
| 167 config_file_ = optarg; | 173 case OPT_VERIFY: |
| 168 break; | 174 is_verify_ = true; |
| 169 case 14: // vblock | 175 break; |
| 170 is_only_vblock_ = true; | 176 case OPT_DESCRIBE: |
| 171 break; | 177 is_describe_ = true; |
| 172 } | 178 break; |
| 179 case OPT_CONFIG: |
| 180 config_file_ = optarg; |
| 181 break; |
| 182 case OPT_VBLOCK: |
| 183 is_only_vblock_ = true; |
| 184 break; |
| 173 } | 185 } |
| 174 } | 186 } |
| 175 return CheckOptions(); | 187 return CheckOptions(); |
| 176 } | 188 } |
| 177 | 189 |
| 178 void KernelUtility::OutputSignedImage(void) { | 190 void KernelUtility::OutputSignedImage(void) { |
| 179 if (image_) { | 191 if (image_) { |
| 180 if (!WriteKernelImage(out_file_.c_str(), image_, is_only_vblock_)) { | 192 if (!WriteKernelImage(out_file_.c_str(), image_, is_only_vblock_)) { |
| 181 cerr << "Couldn't write verified boot kernel image to file " | 193 cerr << "Couldn't write verified boot kernel image to file " |
| 182 << out_file_ <<".\n"; | 194 << out_file_ <<".\n"; |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 225 return false; | 237 return false; |
| 226 } | 238 } |
| 227 Memcpy(image_->kernel_config, | 239 Memcpy(image_->kernel_config, |
| 228 kernel_config_, len); | 240 kernel_config_, len); |
| 229 } else { | 241 } else { |
| 230 Memset(image_->kernel_config, 0, | 242 Memset(image_->kernel_config, 0, |
| 231 sizeof(image_->kernel_config)); | 243 sizeof(image_->kernel_config)); |
| 232 } | 244 } |
| 233 image_->kernel_data = BufferFromFile(in_file_.c_str(), | 245 image_->kernel_data = BufferFromFile(in_file_.c_str(), |
| 234 &image_->kernel_len); | 246 &image_->kernel_len); |
| 235 if (!image_) | 247 if (!image_->kernel_data) |
| 236 return false; | 248 return false; |
| 237 // Generate and add the signatures. | 249 // Generate and add the signatures. |
| 238 if (!AddKernelKeySignature(image_, firmware_key_file_.c_str())) { | 250 if (!AddKernelKeySignature(image_, firmware_key_file_.c_str())) { |
| 239 cerr << "Couldn't write key signature to verified boot kernel image.\n"; | 251 cerr << "Couldn't write key signature to verified boot kernel image.\n"; |
| 240 return false; | 252 return false; |
| 241 } | 253 } |
| 242 | 254 |
| 243 if (!AddKernelSignature(image_, kernel_key_file_.c_str())) { | 255 if (!AddKernelSignature(image_, kernel_key_file_.c_str())) { |
| 244 cerr << "Couldn't write firmware signature to verified boot kernel image.\n"
; | 256 cerr << "Couldn't write firmware signature to verified boot kernel image.\n"
; |
| 245 return false; | 257 return false; |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 344 } | 356 } |
| 345 else if (ku.is_verify()) { | 357 else if (ku.is_verify()) { |
| 346 cerr << "Verification "; | 358 cerr << "Verification "; |
| 347 if (ku.VerifySignedImage()) | 359 if (ku.VerifySignedImage()) |
| 348 cerr << "SUCCESS.\n"; | 360 cerr << "SUCCESS.\n"; |
| 349 else | 361 else |
| 350 cerr << "FAILURE.\n"; | 362 cerr << "FAILURE.\n"; |
| 351 } | 363 } |
| 352 return 0; | 364 return 0; |
| 353 } | 365 } |
| OLD | NEW |
|---|
Chromium Code Reviews
