| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // Utility for manipulating verified boot kernel images. | 5 // Utility for manipulating verified boot kernel images. |
| 6 // | 6 // |
| 7 | 7 |
| 8 #include "kernel_utility.h" | 8 #include "kernel_utility.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 69 " --firmware_sign_algorithm <algoid>\tSigning algorithm for firmware\n" | 69 " --firmware_sign_algorithm <algoid>\tSigning algorithm for firmware\n" |
| 70 " --kernel_sign_algorithm <algoid>\tSigning algorithm for kernel\n" | 70 " --kernel_sign_algorithm <algoid>\tSigning algorithm for kernel\n" |
| 71 " --kernel_key_version <number>\t\tKernel signing key version number\n" | 71 " --kernel_key_version <number>\t\tKernel signing key version number\n" |
| 72 " --kernel_version <number>\t\tKernel Version number\n" | 72 " --kernel_version <number>\t\tKernel Version number\n" |
| 73 " --config <file>\t\t\tEmbedded kernel command-line parameters\n" | 73 " --config <file>\t\t\tEmbedded kernel command-line parameters\n" |
| 74 " --bootloader <file>\t\t\tEmbedded bootloader stub\n" | 74 " --bootloader <file>\t\t\tEmbedded bootloader stub\n" |
| 75 " --vmlinuz <file>\t\t\tEmbedded kernel image\n" | 75 " --vmlinuz <file>\t\t\tEmbedded kernel image\n" |
| 76 " --out <outfile>\t\t\tOutput file for verified boot image\n" | 76 " --out <outfile>\t\t\tOutput file for verified boot image\n" |
| 77 "\n" | 77 "\n" |
| 78 "Optional arguments for \"--generate\" are:\n" | 78 "Optional arguments for \"--generate\" are:\n" |
| 79 " --padding <size>\t\t\tPad the header to this size\n" |
| 80 " --subkey_out\t\t\t\tJust output the subkey (key verification) header\n" |
| 79 " --vblock\t\t\t\tJust output the verification block\n" | 81 " --vblock\t\t\t\tJust output the verification block\n" |
| 80 " --padding\t\t\t\tPad the header to this size\n" | |
| 81 "\n" | 82 "\n" |
| 82 "<algoid> (for --*_sign_algorithm) is one of the following:\n"; | 83 "<algoid> (for --*_sign_algorithm) is one of the following:\n"; |
| 83 for (int i = 0; i < kNumAlgorithms; i++) { | 84 for (int i = 0; i < kNumAlgorithms; i++) { |
| 84 cerr << " " << i << " for " << algo_strings[i] << "\n"; | 85 cerr << " " << i << " for " << algo_strings[i] << "\n"; |
| 85 } | 86 } |
| 86 cerr << "\n\n"; | 87 cerr << "\n\n"; |
| 87 } | 88 } |
| 88 | 89 |
| 89 bool KernelUtility::ParseCmdLineOptions(int argc, char* argv[]) { | 90 bool KernelUtility::ParseCmdLineOptions(int argc, char* argv[]) { |
| 90 int option_index, i; | 91 int option_index, i; |
| (...skipping 10 matching lines...) Expand all Loading... |
| 101 OPT_IN, | 102 OPT_IN, |
| 102 OPT_OUT, | 103 OPT_OUT, |
| 103 OPT_GENERATE, | 104 OPT_GENERATE, |
| 104 OPT_VERIFY, | 105 OPT_VERIFY, |
| 105 OPT_DESCRIBE, | 106 OPT_DESCRIBE, |
| 106 OPT_VBLOCK, | 107 OPT_VBLOCK, |
| 107 OPT_BOOTLOADER, | 108 OPT_BOOTLOADER, |
| 108 OPT_VMLINUZ, | 109 OPT_VMLINUZ, |
| 109 OPT_CONFIG, | 110 OPT_CONFIG, |
| 110 OPT_PADDING, | 111 OPT_PADDING, |
| 112 OPT_SUBKEY, |
| 111 }; | 113 }; |
| 112 static struct option long_options[] = { | 114 static struct option long_options[] = { |
| 113 {"firmware_key", 1, 0, OPT_FIRMWARE_KEY }, | 115 {"firmware_key", 1, 0, OPT_FIRMWARE_KEY }, |
| 114 {"firmware_key_pub", 1, 0, OPT_FIRMWARE_KEY_PUB }, | 116 {"firmware_key_pub", 1, 0, OPT_FIRMWARE_KEY_PUB }, |
| 115 {"kernel_key", 1, 0, OPT_KERNEL_KEY }, | 117 {"kernel_key", 1, 0, OPT_KERNEL_KEY }, |
| 116 {"kernel_key_pub", 1, 0, OPT_KERNEL_KEY_PUB }, | 118 {"kernel_key_pub", 1, 0, OPT_KERNEL_KEY_PUB }, |
| 117 {"firmware_sign_algorithm", 1, 0, OPT_FIRMWARE_SIGN_ALGORITHM }, | 119 {"firmware_sign_algorithm", 1, 0, OPT_FIRMWARE_SIGN_ALGORITHM }, |
| 118 {"kernel_sign_algorithm", 1, 0, OPT_KERNEL_SIGN_ALGORITHM }, | 120 {"kernel_sign_algorithm", 1, 0, OPT_KERNEL_SIGN_ALGORITHM }, |
| 119 {"kernel_key_version", 1, 0, OPT_KERNEL_KEY_VERSION }, | 121 {"kernel_key_version", 1, 0, OPT_KERNEL_KEY_VERSION }, |
| 120 {"kernel_version", 1, 0, OPT_KERNEL_VERSION }, | 122 {"kernel_version", 1, 0, OPT_KERNEL_VERSION }, |
| 121 {"in", 1, 0, OPT_IN }, | 123 {"in", 1, 0, OPT_IN }, |
| 122 {"out", 1, 0, OPT_OUT }, | 124 {"out", 1, 0, OPT_OUT }, |
| 123 {"generate", 0, 0, OPT_GENERATE }, | 125 {"generate", 0, 0, OPT_GENERATE }, |
| 124 {"verify", 0, 0, OPT_VERIFY }, | 126 {"verify", 0, 0, OPT_VERIFY }, |
| 125 {"describe", 0, 0, OPT_DESCRIBE }, | 127 {"describe", 0, 0, OPT_DESCRIBE }, |
| 126 {"vblock", 0, 0, OPT_VBLOCK }, | 128 {"vblock", 0, 0, OPT_VBLOCK }, |
| 127 {"bootloader", 1, 0, OPT_BOOTLOADER }, | 129 {"bootloader", 1, 0, OPT_BOOTLOADER }, |
| 128 {"vmlinuz", 1, 0, OPT_VMLINUZ }, | 130 {"vmlinuz", 1, 0, OPT_VMLINUZ }, |
| 129 {"config", 1, 0, OPT_CONFIG }, | 131 {"config", 1, 0, OPT_CONFIG }, |
| 130 {"padding", 1, 0, OPT_PADDING }, | 132 {"padding", 1, 0, OPT_PADDING }, |
| 133 {"subkey_out", 0, 0, OPT_SUBKEY }, |
| 131 {NULL, 0, 0, 0} | 134 {NULL, 0, 0, 0} |
| 132 }; | 135 }; |
| 133 while ((i = getopt_long(argc, argv, "", long_options, &option_index)) != -1) { | 136 while ((i = getopt_long(argc, argv, "", long_options, &option_index)) != -1) { |
| 134 switch (i) { | 137 switch (i) { |
| 135 case '?': | 138 case '?': |
| 136 return false; | 139 return false; |
| 137 break; | 140 break; |
| 138 case OPT_FIRMWARE_KEY: | 141 case OPT_FIRMWARE_KEY: |
| 139 firmware_key_file_ = optarg; | 142 firmware_key_file_ = optarg; |
| 140 break; | 143 break; |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 break; | 218 break; |
| 216 case OPT_PADDING: | 219 case OPT_PADDING: |
| 217 padding_ = strtol(optarg, &e, 0); | 220 padding_ = strtol(optarg, &e, 0); |
| 218 if (!*optarg || (e && *e)) { | 221 if (!*optarg || (e && *e)) { |
| 219 cerr << "Invalid argument to --" | 222 cerr << "Invalid argument to --" |
| 220 << long_options[option_index].name | 223 << long_options[option_index].name |
| 221 << ": " << optarg << "\n"; | 224 << ": " << optarg << "\n"; |
| 222 return false; | 225 return false; |
| 223 } | 226 } |
| 224 break; | 227 break; |
| 228 case OPT_SUBKEY: |
| 229 is_subkey_out_ = true; |
| 230 break; |
| 225 } | 231 } |
| 226 } | 232 } |
| 227 return CheckOptions(); | 233 return CheckOptions(); |
| 228 } | 234 } |
| 229 | 235 |
| 230 void KernelUtility::OutputSignedImage(void) { | 236 void KernelUtility::OutputSignedImage(void) { |
| 231 if (image_) { | 237 if (image_) { |
| 232 if (!WriteKernelImage(out_file_.c_str(), image_, is_only_vblock_)) { | 238 if (!WriteKernelImage(out_file_.c_str(), image_, |
| 239 is_only_vblock_, |
| 240 is_subkey_out_)) { |
| 233 cerr << "Couldn't write verified boot kernel image to file " | 241 cerr << "Couldn't write verified boot kernel image to file " |
| 234 << out_file_ <<".\n"; | 242 << out_file_ <<".\n"; |
| 235 } | 243 } |
| 236 } | 244 } |
| 237 } | 245 } |
| 238 | 246 |
| 239 void KernelUtility::DescribeSignedImage(void) { | 247 void KernelUtility::DescribeSignedImage(void) { |
| 240 image_ = ReadKernelImage(in_file_.c_str()); | 248 image_ = ReadKernelImage(in_file_.c_str()); |
| 241 if (!image_) { | 249 if (!image_) { |
| 242 cerr << "Couldn't read kernel image or malformed image.\n"; | 250 cerr << "Couldn't read kernel image or malformed image.\n"; |
| (...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 382 return false; | 390 return false; |
| 383 } | 391 } |
| 384 if (bootloader_file_.empty()) { | 392 if (bootloader_file_.empty()) { |
| 385 cerr << "No bootloader file specified.\n"; | 393 cerr << "No bootloader file specified.\n"; |
| 386 return false; | 394 return false; |
| 387 } | 395 } |
| 388 if (vmlinuz_file_.empty()) { | 396 if (vmlinuz_file_.empty()) { |
| 389 cerr << "No vmlinuz file specified.\n"; | 397 cerr << "No vmlinuz file specified.\n"; |
| 390 return false; | 398 return false; |
| 391 } | 399 } |
| 400 // TODO(gauravsh): Enforce only one of --vblock or --subkey_out is specified |
| 392 } | 401 } |
| 393 return true; | 402 return true; |
| 394 } | 403 } |
| 395 | 404 |
| 396 } // namespace vboot_reference | 405 } // namespace vboot_reference |
| 397 | 406 |
| 398 int main(int argc, char* argv[]) { | 407 int main(int argc, char* argv[]) { |
| 399 vboot_reference::KernelUtility ku; | 408 vboot_reference::KernelUtility ku; |
| 400 if (!ku.ParseCmdLineOptions(argc, argv)) { | 409 if (!ku.ParseCmdLineOptions(argc, argv)) { |
| 401 ku.PrintUsage(); | 410 ku.PrintUsage(); |
| 402 return -1; | 411 return -1; |
| 403 } | 412 } |
| 404 if (ku.is_describe()) { | 413 if (ku.is_describe()) { |
| 405 ku.DescribeSignedImage(); | 414 ku.DescribeSignedImage(); |
| 406 } | 415 } |
| 407 else if (ku.is_generate()) { | 416 else if (ku.is_generate()) { |
| 408 if (!ku.GenerateSignedImage()) | 417 if (!ku.GenerateSignedImage()) |
| 409 return -1; | 418 return -1; |
| 410 ku.OutputSignedImage(); | 419 ku.OutputSignedImage(); |
| 411 } | 420 } |
| 412 else if (ku.is_verify()) { | 421 else if (ku.is_verify()) { |
| 413 cerr << "Verification "; | 422 cerr << "Verification "; |
| 414 if (ku.VerifySignedImage()) | 423 if (ku.VerifySignedImage()) |
| 415 cerr << "SUCCESS.\n"; | 424 cerr << "SUCCESS.\n"; |
| 416 else | 425 else |
| 417 cerr << "FAILURE.\n"; | 426 cerr << "FAILURE.\n"; |
| 418 } | 427 } |
| 419 return 0; | 428 return 0; |
| 420 } | 429 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2310002:
Add a --subkey switch to kernel signing utility. (Closed)
Base URL: ssh://git@gitrw.chromium.org/chromiumos