OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for verifying a verified boot kernel image. | 5 * Functions for verifying a verified boot kernel image. |
6 * (Firmware portion) | 6 * (Firmware portion) |
7 */ | 7 */ |
8 | 8 |
9 #include "kernel_image_fw.h" | 9 #include "kernel_image_fw.h" |
10 | 10 |
(...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
183 kernel_signature, /* Expected Signature */ | 183 kernel_signature, /* Expected Signature */ |
184 algorithm)) | 184 algorithm)) |
185 return VERIFY_KERNEL_SIGNATURE_FAILED; | 185 return VERIFY_KERNEL_SIGNATURE_FAILED; |
186 return 0; | 186 return 0; |
187 } | 187 } |
188 | 188 |
189 int VerifyKernelHeader(const uint8_t* firmware_key_blob, | 189 int VerifyKernelHeader(const uint8_t* firmware_key_blob, |
190 const uint8_t* kernel_header_blob, | 190 const uint8_t* kernel_header_blob, |
191 uint64_t kernel_header_blob_len, | 191 uint64_t kernel_header_blob_len, |
192 const int dev_mode, | 192 const int dev_mode, |
193 KernelImage *image, | 193 KernelImage* image, |
194 RSAPublicKey** kernel_sign_key) { | 194 RSAPublicKey** kernel_sign_key) { |
195 int error_code; | 195 int error_code; |
196 int firmware_sign_algorithm; /* Firmware signing key algorithm. */ | 196 int firmware_sign_algorithm; /* Firmware signing key algorithm. */ |
197 int kernel_sign_algorithm; /* Kernel signing key algorithm. */ | 197 int kernel_sign_algorithm; /* Kernel signing key algorithm. */ |
198 int kernel_sign_key_len, kernel_key_signature_len, kernel_signature_len, | 198 int kernel_sign_key_len, kernel_key_signature_len, kernel_signature_len, |
199 header_len; | 199 header_len; |
200 uint64_t kernel_len; | 200 uint64_t kernel_len; |
201 const uint8_t* header_ptr = NULL; /* Pointer to key header. */ | 201 const uint8_t* header_ptr = NULL; /* Pointer to key header. */ |
202 const uint8_t* preamble_ptr = NULL; /* Pointer to start of preamble. */ | 202 const uint8_t* preamble_ptr = NULL; /* Pointer to start of preamble. */ |
203 MemcpyState st; | 203 MemcpyState st; |
(...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
480 | 480 |
481 /* Lock Kernel TPM rollback indices from further writes. In this design, | 481 /* Lock Kernel TPM rollback indices from further writes. In this design, |
482 * this is tied to locking physical presence---so (software) physical | 482 * this is tied to locking physical presence---so (software) physical |
483 * presence cannot be asserted after this point. This is a big side effect, | 483 * presence cannot be asserted after this point. This is a big side effect, |
484 * so we want to make it clear in the function name. | 484 * so we want to make it clear in the function name. |
485 * TODO(gauravsh): figure out better abstractions. | 485 * TODO(gauravsh): figure out better abstractions. |
486 */ | 486 */ |
487 LockKernelVersionsByLockingPP(); | 487 LockKernelVersionsByLockingPP(); |
488 return kernel_to_boot; | 488 return kernel_to_boot; |
489 } | 489 } |
OLD | NEW |