| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Functions for verifying a verified boot kernel image. | 5 * Functions for verifying a verified boot kernel image. |
| 6 * (Firmware portion) | 6 * (Firmware portion) |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include "kernel_image_fw.h" | 9 #include "kernel_image_fw.h" |
| 10 | 10 |
| (...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 183 kernel_signature, /* Expected Signature */ | 183 kernel_signature, /* Expected Signature */ |
| 184 algorithm)) | 184 algorithm)) |
| 185 return VERIFY_KERNEL_SIGNATURE_FAILED; | 185 return VERIFY_KERNEL_SIGNATURE_FAILED; |
| 186 return 0; | 186 return 0; |
| 187 } | 187 } |
| 188 | 188 |
| 189 int VerifyKernelHeader(const uint8_t* firmware_key_blob, | 189 int VerifyKernelHeader(const uint8_t* firmware_key_blob, |
| 190 const uint8_t* kernel_header_blob, | 190 const uint8_t* kernel_header_blob, |
| 191 uint64_t kernel_header_blob_len, | 191 uint64_t kernel_header_blob_len, |
| 192 const int dev_mode, | 192 const int dev_mode, |
| 193 KernelImage *image, | 193 KernelImage* image, |
| 194 RSAPublicKey** kernel_sign_key) { | 194 RSAPublicKey** kernel_sign_key) { |
| 195 int error_code; | 195 int error_code; |
| 196 int firmware_sign_algorithm; /* Firmware signing key algorithm. */ | 196 int firmware_sign_algorithm; /* Firmware signing key algorithm. */ |
| 197 int kernel_sign_algorithm; /* Kernel signing key algorithm. */ | 197 int kernel_sign_algorithm; /* Kernel signing key algorithm. */ |
| 198 int kernel_sign_key_len, kernel_key_signature_len, kernel_signature_len, | 198 int kernel_sign_key_len, kernel_key_signature_len, kernel_signature_len, |
| 199 header_len; | 199 header_len; |
| 200 uint64_t kernel_len; | 200 uint64_t kernel_len; |
| 201 const uint8_t* header_ptr = NULL; /* Pointer to key header. */ | 201 const uint8_t* header_ptr = NULL; /* Pointer to key header. */ |
| 202 const uint8_t* preamble_ptr = NULL; /* Pointer to start of preamble. */ | 202 const uint8_t* preamble_ptr = NULL; /* Pointer to start of preamble. */ |
| 203 MemcpyState st; | 203 MemcpyState st; |
| (...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 480 | 480 |
| 481 /* Lock Kernel TPM rollback indices from further writes. In this design, | 481 /* Lock Kernel TPM rollback indices from further writes. In this design, |
| 482 * this is tied to locking physical presence---so (software) physical | 482 * this is tied to locking physical presence---so (software) physical |
| 483 * presence cannot be asserted after this point. This is a big side effect, | 483 * presence cannot be asserted after this point. This is a big side effect, |
| 484 * so we want to make it clear in the function name. | 484 * so we want to make it clear in the function name. |
| 485 * TODO(gauravsh): figure out better abstractions. | 485 * TODO(gauravsh): figure out better abstractions. |
| 486 */ | 486 */ |
| 487 LockKernelVersionsByLockingPP(); | 487 LockKernelVersionsByLockingPP(); |
| 488 return kernel_to_boot; | 488 return kernel_to_boot; |
| 489 } | 489 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2327002:
Initial LoadKernel() implementation. (Closed)
Base URL: ssh://gitrw.chromium.org/chromiumos