| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // Utility for manipulating verified boot firmware images. | 5 // Utility for manipulating verified boot firmware images. |
| 6 // | 6 // |
| 7 | 7 |
| 8 #include "firmware_utility.h" | 8 #include "firmware_utility.h" |
| 9 | 9 |
| 10 #include <getopt.h> | 10 #include <getopt.h> |
| 11 #include <stdio.h> | 11 #include <stdio.h> |
| 12 #include <stdint.h> // Needed for UINT16_MAX. | 12 #include <stdint.h> // Needed for UINT16_MAX. |
| 13 #include <stdlib.h> | 13 #include <stdlib.h> |
| 14 #include <unistd.h> | 14 #include <unistd.h> |
| 15 | 15 |
| 16 #include <iostream> | 16 #include <iostream> |
| 17 | 17 |
| 18 extern "C" { | 18 extern "C" { |
| 19 #include "cryptolib.h" | 19 #include "cryptolib.h" |
| 20 #include "file_keys.h" | 20 #include "file_keys.h" |
| 21 #include "firmware_image.h" | 21 #include "firmware_image.h" |
| 22 #include "utility.h" | 22 #include "stateful_util.h" |
| 23 } | 23 } |
| 24 | 24 |
| 25 using std::cerr; | 25 using std::cerr; |
| 26 | 26 |
| 27 // Macro to determine the size of a field structure in the FirmwareImage |
| 28 // structure. |
| 29 #define FIELD_LEN(field) (sizeof(((FirmwareImage*)0)->field)) |
| 30 |
| 27 namespace vboot_reference { | 31 namespace vboot_reference { |
| 28 | 32 |
| 29 FirmwareUtility::FirmwareUtility(): | 33 FirmwareUtility::FirmwareUtility(): |
| 30 image_(NULL), | 34 image_(NULL), |
| 31 root_key_pub_(NULL), | 35 root_key_pub_(NULL), |
| 32 firmware_version_(-1), | |
| 33 firmware_key_version_(-1), | 36 firmware_key_version_(-1), |
| 34 firmware_sign_algorithm_(-1), | 37 firmware_sign_algorithm_(-1), |
| 38 firmware_version_(-1), |
| 35 is_generate_(false), | 39 is_generate_(false), |
| 36 is_verify_(false), | 40 is_verify_(false), |
| 37 is_describe_(false), | 41 is_describe_(false), |
| 38 is_only_vblock_(false) { | 42 is_only_vblock_(false), |
| 43 is_subkey_out_(false) { |
| 39 } | 44 } |
| 40 | 45 |
| 41 FirmwareUtility::~FirmwareUtility() { | 46 FirmwareUtility::~FirmwareUtility() { |
| 42 RSAPublicKeyFree(root_key_pub_); | 47 RSAPublicKeyFree(root_key_pub_); |
| 43 FirmwareImageFree(image_); | 48 FirmwareImageFree(image_); |
| 44 } | 49 } |
| 45 | 50 |
| 46 void FirmwareUtility::PrintUsage(void) { | 51 void FirmwareUtility::PrintUsage(void) { |
| 47 cerr << | 52 cerr << |
| 48 "Utility to generate/verify a verified boot firmware image\n" | 53 "Utility to generate/verify a verified boot firmware image\n" |
| 49 "\n" | 54 "\n" |
| 50 "Usage: firmware_utility <--generate|--verify> [OPTIONS]\n" | 55 "Usage: firmware_utility <--generate|--verify> [OPTIONS]\n" |
| 51 "\n" | 56 "\n" |
| 52 "For \"--verify\", required OPTIONS are:\n" | 57 "For \"--verify\", required OPTIONS are:\n" |
| 53 "--in <infile>\t\t\tVerified boot firmware image to verify.\n" | 58 " --in <infile>\t\t\tVerified boot firmware image to verify.\n" |
| 54 "--root_key_pub <pubkeyfile>\tPre-processed public root key " | 59 " --root_key_pub <pubkeyfile>\tPre-processed public root key " |
| 55 "to use for verification.\n" | 60 "to use for verification.\n" |
| 56 "\n" | 61 "\n" |
| 57 "For \"--generate\", required OPTIONS are:\n" | 62 "For \"--generate\", required OPTIONS are:\n" |
| 58 "--root_key <privkeyfile>\tPrivate root key file\n" | 63 " --root_key <privkeyfile>\t\tPrivate root key file\n" |
| 59 "--firmware_sign_key <privkeyfile>\tPrivate signing key file\n" | 64 " --firmware_key_pub <pubkeyfile>\tPre-processed public signing" |
| 60 "--firmware_sign_key_pub <pubkeyfile>\tPre-processed public signing" | |
| 61 " key\n" | 65 " key\n" |
| 62 "--firmware_sign_algorithm <algoid>\tSigning algorithm to use\n" | 66 " --firmware_sign_algorithm <algoid>\tSigning algorithm to use\n" |
| 63 "--firmware_key_version <version#>\tSigning Key Version#\n" | 67 " --firmware_key_version <version#>\tSigning Key Version#\n" |
| 64 "--firmware_version <version#>\tFirmware Version#\n" | 68 "OR\n" |
| 65 "--in <infile>\t\t\tFirmware Image to sign\n" | 69 " --subkey_in <subkeyfile>\t\tExisting key signature header\n" |
| 66 "--out <outfile>\t\t\tOutput file for verified boot firmware image\n" | 70 "\n" |
| 71 " --firmware_key <privkeyfile>\tPrivate signing key file\n" |
| 72 " --firmware_version <version#>\tFirmware Version#\n" |
| 73 " --in <infile>\t\t\tFirmware Image to sign\n" |
| 74 " --out <outfile>\t\tOutput file for verified boot firmware image\n" |
| 67 "\n" | 75 "\n" |
| 68 "Optional:\n" | 76 "Optional:\n" |
| 69 " --vblock\t\t\tJust output the verification block\n" | 77 " --subkey_out\t\t\tJust output the subkey (key verification) header\n" |
| 78 " --vblock\t\t\tJust output the verification block\n" |
| 70 "\n" | 79 "\n" |
| 71 "<algoid> (for --sign-algorithm) is one of the following:\n"; | 80 "<algoid> (for --sign-algorithm) is one of the following:\n"; |
| 72 for (int i = 0; i < kNumAlgorithms; i++) { | 81 for (int i = 0; i < kNumAlgorithms; i++) { |
| 73 cerr << i << " for " << algo_strings[i] << "\n"; | 82 cerr << i << " for " << algo_strings[i] << "\n"; |
| 74 } | 83 } |
| 75 cerr << "\n\n"; | 84 cerr << "\n\n"; |
| 76 } | 85 } |
| 77 | 86 |
| 78 bool FirmwareUtility::ParseCmdLineOptions(int argc, char* argv[]) { | 87 bool FirmwareUtility::ParseCmdLineOptions(int argc, char* argv[]) { |
| 79 int option_index, i; | 88 int option_index, i; |
| 80 char *e = 0; | 89 char *e = 0; |
| 81 enum { | 90 enum { |
| 82 OPT_ROOT_KEY = 1000, | 91 OPT_ROOT_KEY = 1000, |
| 83 OPT_ROOT_KEY_PUB, | 92 OPT_ROOT_KEY_PUB, |
| 84 OPT_FIRMWARE_KEY, | 93 OPT_FIRMWARE_KEY, |
| 85 OPT_FIRMWARE_KEY_PUB, | 94 OPT_FIRMWARE_KEY_PUB, |
| 95 OPT_SUBKEY_IN, |
| 86 OPT_FIRMWARE_SIGN_ALGORITHM, | 96 OPT_FIRMWARE_SIGN_ALGORITHM, |
| 87 OPT_FIRMWARE_KEY_VERSION, | 97 OPT_FIRMWARE_KEY_VERSION, |
| 88 OPT_FIRMWARE_VERSION, | 98 OPT_FIRMWARE_VERSION, |
| 89 OPT_IN, | 99 OPT_IN, |
| 90 OPT_OUT, | 100 OPT_OUT, |
| 91 OPT_GENERATE, | 101 OPT_GENERATE, |
| 92 OPT_VERIFY, | 102 OPT_VERIFY, |
| 93 OPT_DESCRIBE, | 103 OPT_DESCRIBE, |
| 94 OPT_VBLOCK, | 104 OPT_VBLOCK, |
| 105 OPT_SUBKEY_OUT, |
| 95 }; | 106 }; |
| 96 static struct option long_options[] = { | 107 static struct option long_options[] = { |
| 97 {"root_key", 1, 0, OPT_ROOT_KEY }, | 108 {"root_key", 1, 0, OPT_ROOT_KEY }, |
| 98 {"root_key_pub", 1, 0, OPT_ROOT_KEY_PUB }, | 109 {"root_key_pub", 1, 0, OPT_ROOT_KEY_PUB }, |
| 99 {"firmware_key", 1, 0, OPT_FIRMWARE_KEY }, | 110 {"firmware_key", 1, 0, OPT_FIRMWARE_KEY }, |
| 100 {"firmware_key_pub", 1, 0, OPT_FIRMWARE_KEY_PUB }, | 111 {"firmware_key_pub", 1, 0, OPT_FIRMWARE_KEY_PUB }, |
| 112 {"subkey_in", 1, 0, OPT_SUBKEY_IN }, |
| 101 {"firmware_sign_algorithm", 1, 0, OPT_FIRMWARE_SIGN_ALGORITHM }, | 113 {"firmware_sign_algorithm", 1, 0, OPT_FIRMWARE_SIGN_ALGORITHM }, |
| 102 {"firmware_key_version", 1, 0, OPT_FIRMWARE_KEY_VERSION }, | 114 {"firmware_key_version", 1, 0, OPT_FIRMWARE_KEY_VERSION }, |
| 103 {"firmware_version", 1, 0, OPT_FIRMWARE_VERSION }, | 115 {"firmware_version", 1, 0, OPT_FIRMWARE_VERSION }, |
| 104 {"in", 1, 0, OPT_IN }, | 116 {"in", 1, 0, OPT_IN }, |
| 105 {"out", 1, 0, OPT_OUT }, | 117 {"out", 1, 0, OPT_OUT }, |
| 106 {"generate", 0, 0, OPT_GENERATE }, | 118 {"generate", 0, 0, OPT_GENERATE }, |
| 107 {"verify", 0, 0, OPT_VERIFY }, | 119 {"verify", 0, 0, OPT_VERIFY }, |
| 108 {"describe", 0, 0, OPT_DESCRIBE }, | 120 {"describe", 0, 0, OPT_DESCRIBE }, |
| 109 {"vblock", 0, 0, OPT_VBLOCK }, | 121 {"vblock", 0, 0, OPT_VBLOCK }, |
| 122 {"subkey_out", 0, 0, OPT_SUBKEY_OUT }, |
| 110 {NULL, 0, 0, 0} | 123 {NULL, 0, 0, 0} |
| 111 }; | 124 }; |
| 112 while ((i = getopt_long(argc, argv, "", long_options, &option_index)) != -1) { | 125 while ((i = getopt_long(argc, argv, "", long_options, &option_index)) != -1) { |
| 113 switch (i) { | 126 switch (i) { |
| 114 case '?': | 127 case '?': |
| 115 return false; | 128 return false; |
| 116 break; | 129 break; |
| 117 case OPT_ROOT_KEY: | 130 case OPT_ROOT_KEY: |
| 118 root_key_file_ = optarg; | 131 root_key_file_ = optarg; |
| 119 break; | 132 break; |
| 120 case OPT_ROOT_KEY_PUB: | 133 case OPT_ROOT_KEY_PUB: |
| 121 root_key_pub_file_ = optarg; | 134 root_key_pub_file_ = optarg; |
| 122 break; | 135 break; |
| 123 case OPT_FIRMWARE_KEY: | 136 case OPT_FIRMWARE_KEY: |
| 124 firmware_key_file_ = optarg; | 137 firmware_key_file_ = optarg; |
| 125 break; | 138 break; |
| 126 case OPT_FIRMWARE_KEY_PUB: | 139 case OPT_FIRMWARE_KEY_PUB: |
| 127 firmware_key_pub_file_ = optarg; | 140 firmware_key_pub_file_ = optarg; |
| 128 break; | 141 break; |
| 142 case OPT_SUBKEY_IN: |
| 143 subkey_in_file_ = optarg; |
| 144 break; |
| 129 case OPT_FIRMWARE_SIGN_ALGORITHM: | 145 case OPT_FIRMWARE_SIGN_ALGORITHM: |
| 130 firmware_sign_algorithm_ = strtol(optarg, &e, 0); | 146 firmware_sign_algorithm_ = strtol(optarg, &e, 0); |
| 131 if (!*optarg || (e && *e)) { | 147 if (!*optarg || (e && *e)) { |
| 132 cerr << "Invalid argument to --" | 148 cerr << "Invalid argument to --" |
| 133 << long_options[option_index].name | 149 << long_options[option_index].name |
| 134 << ": " << optarg << "\n"; | 150 << ": " << optarg << "\n"; |
| 135 return false; | 151 return false; |
| 136 } | 152 } |
| 137 break; | 153 break; |
| 138 case OPT_FIRMWARE_KEY_VERSION: | 154 case OPT_FIRMWARE_KEY_VERSION: |
| (...skipping 25 matching lines...) Expand all Loading... |
| 164 break; | 180 break; |
| 165 case OPT_VERIFY: | 181 case OPT_VERIFY: |
| 166 is_verify_ = true; | 182 is_verify_ = true; |
| 167 break; | 183 break; |
| 168 case OPT_DESCRIBE: | 184 case OPT_DESCRIBE: |
| 169 is_describe_ = true; | 185 is_describe_ = true; |
| 170 break; | 186 break; |
| 171 case OPT_VBLOCK: | 187 case OPT_VBLOCK: |
| 172 is_only_vblock_ = true; | 188 is_only_vblock_ = true; |
| 173 break; | 189 break; |
| 190 case OPT_SUBKEY_OUT: |
| 191 is_subkey_out_ = true; |
| 192 break; |
| 174 } | 193 } |
| 175 } | 194 } |
| 176 return CheckOptions(); | 195 return CheckOptions(); |
| 177 } | 196 } |
| 178 | 197 |
| 179 | 198 |
| 180 void FirmwareUtility::OutputSignedImage(void) { | 199 void FirmwareUtility::OutputSignedImage(void) { |
| 181 if (image_) { | 200 if (image_) { |
| 182 if (!WriteFirmwareImage(out_file_.c_str(), image_, is_only_vblock_)) { | 201 if (!WriteFirmwareImage(out_file_.c_str(), image_, |
| 202 is_only_vblock_, |
| 203 is_subkey_out_)) { |
| 183 cerr << "Couldn't write verified boot image to file " | 204 cerr << "Couldn't write verified boot image to file " |
| 184 << out_file_ <<".\n"; | 205 << out_file_ <<".\n"; |
| 185 } | 206 } |
| 186 } | 207 } |
| 187 } | 208 } |
| 188 | 209 |
| 189 void FirmwareUtility::DescribeSignedImage(void) { | 210 void FirmwareUtility::DescribeSignedImage(void) { |
| 190 image_ = ReadFirmwareImage(in_file_.c_str()); | 211 image_ = ReadFirmwareImage(in_file_.c_str()); |
| 191 if (!image_) { | 212 if (!image_) { |
| 192 cerr << "Couldn't read firmware image or malformed image.\n"; | 213 cerr << "Couldn't read firmware image or malformed image.\n"; |
| 193 } | 214 } |
| 194 PrintFirmwareImage(image_); | 215 PrintFirmwareImage(image_); |
| 195 } | 216 } |
| 196 | 217 |
| 197 bool FirmwareUtility::GenerateSignedImage(void) { | 218 bool FirmwareUtility::GenerateSignedImage(void) { |
| 198 uint64_t firmware_sign_key_pub_len; | 219 uint64_t firmware_sign_key_pub_len; |
| 220 |
| 199 image_ = FirmwareImageNew(); | 221 image_ = FirmwareImageNew(); |
| 200 | |
| 201 Memcpy(image_->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); | 222 Memcpy(image_->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); |
| 202 | 223 |
| 203 // Copy pre-processed public signing key. | 224 if (subkey_in_file_.empty()) { |
| 204 image_->firmware_sign_algorithm = (uint16_t) firmware_sign_algorithm_; | 225 // We muse generate the firmware key signature header (subkey header) |
| 205 image_->firmware_sign_key = BufferFromFile( | 226 // ourselves. |
| 206 firmware_key_pub_file_.c_str(), | 227 // Copy pre-processed public signing key. |
| 207 &firmware_sign_key_pub_len); | 228 image_->firmware_sign_algorithm = (uint16_t) firmware_sign_algorithm_; |
| 208 if (!image_->firmware_sign_key) | 229 image_->firmware_sign_key = BufferFromFile( |
| 209 return false; | 230 firmware_key_pub_file_.c_str(), |
| 210 image_->firmware_key_version = firmware_key_version_; | 231 &firmware_sign_key_pub_len); |
| 232 if (!image_->firmware_sign_key) |
| 233 return false; |
| 234 image_->firmware_key_version = firmware_key_version_; |
| 211 | 235 |
| 212 // Update header length. | 236 // Update header length. |
| 213 image_->header_len = GetFirmwareHeaderLen(image_); | 237 image_->header_len = GetFirmwareHeaderLen(image_); |
| 214 | 238 |
| 215 // Calculate header checksum. | 239 // Calculate header checksum. |
| 216 CalculateFirmwareHeaderChecksum(image_, image_->header_checksum); | 240 CalculateFirmwareHeaderChecksum(image_, image_->header_checksum); |
| 217 | 241 |
| 218 image_->firmware_version = firmware_version_; | 242 image_->firmware_version = firmware_version_; |
| 219 image_->firmware_len = 0; | 243 image_->firmware_len = 0; |
| 244 |
| 245 // Generate and add the key signatures. |
| 246 if (!AddFirmwareKeySignature(image_, root_key_file_.c_str())) { |
| 247 cerr << "Couldn't write key signature to verified boot image.\n"; |
| 248 return false; |
| 249 } |
| 250 } else { |
| 251 // Use existing subkey header. |
| 252 MemcpyState st; |
| 253 uint8_t* subkey_header_buf = NULL; |
| 254 uint64_t subkey_len; |
| 255 int header_len; |
| 256 int firmware_sign_key_len; |
| 257 uint8_t header_checksum[FIELD_LEN(header_checksum)]; |
| 258 |
| 259 subkey_header_buf = BufferFromFile(subkey_in_file_.c_str(), &subkey_len); |
| 260 if (!subkey_header_buf) { |
| 261 cerr << "Couldn't read subkey header from file %s\n" |
| 262 << subkey_in_file_.c_str(); |
| 263 return false; |
| 264 } |
| 265 st.remaining_len = subkey_len; |
| 266 st.remaining_buf = subkey_header_buf; |
| 267 st.overrun = 0; |
| 268 |
| 269 // TODO(gauravsh): This is basically the same code as the first half of |
| 270 // of ReadFirmwareImage(). Refactor to eliminate code duplication. |
| 271 |
| 272 StatefulMemcpy(&st, &image_->header_len, FIELD_LEN(header_len)); |
| 273 StatefulMemcpy(&st, &image_->firmware_sign_algorithm, |
| 274 FIELD_LEN(firmware_sign_algorithm)); |
| 275 |
| 276 // Valid Algorithm? |
| 277 if (image_->firmware_sign_algorithm >= kNumAlgorithms) { |
| 278 Free(subkey_header_buf); |
| 279 return NULL; |
| 280 } |
| 281 |
| 282 // Compute size of pre-processed RSA public key and signature. |
| 283 firmware_sign_key_len = RSAProcessedKeySize(image_->firmware_sign_algorithm)
; |
| 284 |
| 285 // Check whether the header length is correct. |
| 286 header_len = GetFirmwareHeaderLen(image_); |
| 287 if (header_len != image_->header_len) { |
| 288 debug("Header length mismatch. Got: %d Expected: %d\n", |
| 289 image_->header_len, header_len); |
| 290 Free(subkey_header_buf); |
| 291 return NULL; |
| 292 } |
| 293 |
| 294 // Read pre-processed public half of the sign key. |
| 295 StatefulMemcpy(&st, &image_->firmware_key_version, |
| 296 FIELD_LEN(firmware_key_version)); |
| 297 image_->firmware_sign_key = (uint8_t*) Malloc(firmware_sign_key_len); |
| 298 StatefulMemcpy(&st, image_->firmware_sign_key, firmware_sign_key_len); |
| 299 StatefulMemcpy(&st, image_->header_checksum, FIELD_LEN(header_checksum)); |
| 300 |
| 301 // Check whether the header checksum matches. |
| 302 CalculateFirmwareHeaderChecksum(image_, header_checksum); |
| 303 if (SafeMemcmp(header_checksum, image_->header_checksum, |
| 304 FIELD_LEN(header_checksum))) { |
| 305 debug("Invalid firmware header checksum!\n"); |
| 306 Free(subkey_header_buf); |
| 307 return NULL; |
| 308 } |
| 309 |
| 310 // Read key signature. |
| 311 StatefulMemcpy(&st, image_->firmware_key_signature, |
| 312 FIELD_LEN(firmware_key_signature)); |
| 313 |
| 314 Free(subkey_header_buf); |
| 315 if (st.overrun || st.remaining_len != 0) // Overrun or underrun. |
| 316 return false; |
| 317 return true; |
| 318 } |
| 319 |
| 220 // TODO(gauravsh): Populate this with the right bytes once we decide | 320 // TODO(gauravsh): Populate this with the right bytes once we decide |
| 221 // what goes into the preamble. | 321 // what goes into the preamble. |
| 222 Memset(image_->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); | 322 Memset(image_->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); |
| 223 image_->firmware_data = BufferFromFile(in_file_.c_str(), | 323 image_->firmware_data = BufferFromFile(in_file_.c_str(), |
| 224 &image_->firmware_len); | 324 &image_->firmware_len); |
| 225 if (!image_->firmware_data) | 325 if (!image_->firmware_data) |
| 226 return false; | 326 return false; |
| 227 // Generate and add the signatures. | |
| 228 if (!AddFirmwareKeySignature(image_, root_key_file_.c_str())) { | |
| 229 cerr << "Couldn't write key signature to verified boot image.\n"; | |
| 230 return false; | |
| 231 } | |
| 232 | 327 |
| 233 if (!AddFirmwareSignature(image_, firmware_key_file_.c_str())) { | 328 if (!AddFirmwareSignature(image_, firmware_key_file_.c_str())) { |
| 234 cerr << "Couldn't write firmware signature to verified boot image.\n"; | 329 cerr << "Couldn't write firmware signature to verified boot image.\n"; |
| 235 return false; | 330 return false; |
| 236 } | 331 } |
| 237 return true; | 332 return true; |
| 238 } | 333 } |
| 239 | 334 |
| 240 bool FirmwareUtility::VerifySignedImage(void) { | 335 bool FirmwareUtility::VerifySignedImage(void) { |
| 241 int error; | 336 int error; |
| (...skipping 30 matching lines...) Expand all Loading... |
| 272 cerr << "No input file specified." << "\n"; | 367 cerr << "No input file specified." << "\n"; |
| 273 return false; | 368 return false; |
| 274 } | 369 } |
| 275 // Required options for --verify. | 370 // Required options for --verify. |
| 276 if (is_verify_ && root_key_pub_file_.empty()) { | 371 if (is_verify_ && root_key_pub_file_.empty()) { |
| 277 cerr << "No pre-processed public root key file specified." << "\n"; | 372 cerr << "No pre-processed public root key file specified." << "\n"; |
| 278 return false; | 373 return false; |
| 279 } | 374 } |
| 280 // Required options for --generate. | 375 // Required options for --generate. |
| 281 if (is_generate_) { | 376 if (is_generate_) { |
| 282 if (root_key_file_.empty()) { | 377 if (subkey_in_file_.empty()) { |
| 283 cerr << "No root key file specified." << "\n"; | 378 // Root key, kernel signing public key, and firmware signing |
| 284 return false; | 379 // algorithm are required to generate the key signature header. |
| 285 } | 380 if (root_key_file_.empty()) { |
| 286 if (firmware_version_ <= 0 || firmware_version_ > UINT16_MAX) { | 381 cerr << "No root key file specified." << "\n"; |
| 287 cerr << "Invalid or no firmware version specified." << "\n"; | 382 return false; |
| 288 return false; | 383 } |
| 384 if (firmware_key_pub_file_.empty()) { |
| 385 cerr << "No pre-processed public signing key file specified." << "\n"; |
| 386 return false; |
| 387 } |
| 388 if (firmware_key_version_ <= 0 || firmware_key_version_ > UINT16_MAX) { |
| 389 cerr << "Invalid or no key version specified." << "\n"; |
| 390 return false; |
| 391 } |
| 392 if (firmware_sign_algorithm_ < 0 || |
| 393 firmware_sign_algorithm_ >= kNumAlgorithms) { |
| 394 cerr << "Invalid or no signing key algorithm specified." << "\n"; |
| 395 return false; |
| 396 } |
| 289 } | 397 } |
| 290 if (firmware_key_file_.empty()) { | 398 if (firmware_key_file_.empty()) { |
| 291 cerr << "No signing key file specified." << "\n"; | 399 cerr << "No signing key file specified." << "\n"; |
| 292 return false; | 400 return false; |
| 293 } | 401 } |
| 294 if (firmware_key_pub_file_.empty()) { | 402 if (firmware_version_ <= 0 || firmware_version_ > UINT16_MAX) { |
| 295 cerr << "No pre-processed public signing key file specified." << "\n"; | 403 cerr << "Invalid or no firmware version specified." << "\n"; |
| 296 return false; | 404 return false; |
| 297 } | |
| 298 if (firmware_key_version_ <= 0 || firmware_key_version_ > UINT16_MAX) { | |
| 299 cerr << "Invalid or no key version specified." << "\n"; | |
| 300 return false; | |
| 301 } | |
| 302 if (firmware_sign_algorithm_ < 0 || | |
| 303 firmware_sign_algorithm_ >= kNumAlgorithms) { | |
| 304 cerr << "Invalid or no signing key algorithm specified." << "\n"; | |
| 305 return false; | |
| 306 } | 405 } |
| 307 if (out_file_.empty()) { | 406 if (out_file_.empty()) { |
| 308 cerr <<"No output file specified." << "\n"; | 407 cerr <<"No output file specified." << "\n"; |
| 309 return false; | 408 return false; |
| 310 } | 409 } |
| 311 } | 410 } |
| 312 return true; | 411 return true; |
| 313 } | 412 } |
| 314 | 413 |
| 315 | |
| 316 } // namespace vboot_reference | 414 } // namespace vboot_reference |
| 317 | 415 |
| 318 int main(int argc, char* argv[]) { | 416 int main(int argc, char* argv[]) { |
| 319 vboot_reference::FirmwareUtility fu; | 417 vboot_reference::FirmwareUtility fu; |
| 320 if (!fu.ParseCmdLineOptions(argc, argv)) { | 418 if (!fu.ParseCmdLineOptions(argc, argv)) { |
| 321 fu.PrintUsage(); | 419 fu.PrintUsage(); |
| 322 return -1; | 420 return -1; |
| 323 } | 421 } |
| 324 if (fu.is_describe()) { | 422 if (fu.is_describe()) { |
| 325 fu.DescribeSignedImage(); | 423 fu.DescribeSignedImage(); |
| 326 } | 424 } |
| 327 if (fu.is_generate()) { | 425 if (fu.is_generate()) { |
| 328 if (!fu.GenerateSignedImage()) | 426 if (!fu.GenerateSignedImage()) |
| 329 return -1; | 427 return -1; |
| 330 fu.OutputSignedImage(); | 428 fu.OutputSignedImage(); |
| 331 } | 429 } |
| 332 if (fu.is_verify()) { | 430 if (fu.is_verify()) { |
| 333 cerr << "Verification "; | 431 cerr << "Verification "; |
| 334 if (fu.VerifySignedImage()) | 432 if (fu.VerifySignedImage()) |
| 335 cerr << "SUCCESS.\n"; | 433 cerr << "SUCCESS.\n"; |
| 336 else | 434 else |
| 337 cerr << "FAILURE.\n"; | 435 cerr << "FAILURE.\n"; |
| 338 } | 436 } |
| 339 return 0; | 437 return 0; |
| 340 } | 438 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2366004:
Add --subkey_in and --subkey_out options to firmware signing utility. (Closed)
Base URL: ssh://git@gitrw.chromium.org/chromiumos