OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for verifying a verified boot firmware image. | 5 * Functions for verifying a verified boot firmware image. |
6 * (Firmware Portion) | 6 * (Firmware Portion) |
7 */ | 7 */ |
8 | 8 |
9 #include "firmware_image_fw.h" | 9 #include "firmware_image_fw.h" |
10 | 10 |
(...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
266 * (firmware_key_version << 16 | firmware_version) where | 266 * (firmware_key_version << 16 | firmware_version) where |
267 * [firmware_key_version] [firmware_version] are both 16-bit. | 267 * [firmware_key_version] [firmware_version] are both 16-bit. |
268 */ | 268 */ |
269 uint32_t firmwareA_lversion, firmwareB_lversion; | 269 uint32_t firmwareA_lversion, firmwareB_lversion; |
270 uint8_t firmwareA_is_verified = 0; /* Whether firmwareA verify succeeded. */ | 270 uint8_t firmwareA_is_verified = 0; /* Whether firmwareA verify succeeded. */ |
271 uint32_t min_lversion; /* Minimum of firmware A and firmware lversion. */ | 271 uint32_t min_lversion; /* Minimum of firmware A and firmware lversion. */ |
272 uint32_t stored_lversion; /* Stored logical version in the TPM. */ | 272 uint32_t stored_lversion; /* Stored logical version in the TPM. */ |
273 uint16_t version, key_version; /* Temporary variables */ | 273 uint16_t version, key_version; /* Temporary variables */ |
274 | 274 |
275 /* Initialize the TPM since we'll be reading the rollback indices. */ | 275 /* Initialize the TPM since we'll be reading the rollback indices. */ |
276 SetupTPM(); | 276 SetupTPM(0, 0); |
277 | 277 |
278 /* We get the key versions by reading directly from the image blobs without | 278 /* We get the key versions by reading directly from the image blobs without |
279 * any additional (expensive) sanity checking on the blob since it's faster to | 279 * any additional (expensive) sanity checking on the blob since it's faster to |
280 * outright reject a firmware with an older firmware key version. A malformed | 280 * outright reject a firmware with an older firmware key version. A malformed |
281 * or corrupted firmware blob will still fail when VerifyFirmware() is called | 281 * or corrupted firmware blob will still fail when VerifyFirmware() is called |
282 * on it. | 282 * on it. |
283 */ | 283 */ |
284 firmwareA_lversion = GetLogicalFirmwareVersion(verification_headerA); | 284 firmwareA_lversion = GetLogicalFirmwareVersion(verification_headerA); |
285 firmwareB_lversion = GetLogicalFirmwareVersion(verification_headerB); | 285 firmwareB_lversion = GetLogicalFirmwareVersion(verification_headerB); |
286 min_lversion = Min(firmwareA_lversion, firmwareB_lversion); | 286 min_lversion = Min(firmwareA_lversion, firmwareB_lversion); |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
339 */ | 339 */ |
340 if (stored_lversion <= firmwareB_lversion && | 340 if (stored_lversion <= firmwareB_lversion && |
341 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, | 341 (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, |
342 verification_headerB, | 342 verification_headerB, |
343 firmwareB))) | 343 firmwareB))) |
344 return BOOT_FIRMWARE_B_CONTINUE; | 344 return BOOT_FIRMWARE_B_CONTINUE; |
345 } | 345 } |
346 /* D'oh: No bootable firmware. */ | 346 /* D'oh: No bootable firmware. */ |
347 return BOOT_FIRMWARE_RECOVERY_CONTINUE; | 347 return BOOT_FIRMWARE_RECOVERY_CONTINUE; |
348 } | 348 } |
OLD | NEW |