Index: vboot_firmware/lib/firmware_image_fw.c |
diff --git a/vboot_firmware/lib/firmware_image_fw.c b/vboot_firmware/lib/firmware_image_fw.c |
deleted file mode 100644 |
index d7e50b4cf8346e933ecfded03f099ac8e93c82e4..0000000000000000000000000000000000000000 |
--- a/vboot_firmware/lib/firmware_image_fw.c |
+++ /dev/null |
@@ -1,355 +0,0 @@ |
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
- * Use of this source code is governed by a BSD-style license that can be |
- * found in the LICENSE file. |
- * |
- * Functions for verifying a verified boot firmware image. |
- * (Firmware Portion) |
- */ |
- |
-#include "firmware_image_fw.h" |
- |
-#include "cryptolib.h" |
-#include "rollback_index.h" |
-#include "tss_constants.h" |
-#include "utility.h" |
- |
-/* Macro to determine the size of a field structure in the FirmwareImage |
- * structure. */ |
-#define FIELD_LEN(field) (sizeof(((FirmwareImage*)0)->field)) |
- |
-char* kVerifyFirmwareErrors[VERIFY_FIRMWARE_MAX] = { |
- "Success.", |
- "Invalid Image.", |
- "Root Key Signature Failed.", |
- "Invalid Verification Algorithm.", |
- "Preamble Signature Failed.", |
- "Firmware Signature Failed.", |
- "Wrong Firmware Magic.", |
- "Invalid Firmware Header Checksum.", |
- "Firmware Signing Key Rollback.", |
- "Firmware Version Rollback." |
-}; |
- |
-uint64_t GetFirmwarePreambleLen(int algorithm) { |
- return (FIELD_LEN(firmware_version) + |
- FIELD_LEN(firmware_len) + |
- FIELD_LEN(kernel_subkey_sign_algorithm) + |
- RSAProcessedKeySize(algorithm) + |
- FIELD_LEN(preamble)); |
-} |
- |
- |
-int VerifyFirmwareHeader(const uint8_t* root_key_blob, |
- const uint8_t* header_blob, |
- int* algorithm, |
- int* header_len) { |
- int firmware_sign_key_len; |
- int root_key_len; |
- uint16_t hlen, algo; |
- uint8_t* header_checksum = NULL; |
- |
- /* Base Offset for the header_checksum field. Actual offset is |
- * this + firmware_sign_key_len. */ |
- int base_header_checksum_offset = (FIELD_LEN(header_len) + |
- FIELD_LEN(firmware_sign_algorithm) + |
- FIELD_LEN(firmware_key_version)); |
- |
- |
- root_key_len = RSAProcessedKeySize(ROOT_SIGNATURE_ALGORITHM); |
- Memcpy(&hlen, header_blob, sizeof(hlen)); |
- Memcpy(&algo, |
- header_blob + FIELD_LEN(firmware_sign_algorithm), |
- sizeof(algo)); |
- if (algo >= kNumAlgorithms) |
- return VERIFY_FIRMWARE_INVALID_ALGORITHM; |
- *algorithm = (int) algo; |
- firmware_sign_key_len = RSAProcessedKeySize(*algorithm); |
- |
- /* Verify that header len is correct. */ |
- if (hlen != (base_header_checksum_offset + |
- firmware_sign_key_len + |
- FIELD_LEN(header_checksum))) |
- return VERIFY_FIRMWARE_INVALID_IMAGE; |
- |
- *header_len = (int) hlen; |
- |
- /* Verify if the hash of the header is correct. */ |
- header_checksum = DigestBuf(header_blob, |
- *header_len - FIELD_LEN(header_checksum), |
- SHA512_DIGEST_ALGORITHM); |
- if (SafeMemcmp(header_checksum, |
- header_blob + (base_header_checksum_offset + |
- firmware_sign_key_len), |
- FIELD_LEN(header_checksum))) { |
- Free(header_checksum); |
- return VERIFY_FIRMWARE_WRONG_HEADER_CHECKSUM; |
- } |
- Free(header_checksum); |
- |
- /* Root key signature on the firmware signing key is always checked |
- * irrespective of dev mode. */ |
- if (!RSAVerifyBinary_f(root_key_blob, NULL, /* Key to use */ |
- header_blob, /* Data to verify */ |
- *header_len, /* Length of data */ |
- header_blob + *header_len, /* Expected Signature */ |
- ROOT_SIGNATURE_ALGORITHM)) |
- return VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED; |
- return 0; |
-} |
- |
-int VerifyFirmwarePreamble(RSAPublicKey* firmware_sign_key, |
- const uint8_t* preamble_blob, |
- int firmware_sign_algorithm, |
- uint64_t* firmware_len) { |
- uint64_t len; |
- int preamble_len; |
- uint16_t firmware_version; |
- uint16_t kernel_subkey_sign_algorithm; |
- |
- Memcpy(&firmware_version, preamble_blob, sizeof(firmware_version)); |
- Memcpy(&kernel_subkey_sign_algorithm, |
- preamble_blob + (FIELD_LEN(firmware_version) + |
- FIELD_LEN(firmware_len)), |
- FIELD_LEN(kernel_subkey_sign_algorithm)); |
- |
- if (kernel_subkey_sign_algorithm >= kNumAlgorithms) |
- return VERIFY_FIRMWARE_INVALID_ALGORITHM; |
- |
- preamble_len = GetFirmwarePreambleLen(kernel_subkey_sign_algorithm); |
- if (!RSAVerifyBinary_f(NULL, firmware_sign_key, /* Key to use */ |
- preamble_blob, /* Data to verify */ |
- preamble_len, /* Length of data */ |
- preamble_blob + preamble_len, /* Expected Signature */ |
- firmware_sign_algorithm)) |
- return VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED; |
- |
- Memcpy(&len, preamble_blob + FIELD_LEN(firmware_version), |
- sizeof(len)); |
- *firmware_len = len; |
- return 0; |
-} |
- |
-int VerifyFirmwareData(RSAPublicKey* firmware_sign_key, |
- const uint8_t* preamble_start, |
- const uint8_t* firmware_data, |
- uint64_t firmware_len, |
- int firmware_sign_algorithm) { |
- int signature_len = siglen_map[firmware_sign_algorithm]; |
- int preamble_len; |
- uint16_t kernel_subkey_sign_algorithm; |
- uint8_t* digest = NULL; |
- const uint8_t* firmware_signature = NULL; |
- DigestContext ctx; |
- Memcpy(&kernel_subkey_sign_algorithm, |
- preamble_start + (FIELD_LEN(firmware_version) + |
- FIELD_LEN(firmware_len)), |
- FIELD_LEN(kernel_subkey_sign_algorithm)); |
- |
- if (kernel_subkey_sign_algorithm >= kNumAlgorithms) |
- return VERIFY_FIRMWARE_INVALID_ALGORITHM; |
- |
- preamble_len = GetFirmwarePreambleLen(kernel_subkey_sign_algorithm); |
- |
- /* Since the firmware signature is over the preamble and the firmware data, |
- * which does not form a contiguous region of memory, we calculate the |
- * message digest ourselves. */ |
- DigestInit(&ctx, firmware_sign_algorithm); |
- DigestUpdate(&ctx, preamble_start, preamble_len); |
- DigestUpdate(&ctx, firmware_data, firmware_len); |
- digest = DigestFinal(&ctx); |
- /* Firmware signature is at the end of preamble and preamble signature. */ |
- firmware_signature = preamble_start + preamble_len + signature_len; |
- if (!RSAVerifyBinaryWithDigest_f( |
- NULL, firmware_sign_key, /* Key to use. */ |
- digest, /* Digest of the data to verify. */ |
- firmware_signature, /* Expected Signature */ |
- firmware_sign_algorithm)) { |
- Free(digest); |
- return VERIFY_FIRMWARE_SIGNATURE_FAILED; |
- } |
- Free(digest); |
- return 0; |
-} |
- |
-int VerifyFirmware(const uint8_t* root_key_blob, |
- const uint8_t* verification_header_blob, |
- const uint8_t* firmware_blob) { |
- int error_code = 0; |
- int firmware_sign_algorithm; /* Signing key algorithm. */ |
- RSAPublicKey* firmware_sign_key = NULL; |
- int firmware_sign_key_len, signature_len, header_len; |
- uint64_t firmware_len; |
- const uint8_t* header_ptr = NULL; /* Pointer to header. */ |
- const uint8_t* firmware_sign_key_ptr = NULL; /* Pointer to signing key. */ |
- const uint8_t* preamble_ptr = NULL; /* Pointer to preamble block. */ |
- |
- /* Note: All the offset calculations are based on struct FirmwareImage which |
- * is defined in include/firmware_image_fw.h. */ |
- |
- /* Compare magic bytes. */ |
- if (SafeMemcmp(verification_header_blob, FIRMWARE_MAGIC, |
- FIRMWARE_MAGIC_SIZE)) { |
- debug("Wrong Firmware Magic.\n"); |
- return VERIFY_FIRMWARE_WRONG_MAGIC; |
- } |
- header_ptr = verification_header_blob + FIRMWARE_MAGIC_SIZE; |
- |
- /* Only continue if header verification succeeds. */ |
- if ((error_code = VerifyFirmwareHeader(root_key_blob, header_ptr, |
- &firmware_sign_algorithm, |
- &header_len))) { |
- debug("Couldn't verify Firmware header.\n"); |
- return error_code; /* AKA jump to revovery. */ |
- } |
- /* Parse signing key into RSAPublicKey structure since it is required multiple |
- * times. */ |
- firmware_sign_key_len = RSAProcessedKeySize(firmware_sign_algorithm); |
- firmware_sign_key_ptr = header_ptr + (FIELD_LEN(header_len) + |
- FIELD_LEN(firmware_sign_algorithm) + |
- FIELD_LEN(firmware_key_version)); |
- firmware_sign_key = RSAPublicKeyFromBuf(firmware_sign_key_ptr, |
- firmware_sign_key_len); |
- signature_len = siglen_map[firmware_sign_algorithm]; |
- |
- /* Only continue if preamble verification succeeds. */ |
- preamble_ptr = (header_ptr + header_len + |
- FIELD_LEN(firmware_key_signature)); |
- if ((error_code = VerifyFirmwarePreamble(firmware_sign_key, preamble_ptr, |
- firmware_sign_algorithm, |
- &firmware_len))) { |
- RSAPublicKeyFree(firmware_sign_key); |
- debug("Couldn't verify Firmware preamble.\n"); |
- return error_code; /* AKA jump to recovery. */ |
- } |
- |
- if ((error_code = VerifyFirmwareData(firmware_sign_key, preamble_ptr, |
- firmware_blob, |
- firmware_len, |
- firmware_sign_algorithm))) { |
- RSAPublicKeyFree(firmware_sign_key); |
- debug("Couldn't verify Firmware data.\n"); |
- return error_code; /* AKA jump to recovery. */ |
- } |
- |
- RSAPublicKeyFree(firmware_sign_key); |
- return VERIFY_FIRMWARE_SUCCESS; /* Success! */ |
-} |
- |
-uint32_t GetLogicalFirmwareVersion(uint8_t* verification_header_blob) { |
- uint16_t firmware_key_version; |
- uint16_t firmware_version; |
- uint16_t firmware_sign_algorithm; |
- int firmware_sign_key_len; |
- Memcpy(&firmware_sign_algorithm, |
- verification_header_blob + (FIELD_LEN(magic) + /* Offset to field. */ |
- FIELD_LEN(header_len)), |
- sizeof(firmware_sign_algorithm)); |
- Memcpy(&firmware_key_version, |
- verification_header_blob + (FIELD_LEN(magic) + /* Offset to field. */ |
- FIELD_LEN(header_len) + |
- FIELD_LEN(firmware_sign_algorithm)), |
- sizeof(firmware_key_version)); |
- if (firmware_sign_algorithm >= kNumAlgorithms) |
- return 0; |
- firmware_sign_key_len = RSAProcessedKeySize(firmware_sign_algorithm); |
- Memcpy(&firmware_version, |
- verification_header_blob + (FIELD_LEN(magic) + /* Offset to field. */ |
- FIELD_LEN(header_len) + |
- FIELD_LEN(firmware_sign_algorithm) + |
- FIELD_LEN(firmware_key_version) + |
- firmware_sign_key_len + |
- FIELD_LEN(header_checksum) + |
- FIELD_LEN(firmware_key_signature)), |
- sizeof(firmware_version)); |
- return CombineUint16Pair(firmware_key_version, firmware_version); |
-} |
- |
-int VerifyFirmwareDriver_f(uint8_t* root_key_blob, |
- uint8_t* verification_headerA, |
- uint8_t* firmwareA, |
- uint8_t* verification_headerB, |
- uint8_t* firmwareB) { |
- /* Contains the logical firmware version (32-bit) which is calculated as |
- * (firmware_key_version << 16 | firmware_version) where |
- * [firmware_key_version] [firmware_version] are both 16-bit. |
- */ |
- uint32_t firmwareA_lversion, firmwareB_lversion; |
- uint8_t firmwareA_is_verified = 0; /* Whether firmwareA verify succeeded. */ |
- uint32_t min_lversion; /* Minimum of firmware A and firmware lversion. */ |
- uint32_t stored_lversion; /* Stored logical version in the TPM. */ |
- uint16_t version, key_version; /* Temporary variables */ |
- |
- /* Initialize the TPM since we'll be reading the rollback indices. */ |
- SetupTPM(0, 0); |
- |
- /* We get the key versions by reading directly from the image blobs without |
- * any additional (expensive) sanity checking on the blob since it's faster to |
- * outright reject a firmware with an older firmware key version. A malformed |
- * or corrupted firmware blob will still fail when VerifyFirmware() is called |
- * on it. |
- */ |
- firmwareA_lversion = GetLogicalFirmwareVersion(verification_headerA); |
- firmwareB_lversion = GetLogicalFirmwareVersion(verification_headerB); |
- min_lversion = Min(firmwareA_lversion, firmwareB_lversion); |
- GetStoredVersions(FIRMWARE_VERSIONS, &key_version, &version); |
- stored_lversion = CombineUint16Pair(key_version, version); |
- /* Always try FirmwareA first. */ |
- if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, |
- verification_headerA, |
- firmwareA)) |
- firmwareA_is_verified = 1; |
- if (firmwareA_is_verified && (stored_lversion < firmwareA_lversion)) { |
- /* Stored version may need to be updated but only if FirmwareB |
- * is successfully verified and has a logical version greater than |
- * the stored logical version. */ |
- if (stored_lversion < firmwareB_lversion) { |
- if (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, |
- verification_headerB, |
- firmwareB)) { |
- WriteStoredVersions(FIRMWARE_VERSIONS, |
- (uint16_t) (min_lversion >> 16), |
- (uint16_t) (min_lversion & 0xFFFF)); |
- stored_lversion = min_lversion; /* Update stored version as it's used |
- * later. */ |
- } |
- } |
- } |
- /* Lock Firmware TPM rollback indices from further writes. In this design, |
- * this is done by setting the globalLock bit, which is cleared only by |
- * TPM_Init at reboot. |
- */ |
- if (TPM_SUCCESS != LockFirmwareVersions()) { |
- return VERIFY_FIRMWARE_TPM_ERROR; |
- } |
- |
- /* Determine which firmware (if any) to jump to. |
- * |
- * We always attempt to jump to FirmwareA first. If verification of FirmwareA |
- * fails, we try FirmwareB. In all cases, if the firmware successfully |
- * verified but is a rollback, we jump to recovery. |
- * |
- * Note: This means that if FirmwareA verified successfully and is a |
- * rollback, then no attempt is made to check FirmwareB. We still jump to |
- * recovery. FirmwareB is only used as a backup in case FirmwareA gets |
- * corrupted. Since newer firmware updates are always written to A, |
- * the case where firmware A is verified but a rollback should not occur in |
- * normal operation. |
- */ |
- if (firmwareA_is_verified) { |
- if (stored_lversion <= firmwareA_lversion) |
- return BOOT_FIRMWARE_A_CONTINUE; |
- } else { |
- /* If FirmwareA was not valid, then we skipped over the |
- * check to update the rollback indices and a Verify of FirmwareB wasn't |
- * attempted. |
- * If FirmwareB is not a rollback, then we attempt to do the verification. |
- */ |
- if (stored_lversion <= firmwareB_lversion && |
- (VERIFY_FIRMWARE_SUCCESS == VerifyFirmware(root_key_blob, |
- verification_headerB, |
- firmwareB))) |
- return BOOT_FIRMWARE_B_CONTINUE; |
- } |
- /* D'oh: No bootable firmware. */ |
- return BOOT_FIRMWARE_RECOVERY_CONTINUE; |
-} |