OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for loading a kernel from disk. | 5 * Functions for loading a kernel from disk. |
6 * (Firmware portion) | 6 * (Firmware portion) |
7 */ | 7 */ |
8 | 8 |
9 #include "vboot_kernel.h" | 9 #include "vboot_kernel.h" |
10 | 10 |
(...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
234 continue; | 234 continue; |
235 } | 235 } |
236 | 236 |
237 /* Get the key for preamble/data verification from the key block */ | 237 /* Get the key for preamble/data verification from the key block */ |
238 data_key = PublicKeyToRSA(&key_block->data_key); | 238 data_key = PublicKeyToRSA(&key_block->data_key); |
239 if (!data_key) | 239 if (!data_key) |
240 continue; | 240 continue; |
241 | 241 |
242 /* Verify the preamble, which follows the key block */ | 242 /* Verify the preamble, which follows the key block */ |
243 preamble = (VbKernelPreambleHeader*)(kbuf + key_block->key_block_size); | 243 preamble = (VbKernelPreambleHeader*)(kbuf + key_block->key_block_size); |
244 if ((0 != VerifyKernelPreamble2(preamble, | 244 if ((0 != VerifyKernelPreamble(preamble, |
245 KBUF_SIZE - key_block->key_block_size, | 245 KBUF_SIZE - key_block->key_block_size, |
246 data_key))) { | 246 data_key))) { |
247 VBDEBUG(("Preamble verification failed.\n")); | 247 VBDEBUG(("Preamble verification failed.\n")); |
248 RSAPublicKeyFree(data_key); | 248 RSAPublicKeyFree(data_key); |
249 continue; | 249 continue; |
250 } | 250 } |
251 | 251 |
252 /* Check for rollback of kernel version. Note this is implicitly | 252 /* Check for rollback of kernel version. Note this is implicitly |
253 * skipped in recovery and developer modes because those set | 253 * skipped in recovery and developer modes because those set |
254 * key_version=0 and kernel_version=0 above. */ | 254 * key_version=0 and kernel_version=0 above. */ |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
306 part_start + (body_offset / blba), | 306 part_start + (body_offset / blba), |
307 (preamble->body_signature.data_size + blba - 1) / blba, | 307 (preamble->body_signature.data_size + blba - 1) / blba, |
308 params->kernel_buffer)) { | 308 params->kernel_buffer)) { |
309 VBDEBUG(("Unable to read kernel data.\n")); | 309 VBDEBUG(("Unable to read kernel data.\n")); |
310 RSAPublicKeyFree(data_key); | 310 RSAPublicKeyFree(data_key); |
311 continue; | 311 continue; |
312 } | 312 } |
313 | 313 |
314 /* Verify kernel data */ | 314 /* Verify kernel data */ |
315 if (0 != VerifyData((const uint8_t*)params->kernel_buffer, | 315 if (0 != VerifyData((const uint8_t*)params->kernel_buffer, |
| 316 params->kernel_buffer_size, |
316 &preamble->body_signature, data_key)) { | 317 &preamble->body_signature, data_key)) { |
317 VBDEBUG(("Kernel data verification failed.\n")); | 318 VBDEBUG(("Kernel data verification failed.\n")); |
318 RSAPublicKeyFree(data_key); | 319 RSAPublicKeyFree(data_key); |
319 continue; | 320 continue; |
320 } | 321 } |
321 | 322 |
322 /* Done with the kernel signing key, so can free it now */ | 323 /* Done with the kernel signing key, so can free it now */ |
323 RSAPublicKeyFree(data_key); | 324 RSAPublicKeyFree(data_key); |
324 | 325 |
325 /* If we're still here, the kernel is valid. */ | 326 /* If we're still here, the kernel is valid. */ |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
402 /* Success! */ | 403 /* Success! */ |
403 return LOAD_KERNEL_SUCCESS; | 404 return LOAD_KERNEL_SUCCESS; |
404 } | 405 } |
405 | 406 |
406 // Handle error cases | 407 // Handle error cases |
407 if (found_partitions) | 408 if (found_partitions) |
408 return LOAD_KERNEL_INVALID; | 409 return LOAD_KERNEL_INVALID; |
409 else | 410 else |
410 return LOAD_KERNEL_NOT_FOUND; | 411 return LOAD_KERNEL_NOT_FOUND; |
411 } | 412 } |
OLD | NEW |