Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(266)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: firmware/lib/vboot_kernel.c

Issue 3126013: Fix KeyBlockVerify() to take an explicit param for whether to use hash only. (Closed) Base URL: ssh://gitrw.chromium.org/vboot_reference.git
Patch Set: Fix one last typo Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« firmware/lib/vboot_common.c ('K') | « firmware/lib/vboot_firmware.c ('k') | firmware/linktest/main.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be 2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file. 3 * found in the LICENSE file.
4 * 4 *
5 * Functions for loading a kernel from disk. 5 * Functions for loading a kernel from disk.
6 * (Firmware portion) 6 * (Firmware portion)
7 */ 7 */
8 8
9 #include "vboot_kernel.h" 9 #include "vboot_kernel.h"
10 10
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after
161 161
162 if (is_normal) { 162 if (is_normal) {
163 /* Read current kernel key index from TPM. Assumes TPM is already 163 /* Read current kernel key index from TPM. Assumes TPM is already
164 * initialized. */ 164 * initialized. */
165 status = RollbackKernelRead(&tpm_version); 165 status = RollbackKernelRead(&tpm_version);
166 if (0 != status) { 166 if (0 != status) {
167 VBDEBUG(("Unable to get kernel versions from TPM\n")); 167 VBDEBUG(("Unable to get kernel versions from TPM\n"));
168 return (status == TPM_E_MUST_REBOOT ? 168 return (status == TPM_E_MUST_REBOOT ?
169 LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY); 169 LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY);
170 } 170 }
171 } else if (is_dev && !is_rec) {
172 /* In developer mode, we ignore the kernel subkey, and just use
173 * the SHA-512 hash to verify the key block. */
174 kernel_subkey = NULL;
175 } 171 }
176 172
177 do { 173 do {
178 /* Read GPT data */ 174 /* Read GPT data */
179 gpt.sector_bytes = (uint32_t)blba; 175 gpt.sector_bytes = (uint32_t)blba;
180 gpt.drive_sectors = params->ending_lba + 1; 176 gpt.drive_sectors = params->ending_lba + 1;
181 if (0 != AllocAndReadGptData(&gpt)) { 177 if (0 != AllocAndReadGptData(&gpt)) {
182 VBDEBUG(("Unable to read GPT data\n")); 178 VBDEBUG(("Unable to read GPT data\n"));
183 break; 179 break;
184 } 180 }
(...skipping 23 matching lines...) Expand all
208 204
209 /* Found at least one kernel partition. */ 205 /* Found at least one kernel partition. */
210 found_partitions++; 206 found_partitions++;
211 207
212 /* Read the first part of the kernel partition */ 208 /* Read the first part of the kernel partition */
213 if (part_size < kbuf_sectors) 209 if (part_size < kbuf_sectors)
214 continue; 210 continue;
215 if (0 != BootDeviceReadLBA(part_start, kbuf_sectors, kbuf)) 211 if (0 != BootDeviceReadLBA(part_start, kbuf_sectors, kbuf))
216 continue; 212 continue;
217 213
218 /* Verify the key block */ 214 /* Verify the key block. In developer mode, we ignore the key
215 * and use only the SHA-512 hash to verify the key block. */
219 key_block = (VbKeyBlockHeader*)kbuf; 216 key_block = (VbKeyBlockHeader*)kbuf;
220 if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey))) { 217 if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey,
218 is_dev && !is_rec))) {
221 VBDEBUG(("Verifying key block failed.\n")); 219 VBDEBUG(("Verifying key block failed.\n"));
222 continue; 220 continue;
223 } 221 }
224 222
225 /* Check the key block flags against the current boot mode in normal 223 /* Check the key block flags against the current boot mode in normal
226 * and recovery modes (not in developer mode booting from SSD). */ 224 * and recovery modes (not in developer mode booting from SSD). */
227 if (is_rec || is_normal) { 225 if (is_rec || is_normal) {
228 if (!(key_block->key_block_flags & 226 if (!(key_block->key_block_flags &
229 (is_dev ? KEY_BLOCK_FLAG_DEVELOPER_1 : 227 (is_dev ? KEY_BLOCK_FLAG_DEVELOPER_1 :
230 KEY_BLOCK_FLAG_DEVELOPER_0))) { 228 KEY_BLOCK_FLAG_DEVELOPER_0))) {
(...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after
406 /* Success! */ 404 /* Success! */
407 return LOAD_KERNEL_SUCCESS; 405 return LOAD_KERNEL_SUCCESS;
408 } 406 }
409 407
410 // Handle error cases 408 // Handle error cases
411 if (found_partitions) 409 if (found_partitions)
412 return LOAD_KERNEL_INVALID; 410 return LOAD_KERNEL_INVALID;
413 else 411 else
414 return LOAD_KERNEL_NOT_FOUND; 412 return LOAD_KERNEL_NOT_FOUND;
415 } 413 }
OLDNEW
« firmware/lib/vboot_common.c ('K') | « firmware/lib/vboot_firmware.c ('k') | firmware/linktest/main.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698