OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for loading a kernel from disk. | 5 * Functions for loading a kernel from disk. |
6 * (Firmware portion) | 6 * (Firmware portion) |
7 */ | 7 */ |
8 | 8 |
9 #include "vboot_kernel.h" | 9 #include "vboot_kernel.h" |
10 | 10 |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
161 | 161 |
162 if (is_normal) { | 162 if (is_normal) { |
163 /* Read current kernel key index from TPM. Assumes TPM is already | 163 /* Read current kernel key index from TPM. Assumes TPM is already |
164 * initialized. */ | 164 * initialized. */ |
165 status = RollbackKernelRead(&tpm_version); | 165 status = RollbackKernelRead(&tpm_version); |
166 if (0 != status) { | 166 if (0 != status) { |
167 VBDEBUG(("Unable to get kernel versions from TPM\n")); | 167 VBDEBUG(("Unable to get kernel versions from TPM\n")); |
168 return (status == TPM_E_MUST_REBOOT ? | 168 return (status == TPM_E_MUST_REBOOT ? |
169 LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY); | 169 LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY); |
170 } | 170 } |
171 } else if (is_dev && !is_rec) { | |
172 /* In developer mode, we ignore the kernel subkey, and just use | |
173 * the SHA-512 hash to verify the key block. */ | |
174 kernel_subkey = NULL; | |
175 } | 171 } |
176 | 172 |
177 do { | 173 do { |
178 /* Read GPT data */ | 174 /* Read GPT data */ |
179 gpt.sector_bytes = (uint32_t)blba; | 175 gpt.sector_bytes = (uint32_t)blba; |
180 gpt.drive_sectors = params->ending_lba + 1; | 176 gpt.drive_sectors = params->ending_lba + 1; |
181 if (0 != AllocAndReadGptData(&gpt)) { | 177 if (0 != AllocAndReadGptData(&gpt)) { |
182 VBDEBUG(("Unable to read GPT data\n")); | 178 VBDEBUG(("Unable to read GPT data\n")); |
183 break; | 179 break; |
184 } | 180 } |
(...skipping 23 matching lines...) Expand all Loading... |
208 | 204 |
209 /* Found at least one kernel partition. */ | 205 /* Found at least one kernel partition. */ |
210 found_partitions++; | 206 found_partitions++; |
211 | 207 |
212 /* Read the first part of the kernel partition */ | 208 /* Read the first part of the kernel partition */ |
213 if (part_size < kbuf_sectors) | 209 if (part_size < kbuf_sectors) |
214 continue; | 210 continue; |
215 if (0 != BootDeviceReadLBA(part_start, kbuf_sectors, kbuf)) | 211 if (0 != BootDeviceReadLBA(part_start, kbuf_sectors, kbuf)) |
216 continue; | 212 continue; |
217 | 213 |
218 /* Verify the key block */ | 214 /* Verify the key block. In developer mode, we ignore the key |
| 215 * and use only the SHA-512 hash to verify the key block. */ |
219 key_block = (VbKeyBlockHeader*)kbuf; | 216 key_block = (VbKeyBlockHeader*)kbuf; |
220 if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey))) { | 217 if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey, |
| 218 is_dev && !is_rec))) { |
221 VBDEBUG(("Verifying key block failed.\n")); | 219 VBDEBUG(("Verifying key block failed.\n")); |
222 continue; | 220 continue; |
223 } | 221 } |
224 | 222 |
225 /* Check the key block flags against the current boot mode in normal | 223 /* Check the key block flags against the current boot mode in normal |
226 * and recovery modes (not in developer mode booting from SSD). */ | 224 * and recovery modes (not in developer mode booting from SSD). */ |
227 if (is_rec || is_normal) { | 225 if (is_rec || is_normal) { |
228 if (!(key_block->key_block_flags & | 226 if (!(key_block->key_block_flags & |
229 (is_dev ? KEY_BLOCK_FLAG_DEVELOPER_1 : | 227 (is_dev ? KEY_BLOCK_FLAG_DEVELOPER_1 : |
230 KEY_BLOCK_FLAG_DEVELOPER_0))) { | 228 KEY_BLOCK_FLAG_DEVELOPER_0))) { |
(...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
406 /* Success! */ | 404 /* Success! */ |
407 return LOAD_KERNEL_SUCCESS; | 405 return LOAD_KERNEL_SUCCESS; |
408 } | 406 } |
409 | 407 |
410 // Handle error cases | 408 // Handle error cases |
411 if (found_partitions) | 409 if (found_partitions) |
412 return LOAD_KERNEL_INVALID; | 410 return LOAD_KERNEL_INVALID; |
413 else | 411 else |
414 return LOAD_KERNEL_NOT_FOUND; | 412 return LOAD_KERNEL_NOT_FOUND; |
415 } | 413 } |
OLD | NEW |