utility/vbutil_firmware.c - Issue 3303018: New tools to help debug vboot failures.

Side by Side Diff: utility/vbutil_firmware.c

Issue 3303018: New tools to help debug vboot failures. (Closed) Base URL: http://git.chromium.org/git/vboot_reference.git

Patch Set: Respond to comments. Created 10 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.	1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.

2 * Use of this source code is governed by a BSD-style license that can be	2 * Use of this source code is governed by a BSD-style license that can be

3 * found in the LICENSE file.	3 * found in the LICENSE file.

4 *	4 *

5 * Verified boot firmware utility	5 * Verified boot firmware utility

6 */	6 */

7	7

8 #include <getopt.h>	8 #include <getopt.h>

9 #include <inttypes.h> /* For PRIu64 */	9 #include <inttypes.h> /* For PRIu64 */

10 #include <stddef.h>	10 #include <stddef.h>

(...skipping 42 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
53 "For '--vblock <file>', required OPTIONS are:\n"	53 "For '--vblock <file>', required OPTIONS are:\n"

54 " --keyblock <file> Key block in .keyblock format\n"	54 " --keyblock <file> Key block in .keyblock format\n"

55 " --signprivate <file> Signing private key in .vbprivk format\n"	55 " --signprivate <file> Signing private key in .vbprivk format\n"

56 " --version <number> Firmware version\n"	56 " --version <number> Firmware version\n"

57 " --fv <file> Firmware volume to sign\n"	57 " --fv <file> Firmware volume to sign\n"

58 " --kernelkey <file> Kernel subkey in .vbpubk format\n"	58 " --kernelkey <file> Kernel subkey in .vbpubk format\n"

59 "\n"	59 "\n"

60 "For '--verify <file>', required OPTIONS are:\n"	60 "For '--verify <file>', required OPTIONS are:\n"

61 " --signpubkey <file> Signing public key in .vbpubk format\n"	61 " --signpubkey <file> Signing public key in .vbpubk format\n"

62 " --fv <file> Firmware volume to verify\n"	62 " --fv <file> Firmware volume to verify\n"

	63 "\n"

	64 "For '--verify <file>', optional OPTIONS are:\n"

	65 " --kernelkey <file> Write the kernel subkey to this file\n"

63 "");	66 "");

64 return 1;	67 return 1;

65 }	68 }

66	69

67	70

68 /* Create a firmware .vblock */	71 /* Create a firmware .vblock */

69 static int Vblock(const char* outfile, const char* keyblock_file,	72 static int Vblock(const char* outfile, const char* keyblock_file,

70 const char* signprivate, uint64_t version,	73 const char* signprivate, uint64_t version,

71 const char* fv_file, const char* kernelkey_file) {	74 const char* fv_file, const char* kernelkey_file) {

72	75

(...skipping 77 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
150 if (i) {	153 if (i) {

151 error("Can't write output file %s\n", outfile);	154 error("Can't write output file %s\n", outfile);

152 unlink(outfile);	155 unlink(outfile);

153 return 1;	156 return 1;

154 }	157 }

155	158

156 /* Success */	159 /* Success */

157 return 0;	160 return 0;

158 }	161 }

159	162

160

161 static int Verify(const char* infile, const char* signpubkey,	163 static int Verify(const char* infile, const char* signpubkey,

162 const char* fv_file) {	164 const char* fv_file, const char* kernelkey_file) {

163	165

164 VbKeyBlockHeader* key_block;	166 VbKeyBlockHeader* key_block;

165 VbFirmwarePreambleHeader* preamble;	167 VbFirmwarePreambleHeader* preamble;

166 VbPublicKey* data_key;	168 VbPublicKey* data_key;

167 VbPublicKey* sign_key;	169 VbPublicKey* sign_key;

	170 VbPublicKey* kernel_subkey;

168 RSAPublicKey* rsa;	171 RSAPublicKey* rsa;

169 uint8_t* blob;	172 uint8_t* blob;

170 uint64_t blob_size;	173 uint64_t blob_size;

171 uint8_t* fv_data;	174 uint8_t* fv_data;

172 uint64_t fv_size;	175 uint64_t fv_size;

173 uint64_t now = 0;	176 uint64_t now = 0;

174	177

175 if (!infile \|\| !signpubkey \|\| !fv_file) {	178 if (!infile \|\| !signpubkey \|\| !fv_file) {

176 error("Must specify filename, signpubkey, and fv\n");	179 error("Must specify filename, signpubkey, and fv\n");

177 return 1;	180 return 1;

(...skipping 25 matching lines...) Expand all Loading...
203 if (0 != KeyBlockVerify(key_block, blob_size, sign_key, 0)) {	206 if (0 != KeyBlockVerify(key_block, blob_size, sign_key, 0)) {

204 error("Error verifying key block.\n");	207 error("Error verifying key block.\n");

205 return 1;	208 return 1;

206 }	209 }

207 Free(sign_key);	210 Free(sign_key);

208 now += key_block->key_block_size;	211 now += key_block->key_block_size;

209	212

210 printf("Key block:\n");	213 printf("Key block:\n");

211 data_key = &key_block->data_key;	214 data_key = &key_block->data_key;

212 printf(" Size: %" PRIu64 "\n", key_block->key_block_size);	215 printf(" Size: %" PRIu64 "\n", key_block->key_block_size);

	216 printf(" Flags: %" PRIu64 " (ignored)\n",

	217 key_block->key_block_flags);

213 printf(" Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm,	218 printf(" Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm,

214 (data_key->algorithm < kNumAlgorithms ?	219 (data_key->algorithm < kNumAlgorithms ?

215 algo_strings[data_key->algorithm] : "(invalid)"));	220 algo_strings[data_key->algorithm] : "(invalid)"));

216 printf(" Data key version: %" PRIu64 "\n", data_key->key_version);	221 printf(" Data key version: %" PRIu64 "\n", data_key->key_version);

217 printf(" Flags: %" PRIu64 "\n", key_block->key_block_flags);	222 printf(" Data key sha1sum: ");

	223 PrintPubKeySha1Sum(data_key);

	224 printf("\n");

218	225

219 rsa = PublicKeyToRSA(&key_block->data_key);	226 rsa = PublicKeyToRSA(&key_block->data_key);

220 if (!rsa) {	227 if (!rsa) {

221 error("Error parsing data key.\n");	228 error("Error parsing data key.\n");

222 return 1;	229 return 1;

223 }	230 }

224	231

225 /* Verify preamble */	232 /* Verify preamble */

226 preamble = (VbFirmwarePreambleHeader*)(blob + now);	233 preamble = (VbFirmwarePreambleHeader*)(blob + now);

227 if (0 != VerifyFirmwarePreamble(preamble, blob_size - now, rsa)) {	234 if (0 != VerifyFirmwarePreamble(preamble, blob_size - now, rsa)) {

228 error("Error verifying preamble.\n");	235 error("Error verifying preamble.\n");

229 return 1;	236 return 1;

230 }	237 }

231 now += preamble->preamble_size;	238 now += preamble->preamble_size;

232	239

233 printf("Preamble:\n");	240 printf("Preamble:\n");

234 printf(" Size: %" PRIu64 "\n", preamble->preamble_size);	241 printf(" Size: %" PRIu64 "\n", preamble->preamble_size);

235 printf(" Header version: %" PRIu32 ".%" PRIu32"\n",	242 printf(" Header version: %" PRIu32 ".%" PRIu32"\n",

236 preamble->header_version_major, preamble->header_version_minor);	243 preamble->header_version_major, preamble->header_version_minor);

237 printf(" Firmware version: %" PRIu64 "\n", preamble->firmware_version);	244 printf(" Firmware version: %" PRIu64 "\n", preamble->firmware_version);

	245 kernel_subkey = &preamble->kernel_subkey;

238 printf(" Kernel key algorithm: %" PRIu64 " %s\n",	246 printf(" Kernel key algorithm: %" PRIu64 " %s\n",

239 preamble->kernel_subkey.algorithm,	247 kernel_subkey->algorithm,

240 (preamble->kernel_subkey.algorithm < kNumAlgorithms ?	248 (kernel_subkey->algorithm < kNumAlgorithms ?

241 algo_strings[preamble->kernel_subkey.algorithm] : "(invalid)"));	249 algo_strings[kernel_subkey->algorithm] : "(invalid)"));

242 printf(" Kernel key version: %" PRIu64 "\n",	250 printf(" Kernel key version: %" PRIu64 "\n",

243 preamble->kernel_subkey.key_version);	251 kernel_subkey->key_version);

	252 printf(" Kernel key sha1sum: ");

	253 PrintPubKeySha1Sum(kernel_subkey);

	254 printf("\n");

244 printf(" Firmware body size: %" PRIu64 "\n",	255 printf(" Firmware body size: %" PRIu64 "\n",

245 preamble->body_signature.data_size);	256 preamble->body_signature.data_size);

246	257

247 /* TODO: verify body size same as signature size */	258 /* TODO: verify body size same as signature size */

248	259

249 /* Verify body */	260 /* Verify body */

250 if (0 != VerifyData(fv_data, fv_size, &preamble->body_signature, rsa)) {	261 if (0 != VerifyData(fv_data, fv_size, &preamble->body_signature, rsa)) {

251 error("Error verifying firmware body.\n");	262 error("Error verifying firmware body.\n");

252 return 1;	263 return 1;

253 }	264 }

254 printf("Body verification succeeded.\n");	265 printf("Body verification succeeded.\n");

	266

	267 if (kernelkey_file) {

	268 if (0 != PublicKeyWrite(kernelkey_file, kernel_subkey)) {

	269 fprintf(stderr,

	270 "vbutil_firmware: unable to write kernel subkey\n");

	271 return 1;

	272 }

	273 }

	274

255 return 0;	275 return 0;

256 }	276 }

257	277

258	278

259 int main(int argc, char* argv[]) {	279 int main(int argc, char* argv[]) {

260	280

261 char* filename = NULL;	281 char* filename = NULL;

262 char* key_block_file = NULL;	282 char* key_block_file = NULL;

263 char* signpubkey = NULL;	283 char* signpubkey = NULL;

264 char* signprivate = NULL;	284 char* signprivate = NULL;

(...skipping 50 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
315 }	335 }

316	336

317 if (parse_error)	337 if (parse_error)

318 return PrintHelp();	338 return PrintHelp();

319	339

320 switch(mode) {	340 switch(mode) {

321 case OPT_MODE_VBLOCK:	341 case OPT_MODE_VBLOCK:

322 return Vblock(filename, key_block_file, signprivate, version, fv_file,	342 return Vblock(filename, key_block_file, signprivate, version, fv_file,

323 kernelkey_file);	343 kernelkey_file);

324 case OPT_MODE_VERIFY:	344 case OPT_MODE_VERIFY:

325 return Verify(filename, signpubkey, fv_file);	345 return Verify(filename, signpubkey, fv_file, kernelkey_file);

326 default:	346 default:

327 printf("Must specify a mode.\n");	347 printf("Must specify a mode.\n");

328 return PrintHelp();	348 return PrintHelp();

329 }	349 }

330 }	350 }

OLD	NEW

« no previous file with comments | « utility/dump_fmap.c ('k') | utility/vbutil_kernel.c » ('j') | no next file with comments »