| OLD | NEW |
|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Functions for loading a kernel from disk. | 5 * Functions for loading a kernel from disk. |
| 6 * (Firmware portion) | 6 * (Firmware portion) |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include "vboot_kernel.h" | 9 #include "vboot_kernel.h" |
| 10 | 10 |
| (...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 206 uint64_t body_offset_sectors; | 206 uint64_t body_offset_sectors; |
| 207 uint64_t body_sectors; | 207 uint64_t body_sectors; |
| 208 | 208 |
| 209 VBDEBUG(("Found kernel entry at %" PRIu64 " size %" PRIu64 "\n", | 209 VBDEBUG(("Found kernel entry at %" PRIu64 " size %" PRIu64 "\n", |
| 210 part_start, part_size)); | 210 part_start, part_size)); |
| 211 | 211 |
| 212 /* Found at least one kernel partition. */ | 212 /* Found at least one kernel partition. */ |
| 213 found_partitions++; | 213 found_partitions++; |
| 214 | 214 |
| 215 /* Read the first part of the kernel partition */ | 215 /* Read the first part of the kernel partition */ |
| 216 if (part_size < kbuf_sectors) | 216 if (part_size < kbuf_sectors) { |
| 217 VBDEBUG(("Partition too small to hold kernel.\n")); |
| 217 goto bad_kernel; | 218 goto bad_kernel; |
| 218 if (0 != BootDeviceReadLBA(part_start, kbuf_sectors, kbuf)) | 219 } |
| 220 |
| 221 if (0 != BootDeviceReadLBA(part_start, kbuf_sectors, kbuf)) { |
| 222 VBDEBUG(("Unable to read start of partition.\n")); |
| 219 goto bad_kernel; | 223 goto bad_kernel; |
| 224 } |
| 220 | 225 |
| 221 /* Verify the key block. In developer mode, we ignore the key | 226 /* Verify the key block. In developer mode, we ignore the key |
| 222 * and use only the SHA-512 hash to verify the key block. */ | 227 * and use only the SHA-512 hash to verify the key block. */ |
| 223 key_block = (VbKeyBlockHeader*)kbuf; | 228 key_block = (VbKeyBlockHeader*)kbuf; |
| 224 if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey, | 229 if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey, |
| 225 is_dev && !is_rec))) { | 230 is_dev && !is_rec))) { |
| 226 VBDEBUG(("Verifying key block failed.\n")); | 231 VBDEBUG(("Verifying key block failed.\n")); |
| 227 goto bad_kernel; | 232 goto bad_kernel; |
| 228 } | 233 } |
| 229 | 234 |
| (...skipping 18 matching lines...) Expand all Loading... |
| 248 * skipped in recovery and developer modes because those set | 253 * skipped in recovery and developer modes because those set |
| 249 * key_version=0 above. */ | 254 * key_version=0 above. */ |
| 250 key_version = key_block->data_key.key_version; | 255 key_version = key_block->data_key.key_version; |
| 251 if (key_version < (tpm_version >> 16)) { | 256 if (key_version < (tpm_version >> 16)) { |
| 252 VBDEBUG(("Key version too old.\n")); | 257 VBDEBUG(("Key version too old.\n")); |
| 253 goto bad_kernel; | 258 goto bad_kernel; |
| 254 } | 259 } |
| 255 | 260 |
| 256 /* Get the key for preamble/data verification from the key block */ | 261 /* Get the key for preamble/data verification from the key block */ |
| 257 data_key = PublicKeyToRSA(&key_block->data_key); | 262 data_key = PublicKeyToRSA(&key_block->data_key); |
| 258 if (!data_key) | 263 if (!data_key) { |
| 264 VBDEBUG(("Data key bad.\n")); |
| 259 goto bad_kernel; | 265 goto bad_kernel; |
| 266 } |
| 260 | 267 |
| 261 /* Verify the preamble, which follows the key block */ | 268 /* Verify the preamble, which follows the key block */ |
| 262 preamble = (VbKernelPreambleHeader*)(kbuf + key_block->key_block_size); | 269 preamble = (VbKernelPreambleHeader*)(kbuf + key_block->key_block_size); |
| 263 if ((0 != VerifyKernelPreamble(preamble, | 270 if ((0 != VerifyKernelPreamble(preamble, |
| 264 KBUF_SIZE - key_block->key_block_size, | 271 KBUF_SIZE - key_block->key_block_size, |
| 265 data_key))) { | 272 data_key))) { |
| 266 VBDEBUG(("Preamble verification failed.\n")); | 273 VBDEBUG(("Preamble verification failed.\n")); |
| 267 goto bad_kernel; | 274 goto bad_kernel; |
| 268 } | 275 } |
| 269 | 276 |
| 270 /* Check for rollback of kernel version. Note this is implicitly | 277 /* Check for rollback of kernel version. Note this is implicitly |
| 271 * skipped in recovery and developer modes because rollback_index | 278 * skipped in recovery and developer modes because rollback_index |
| 272 * sets those to 0 in those modes. */ | 279 * sets those to 0 in those modes. */ |
| 273 combined_version = ((key_version << 16) | | 280 combined_version = ((key_version << 16) | |
| 274 (preamble->kernel_version & 0xFFFF)); | 281 (preamble->kernel_version & 0xFFFF)); |
| 275 if (combined_version < tpm_version) { | 282 if (combined_version < tpm_version) { |
| 276 VBDEBUG(("Kernel version too low.\n")); | 283 VBDEBUG(("Kernel version too low.\n")); |
| 277 goto bad_kernel; | 284 goto bad_kernel; |
| 278 } | 285 } |
| 279 | 286 |
| 280 VBDEBUG(("Kernel preamble is good.\n")); | 287 VBDEBUG(("Kernel preamble is good.\n")); |
| 281 | 288 |
| 282 /* Check for lowest version from a valid header. */ | 289 /* Check for lowest version from a valid header. */ |
| 283 if (lowest_version > combined_version) | 290 if (lowest_version > combined_version) |
| 284 lowest_version = combined_version; | 291 lowest_version = combined_version; |
| 285 | 292 |
| 286 /* If we already have a good kernel, no need to read another | 293 /* If we already have a good kernel, no need to read another |
| 287 * one; we only needed to look at the versions to check for | 294 * one; we only needed to look at the versions to check for |
| 288 * rollback. */ | 295 * rollback. So skip to the next kernel preamble. */ |
| 289 if (-1 != good_partition) | 296 if (-1 != good_partition) |
| 290 goto bad_kernel; | 297 continue; |
| 291 | 298 |
| 292 /* Verify body load address matches what we expect */ | 299 /* Verify body load address matches what we expect */ |
| 293 if ((preamble->body_load_address != (size_t)params->kernel_buffer) && | 300 if ((preamble->body_load_address != (size_t)params->kernel_buffer) && |
| 294 !(params->boot_flags & BOOT_FLAG_SKIP_ADDR_CHECK)) { | 301 !(params->boot_flags & BOOT_FLAG_SKIP_ADDR_CHECK)) { |
| 295 VBDEBUG(("Wrong body load address.\n")); | 302 VBDEBUG(("Wrong body load address.\n")); |
| 296 goto bad_kernel; | 303 goto bad_kernel; |
| 297 } | 304 } |
| 298 | 305 |
| 299 /* Verify kernel body starts at a multiple of the sector size. */ | 306 /* Verify kernel body starts at a multiple of the sector size. */ |
| 300 body_offset = key_block->key_block_size + preamble->preamble_size; | 307 body_offset = key_block->key_block_size + preamble->preamble_size; |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 429 return LOAD_KERNEL_SUCCESS; | 436 return LOAD_KERNEL_SUCCESS; |
| 430 } | 437 } |
| 431 | 438 |
| 432 /* The BIOS may attempt to display different screens depending on whether | 439 /* The BIOS may attempt to display different screens depending on whether |
| 433 * we find an invalid kernel partition (return LOAD_KERNEL_INVALID) or not. | 440 * we find an invalid kernel partition (return LOAD_KERNEL_INVALID) or not. |
| 434 * But the flow is changing, so for now treating both cases as invalid gives | 441 * But the flow is changing, so for now treating both cases as invalid gives |
| 435 * slightly less confusing user feedback. Sigh. | 442 * slightly less confusing user feedback. Sigh. |
| 436 */ | 443 */ |
| 437 return LOAD_KERNEL_INVALID; | 444 return LOAD_KERNEL_INVALID; |
| 438 } | 445 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3324014:
fix clearing kernel attributes (Closed)
Base URL: http://git.chromium.org/git/vboot_reference.git