OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for loading a kernel from disk. | 5 * Functions for loading a kernel from disk. |
6 * (Firmware portion) | 6 * (Firmware portion) |
7 */ | 7 */ |
8 | 8 |
9 #include "vboot_kernel.h" | 9 #include "vboot_kernel.h" |
10 | 10 |
(...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
206 uint64_t body_offset_sectors; | 206 uint64_t body_offset_sectors; |
207 uint64_t body_sectors; | 207 uint64_t body_sectors; |
208 | 208 |
209 VBDEBUG(("Found kernel entry at %" PRIu64 " size %" PRIu64 "\n", | 209 VBDEBUG(("Found kernel entry at %" PRIu64 " size %" PRIu64 "\n", |
210 part_start, part_size)); | 210 part_start, part_size)); |
211 | 211 |
212 /* Found at least one kernel partition. */ | 212 /* Found at least one kernel partition. */ |
213 found_partitions++; | 213 found_partitions++; |
214 | 214 |
215 /* Read the first part of the kernel partition */ | 215 /* Read the first part of the kernel partition */ |
216 if (part_size < kbuf_sectors) | 216 if (part_size < kbuf_sectors) { |
| 217 VBDEBUG(("Partition too small to hold kernel.\n")); |
217 goto bad_kernel; | 218 goto bad_kernel; |
218 if (0 != BootDeviceReadLBA(part_start, kbuf_sectors, kbuf)) | 219 } |
| 220 |
| 221 if (0 != BootDeviceReadLBA(part_start, kbuf_sectors, kbuf)) { |
| 222 VBDEBUG(("Unable to read start of partition.\n")); |
219 goto bad_kernel; | 223 goto bad_kernel; |
| 224 } |
220 | 225 |
221 /* Verify the key block. In developer mode, we ignore the key | 226 /* Verify the key block. In developer mode, we ignore the key |
222 * and use only the SHA-512 hash to verify the key block. */ | 227 * and use only the SHA-512 hash to verify the key block. */ |
223 key_block = (VbKeyBlockHeader*)kbuf; | 228 key_block = (VbKeyBlockHeader*)kbuf; |
224 if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey, | 229 if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey, |
225 is_dev && !is_rec))) { | 230 is_dev && !is_rec))) { |
226 VBDEBUG(("Verifying key block failed.\n")); | 231 VBDEBUG(("Verifying key block failed.\n")); |
227 goto bad_kernel; | 232 goto bad_kernel; |
228 } | 233 } |
229 | 234 |
(...skipping 18 matching lines...) Expand all Loading... |
248 * skipped in recovery and developer modes because those set | 253 * skipped in recovery and developer modes because those set |
249 * key_version=0 above. */ | 254 * key_version=0 above. */ |
250 key_version = key_block->data_key.key_version; | 255 key_version = key_block->data_key.key_version; |
251 if (key_version < (tpm_version >> 16)) { | 256 if (key_version < (tpm_version >> 16)) { |
252 VBDEBUG(("Key version too old.\n")); | 257 VBDEBUG(("Key version too old.\n")); |
253 goto bad_kernel; | 258 goto bad_kernel; |
254 } | 259 } |
255 | 260 |
256 /* Get the key for preamble/data verification from the key block */ | 261 /* Get the key for preamble/data verification from the key block */ |
257 data_key = PublicKeyToRSA(&key_block->data_key); | 262 data_key = PublicKeyToRSA(&key_block->data_key); |
258 if (!data_key) | 263 if (!data_key) { |
| 264 VBDEBUG(("Data key bad.\n")); |
259 goto bad_kernel; | 265 goto bad_kernel; |
| 266 } |
260 | 267 |
261 /* Verify the preamble, which follows the key block */ | 268 /* Verify the preamble, which follows the key block */ |
262 preamble = (VbKernelPreambleHeader*)(kbuf + key_block->key_block_size); | 269 preamble = (VbKernelPreambleHeader*)(kbuf + key_block->key_block_size); |
263 if ((0 != VerifyKernelPreamble(preamble, | 270 if ((0 != VerifyKernelPreamble(preamble, |
264 KBUF_SIZE - key_block->key_block_size, | 271 KBUF_SIZE - key_block->key_block_size, |
265 data_key))) { | 272 data_key))) { |
266 VBDEBUG(("Preamble verification failed.\n")); | 273 VBDEBUG(("Preamble verification failed.\n")); |
267 goto bad_kernel; | 274 goto bad_kernel; |
268 } | 275 } |
269 | 276 |
270 /* Check for rollback of kernel version. Note this is implicitly | 277 /* Check for rollback of kernel version. Note this is implicitly |
271 * skipped in recovery and developer modes because rollback_index | 278 * skipped in recovery and developer modes because rollback_index |
272 * sets those to 0 in those modes. */ | 279 * sets those to 0 in those modes. */ |
273 combined_version = ((key_version << 16) | | 280 combined_version = ((key_version << 16) | |
274 (preamble->kernel_version & 0xFFFF)); | 281 (preamble->kernel_version & 0xFFFF)); |
275 if (combined_version < tpm_version) { | 282 if (combined_version < tpm_version) { |
276 VBDEBUG(("Kernel version too low.\n")); | 283 VBDEBUG(("Kernel version too low.\n")); |
277 goto bad_kernel; | 284 goto bad_kernel; |
278 } | 285 } |
279 | 286 |
280 VBDEBUG(("Kernel preamble is good.\n")); | 287 VBDEBUG(("Kernel preamble is good.\n")); |
281 | 288 |
282 /* Check for lowest version from a valid header. */ | 289 /* Check for lowest version from a valid header. */ |
283 if (lowest_version > combined_version) | 290 if (lowest_version > combined_version) |
284 lowest_version = combined_version; | 291 lowest_version = combined_version; |
285 | 292 |
286 /* If we already have a good kernel, no need to read another | 293 /* If we already have a good kernel, no need to read another |
287 * one; we only needed to look at the versions to check for | 294 * one; we only needed to look at the versions to check for |
288 * rollback. */ | 295 * rollback. So skip to the next kernel preamble. */ |
289 if (-1 != good_partition) | 296 if (-1 != good_partition) |
290 goto bad_kernel; | 297 continue; |
291 | 298 |
292 /* Verify body load address matches what we expect */ | 299 /* Verify body load address matches what we expect */ |
293 if ((preamble->body_load_address != (size_t)params->kernel_buffer) && | 300 if ((preamble->body_load_address != (size_t)params->kernel_buffer) && |
294 !(params->boot_flags & BOOT_FLAG_SKIP_ADDR_CHECK)) { | 301 !(params->boot_flags & BOOT_FLAG_SKIP_ADDR_CHECK)) { |
295 VBDEBUG(("Wrong body load address.\n")); | 302 VBDEBUG(("Wrong body load address.\n")); |
296 goto bad_kernel; | 303 goto bad_kernel; |
297 } | 304 } |
298 | 305 |
299 /* Verify kernel body starts at a multiple of the sector size. */ | 306 /* Verify kernel body starts at a multiple of the sector size. */ |
300 body_offset = key_block->key_block_size + preamble->preamble_size; | 307 body_offset = key_block->key_block_size + preamble->preamble_size; |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
429 return LOAD_KERNEL_SUCCESS; | 436 return LOAD_KERNEL_SUCCESS; |
430 } | 437 } |
431 | 438 |
432 /* The BIOS may attempt to display different screens depending on whether | 439 /* The BIOS may attempt to display different screens depending on whether |
433 * we find an invalid kernel partition (return LOAD_KERNEL_INVALID) or not. | 440 * we find an invalid kernel partition (return LOAD_KERNEL_INVALID) or not. |
434 * But the flow is changing, so for now treating both cases as invalid gives | 441 * But the flow is changing, so for now treating both cases as invalid gives |
435 * slightly less confusing user feedback. Sigh. | 442 * slightly less confusing user feedback. Sigh. |
436 */ | 443 */ |
437 return LOAD_KERNEL_INVALID; | 444 return LOAD_KERNEL_INVALID; |
438 } | 445 } |
OLD | NEW |