| OLD | NEW |
|---|
| (Empty) | |
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. |
| 4 * |
| 5 * Data structure and API definitions for a verified boot firmware image. |
| 6 */ |
| 7 |
| 8 #ifndef VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ |
| 9 #define VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ |
| 10 |
| 11 #include <inttypes.h> |
| 12 |
| 13 #include "rsa.h" |
| 14 #include "sha.h" |
| 15 |
| 16 #define FIRMWARE_MAGIC "CHROMEOS" |
| 17 #define FIRMWARE_MAGIC_SIZE 8 |
| 18 #define FIRMWARE_PREAMBLE_SIZE 8 |
| 19 |
| 20 #define ROOT_SIGNATURE_ALGORITHM 11 /* RSA 8192 and SHA-512. */ |
| 21 #define ROOT_SIGNATURE_ALGORITHM_STRING "11" |
| 22 |
| 23 typedef struct FirmwareImage { |
| 24 uint8_t magic[FIRMWARE_MAGIC_SIZE]; |
| 25 /* Key Header */ |
| 26 uint16_t header_len; /* Length of the header. */ |
| 27 uint16_t sign_algorithm; /* Signature algorithm used by the signing key. */ |
| 28 uint8_t* sign_key; /* Pre-processed public half of signing key. */ |
| 29 uint16_t key_version; /* Key Version# for preventing rollbacks. */ |
| 30 uint8_t header_hash[SHA512_DIGEST_SIZE]; /* SHA-512 hash of the header.*/ |
| 31 |
| 32 uint8_t key_signature[RSA8192NUMBYTES]; /* Signature of the header above. */ |
| 33 |
| 34 /* Firmware Preamble. */ |
| 35 uint16_t firmware_version; /* Firmware Version# for preventing rollbacks.*/ |
| 36 uint32_t firmware_len; /* Length of the rest of the R/W firmware data. */ |
| 37 uint8_t preamble[FIRMWARE_PREAMBLE_SIZE]; /* Remaining preamble data.*/ |
| 38 |
| 39 uint8_t* preamble_signature; /* Signature over the preamble. */ |
| 40 |
| 41 /* The firmware signature comes first as it may allow us to parallelize |
| 42 * the firmware data fetch and RSA public operation. |
| 43 */ |
| 44 uint8_t* firmware_signature; /* Signature on [firmware_data]. */ |
| 45 uint8_t* firmware_data; /* Rest of firmware data */ |
| 46 |
| 47 } FirmwareImage; |
| 48 |
| 49 /* Allocate and return a new FirmwareImage structure. */ |
| 50 FirmwareImage* FirmwareImageNew(void); |
| 51 |
| 52 /* Deep free the contents of [fw]. */ |
| 53 void FirmwareImageFree(FirmwareImage* fw); |
| 54 |
| 55 /* Read firmware data from file named [input_file] into [image]. |
| 56 * |
| 57 * Returns a filled up FirmwareImage on success, NULL on error. |
| 58 */ |
| 59 FirmwareImage* ReadFirmware(const char* input_file, |
| 60 FirmwareImage* image); |
| 61 |
| 62 /* Write firmware header from [image] to an open file pointed by the |
| 63 * file descriptor [fd]. |
| 64 */ |
| 65 void WriteFirmwareHeader(int fd, FirmwareImage* image); |
| 66 |
| 67 /* Write firmware preamble from [image] to an open file pointed by the |
| 68 * file descriptor [fd]. |
| 69 */ |
| 70 void WriteFirmwarePreamble(int fd, FirmwareImage* image); |
| 71 |
| 72 |
| 73 /* Write firmware data from [image] into a file named [input_file]. |
| 74 * |
| 75 * Return [image] on success, NULL on error. |
| 76 */ |
| 77 FirmwareImage* WriteFirmware(const char* input_file, |
| 78 FirmwareImage* image); |
| 79 |
| 80 /* Pretty print the contents of [image]. Only headers and metadata information |
| 81 * is printed. |
| 82 */ |
| 83 void PrintFirmware(const FirmwareImage* image); |
| 84 |
| 85 /* Performs a chained verify of the firmware [image]. If [dev_mode] is |
| 86 * 0 (inactive), then the [root_key] is used to verify the signature of |
| 87 * the signing key, else the check is skipped. |
| 88 * |
| 89 * Returns 0 on success, error code on failure. |
| 90 */ |
| 91 int VerifyFirmware(const RSAPublicKey* root_key, |
| 92 const FirmwareImage* image, |
| 93 const int dev_mode); |
| 94 |
| 95 /* Error Codes for VerifyFirmware. */ |
| 96 #define VERIFY_SUCCESS 0 |
| 97 #define VERIFY_INVALID_IMAGE 1 |
| 98 #define VERIFY_ROOT_SIGNATURE_FAILED 2 |
| 99 #define VERIFY_INVALID_ALGORITHM 3 |
| 100 #define VERIFY_PREAMBLE_SIGNATURE_FAILED 4 |
| 101 #define VERIFY_FIRMWARE_SIGNATURE_FAILED 5 |
| 102 #define VERIFY_MAX 6 /* Generic catch-all. */ |
| 103 |
| 104 char* kVerifyFirmwareErrors[VERIFY_MAX]; |
| 105 |
| 106 /* Maps error codes from VerifyFirmware() to error description. */ |
| 107 char* VerifyErrorString(int error); |
| 108 |
| 109 |
| 110 /* Helper function to invoke external program to calculate signature on |
| 111 * [input_file] using private key [key_file] and signature algorithm |
| 112 * [algorithm]. |
| 113 * |
| 114 * Returns the signature. Caller owns the buffer and must Free() it. |
| 115 */ |
| 116 uint8_t* SignatureFile(char* input_fie, char* key_file, int algorithm); |
| 117 |
| 118 /* Add a root key signature to the key header to a firmware image [image] |
| 119 * using the private root key in file [root_key_file]. |
| 120 * |
| 121 * Return 1 on success, 0 on failure. |
| 122 */ |
| 123 int AddKeySignature(FirmwareImage* image, char* root_key_file); |
| 124 |
| 125 /* Add firmware and preamble signature to a firmware image [image] |
| 126 * using the private signing key in file [signing_key_file]. |
| 127 * |
| 128 * Return 1 on success, 0 on failure. |
| 129 */ |
| 130 int AddFirmwareSignature(FirmwareImage* image, char* signing_key_file, |
| 131 int algorithm); |
| 132 |
| 133 #endif /* VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 564020:
Data structure and interface for manipulating and handing firmware images for verified boot. (Closed)
