OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * High-level firmware API for loading and verifying rewritable firmware. | 5 * High-level firmware API for loading and verifying rewritable firmware. |
6 * (Firmware portion) | 6 * (Firmware portion) |
7 */ | 7 */ |
8 | 8 |
9 #include "load_firmware_fw.h" | 9 #include "load_firmware_fw.h" |
10 #include "rollback_index.h" | 10 #include "rollback_index.h" |
(...skipping 22 matching lines...) Expand all Loading... |
33 | 33 |
34 int LoadFirmware(LoadFirmwareParams* params) { | 34 int LoadFirmware(LoadFirmwareParams* params) { |
35 | 35 |
36 VbPublicKey* root_key = (VbPublicKey*)params->firmware_root_key_blob; | 36 VbPublicKey* root_key = (VbPublicKey*)params->firmware_root_key_blob; |
37 VbLoadFirmwareInternal* lfi; | 37 VbLoadFirmwareInternal* lfi; |
38 | 38 |
39 uint32_t tpm_version = 0; | 39 uint32_t tpm_version = 0; |
40 uint64_t lowest_version = 0xFFFFFFFF; | 40 uint64_t lowest_version = 0xFFFFFFFF; |
41 uint32_t status; | 41 uint32_t status; |
42 int good_index = -1; | 42 int good_index = -1; |
| 43 int is_dev; |
43 int index; | 44 int index; |
44 | 45 |
45 /* Clear output params in case we fail */ | 46 /* Clear output params in case we fail */ |
46 params->firmware_index = 0; | 47 params->firmware_index = 0; |
47 | 48 |
48 VBDEBUG(("LoadFirmware started...\n")); | 49 VBDEBUG(("LoadFirmware started...\n")); |
49 | 50 |
50 if (params->kernel_sign_key_size < sizeof(VbPublicKey)) { | 51 if (params->kernel_sign_key_size < sizeof(VbPublicKey)) { |
51 VBDEBUG(("Kernel sign key buffer too small\n")); | 52 VBDEBUG(("Kernel sign key buffer too small\n")); |
52 return LOAD_FIRMWARE_RECOVERY; | 53 return LOAD_FIRMWARE_RECOVERY; |
53 } | 54 } |
54 | 55 |
55 /* Must have a root key */ | 56 /* Must have a root key */ |
56 if (!root_key) { | 57 if (!root_key) { |
57 VBDEBUG(("No root key\n")); | 58 VBDEBUG(("No root key\n")); |
58 return LOAD_FIRMWARE_RECOVERY; | 59 return LOAD_FIRMWARE_RECOVERY; |
59 } | 60 } |
60 | 61 |
| 62 /* Parse flags */ |
| 63 is_dev = (params->boot_flags & BOOT_FLAG_DEVELOPER ? 1 : 0); |
| 64 |
61 /* Initialize the TPM and read rollback indices. */ | 65 /* Initialize the TPM and read rollback indices. */ |
62 VBPERFSTART("VB_TPMI"); | 66 VBPERFSTART("VB_TPMI"); |
63 status = RollbackFirmwareSetup(params->boot_flags & BOOT_FLAG_DEVELOPER, | 67 status = RollbackFirmwareSetup(is_dev, &tpm_version); |
64 &tpm_version); | |
65 if (0 != status) { | 68 if (0 != status) { |
66 VBDEBUG(("Unable to setup TPM and read stored versions.\n")); | 69 VBDEBUG(("Unable to setup TPM and read stored versions.\n")); |
67 VBPERFEND("VB_TPMI"); | 70 VBPERFEND("VB_TPMI"); |
68 return (status == TPM_E_MUST_REBOOT ? | 71 return (status == TPM_E_MUST_REBOOT ? |
69 LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY_TPM); | 72 LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY_TPM); |
70 } | 73 } |
71 VBPERFEND("VB_TPMI"); | 74 VBPERFEND("VB_TPMI"); |
72 | 75 |
73 /* Allocate our internal data */ | 76 /* Allocate our internal data */ |
74 lfi = (VbLoadFirmwareInternal*)Malloc(sizeof(VbLoadFirmwareInternal)); | 77 lfi = (VbLoadFirmwareInternal*)Malloc(sizeof(VbLoadFirmwareInternal)); |
(...skipping 21 matching lines...) Expand all Loading... |
96 key_block = (VbKeyBlockHeader*)params->verification_block_1; | 99 key_block = (VbKeyBlockHeader*)params->verification_block_1; |
97 vblock_size = params->verification_size_1; | 100 vblock_size = params->verification_size_1; |
98 } | 101 } |
99 if ((0 != KeyBlockVerify(key_block, vblock_size, root_key, 0))) { | 102 if ((0 != KeyBlockVerify(key_block, vblock_size, root_key, 0))) { |
100 VBDEBUG(("Key block verification failed.\n")); | 103 VBDEBUG(("Key block verification failed.\n")); |
101 VBPERFEND("VB_VKB"); | 104 VBPERFEND("VB_VKB"); |
102 continue; | 105 continue; |
103 } | 106 } |
104 VBPERFEND("VB_VKB"); | 107 VBPERFEND("VB_VKB"); |
105 | 108 |
| 109 /* Check the key block flags against the current boot mode. */ |
| 110 if (!(key_block->key_block_flags & |
| 111 (is_dev ? KEY_BLOCK_FLAG_DEVELOPER_1 : |
| 112 KEY_BLOCK_FLAG_DEVELOPER_0))) { |
| 113 VBDEBUG(("Developer flag mismatch.\n")); |
| 114 continue; |
| 115 } |
| 116 /* RW firmware never runs in recovery mode. */ |
| 117 if (!(key_block->key_block_flags & KEY_BLOCK_FLAG_RECOVERY_0)) { |
| 118 VBDEBUG(("Recovery flag mismatch.\n")); |
| 119 continue; |
| 120 } |
| 121 |
106 /* Check for rollback of key version. */ | 122 /* Check for rollback of key version. */ |
107 key_version = key_block->data_key.key_version; | 123 key_version = key_block->data_key.key_version; |
108 if (key_version < (tpm_version >> 16)) { | 124 if (key_version < (tpm_version >> 16)) { |
109 VBDEBUG(("Key rollback detected.\n")); | 125 VBDEBUG(("Key rollback detected.\n")); |
110 continue; | 126 continue; |
111 } | 127 } |
112 | 128 |
113 /* Get the key for preamble/data verification from the key block. */ | 129 /* Get the key for preamble/data verification from the key block. */ |
114 data_key = PublicKeyToRSA(&key_block->data_key); | 130 data_key = PublicKeyToRSA(&key_block->data_key); |
115 if (!data_key) { | 131 if (!data_key) { |
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
262 /* Resume the TPM */ | 278 /* Resume the TPM */ |
263 uint32_t status = RollbackS3Resume(); | 279 uint32_t status = RollbackS3Resume(); |
264 | 280 |
265 if (status == TPM_SUCCESS) | 281 if (status == TPM_SUCCESS) |
266 return LOAD_FIRMWARE_SUCCESS; | 282 return LOAD_FIRMWARE_SUCCESS; |
267 else if (status == TPM_E_MUST_REBOOT) | 283 else if (status == TPM_E_MUST_REBOOT) |
268 return LOAD_FIRMWARE_REBOOT; | 284 return LOAD_FIRMWARE_REBOOT; |
269 else | 285 else |
270 return LOAD_FIRMWARE_RECOVERY_TPM; | 286 return LOAD_FIRMWARE_RECOVERY_TPM; |
271 } | 287 } |
OLD | NEW |