Issue 652216: Vboot reference: A basic user-land verified boot firmware signing and verification utility.

Issue 652216: Vboot reference: A basic user-land verified boot firmware signing and verification utility. (Closed)

Created:
10 years, 10 months ago by gauravsh

Modified:
9 years, 6 months ago

Reviewers:
Randall Spangler, Will Drewry

CC:
chromium-os-reviews_chromium.org

Visibility:
Public.

Description

Vboot reference: A basic user-land verified boot firmware signing and verification utility. This is a first cut at what I envision as a utility we can use to manage our firmware/kernel signing needs. Currently, it implements firmware signing (given a binary image, create a verified boot header) and verification (given a verified boot image, verify it using the given public root key). This CL also fixes the ReadFirmwareImage function from firmware_image to make it more consistent and fixes some bugs.

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+461 lines, -119 lines)			Patch
M	src/platform/vboot_reference/include/file_keys.h	View		2 chunks	+4 lines, -3 lines	0 comments	Download
M	src/platform/vboot_reference/include/firmware_image.h	View	1	3 chunks	+7 lines, -8 lines	0 comments	Download
A	src/platform/vboot_reference/include/firmware_utility.h	View		1 chunk	+66 lines, -0 lines	0 comments	Download
M	src/platform/vboot_reference/tests/firmware_image_tests.c	View	1	2 chunks	+2 lines, -2 lines	0 comments	Download
M	src/platform/vboot_reference/tests/rsa_verify_benchmark.c	View		1 chunk	+2 lines, -3 lines	0 comments	Download
M	src/platform/vboot_reference/utils/Makefile	View	1 2 3	3 chunks	+4 lines, -3 lines	0 comments	Download
M	src/platform/vboot_reference/utils/file_keys.c	View	1 2 3	2 chunks	+8 lines, -5 lines	0 comments	Download
M	src/platform/vboot_reference/utils/firmware_image.c	View	1 2	9 chunks	+63 lines, -72 lines	0 comments	Download
D	src/platform/vboot_reference/utils/firmware_utility.c	View		1 chunk	+0 lines, -23 lines	0 comments	Download
A	src/platform/vboot_reference/utils/firmware_utility.cc	View	1 2 3	1 chunk	+305 lines, -0 lines	0 comments	Download

Messages

Total messages: 3 (0 generated)

Expand Messages | Collapse Messages

Will Drewry

Some style nits but LGTM. I'll take another (closer) pass through either before or after ...

10 years, 10 months ago (2010-02-26 21:56:23 UTC) #2

gauravsh

10 years, 10 months ago (2010-02-26 23:10:21 UTC) #3

Thanks, submitting.

http://codereview.chromium.org/652216/diff/1012/1022
File src/platform/vboot_reference/utils/firmware_utility.cc (right):

http://codereview.chromium.org/652216/diff/1012/1022#newcode115
src/platform/vboot_reference/utils/firmware_utility.cc:115: key_version_ =
atoi(optarg);
On 2010/02/26 21:56:23, Will Drewry wrote:
> if errors matter here, you may want to consider strtol().

Done.

http://codereview.chromium.org/652216/diff/1012/1022#newcode242
src/platform/vboot_reference/utils/firmware_utility.cc:242: if (root_key_file_
== "") {
On 2010/02/26 21:56:23, Will Drewry wrote:
> It's nicer to check use root_key_file_.empty() (or length() == 0) since it's
> preferred to avoid using some of the overload operators if possible.  (For
> instance, I had to look at the .h file to know if this was a std::string or if
> you were actually comparing a char * to a "" ;)
Done.

http://codereview.chromium.org/652216/diff/1012/1022#newcode246
src/platform/vboot_reference/utils/firmware_utility.cc:246: if
(firmware_version_ <= 0 || firmware_version_ > 0xFFFF) {
On 2010/02/26 21:56:23, Will Drewry wrote:
> Should 0xFFFF be USHRT_MAX from limits.h?  Or is it a constant elsewhere?

It's the max 16-bit value. All types used by the verification code are fixed
sizes. I think short is not guaranteed to be 16-bits, so I am leaving this
as-is.

Expand Messages | Collapse Messages