OLD | NEW |
(Empty) | |
| 1 This directory contains a reference implementation for Chrome OS |
| 2 verified boot in firmware. |
| 3 |
| 4 ---------- |
| 5 Directory Structure |
| 6 ---------- |
| 7 |
| 8 include/ - Contains all the code headers. firmware_image.h and |
| 9 kernel_image.h contains the structures that represent a verified boot |
| 10 firmware and kernel image. Note that the |
| 11 |
| 12 crypto/ - Contains the implementation for the crypto library. This |
| 13 includes implementations for SHA1, SHA256, SHA512, and RSA signature |
| 14 verification (for PKCS #1 v1.5 signatures). |
| 15 |
| 16 common/ - Contains some utility functions and stub implementations for |
| 17 certain wrapper functions used in the verification code. Some of these |
| 18 (for example Free(), Malloc()) will need to be replaced with |
| 19 appropriate firmware-land equivalent. |
| 20 |
| 21 utils/ - This contains the implementation of kernel and firmware image |
| 22 verification (see firmware_image.c and kernel_image.c) and some |
| 23 utilities (e.g. firmware_utility - for generating verified boot |
| 24 firmware images). |
| 25 |
| 26 tests/ - User-land tests and benchmarks that test the reference |
| 27 implementation. Please have a look at these if you'd like to |
| 28 understand how to use the reference implementation. |
| 29 |
| 30 |
| 31 ---------- |
| 32 Some useful utilities: |
| 33 ---------- |
| 34 |
| 35 firmware_utility.c To generate verified boot firmware images. |
| 36 |
| 37 dumpRSAPublicKey.c Dump RSA Public key (from a DER-encoded X509 |
| 38 certificate) in a format suitable for |
| 39 use by RSAVerify* functions in |
| 40 crypto/. |
| 41 |
| 42 verify_data.c Verify a given signature on a given file. |
| 43 |
| 44 |
| 45 ---------- |
| 46 Here's what is required for a minimal verified boot implementation |
| 47 ---------- |
| 48 |
| 49 1) Crypto implementation from crypto/. The verified boot code should |
| 50 use the wrappers from rsa_utility.h and sha_utility.h - RSAVerify_f() |
| 51 and Digest*() functions. |
| 52 |
| 53 2) Verified Firmware and Kernel image verification functions - only |
| 54 functions that work on binary blobs (VerifyFirmware() and |
| 55 VerifyKernel()) are required. The functions that work on Firmware and |
| 56 Kernel images (e.g. VerifyFirmwareImage()) are only useful for |
| 57 user-land utilities that manipulate signed firmware and kernel images. |
| 58 |
OLD | NEW |