| Index: src/platform/vboot_reference/utils/kernel_utility.cc
|
| diff --git a/src/platform/vboot_reference/utils/kernel_utility.cc b/src/platform/vboot_reference/utils/kernel_utility.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..4a90d3c5f834b9d1d2e9a9649932185bd684f37e
|
| --- /dev/null
|
| +++ b/src/platform/vboot_reference/utils/kernel_utility.cc
|
| @@ -0,0 +1,357 @@
|
| +// Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +//
|
| +// Utility for manipulating verified boot firmware images.
|
| +//
|
| +
|
| +#include "kernel_utility.h"
|
| +
|
| +#include <errno.h>
|
| +#include <getopt.h>
|
| +#include <stdint.h> // Needed for UINT16_MAX.
|
| +#include <stdlib.h>
|
| +#include <unistd.h>
|
| +
|
| +#include <iostream>
|
| +
|
| +extern "C" {
|
| +#include "file_keys.h"
|
| +#include "kernel_image.h"
|
| +#include "padding.h"
|
| +#include "rsa_utility.h"
|
| +#include "sha_utility.h"
|
| +#include "utility.h"
|
| +}
|
| +
|
| +extern int errno;
|
| +using std::cerr;
|
| +
|
| +namespace vboot_reference {
|
| +
|
| +KernelUtility::KernelUtility(): image_(NULL),
|
| + firmware_key_pub_(NULL),
|
| + header_version_(1),
|
| + firmware_sign_algorithm_(-1),
|
| + kernel_sign_algorithm_(-1),
|
| + kernel_key_version_(-1),
|
| + kernel_version_(-1),
|
| + is_generate_(false),
|
| + is_verify_(false) {
|
| + // Populate kernel config options with defaults.
|
| + options_.version[0] = 1;
|
| + options_.version[1] = 0;
|
| + options_.kernel_len = 0;
|
| + options_.kernel_load_addr = 0;
|
| + options_.kernel_entry_addr = 0;
|
| +}
|
| +
|
| +KernelUtility::~KernelUtility() {
|
| + RSAPublicKeyFree(firmware_key_pub_);
|
| + KernelImageFree(image_);
|
| +}
|
| +
|
| +void KernelUtility::PrintUsage(void) {
|
| + cerr <<
|
| + "Utility to generate/verify a verified boot kernel image\n\n"
|
| + "Usage: firmware_utility <--generate|--verify> [OPTIONS]\n\n"
|
| + "For \"--verify\", required OPTIONS are:\n"
|
| + "--in <infile>\t\t\tVerified boot kernel image to verify.\n"
|
| + "--firmware_key_pub <pubkeyfile>\tPre-processed public firmware key "
|
| + "to use for verification.\n\n"
|
| + "For \"--generate\", required OPTIONS are:\n"
|
| + "--firmware_key <privkeyfile>\tPrivate firmware signing key file\n"
|
| + "--kernel_key <privkeyfile>\tPrivate kernel signing key file\n"
|
| + "--kernel_key_pub <pubkeyfile>\tPre-processed public kernel signing"
|
| + " key\n"
|
| + "--firmware_sign_algorithm <algoid>\tSigning algorithm used by "
|
| + "the firmware\n"
|
| + "--kernel_sign_algorithm <algoid>\tSigning algorithm to use for kernel\n"
|
| + "--kernel_key_version <version#>\tKernel signing Key Version#\n"
|
| + "--kernel_version <version#>\tKernel Version#\n"
|
| + "--in <infile>\t\tKernel Image to sign\n"
|
| + "--out <outfile>\t\tOutput file for verified boot Kernel image\n\n"
|
| + "Optional arguments for \"--generate\" include:\n"
|
| + "--config_version <version>\n"
|
| + "--kernel_load_addr <addr>\n"
|
| + "--kernel_entry_addr <addr>\n\n"
|
| + "<algoid> (for --*_sign_algorithm) is one of the following:\n";
|
| + for (int i = 0; i < kNumAlgorithms; i++) {
|
| + cerr << i << " for " << algo_strings[i] << "\n";
|
| + }
|
| + cerr << "\n\n";
|
| +}
|
| +
|
| +bool KernelUtility::ParseCmdLineOptions(int argc, char* argv[]) {
|
| + int option_index;
|
| + static struct option long_options[] = {
|
| + {"firmware_key", 1, 0, 0},
|
| + {"firmware_key_pub", 1, 0, 0},
|
| + {"kernel_key", 1, 0, 0},
|
| + {"kernel_key_pub", 1, 0, 0},
|
| + {"firmware_sign_algorithm", 1, 0, 0},
|
| + {"kernel_sign_algorithm", 1, 0, 0},
|
| + {"kernel_key_version", 1, 0, 0},
|
| + {"kernel_version", 1, 0, 0},
|
| + {"in", 1, 0, 0},
|
| + {"out", 1, 0, 0},
|
| + {"generate", 0, 0, 0},
|
| + {"verify", 0, 0, 0},
|
| + {"config_version", 1, 0, 0},
|
| + {"kernel_load_addr", 1, 0, 0},
|
| + {"kernel_entry_addr", 1, 0, 0},
|
| + {NULL, 0, 0, 0}
|
| + };
|
| + while (1) {
|
| + int i = getopt_long(argc, argv, "", long_options, &option_index);
|
| + if (-1 == i) // Done with option processing.
|
| + break;
|
| + if ('?' == i) // Invalid option found.
|
| + return false;
|
| +
|
| + if (0 == i) {
|
| + switch (option_index) {
|
| + case 0: // firmware_key
|
| + firmware_key_file_ = optarg;
|
| + break;
|
| + case 1: // firmware_key_pub
|
| + firmware_key_pub_file_ = optarg;
|
| + break;
|
| + case 2: // kernel_key
|
| + kernel_key_file_ = optarg;
|
| + break;
|
| + case 3: // kernel_key_pub
|
| + kernel_key_pub_file_ = optarg;
|
| + break;
|
| + case 4: // firmware_sign_algorithm
|
| + errno = 0; // strtol() returns an error via errno
|
| + firmware_sign_algorithm_ = strtol(optarg,
|
| + reinterpret_cast<char**>(NULL), 10);
|
| + if (errno)
|
| + return false;
|
| + break;
|
| + case 5: // kernel_sign_algorithm
|
| + errno = 0;
|
| + kernel_sign_algorithm_ = strtol(optarg,
|
| + reinterpret_cast<char**>(NULL), 10);
|
| + if (errno)
|
| + return false;
|
| + break;
|
| + case 6: // kernel_key_version
|
| + errno = 0;
|
| + kernel_key_version_ = strtol(optarg,
|
| + reinterpret_cast<char**>(NULL), 10);
|
| + if (errno)
|
| + return false;
|
| + break;
|
| + case 7: // kernel_version
|
| + errno = 0;
|
| + kernel_version_ = strtol(optarg,
|
| + reinterpret_cast<char**>(NULL), 10);
|
| + if (errno)
|
| + return false;
|
| + break;
|
| + case 8: // in
|
| + in_file_ = optarg;
|
| + break;
|
| + case 9: // out
|
| + out_file_ = optarg;
|
| + break;
|
| + case 10: // generate
|
| + is_generate_ = true;
|
| + break;
|
| + case 11: // verify
|
| + is_verify_ = true;
|
| + break;
|
| + case 12: // config_version
|
| + if (2 != sscanf(optarg, "%d.%d", &options_.version[0],
|
| + &options_.version[1]))
|
| + return false;
|
| + break;
|
| + case 13: // kernel_load_addr
|
| + errno = 0;
|
| + options_.kernel_load_addr =
|
| + strtol(optarg, reinterpret_cast<char**>(NULL), 10);
|
| + if (errno)
|
| + return false;
|
| + break;
|
| + case 14: // kernel_entry_addr
|
| + errno = 0;
|
| + options_.kernel_entry_addr =
|
| + strtol(optarg, reinterpret_cast<char**>(NULL), 10);
|
| +
|
| + if (errno)
|
| + return false;
|
| + break;
|
| + }
|
| + }
|
| + }
|
| + return CheckOptions();
|
| +}
|
| +
|
| +void KernelUtility::OutputSignedImage(void) {
|
| + if (image_) {
|
| + if (!WriteKernelImage(out_file_.c_str(), image_)) {
|
| + cerr << "Couldn't write verified boot kernel image to file "
|
| + << out_file_ <<".\n";
|
| + }
|
| + }
|
| +}
|
| +
|
| +bool KernelUtility::GenerateSignedImage(void) {
|
| + uint32_t kernel_key_pub_len;
|
| + uint8_t* header_checksum;
|
| + DigestContext ctx;
|
| + image_ = KernelImageNew();
|
| +
|
| + Memcpy(image_->magic, KERNEL_MAGIC, KERNEL_MAGIC_SIZE);
|
| +
|
| + // TODO(gauravsh): make this a command line option.
|
| + image_->header_version = 1;
|
| + image_->firmware_sign_algorithm = (uint16_t) firmware_sign_algorithm_;
|
| + // Copy pre-processed public signing key.
|
| + image_->kernel_sign_algorithm = (uint16_t) kernel_sign_algorithm_;
|
| + image_->kernel_sign_key = BufferFromFile(kernel_key_pub_file_.c_str(),
|
| + &kernel_key_pub_len);
|
| + if (!image_->kernel_sign_key)
|
| + return false;
|
| + image_->kernel_key_version = kernel_key_version_;
|
| +
|
| + // Update header length.
|
| + image_->header_len = GetKernelHeaderLen(image_);
|
| +
|
| + // Calculate header checksum.
|
| + DigestInit(&ctx, SHA512_DIGEST_ALGORITHM);
|
| + DigestUpdate(&ctx, reinterpret_cast<uint8_t*>(&image_->header_version),
|
| + sizeof(image_->header_version));
|
| + DigestUpdate(&ctx, reinterpret_cast<uint8_t*>(&image_->header_len),
|
| + sizeof(image_->header_len));
|
| + DigestUpdate(&ctx, reinterpret_cast<uint8_t*>(&image_->kernel_sign_algorithm),
|
| + sizeof(image_->kernel_sign_algorithm));
|
| + DigestUpdate(&ctx, reinterpret_cast<uint8_t*>(&image_->kernel_key_version),
|
| + sizeof(image_->kernel_key_version));
|
| + DigestUpdate(&ctx, image_->kernel_sign_key,
|
| + RSAProcessedKeySize(image_->kernel_sign_algorithm));
|
| + header_checksum = DigestFinal(&ctx);
|
| + Memcpy(image_->header_checksum, header_checksum, SHA512_DIGEST_SIZE);
|
| + Free(header_checksum);
|
| +
|
| + image_->kernel_version = kernel_version_;
|
| + image_->options.version[0] = options_.version[0];
|
| + image_->options.version[1] = options_.version[1];
|
| + image_->options.kernel_load_addr = options_.kernel_load_addr;
|
| + image_->options.kernel_entry_addr = options_.kernel_entry_addr;
|
| + image_->kernel_data = BufferFromFile(in_file_.c_str(),
|
| + &image_->options.kernel_len);
|
| + if (!image_)
|
| + return false;
|
| + // Generate and add the signatures.
|
| + if (!AddKernelKeySignature(image_, firmware_key_file_.c_str())) {
|
| + cerr << "Couldn't write key signature to verified boot image.\n";
|
| + return false;
|
| + }
|
| +
|
| + if (!AddKernelSignature(image_, kernel_key_file_.c_str())) {
|
| + cerr << "Couldn't write firmware signature to verified boot image.\n";
|
| + return false;
|
| + }
|
| + return true;
|
| +}
|
| +
|
| +bool KernelUtility::VerifySignedImage(void) {
|
| + int error;
|
| + firmware_key_pub_ = RSAPublicKeyFromFile(firmware_key_pub_file_.c_str());
|
| + image_ = ReadKernelImage(in_file_.c_str());
|
| +
|
| + if (!firmware_key_pub_) {
|
| + cerr << "Couldn't read pre-processed public root key.\n";
|
| + return false;
|
| + }
|
| +
|
| + if (!image_) {
|
| + cerr << "Couldn't read firmware image or malformed image.\n";
|
| + return false;
|
| + }
|
| + if (!(error = VerifyKernelImage(firmware_key_pub_, image_, 0)))
|
| + return true;
|
| + cerr << VerifyKernelErrorString(error) << "\n";
|
| + return false;
|
| +}
|
| +
|
| +bool KernelUtility::CheckOptions(void) {
|
| + if (is_generate_ == is_verify_) {
|
| + cerr << "One of --generate or --verify must be specified.\n";
|
| + return false;
|
| + }
|
| + // Common required options.
|
| + if (in_file_.empty()) {
|
| + cerr << "No input file specified.\n";
|
| + return false;
|
| + }
|
| + // Required options for --verify.
|
| + if (is_verify_ && firmware_key_pub_file_.empty()) {
|
| + cerr << "No pre-processed public firmware key file specified.\n";
|
| + return false;
|
| + }
|
| + // Required options for --generate.
|
| + if (is_generate_) {
|
| + if (firmware_key_file_.empty()) {
|
| + cerr << "No firmware key file specified.\n";
|
| + return false;
|
| + }
|
| + if (kernel_key_file_.empty()) {
|
| + cerr << "No kernel key file specified.\n";
|
| + return false;
|
| + }
|
| + if (kernel_key_pub_file_.empty()) {
|
| + cerr << "No pre-processed public kernel key file specified\n";
|
| + return false;
|
| + }
|
| + if (kernel_key_version_ <= 0 || kernel_key_version_ > UINT16_MAX) {
|
| + cerr << "Invalid or no kernel key version specified.\n";
|
| + return false;
|
| + }
|
| + if (firmware_sign_algorithm_ < 0 ||
|
| + firmware_sign_algorithm_ >= kNumAlgorithms) {
|
| + cerr << "Invalid or no firmware signing key algorithm specified.\n";
|
| + return false;
|
| + }
|
| + if (kernel_sign_algorithm_ < 0 ||
|
| + kernel_sign_algorithm_ >= kNumAlgorithms) {
|
| + cerr << "Invalid or no kernel signing key algorithm specified.\n";
|
| + return false;
|
| + }
|
| + if (kernel_version_ <=0 || kernel_version_ > UINT16_MAX) {
|
| + cerr << "Invalid or no kernel version specified.\n";
|
| + return false;
|
| + }
|
| + if (out_file_.empty()) {
|
| + cerr <<"No output file specified.\n";
|
| + return false;
|
| + }
|
| + }
|
| + return true;
|
| +}
|
| +
|
| +} // namespace vboot_reference
|
| +
|
| +int main(int argc, char* argv[]) {
|
| + vboot_reference::KernelUtility fu;
|
| + if (!fu.ParseCmdLineOptions(argc, argv)) {
|
| + fu.PrintUsage();
|
| + return -1;
|
| + }
|
| + if (fu.is_generate()) {
|
| + if (!fu.GenerateSignedImage())
|
| + return -1;
|
| + fu.OutputSignedImage();
|
| + }
|
| + if (fu.is_verify()) {
|
| + cerr << "Verification ";
|
| + if (fu.VerifySignedImage())
|
| + cerr << "SUCCESS.\n";
|
| + else
|
| + cerr << "FAILURE.\n";
|
| + }
|
| + return 0;
|
| +}
|
|
|
Chromium Code Reviews
Issue 669014:
Vboot Reference: Kernel Boot signing utility. (Closed)
