OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for generating and manipulating a verified boot kernel image. | 5 * Functions for generating and manipulating a verified boot kernel image. |
6 */ | 6 */ |
7 | 7 |
8 #include "kernel_image.h" | 8 #include "kernel_image.h" |
9 | 9 |
10 #include <fcntl.h> | 10 #include <fcntl.h> |
(...skipping 386 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
397 | 397 |
398 /* Verify if the hash of the header is correct. */ | 398 /* Verify if the hash of the header is correct. */ |
399 header_checksum = DigestBuf(header_blob, | 399 header_checksum = DigestBuf(header_blob, |
400 header_len - FIELD_LEN(header_checksum), | 400 header_len - FIELD_LEN(header_checksum), |
401 SHA512_DIGEST_ALGORITHM); | 401 SHA512_DIGEST_ALGORITHM); |
402 if (SafeMemcmp(header_checksum, | 402 if (SafeMemcmp(header_checksum, |
403 header_blob + (base_header_checksum_offset + | 403 header_blob + (base_header_checksum_offset + |
404 kernel_sign_key_len), | 404 kernel_sign_key_len), |
405 FIELD_LEN(header_checksum))) { | 405 FIELD_LEN(header_checksum))) { |
406 Free(header_checksum); | 406 Free(header_checksum); |
| 407 fprintf(stderr, "VerifyKernelHeader: Invalid header hash\n"); |
407 return VERIFY_KERNEL_INVALID_IMAGE; | 408 return VERIFY_KERNEL_INVALID_IMAGE; |
408 } | 409 } |
409 Free(header_checksum); | 410 Free(header_checksum); |
410 | 411 |
411 /* Verify kernel key signature unless we are in dev mode. */ | 412 /* Verify kernel key signature unless we are in dev mode. */ |
412 if (!dev_mode) { | 413 if (!dev_mode) { |
413 if (!RSAVerifyBinary_f(firmware_key_blob, NULL, /* Key to use */ | 414 if (!RSAVerifyBinary_f(firmware_key_blob, NULL, /* Key to use */ |
414 header_blob, /* Data to verify */ | 415 header_blob, /* Data to verify */ |
415 header_len, /* Length of data */ | 416 header_len, /* Length of data */ |
416 header_blob + header_len, /* Expected Signature */ | 417 header_blob + header_len, /* Expected Signature */ |
(...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
676 kernel_signing_key_file, | 677 kernel_signing_key_file, |
677 image->kernel_sign_algorithm))) { | 678 image->kernel_sign_algorithm))) { |
678 fprintf(stderr, "Could not compute signature on the kernel.\n"); | 679 fprintf(stderr, "Could not compute signature on the kernel.\n"); |
679 return 0; | 680 return 0; |
680 } | 681 } |
681 image->kernel_signature = (uint8_t*) Malloc(signature_len); | 682 image->kernel_signature = (uint8_t*) Malloc(signature_len); |
682 Memcpy(image->kernel_signature, kernel_signature, signature_len); | 683 Memcpy(image->kernel_signature, kernel_signature, signature_len); |
683 Free(kernel_signature); | 684 Free(kernel_signature); |
684 return 1; | 685 return 1; |
685 } | 686 } |
OLD | NEW |