src/platform/vboot_reference/README - Issue 665009: Add a README and turn-on optimizations.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/platform/vboot_reference/README

Issue 665009: Add a README and turn-on optimizations. (Closed)

Patch Set: Created 10 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/platform/vboot_reference/README

diff --git a/src/platform/vboot_reference/README b/src/platform/vboot_reference/README

new file mode 100644

index 0000000000000000000000000000000000000000..fda6aaf4d900d952fecfb63253bdabae11f8f7c7

--- /dev/null

+++ b/src/platform/vboot_reference/README

@@ -0,0 +1,58 @@

+This directory contains a reference implementation for Chrome OS

+verified boot in firmware.

+----------

+Directory Structure

+----------

+include/ - Contains all the code headers. firmware_image.h and

+kernel_image.h contains the structures that represent a verified boot

+firmware and kernel image. Note that the

+crypto/ - Contains the implementation for the crypto library. This

+includes implementations for SHA1, SHA256, SHA512, and RSA signature

+verification (for PKCS #1 v1.5 signatures).

+common/ - Contains some utility functions and stub implementations for

+certain wrapper functions used in the verification code. Some of these

+(for example Free(), Malloc()) will need to be replaced with

+appropriate firmware-land equivalent.

+utils/ - This contains the implementation of kernel and firmware image

+verification (see firmware_image.c and kernel_image.c) and some

+utilities (e.g. firmware_utility - for generating verified boot

+firmware images).

+tests/ - User-land tests and benchmarks that test the reference

+implementation. Please have a look at these if you'd like to

+understand how to use the reference implementation.

+----------

+Some useful utilities:

+----------

+firmware_utility.c To generate verified boot firmware images.

+dumpRSAPublicKey.c Dump RSA Public key (from a DER-encoded X509

+ certificate) in a format suitable for

+ use by RSAVerify* functions in

+ crypto/.

+verify_data.c Verify a given signature on a given file.

+----------

+Here's what is required for a minimal verified boot implementation

+----------

+1) Crypto implementation from crypto/. The verified boot code should

+use the wrappers from rsa_utility.h and sha_utility.h - RSAVerify_f()

+and Digest*() functions.

+2) Verified Firmware and Kernel image verification functions - only

+functions that work on binary blobs (VerifyFirmware() and

+VerifyKernel()) are required. The functions that work on Firmware and

+Kernel images (e.g. VerifyFirmwareImage()) are only useful for

+user-land utilities that manipulate signed firmware and kernel images.

« no previous file with comments | « src/platform/vboot_reference/Makefile ('k') | no next file » | no next file with comments »