Rearrange vboot_reference directories to isolate external components.

This creates a new vboot_firmware subdirectory, and which contains the entirety of the BIOS code. There shouldn't be anything in this directory that is NOT required by the BIOS. Review URL: http://codereview.chromium.org/2219004
2025-11-24 02:05:01 +00:00 · 2010-05-26 09:18:38 -07:00
parent a45586722f
commit 0b8f35c6a5
39 changed files with 146 additions and 116 deletions
--- a/8
+++ b/8
@@ -5,13 +5,15 @@
 export CC ?= gcc
 export CFLAGS = -Wall -DNDEBUG -O3 -Werror
 export TOP = $(shell pwd)
 export FWDIR=$(TOP)/vboot_firmware
 export INCLUDES = \
-	-I$(TOP)/common/include \
+	-I$(FWDIR)/include \
 	-I$(TOP)/cryptolib/include \
 	-I$(TOP)/misclibs/include \
 	-I$(TOP)/cgptlib
-SUBDIRS=common cgptlib cryptolib misclibs vfirmware vkernel utility tests
+export FWLIB=$(FWDIR)/vboot_fw.a
 SUBDIRS=vboot_firmware cgptlib misclibs vfirmware vkernel utility tests
 all:
 	set -e; \
--- a/44
+++ b/44
@@ -7,26 +7,21 @@ Directory Structure
 The source is organized into distinct modules -
-cryptolib/ - Contains the implementation for the crypto library. This
+vboot_firmware/ - Contains ONLY the code required by the BIOS to validate
-includes implementations for SHA1, SHA256, SHA512, and RSA signature
+the secure boot components. There shouldn't be any code in here that signs
-verification (for PKCS #1 v1.5 signatures).
+or generates images. BIOS should require ONLY this directory to implement
 secure boot. Refer to vboot_firmware/README for futher details.
-common/ - Utility functions and stub implementations for wrapper
+cgptlib/ - Work in progress for handling GPT headers. Parts of this will no
-functions used in the verification code. These stub implementations
+doubt be migrated into vboot_firmware/
 will need to be replaced with appropriate firmware equivalents.
 misclibs/ - Miscellaneous functions used by userland utilities.
 utility/ - Utilities for generating and verifying signed
 firmware and kernel images, as well as arbitrary blobs.
-vfirmware/ and vkernel/ - The main firmware and kernel image
+vfirmware/ and vkernel/ - Functions for generating, verifying, and
-verification modules. It has functions for verifying and manipulating
+manipulating signed firmware and kernel images.
 signed firmware and kernel images. The main files of interest are:
       vfirmware/firmware_image_fw.c (verification Functions used in Firmware)
       vfirmware/firmware_image.c (functions for userland tools)
       vkernel/kernel_image_fw.c (verification functions used in Firmware)
       vkernel/kernel_image.c (functions for userland tools)
 tests/ - User-land tests and benchmarks that test the reference
 implementation. Please have a look at these if you'd like to
@@ -49,29 +44,6 @@ dumpRSAPublicKey.c Dump RSA Public key (from a DER-encoded X509
 verify_data.c Verify a given signature on a given file.
 ---------- 
 What is required for a minimal verified boot implementation
 ----------
 1) cryptolib/ - as a separate module since it will be used by others
 parts of the verified boot process.
 2) common/ - this contains the interface for dealing with memory allocation
 and interacting with the TPM. The stubs will need to be replaced with their
 firmware-level equivalents.
 3) Verified Firmware and Kernel image verification - This is the core
 of the verified boot implementation. They are implemented under vfirmware
 and vkernel (for firmware and kernel image verification respectively). 
 firmware_image_fw.c and kernel_image_fw.c : Contain verification logic
 		    			    used in the firmware. Needed.
 firmware_image.c and kernel_image.c : High level functions used by userland
 		     		      tools. NOT needed in the firmware.
 cryptolib/, common/, vfirmware/firmware_image_fw.c are part of the RO firmware.
 vkernel/kernel_image_fw.c is part of the RW firmware (it verifies the OS kernel).
 ---------- 
 Generating a signed firmware image: 
--- a/cgptlib/tests/Makefile
+++ b/cgptlib/tests/Makefile
@@ -4,7 +4,7 @@
 TOP ?= ../../
 CFLAGS += -Wall -DNDEBUG -Werror -ansi
-LIBS = $(TOP)/cgptlib/libcgpt.a $(TOP)/common/libcommon.a
+LIBS = $(TOP)/cgptlib/libcgpt.a $(FWLIB)
 OBJS = cgptlib_test.o quick_sort_test.o crc32_test.o
 OUT = cgptlib_test
--- a/common/Makefile
+++ b/common/Makefile
@@ -1,18 +0,0 @@
 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 SRCS = boot_device_stub.c rollback_index.c tlcl_stub.c utility_stub.c
 OBJS = $(SRCS:.c=.o)
 INCLUDES += -I./include/
 all:	libcommon.a
 libcommon.a:	$(OBJS)
 	ar rs $@ $^
 .c.o:	$(OBJS)
 	$(CC) $(CFLAGS) $(INCLUDES) -c $< -o $@
 clean: 
 	rm -f $(OBJS) libcommon.a
--- a/cryptolib/Makefile
+++ b/cryptolib/Makefile
@@ -1,23 +0,0 @@
 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 TOP ?= ../
 SRCS = rsa.c sha1.c sha2.c padding.c rsa_utility.c sha_utility.c
 OBJS = $(SRCS:.c=.o)
 CFLAGS += -DUNROLL_LOOPS -DHAVE_ENDIAN_H -DHAVE_LITTLE_ENDIAN -DNDEBUG
 INCLUDES += -I./include/ -I$(TOP)/common/include/
 all: libcrypto.a
 libcrypto.a: $(OBJS)
 	ar rs libcrypto.a $(OBJS)
 padding.c: $(TOP)/scripts/genpadding.sh
 	$(TOP)/scripts/genpadding.sh >$@
 .c.o: $(OBJS)
 	$(CC) $(CFLAGS) -ansi $(INCLUDES) -c $< -o $@
 clean: 
 	rm -f $(OBJS) libcrypto.a
--- a/misclibs/Makefile
+++ b/misclibs/Makefile
@@ -6,7 +6,7 @@ TOP ?= ../
 CC ?= gcc
 INCLUDES += -I./include \
 		-I$(TOP)/common/include \
-		-I$(TOP)/cryptolib/include \
+		-I$(TOP)/vboot_firmware/lib/cryptolib/include \
 		-I$(TOP)/vfirmware/include \
 		-I$(TOP)/vkernel/include
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -6,18 +6,14 @@ TOP ?= ../
 CC ?= gcc
 CFLAGS ?= -Wall -DNDEBUG -O3 -Werror
 INCLUDES += -I./include \
-		-I../cryptolib/include \
+		-I$(FWDIR)/lib/cryptolib/include \
 		-I../common/include \
 		-I../misclibs/include \
 		-I../vfirmware/include\
 		-I../vkernel/include
 BASE_LIBS = $(TOP)/cryptolib/libcrypto.a $(TOP)/common/libcommon.a
 IMAGE_LIBS = $(TOP)/vfirmware/firmware_image.o \
-		$(TOP)/vfirmware/firmware_image_fw.o \
+		$(TOP)/vkernel/kernel_image.o
 		$(TOP)/vkernel/kernel_image.o \
 		$(TOP)/vkernel/kernel_image_fw.o
 UTIL_LIBS = $(TOP)/misclibs/file_keys.o $(TOP)/misclibs/signature_digest.o
-LIBS = $(IMAGE_LIBS) $(UTIL_LIBS) -lcrypto $(BASE_LIBS)
+LIBS = $(IMAGE_LIBS) $(UTIL_LIBS) $(FWLIB) -lcrypto
 TEST_BINS = big_firmware_tests \
 		big_kernel_tests \
@@ -75,18 +71,18 @@ kernel_verify_benchmark: kernel_verify_benchmark.c timer_utils.c \
 	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(LIBS)
 rsa_padding_test: rsa_padding_test.c
-	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ $(UTIL_LIBS) $(BASE_LIBS) \
+	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ $(UTIL_LIBS) $(FWLIB) \
 	-lcrypto
 rsa_verify_benchmark: rsa_verify_benchmark.c timer_utils.c
-	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(UTIL_LIBS) $(BASE_LIBS) \
+	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(UTIL_LIBS) $(FWLIB) \
 	-lcrypto
 sha_benchmark:	sha_benchmark.c timer_utils.c
-	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(BASE_LIBS)
+	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(FWLIB)
 sha_tests: sha_tests.c
-	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ $(BASE_LIBS)
+	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ $(FWLIB)
 verify_firmware_fuzz_driver: verify_firmware_fuzz_driver.c \
 	rollback_index_mock.c
--- a/utility/Makefile
+++ b/utility/Makefile
@@ -6,8 +6,7 @@ TOP ?= ../
 CC ?= gcc
 CXX ?= g++
 INCLUDES += -I./include \
-		-I../cryptolib/include \
+		-I$(FWDIR)/lib/cryptolib/include \
 		-I../common/include \
 		-I../misclibs/include \
 		-I../vfirmware/include\
 		-I../vkernel/include
@@ -15,10 +14,7 @@ CFLAGS ?= -Wall -DNDEBUG -O3 -Werror $(INCLUDES)
 LIBS = $(TOP)/misclibs/file_keys.o \
 	$(TOP)/misclibs/signature_digest.o \
 	$(TOP)/vfirmware/firmware_image.o \
-	$(TOP)/vfirmware/firmware_image_fw.o \
+	$(TOP)/vkernel/kernel_image.o
 	$(TOP)/vkernel/kernel_image.o \
 	$(TOP)/vkernel/kernel_image_fw.o
 FIRMWARELIBS = $(TOP)/cryptolib/libcrypto.a $(TOP)/common/libcommon.a
 SUBDIRS = cgpt
 TARGET_BINS = dumpRSAPublicKey \
@@ -39,21 +35,19 @@ subdirs:
 dumpRSAPublicKey: dumpRSAPublicKey.c
 	$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ -lcrypto
-firmware_utility: firmware_utility.cc $(LIBS) $(FIRMWARELIBS)
+firmware_utility: firmware_utility.cc $(LIBS) $(FWLIB)
 	$(CXX) $(CFLAGS) $(INCLUDES) -ggdb -D__STDC_LIMIT_MACROS $< \
-	-o $@ $(FIRMWARELIBS) $(LIBS) $(TOP)/common/libcommon.a \
+	-o $@ $(LIBS) $(FWLIB) -lcrypto
 	-lcrypto
-kernel_utility: kernel_utility.cc $(LIBS) $(FIRMWARELIBS)
+kernel_utility: kernel_utility.cc $(LIBS) $(FWLIB)
 	$(CXX) $(CFLAGS) $(INCLUDES) -ggdb -D__STDC_LIMIT_MACROS $< \
-	-o $@ $(FIRMWARELIBS) $(LIBS) $(TOP)/common/libcommon.a \
+	-o $@ $(LIBS) $(FWLIB) -lcrypto  
 	-lcrypto
-signature_digest_utility: signature_digest_utility.c $(LIBS) $(FIRMWARELIBS)
+signature_digest_utility: signature_digest_utility.c $(LIBS) $(FWLIB)
-	$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FIRMWARELIBS) -lcrypto
+	$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FWLIB) -lcrypto
-verify_data: verify_data.c $(LIBS) $(FIRMWARELIBS)
+verify_data: verify_data.c $(LIBS) $(FWLIB)
-	$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FIRMWARELIBS) -lcrypto
+	$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FWLIB) -lcrypto
 clean:
 	set -e; \
--- a/utility/cgpt/Makefile
+++ b/utility/cgpt/Makefile
@@ -6,8 +6,7 @@ TOP ?= ../../
 CC ?= cc
 INCLUDES += -I$(TOP)/common/include
 CFLAGS += -Wall -Werror -ggdb
-LIBS += $(TOP)/common/libcommon.a \
+LIBS += $(TOP)/cgptlib/libcgpt.a $(FWLIB)
        $(TOP)/cgptlib/libcgpt.a
 all: cgpt
--- a/vboot_firmware/Makefile
+++ b/vboot_firmware/Makefile
@@ -0,0 +1,44 @@
 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 LIBNAME = vboot_fw.a
 CC ?= gcc
 CFLAGS = -Wall -DNDEBUG -O3 -Werror
 FWTOP := $(shell pwd)
 LIBDIR = $(FWTOP)/lib
 STUBDIR = $(FWTOP)/stub
 TESTDIR = $(FWTOP)/linktest
 INC = \
 	-I$(FWTOP)/include \
 	-I$(LIBDIR)/include \
 	-I$(LIBDIR)/cryptolib/include
 LIB_SRCS := $(shell find $(LIBDIR) -iname '*.c')
 LIB_OBJS := $(LIB_SRCS:%.c=%.o)
 STUB_SRCS := $(shell find $(STUBDIR) -iname '*.c')
 STUB_OBJS := $(STUB_SRCS:%.c=%.o)
 test : $(LIBNAME)
 	$(CC) $(CFLAGS) $(INC) -o $(TESTDIR)/a.out $(TESTDIR)/main.c $(LIBNAME)
 $(LIBNAME) : $(LIB_OBJS) $(STUB_OBJS)
 	rm -f $@
 	ar qc $@ $^
 %o : %c
 	$(CC) $(CFLAGS) $(INC) -c -o $@ $<
 clean: FORCE
 	rm -f $(LIBNAME) $(LIB_OBJS) $(STUB_OBJS) $(TESTDIR)/a.out
 FORCE:
 .PHONY: FORCE
--- a/vboot_firmware/README
+++ b/vboot_firmware/README
@@ -0,0 +1,6 @@
 lib/ is stuff that the BIOS needs to link with.
 stub/ is stuff to be implemented by the BIOS.
 include/ describes the interfaces between the two parts.
--- a/vboot_firmware/include/boot_device.h
+++ b/vboot_firmware/include/boot_device.h
--- a/vboot_firmware/include/firmware_image_fw.h
+++ b/vboot_firmware/include/firmware_image_fw.h
--- a/vboot_firmware/include/kernel_image_fw.h
+++ b/vboot_firmware/include/kernel_image_fw.h
--- a/vboot_firmware/include/load_kernel_fw.h
+++ b/vboot_firmware/include/load_kernel_fw.h
@@ -38,7 +38,7 @@ typedef struct LoadKernelParams {
  uint64_t bootloader_size;     /* Size of bootloader image in bytes */
 } LoadKernelParams;
-uintn_t LoadKernel(LoadKernelParams* params);
+uint64_t LoadKernel(LoadKernelParams* params);
 /* Attempts to load the kernel from the current device.
 *
 * Returns LOAD_KERNEL_SUCCESS if successful, error code on failure. */
--- a/vboot_firmware/include/rollback_index.h
+++ b/vboot_firmware/include/rollback_index.h
--- a/vboot_firmware/include/tlcl.h
+++ b/vboot_firmware/include/tlcl.h
--- a/vboot_firmware/include/utility.h
+++ b/vboot_firmware/include/utility.h
--- a/vboot_firmware/lib/cryptolib/README
+++ b/vboot_firmware/lib/cryptolib/README
@@ -0,0 +1,3 @@
 This contains the implementation for the crypto library. This includes
 implementations for SHA1, SHA256, SHA512, and RSA signature verification
 (for PKCS #1 v1.5 signatures).
--- a/vboot_firmware/lib/cryptolib/include/cryptolib.h
+++ b/vboot_firmware/lib/cryptolib/include/cryptolib.h
--- a/vboot_firmware/lib/cryptolib/include/padding.h
+++ b/vboot_firmware/lib/cryptolib/include/padding.h
--- a/vboot_firmware/lib/cryptolib/include/rsa.h
+++ b/vboot_firmware/lib/cryptolib/include/rsa.h
--- a/vboot_firmware/lib/cryptolib/include/sha.h
+++ b/vboot_firmware/lib/cryptolib/include/sha.h
--- a/vboot_firmware/lib/cryptolib/padding.c
+++ b/vboot_firmware/lib/cryptolib/padding.c
--- a/vboot_firmware/lib/cryptolib/rsa.c
+++ b/vboot_firmware/lib/cryptolib/rsa.c
--- a/vboot_firmware/lib/cryptolib/rsa_utility.c
+++ b/vboot_firmware/lib/cryptolib/rsa_utility.c
--- a/vboot_firmware/lib/cryptolib/sha1.c
+++ b/vboot_firmware/lib/cryptolib/sha1.c
--- a/vboot_firmware/lib/cryptolib/sha2.c
+++ b/vboot_firmware/lib/cryptolib/sha2.c
--- a/vboot_firmware/lib/cryptolib/sha_utility.c
+++ b/vboot_firmware/lib/cryptolib/sha_utility.c
--- a/vboot_firmware/lib/firmware_image_fw.c
+++ b/vboot_firmware/lib/firmware_image_fw.c
--- a/vboot_firmware/lib/include/tss_constants.h
+++ b/vboot_firmware/lib/include/tss_constants.h
--- a/vboot_firmware/lib/kernel_image_fw.c
+++ b/vboot_firmware/lib/kernel_image_fw.c
--- a/vboot_firmware/lib/rollback_index.c
+++ b/vboot_firmware/lib/rollback_index.c
--- a/vboot_firmware/lib/tlcl.c
+++ b/vboot_firmware/lib/tlcl.c
--- a/vboot_firmware/linktest/main.c
+++ b/vboot_firmware/linktest/main.c
@@ -0,0 +1,55 @@
 #include <stdio.h>
 #include "firmware_image_fw.h"
 #include "kernel_image_fw.h"
 #include "load_kernel_fw.h"
 #include "rollback_index.h"
 #include "tlcl.h"
 int main(void)
 {
  // firmware_image_fw.h
  VerifyFirmwareHeader(0, 0, 0, 0);
  VerifyFirmwarePreamble(0, 0, 0, 0);
  VerifyFirmwareData(0, 0, 0, 0, 0);
  VerifyFirmware(0, 0, 0);
  GetLogicalFirmwareVersion(0);
  VerifyFirmwareDriver_f(0, 0, 0, 0, 0);
  // kernel_image_fw.h
  VerifyKernelHeader(0, 0, 0, 0, 0, 0);
  VerifyKernelConfig(0, 0, 0, 0);
  VerifyKernelData(0, 0, 0, 0, 0);
  VerifyKernel(0, 0, 0);
  GetLogicalKernelVersion(0);
  VerifyKernelDriver_f(0, 0, 0, 0);
  // load_kernel_fw.h
  // FIXME: LoadKernel(0);
  // rollback_index.h
  SetupTPM();
  GetStoredVersion(0);
  WriteStoredVersion(0, 0);
  LockStoredVersion(0);
  // tlcl.h
  TlclLibinit();
  TlclStartup();
  TlclSelftestfull();
  TlclDefineSpace(0, 0, 0);
  TlclWrite(0, 0, 0);
  TlclRead(0, 0, 0);
  TlclWriteLock(0);
  TlclReadLock(0);
  TlclAssertPhysicalPresence();
  TlclSetNvLocked();
  TlclIsOwned();
  TlclForceClear();
  TlclPhysicalEnable();
  TlclPhysicalSetDeactivated(0);
  TlclGetFlags(0, 0);
  return 0;
 }
--- a/vboot_firmware/stub/boot_device_stub.c
+++ b/vboot_firmware/stub/boot_device_stub.c
--- a/vboot_firmware/stub/utility_stub.c
+++ b/vboot_firmware/stub/utility_stub.c
--- a/vfirmware/Makefile
+++ b/vfirmware/Makefile
@@ -4,11 +4,11 @@
 CC ?= gcc
 INCLUDES += -I./include \
-		-I../cryptolib/include \
+		-I$(FWDIR)/lib/cryptolib/include \
 		-I../common/include \
 		-I../misclibs/include
 CFLAGS ?= -Wall -DNDEBUG -O3 -Werror
-FIRMWARE_OUT = firmware_image_fw.o firmware_image.o
+FIRMWARE_OUT = firmware_image.o
 all: $(FIRMWARE_OUT)
--- a/vkernel/Makefile
+++ b/vkernel/Makefile
@@ -4,11 +4,11 @@
 CC ?= gcc
 INCLUDES += -I./include \
-		-I../cryptolib/include \
+		-I$(FWDIR)/lib/cryptolib/include \
 		-I../common/include \
 		-I../misclibs/include
 CFLAGS ?= -Wall -DNDEBUG -O3 -Werror
-KERNEL_OUT = kernel_image_fw.o kernel_image.o
+KERNEL_OUT = kernel_image.o
 all: $(KERNEL_OUT)