Rearrange vboot_reference directories to isolate external components.

This creates a new vboot_firmware subdirectory, and which contains the
entirety of the BIOS code. There shouldn't be anything in this directory
that is NOT required by the BIOS.

Review URL: http://codereview.chromium.org/2219004

Makefile

@@ -5,13 +5,15 @@
 export CC ?= gcc
 export CFLAGS = -Wall -DNDEBUG -O3 -Werror
 export TOP = $(shell pwd)
+export FWDIR=$(TOP)/vboot_firmware
 export INCLUDES = \
-	-I$(TOP)/common/include \
+	-I$(FWDIR)/include \
-	-I$(TOP)/cryptolib/include \
 	-I$(TOP)/misclibs/include \
 	-I$(TOP)/cgptlib
 
-SUBDIRS=common cgptlib cryptolib misclibs vfirmware vkernel utility tests
+export FWLIB=$(FWDIR)/vboot_fw.a
+
+SUBDIRS=vboot_firmware cgptlib misclibs vfirmware vkernel utility tests
 
 all:
 	set -e; \

README

@@ -7,26 +7,21 @@ Directory Structure
 
 The source is organized into distinct modules -
 
-cryptolib/ - Contains the implementation for the crypto library. This
+vboot_firmware/ - Contains ONLY the code required by the BIOS to validate
-includes implementations for SHA1, SHA256, SHA512, and RSA signature
+the secure boot components. There shouldn't be any code in here that signs
-verification (for PKCS #1 v1.5 signatures).
+or generates images. BIOS should require ONLY this directory to implement
+secure boot. Refer to vboot_firmware/README for futher details.
 
-common/ - Utility functions and stub implementations for wrapper
+cgptlib/ - Work in progress for handling GPT headers. Parts of this will no
-functions used in the verification code. These stub implementations
+doubt be migrated into vboot_firmware/
-will need to be replaced with appropriate firmware equivalents.
 
 misclibs/ - Miscellaneous functions used by userland utilities.
 
 utility/ - Utilities for generating and verifying signed
 firmware and kernel images, as well as arbitrary blobs.
 
-vfirmware/ and vkernel/ - The main firmware and kernel image
+vfirmware/ and vkernel/ - Functions for generating, verifying, and
-verification modules. It has functions for verifying and manipulating
+manipulating signed firmware and kernel images.
-signed firmware and kernel images. The main files of interest are:
-       vfirmware/firmware_image_fw.c (verification Functions used in Firmware)
-       vfirmware/firmware_image.c (functions for userland tools)
-       vkernel/kernel_image_fw.c (verification functions used in Firmware)
-       vkernel/kernel_image.c (functions for userland tools)
 
 tests/ - User-land tests and benchmarks that test the reference
 implementation. Please have a look at these if you'd like to
@@ -49,29 +44,6 @@ dumpRSAPublicKey.c Dump RSA Public key (from a DER-encoded X509
 verify_data.c Verify a given signature on a given file.
 				 
 
----------- 
-What is required for a minimal verified boot implementation
-----------
-
-1) cryptolib/ - as a separate module since it will be used by others
-parts of the verified boot process.
-
-2) common/ - this contains the interface for dealing with memory allocation
-and interacting with the TPM. The stubs will need to be replaced with their
-firmware-level equivalents.
-
-3) Verified Firmware and Kernel image verification - This is the core
-of the verified boot implementation. They are implemented under vfirmware
-and vkernel (for firmware and kernel image verification respectively). 
-
-firmware_image_fw.c and kernel_image_fw.c : Contain verification logic
-		    			    used in the firmware. Needed.
-
-firmware_image.c and kernel_image.c : High level functions used by userland
-		     		      tools. NOT needed in the firmware.
-
-cryptolib/, common/, vfirmware/firmware_image_fw.c are part of the RO firmware.
-vkernel/kernel_image_fw.c is part of the RW firmware (it verifies the OS kernel).
  
 ---------- 
 Generating a signed firmware image: 

cgptlib/tests/Makefile

@@ -4,7 +4,7 @@
 
 TOP ?= ../../
 CFLAGS += -Wall -DNDEBUG -Werror -ansi
-LIBS = $(TOP)/cgptlib/libcgpt.a $(TOP)/common/libcommon.a
+LIBS = $(TOP)/cgptlib/libcgpt.a $(FWLIB)
 OBJS = cgptlib_test.o quick_sort_test.o crc32_test.o
 OUT = cgptlib_test
 

common/Makefile

@@ -1,18 +0,0 @@
-# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-SRCS = boot_device_stub.c rollback_index.c tlcl_stub.c utility_stub.c
-OBJS = $(SRCS:.c=.o)
-INCLUDES += -I./include/
-
-all:	libcommon.a
-
-libcommon.a:	$(OBJS)
-	ar rs $@ $^
-
-.c.o:	$(OBJS)
-	$(CC) $(CFLAGS) $(INCLUDES) -c $< -o $@
-
-clean: 
-	rm -f $(OBJS) libcommon.a

cryptolib/Makefile

@@ -1,23 +0,0 @@
-# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-TOP ?= ../
-SRCS = rsa.c sha1.c sha2.c padding.c rsa_utility.c sha_utility.c
-OBJS = $(SRCS:.c=.o)
-CFLAGS += -DUNROLL_LOOPS -DHAVE_ENDIAN_H -DHAVE_LITTLE_ENDIAN -DNDEBUG
-INCLUDES += -I./include/ -I$(TOP)/common/include/
-
-all: libcrypto.a
-
-libcrypto.a: $(OBJS)
-	ar rs libcrypto.a $(OBJS)
-
-padding.c: $(TOP)/scripts/genpadding.sh
-	$(TOP)/scripts/genpadding.sh >$@
-
-.c.o: $(OBJS)
-	$(CC) $(CFLAGS) -ansi $(INCLUDES) -c $< -o $@
-
-clean: 
-	rm -f $(OBJS) libcrypto.a

misclibs/Makefile

@@ -6,7 +6,7 @@ TOP ?= ../
 CC ?= gcc
 INCLUDES += -I./include \
 		-I$(TOP)/common/include \
-		-I$(TOP)/cryptolib/include \
+		-I$(TOP)/vboot_firmware/lib/cryptolib/include \
 		-I$(TOP)/vfirmware/include \
 		-I$(TOP)/vkernel/include
 

tests/Makefile

@@ -6,18 +6,14 @@ TOP ?= ../
 CC ?= gcc
 CFLAGS ?= -Wall -DNDEBUG -O3 -Werror
 INCLUDES += -I./include \
-		-I../cryptolib/include \
+		-I$(FWDIR)/lib/cryptolib/include \
-		-I../common/include \
 		-I../misclibs/include \
 		-I../vfirmware/include\
 		-I../vkernel/include
-BASE_LIBS = $(TOP)/cryptolib/libcrypto.a $(TOP)/common/libcommon.a
 IMAGE_LIBS = $(TOP)/vfirmware/firmware_image.o \
-		$(TOP)/vfirmware/firmware_image_fw.o \
+		$(TOP)/vkernel/kernel_image.o
-		$(TOP)/vkernel/kernel_image.o \
-		$(TOP)/vkernel/kernel_image_fw.o
 UTIL_LIBS = $(TOP)/misclibs/file_keys.o $(TOP)/misclibs/signature_digest.o
-LIBS = $(IMAGE_LIBS) $(UTIL_LIBS) -lcrypto $(BASE_LIBS)
+LIBS = $(IMAGE_LIBS) $(UTIL_LIBS) $(FWLIB) -lcrypto
 
 TEST_BINS = big_firmware_tests \
 		big_kernel_tests \
@@ -75,18 +71,18 @@ kernel_verify_benchmark: kernel_verify_benchmark.c timer_utils.c \
 	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(LIBS)
 
 rsa_padding_test: rsa_padding_test.c
-	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ $(UTIL_LIBS) $(BASE_LIBS) \
+	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ $(UTIL_LIBS) $(FWLIB) \
 	-lcrypto
 
 rsa_verify_benchmark: rsa_verify_benchmark.c timer_utils.c
-	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(UTIL_LIBS) $(BASE_LIBS) \
+	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(UTIL_LIBS) $(FWLIB) \
 	-lcrypto
 
 sha_benchmark:	sha_benchmark.c timer_utils.c
-	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(BASE_LIBS)
+	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ -lrt $(FWLIB)
 
 sha_tests: sha_tests.c
-	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ $(BASE_LIBS)
+	$(CC) $(CFLAGS) $(INCLUDES) $^ -o $@ $(FWLIB)
 
 verify_firmware_fuzz_driver: verify_firmware_fuzz_driver.c \
 	rollback_index_mock.c

utility/Makefile

@@ -6,8 +6,7 @@ TOP ?= ../
 CC ?= gcc
 CXX ?= g++
 INCLUDES += -I./include \
-		-I../cryptolib/include \
+		-I$(FWDIR)/lib/cryptolib/include \
-		-I../common/include \
 		-I../misclibs/include \
 		-I../vfirmware/include\
 		-I../vkernel/include
@@ -15,10 +14,7 @@ CFLAGS ?= -Wall -DNDEBUG -O3 -Werror $(INCLUDES)
 LIBS = $(TOP)/misclibs/file_keys.o \
 	$(TOP)/misclibs/signature_digest.o \
 	$(TOP)/vfirmware/firmware_image.o \
-	$(TOP)/vfirmware/firmware_image_fw.o \
+	$(TOP)/vkernel/kernel_image.o
-	$(TOP)/vkernel/kernel_image.o \
-	$(TOP)/vkernel/kernel_image_fw.o
-FIRMWARELIBS = $(TOP)/cryptolib/libcrypto.a $(TOP)/common/libcommon.a
 SUBDIRS = cgpt
 
 TARGET_BINS = dumpRSAPublicKey \
@@ -39,21 +35,19 @@ subdirs:
 dumpRSAPublicKey: dumpRSAPublicKey.c
 	$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ -lcrypto
 
-firmware_utility: firmware_utility.cc $(LIBS) $(FIRMWARELIBS)
+firmware_utility: firmware_utility.cc $(LIBS) $(FWLIB)
 	$(CXX) $(CFLAGS) $(INCLUDES) -ggdb -D__STDC_LIMIT_MACROS $< \
-	-o $@ $(FIRMWARELIBS) $(LIBS) $(TOP)/common/libcommon.a \
+	-o $@ $(LIBS) $(FWLIB) -lcrypto
-	-lcrypto
 
-kernel_utility: kernel_utility.cc $(LIBS) $(FIRMWARELIBS)
+kernel_utility: kernel_utility.cc $(LIBS) $(FWLIB)
 	$(CXX) $(CFLAGS) $(INCLUDES) -ggdb -D__STDC_LIMIT_MACROS $< \
-	-o $@ $(FIRMWARELIBS) $(LIBS) $(TOP)/common/libcommon.a \
+	-o $@ $(LIBS) $(FWLIB) -lcrypto  
-	-lcrypto
 
-signature_digest_utility: signature_digest_utility.c $(LIBS) $(FIRMWARELIBS)
+signature_digest_utility: signature_digest_utility.c $(LIBS) $(FWLIB)
-	$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FIRMWARELIBS) -lcrypto
+	$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FWLIB) -lcrypto
 
-verify_data: verify_data.c $(LIBS) $(FIRMWARELIBS)
+verify_data: verify_data.c $(LIBS) $(FWLIB)
-	$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FIRMWARELIBS) -lcrypto
+	$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) $(FWLIB) -lcrypto
 
 clean:
 	set -e; \

utility/cgpt/Makefile

@@ -6,8 +6,7 @@ TOP ?= ../../
 CC ?= cc
 INCLUDES += -I$(TOP)/common/include
 CFLAGS += -Wall -Werror -ggdb
-LIBS += $(TOP)/common/libcommon.a \
+LIBS += $(TOP)/cgptlib/libcgpt.a $(FWLIB)
-        $(TOP)/cgptlib/libcgpt.a
 
 all: cgpt
 

vboot_firmware/Makefile

@@ -0,0 +1,44 @@
+# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+LIBNAME = vboot_fw.a
+
+CC ?= gcc
+CFLAGS = -Wall -DNDEBUG -O3 -Werror
+
+FWTOP := $(shell pwd)
+LIBDIR = $(FWTOP)/lib
+STUBDIR = $(FWTOP)/stub
+TESTDIR = $(FWTOP)/linktest
+
+INC = \
+	-I$(FWTOP)/include \
+	-I$(LIBDIR)/include \
+	-I$(LIBDIR)/cryptolib/include
+
+
+LIB_SRCS := $(shell find $(LIBDIR) -iname '*.c')
+LIB_OBJS := $(LIB_SRCS:%.c=%.o)
+
+STUB_SRCS := $(shell find $(STUBDIR) -iname '*.c')
+STUB_OBJS := $(STUB_SRCS:%.c=%.o)
+
+
+test : $(LIBNAME)
+	$(CC) $(CFLAGS) $(INC) -o $(TESTDIR)/a.out $(TESTDIR)/main.c $(LIBNAME)
+
+$(LIBNAME) : $(LIB_OBJS) $(STUB_OBJS)
+	rm -f $@
+	ar qc $@ $^
+
+%o : %c
+	$(CC) $(CFLAGS) $(INC) -c -o $@ $<
+
+clean: FORCE
+	rm -f $(LIBNAME) $(LIB_OBJS) $(STUB_OBJS) $(TESTDIR)/a.out
+
+FORCE:
+
+
+.PHONY: FORCE

vboot_firmware/README

@@ -0,0 +1,6 @@
+
+lib/ is stuff that the BIOS needs to link with.
+
+stub/ is stuff to be implemented by the BIOS.
+
+include/ describes the interfaces between the two parts.

vboot_firmware/include/load_kernel_fw.h

@@ -38,7 +38,7 @@ typedef struct LoadKernelParams {
   uint64_t bootloader_size;     /* Size of bootloader image in bytes */
 } LoadKernelParams;
 
-uintn_t LoadKernel(LoadKernelParams* params);
+uint64_t LoadKernel(LoadKernelParams* params);
 /* Attempts to load the kernel from the current device.
  *
  * Returns LOAD_KERNEL_SUCCESS if successful, error code on failure. */

vboot_firmware/lib/cryptolib/README

@@ -0,0 +1,3 @@
+This contains the implementation for the crypto library. This includes
+implementations for SHA1, SHA256, SHA512, and RSA signature verification
+(for PKCS #1 v1.5 signatures).

vboot_firmware/linktest/main.c

@@ -0,0 +1,55 @@
+#include <stdio.h>
+
+#include "firmware_image_fw.h"
+#include "kernel_image_fw.h"
+#include "load_kernel_fw.h"
+#include "rollback_index.h"
+#include "tlcl.h"
+
+int main(void)
+{
+
+  // firmware_image_fw.h
+  VerifyFirmwareHeader(0, 0, 0, 0);
+  VerifyFirmwarePreamble(0, 0, 0, 0);
+  VerifyFirmwareData(0, 0, 0, 0, 0);
+  VerifyFirmware(0, 0, 0);
+  GetLogicalFirmwareVersion(0);
+  VerifyFirmwareDriver_f(0, 0, 0, 0, 0);
+
+  // kernel_image_fw.h
+  VerifyKernelHeader(0, 0, 0, 0, 0, 0);
+  VerifyKernelConfig(0, 0, 0, 0);
+  VerifyKernelData(0, 0, 0, 0, 0);
+  VerifyKernel(0, 0, 0);
+  GetLogicalKernelVersion(0);
+  VerifyKernelDriver_f(0, 0, 0, 0);
+
+  // load_kernel_fw.h
+  // FIXME: LoadKernel(0);
+
+  // rollback_index.h
+  SetupTPM();
+  GetStoredVersion(0);
+  WriteStoredVersion(0, 0);
+  LockStoredVersion(0);
+
+  // tlcl.h
+  TlclLibinit();
+  TlclStartup();
+  TlclSelftestfull();
+  TlclDefineSpace(0, 0, 0);
+  TlclWrite(0, 0, 0);
+  TlclRead(0, 0, 0);
+  TlclWriteLock(0);
+  TlclReadLock(0);
+  TlclAssertPhysicalPresence();
+  TlclSetNvLocked();
+  TlclIsOwned();
+  TlclForceClear();
+  TlclPhysicalEnable();
+  TlclPhysicalSetDeactivated(0);
+  TlclGetFlags(0, 0);
+
+  return 0;
+}

vfirmware/Makefile

@@ -4,11 +4,11 @@
 
 CC ?= gcc
 INCLUDES += -I./include \
-		-I../cryptolib/include \
+		-I$(FWDIR)/lib/cryptolib/include \
 		-I../common/include \
 		-I../misclibs/include
 CFLAGS ?= -Wall -DNDEBUG -O3 -Werror
-FIRMWARE_OUT = firmware_image_fw.o firmware_image.o
+FIRMWARE_OUT = firmware_image.o
 
 all: $(FIRMWARE_OUT)
 

vkernel/Makefile

@@ -4,11 +4,11 @@
 
 CC ?= gcc
 INCLUDES += -I./include \
-		-I../cryptolib/include \
+		-I$(FWDIR)/lib/cryptolib/include \
 		-I../common/include \
 		-I../misclibs/include
 CFLAGS ?= -Wall -DNDEBUG -O3 -Werror
-KERNEL_OUT = kernel_image_fw.o kernel_image.o
+KERNEL_OUT = kernel_image.o
 
 all: $(KERNEL_OUT)