vboot2: Add routines to load and verify kernel keyblock

These are slightly more complex than the firmware versions, because they need to deal with developer-signed keyblocks and keyblock flags. BUG=chromium:487699 BRANCH=none TEST=make -j runtests Change-Id: I682c14ddfe729984f2629dfbe66750e5cd5ab75e Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/272541 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
2025-11-24 02:05:01 +00:00 · 2015-05-20 17:22:17 -07:00
parent b87d1ec118
commit 3d5cd88f90
8 changed files with 717 additions and 3 deletions
--- a/firmware/2lib/include/2misc.h
+++ b/firmware/2lib/include/2misc.h
@@ -141,4 +141,14 @@ int vb2_load_fw_keyblock(struct vb2_context *ctx);
 */
 int vb2_load_fw_preamble(struct vb2_context *ctx);

+/**
+ * Verify the kernel keyblock using the previously-loaded kernel key.
+ *
+ * After this call, the data key is stored in the work buffer.
+ *
+ * @param ctx		Vboot context
+ * @return VB2_SUCCESS, or error code on error.
+ */
+int vb2_load_kernel_keyblock(struct vb2_context *ctx);
+
 #endif  /* VBOOT_REFERENCE_VBOOT_2MISC_H_ */