vboot2: Add routines to load and verify kernel keyblock

These are slightly more complex than the firmware versions, because they need to deal with developer-signed keyblocks and keyblock flags. BUG=chromium:487699 BRANCH=none TEST=make -j runtests Change-Id: I682c14ddfe729984f2629dfbe66750e5cd5ab75e Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/272541 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
2025-11-24 02:05:01 +00:00 · 2015-05-20 17:22:17 -07:00
parent b87d1ec118
commit 3d5cd88f90
8 changed files with 717 additions and 3 deletions
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -31,12 +31,16 @@ enum vb2_shared_data_flags {
 	VB2_SD_FLAG_MANUAL_RECOVERY = (1 << 0),

 	/* Developer mode is enabled */
+	/* TODO: should have been VB2_SD_FLAG_DEV_MODE_ENABLED */
 	VB2_SD_DEV_MODE_ENABLED = (1 << 1),

 	/*
 	 * TODO: might be nice to add flags for why dev mode is enabled - via
 	 * gbb, virtual dev switch, or forced on for testing.
 	 */
+
+	/* Kernel keyblock was verified by signature (not just hash) */
+	VB2_SD_FLAG_KERNEL_SIGNED = (1 << 2),
 };

 /* Flags for vb2_shared_data.status */
@@ -100,6 +104,25 @@ struct vb2_shared_data {
 	 */
 	uint32_t status;

+	/**********************************************************************
+	 * Data from kernel verification stage.
+	 *
+	 * TODO: shouldn't be part of the main struct, since that needlessly
+	 * uses more memory during firmware verification.
+	 */
+
+	/*
+	 * Version for the current kernel (top 16 bits = key, lower 16 bits =
+	 * kernel preamble).
+	 *
+	 * TODO: Make this a union to allow getting/setting those versions
+	 * separately?
+	 */
+	uint32_t kernel_version;
+
+	/* Kernel version from secdatak (must be <= kernel_version to boot) */
+	uint32_t kernel_version_secdatak;
+
 	/**********************************************************************
 	 * Temporary variables used during firmware verification.  These don't
 	 * really need to persist through to the OS, but there's nowhere else
@@ -151,6 +174,25 @@ struct vb2_shared_data {
 	/* Amount of data we still expect to hash */
 	uint32_t hash_remaining_size;

+	/**********************************************************************
+	 * Temporary variables used during kernel verification.  These don't
+	 * really need to persist through to the OS, but there's nowhere else
+	 * we can put them.
+	 *
+	 * TODO: make a union with the firmware verification temp variables,
+	 * or make both of them workbuf-allocated sub-structs, so that we can
+	 * overlap them so kernel variables don't bloat firmware verification
+	 * stage memory requirements.
+	 */
+
+	/*
+	 * Offset and size of packed kernel key in work buffer.  Size is 0 if
+	 * subkey is not stored in the work buffer.  Note that kernel key may
+	 * be inside the firmware preamble.
+	 */
+	uint32_t workbuf_kernel_key_offset;
+	uint32_t workbuf_kernel_key_size;
+
 } __attribute__((packed));

 /****************************************************************************/