vboot2: Add routines to load and verify kernel keyblock

These are slightly more complex than the firmware versions, because they need to deal with developer-signed keyblocks and keyblock flags. BUG=chromium:487699 BRANCH=none TEST=make -j runtests Change-Id: I682c14ddfe729984f2629dfbe66750e5cd5ab75e Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/272541 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
2025-11-27 11:44:02 +00:00 · 2015-05-20 17:22:17 -07:00
parent b87d1ec118
commit 3d5cd88f90
8 changed files with 717 additions and 3 deletions
--- a/firmware/lib20/include/vb2_common.h
+++ b/firmware/lib20/include/vb2_common.h
@@ -156,6 +156,22 @@ int vb2_verify_keyblock(struct vb2_keyblock *block,
 			const struct vb2_public_key *key,
 			const struct vb2_workbuf *wb);

+/**
+ * Verify a key block using its hash.
+ *
+ * Header fields are also checked for sanity.  Does not verify key index or key
+ * block flags.  Use this for self-signed keyblocks in developer mode.
+ *
+ * @param block		Key block to verify
+ * @param size		Size of key block buffer
+ * @param key		Key to use to verify block
+ * @param wb		Work buffer
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+int vb2_verify_keyblock_hash(const struct vb2_keyblock *block,
+			     uint32_t size,
+			     const struct vb2_workbuf *wb);
+
 /**
 * Check the sanity of a firmware preamble using a public key.
 *