diff --git a/utility/Makefile b/utility/Makefile index 6a65e0beff..5cd361634c 100644 --- a/utility/Makefile +++ b/utility/Makefile @@ -30,8 +30,9 @@ TARGET_NAMES = dumpRSAPublicKey \ kernel_utility \ load_kernel_test \ signature_digest_utility \ - vbutil_key \ + vbutil_firmware \ vbutil_kernel \ + vbutil_key \ vbutil_keyblock \ verify_data @@ -60,6 +61,9 @@ ${BUILD_ROOT}/kernel_utility: kernel_utility.cc $(LIBS) ${BUILD_ROOT}/signature_digest_utility: signature_digest_utility.c $(LIBS) $(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) -lcrypto +${BUILD_ROOT}/vbutil_firmware: vbutil_firmware.c $(LIBS) + $(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) -lcrypto + ${BUILD_ROOT}/vbutil_kernel: vbutil_kernel.c $(LIBS) $(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS) -lcrypto diff --git a/utility/vbutil_firmware.c b/utility/vbutil_firmware.c new file mode 100644 index 0000000000..efc91276a0 --- /dev/null +++ b/utility/vbutil_firmware.c @@ -0,0 +1,330 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Verified boot firmware utility + */ + +#include +#include /* For PRIu64 */ +#include +#include +#include +#include + +#include "cryptolib.h" +#include "host_common.h" +#include "kernel_blob.h" +#include "vboot_common.h" + + +/* Command line options */ +enum { + OPT_MODE_VBLOCK = 1000, + OPT_MODE_VERIFY, + OPT_KEYBLOCK, + OPT_SIGNPUBKEY, + OPT_SIGNPRIVATE, + OPT_VERSION, + OPT_FV, + OPT_KERNELKEY, +}; + +static struct option long_opts[] = { + {"vblock", 1, 0, OPT_MODE_VBLOCK }, + {"verify", 1, 0, OPT_MODE_VERIFY }, + {"keyblock", 1, 0, OPT_KEYBLOCK }, + {"signpubkey", 1, 0, OPT_SIGNPUBKEY }, + {"signprivate", 1, 0, OPT_SIGNPRIVATE }, + {"version", 1, 0, OPT_VERSION }, + {"fv", 1, 0, OPT_FV }, + {"kernelkey", 1, 0, OPT_KERNELKEY }, + {NULL, 0, 0, 0} +}; + + +/* Print help and return error */ +static int PrintHelp(void) { + + puts("vbutil_firmware - Verified boot key block utility\n" + "\n" + "Usage: vbutil_firmware <--vblock|--verify> [OPTIONS]\n" + "\n" + "For '--vblock ', required OPTIONS are:\n" + " --keyblock Key block in .keyblock format\n" + " --signprivate Signing private key in .pem format\n" + " --version Firmware version\n" + " --fv Firmware volume to sign\n" + " --kernelkey Kernel subkey in .vbpubk format\n" + "\n" + "For '--verify ', required OPTIONS are:\n" + " --signpubkey Signing public key in .vbpubk format\n" + " --fv Firmware volume to verify\n" + ""); + return 1; +} + + +/* Create a firmware .vblock */ +static int Vblock(const char* outfile, const char* keyblock_file, + const char* signprivate, uint64_t version, + const char* fv_file, const char* kernelkey_file) { + + VbPrivateKey* signing_key; + VbPublicKey* kernel_subkey; + VbSignature* body_sig; + VbFirmwarePreambleHeader* preamble; + VbKeyBlockHeader* key_block; + uint64_t key_block_size; + uint8_t* fv_data; + uint64_t fv_size; + FILE* f; + uint64_t i; + + if (!outfile) { + error("Must specify output filename\n"); + return 1; + } + if (!keyblock_file || !signprivate || !kernelkey_file) { + error("Must specify all keys\n"); + return 1; + } + if (!fv_file) { + error("Must specify firmware volume\n"); + return 1; + } + + /* Read the key block and keys */ + key_block = (VbKeyBlockHeader*)ReadFile(keyblock_file, &key_block_size); + if (!key_block) { + error("Error reading key block.\n"); + return 1; + } + + signing_key = PrivateKeyRead(signprivate, key_block->data_key.algorithm); + if (!signing_key) { + error("Error reading signing key.\n"); + return 1; + } + + kernel_subkey = PublicKeyRead(kernelkey_file); + if (!kernel_subkey) { + error("Error reading kernel subkey.\n"); + return 1; + } + + /* Read and sign the firmware volume */ + fv_data = ReadFile(fv_file, &fv_size); + if (!fv_data) + return 1; + if (!fv_size) { + error("Empty firmware volume file\n"); + return 1; + } + body_sig = CalculateSignature(fv_data, fv_size, signing_key); + if (!body_sig) { + error("Error calculating body signature\n"); + return 1; + } + Free(fv_data); + + /* Create preamble */ + preamble = CreateFirmwarePreamble(version, + kernel_subkey, + body_sig, + signing_key); + if (!preamble) { + error("Error creating preamble.\n"); + return 1; + } + + /* Write the output file */ + f = fopen(outfile, "wb"); + if (!f) { + error("Can't open output file %s\n", outfile); + return 1; + } + i = ((1 != fwrite(key_block, key_block_size, 1, f)) || + (1 != fwrite(preamble, preamble->preamble_size, 1, f))); + fclose(f); + if (i) { + error("Can't write output file %s\n", outfile); + unlink(outfile); + return 1; + } + + /* Success */ + return 0; +} + + +static int Verify(const char* infile, const char* signpubkey, + const char* fv_file) { + + VbKeyBlockHeader* key_block; + VbFirmwarePreambleHeader* preamble; + VbPublicKey* data_key; + VbPublicKey* sign_key; + RSAPublicKey* rsa; + uint8_t* blob; + uint64_t blob_size; + uint8_t* fv_data; + uint64_t fv_size; + uint64_t now = 0; + + if (!infile || !signpubkey || !fv_file) { + error("Must specify filename, signpubkey, and fv\n"); + return 1; + } + + /* Read public signing key */ + sign_key = PublicKeyRead(signpubkey); + if (!sign_key) { + error("Error reading signpubkey.\n"); + return 1; + } + + /* Read blob */ + blob = ReadFile(infile, &blob_size); + if (!blob) { + error("Error reading input file\n"); + return 1; + } + + /* Read firmware volume */ + fv_data = ReadFile(fv_file, &fv_size); + if (!fv_data) { + error("Error reading firmware volume\n"); + return 1; + } + + /* Verify key block */ + key_block = (VbKeyBlockHeader*)blob; + if (0 != KeyBlockVerify(key_block, blob_size, sign_key)) { + error("Error verifying key block.\n"); + return 1; + } + Free(sign_key); + now += key_block->key_block_size; + + printf("Key block:\n"); + data_key = &key_block->data_key; + printf(" Size: %" PRIu64 "\n", key_block->key_block_size); + printf(" Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm, + (data_key->algorithm < kNumAlgorithms ? + algo_strings[data_key->algorithm] : "(invalid)")); + printf(" Data key version: %" PRIu64 "\n", data_key->key_version); + printf(" Flags: %" PRIu64 "\n", key_block->key_block_flags); + + rsa = PublicKeyToRSA(&key_block->data_key); + if (!rsa) { + error("Error parsing data key.\n"); + return 1; + } + + /* Verify preamble */ + preamble = (VbFirmwarePreambleHeader*)(blob + now); + if (0 != VerifyFirmwarePreamble2(preamble, blob_size - now, rsa)) { + error("Error verifying preamble.\n"); + return 1; + } + now += preamble->preamble_size; + + printf("Preamble:\n"); + printf(" Size: %" PRIu64 "\n", preamble->preamble_size); + printf(" Header version: %" PRIu32 ".%" PRIu32"\n", + preamble->header_version_major, preamble->header_version_minor); + printf(" Firmware version: %" PRIu64 "\n", preamble->firmware_version); + printf(" Kernel key algorithm: %" PRIu64 " %s\n", + preamble->kernel_subkey.algorithm, + (preamble->kernel_subkey.algorithm < kNumAlgorithms ? + algo_strings[preamble->kernel_subkey.algorithm] : "(invalid)")); + printf(" Kernel key version: %" PRIu64 "\n", + preamble->kernel_subkey.key_version); + printf(" Firmware body size: %" PRIu64 "\n", + preamble->body_signature.data_size); + + /* TODO: verify body size same as signature size */ + + /* Verify body */ + if (0 != VerifyData(fv_data, &preamble->body_signature, rsa)) { + error("Error verifying firmware body.\n"); + return 1; + } + printf("Body verification succeeded.\n"); + return 0; +} + + +int main(int argc, char* argv[]) { + + char* filename = NULL; + char* key_block_file = NULL; + char* signpubkey = NULL; + char* signprivate = NULL; + uint64_t version = 0; + char* fv_file = NULL; + char* kernelkey_file = NULL; + int mode = 0; + int parse_error = 0; + char* e; + int i; + + while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) { + switch (i) { + case '?': + /* Unhandled option */ + printf("Unknown option\n"); + parse_error = 1; + break; + + case OPT_MODE_VBLOCK: + case OPT_MODE_VERIFY: + mode = i; + filename = optarg; + break; + + case OPT_KEYBLOCK: + key_block_file = optarg; + break; + + case OPT_SIGNPUBKEY: + signpubkey = optarg; + break; + + case OPT_SIGNPRIVATE: + signprivate = optarg; + break; + + case OPT_FV: + fv_file = optarg; + break; + + case OPT_KERNELKEY: + kernelkey_file = optarg; + break; + + case OPT_VERSION: + version = strtoul(optarg, &e, 0); + if (!*optarg || (e && *e)) { + printf("Invalid --version\n"); + parse_error = 1; + } + break; + } + } + + if (parse_error) + return PrintHelp(); + + switch(mode) { + case OPT_MODE_VBLOCK: + return Vblock(filename, key_block_file, signprivate, version, fv_file, + kernelkey_file); + case OPT_MODE_VERIFY: + return Verify(filename, signpubkey, fv_file); + default: + printf("Must specify a mode.\n"); + return PrintHelp(); + } +}