scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 02:05:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add VBDEBUG macro for debug output.

Browse Source 
Replaced in firmware/ lib; not replaced in host-side utils/tests.

Review URL: http://codereview.chromium.org/2810026
This commit is contained in:
Randall Spangler
2010-06-23 21:17:07 -07:00
parent 07f7865227
commit e2ec98412e
8 changed files with 102 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@@ -4,7 +4,8 @@
export CC ?= gcc
export CXX ?= g++
export CFLAGS = -Wall -DNDEBUG -O3 -Werror -DCHROMEOS_ENVIRONMENT
export CFLAGS = -Wall -DNDEBUG -O3 -Werror -DCHROMEOS_ENVIRONMENT \
-DVBOOT_DEBUG
export TOP = $(shell pwd)
export FWDIR=$(TOP)/firmware
export HOSTDIR=$(TOP)/host

7
firmware/include/utility.h
View File

@@ -12,6 +12,13 @@
#include "sysincludes.h"
/* Debug and error output */
#ifdef VBOOT_DEBUG
#define VBDEBUG(params) debug params
#else
#define VBDEBUG(params)
#endif
/* Outputs an error message and quits. */
void error(const char *format, ...);

20
firmware/lib/cgptlib/cgptlib.c
View File

@@ -23,7 +23,7 @@ int GptInit(GptData *gpt) {
retval = GptSanityCheck(gpt);
if (GPT_SUCCESS != retval) {
debug("GptInit() failed sanity check\n");
VBDEBUG(("GptInit() failed sanity check\n"));
return retval;
}
@@ -48,16 +48,16 @@ int GptNextKernelEntry(GptData* gpt, uint64_t* start_sector, uint64_t* size) {
e = entries + i;
if (!IsKernelEntry(e))
continue;
debug("GptNextKernelEntry looking at same prio partition %d\n", i);
debug("GptNextKernelEntry s%d t%d p%d\n",
GetEntrySuccessful(e), GetEntryTries(e), GetEntryPriority(e));
VBDEBUG(("GptNextKernelEntry looking at same prio partition %d\n", i));
VBDEBUG(("GptNextKernelEntry s%d t%d p%d\n",
GetEntrySuccessful(e), GetEntryTries(e), GetEntryPriority(e)));
if (!(GetEntrySuccessful(e) || GetEntryTries(e)))
continue;
if (GetEntryPriority(e) == gpt->current_priority) {
gpt->current_kernel = i;
*start_sector = e->starting_lba;
*size = e->ending_lba - e->starting_lba + 1;
debug("GptNextKernelEntry likes that one\n");
VBDEBUG(("GptNextKernelEntry likes that one\n"));
return GPT_SUCCESS;
}
}
@@ -69,9 +69,9 @@ int GptNextKernelEntry(GptData* gpt, uint64_t* start_sector, uint64_t* size) {
int current_prio = GetEntryPriority(e);
if (!IsKernelEntry(e))
continue;
debug("GptNextKernelEntry looking at new prio partition %d\n", i);
debug("GptNextKernelEntry s%d t%d p%d\n",
GetEntrySuccessful(e), GetEntryTries(e), GetEntryPriority(e));
VBDEBUG(("GptNextKernelEntry looking at new prio partition %d\n", i));
VBDEBUG(("GptNextKernelEntry s%d t%d p%d\n",
GetEntrySuccessful(e), GetEntryTries(e), GetEntryPriority(e)));
if (!(GetEntrySuccessful(e) || GetEntryTries(e)))
continue;
if (current_prio >= gpt->current_priority)
@@ -89,11 +89,11 @@ int GptNextKernelEntry(GptData* gpt, uint64_t* start_sector, uint64_t* size) {
gpt->current_priority = new_prio;
if (CGPT_KERNEL_ENTRY_NOT_FOUND == new_kernel) {
debug("GptNextKernelEntry no more kernels\n");
VBDEBUG(("GptNextKernelEntry no more kernels\n"));
return GPT_ERROR_NO_VALID_KERNEL;
}
debug("GptNextKernelEntry likes that one\n");
VBDEBUG(("GptNextKernelEntry likes that one\n"));
e = entries + new_kernel;
*start_sector = e->starting_lba;
*size = e->ending_lba - e->starting_lba + 1;

12
firmware/lib/cryptolib/rsa.c
View File

@@ -135,17 +135,17 @@ int RSAVerify(const RSAPublicKey *key,
int success = 1;
if (sig_len != (key->len * sizeof(uint32_t))) {
debug("Signature is of incorrect length!\n");
VBDEBUG(("Signature is of incorrect length!\n"));
return 0;
}
if (sig_type >= kNumAlgorithms) {
debug("Invalid signature type!\n");
VBDEBUG(("Invalid signature type!\n"));
return 0;
}
if (key->len != siglen_map[sig_type] / sizeof(uint32_t)) {
debug("Wrong key passed in!\n");
VBDEBUG(("Wrong key passed in!\n"));
return 0;
}
@@ -162,8 +162,7 @@ int RSAVerify(const RSAPublicKey *key,
if (buf[i] != padding[i]) {
#ifndef NDEBUG
/* TODO(gauravsh): Replace with a macro call for logging. */
debug("Padding: Expecting = %02x Got = %02x\n", padding[i],
buf[i]);
VBDEBUG(("Padding: Expecting = %02x Got = %02x\n", padding[i], buf[i]));
#endif
success = 0;
}
@@ -174,8 +173,7 @@ int RSAVerify(const RSAPublicKey *key,
if (buf[i] != *hash++) {
#ifndef NDEBUG
/* TODO(gauravsh): Replace with a macro call for logging. */
debug("Digest: Expecting = %02x Got = %02x\n", padding[i],
buf[i]);
VBDEBUG(("Digest: Expecting = %02x Got = %02x\n", padding[i], buf[i]));
#endif
success = 0;
}

2
firmware/lib/rollback_index.c
View File

@@ -81,7 +81,7 @@ static uint32_t InitializeSpaces(void) {
uint32_t zero = 0;
uint32_t firmware_perm = TPM_NV_PER_GLOBALLOCK | TPM_NV_PER_PPWRITE;
debug("Initializing spaces\n");
VBDEBUG(("Initializing spaces\n"));
RETURN_ON_FAILURE(TlclSetNvLocked());

56
firmware/lib/vboot_common.c
View File

@@ -109,11 +109,11 @@ RSAPublicKey* PublicKeyToRSA(const VbPublicKey* key) {
RSAPublicKey *rsa;
if (kNumAlgorithms <= key->algorithm) {
debug("Invalid algorithm.\n");
VBDEBUG(("Invalid algorithm.\n"));
return NULL;
}
if (RSAProcessedKeySize((int)key->algorithm) != (int)key->key_size) {
debug("Wrong key size for algorithm\n");
VBDEBUG(("Wrong key size for algorithm\n"));
return NULL;
}
@@ -130,7 +130,7 @@ int VerifyData(const uint8_t* data, const VbSignature *sig,
const RSAPublicKey* key) {
if (sig->sig_size != siglen_map[key->algorithm]) {
debug("Wrong signature size for algorithm.\n");
VBDEBUG(("Wrong signature size for algorithm.\n"));
return 1;
}
@@ -146,7 +146,7 @@ int VerifyDigest(const uint8_t* digest, const VbSignature *sig,
const RSAPublicKey* key) {
if (sig->sig_size != siglen_map[key->algorithm]) {
debug("Wrong signature size for algorithm.\n");
VBDEBUG(("Wrong signature size for algorithm.\n"));
return 1;
}
@@ -165,15 +165,15 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
/* Sanity checks before attempting signature of data */
if (SafeMemcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) {
debug("Not a valid verified boot key block.\n");
VBDEBUG(("Not a valid verified boot key block.\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
if (block->header_version_major != KEY_BLOCK_HEADER_VERSION_MAJOR) {
debug("Incompatible key block header version.\n");
VBDEBUG(("Incompatible key block header version.\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
if (size < block->key_block_size) {
debug("Not enough data for key block.\n");
VBDEBUG(("Not enough data for key block.\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
@@ -186,13 +186,13 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
sig = &block->key_block_signature;
if (VerifySignatureInside(block, block->key_block_size, sig)) {
debug("Key block signature off end of block\n");
VBDEBUG(("Key block signature off end of block\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
rsa = PublicKeyToRSA(key);
if (!rsa) {
debug("Invalid public key\n");
VBDEBUG(("Invalid public key\n"));
return VBOOT_PUBLIC_KEY_INVALID;
}
rv = VerifyData((const uint8_t*)block, sig, rsa);
@@ -208,11 +208,11 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
sig = &block->key_block_checksum;
if (VerifySignatureInside(block, block->key_block_size, sig)) {
debug("Key block hash off end of block\n");
VBDEBUG(("Key block hash off end of block\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
if (sig->sig_size != SHA512_DIGEST_SIZE) {
debug("Wrong hash size for key block.\n");
VBDEBUG(("Wrong hash size for key block.\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
@@ -222,24 +222,24 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
SHA512_DIGEST_SIZE);
Free(header_checksum);
if (rv) {
debug("Invalid key block hash.\n");
VBDEBUG(("Invalid key block hash.\n"));
return VBOOT_KEY_BLOCK_HASH;
}
}
/* Verify we signed enough data */
if (sig->data_size < sizeof(VbKeyBlockHeader)) {
debug("Didn't sign enough data\n");
VBDEBUG(("Didn't sign enough data\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
/* Verify data key is inside the block and inside signed data */
if (VerifyPublicKeyInside(block, block->key_block_size, &block->data_key)) {
debug("Data key off end of key block\n");
VBDEBUG(("Data key off end of key block\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
if (VerifyPublicKeyInside(block, sig->data_size, &block->data_key)) {
debug("Data key off end of signed data\n");
VBDEBUG(("Data key off end of signed data\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
@@ -256,41 +256,41 @@ int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
/* Sanity checks before attempting signature of data */
if (preamble->header_version_major !=
FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) {
debug("Incompatible firmware preamble header version.\n");
VBDEBUG(("Incompatible firmware preamble header version.\n"));
return VBOOT_PREAMBLE_INVALID;
}
if (size < preamble->preamble_size) {
debug("Not enough data for preamble.\n");
VBDEBUG(("Not enough data for preamble.\n"));
return VBOOT_PREAMBLE_INVALID;
}
/* Check signature */
if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) {
debug("Preamble signature off end of preamble\n");
VBDEBUG(("Preamble signature off end of preamble\n"));
return VBOOT_PREAMBLE_INVALID;
}
if (VerifyData((const uint8_t*)preamble, sig, key)) {
debug("Preamble signature validation failed\n");
VBDEBUG(("Preamble signature validation failed\n"));
return VBOOT_PREAMBLE_SIGNATURE;
}
/* Verify we signed enough data */
if (sig->data_size < sizeof(VbFirmwarePreambleHeader)) {
debug("Didn't sign enough data\n");
VBDEBUG(("Didn't sign enough data\n"));
return VBOOT_PREAMBLE_INVALID;
}
/* Verify body signature is inside the block */
if (VerifySignatureInside(preamble, preamble->preamble_size,
&preamble->body_signature)) {
debug("Firmware body signature off end of preamble\n");
VBDEBUG(("Firmware body signature off end of preamble\n"));
return VBOOT_PREAMBLE_INVALID;
}
/* Verify kernel subkey is inside the block */
if (VerifyPublicKeyInside(preamble, preamble->preamble_size,
&preamble->kernel_subkey)) {
debug("Kernel subkey off end of preamble\n");
VBDEBUG(("Kernel subkey off end of preamble\n"));
return VBOOT_PREAMBLE_INVALID;
}
@@ -306,34 +306,34 @@ int VerifyKernelPreamble2(const VbKernelPreambleHeader* preamble,
/* Sanity checks before attempting signature of data */
if (preamble->header_version_major != KERNEL_PREAMBLE_HEADER_VERSION_MAJOR) {
debug("Incompatible kernel preamble header version.\n");
VBDEBUG(("Incompatible kernel preamble header version.\n"));
return VBOOT_PREAMBLE_INVALID;
}
if (size < preamble->preamble_size) {
debug("Not enough data for preamble.\n");
VBDEBUG(("Not enough data for preamble.\n"));
return VBOOT_PREAMBLE_INVALID;
}
/* Check signature */
if (VerifySignatureInside(preamble, preamble->preamble_size, sig)) {
debug("Preamble signature off end of preamble\n");
VBDEBUG(("Preamble signature off end of preamble\n"));
return VBOOT_PREAMBLE_INVALID;
}
if (VerifyData((const uint8_t*)preamble, sig, key)) {
debug("Preamble signature validation failed\n");
VBDEBUG(("Preamble signature validation failed\n"));
return VBOOT_PREAMBLE_SIGNATURE;
}
/* Verify we signed enough data */
if (sig->data_size < sizeof(VbKernelPreambleHeader)) {
debug("Didn't sign enough data\n");
VBDEBUG(("Didn't sign enough data\n"));
return VBOOT_PREAMBLE_INVALID;
}
/* Verify body signature is inside the block */
if (VerifySignatureInside(preamble, preamble->preamble_size,
&preamble->body_signature)) {
debug("Kernel body signature off end of preamble\n");
VBDEBUG(("Kernel body signature off end of preamble\n"));
return VBOOT_PREAMBLE_INVALID;
}

39
firmware/lib/vboot_firmware.c
View File

@@ -46,23 +46,23 @@ int LoadFirmware(LoadFirmwareParams* params) {
/* Clear output params in case we fail */
params->firmware_index = 0;
debug("LoadFirmware started...\n");
VBDEBUG(("LoadFirmware started...\n"));
if (params->kernel_sign_key_size < sizeof(VbPublicKey)) {
debug("Kernel sign key buffer too small\n");
VBDEBUG(("Kernel sign key buffer too small\n"));
return LOAD_FIRMWARE_RECOVERY;
}
/* Must have a root key */
if (!root_key) {
debug("No root key\n");
VBDEBUG(("No root key\n"));
return LOAD_FIRMWARE_RECOVERY;
}
/* Initialize the TPM and read rollback indices. */
/* TODO: fix SetupTPM parameter for developer mode */
if (0 != RollbackFirmwareSetup(0, &tpm_key_version, &tpm_fw_version)) {
debug("Unable to get stored versions.\n");
VBDEBUG(("Unable to get stored versions.\n"));
return LOAD_FIRMWARE_RECOVERY;
}
@@ -90,21 +90,21 @@ int LoadFirmware(LoadFirmwareParams* params) {
vblock_size = params->verification_size_1;
}
if ((0 != KeyBlockVerify(key_block, vblock_size, root_key))) {
debug("Key block verification failed.\n");
VBDEBUG(("Key block verification failed.\n"));
continue;
}
/* Check for rollback of key version. */
key_version = key_block->data_key.key_version;
if (key_version < tpm_key_version) {
debug("Key rollback detected.\n");
VBDEBUG(("Key rollback detected.\n"));
continue;
}
/* Get the key for preamble/data verification from the key block. */
data_key = PublicKeyToRSA(&key_block->data_key);
if (!data_key) {
debug("Unable to parse data key.\n");
VBDEBUG(("Unable to parse data key.\n"));
continue;
}
@@ -114,7 +114,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
if ((0 != VerifyFirmwarePreamble2(preamble,
vblock_size - key_block->key_block_size,
data_key))) {
debug("Preamble verfication failed.\n");
VBDEBUG(("Preamble verfication failed.\n"));
RSAPublicKeyFree(data_key);
continue;
}
@@ -122,7 +122,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
/* Check for rollback of firmware version. */
if (key_version == tpm_key_version &&
preamble->firmware_version < tpm_fw_version) {
debug("Firmware version rollback detected.\n");
VBDEBUG(("Firmware version rollback detected.\n"));
RSAPublicKeyFree(data_key);
continue;
}
@@ -147,13 +147,14 @@ int LoadFirmware(LoadFirmwareParams* params) {
DigestInit(&lfi->body_digest_context, data_key->algorithm);
lfi->body_size_accum = 0;
if (0 != GetFirmwareBody(params, index)) {
debug("GetFirmwareBody() failed for index %d\n", index);
VBDEBUG(("GetFirmwareBody() failed for index %d\n", index));
RSAPublicKeyFree(data_key);
continue;
}
if (lfi->body_size_accum != preamble->body_signature.data_size) {
debug("Hash updated %d bytes but expected %d\n",
(int)lfi->body_size_accum, (int)preamble->body_signature.data_size);
VBDEBUG(("Hash updated %d bytes but expected %d\n",
(int)lfi->body_size_accum,
(int)preamble->body_signature.data_size));
RSAPublicKeyFree(data_key);
continue;
}
@@ -161,7 +162,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
/* Verify firmware data */
body_digest = DigestFinal(&lfi->body_digest_context);
if (0 != VerifyDigest(body_digest, &preamble->body_signature, data_key)) {
debug("Firmware body verification failed.\n");
VBDEBUG(("Firmware body verification failed.\n"));
RSAPublicKeyFree(data_key);
Free(body_digest);
continue;
@@ -172,7 +173,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
Free(body_digest);
/* If we're still here, the firmware is valid. */
debug("Firmware %d is valid.\n", index);
VBDEBUG(("Firmware %d is valid.\n", index));
if (-1 == good_index) {
VbPublicKey *kdest = (VbPublicKey*)params->kernel_sign_key_blob;
@@ -181,7 +182,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
(params->kernel_sign_key_size - sizeof(VbPublicKey)));
if (0 != PublicKeyCopy(kdest, &preamble->kernel_subkey)) {
debug("Kernel subkey too big for buffer.\n");
VBDEBUG(("Kernel subkey too big for buffer.\n"));
continue; /* The firmware signature was good, but the public
* key was bigger that the caller can handle. */
}
@@ -217,23 +218,23 @@ int LoadFirmware(LoadFirmwareParams* params) {
lowest_fw_version > tpm_fw_version)) {
if (0 != RollbackFirmwareWrite((uint16_t)lowest_key_version,
(uint16_t)lowest_fw_version)) {
debug("Unable to write stored versions.\n");
VBDEBUG(("Unable to write stored versions.\n"));
return LOAD_FIRMWARE_RECOVERY;
}
}
/* Lock firmware versions in TPM */
if (0 != RollbackFirmwareLock()) {
debug("Unable to lock firmware versions.\n");
VBDEBUG(("Unable to lock firmware versions.\n"));
return LOAD_FIRMWARE_RECOVERY;
}
/* Success */
debug("Will boot firmware index %d\n", (int)params->firmware_index);
VBDEBUG(("Will boot firmware index %d\n", (int)params->firmware_index));
return LOAD_FIRMWARE_SUCCESS;
}
/* If we're still here, no good firmware, so go to recovery mode. */
debug("Alas, no good firmware.\n");
VBDEBUG(("Alas, no good firmware.\n"));
return LOAD_FIRMWARE_RECOVERY;
}

58
firmware/lib/vboot_kernel.c
View File

@@ -67,7 +67,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
if (gptdata->primary_header) {
if (gptdata->modified & GPT_MODIFIED_HEADER1) {
debug("Updating GPT header 1\n");
VBDEBUG(("Updating GPT header 1\n"));
if (0 != BootDeviceWriteLBA(1, 1, gptdata->primary_header))
return 1;
}
@@ -76,7 +76,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
if (gptdata->primary_entries) {
if (gptdata->modified & GPT_MODIFIED_ENTRIES1) {
debug("Updating GPT entries 1\n");
VBDEBUG(("Updating GPT entries 1\n"));
if (0 != BootDeviceWriteLBA(2, entries_sectors,
gptdata->primary_entries))
return 1;
@@ -86,7 +86,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
if (gptdata->secondary_entries) {
if (gptdata->modified & GPT_MODIFIED_ENTRIES2) {
debug("Updating GPT header 2\n");
VBDEBUG(("Updating GPT header 2\n"));
if (0 != BootDeviceWriteLBA(gptdata->drive_sectors - entries_sectors - 1,
entries_sectors, gptdata->secondary_entries))
return 1;
@@ -96,7 +96,7 @@ int WriteAndFreeGptData(GptData* gptdata) {
if (gptdata->secondary_header) {
if (gptdata->modified & GPT_MODIFIED_HEADER2) {
debug("Updating GPT entries 2\n");
VBDEBUG(("Updating GPT entries 2\n"));
if (0 != BootDeviceWriteLBA(gptdata->drive_sectors - 1, 1,
gptdata->secondary_header))
return 1;
@@ -138,7 +138,7 @@ int LoadKernel(LoadKernelParams* params) {
if (BOOT_FLAG_RECOVERY & params->boot_flags) {
if (0 != RollbackKernelRecovery(BOOT_FLAG_DEVELOPER & params->boot_flags
? 1 : 0)) {
debug("Error setting up TPM for recovery kernel\n");
VBDEBUG(("Error setting up TPM for recovery kernel\n"));
return LOAD_KERNEL_RECOVERY;
}
}
@@ -147,7 +147,7 @@ int LoadKernel(LoadKernelParams* params) {
/* Read current kernel key index from TPM. Assumes TPM is already
* initialized. */
if (0 != RollbackKernelRead(&tpm_key_version, &tpm_kernel_version)) {
debug("Unable to get kernel versions from TPM\n");
VBDEBUG(("Unable to get kernel versions from TPM\n"));
return LOAD_KERNEL_RECOVERY;
}
} else if (is_dev) {
@@ -161,13 +161,13 @@ int LoadKernel(LoadKernelParams* params) {
gpt.sector_bytes = (uint32_t)blba;
gpt.drive_sectors = params->ending_lba + 1;
if (0 != AllocAndReadGptData(&gpt)) {
debug("Unable to read GPT data\n");
VBDEBUG(("Unable to read GPT data\n"));
break;
}
/* Initialize GPT library */
if (GPT_SUCCESS != GptInit(&gpt)) {
debug("Error parsing GPT\n");
VBDEBUG(("Error parsing GPT\n"));
break;
}
@@ -184,8 +184,8 @@ int LoadKernel(LoadKernelParams* params) {
uint64_t key_version;
uint64_t body_offset;
debug("Found kernel entry at %" PRIu64 " size %" PRIu64 "\n",
part_start, part_size);
VBDEBUG(("Found kernel entry at %" PRIu64 " size %" PRIu64 "\n",
part_start, part_size));
/* Found at least one kernel partition. */
found_partitions++;
@@ -199,7 +199,7 @@ int LoadKernel(LoadKernelParams* params) {
/* Verify the key block */
key_block = (VbKeyBlockHeader*)kbuf;
if ((0 != KeyBlockVerify(key_block, KBUF_SIZE, kernel_subkey))) {
debug("Verifying key block failed.\n");
VBDEBUG(("Verifying key block failed.\n"));
continue;
}
@@ -207,13 +207,13 @@ int LoadKernel(LoadKernelParams* params) {
if (!(key_block->key_block_flags &&
((BOOT_FLAG_DEVELOPER & params->boot_flags) ?
KEY_BLOCK_FLAG_DEVELOPER_1 : KEY_BLOCK_FLAG_DEVELOPER_0))) {
debug("Developer flag mismatch.\n");
VBDEBUG(("Developer flag mismatch.\n"));
continue;
}
if (!(key_block->key_block_flags &&
((BOOT_FLAG_RECOVERY & params->boot_flags) ?
KEY_BLOCK_FLAG_RECOVERY_1 : KEY_BLOCK_FLAG_RECOVERY_0))) {
debug("Recovery flag mismatch.\n");
VBDEBUG(("Recovery flag mismatch.\n"));
continue;
}
@@ -222,7 +222,7 @@ int LoadKernel(LoadKernelParams* params) {
* key_version=0 above. */
key_version = key_block->data_key.key_version;
if (key_version < tpm_key_version) {
debug("Key version too old.\n");
VBDEBUG(("Key version too old.\n"));
continue;
}
@@ -236,7 +236,7 @@ int LoadKernel(LoadKernelParams* params) {
if ((0 != VerifyKernelPreamble2(preamble,
KBUF_SIZE - key_block->key_block_size,
data_key))) {
debug("Preamble verification failed.\n");
VBDEBUG(("Preamble verification failed.\n"));
RSAPublicKeyFree(data_key);
continue;
}
@@ -246,12 +246,12 @@ int LoadKernel(LoadKernelParams* params) {
* key_version=0 and kernel_version=0 above. */
if (key_version == tpm_key_version &&
preamble->kernel_version < tpm_kernel_version) {
debug("Kernel version too low.\n");
VBDEBUG(("Kernel version too low.\n"));
RSAPublicKeyFree(data_key);
continue;
}
debug("Kernel preamble is good.\n");
VBDEBUG(("Kernel preamble is good.\n"));
/* Check for lowest key version from a valid header. */
if (lowest_key_version > key_version) {
@@ -272,7 +272,7 @@ int LoadKernel(LoadKernelParams* params) {
/* Verify body load address matches what we expect */
if ((preamble->body_load_address != (size_t)params->kernel_buffer) &&
!(params->boot_flags & BOOT_FLAG_SKIP_ADDR_CHECK)) {
debug("Wrong body load address.\n");
VBDEBUG(("Wrong body load address.\n"));
RSAPublicKeyFree(data_key);
continue;
}
@@ -280,7 +280,7 @@ int LoadKernel(LoadKernelParams* params) {
/* Verify kernel body starts at a multiple of the sector size. */
body_offset = key_block->key_block_size + preamble->preamble_size;
if (0 != body_offset % blba) {
debug("Kernel body not at multiple of sector size.\n");
VBDEBUG(("Kernel body not at multiple of sector size.\n"));
RSAPublicKeyFree(data_key);
continue;
}
@@ -288,7 +288,7 @@ int LoadKernel(LoadKernelParams* params) {
/* Verify kernel body fits in the partition */
if (body_offset + preamble->body_signature.data_size >
part_size * blba) {
debug("Kernel body doesn't fit in partition.\n");
VBDEBUG(("Kernel body doesn't fit in partition.\n"));
RSAPublicKeyFree(data_key);
continue;
}
@@ -298,7 +298,7 @@ int LoadKernel(LoadKernelParams* params) {
part_start + (body_offset / blba),
(preamble->body_signature.data_size + blba - 1) / blba,
params->kernel_buffer)) {
debug("Unable to read kernel data.\n");
VBDEBUG(("Unable to read kernel data.\n"));
RSAPublicKeyFree(data_key);
continue;
}
@@ -306,7 +306,7 @@ int LoadKernel(LoadKernelParams* params) {
/* Verify kernel data */
if (0 != VerifyData((const uint8_t*)params->kernel_buffer,
&preamble->body_signature, data_key)) {
debug("Kernel data verification failed.\n");
VBDEBUG(("Kernel data verification failed.\n"));
RSAPublicKeyFree(data_key);
continue;
}
@@ -316,7 +316,7 @@ int LoadKernel(LoadKernelParams* params) {
/* If we're still here, the kernel is valid. */
/* Save the first good partition we find; that's the one we'll boot */
debug("Partiton is good.\n");
VBDEBUG(("Partiton is good.\n"));
/* TODO: GPT partitions start at 1, but cgptlib starts them at 0.
* Adjust here, until cgptlib is fixed. */
good_partition = gpt.current_kernel + 1;
@@ -326,7 +326,7 @@ int LoadKernel(LoadKernelParams* params) {
/* If we're in developer or recovery mode, there's no rollback
* protection, so we can stop at the first valid kernel. */
if (!is_normal) {
debug("Boot_flags = !is_normal\n");
VBDEBUG(("Boot_flags = !is_normal\n"));
break;
}
@@ -337,7 +337,7 @@ int LoadKernel(LoadKernelParams* params) {
* to see if they contain a newer key. */
if (key_version == tpm_key_version &&
preamble->kernel_version == tpm_kernel_version) {
debug("Same key version\n");
VBDEBUG(("Same key version\n"));
break;
}
} /* while(GptNextKernelEntry) */
@@ -352,7 +352,7 @@ int LoadKernel(LoadKernelParams* params) {
/* Handle finding a good partition */
if (good_partition >= 0) {
debug("Good_partition >= 0\n");
VBDEBUG(("Good_partition >= 0\n"));
/* See if we need to update the TPM */
if (is_normal) {
@@ -362,13 +362,13 @@ int LoadKernel(LoadKernelParams* params) {
* forward. In recovery mode, the TPM stays PP-unlocked, so
* anything we write gets blown away by the firmware when we go
* back to normal mode. */
debug("Boot_flags = is_normal\n");
VBDEBUG(("Boot_flags = is_normal\n"));
if ((lowest_key_version > tpm_key_version) ||
(lowest_key_version == tpm_key_version &&
lowest_kernel_version > tpm_kernel_version)) {
if (0 != RollbackKernelWrite((uint16_t)lowest_key_version,
(uint16_t)lowest_kernel_version)) {
debug("Error writing kernel versions to TPM.\n");
VBDEBUG(("Error writing kernel versions to TPM.\n"));
return LOAD_KERNEL_RECOVERY;
}
}
@@ -376,7 +376,7 @@ int LoadKernel(LoadKernelParams* params) {
/* Lock the kernel versions, since we're about to boot the kernel */
if (0 != RollbackKernelLock()) {
debug("Error locking kernel versions.\n");
VBDEBUG(("Error locking kernel versions.\n"));
return LOAD_KERNEL_RECOVERY;
}