scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 18:25:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

fastboot: Add routine for verifying kernel image loaded in memory

Browse Source 
This API allows fastboot boot from memory command to verify that the
image loaded in memory is signed properly using recovery keys. Thus,
only officially signed recovery images can be booted using fastboot
boot command in recovery mode.

However, if GBB_FLAG_FORCE_DEV_BOOT_FASTBOOT_FULL_CAP is set, then
this routine will not perform any check and return okay for any image
sent by fastboot boot.

BUG=chrome-os-partner:40196
BRANCH=None
TEST=Compiles successfully. With GBB override for FASTBOOT_FULL_CAP
set any signed image is allowed to boot. With FASTBOOT_FULL_CAP not
set, then only officially signed image is allowed to boot. (make -j
runtests successful)

Change-Id: I78028853bd1ad09d3c610a687f327560557d5681
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/272696
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
This commit is contained in:
Furquan Shaikh
2015-05-21 14:39:11 -07:00
committed by ChromeOS Commit Bot
parent 05371345b7
commit f274360326
4 changed files with 440 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
firmware/include/vboot_api.h
View File

@@ -1004,4 +1004,25 @@ VbError_t VbExRegionRead(VbCommonParams *cparams,
enum vb_firmware_region region, uint32_t offset,
uint32_t size, void *buf);
/**
* Verify Kernel Image loaded in memory.
*
* This routine is used by fastboot boot command to verify the kernel image in
* memory sent by the host device using fastboot protocol. It checks if the
* image in memory is signed using official recovery keys. In case of GBB
* override to allow full fastboot functionality, it checks image integrity, but
* does not check the image signature.
*
* @param cparams Common parameters, e.g. use member caller_context
* to point to useful context data
* @param kparams kernel params
* @param boot_image Image in memory that needs to be verified
* @param image_size Size of the image in memory
* @return VBERROR_... error, VBERROR_SUCCESS on success.
*/
VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
VbSelectAndLoadKernelParams *kparams,
void *boot_image,
size_t image_size);
#endif /* VBOOT_REFERENCE_VBOOT_API_H_ */