scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-28 12:13:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

vboot2: Change preamble to contain a list of signatures

Browse Source 
Use struct vb2_signature2 objects to hold the hashes of firmware
components, rather than a separate vb2_fw_preamble2_hash struct.
Better for code reuse.

BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests

Change-Id: Ia9e23c1488a884f2d6fab4c4be51b25d3ff25c2f
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/228241
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
This commit is contained in:
Randall Spangler
2014-11-06 11:27:46 -08:00
committed by chrome-internal-fetch
parent a063a43ad7
commit fe21172cc3
6 changed files with 30 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
firmware/2lib/2common2.c
View File

@@ -353,7 +353,7 @@ int vb2_verify_keyblock2(struct vb2_keyblock2 *block,
return rv; return rv;
/* Skip signature if it doesn't match the key GUID */ /* Skip signature if it doesn't match the key GUID */
if (memcmp(&sig->key_guid, key->guid, GUID_SIZE)) if (memcmp(&sig->guid, key->guid, GUID_SIZE))
continue; continue;
/* Make sure we signed the right amount of data */ /* Make sure we signed the right amount of data */

2
firmware/2lib/2packed_key2.c
View File

@@ -92,7 +92,7 @@ int vb2_unpack_key2(struct vb2_public_key *key,
key->desc = ""; key->desc = "";
key->version = pkey->key_version; key->version = pkey->key_version;
key->guid = &pkey->key_guid; key->guid = &pkey->guid;
return VB2_SUCCESS; return VB2_SUCCESS;
} }

4
firmware/2lib/include/2common.h
View File

@@ -299,10 +299,10 @@ uint32_t vb2_sig_size(enum vb2_signature_algorithm sig_alg,
enum vb2_hash_algorithm hash_alg); enum vb2_hash_algorithm hash_alg);
/** /**
* Return a key_guid for an unsigned hash algorithm. * Return a key guid for an unsigned hash algorithm.
* *
* @param hash_alg Hash algorithm to return key for * @param hash_alg Hash algorithm to return key for
* @return A pointer to the key_guid for that hash algorithm and * @return A pointer to the key guid for that hash algorithm and
* sig_alg=VB2_SIG_NONE, or NULL if error. * sig_alg=VB2_SIG_NONE, or NULL if error.
*/ */
const struct vb2_guid *vb2_hash_guid(enum vb2_hash_algorithm hash_alg); const struct vb2_guid *vb2_hash_guid(enum vb2_hash_algorithm hash_alg);

63
firmware/2lib/include/2struct.h
View File

@@ -381,7 +381,7 @@ struct vb2_packed_key2 {
uint32_t key_version; uint32_t key_version;
/* Key GUID */ /* Key GUID */
struct vb2_guid key_guid; struct vb2_guid guid;
} __attribute__((packed)); } __attribute__((packed));
#define EXPECTED_VB2_PACKED_KEY2_SIZE \ #define EXPECTED_VB2_PACKED_KEY2_SIZE \
@@ -419,11 +419,17 @@ struct vb2_signature2 {
uint16_t hash_alg; uint16_t hash_alg;
/* /*
* GUID of key used to generate this signature. This allows the * GUID for the signature.
* firmware to quickly determine which signature block (if any) goes *
* with the key being used by the firmware. * If this is a keyblock signature entry, this is the GUID of the key
* used to generate this signature. This allows the firmware to
* quickly determine which signature block (if any) goes with the key
* being used by the firmware.
*
* If this is a preamble hash entry, this is the GUID of the data type
* being hashed. There is no key GUID, because sig_alg=VB2_ALG_NONE.
*/ */
struct vb2_guid key_guid; struct vb2_guid guid;
} __attribute__((packed)); } __attribute__((packed));
#define EXPECTED_VB2_SIGNATURE2_SIZE \ #define EXPECTED_VB2_SIGNATURE2_SIZE \
@@ -475,6 +481,9 @@ struct vb2_keyblock2 {
* Kernels often have at least two signatures - one using the kernel * Kernels often have at least two signatures - one using the kernel
* subkey from the RW firmware (for signed kernels) and one which is * subkey from the RW firmware (for signed kernels) and one which is
* simply a SHA-512 hash (for unsigned developer kernels). * simply a SHA-512 hash (for unsigned developer kernels).
*
* The GUID for each signature indicates which key was used to generate
* the signature.
*/ */
uint32_t sig_offset; uint32_t sig_offset;
} __attribute__((packed)); } __attribute__((packed));
@@ -486,20 +495,6 @@ struct vb2_keyblock2 {
#define VB2_PREAMBLE2_VERSION_MAJOR 3 #define VB2_PREAMBLE2_VERSION_MAJOR 3
#define VB2_PREAMBLE2_VERSION_MINOR 0 #define VB2_PREAMBLE2_VERSION_MINOR 0
/* Single hash entry for the firmware preamble */
struct vb2_fw_preamble2_hash {
/* Type of data being hashed (enum vb2api_hash_tag) */
uint32_t tag;
/* Size of hashed data in bytes */
uint32_t data_size;
/* Hash digest follows this struct */
uint8_t digest[0];
} __attribute__((packed));
#define EXPECTED_VB2_FW_PREAMBLE2_HASH_SIZE 8
/* /*
* Firmware preamble * Firmware preamble
* *
@@ -525,34 +520,22 @@ struct vb2_fw_preamble2 {
uint32_t sig_offset; uint32_t sig_offset;
/* /*
* The preamble contains a list of hashes for the various firmware * The preamble contains a list of hashes (struct vb2_signature2) for
* components. The calling firmware is responsible for knowing where * the various firmware components. These have sig_alg=VB2_SIG_NONE,
* to find those components, which may be on a different storage device * and the GUID for each hash identifies the component being hashed.
* than this preamble. * The calling firmware is responsible for knowing where to find those
* components, which may be on a different storage device than this
* preamble.
*/ */
/* Number of hash entries */ /* Number of hash entries */
uint32_t hash_count; uint32_t hash_count;
/* /* Offset of first hash entry from start of preamble */
* Hash algorithm used (must be same for all entries) (enum uint32_t hash_offset;
* vb2_hash_algorithm).
*/
uint16_t hash_alg;
/* Size of each hash entry, in bytes */
uint16_t hash_entry_size;
/*
* Offset of first hash entry from start of preamble. Entry N can be
* found at:
*
* (uint8_t *)hdr + hdr->hash_table_offset + N * hdr->hash_entry_size
*/
uint32_t hash_table_offset;
} __attribute__((packed)); } __attribute__((packed));
#define EXPECTED_VB2_FW_PREAMBLE2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 24) #define EXPECTED_VB2_FW_PREAMBLE2_SIZE (EXPECTED_VB2_STRUCT_COMMON_SIZE + 20)
/****************************************************************************/ /****************************************************************************/

3
tests/vb2_common_tests.c
View File

@@ -165,9 +165,6 @@ static void test_struct_packing(void)
TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_SIZE, TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_SIZE,
sizeof(struct vb2_fw_preamble2), sizeof(struct vb2_fw_preamble2),
"sizeof(vb2_fw_preamble2)"); "sizeof(vb2_fw_preamble2)");
TEST_EQ(EXPECTED_VB2_FW_PREAMBLE2_HASH_SIZE,
sizeof(struct vb2_fw_preamble2_hash),
"sizeof(vb2_fw_preamble2_hash)");
} }
/** /**

6
tests/vb2_convert_structs.c
View File

@@ -84,11 +84,11 @@ struct vb2_signature2 *vb2_convert_signature2(
if (key) { if (key) {
s2.sig_alg = key->sig_alg; s2.sig_alg = key->sig_alg;
s2.hash_alg = key->hash_alg; s2.hash_alg = key->hash_alg;
memcpy(&s2.key_guid, &key->key_guid, GUID_SIZE); memcpy(&s2.guid, &key->guid, GUID_SIZE);
} else { } else {
s2.sig_alg = VB2_SIG_INVALID; s2.sig_alg = VB2_SIG_INVALID;
s2.hash_alg = VB2_HASH_INVALID; s2.hash_alg = VB2_HASH_INVALID;
memset(&s2.key_guid, 0, GUID_SIZE); memset(&s2.guid, 0, GUID_SIZE);
} }
/* Allocate the new buffer */ /* Allocate the new buffer */
@@ -135,7 +135,7 @@ struct vb2_signature2 *vb2_create_hash_sig(const uint8_t *data,
if (!hash_guid || !s.sig_size) if (!hash_guid || !s.sig_size)
return NULL; return NULL;
memcpy(&s.key_guid, hash_guid, sizeof(s.key_guid)); memcpy(&s.guid, hash_guid, sizeof(s.guid));
s.sig_offset = s.c.fixed_size + s.c.desc_size; s.sig_offset = s.c.fixed_size + s.c.desc_size;
s.c.total_size = s.sig_offset + s.sig_size; s.c.total_size = s.sig_offset + s.sig_size;