BUG=chromium-os:8621
TEST=See below
1. Build and run tests of vboot (including linktest)
$ make && make runtests
2. Check if *_stub.o are not in vboot_fw.a
$ nm /build/<board>/usr/lib/vboot_fw.a | grep _stub.o
3. Build and boot x86-generic image
$ ./build_packages --board=x86-generic && ./build_image --board=x86-generic
(Then successfully boot the image you just built)
See CL=4372001 for u-boot side changes
Review URL: http://codereview.chromium.org/4266002
Change-Id: Icc2bcc551c998f370e4b737fbe442ebf029cd81c
This change makes dumpRSAPublicKey directly accept a public key in PEM format. This makes it possible to avoid the unnecessary step of generating a self-signed certificate to dump the public key in .keyb format.
The old style certificate input is still accepted.
Using certs (as done previously):
dumpRSAPublicKey -cert <certfile>
Directly using public keys:
dumpRSAPublicKey -pub <pubfile>
Change-Id: Ic35b59aff6613d145d7947212650da281f734b74
BUG=7576
TEST=manual
$ openssl genrsa -F4 -out test.pem 4096
$ openssl rsa -in test.pem -out test.pub
$ dumpRSAPublicKey -pub test.pub >test.pub.keyb
Verify that this matches the output we get using the old style <cert> input.
$ openssl req -batch -new -x509 -key test.pem -out test.cert
$ dumpRSAPublicKey -cert test.cert >test.cert.keyb
$ diff test.pub.keyb test.cert.keyb
$
Review URL: http://codereview.chromium.org/4215006
Also provide a bit more output, stop and tell us if it's not running on a
Chrome OS BIOS.
Change-Id: I0e6a5680ec050b3f4d0a5c7adc87ca2441ba6d06
BUG=chromium-os:8236
TEST=manual
From a root shell, run "dev_debug_vboot --cleanup", then look in
/tmp/dev_debug/. You should see only the file noisy.log
Review URL: http://codereview.chromium.org/4108012
This allows signing using a .pem file using an external program.
It is assumed that the external program reads input from stdin, and outputs signed data on stdout. It takes one argument - the file name for the .pem private key reference. See external_rsa_signer.sh for an example external program.
Example usage:
vbutil_keyblock --pack 4096.keyblock \
--datapubkey 4096.vbpubk \
--signprivate_pem 4096.pem \
--pem_algorithm 8 \
--externalsigner "external_rsa_signer.sh"
I have tried to make the change such that it doesn't impact existing tools/interfaces (since these are used at various places). That said, I am aware of the places where we could just extend an old interface an avoid code duplication but thought I'd put that re-factoring in as a TODO for now. Let me know if you disagree and I can merge them (and changing the existing interface).
BUG=7576
TEST=Extended run_vbutil_tests.sh to test vbutil_keyblock packing using an external signer.
To test, make && make runtests (or just run tests/gen_test_keys.sh; tests/run_vbutils_tests.sh)
Review URL: http://codereview.chromium.org/4194003
Change-Id: I7cc52c8293c04ef9ba074794d046c9a4f19f6bdd
Change-Id: I58265ddf26f2e93b9057fe6b95fb3c1b98e82e99
Add NVRAM-hogging DOS attack.
Change-Id: Ia178e42539a771747ab8a96560eb2d374ed07904
BUG=none
TEST=passes included test
Review URL: http://codereview.chromium.org/4183005
Reuses the --keyblock argument to output a keyblock if used
during Verify().
TEST=built, ran on a kernel; check if it worked for cgpt find -M :)
BUG=chromium-os:7451
Change-Id: Ibf1365dbdaeaf87442e0d12d048bc070f35662ad
Review URL: http://codereview.chromium.org/4160001
* Display only the synopsis on stdout
* Keep a verbose log of all activity in the scratch directory.
* Add more checks
* Providing a directory argument will use the images found there instead of
trying to extract them from the system (for use on host machines).
Change-Id: I065a18c9467c625cc33484ee5556d955dc79b01d
BUG=none
TEST=manual
Get a root shell and run "dev_debug_vboot". You should see nicer output.
Review URL: http://codereview.chromium.org/4106001
Display keyblock information, even if not checking the signature.
Change-Id: Ie96ac39e2598fdfdc49898f92fd528edefd36313
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/3602014
TBR=none
SAFT testing requires changing kernel version to one level
below the current value (set to 1). This change allows
version number set to zero for test purposes.
Change-Id: Ia6f11578d9a6bc8c5544c56413c5589011d6334a
BUG=chromium-os:1976
TEST=manual
Ran `vbutil_kernel --repack --version 0 <other params>'
it used to fail, now it succeeds. This is also verified by
using in http://codereview.chromium.org/3781016 to support
TPM testing.
Review URL: http://codereview.chromium.org/3968006
If you try to read a file that's all zeros, it tries to read a zero-length
kernel blob, fails to do so (or suceeds with an empty result, depending on
your point of view), and prints
ERROR: Unable to read kernel blob from <file>: Success
That's not very helpful.
This change makes it say
ERROR: No kernel blob found
instead.
Change-Id: I841ec6e288f47cd9b1f8e9ca1e6da0741ad20e9f
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/3764004
1. Check for potential integer overflow in sector_bytes * sector_count.
2. Added O_NOFOLLOW to open() call - Is this enough?
3. Passing buffer length to GuidToStr(), PMBRToStr().
4. Use unsigned int in GetEntry() to determine stride.
5. Address conversion between UTF16 and UTF8.
Note: The UTF conversion is complex and troublesome, and needs careful
consideration to get right. For now, I've just forced the interpretation of
the partition name to 7-bit ASCII. That's sufficient for the needs of Chrome
OS, and I can file a new issue to handle UTF correctly.
BUG=chrome-os-partner:705
TEST=manual
Running "make runtests" invokes the tests/run_cgpt_tests.sh script, which checks the behavior and output of the cgpt tool.
Review URL: http://codereview.chromium.org/3594010
Change-Id: I5fd29796d8c929527e0cfbc6d5ccbcdc77502c6b
RFro TPM rollback testing we need to be able to change kernel
version number. This Cl adds this ability to the
vbutil_kernel utility.
Change-Id: I156df9b0d3467043c20a43e1c75e6d0222704f3a
BUG=chromium-os:1976
TEST=manual
1. On a target running off /dev/sda3 (as reported by
'rootdev -s') execute `/usr/bin/dev_debug_vboot' and take
note of the kernel version number in the output section
starting with 'TEST: verify HD kernel A with firmware A key',
under 'Preamble' it should read
'Kernel version: 1'
2. copy the kernel into a file:
dd if=/dev/sda2 of=/tmp/kernel
3.on the desktop (this step requires ssh setup to use the
correct keys to reach the target):
scp tests/devkeys/kernel_data_key.vbprivk <target>:/tmp
3. Modify kernel version
vbutil_kernel --repack /tmp/repacked.k --version 2 --signprivate /tmp/kernel_data_key.vbprivk --oldblob /tmp/kernel
4. Install the updated kernel
dd if=/tmp/repacked.k of=/dev/sda2
5. restart the system
6. Observe that it came up using /dev/sda3 as the root
file system
7. run /usr/bin/dev_debug_vboot and observe that the kernel
version is no set to 2
Review URL: http://codereview.chromium.org/3520019
Also change tpmc to return the TPM error code, or 255.
Change-Id: Ie5fc107ff50efd4480c2a47b91f3b8a93b4f95e3
BUG=none
TEST=ran it on a TPM
Review URL: http://codereview.chromium.org/3479003
Change-Id: I4c9b7a937103f3978cbed6629ee4057018b80eae
More cleanup. Also allow some tests to run even when TPM is already started.
Change-Id: I23558b96a1de55bbeca42dbf2e44f6802a0ec85b
Reorganize and standardize behavior of tests.
Change-Id: Id32fd09211a72deaa66a3dd0f973d35506ff96f2
BUG=433
TEST=ran all the tests I could run without TPM-free BIOS
Review URL: http://codereview.chromium.org/3389004
This adds some tools to help us figure out why a particular kernel isn't
booting. Often we suspect it's because it was signed with the wrong keys, or
has flags restricting its use to certain boot modes. This change adds some
tools to extract and display all the keys from the BIOS, and try them on the
various kernels. We also display the sha1sum of all the keys we find, to
make comparing them easier.
Change-Id: I38e447bf95cb6c3a0b87aa949611bb135f2f94b4
BUG=chromeos-partner:888
TEST=manual
To test, obtain a root shell, and run dev_debug_vboot. You should see lots
of useful information go by.
Review URL: http://codereview.chromium.org/3303018
We now display the sha1sum of the public key contained in .vbpubk files,
and the --copyto option can be used to extract a minimal-sized .vbpubk or
.vbprivk from a file with extra padding on the end, to make comparisons
easier.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/3300006
Change-Id: Id465bf4f6f7d0545456a86968accc87964a769ef
This is part of the proposed developer-mode installation process, where we
want to detect that whoever is fiddling with the hard drive has already
fiddled with it before. Otherwise, we'll make them wait a bit to prevent
drive-by updates.
BUG=chromium-os:5306
Change-Id: Ifd6dce69180fa818fe14dbc3b1ac3485fb15d1c9
Review URL: http://codereview.chromium.org/3122023
Make vbutil_keyblock handle unsigned blocks. Also enable --unpack option and
add tests for it.
Modify vbutil_kernel to allow unsigned keyblocks, correct usage message,
and fix the --debug option which was somehow disabled.
Update load_kernel_test to accept /dev/null for the public key, to test
non-signed kernel keyblocks.
Review URL: http://codereview.chromium.org/3124004
LoadKernel already returns the partition number for the selected kernel.
This change makes it also return the GPT Entry's UniqueGuid, which will
eventually be passed to the kernel itself, so the kernel can determine which
of several possible devices it has booted from. It doesn't know for certain
because the BIOS and the kernel may enumerate the devices in a different
order.
BUG=chromium-os:4984
Review URL: http://codereview.chromium.org/3056014
load_kernel_test was failing because it wasn't setting
params->kernel_buffer_size before calling LoadKernel(). This fixes that,
plus adds some checks to LoadKernel so that it will notice bad params if it
happens again.
Review URL: http://codereview.chromium.org/3060004
Do not directly manipulate global structs. Work on the local copy instead.
In firmware-land, globals are a bad idea.
Review URL: http://codereview.chromium.org/3027011
Also renamed verify preamble functions, now that they do not need the
'2' at the end to differentiate them from the now-deleted original
implementation.
BUG=4501
TEST=Ran make runtests; all pass.
Review URL: http://codereview.chromium.org/3027009
After this change vbutil_kernel allows to repack an existing
signed ChromeOS kernel such that the kernel command line is
changed on operator's request.
The new command line parameter is --verbose which causes
--verify to print out current contents of the kernel
command line.
Some refactoring and cleaning were also done:
- provide a macro to access command line buffer inside
a kernel blob
- ReadConfigFile() a new wrapper to preprocess the
config file.
- keep the key_block and preamble in the blob when
unpacking an existing signed kernel for --repack and
--verify.
- make --pack expect at least one of the two:
--config or --keyblock, thus allowing to change the
command line without replacing anything else in the
signed kernel image.
- refactor Verify() to use OldBlob() to preprocess the
image.
The top level Makefile was changed to allow compiling for debugging.
Build with DEBUG=1 in the make command line to enable gdb debugging and debug printouts. Build with DISABLE_NDEBUG=1 in the make command line to enable cryptolib debug outputs.
BUG=http://code.google.com/p/chromium-os/issues/detail?id=4814
TEST=see below
1. Observe that all unit tests still pass by running
(vboot_reference $) RUNTESTS=1 make
2. On a working DVT system copy the running kernel into a
file using
dd if=/dev/sda2 of=/tmp/dev.kernel
and transfer the file to the host into /tmp/try/dev.kernel
Then create the new config file in /tmp/try/new.conf.txt and run the following commands:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
(vboot_reference $) ./build/utility/vbutil_kernel --verify /tmp/try/dev.kernel --signpubkey tests/devkeys/kernel_subkey.vbpubk --verbose
Key block:
Size: 0x4b8
Data key algorithm: 4 RSA2048 SHA256
Data key version: 1
Flags: 7
Preamble:
Size: 0xfb48
Header version: 2.0
Kernel version: 1
Body load address: 0x100000
Body size: 0x302000
Bootloader address: 0x3fe000
Bootloader size: 0x4000
Body verification succeeded.
Config:
earlyprintk=serial,ttyS0,115200 console=ttyS0,115200 init=/sbin/init add_efi_memmap boot=local rootwait ro noresume noswap i915.modeset=1 loglevel=7 cros_secure root=/dev/sd%D%P dm_verity.error_behavior=2 dm_verity.max_bios=1024 dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 sha1 a7fbd641ba25488509987959d5756d802790ef8f" noinitrd
(vboot_reference $) ./build/utility/vbutil_kernel --repack /tmp/try/dev.kernel.repacked --signprivate tests/devkeys/kernel_data_key.vbprivk --oldblob /tmp/try/dev.kernel --config /tmp/try/new.conf.txt
(vboot_reference $) ./build/utility/vbutil_kernel --verify /tmp/try/dev.kernel.repacked --signpubkey tests/devkeys/kernel_subkey.vbpubk --verbose
Key block:
Size: 0x4b8
Data key algorithm: 4 RSA2048 SHA256
Data key version: 1
Flags: 7
Preamble:
Size: 0xfb48
Header version: 2.0
Kernel version: 1
Body load address: 0x100000
Body size: 0x302000
Bootloader address: 0x3fe000
Bootloader size: 0x4000
Body verification succeeded.
Config:
console=tty2 init=/sbin/init add_efi_memmap boot=local rootwait ro noresume noswap i915.modeset=1 loglevel=7 cros_secure root=/dev/sd%D%P dm_verity.error_behavior=2 dm_verity.max_bios=1024 dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 sha1 ff06384015a7726baff719ee68eab312b1d45570" noinitrd
(vboot_reference $)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Observe the chanegd command line printed by --verify --verbose. Then transfer the new kernel image back to the DVT system, dd it into /dev/sda2 and restart the DVT system.
Observe kernel startup messages dumped on the screen (due to the changed kernel command line).
Then examine /proc/cmdline to verify that the command line indeed matches the contents of /tmp/try/new.conf.txt on the host.
3. Build the code with
(vboot_reference$) DEBUG=1 make
observe that debug information is visible by gdb.
Build the code with
(vboot_reference$) DISABLE_DEBUG=1 make
and observe that -DNDEBUG is dropped from the compiler invocation line.
Review URL: http://codereview.chromium.org/3004001
