Make vbutil_keyblock handle unsigned blocks. Also enable --unpack option and
add tests for it.
Modify vbutil_kernel to allow unsigned keyblocks, correct usage message,
and fix the --debug option which was somehow disabled.
Update load_kernel_test to accept /dev/null for the public key, to test
non-signed kernel keyblocks.
Review URL: http://codereview.chromium.org/3124004
Also renamed verify preamble functions, now that they do not need the
'2' at the end to differentiate them from the now-deleted original
implementation.
BUG=4501
TEST=Ran make runtests; all pass.
Review URL: http://codereview.chromium.org/3027009
After this change vbutil_kernel allows to repack an existing
signed ChromeOS kernel such that the kernel command line is
changed on operator's request.
The new command line parameter is --verbose which causes
--verify to print out current contents of the kernel
command line.
Some refactoring and cleaning were also done:
- provide a macro to access command line buffer inside
a kernel blob
- ReadConfigFile() a new wrapper to preprocess the
config file.
- keep the key_block and preamble in the blob when
unpacking an existing signed kernel for --repack and
--verify.
- make --pack expect at least one of the two:
--config or --keyblock, thus allowing to change the
command line without replacing anything else in the
signed kernel image.
- refactor Verify() to use OldBlob() to preprocess the
image.
The top level Makefile was changed to allow compiling for debugging.
Build with DEBUG=1 in the make command line to enable gdb debugging and debug printouts. Build with DISABLE_NDEBUG=1 in the make command line to enable cryptolib debug outputs.
BUG=http://code.google.com/p/chromium-os/issues/detail?id=4814
TEST=see below
1. Observe that all unit tests still pass by running
(vboot_reference $) RUNTESTS=1 make
2. On a working DVT system copy the running kernel into a
file using
dd if=/dev/sda2 of=/tmp/dev.kernel
and transfer the file to the host into /tmp/try/dev.kernel
Then create the new config file in /tmp/try/new.conf.txt and run the following commands:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
(vboot_reference $) ./build/utility/vbutil_kernel --verify /tmp/try/dev.kernel --signpubkey tests/devkeys/kernel_subkey.vbpubk --verbose
Key block:
Size: 0x4b8
Data key algorithm: 4 RSA2048 SHA256
Data key version: 1
Flags: 7
Preamble:
Size: 0xfb48
Header version: 2.0
Kernel version: 1
Body load address: 0x100000
Body size: 0x302000
Bootloader address: 0x3fe000
Bootloader size: 0x4000
Body verification succeeded.
Config:
earlyprintk=serial,ttyS0,115200 console=ttyS0,115200 init=/sbin/init add_efi_memmap boot=local rootwait ro noresume noswap i915.modeset=1 loglevel=7 cros_secure root=/dev/sd%D%P dm_verity.error_behavior=2 dm_verity.max_bios=1024 dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 sha1 a7fbd641ba25488509987959d5756d802790ef8f" noinitrd
(vboot_reference $) ./build/utility/vbutil_kernel --repack /tmp/try/dev.kernel.repacked --signprivate tests/devkeys/kernel_data_key.vbprivk --oldblob /tmp/try/dev.kernel --config /tmp/try/new.conf.txt
(vboot_reference $) ./build/utility/vbutil_kernel --verify /tmp/try/dev.kernel.repacked --signpubkey tests/devkeys/kernel_subkey.vbpubk --verbose
Key block:
Size: 0x4b8
Data key algorithm: 4 RSA2048 SHA256
Data key version: 1
Flags: 7
Preamble:
Size: 0xfb48
Header version: 2.0
Kernel version: 1
Body load address: 0x100000
Body size: 0x302000
Bootloader address: 0x3fe000
Bootloader size: 0x4000
Body verification succeeded.
Config:
console=tty2 init=/sbin/init add_efi_memmap boot=local rootwait ro noresume noswap i915.modeset=1 loglevel=7 cros_secure root=/dev/sd%D%P dm_verity.error_behavior=2 dm_verity.max_bios=1024 dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 sha1 ff06384015a7726baff719ee68eab312b1d45570" noinitrd
(vboot_reference $)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Observe the chanegd command line printed by --verify --verbose. Then transfer the new kernel image back to the DVT system, dd it into /dev/sda2 and restart the DVT system.
Observe kernel startup messages dumped on the screen (due to the changed kernel command line).
Then examine /proc/cmdline to verify that the command line indeed matches the contents of /tmp/try/new.conf.txt on the host.
3. Build the code with
(vboot_reference$) DEBUG=1 make
observe that debug information is visible by gdb.
Build the code with
(vboot_reference$) DISABLE_DEBUG=1 make
and observe that -DNDEBUG is dropped from the compiler invocation line.
Review URL: http://codereview.chromium.org/3004001
This makes it much simpler to keep track of what we're doing.
vbutil_key can now wrap both .keyb and .pem keys. It figures out which is
which by trying both and just using the one that works.
vbutil_keyblock and vbutil_kernel now use .vbprivk files for signing.
replace debug() with VBDEBUG(()) in host-side sources, too.
rename PrivateKeyRead to PrivateKeyReadPem
Add real PrivateKeyRead and PrivateKeyWrite for .vbprivk files.
Review URL: http://codereview.chromium.org/2871033
The --repack option lets us sign a previously signed kernel blob with a new
kernel data key.
The --headeronly option is so we can emit the new verification header
separately from the kernel blob.
More work to come...
Review URL: http://codereview.chromium.org/2812034
