This should make it easier to switch off debug messages if needed.
TESTS=builds fine, autotest builds fine (using both arm/x86-generic)
Review URL: http://codereview.chromium.org/1607006
Refactor and restructure reference code into individual self-contain modules. I have revamped the way the code is structured to make it easy to determine which parts belong in the firmware and which are used by userland tools.
common/ - common utilities and stub functions (Firmware)
cryptolib/ - crypto library (Firmware)
misclibs/ - miscellaneous userland libraries (Userland)
sctips/ - Miscellaenous scripts (Userland)
tests/ - Tests (Userland)
vfirmware/ - Verified Firmware Implementation
vfirmware/firmware_image_fw.c (Firmware)
vfirmware/firmware_image.c (Userland)
vkernel/ - Verified Kernel Implementation
vkernel/kernel_image_fw.c (Firmware)
vkernel/kernel_image.c (Userland)
Review URL: http://codereview.chromium.org/1581005
This CL refactors verified boot firmware and kernel image functions into firmware and userland portions. Data Types and Functions that need to be a part of the final firmware implementation reside in files with "_fw" suffix - firmware_image_fw.{c|h} and kernel_image_fw.{c|h}.
Also some Makefile cleanups.
Review URL: http://codereview.chromium.org/1599001
This CL fixes some functions to use uint64_t that I missed the first time around. It ended up requiring some minor changes to how some of the helper functions work (StatefulMemcpy*()).
Also adds new tests to make sure that reference code can verify/process big firmware and kernel images.
BUG=670
TEST=Adds some new, old ones still pass.
Review URL: http://codereview.chromium.org/1519008
This CL adds a new function VerifyFirmwareDriver_f() means to be a part of the RO firmware which determine which copy of the firmware to boot from. It is meant to ensure that a particular firmware is only booted if 1) it verifies successfully, 2) its version is newer or equal to current stored version. In addition, the driver function also updates the stored version if needed.
Currently I am using the TLCL API with stub calls, (in fact, most of the TPM interaction is done in rollback_index.c which implements the actual version query/update API) used by the firmware.
Review URL: http://codereview.chromium.org/1241002
This CL does the following:
1) It adds a SignatureBuf function which uses the OpenSSL library to generate RSA signature. This is more robust than the previous way of invoking the command line "openssl" utility and capturing its output. No more unnecessary temporary files for signature operations.
2) It adds functions that allow direct manipulation of binary verified Firmware and Kernel Image blobs in memory.
3) It changes the structure field members for FirmwareImage to make it consistent with KernelImage. Now it's clearer which key is used when.
4) Minor bug fixes and slightly improved API for dealing verified boot firmware and kernel images.
5) Renames the RSA_verify function to prevent conflicts with OpenSSL since it's linked into the firmware utility binary.
Review URL: http://codereview.chromium.org/661353
The old VerifyFirmware function (now called VerifyFirmwareImage) works on the FirmwareImage structure. This CL adds a verification function which can be used directly on packed binary verified boot firmware blobs. This function can be used as the reference implementation for verified boot in firmware. In addition, all functions that work on FirmwareImage structure have been renames to distinguish them from those which work on binary firmware blobs.
In addition, this adds some new crypto utility functions and refactors old ones.
BUG=670
TEST=Added tests for the new function and they pass.
Review URL: http://codereview.chromium.org/650105
