BUG=chromium-os:11742
TEST=manual
Check out sources, run:
cd src/platform/vboot_reference
make
make runbmptests
It should pass.
Change-Id: I50ebdef26662e7446828315a3f5e2786624508b9
Review URL: http://codereview.chromium.org/6246150
Change-Id: I2e325ff9bd53fdaeb69c2d115c30785d6ca09b57
BUG=chromium-os:7178
TEST=manual:
Both in host and chroot environments:
. run `make clean && make && make runtests' in the top
directory
. observe the following being added in the end of the
report:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
./gen_fuzz_test_cases.sh
Generating test image file...
1+0 records in
1+0 records out
500000 bytes (500 kB) copied, 0.0790024 s, 6.3 MB/s
Generating test bootloader file...
1+0 records in
1+0 records out
50000 bytes (50 kB) copied, 0.00921653 s, 5.4 MB/s
Generating test config file...
1+0 records in
1+0 records out
3000 bytes (3.0 kB) copied, 0.000618682 s, 4.8 MB/s
Generating key blocks...
Generating signed firmware test image...
Generating signed kernel test image...
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Review URL: http://codereview.chromium.org/4687007
BUG=chromium-os:8621
TEST=See below
1. Build and run tests of vboot (including linktest)
$ make && make runtests
2. Check if *_stub.o are not in vboot_fw.a
$ nm /build/<board>/usr/lib/vboot_fw.a | grep _stub.o
3. Build and boot x86-generic image
$ ./build_packages --board=x86-generic && ./build_image --board=x86-generic
(Then successfully boot the image you just built)
See CL=4372001 for u-boot side changes
Review URL: http://codereview.chromium.org/4266002
Change-Id: Icc2bcc551c998f370e4b737fbe442ebf029cd81c
Changed TlclRead / TlclWrite to take void* / const void* to reduce typecasts.
Much restructuring of rollback_index.c.
Fixed a version-packing bug in rollback_index.c (& --> |)
BUG:chrome-os-partner:304
TEST:manual testing of all code flows on CRB
Review URL: http://codereview.chromium.org/3084030
This code compiles and installs using a modified ebuild (which needs to be committed after this change).
Review URL: http://codereview.chromium.org/2857030
It turned out that shared verified boot library fails to
work properly when compiled by msc in BIOS environment.
The culprit was identified as failing 64 bit logical
operations by preprocessor. It is probably possible to
come up with a certain compile flag set to fix the
operations, but it is not easy to modify and control the BIOS
compilation environment.
The alternative solution is to limit the size of the field
in question to 16 bits (especially since this is the only
part of the attributes field which is supposed to be
altered by firmware.
A union is being introduced in firmware/lib/cgptlib/include/gpt.h:GptEntry to allow
accessing the field both as a 64 bit entity and a top
16 bit field. All places where this field is used are
being modified appropriately.
tests/Makefile is being fixed to allow controlling test run
from the top level directory.
Tested by building everything and running tests.
All tests pass.
Review URL: http://codereview.chromium.org/2799019
properly, i.e. rebuild relevant targets if any of the
dependencies (implicit or explicit) change.
To make dependency generation easier the three source files
in the tests directory shared among many programs
(rollback_index_mock.c test_common.c timer_utils.c and
crc32_test.c) are separated into a library, with each of
them getting its own the automated dependency script
generated by the compiler.
To simplify rule definitions, all applications built in the
test directory get linked with -lcrypto and -lrt, which is
not a problem as the linker will not use the library unless
needed.
Tested by touching different .h and .c files in ./tests,
running make and then and observing the make results.
Also verified that emerging works for x86 in chroot environment.
Review URL: http://codereview.chromium.org/2847012
After this change the generated files are placed in a
separate tree (such thet they don't show in the
`git status' output anymore) and the dependencies are
followed properly (if a .h file changes the
appropriate .o files and apps get rebuilt).
Tested as follows:
> $ make clean
> $ make # build succeeds
> $ git status # shows clean directory
> $ RUNTESTS=1 make # (captured test output matches that of the test run before any changes)
> $ touch ./vboot_firmware/include/tlcl.h
> $ make # make succeeds
> $ find build -type f -newer ./vboot_firmware/include/tlcl.h
build/vboot_firmware/lib/rollback_index.o
build/vboot_firmware/lib/rollback_index.o.d
build/vboot_firmware/a.out
build/vboot_fw.a
build/utility/vbutil_key
build/utility/kernel_utility.d
build/utility/vbutil_key.d
build/utility/verify_data
build/utility/load_kernel_test.d
build/utility/vbutil_keyblock.d
build/utility/vbutil_kernel
build/utility/vbutil_kernel.d
build/utility/firmware_utility
build/utility/signature_digest_utility.d
build/utility/kernel_utility
build/utility/verify_data.d
build/utility/vbutil_keyblock
build/utility/signature_digest_utility
build/utility/load_kernel_test
build/utility/firmware_utility.d
build/tests/vboot_common3_tests
build/tests/vboot_common2_tests
build/host/a.out
$ >
Review URL: http://codereview.chromium.org/2845001
This fixes a number of bugs, adds a bunch of commands, and essentially makes
cgpt ready to use as a replacement for gpt. Still to do is to add commands
and options that will let it generated intentionally bad partitions, for use
in testing.
Review URL: http://codereview.chromium.org/2719008
Firmware-side code for LoadKernel() is in place now. LoadFirmware() replacement coming soon.
The new functions are implemented in parallel to the existing ones (i.e., everything that used to work still does).
Review URL: http://codereview.chromium.org/2745007
Also includes part of LoadKernel(), which I'll split into a separate
CL. With some hacks, gets into VerifyKernel() before dying because
I'm not passing in the right key blob.
cgptlib is now pretty stable, and worth looking at. LoadKernel() less so.
Thanks,
Randall
Review URL: http://codereview.chromium.org/2438005
This creates a new vboot_firmware subdirectory, and which contains the
entirety of the BIOS code. There shouldn't be anything in this directory
that is NOT required by the BIOS.
Review URL: http://codereview.chromium.org/2219004
This should make it easier to switch off debug messages if needed.
TESTS=builds fine, autotest builds fine (using both arm/x86-generic)
Review URL: http://codereview.chromium.org/1607006
Refactor and restructure reference code into individual self-contain modules. I have revamped the way the code is structured to make it easy to determine which parts belong in the firmware and which are used by userland tools.
common/ - common utilities and stub functions (Firmware)
cryptolib/ - crypto library (Firmware)
misclibs/ - miscellaneous userland libraries (Userland)
sctips/ - Miscellaenous scripts (Userland)
tests/ - Tests (Userland)
vfirmware/ - Verified Firmware Implementation
vfirmware/firmware_image_fw.c (Firmware)
vfirmware/firmware_image.c (Userland)
vkernel/ - Verified Kernel Implementation
vkernel/kernel_image_fw.c (Firmware)
vkernel/kernel_image.c (Userland)
Review URL: http://codereview.chromium.org/1581005
This CL refactors verified boot firmware and kernel image functions into firmware and userland portions. Data Types and Functions that need to be a part of the final firmware implementation reside in files with "_fw" suffix - firmware_image_fw.{c|h} and kernel_image_fw.{c|h}.
Also some Makefile cleanups.
Review URL: http://codereview.chromium.org/1599001
This CL fixes some functions to use uint64_t that I missed the first time around. It ended up requiring some minor changes to how some of the helper functions work (StatefulMemcpy*()).
Also adds new tests to make sure that reference code can verify/process big firmware and kernel images.
BUG=670
TEST=Adds some new, old ones still pass.
Review URL: http://codereview.chromium.org/1519008
BUG=670
TESTS=Adds new tests which verify this doesn't occur anymore. Existing tests still pass.
The existing code computes and verifies signatures on firmware/kernel data and firmware/kernel versions separately. This causes a image splicing bug where it is possible to combine together a version signature from a valid new firmware with firmware data and signature from an older version. The same problem exists with kernel verification.
This CL fixes this by changing the firmware/kernel signatures to also include the version information.
For the Firmware, there's a separate signature on the preamble (which contains the version) but the firmware signature now also includes this preamble in addition to the firmware data.
For the Kernel, there's a separate signature on the kernel config/options (wich also contains the version), but the kernel signature now also includes these config/options in addition to the kernel data.
Review URL: http://codereview.chromium.org/1430001
Also removes the dev_mode flag from Firmware Image verification as key signature for the firmware should be checked whether or not dev mode is enabled.
BUG=670
TEST=All tests still pass.
Merge remote branch 'refs/remotes/origin/master' into fixtests
Fix tests, remove dev mode. Move common code.
Review URL: http://codereview.chromium.org/1280002
This CL adds a new function VerifyFirmwareDriver_f() means to be a part of the RO firmware which determine which copy of the firmware to boot from. It is meant to ensure that a particular firmware is only booted if 1) it verifies successfully, 2) its version is newer or equal to current stored version. In addition, the driver function also updates the stored version if needed.
Currently I am using the TLCL API with stub calls, (in fact, most of the TPM interaction is done in rollback_index.c which implements the actual version query/update API) used by the firmware.
Review URL: http://codereview.chromium.org/1241002
Refactor duplicate code for the firmware image benchmark. Also fixes some functions that manipulate kernel blobs (use uint64_t instead if int).
Review URL: http://codereview.chromium.org/1079009
The benchmark calculates the time taken to verify a firmware image of various sizes for various combinations of signature algorithm. This is meant to be called through autotest.
Review URL: http://codereview.chromium.org/1127007
The driver programs are useful in quick and dirty fuzz testing of the verification code with blind smartfuzzers like Bunny (http://code.google.com/p/bunny-the-fuzzer/).
Also fixes a bug with image generation in kernel_utility.
Tests: All existing tests still pass. VerifyKernel() and VerifyFirmware() can successfully verify images generated by {firmware|kernel}_utility.
Review URL: http://codereview.chromium.org/975007
I previously refactored some of the signature generation code to directly use the OpenSSL library instead of invoking the "openssl" command line utility. The signature_digest command line utility got lost in the process. This restores the utility which in turn fixes the RSA verification test.
Review URL: http://codereview.chromium.org/669040
This CL does the following:
1) It adds a SignatureBuf function which uses the OpenSSL library to generate RSA signature. This is more robust than the previous way of invoking the command line "openssl" utility and capturing its output. No more unnecessary temporary files for signature operations.
2) It adds functions that allow direct manipulation of binary verified Firmware and Kernel Image blobs in memory.
3) It changes the structure field members for FirmwareImage to make it consistent with KernelImage. Now it's clearer which key is used when.
4) Minor bug fixes and slightly improved API for dealing verified boot firmware and kernel images.
5) Renames the RSA_verify function to prevent conflicts with OpenSSL since it's linked into the firmware utility binary.
Review URL: http://codereview.chromium.org/661353
BUG=670
TEST=Adds kernel_image_test which tests the new functions.
The kernel image verification pretty much exactly mirror the already existing firmware image verification functions except with a few different/additional fields in a signed kernel image. The firmware signing key is the root key equivalent for kernel images.
This CL also moves the image verification tests to a different script. There's some additional cleanup of the code that I will be submitting separately after this and another pending patches get LGTMed and land.
Review URL: http://codereview.chromium.org/660161
This test checks that signatures with improper padding do not get accepted by the RSA signature verification implementation.
Review URL: http://codereview.chromium.org/661038
In addtion, add test cases and a script to generate them for benchmarking. Also fixes a path problem with the run_rsa_tests.sh script.
Review URL: http://codereview.chromium.org/626011
A DigestContext structure now wraps state for all the SHA* algorithms. Replaced the old SHA*_file functions to use these new wrappers. Also moved the digest utility functions from tests/ to crypto/.
BUG=670
TEST=Modified existing tests to use the new wrappers and they pass.
Review URL: http://codereview.chromium.org/579007
The current stable version of OpenSSL(0.9.8d) does not support RSA signature with SHA-256 and SHA-512 message digests. This utility outputs the hash of file data in a format suitable for use with the "openssl" command-line tool fir generating RSA signatures.
Also modified the tests to use this to generate RSA signature rather than "openssl pkeyutl" which is not supported on current stable version of OpenSSL.
Review URL: http://codereview.chromium.org/552227
