Do not directly manipulate global structs. Work on the local copy instead.
In firmware-land, globals are a bad idea.
Review URL: http://codereview.chromium.org/3027011
Also renamed verify preamble functions, now that they do not need the
'2' at the end to differentiate them from the now-deleted original
implementation.
BUG=4501
TEST=Ran make runtests; all pass.
Review URL: http://codereview.chromium.org/3027009
After this change vbutil_kernel allows to repack an existing
signed ChromeOS kernel such that the kernel command line is
changed on operator's request.
The new command line parameter is --verbose which causes
--verify to print out current contents of the kernel
command line.
Some refactoring and cleaning were also done:
- provide a macro to access command line buffer inside
a kernel blob
- ReadConfigFile() a new wrapper to preprocess the
config file.
- keep the key_block and preamble in the blob when
unpacking an existing signed kernel for --repack and
--verify.
- make --pack expect at least one of the two:
--config or --keyblock, thus allowing to change the
command line without replacing anything else in the
signed kernel image.
- refactor Verify() to use OldBlob() to preprocess the
image.
The top level Makefile was changed to allow compiling for debugging.
Build with DEBUG=1 in the make command line to enable gdb debugging and debug printouts. Build with DISABLE_NDEBUG=1 in the make command line to enable cryptolib debug outputs.
BUG=http://code.google.com/p/chromium-os/issues/detail?id=4814
TEST=see below
1. Observe that all unit tests still pass by running
(vboot_reference $) RUNTESTS=1 make
2. On a working DVT system copy the running kernel into a
file using
dd if=/dev/sda2 of=/tmp/dev.kernel
and transfer the file to the host into /tmp/try/dev.kernel
Then create the new config file in /tmp/try/new.conf.txt and run the following commands:
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
(vboot_reference $) ./build/utility/vbutil_kernel --verify /tmp/try/dev.kernel --signpubkey tests/devkeys/kernel_subkey.vbpubk --verbose
Key block:
Size: 0x4b8
Data key algorithm: 4 RSA2048 SHA256
Data key version: 1
Flags: 7
Preamble:
Size: 0xfb48
Header version: 2.0
Kernel version: 1
Body load address: 0x100000
Body size: 0x302000
Bootloader address: 0x3fe000
Bootloader size: 0x4000
Body verification succeeded.
Config:
earlyprintk=serial,ttyS0,115200 console=ttyS0,115200 init=/sbin/init add_efi_memmap boot=local rootwait ro noresume noswap i915.modeset=1 loglevel=7 cros_secure root=/dev/sd%D%P dm_verity.error_behavior=2 dm_verity.max_bios=1024 dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 sha1 a7fbd641ba25488509987959d5756d802790ef8f" noinitrd
(vboot_reference $) ./build/utility/vbutil_kernel --repack /tmp/try/dev.kernel.repacked --signprivate tests/devkeys/kernel_data_key.vbprivk --oldblob /tmp/try/dev.kernel --config /tmp/try/new.conf.txt
(vboot_reference $) ./build/utility/vbutil_kernel --verify /tmp/try/dev.kernel.repacked --signpubkey tests/devkeys/kernel_subkey.vbpubk --verbose
Key block:
Size: 0x4b8
Data key algorithm: 4 RSA2048 SHA256
Data key version: 1
Flags: 7
Preamble:
Size: 0xfb48
Header version: 2.0
Kernel version: 1
Body load address: 0x100000
Body size: 0x302000
Bootloader address: 0x3fe000
Bootloader size: 0x4000
Body verification succeeded.
Config:
console=tty2 init=/sbin/init add_efi_memmap boot=local rootwait ro noresume noswap i915.modeset=1 loglevel=7 cros_secure root=/dev/sd%D%P dm_verity.error_behavior=2 dm_verity.max_bios=1024 dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 sha1 ff06384015a7726baff719ee68eab312b1d45570" noinitrd
(vboot_reference $)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Observe the chanegd command line printed by --verify --verbose. Then transfer the new kernel image back to the DVT system, dd it into /dev/sda2 and restart the DVT system.
Observe kernel startup messages dumped on the screen (due to the changed kernel command line).
Then examine /proc/cmdline to verify that the command line indeed matches the contents of /tmp/try/new.conf.txt on the host.
3. Build the code with
(vboot_reference$) DEBUG=1 make
observe that debug information is visible by gdb.
Build the code with
(vboot_reference$) DISABLE_DEBUG=1 make
and observe that -DNDEBUG is dropped from the compiler invocation line.
Review URL: http://codereview.chromium.org/3004001
Also created a new directory in the vboot_reference source where all signing scripts and related miscellanea will go.
Review URL: http://codereview.chromium.org/2925011
This code compiles and installs using a modified ebuild (which needs to be committed after this change).
Review URL: http://codereview.chromium.org/2857030
This makes it much simpler to keep track of what we're doing.
vbutil_key can now wrap both .keyb and .pem keys. It figures out which is
which by trying both and just using the one that works.
vbutil_keyblock and vbutil_kernel now use .vbprivk files for signing.
replace debug() with VBDEBUG(()) in host-side sources, too.
rename PrivateKeyRead to PrivateKeyReadPem
Add real PrivateKeyRead and PrivateKeyWrite for .vbprivk files.
Review URL: http://codereview.chromium.org/2871033
The --repack option lets us sign a previously signed kernel blob with a new
kernel data key.
The --headeronly option is so we can emit the new verification header
separately from the kernel blob.
More work to come...
Review URL: http://codereview.chromium.org/2812034
Adds dump_kernel_config.c which takes in a file, reads it
all in to memory, then walks the blob until it can determine
the location of the kernel command line.
This is needed to allow the kernel config to inform legacy bootloader
configuration during autoupdates without packaging up dm-verity specific
options in some additional update metadata.
TEST=manual run over build_kernel_image.sh output
BUG=chromium-os:327
Review URL: http://codereview.chromium.org/2811029
Also, make sure that the regenerated version gets
automatically added to the set of changed files.
Tested by rebuilding the tree and observing the
`git status' output.
Review URL: http://codereview.chromium.org/2809040
This is a mostly NOOP change which modifies the source code
to compile cleanly in the MSVC command line build
environment.
A new makefile is introduced (msc/nmakefile) along with a
README.txt in the same directory explaining how to build
the code in the DOS window. As of this submission the build
is running in a 32 bit environment, the intention is to use
the same makefile for 64 bit builds in the future.
Enabling high compilation warnings level allowed to
identify a couple of bugs in the code which are being fixed.
Not all sources are being compiled in the MSVC environment,
only those in firmware/ and most of those in test/
subdirectories. The benchmark calculations require porting
of the timer facilities and are being postponed.
TEST
Built in DOS and linux environments. Ran unit tests in
linux environment.
Review URL: http://codereview.chromium.org/2809037
MSVC does not like bitfields with extra bits in them, so it made the GptEntry struct too big.
Fixed a missing return value in LoadFirmware().
Added some debug output.
Fixed calls to SetupTPM().
Tested with 'make && make runtests'. No errors.
Review URL: http://codereview.chromium.org/2865014
Note that I am still using TPM_MUST_REBOOT because if power is lost between ForceClear and resetting the deactivated flag, the TPM will *really* be disabled at the next reboot, and it's nice to fix this problem automatically.
Review URL: http://codereview.chromium.org/2859016
It turned out that shared verified boot library fails to
work properly when compiled by msc in BIOS environment.
The culprit was identified as failing 64 bit logical
operations by preprocessor. It is probably possible to
come up with a certain compile flag set to fix the
operations, but it is not easy to modify and control the BIOS
compilation environment.
The alternative solution is to limit the size of the field
in question to 16 bits (especially since this is the only
part of the attributes field which is supposed to be
altered by firmware.
A union is being introduced in firmware/lib/cgptlib/include/gpt.h:GptEntry to allow
accessing the field both as a 64 bit entity and a top
16 bit field. All places where this field is used are
being modified appropriately.
tests/Makefile is being fixed to allow controlling test run
from the top level directory.
Tested by building everything and running tests.
All tests pass.
Review URL: http://codereview.chromium.org/2799019
This is a noop for host/chroot environment. When compiling
in the firmware space the standard include files will not be
included, the definitions will be supplied by the BIOS,
through the new file (firmware/include/sysincludes.h).
Testing
=======
RUNTESTS=1 make
in the top level directory succeeds, confirming that the
tree compiles cleanly and the unit tests pass.
Review URL: http://codereview.chromium.org/2862019
