// Copyright (c) 2010 The Chromium OS Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // // Utility for manipulating verified boot firmware images. // #include "firmware_utility.h" #include #include #include // Needed for UINT16_MAX. #include #include #include extern "C" { #include "file_keys.h" #include "firmware_image.h" #include "padding.h" #include "rsa_utility.h" #include "sha_utility.h" #include "utility.h" } extern int errno; using std::cerr; namespace vboot_reference { FirmwareUtility::FirmwareUtility(): image_(NULL), root_key_pub_(NULL), firmware_version_(-1), firmware_key_version_(-1), firmware_sign_algorithm_(-1), is_generate_(false), is_verify_(false) { } FirmwareUtility::~FirmwareUtility() { RSAPublicKeyFree(root_key_pub_); FirmwareImageFree(image_); } void FirmwareUtility::PrintUsage(void) { cerr << "Utility to generate/verify a verified boot firmware image\n\n" "Usage: firmware_utility <--generate|--verify> [OPTIONS]\n\n" "For \"--verify\", required OPTIONS are:\n" "--in \t\t\tVerified boot firmware image to verify.\n" "--root_key_pub \tPre-processed public root key " "to use for verification.\n\n" "For \"--generate\", required OPTIONS are:\n" "--root_key \tPrivate root key file\n" "--firmware_sign_key \tPrivate signing key file\n" "--firmware_sign_key_pub \tPre-processed public signing" " key\n" "--firmware_sign_algorithm \tSigning algorithm to use\n" "--firmware_key_version \tSigning Key Version#\n" "--firmware_version \tFirmware Version#\n" "--in \t\t\tFirmware Image to sign\n" "--out \t\t\tOutput file for verified boot firmware image\n\n" " (for --sign-algorithm) is one of the following:\n"; for (int i = 0; i < kNumAlgorithms; i++) { cerr << i << " for " << algo_strings[i] << "\n"; } cerr << "\n\n"; } bool FirmwareUtility::ParseCmdLineOptions(int argc, char* argv[]) { int option_index; static struct option long_options[] = { {"root_key", 1, 0, 0}, {"root_key_pub", 1, 0, 0}, {"firmware_sign_key", 1, 0, 0}, {"firmware_sign_key_pub", 1, 0, 0}, {"firmware_sign_algorithm", 1, 0, 0}, {"firmware_key_version", 1, 0, 0}, {"firmware_version", 1, 0, 0}, {"in", 1, 0, 0}, {"out", 1, 0, 0}, {"generate", 0, 0, 0}, {"verify", 0, 0, 0}, {NULL, 0, 0, 0} }; while (1) { int i = getopt_long(argc, argv, "", long_options, &option_index); if (-1 == i) // Done with option processing. break; if ('?' == i) // Invalid option found. return false; if (0 == i) { switch (option_index) { case 0: // root_key root_key_file_ = optarg; break; case 1: // root_key_pub root_key_pub_file_ = optarg; break; case 2: // firmware_sign_key firmware_key_file_ = optarg; break; case 3: // firmware_sign_key_pub firmware_key_pub_file_ = optarg; break; case 4: // firmware_sign_algorithm errno = 0; // strtol() returns an error via errno firmware_sign_algorithm_ = strtol(optarg, reinterpret_cast(NULL), 10); if (errno) return false; break; case 5: // firmware_key_version errno = 0; firmware_key_version_ = strtol(optarg, reinterpret_cast(NULL), 10); if (errno) return false; break; case 6: // firmware_version errno = 0; firmware_version_ = strtol(optarg, reinterpret_cast(NULL), 10); if (errno) return false; break; case 7: // in in_file_ = optarg; break; case 8: // out out_file_ = optarg; break; case 9: // generate is_generate_ = true; break; case 10: // verify is_verify_ = true; break; } } } return CheckOptions(); } void FirmwareUtility::OutputSignedImage(void) { if (image_) { if (!WriteFirmwareImage(out_file_.c_str(), image_)) { cerr << "Couldn't write verified boot image to file " << out_file_ <<".\n"; } } } bool FirmwareUtility::GenerateSignedImage(void) { uint32_t firmware_sign_key_pub_len; uint8_t* header_checksum; DigestContext ctx; image_ = FirmwareImageNew(); Memcpy(image_->magic, FIRMWARE_MAGIC, FIRMWARE_MAGIC_SIZE); // Copy pre-processed public signing key. image_->firmware_sign_algorithm = (uint16_t) firmware_sign_algorithm_; image_->firmware_sign_key = BufferFromFile( firmware_key_pub_file_.c_str(), &firmware_sign_key_pub_len); if (!image_->firmware_sign_key) return false; image_->firmware_key_version = firmware_key_version_; // Update header length. image_->header_len = GetFirmwareHeaderLen(image_); // Calculate header checksum. DigestInit(&ctx, SHA512_DIGEST_ALGORITHM); DigestUpdate(&ctx, reinterpret_cast(&image_->header_len), sizeof(image_->header_len)); DigestUpdate(&ctx, reinterpret_cast(&image_->firmware_sign_algorithm), sizeof(image_->firmware_sign_algorithm)); DigestUpdate(&ctx, image_->firmware_sign_key, RSAProcessedKeySize(image_->firmware_sign_algorithm)); DigestUpdate(&ctx, reinterpret_cast(&image_->firmware_key_version), sizeof(image_->firmware_key_version)); header_checksum = DigestFinal(&ctx); Memcpy(image_->header_checksum, header_checksum, SHA512_DIGEST_SIZE); Free(header_checksum); image_->firmware_version = firmware_version_; image_->firmware_len = 0; // TODO(gauravsh): Populate this with the right bytes once we decide // what goes into the preamble. Memset(image_->preamble, 'P', FIRMWARE_PREAMBLE_SIZE); image_->firmware_data = BufferFromFile(in_file_.c_str(), &image_->firmware_len); if (!image_) return false; // Generate and add the signatures. if (!AddFirmwareKeySignature(image_, root_key_file_.c_str())) { cerr << "Couldn't write key signature to verified boot image.\n"; return false; } if (!AddFirmwareSignature(image_, firmware_key_file_.c_str())) { cerr << "Couldn't write firmware signature to verified boot image.\n"; return false; } return true; } bool FirmwareUtility::VerifySignedImage(void) { int error; root_key_pub_ = RSAPublicKeyFromFile(root_key_pub_file_.c_str()); image_ = ReadFirmwareImage(in_file_.c_str()); if (!root_key_pub_) { cerr << "Couldn't read pre-processed public root key.\n"; return false; } if (!image_) { cerr << "Couldn't read firmware image or malformed image.\n"; return false; } if (!(error = VerifyFirmwareImage(root_key_pub_, image_, 0))) // Trusted Mode. return true; cerr << VerifyFirmwareErrorString(error) << "\n"; return false;; } bool FirmwareUtility::CheckOptions(void) { if (is_generate_ == is_verify_) { cerr << "One of --generate or --verify must be specified.\n"; return false; } // Common required options. if (in_file_.empty()) { cerr << "No input file specified." << "\n"; return false; } // Required options for --verify. if (is_verify_ && root_key_pub_file_.empty()) { cerr << "No pre-processed public root key file specified." << "\n"; return false; } // Required options for --generate. if (is_generate_) { if (root_key_file_.empty()) { cerr << "No root key file specified." << "\n"; return false; } if (firmware_version_ <= 0 || firmware_version_ > UINT16_MAX) { cerr << "Invalid or no firmware version specified." << "\n"; return false; } if (firmware_key_file_.empty()) { cerr << "No signing key file specified." << "\n"; return false; } if (firmware_key_pub_file_.empty()) { cerr << "No pre-processed public signing key file specified." << "\n"; return false; } if (firmware_key_version_ <= 0 || firmware_key_version_ > UINT16_MAX) { cerr << "Invalid or no key version specified." << "\n"; return false; } if (firmware_sign_algorithm_ < 0 || firmware_sign_algorithm_ >= kNumAlgorithms) { cerr << "Invalid or no signing key algorithm specified." << "\n"; return false; } if (out_file_.empty()) { cerr <<"No output file specified." << "\n"; return false; } } return true; } } // namespace vboot_reference int main(int argc, char* argv[]) { vboot_reference::FirmwareUtility fu; if (!fu.ParseCmdLineOptions(argc, argv)) { fu.PrintUsage(); return -1; } if (fu.is_generate()) { if (!fu.GenerateSignedImage()) return -1; fu.OutputSignedImage(); } if (fu.is_verify()) { cerr << "Verification "; if (fu.VerifySignedImage()) cerr << "SUCCESS.\n"; else cerr << "FAILURE.\n"; } return 0; }