mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2026-01-17 18:41:22 +00:00
c1a96b0f42
Recent experience shows that users often get confused and try running
pre-mp signed images under dev firmware control and vice versa. The
matters are further aggravated by the fact that the signage mismatch
is allowed when the device is in dev mode and not in normal mode.
While the users usually can tell what class of keys the Chrome OS
image is signed with, it is much mode difficult to tell what keys the
firmware was signed with.
This patch, reports in the log if the firmware was signed with dev
keys, by comparing the hash calculated over the packed root public key
body with a precompiled value.
A test tweak was required to avoid using uninitialized data.
BRANCH=none
BUG=none
TEST=booted the new code on storm, observed the following message
included in the log:
VB2:vb2_report_key_class() This is developer signed firmware
- verified that 'make run2tests' succeeds in chroot
Change-Id: I97ed6ba384cee59ff3f42943630e92ebae10dd03
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/264469
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Here's what's what in the firmware/ directory. include/ lib/ These are the original structures and APIs used in the earliest Chromebooks and continuing through 2014. It never had a version as such to begin with, but we now refer to this implementation as "vboot1" or "vboot version 1.0". linktest/ stub/ These are stubs used to link the vboot1 libraries into host-side test executables so we can run some tests on the build machine instead of a Chromebook. 2lib/ In 2014 we began work on a new vboot API. The first step was just a refactoring and renaming of the verification API. The public functions and external headers that are exported for use by the Chrome OS firmware (or anything else that wants to use vboot) live in here. The internal structures and implementations go elsewhere. lib20/ This is an early implementation of the public (2lib/) API. It is binary-compatible with vboot1, so although the interface details are different, any existing on-device structures or signatures created by the vboot1 tools can be validated using this implementation. This was deployed slightly before it was ready. That's not a problem, thanks to the binary compatibility, but this directory will be abandoned Real Soon Now, except for the product support branches. lib21/ This is where the current development of the second-generation vboot API is taking place. It uses the public (2lib/) API, but will NOT be binary compatible with vboot1 structs. Because of the early release of the lib20 stuff, we're actually calling this lib21.