mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2026-01-14 08:36:39 +00:00
463be3f135
BUG=670 TESTS=Adds new tests which verify this doesn't occur anymore. Existing tests still pass. The existing code computes and verifies signatures on firmware/kernel data and firmware/kernel versions separately. This causes a image splicing bug where it is possible to combine together a version signature from a valid new firmware with firmware data and signature from an older version. The same problem exists with kernel verification. This CL fixes this by changing the firmware/kernel signatures to also include the version information. For the Firmware, there's a separate signature on the preamble (which contains the version) but the firmware signature now also includes this preamble in addition to the firmware data. For the Kernel, there's a separate signature on the kernel config/options (wich also contains the version), but the kernel signature now also includes these config/options in addition to the kernel data. Review URL: http://codereview.chromium.org/1430001