mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2026-01-09 17:11:42 +00:00
b2b0fcc0f6
After this change vbutil_kernel allows to repack an existing signed ChromeOS kernel such that the kernel command line is changed on operator's request. The new command line parameter is --verbose which causes --verify to print out current contents of the kernel command line. Some refactoring and cleaning were also done: - provide a macro to access command line buffer inside a kernel blob - ReadConfigFile() a new wrapper to preprocess the config file. - keep the key_block and preamble in the blob when unpacking an existing signed kernel for --repack and --verify. - make --pack expect at least one of the two: --config or --keyblock, thus allowing to change the command line without replacing anything else in the signed kernel image. - refactor Verify() to use OldBlob() to preprocess the image. The top level Makefile was changed to allow compiling for debugging. Build with DEBUG=1 in the make command line to enable gdb debugging and debug printouts. Build with DISABLE_NDEBUG=1 in the make command line to enable cryptolib debug outputs. BUG=http://code.google.com/p/chromium-os/issues/detail?id=4814 TEST=see below 1. Observe that all unit tests still pass by running (vboot_reference $) RUNTESTS=1 make 2. On a working DVT system copy the running kernel into a file using dd if=/dev/sda2 of=/tmp/dev.kernel and transfer the file to the host into /tmp/try/dev.kernel Then create the new config file in /tmp/try/new.conf.txt and run the following commands: vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv (vboot_reference $) ./build/utility/vbutil_kernel --verify /tmp/try/dev.kernel --signpubkey tests/devkeys/kernel_subkey.vbpubk --verbose Key block: Size: 0x4b8 Data key algorithm: 4 RSA2048 SHA256 Data key version: 1 Flags: 7 Preamble: Size: 0xfb48 Header version: 2.0 Kernel version: 1 Body load address: 0x100000 Body size: 0x302000 Bootloader address: 0x3fe000 Bootloader size: 0x4000 Body verification succeeded. Config: earlyprintk=serial,ttyS0,115200 console=ttyS0,115200 init=/sbin/init add_efi_memmap boot=local rootwait ro noresume noswap i915.modeset=1 loglevel=7 cros_secure root=/dev/sd%D%P dm_verity.error_behavior=2 dm_verity.max_bios=1024 dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 sha1 a7fbd641ba25488509987959d5756d802790ef8f" noinitrd (vboot_reference $) ./build/utility/vbutil_kernel --repack /tmp/try/dev.kernel.repacked --signprivate tests/devkeys/kernel_data_key.vbprivk --oldblob /tmp/try/dev.kernel --config /tmp/try/new.conf.txt (vboot_reference $) ./build/utility/vbutil_kernel --verify /tmp/try/dev.kernel.repacked --signpubkey tests/devkeys/kernel_subkey.vbpubk --verbose Key block: Size: 0x4b8 Data key algorithm: 4 RSA2048 SHA256 Data key version: 1 Flags: 7 Preamble: Size: 0xfb48 Header version: 2.0 Kernel version: 1 Body load address: 0x100000 Body size: 0x302000 Bootloader address: 0x3fe000 Bootloader size: 0x4000 Body verification succeeded. Config: console=tty2 init=/sbin/init add_efi_memmap boot=local rootwait ro noresume noswap i915.modeset=1 loglevel=7 cros_secure root=/dev/sd%D%P dm_verity.error_behavior=2 dm_verity.max_bios=1024 dm="0 2097152 verity ROOT_DEV HASH_DEV 2097152 1 sha1 ff06384015a7726baff719ee68eab312b1d45570" noinitrd (vboot_reference $) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Observe the chanegd command line printed by --verify --verbose. Then transfer the new kernel image back to the DVT system, dd it into /dev/sda2 and restart the DVT system. Observe kernel startup messages dumped on the screen (due to the changed kernel command line). Then examine /proc/cmdline to verify that the command line indeed matches the contents of /tmp/try/new.conf.txt on the host. 3. Build the code with (vboot_reference$) DEBUG=1 make observe that debug information is visible by gdb. Build the code with (vboot_reference$) DISABLE_DEBUG=1 make and observe that -DNDEBUG is dropped from the compiler invocation line. Review URL: http://codereview.chromium.org/3004001
56 lines
1.1 KiB
Makefile
56 lines
1.1 KiB
Makefile
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
export CC ?= gcc
|
|
export CXX ?= g++
|
|
export CFLAGS = -Wall -Werror -DCHROMEOS_ENVIRONMENT
|
|
ifeq (${DEBUG},)
|
|
CFLAGS += -O3
|
|
else
|
|
CFLAGS += -O0 -g -DVBOOT_DEBUG
|
|
endif
|
|
ifeq (${DISABLE_NDEBUG},)
|
|
CFLAGS += -DNDEBUG
|
|
endif
|
|
|
|
export TOP = $(shell pwd)
|
|
export FWDIR=$(TOP)/firmware
|
|
export HOSTDIR=$(TOP)/host
|
|
export INCLUDES = -I$(FWDIR)/include -I$(FWDIR)/stub/include
|
|
|
|
export BUILD = ${TOP}/build
|
|
export FWLIB = ${BUILD}/vboot_fw.a
|
|
export HOSTLIB= ${BUILD}/vboot_host.a
|
|
|
|
SUBDIRS = firmware host utility cgpt tests tests/tpm_lite
|
|
|
|
all:
|
|
set -e; \
|
|
for d in $(shell find ${SUBDIRS} -name '*.c' -exec dirname {} \; |\
|
|
sort -u); do \
|
|
newdir=${BUILD}/$$d; \
|
|
if [ ! -d $$newdir ]; then \
|
|
mkdir -p $$newdir; \
|
|
fi; \
|
|
done && \
|
|
for i in $(SUBDIRS); do \
|
|
make -C $$i; \
|
|
done
|
|
|
|
clean:
|
|
/bin/rm -rf ${BUILD}
|
|
|
|
install:
|
|
$(MAKE) -C utility install
|
|
$(MAKE) -C cgpt install
|
|
|
|
runtests:
|
|
$(MAKE) -C tests runtests
|
|
|
|
rbtest:
|
|
$(MAKE) -C tests rbtest
|
|
|
|
update_tlcl_structures:
|
|
$(MAKE) -C utility update_tlcl_structures
|