mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-12-29 10:00:51 +00:00
39bd18b890
Rename image geometry configs with a uniform naming scheme to make their purposes more clear. CONFIG_RO_MEM_OFF (was CONFIG_FW_RO_OFF) - RO image offset in program memory CONFIG_RO_STORAGE_OFF (was CONFIG_RO_SPI_OFF) - RO image offset on storage CONFIG_RO_SIZE (was CONFIG_FW_RO_SIZE) - Size of RO image CONFIG_RW_MEM_OFF (was CONFIG_FW_RW_OFF) - RW image offset in program memory CONFIG_RW_STORAGE_OFF (was CONFIG_RW_SPI_OFF) - RW image offset on storage CONFIG_RW_SIZE (was CONFIG_FW_RW_SIZE) - Size of RW image CONFIG_WP_OFF (was CONFIG_FW_WP_RO_OFF) - Offset of WP region on storage CONFIG_WP_SIZE (was CONFIG_FW_WP_RO_SIZE) - Size of WP region on storage BUG=chrome-os-partner:39741,chrome-os-partner:23796 TEST=Set date / version strings to constants then `make buildall -j`. Verify that each ec.bin image is identical pre- and post-change. BRANCH=None Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org> Change-Id: I6ea0a4e456dae71c266fa917a309b9f6fa4b50cd Reviewed-on: https://chromium-review.googlesource.com/270189 Reviewed-by: Anton Staaf <robotboy@chromium.org>
79 lines
2.2 KiB
C
79 lines
2.2 KiB
C
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*/
|
|
|
|
/*
|
|
* Implementation of the RW firmware signature verification and jump.
|
|
*/
|
|
|
|
#include "console.h"
|
|
#include "ec_commands.h"
|
|
#include "rsa.h"
|
|
#include "sha256.h"
|
|
#include "shared_mem.h"
|
|
#include "system.h"
|
|
#include "usb_pd.h"
|
|
#include "util.h"
|
|
|
|
/* Console output macros */
|
|
#define CPRINTF(format, args...) cprintf(CC_SYSTEM, format, ## args)
|
|
#define CPRINTS(format, args...) cprints(CC_SYSTEM, format, ## args)
|
|
|
|
/* Insert the RSA public key definition */
|
|
const struct rsa_public_key pkey __attribute__((section(".rsa_pubkey"))) =
|
|
#include "gen_pub_key.h"
|
|
|
|
/* The RSA signature is stored at the end of the RW firmware */
|
|
static const void *rw_sig = (void *)CONFIG_FLASH_BASE + CONFIG_RW_MEM_OFF
|
|
+ CONFIG_RW_SIZE - RSANUMBYTES;
|
|
|
|
/* RW firmware reset vector */
|
|
static uint32_t * const rw_rst =
|
|
(uint32_t *)(CONFIG_FLASH_BASE+CONFIG_RW_MEM_OFF+4);
|
|
|
|
void check_rw_signature(void)
|
|
{
|
|
struct sha256_ctx ctx;
|
|
int good, res;
|
|
uint8_t *hash;
|
|
uint32_t *rsa_workbuf;
|
|
|
|
/* Only the Read-Only firmware needs to do the signature check */
|
|
if (system_get_image_copy() != SYSTEM_IMAGE_RO)
|
|
return;
|
|
|
|
/* Check if we have a RW firmware flashed */
|
|
if (*rw_rst == 0xffffffff)
|
|
return;
|
|
|
|
CPRINTS("Verifying RW image...");
|
|
|
|
/* Large buffer for RSA computation : could be re-use afterwards... */
|
|
res = shared_mem_acquire(3 * RSANUMBYTES, (char **)&rsa_workbuf);
|
|
if (res) {
|
|
CPRINTS("No memory for RW verification");
|
|
return;
|
|
}
|
|
|
|
/* SHA-256 Hash of the RW firmware */
|
|
SHA256_init(&ctx);
|
|
SHA256_update(&ctx, (void *)CONFIG_FLASH_BASE + CONFIG_RW_MEM_OFF,
|
|
CONFIG_RW_SIZE - RSANUMBYTES);
|
|
hash = SHA256_final(&ctx);
|
|
|
|
good = rsa_verify(&pkey, (void *)rw_sig, (void *)hash, rsa_workbuf);
|
|
if (good) {
|
|
CPRINTS("RW image verified");
|
|
/* Jump to the RW firmware */
|
|
system_run_image_copy(SYSTEM_IMAGE_RW);
|
|
} else {
|
|
CPRINTS("RSA verify FAILED");
|
|
pd_log_event(PD_EVENT_ACC_RW_FAIL, 0, 0, NULL);
|
|
/* RW firmware is invalid : do not jump there */
|
|
if (system_is_locked())
|
|
system_disable_jump();
|
|
}
|
|
shared_mem_release(rsa_workbuf);
|
|
}
|