mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-11-28 04:04:03 +00:00
bd52fc793a
The kernel_config is now stored as a 4K binary block instead of the kconfig_options structure that was being used before. Since the verified boot code doesn't care what kernel config options are (other than the length of the kernel image and for verifying them before the rest of kernel), it is ok to keep them as a blackbox. This CL also changes the verified boot kernel layout - VBlock Data followed by Kernel Config followed by the Kernel Image. This will allow them to be stored separately, or as a concatenated block (for easy memory mapping during kernel load). This should ease the process of generating a layout for verified boot kernel images which is also compatible with legacy BIOSes that don't support this mechanism. Finally, there is also a new firmware API function to determine the size of a kernel verified boot block, given a pointer to its beginning (for determining the offset to the kernel config and data). Review URL: http://codereview.chromium.org/1732022
87 lines
2.7 KiB
C++
87 lines
2.7 KiB
C++
// Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef VBOOT_REFERENCE_KERNEL_UTILITY_H_
|
|
#define VBOOT_REFERENCE_KERNEL_UTILITY_H_
|
|
|
|
#include <string>
|
|
|
|
extern "C" {
|
|
#include "kernel_image.h"
|
|
}
|
|
|
|
struct RSAPublicKey;
|
|
|
|
namespace vboot_reference {
|
|
|
|
// A class for handling verified boot kernel images.
|
|
class KernelUtility {
|
|
public:
|
|
KernelUtility();
|
|
~KernelUtility();
|
|
|
|
// Print usage to stderr.
|
|
void PrintUsage(void);
|
|
|
|
// Parse command line options and populate data members.
|
|
// Return true on success, false on failure.
|
|
bool ParseCmdLineOptions(int argc, char* argv[]);
|
|
|
|
// Print description of a verified boot kernel image.
|
|
void DescribeSignedImage();
|
|
|
|
// Generate a verified boot image by reading kernel data from in_file_.
|
|
// Return true on success, false on failure.
|
|
bool GenerateSignedImage();
|
|
|
|
// Verify a previously generated signed firmware image using the key read
|
|
// from [firmware_key_pub_file_].
|
|
bool VerifySignedImage();
|
|
|
|
// Output the verified boot kernel image to out_file_.
|
|
void OutputSignedImage();
|
|
|
|
bool is_generate() { return is_generate_; }
|
|
bool is_verify() { return is_verify_; }
|
|
bool is_describe() { return is_describe_; }
|
|
|
|
private:
|
|
|
|
// Check if all options were specified and sane.
|
|
// Return true on success, false on failure.
|
|
bool CheckOptions();
|
|
|
|
KernelImage* image_;
|
|
RSAPublicKey* firmware_key_pub_; // Root key used for verification.
|
|
std::string firmware_key_file_; // Private key for signing the kernel key.
|
|
std::string firmware_key_pub_file_;
|
|
std::string kernel_key_file_; // Private key for signing the kernel.
|
|
std::string kernel_key_pub_file_;
|
|
std::string config_file_; // File containing kernel config options.
|
|
// TODO(gauravsh): Currently this just fills in options.cmd_line in struct
|
|
// KernelImage (from vkernel/kernel_image_fw.h). Ideally we'd like to have
|
|
// a well defined config file format which is also backwards compatible with
|
|
// Legacy BIOS boot loaders.
|
|
|
|
// Fields of a KernelImage. (read from the command line).
|
|
int header_version_;
|
|
int firmware_sign_algorithm_;
|
|
int kernel_sign_algorithm_;
|
|
int kernel_key_version_;
|
|
int kernel_version_;
|
|
uint64_t kernel_len_;
|
|
uint8_t* kernel_config_;
|
|
|
|
std::string in_file_;
|
|
std::string out_file_;
|
|
bool is_generate_; // Are we generating a new image?
|
|
bool is_verify_; // Are we just verifying an already signed image?
|
|
bool is_describe_; // Should we print out description of the image?
|
|
bool is_only_vblock_; // Show we just output the verification block?
|
|
};
|
|
|
|
} // namespace vboot_reference
|
|
|
|
#endif // VBOOT_REFERENCE_FIRMWARE_UTILITY_H_
|