)]}' { "commit": "4bf68451385566621c4abad81cfc4790d687e82b", "tree": "63f39e2f17ce851da753481db676fb4a6c69ab3b", "parents": [ "717af71adb33e799450242236a7f0b77e952c193" ], "author": { "name": "Duncan Laurie", "email": "dlaurie@chromium.org", "time": "Wed Oct 01 09:58:10 2014 -0700" }, "committer": { "name": "ChromeOS Commit Bot", "email": "chromeos-commit-bot@chromium.org", "time": "Thu Apr 30 00:26:50 2015 +0000" }, "message": "vboot_kernel: Validate GPT header before using\n\nIn AllocAndReadGptData() the code was changed to use the GPT header\nto determine the LBA of the GPT entries. This change did not account\nfor devices that have an invalid header and it can attempt to read\nfrom invalid block addresses on a device.\n\nThis commit happened here:\na2d72f7 vboot: cgpt: Refer to partition entries by entries_lba.\nhttps://chromium-review.googlesource.com/213861\n\nThe subsequent steps in vboot, LoadKernel-\u003eGptInit-\u003eGptRepair will\nfix a missing header and entries, so it is only necessary for one of\nthe headers to be valid.\n\nThis is commonly the case with a new USB stick that has an image\nwritten to it as only the primary header will be valid in this case.\nHowever it is also true if the primary header has been corrupted and\nthe secondary header is still valid.\n\nThe code has been changed to call CheckHeader() on the primary and\nsecondary headers before attempting to use the \u0027entries_lba\u0027 field\nto read the entries from the device. AllocAndReadGptData() now only\nfails if both headers are invalid.\n\nA number of new unit tests are created to check for these failure\nconditions. In order to support this I had to extend the vboot_kernel\ntest infrastructure to have a buffer for the mocked disk data instead\nof just ignoring reads and writes. This is because many of the existing\ntests assumed they could have an invalid GPT header and still pass.\nNow that the header is checked it is necessary for a valid header to\nbe created before the tests can pass.\n\nBUG\u003dchrome-os-partner:32386\nBRANCH\u003dsamus,auron\nTEST\u003dAll unit tests pass when running \u0027make runtests\u0027\nIn addition real-world testing was done by corrupting the primary\nand/or secondary headers of USB stick to ensure that it will\nsuccessfully boot if one of the headers is valid.\n\nChange-Id: I7f840a44742fa3ba9a124df29ab5749e4c5a40c1\nSigned-off-by: Duncan Laurie \u003cdlaurie@chromium.org\u003e\nReviewed-on: https://chromium-review.googlesource.com/220757\nReviewed-by: Bill Richardson \u003cwfrichar@chromium.org\u003e\nReviewed-by: Nam Nguyen \u003cnamnguyen@chromium.org\u003e\n(cherry picked from commit 162f7885964b39419419f07a576fc390068678a9)\nReviewed-on: https://chromium-review.googlesource.com/267454\nTested-by: Zhuo-hao Lee \u003czhuo-hao.lee@intel.com\u003e\nCommit-Queue: Zhuo-hao Lee \u003czhuo-hao.lee@intel.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "df32fc08ddd1415e4f93f6c2e94979b7020d6b2a", "old_mode": 33188, "old_path": "firmware/lib/vboot_kernel.c", "new_id": "8c985a9747e8a6b218f854d9f37ca9ad7529ed2b", "new_mode": 33188, "new_path": "firmware/lib/vboot_kernel.c" }, { "type": "modify", "old_id": "935dd869c5aac34692828c30fea992f82e03a2c6", "old_mode": 33188, "old_path": "tests/vboot_kernel_tests.c", "new_id": "3712d0d3fc4fdae10e4b45a798c6394442d8938f", "new_mode": 33188, "new_path": "tests/vboot_kernel_tests.c" } ] }