blob: cfcacb6f88e50bb7b51a6186338921bdf3a411e4 [file] [log] [blame]
// Copyright 2014 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "cryptohome/bootlockbox/boot_attributes.h"
#include <base/files/file_path.h>
#include <base/logging.h>
#include <brillo/secure_blob.h>
#include "cryptohome/bootlockbox/boot_lockbox.h"
#include "cryptohome/install_attributes.pb.h"
#include "cryptohome/platform.h"
using base::FilePath;
namespace cryptohome {
const int BootAttributes::kAttributeFileVersion = 1;
const char BootAttributes::kAttributeFile[] =
const char BootAttributes::kSignatureFile[] =
BootAttributes::BootAttributes(BootLockbox* boot_lockbox, Platform* platform)
: boot_lockbox_(boot_lockbox), platform_(platform) {}
BootAttributes::~BootAttributes() {}
bool BootAttributes::Load() {
brillo::Blob data;
brillo::SecureBlob signature;
if (!platform_->ReadFile(FilePath(kAttributeFile), &data) ||
!platform_->ReadFileToSecureBlob(FilePath(kSignatureFile), &signature)) {
LOG(INFO) << "Cannot read boot lockbox files.";
return false;
if (!boot_lockbox_->Verify(data, signature)) {
LOG(ERROR) << "Cannot verify the signature of the boot lockbox.";
return false;
SerializedInstallAttributes message;
if (!message.ParseFromArray(, data.size())) {
LOG(ERROR) << "Cannot parse the content of the boot lockbox.";
return false;
AttributeMap tmp;
for (int i = 0; i < message.attributes_size(); ++i) {
const std::string& name = message.attributes(i).name();
const std::string& value = message.attributes(i).value();
tmp[name] = value;
write_buffer_ = attributes_;
return true;
bool BootAttributes::Get(const std::string& name, std::string* value) const {
AttributeMap::const_iterator it = attributes_.find(name);
if (it == attributes_.end()) {
return false;
*value = it->second;
return true;
void BootAttributes::Set(const std::string& name, const std::string& value) {
write_buffer_[name] = value;
bool BootAttributes::FlushAndSign() {
SerializedInstallAttributes message;
AttributeMap::const_iterator it;
for (it = write_buffer_.begin(); it != write_buffer_.end(); ++it) {
SerializedInstallAttributes::Attribute* attr = message.add_attributes();
brillo::Blob content;
brillo::SecureBlob signature;
if (!boot_lockbox_->Sign(content, &signature)) {
return false;
// Write the attributes and the signature to the files.
if (!platform_->WriteFile(FilePath(kAttributeFile), content)) {
LOG(ERROR) << "Failed to write to the boot attribute file.";
return false;
brillo::Blob signature_content(signature.begin(), signature.end());
if (!platform_->WriteFile(FilePath(kSignatureFile), signature_content)) {
LOG(ERROR) << "Failed to write to the boot attribute signature file.";
return false;
// Since two files are written, atomicity cannot be achieved easily.
// Therefore this only aims for durability.
attributes_ = write_buffer_;
return true;
} // namespace cryptohome