Google Git
Sign in
cos / third_party / platform / vboot_reference / abcd6d24548480c1b3aeb5998c15b8548cea3b76 / . / firmware / lib20 / api_kernel.c
blob: 9ab852221dcb6b6b7b0821f81a3d873d3f774312 [file] [log] [blame]
/* Copyright 2015 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Externally-callable APIs
* (Kernel portion)
*/
#include "2api.h"
#include "2misc.h"
#include "2nvstorage.h"
#include "2rsa.h"
#include "2secdata.h"
#include "2sha.h"
#include "2sysincludes.h"
#include "vb2_common.h"
#include "vboot_struct.h"
vb2_error_t vb2api_load_kernel_vblock(struct vb2_context *ctx)
{
/* Verify kernel keyblock */
VB2_TRY(vb2_load_kernel_keyblock(ctx));
/* Verify kernel preamble */
VB2_TRY(vb2_load_kernel_preamble(ctx));
return VB2_SUCCESS;
}
vb2_error_t vb2api_get_kernel_size(struct vb2_context *ctx,
uint32_t *offset_ptr, uint32_t *size_ptr)
{
struct vb2_shared_data *sd = vb2_get_sd(ctx);
const struct vb2_kernel_preamble *pre;
/* Get preamble pointer */
if (!sd->preamble_size)
return VB2_ERROR_API_GET_KERNEL_SIZE_PREAMBLE;
pre = (const struct vb2_kernel_preamble *)
vb2_member_of(sd, sd->preamble_offset);
if (offset_ptr) {
/* The kernel implicitly follows the preamble */
*offset_ptr = sd->vblock_preamble_offset +
sd->preamble_size;
}
if (size_ptr) {
/* Expect the kernel to be the size of data we signed */
*size_ptr = pre->body_signature.data_size;
}
return VB2_SUCCESS;
}
vb2_error_t vb2api_verify_kernel_data(struct vb2_context *ctx, const void *buf,
uint32_t size)
{
struct vb2_shared_data *sd = vb2_get_sd(ctx);
struct vb2_kernel_preamble *pre;
struct vb2_digest_context *dc;
struct vb2_public_key key;
struct vb2_workbuf wb;
uint8_t *digest;
uint32_t digest_size;
vb2_workbuf_from_ctx(ctx, &wb);
/* Get preamble pointer */
if (!sd->preamble_size)
return VB2_ERROR_API_VERIFY_KDATA_PREAMBLE;
pre = (struct vb2_kernel_preamble *)
vb2_member_of(sd, sd->preamble_offset);
/* Make sure we were passed the right amount of data */
if (size != pre->body_signature.data_size)
return VB2_ERROR_API_VERIFY_KDATA_SIZE;
/* Allocate workbuf space for the hash */
dc = vb2_workbuf_alloc(&wb, sizeof(*dc));
if (!dc)
return VB2_ERROR_API_VERIFY_KDATA_WORKBUF;
/*
* Unpack the kernel data key to see which hashing algorithm we
* should use.
*
* TODO: really, the kernel body should be hashed, and not signed,
* because the signature we're checking is already signed as part of
* the kernel preamble. But until we can change the signing scripts,
* we're stuck with a signature here instead of a hash.
*/
if (!sd->data_key_size)
return VB2_ERROR_API_VERIFY_KDATA_KEY;
VB2_TRY(vb2_unpack_key_buffer(&key,
vb2_member_of(sd, sd->data_key_offset),
sd->data_key_size));
VB2_TRY(vb2_digest_init(dc, key.hash_alg));
VB2_TRY(vb2_digest_extend(dc, buf, size));
digest_size = vb2_digest_size(key.hash_alg);
digest = vb2_workbuf_alloc(&wb, digest_size);
if (!digest)
return VB2_ERROR_API_CHECK_HASH_WORKBUF_DIGEST;
VB2_TRY(vb2_digest_finalize(dc, digest, digest_size));
/*
* The body signature is currently a *signature* of the body data, not
* just its hash. So we need to verify the signature.
*/
/*
* Check digest vs. signature. Note that this destroys the signature.
* That's ok, because we only check each signature once per boot.
*/
return vb2_verify_digest(&key, &pre->body_signature, digest, &wb);
}
vb2_error_t vb2api_kernel_phase3(struct vb2_context *ctx)
{
struct vb2_shared_data *sd = vb2_get_sd(ctx);
/*
* If the kernel is a newer version than in secure storage, and the
* kernel signature is valid, and we're not in recovery mode, and we're
* allowed to, roll forward the version in secure storage.
*/
if (sd->kernel_version > sd->kernel_version_secdata &&
(sd->flags & VB2_SD_FLAG_KERNEL_SIGNED) &&
!(ctx->flags & VB2_CONTEXT_RECOVERY_MODE) &&
(ctx->flags & VB2_CONTEXT_ALLOW_KERNEL_ROLL_FORWARD)) {
vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS,
sd->kernel_version);
sd->kernel_version_secdata = sd->kernel_version;
}
return VB2_SUCCESS;
}