vboot/vboot_kernel: move kernel/fw struct functions
Relocate currently-in-use kernel struct functions out
of lib20 namespace, and into:
* 2struct.c for functions required at runtime
* host_common.c for functions required by host
Relocate firmware struct functions from 2common.c
into 2struct.c
vb2_common.h may be deleted as a result.
This CL is part of a series to merge vboot1 and vboot2.0
kernel verification code; see b/181739551.
BUG=b:181739551
TEST=make clean && make runtests
BRANCH=none
Signed-off-by: Joel Kitching <kitching@google.com>
Change-Id: Ic162d9633b6112ddc4a819b3e58d313dc484f304
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2825269
Tested-by: Joel Kitching <kitching@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
diff --git a/Makefile b/Makefile
index ab8f791..327b753 100644
--- a/Makefile
+++ b/Makefile
@@ -410,6 +410,7 @@
firmware/2lib/2sha256.c \
firmware/2lib/2sha512.c \
firmware/2lib/2sha_utility.c \
+ firmware/2lib/2struct.c \
firmware/2lib/2stub_hwcrypto.c \
firmware/2lib/2tpm_bootmode.c \
firmware/lib/cgptlib/cgptlib.c \
@@ -522,6 +523,7 @@
firmware/2lib/2sha256.c \
firmware/2lib/2sha512.c \
firmware/2lib/2sha_utility.c \
+ firmware/2lib/2struct.c \
firmware/2lib/2stub.c \
firmware/2lib/2stub_hwcrypto.c \
firmware/lib/cgptlib/cgptlib_internal.c \
diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c
index 8267f8c..fa0585e 100644
--- a/firmware/2lib/2common.c
+++ b/firmware/2lib/2common.c
@@ -8,8 +8,6 @@
#include "2common.h"
#include "2rsa.h"
-#include "2sha.h"
-#include "2sysincludes.h"
vb2_error_t vb2_safe_memcmp(const void *s1, const void *s2, size_t size)
{
@@ -231,151 +229,3 @@
return vb2_verify_digest(key, sig, digest, &wblocal);
}
-
-vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size,
- const struct vb2_signature *sig)
-{
- if(size < sizeof(*block)) {
- VB2_DEBUG("Not enough space for keyblock header.\n");
- return VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER;
- }
-
- if (memcmp(block->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE)) {
- VB2_DEBUG("Not a valid verified boot keyblock.\n");
- return VB2_ERROR_KEYBLOCK_MAGIC;
- }
-
- if (block->header_version_major != VB2_KEYBLOCK_VERSION_MAJOR) {
- VB2_DEBUG("Incompatible keyblock header version.\n");
- return VB2_ERROR_KEYBLOCK_HEADER_VERSION;
- }
-
- if (size < block->keyblock_size) {
- VB2_DEBUG("Not enough data for keyblock.\n");
- return VB2_ERROR_KEYBLOCK_SIZE;
- }
-
- if (vb2_verify_signature_inside(block, block->keyblock_size, sig)) {
- VB2_DEBUG("Keyblock signature off end of block\n");
- return VB2_ERROR_KEYBLOCK_SIG_OUTSIDE;
- }
-
- /* Make sure advertised signature data sizes are valid. */
- if (block->keyblock_size < sig->data_size) {
- VB2_DEBUG("Signature calculated past end of block\n");
- return VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH;
- }
-
- /* Verify we signed enough data */
- if (sig->data_size < sizeof(struct vb2_keyblock)) {
- VB2_DEBUG("Didn't sign enough data\n");
- return VB2_ERROR_KEYBLOCK_SIGNED_TOO_LITTLE;
- }
-
- /* Verify data key is inside the block and inside signed data */
- if (vb2_verify_packed_key_inside(block, block->keyblock_size,
- &block->data_key)) {
- VB2_DEBUG("Data key off end of keyblock\n");
- return VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE;
- }
- if (vb2_verify_packed_key_inside(block, sig->data_size,
- &block->data_key)) {
- VB2_DEBUG("Data key off end of signed data\n");
- return VB2_ERROR_KEYBLOCK_DATA_KEY_UNSIGNED;
- }
-
- return VB2_SUCCESS;
-}
-
-vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size,
- const struct vb2_public_key *key,
- const struct vb2_workbuf *wb)
-{
- struct vb2_signature *sig = &block->keyblock_signature;
- vb2_error_t rv;
-
- /* Validity check keyblock before attempting signature check of data */
- VB2_TRY(vb2_check_keyblock(block, size, sig));
-
- VB2_DEBUG("Checking keyblock signature...\n");
- rv = vb2_verify_data((const uint8_t *)block, size, sig, key, wb);
- if (rv) {
- VB2_DEBUG("Invalid keyblock signature.\n");
- return VB2_ERROR_KEYBLOCK_SIG_INVALID;
- }
-
- /* Success */
- return VB2_SUCCESS;
-}
-
-vb2_error_t vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
- uint32_t size,
- const struct vb2_public_key *key,
- const struct vb2_workbuf *wb)
-{
- struct vb2_signature *sig = &preamble->preamble_signature;
-
- VB2_DEBUG("Verifying preamble.\n");
-
- /* Validity checks before attempting signature of data */
- if(size < sizeof(*preamble)) {
- VB2_DEBUG("Not enough data for preamble header\n");
- return VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER;
- }
- if (preamble->header_version_major !=
- VB2_FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) {
- VB2_DEBUG("Incompatible firmware preamble header version.\n");
- return VB2_ERROR_PREAMBLE_HEADER_VERSION;
- }
-
- if (preamble->header_version_minor < 1) {
- VB2_DEBUG("Only preamble header 2.1+ supported\n");
- return VB2_ERROR_PREAMBLE_HEADER_OLD;
- }
-
- if (size < preamble->preamble_size) {
- VB2_DEBUG("Not enough data for preamble.\n");
- return VB2_ERROR_PREAMBLE_SIZE;
- }
-
- /* Check signature */
- if (vb2_verify_signature_inside(preamble, preamble->preamble_size,
- sig)) {
- VB2_DEBUG("Preamble signature off end of preamble\n");
- return VB2_ERROR_PREAMBLE_SIG_OUTSIDE;
- }
-
- /* Make sure advertised signature data sizes are valid. */
- if (preamble->preamble_size < sig->data_size) {
- VB2_DEBUG("Signature calculated past end of the block\n");
- return VB2_ERROR_PREAMBLE_SIGNED_TOO_MUCH;
- }
-
- if (vb2_verify_data((const uint8_t *)preamble, size, sig, key, wb)) {
- VB2_DEBUG("Preamble signature validation failed\n");
- return VB2_ERROR_PREAMBLE_SIG_INVALID;
- }
-
- /* Verify we signed enough data */
- if (sig->data_size < sizeof(struct vb2_fw_preamble)) {
- VB2_DEBUG("Didn't sign enough data\n");
- return VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE;
- }
-
- /* Verify body signature is inside the signed data */
- if (vb2_verify_signature_inside(preamble, sig->data_size,
- &preamble->body_signature)) {
- VB2_DEBUG("Firmware body signature off end of preamble\n");
- return VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE;
- }
-
- /* Verify kernel subkey is inside the signed data */
- if (vb2_verify_packed_key_inside(preamble, sig->data_size,
- &preamble->kernel_subkey)) {
- VB2_DEBUG("Kernel subkey off end of preamble\n");
- return VB2_ERROR_PREAMBLE_KERNEL_SUBKEY_OUTSIDE;
- }
-
- /* Success */
- return VB2_SUCCESS;
-}
diff --git a/firmware/2lib/2struct.c b/firmware/2lib/2struct.c
new file mode 100644
index 0000000..a16f869
--- /dev/null
+++ b/firmware/2lib/2struct.c
@@ -0,0 +1,317 @@
+/* Copyright 2021 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Functions for reading, checking and verifying firmware and
+ * kernel data structures.
+ */
+
+#include "2common.h"
+
+vb2_error_t vb2_check_keyblock(const struct vb2_keyblock *block, uint32_t size,
+ const struct vb2_signature *sig)
+{
+ if(size < sizeof(*block)) {
+ VB2_DEBUG("Not enough space for keyblock header.\n");
+ return VB2_ERROR_KEYBLOCK_TOO_SMALL_FOR_HEADER;
+ }
+
+ if (memcmp(block->magic, VB2_KEYBLOCK_MAGIC, VB2_KEYBLOCK_MAGIC_SIZE)) {
+ VB2_DEBUG("Not a valid verified boot keyblock.\n");
+ return VB2_ERROR_KEYBLOCK_MAGIC;
+ }
+
+ if (block->header_version_major != VB2_KEYBLOCK_VERSION_MAJOR) {
+ VB2_DEBUG("Incompatible keyblock header version.\n");
+ return VB2_ERROR_KEYBLOCK_HEADER_VERSION;
+ }
+
+ if (size < block->keyblock_size) {
+ VB2_DEBUG("Not enough data for keyblock.\n");
+ return VB2_ERROR_KEYBLOCK_SIZE;
+ }
+
+ if (vb2_verify_signature_inside(block, block->keyblock_size, sig)) {
+ VB2_DEBUG("Keyblock signature off end of block\n");
+ return VB2_ERROR_KEYBLOCK_SIG_OUTSIDE;
+ }
+
+ /* Make sure advertised signature data sizes are valid. */
+ if (block->keyblock_size < sig->data_size) {
+ VB2_DEBUG("Signature calculated past end of block\n");
+ return VB2_ERROR_KEYBLOCK_SIGNED_TOO_MUCH;
+ }
+
+ /* Verify we signed enough data */
+ if (sig->data_size < sizeof(struct vb2_keyblock)) {
+ VB2_DEBUG("Didn't sign enough data\n");
+ return VB2_ERROR_KEYBLOCK_SIGNED_TOO_LITTLE;
+ }
+
+ /* Verify data key is inside the block and inside signed data */
+ if (vb2_verify_packed_key_inside(block, block->keyblock_size,
+ &block->data_key)) {
+ VB2_DEBUG("Data key off end of keyblock\n");
+ return VB2_ERROR_KEYBLOCK_DATA_KEY_OUTSIDE;
+ }
+ if (vb2_verify_packed_key_inside(block, sig->data_size,
+ &block->data_key)) {
+ VB2_DEBUG("Data key off end of signed data\n");
+ return VB2_ERROR_KEYBLOCK_DATA_KEY_UNSIGNED;
+ }
+
+ return VB2_SUCCESS;
+}
+
+vb2_error_t vb2_verify_keyblock(struct vb2_keyblock *block, uint32_t size,
+ const struct vb2_public_key *key,
+ const struct vb2_workbuf *wb)
+{
+ struct vb2_signature *sig = &block->keyblock_signature;
+ vb2_error_t rv;
+
+ /* Validity check keyblock before attempting signature check of data */
+ VB2_TRY(vb2_check_keyblock(block, size, sig));
+
+ VB2_DEBUG("Checking keyblock signature...\n");
+ rv = vb2_verify_data((const uint8_t *)block, size, sig, key, wb);
+ if (rv) {
+ VB2_DEBUG("Invalid keyblock signature.\n");
+ return VB2_ERROR_KEYBLOCK_SIG_INVALID;
+ }
+
+ /* Success */
+ return VB2_SUCCESS;
+}
+
+vb2_error_t vb2_verify_fw_preamble(struct vb2_fw_preamble *preamble,
+ uint32_t size,
+ const struct vb2_public_key *key,
+ const struct vb2_workbuf *wb)
+{
+ struct vb2_signature *sig = &preamble->preamble_signature;
+
+ VB2_DEBUG("Verifying preamble.\n");
+
+ /* Validity checks before attempting signature of data */
+ if(size < sizeof(*preamble)) {
+ VB2_DEBUG("Not enough data for preamble header\n");
+ return VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER;
+ }
+ if (preamble->header_version_major !=
+ VB2_FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) {
+ VB2_DEBUG("Incompatible firmware preamble header version.\n");
+ return VB2_ERROR_PREAMBLE_HEADER_VERSION;
+ }
+
+ if (preamble->header_version_minor < 1) {
+ VB2_DEBUG("Only preamble header 2.1+ supported\n");
+ return VB2_ERROR_PREAMBLE_HEADER_OLD;
+ }
+
+ if (size < preamble->preamble_size) {
+ VB2_DEBUG("Not enough data for preamble.\n");
+ return VB2_ERROR_PREAMBLE_SIZE;
+ }
+
+ /* Check signature */
+ if (vb2_verify_signature_inside(preamble, preamble->preamble_size,
+ sig)) {
+ VB2_DEBUG("Preamble signature off end of preamble\n");
+ return VB2_ERROR_PREAMBLE_SIG_OUTSIDE;
+ }
+
+ /* Make sure advertised signature data sizes are valid. */
+ if (preamble->preamble_size < sig->data_size) {
+ VB2_DEBUG("Signature calculated past end of the block\n");
+ return VB2_ERROR_PREAMBLE_SIGNED_TOO_MUCH;
+ }
+
+ if (vb2_verify_data((const uint8_t *)preamble, size, sig, key, wb)) {
+ VB2_DEBUG("Preamble signature validation failed\n");
+ return VB2_ERROR_PREAMBLE_SIG_INVALID;
+ }
+
+ /* Verify we signed enough data */
+ if (sig->data_size < sizeof(struct vb2_fw_preamble)) {
+ VB2_DEBUG("Didn't sign enough data\n");
+ return VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE;
+ }
+
+ /* Verify body signature is inside the signed data */
+ if (vb2_verify_signature_inside(preamble, sig->data_size,
+ &preamble->body_signature)) {
+ VB2_DEBUG("Firmware body signature off end of preamble\n");
+ return VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE;
+ }
+
+ /* Verify kernel subkey is inside the signed data */
+ if (vb2_verify_packed_key_inside(preamble, sig->data_size,
+ &preamble->kernel_subkey)) {
+ VB2_DEBUG("Kernel subkey off end of preamble\n");
+ return VB2_ERROR_PREAMBLE_KERNEL_SUBKEY_OUTSIDE;
+ }
+
+ /* Success */
+ return VB2_SUCCESS;
+}
+
+uint32_t vb2_kernel_get_flags(const struct vb2_kernel_preamble *preamble)
+{
+ if (preamble->header_version_minor < 2)
+ return 0;
+
+ return preamble->flags;
+}
+
+test_mockable
+vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block,
+ uint32_t size,
+ const struct vb2_workbuf *wb)
+{
+ const struct vb2_signature *sig = &block->keyblock_hash;
+ struct vb2_workbuf wblocal = *wb;
+ struct vb2_digest_context *dc;
+ uint8_t *digest;
+ uint32_t digest_size;
+
+ /* Validity check keyblock before attempting hash check of data */
+ VB2_TRY(vb2_check_keyblock(block, size, sig));
+
+ VB2_DEBUG("Checking keyblock hash...\n");
+
+ /* Digest goes at start of work buffer */
+ digest_size = vb2_digest_size(VB2_HASH_SHA512);
+ digest = vb2_workbuf_alloc(&wblocal, digest_size);
+ if (!digest)
+ return VB2_ERROR_VDATA_WORKBUF_DIGEST;
+
+ /* Hashing requires temp space for the context */
+ dc = vb2_workbuf_alloc(&wblocal, sizeof(*dc));
+ if (!dc)
+ return VB2_ERROR_VDATA_WORKBUF_HASHING;
+
+ VB2_TRY(vb2_digest_init(dc, VB2_HASH_SHA512));
+
+ VB2_TRY(vb2_digest_extend(dc, (const uint8_t *)block, sig->data_size));
+
+ VB2_TRY(vb2_digest_finalize(dc, digest, digest_size));
+
+ if (vb2_safe_memcmp(vb2_signature_data(sig), digest,
+ digest_size) != 0) {
+ VB2_DEBUG("Invalid keyblock hash.\n");
+ return VB2_ERROR_KEYBLOCK_HASH_INVALID_IN_DEV_MODE;
+ }
+
+ /* Success */
+ return VB2_SUCCESS;
+}
+
+test_mockable
+vb2_error_t vb2_verify_kernel_preamble(struct vb2_kernel_preamble *preamble,
+ uint32_t size,
+ const struct vb2_public_key *key,
+ const struct vb2_workbuf *wb)
+{
+ struct vb2_signature *sig = &preamble->preamble_signature;
+ uint32_t min_size = EXPECTED_VB2_KERNEL_PREAMBLE_2_0_SIZE;
+
+ VB2_DEBUG("Verifying kernel preamble.\n");
+
+ /* Make sure it's even safe to look at the struct */
+ if(size < min_size) {
+ VB2_DEBUG("Not enough data for preamble header.\n");
+ return VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER;
+ }
+ if (preamble->header_version_major !=
+ VB2_KERNEL_PREAMBLE_HEADER_VERSION_MAJOR) {
+ VB2_DEBUG("Incompatible kernel preamble header version.\n");
+ return VB2_ERROR_PREAMBLE_HEADER_VERSION;
+ }
+
+ if (preamble->header_version_minor >= 2)
+ min_size = EXPECTED_VB2_KERNEL_PREAMBLE_2_2_SIZE;
+ else if (preamble->header_version_minor == 1)
+ min_size = EXPECTED_VB2_KERNEL_PREAMBLE_2_1_SIZE;
+ if(preamble->preamble_size < min_size) {
+ VB2_DEBUG("Preamble size too small for header.\n");
+ return VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER;
+ }
+ if (size < preamble->preamble_size) {
+ VB2_DEBUG("Not enough data for preamble.\n");
+ return VB2_ERROR_PREAMBLE_SIZE;
+ }
+
+ /* Check signature */
+ if (vb2_verify_signature_inside(preamble, preamble->preamble_size,
+ sig)) {
+ VB2_DEBUG("Preamble signature off end of preamble\n");
+ return VB2_ERROR_PREAMBLE_SIG_OUTSIDE;
+ }
+
+ /* Make sure advertised signature data sizes are valid. */
+ if (preamble->preamble_size < sig->data_size) {
+ VB2_DEBUG("Signature calculated past end of the block\n");
+ return VB2_ERROR_PREAMBLE_SIGNED_TOO_MUCH;
+ }
+
+ if (vb2_verify_data((const uint8_t *)preamble, size, sig, key, wb)) {
+ VB2_DEBUG("Preamble signature validation failed\n");
+ return VB2_ERROR_PREAMBLE_SIG_INVALID;
+ }
+
+ /* Verify we signed enough data */
+ if (sig->data_size < sizeof(struct vb2_fw_preamble)) {
+ VB2_DEBUG("Didn't sign enough data\n");
+ return VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE;
+ }
+
+ /* Verify body signature is inside the signed data */
+ if (vb2_verify_signature_inside(preamble, sig->data_size,
+ &preamble->body_signature)) {
+ VB2_DEBUG("Body signature off end of preamble\n");
+ return VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE;
+ }
+
+ /*
+ * If bootloader is present, verify it's covered by the body
+ * signature.
+ */
+ if (preamble->bootloader_size) {
+ const void *body_ptr =
+ (const void *)(uintptr_t)preamble->body_load_address;
+ const void *bootloader_ptr =
+ (const void *)(uintptr_t)preamble->bootloader_address;
+ if (vb2_verify_member_inside(body_ptr,
+ preamble->body_signature.data_size,
+ bootloader_ptr,
+ preamble->bootloader_size,
+ 0, 0)) {
+ VB2_DEBUG("Bootloader off end of signed data\n");
+ return VB2_ERROR_PREAMBLE_BOOTLOADER_OUTSIDE;
+ }
+ }
+
+ /*
+ * If vmlinuz header is present, verify it's covered by the body
+ * signature.
+ */
+ if (preamble->header_version_minor >= 1 &&
+ preamble->vmlinuz_header_size) {
+ const void *body_ptr =
+ (const void *)(uintptr_t)preamble->body_load_address;
+ const void *vmlinuz_header_ptr = (const void *)
+ (uintptr_t)preamble->vmlinuz_header_address;
+ if (vb2_verify_member_inside(body_ptr,
+ preamble->body_signature.data_size,
+ vmlinuz_header_ptr,
+ preamble->vmlinuz_header_size,
+ 0, 0)) {
+ VB2_DEBUG("Vmlinuz header off end of signed data\n");
+ return VB2_ERROR_PREAMBLE_VMLINUZ_HEADER_OUTSIDE;
+ }
+ }
+
+ /* Success */
+ return VB2_SUCCESS;
+}
diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h
index 13ea40f..918c50d 100644
--- a/firmware/2lib/include/2common.h
+++ b/firmware/2lib/include/2common.h
@@ -428,4 +428,44 @@
const struct vb2_public_key *key,
const struct vb2_workbuf *wb);
+/**
+ * Get the flags for the kernel preamble.
+ *
+ * @param preamble Preamble to check
+ * @return Flags for the preamble. Old preamble versions (<2.2) return 0.
+ */
+uint32_t vb2_kernel_get_flags(const struct vb2_kernel_preamble *preamble);
+
+/**
+ * Verify a keyblock using its hash.
+ *
+ * Header fields are also checked for validity. Does not verify key index or key
+ * block flags. Use this for self-signed keyblocks in developer mode.
+ *
+ * @param block Keyblock to verify
+ * @param size Size of keyblock buffer
+ * @param key Key to use to verify block
+ * @param wb Work buffer
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block,
+ uint32_t size,
+ const struct vb2_workbuf *wb);
+
+/**
+ * Check the validity of a kernel preamble using a public key.
+ *
+ * The signature in the preamble is destroyed during the check.
+ *
+ * @param preamble Preamble to verify
+ * @param size Size of preamble buffer
+ * @param key Key to use to verify preamble
+ * @param wb Work buffer
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb2_verify_kernel_preamble(struct vb2_kernel_preamble *preamble,
+ uint32_t size,
+ const struct vb2_public_key *key,
+ const struct vb2_workbuf *wb);
+
#endif /* VBOOT_REFERENCE_2COMMON_H_ */
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index c087488..e2a71ca 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -10,18 +10,13 @@
#include "2misc.h"
#include "2nvstorage.h"
#include "2packed_key.h"
-#include "2rsa.h"
-#include "2sha.h"
#include "2secdata.h"
#include "2sysincludes.h"
#include "cgptlib.h"
#include "cgptlib_internal.h"
#include "gpt_misc.h"
#include "load_kernel_fw.h"
-#include "vb2_common.h"
#include "vboot_api.h"
-#include "vboot_kernel.h"
-#include "vboot_struct.h"
#define LOWEST_TPM_VERSION 0xffffffff
diff --git a/firmware/lib20/api_kernel.c b/firmware/lib20/api_kernel.c
index 9ab8522..403e932 100644
--- a/firmware/lib20/api_kernel.c
+++ b/firmware/lib20/api_kernel.c
@@ -7,14 +7,13 @@
*/
#include "2api.h"
+#include "2common.h"
#include "2misc.h"
#include "2nvstorage.h"
#include "2rsa.h"
#include "2secdata.h"
#include "2sha.h"
#include "2sysincludes.h"
-#include "vb2_common.h"
-#include "vboot_struct.h"
vb2_error_t vb2api_load_kernel_vblock(struct vb2_context *ctx)
{
diff --git a/firmware/lib20/include/vb2_common.h b/firmware/lib20/include/vb2_common.h
deleted file mode 100644
index 3db0437..0000000
--- a/firmware/lib20/include/vb2_common.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Common functions between firmware and kernel verified boot.
- */
-
-#ifndef VBOOT_REFERENCE_VB2_COMMON_H_
-#define VBOOT_REFERENCE_VB2_COMMON_H_
-
-#include "2api.h"
-#include "2common.h"
-#include "2return_codes.h"
-#include "2sha.h"
-#include "2struct.h"
-#include "2sysincludes.h"
-
-struct vb2_public_key;
-
-/**
- * Verify a keyblock using its hash.
- *
- * Header fields are also checked for validity. Does not verify key index or key
- * block flags. Use this for self-signed keyblocks in developer mode.
- *
- * @param block Keyblock to verify
- * @param size Size of keyblock buffer
- * @param key Key to use to verify block
- * @param wb Work buffer
- * @return VB2_SUCCESS, or non-zero error code if error.
- */
-vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block,
- uint32_t size,
- const struct vb2_workbuf *wb);
-
-/**
- * Check the validity of a kernel preamble using a public key.
- *
- * The signature in the preamble is destroyed during the check.
- *
- * @param preamble Preamble to verify
- * @param size Size of preamble buffer
- * @param key Key to use to verify preamble
- * @param wb Work buffer
- * @return VB2_SUCCESS, or non-zero error code if error.
- */
-vb2_error_t vb2_verify_kernel_preamble(struct vb2_kernel_preamble *preamble,
- uint32_t size,
- const struct vb2_public_key *key,
- const struct vb2_workbuf *wb);
-
-/**
- * Retrieve the 16-bit vmlinuz header address and size from the preamble.
- *
- * Size 0 means there is no 16-bit vmlinuz header present. Old preamble
- * versions (<2.1) return 0 for both fields.
- *
- * @param preamble Preamble to check
- * @param vmlinuz_header_address Destination for header address
- * @param vmlinuz_header_size Destination for header size
- */
-void vb2_kernel_get_vmlinuz_header(const struct vb2_kernel_preamble *preamble,
- uint64_t *vmlinuz_header_address,
- uint32_t *vmlinuz_header_size);
-
-/**
- * Get the flags for the kernel preamble.
- *
- * @param preamble Preamble to check
- * @return Flags for the preamble. Old preamble versions (<2.2) return 0.
- */
-uint32_t vb2_kernel_get_flags(const struct vb2_kernel_preamble *preamble);
-
-#endif /* VBOOT_REFERENCE_VB2_COMMON_H_ */
diff --git a/firmware/lib20/kernel.c b/firmware/lib20/kernel.c
index b3a2436..81ded65 100644
--- a/firmware/lib20/kernel.c
+++ b/firmware/lib20/kernel.c
@@ -12,7 +12,6 @@
#include "2secdata.h"
#include "2sha.h"
#include "2sysincludes.h"
-#include "vb2_common.h"
/**
* Returns non-zero if the kernel needs to have a valid signature, instead of
@@ -35,49 +34,6 @@
return 0;
}
-test_mockable
-vb2_error_t vb2_verify_keyblock_hash(const struct vb2_keyblock *block,
- uint32_t size,
- const struct vb2_workbuf *wb)
-{
- const struct vb2_signature *sig = &block->keyblock_hash;
- struct vb2_workbuf wblocal = *wb;
- struct vb2_digest_context *dc;
- uint8_t *digest;
- uint32_t digest_size;
-
- /* Validity check keyblock before attempting hash check of data */
- VB2_TRY(vb2_check_keyblock(block, size, sig));
-
- VB2_DEBUG("Checking keyblock hash...\n");
-
- /* Digest goes at start of work buffer */
- digest_size = vb2_digest_size(VB2_HASH_SHA512);
- digest = vb2_workbuf_alloc(&wblocal, digest_size);
- if (!digest)
- return VB2_ERROR_VDATA_WORKBUF_DIGEST;
-
- /* Hashing requires temp space for the context */
- dc = vb2_workbuf_alloc(&wblocal, sizeof(*dc));
- if (!dc)
- return VB2_ERROR_VDATA_WORKBUF_HASHING;
-
- VB2_TRY(vb2_digest_init(dc, VB2_HASH_SHA512));
-
- VB2_TRY(vb2_digest_extend(dc, (const uint8_t *)block, sig->data_size));
-
- VB2_TRY(vb2_digest_finalize(dc, digest, digest_size));
-
- if (vb2_safe_memcmp(vb2_signature_data(sig), digest,
- digest_size) != 0) {
- VB2_DEBUG("Invalid keyblock hash.\n");
- return VB2_ERROR_KEYBLOCK_HASH_INVALID_IN_DEV_MODE;
- }
-
- /* Success */
- return VB2_SUCCESS;
-}
-
vb2_error_t vb2_load_kernel_keyblock(struct vb2_context *ctx)
{
struct vb2_shared_data *sd = vb2_get_sd(ctx);
@@ -223,115 +179,6 @@
return VB2_SUCCESS;
}
-test_mockable
-vb2_error_t vb2_verify_kernel_preamble(struct vb2_kernel_preamble *preamble,
- uint32_t size,
- const struct vb2_public_key *key,
- const struct vb2_workbuf *wb)
-{
- struct vb2_signature *sig = &preamble->preamble_signature;
- uint32_t min_size = EXPECTED_VB2_KERNEL_PREAMBLE_2_0_SIZE;
-
- VB2_DEBUG("Verifying kernel preamble.\n");
-
- /* Make sure it's even safe to look at the struct */
- if(size < min_size) {
- VB2_DEBUG("Not enough data for preamble header.\n");
- return VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER;
- }
- if (preamble->header_version_major !=
- VB2_KERNEL_PREAMBLE_HEADER_VERSION_MAJOR) {
- VB2_DEBUG("Incompatible kernel preamble header version.\n");
- return VB2_ERROR_PREAMBLE_HEADER_VERSION;
- }
-
- if (preamble->header_version_minor >= 2)
- min_size = EXPECTED_VB2_KERNEL_PREAMBLE_2_2_SIZE;
- else if (preamble->header_version_minor == 1)
- min_size = EXPECTED_VB2_KERNEL_PREAMBLE_2_1_SIZE;
- if(preamble->preamble_size < min_size) {
- VB2_DEBUG("Preamble size too small for header.\n");
- return VB2_ERROR_PREAMBLE_TOO_SMALL_FOR_HEADER;
- }
- if (size < preamble->preamble_size) {
- VB2_DEBUG("Not enough data for preamble.\n");
- return VB2_ERROR_PREAMBLE_SIZE;
- }
-
- /* Check signature */
- if (vb2_verify_signature_inside(preamble, preamble->preamble_size,
- sig)) {
- VB2_DEBUG("Preamble signature off end of preamble\n");
- return VB2_ERROR_PREAMBLE_SIG_OUTSIDE;
- }
-
- /* Make sure advertised signature data sizes are valid. */
- if (preamble->preamble_size < sig->data_size) {
- VB2_DEBUG("Signature calculated past end of the block\n");
- return VB2_ERROR_PREAMBLE_SIGNED_TOO_MUCH;
- }
-
- if (vb2_verify_data((const uint8_t *)preamble, size, sig, key, wb)) {
- VB2_DEBUG("Preamble signature validation failed\n");
- return VB2_ERROR_PREAMBLE_SIG_INVALID;
- }
-
- /* Verify we signed enough data */
- if (sig->data_size < sizeof(struct vb2_fw_preamble)) {
- VB2_DEBUG("Didn't sign enough data\n");
- return VB2_ERROR_PREAMBLE_SIGNED_TOO_LITTLE;
- }
-
- /* Verify body signature is inside the signed data */
- if (vb2_verify_signature_inside(preamble, sig->data_size,
- &preamble->body_signature)) {
- VB2_DEBUG("Body signature off end of preamble\n");
- return VB2_ERROR_PREAMBLE_BODY_SIG_OUTSIDE;
- }
-
- /*
- * If bootloader is present, verify it's covered by the body
- * signature.
- */
- if (preamble->bootloader_size) {
- const void *body_ptr =
- (const void *)(uintptr_t)preamble->body_load_address;
- const void *bootloader_ptr =
- (const void *)(uintptr_t)preamble->bootloader_address;
- if (vb2_verify_member_inside(body_ptr,
- preamble->body_signature.data_size,
- bootloader_ptr,
- preamble->bootloader_size,
- 0, 0)) {
- VB2_DEBUG("Bootloader off end of signed data\n");
- return VB2_ERROR_PREAMBLE_BOOTLOADER_OUTSIDE;
- }
- }
-
- /*
- * If vmlinuz header is present, verify it's covered by the body
- * signature.
- */
- if (preamble->header_version_minor >= 1 &&
- preamble->vmlinuz_header_size) {
- const void *body_ptr =
- (const void *)(uintptr_t)preamble->body_load_address;
- const void *vmlinuz_header_ptr = (const void *)
- (uintptr_t)preamble->vmlinuz_header_address;
- if (vb2_verify_member_inside(body_ptr,
- preamble->body_signature.data_size,
- vmlinuz_header_ptr,
- preamble->vmlinuz_header_size,
- 0, 0)) {
- VB2_DEBUG("Vmlinuz header off end of signed data\n");
- return VB2_ERROR_PREAMBLE_VMLINUZ_HEADER_OUTSIDE;
- }
- }
-
- /* Success */
- return VB2_SUCCESS;
-}
-
vb2_error_t vb2_load_kernel_preamble(struct vb2_context *ctx)
{
struct vb2_shared_data *sd = vb2_get_sd(ctx);
@@ -421,30 +268,3 @@
return VB2_SUCCESS;
}
-
-void vb2_kernel_get_vmlinuz_header(const struct vb2_kernel_preamble *preamble,
- uint64_t *vmlinuz_header_address,
- uint32_t *vmlinuz_header_size)
-{
- if (preamble->header_version_minor < 1) {
- *vmlinuz_header_address = 0;
- *vmlinuz_header_size = 0;
- } else {
- /*
- * Set header and size only if the preamble header version is >
- * 2.1 as they don't exist in version 2.0 (Note that we don't
- * need to check header_version_major; if that's not 2 then
- * vb2_verify_kernel_preamble() would have already failed.
- */
- *vmlinuz_header_address = preamble->vmlinuz_header_address;
- *vmlinuz_header_size = preamble->vmlinuz_header_size;
- }
-}
-
-uint32_t vb2_kernel_get_flags(const struct vb2_kernel_preamble *preamble)
-{
- if (preamble->header_version_minor < 2)
- return 0;
-
- return preamble->flags;
-}
diff --git a/futility/cmd_show.c b/futility/cmd_show.c
index f3b9163..716b2b2 100644
--- a/futility/cmd_show.c
+++ b/futility/cmd_show.c
@@ -31,7 +31,6 @@
#include "host_key21.h"
#include "util_misc.h"
#include "vb1_helper.h"
-#include "vb2_common.h"
/* Options */
struct show_option_s show_option = {
diff --git a/futility/cmd_sign.c b/futility/cmd_sign.c
index 6243e3a..9bfa7fd 100644
--- a/futility/cmd_sign.c
+++ b/futility/cmd_sign.c
@@ -29,7 +29,6 @@
#include "kernel_blob.h"
#include "util_misc.h"
#include "vb1_helper.h"
-#include "vb2_common.h"
/* Options */
struct sign_option_s sign_option = {
diff --git a/futility/cmd_vbutil_kernel.c b/futility/cmd_vbutil_kernel.c
index 27cbb9b..7268bee 100644
--- a/futility/cmd_vbutil_kernel.c
+++ b/futility/cmd_vbutil_kernel.c
@@ -26,7 +26,6 @@
#include "host_common.h"
#include "kernel_blob.h"
#include "vb1_helper.h"
-#include "vb2_common.h"
/* Global opts */
static int opt_verbose;
diff --git a/futility/file_type_bios.c b/futility/file_type_bios.c
index 7e805f5..fe0b223 100644
--- a/futility/file_type_bios.c
+++ b/futility/file_type_bios.c
@@ -16,7 +16,6 @@
#include "futility_options.h"
#include "host_common.h"
#include "vb1_helper.h"
-#include "vb2_common.h"
static const char * const fmap_name[] = {
"GBB", /* BIOS_FMAP_GBB */
diff --git a/futility/updater.c b/futility/updater.c
index fa00854..87ac6fd 100644
--- a/futility/updater.c
+++ b/futility/updater.c
@@ -14,7 +14,6 @@
#include "host_misc.h"
#include "updater.h"
#include "util_misc.h"
-#include "vb2_common.h"
#define REMOVE_WP_URL "https://goo.gl/ces83U"
diff --git a/futility/updater_archive.c b/futility/updater_archive.c
index f2475b6..4ad5287 100644
--- a/futility/updater_archive.c
+++ b/futility/updater_archive.c
@@ -33,7 +33,6 @@
#include "host_misc.h"
#include "updater.h"
#include "util_misc.h"
-#include "vb2_common.h"
/*
* A firmware update package (archive) is a file packed by either shar(1) or
diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c
index ecb193b..39bb16a 100644
--- a/futility/vb1_helper.c
+++ b/futility/vb1_helper.c
@@ -21,7 +21,6 @@
#include "kernel_blob.h"
#include "util_misc.h"
#include "vb1_helper.h"
-#include "vb2_common.h"
/****************************************************************************/
/* Here are globals containing all the bits & pieces I'm working on.
diff --git a/host/lib/host_common.c b/host/lib/host_common.c
index 1dc7a54..82a5954 100644
--- a/host/lib/host_common.c
+++ b/host/lib/host_common.c
@@ -133,3 +133,22 @@
/* Return the header */
return h;
}
+
+void vb2_kernel_get_vmlinuz_header(const struct vb2_kernel_preamble *preamble,
+ uint64_t *vmlinuz_header_address,
+ uint32_t *vmlinuz_header_size)
+{
+ if (preamble->header_version_minor < 1) {
+ *vmlinuz_header_address = 0;
+ *vmlinuz_header_size = 0;
+ } else {
+ /*
+ * Set header and size only if the preamble header version is >
+ * 2.1 as they don't exist in version 2.0 (Note that we don't
+ * need to check header_version_major; if that's not 2 then
+ * vb2_verify_kernel_preamble() would have already failed.
+ */
+ *vmlinuz_header_address = preamble->vmlinuz_header_address;
+ *vmlinuz_header_size = preamble->vmlinuz_header_size;
+ }
+}
diff --git a/host/lib/host_keyblock.c b/host/lib/host_keyblock.c
index a7dbede..e5634ce 100644
--- a/host/lib/host_keyblock.c
+++ b/host/lib/host_keyblock.c
@@ -17,7 +17,6 @@
#include "host_key21.h"
#include "host_keyblock.h"
#include "host_key.h"
-#include "vb2_common.h"
struct vb2_keyblock *vb2_create_keyblock(
const struct vb2_packed_key *data_key,
diff --git a/host/lib/include/host_common.h b/host/lib/include/host_common.h
index 55b15d3..a37a6c9 100644
--- a/host/lib/include/host_common.h
+++ b/host/lib/include/host_common.h
@@ -64,4 +64,18 @@
uint32_t desired_size,
const struct vb2_private_key *signing_key);
+/**
+ * Retrieve the 16-bit vmlinuz header address and size from the preamble.
+ *
+ * Size 0 means there is no 16-bit vmlinuz header present. Old preamble
+ * versions (<2.1) return 0 for both fields.
+ *
+ * @param preamble Preamble to check
+ * @param vmlinuz_header_address Destination for header address
+ * @param vmlinuz_header_size Destination for header size
+ */
+void vb2_kernel_get_vmlinuz_header(const struct vb2_kernel_preamble *preamble,
+ uint64_t *vmlinuz_header_address,
+ uint32_t *vmlinuz_header_size);
+
#endif /* VBOOT_REFERENCE_HOST_COMMON_H_ */
diff --git a/tests/vb20_kernel_tests.c b/tests/vb20_kernel_tests.c
index e71e5ce..8766114 100644
--- a/tests/vb20_kernel_tests.c
+++ b/tests/vb20_kernel_tests.c
@@ -15,7 +15,6 @@
#include "2secdata.h"
#include "2sysincludes.h"
#include "test_common.h"
-#include "vb2_common.h"
/* Common context for tests */
static uint8_t workbuf[VB2_KERNEL_WORKBUF_RECOMMENDED_SIZE]
diff --git a/tests/vb2_common3_tests.c b/tests/vb2_common3_tests.c
index 4219222..5805204 100644
--- a/tests/vb2_common3_tests.c
+++ b/tests/vb2_common3_tests.c
@@ -7,6 +7,7 @@
#include <stdio.h>
+#include "2common.h"
#include "2rsa.h"
#include "2sysincludes.h"
#include "file_keys.h"
@@ -15,7 +16,6 @@
#include "host_key.h"
#include "host_signature.h"
#include "test_common.h"
-#include "vb2_common.h"
static void resign_keyblock(struct vb2_keyblock *h,
const struct vb2_private_key *key)
diff --git a/tests/vboot_kernel_tests.c b/tests/vboot_kernel_tests.c
index 01b8b34..7d088ae 100644
--- a/tests/vboot_kernel_tests.c
+++ b/tests/vboot_kernel_tests.c
@@ -20,7 +20,6 @@
#include "host_common.h"
#include "load_kernel_fw.h"
#include "test_common.h"
-#include "vb2_common.h"
#include "vboot_api.h"
#include "vboot_kernel.h"
