Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / vboot_reference / bcd8f4a07c664d55b67d4e8dc35e362b50b376bd / . / vkernel / kernel_image.c
blob: 5eeb784f679599b12eba5d2b92099f1466e7c29a [file] [log] [blame]
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]1/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Functions for generating and manipulating a verified boot kernel image.
Gaurav Shahed9c96a2010-03-30 18:56:07 -0700[diff] [blame]6 * (Userland portion)
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]7 */
8
9#include "kernel_image.h"
10
11#include <fcntl.h>
12#include <stdio.h>
13#include <sys/types.h>
14#include <sys/stat.h>
15#include <unistd.h>
16
Gaurav Shah5411c7a2010-03-31 10:56:49 -0700[diff] [blame]17#include "cryptolib.h"
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]18#include "file_keys.h"
Gaurav Shaha82bf262010-03-26 10:38:08 -0700[diff] [blame]19#include "rollback_index.h"
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]20#include "signature_digest.h"
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]21#include "utility.h"
22
23/* Macro to determine the size of a field structure in the KernelImage
24 * structure. */
25#define FIELD_LEN(field) (sizeof(((KernelImage*)0)->field))
26
27KernelImage* KernelImageNew(void) {
28 KernelImage* image = (KernelImage*) Malloc(sizeof(KernelImage));
29 if (image) {
30 image->kernel_sign_key = NULL;
31 image->kernel_key_signature = NULL;
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]32 image->preamble_signature = NULL;
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]33 image->kernel_signature = NULL;
34 image->kernel_data = NULL;
35 }
36 return image;
37}
38
39void KernelImageFree(KernelImage* image) {
40 if (image) {
41 Free(image->kernel_sign_key);
42 Free(image->kernel_key_signature);
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]43 Free(image->preamble_signature);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]44 Free(image->kernel_signature);
45 Free(image->kernel_data);
46 Free(image);
47 }
48}
49
50KernelImage* ReadKernelImage(const char* input_file) {
Gaurav Shah456678b2010-03-10 18:38:45 -0800[diff] [blame]51 uint64_t file_size;
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]52 int image_len = 0; /* Total size of the kernel image. */
53 int header_len = 0;
54 int firmware_sign_key_len;
55 int kernel_key_signature_len;
56 int kernel_sign_key_len;
57 int kernel_signature_len;
58 uint8_t* kernel_buf;
Gaurav Shah528a2c12010-03-18 13:10:10 -0700[diff] [blame]59 uint8_t header_checksum[FIELD_LEN(header_checksum)];
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]60 MemcpyState st;
61 KernelImage* image = KernelImageNew();
62
63 if (!image)
64 return NULL;
65
66 kernel_buf = BufferFromFile(input_file, &file_size);
67 image_len = file_size;
68
69 st.remaining_len = image_len;
70 st.remaining_buf = kernel_buf;
Gaurav Shahe450be42010-03-29 21:27:08 -0700[diff] [blame]71 st.overrun = 0;
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]72
73 /* Read and compare magic bytes. */
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]74 StatefulMemcpy(&st, &image->magic, KERNEL_MAGIC_SIZE);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]75
76 if (SafeMemcmp(image->magic, KERNEL_MAGIC, KERNEL_MAGIC_SIZE)) {
Gaurav Shahed9c96a2010-03-30 18:56:07 -0700[diff] [blame]77 debug("Wrong Kernel Magic.\n");
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]78 Free(kernel_buf);
79 return NULL;
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]80 }
81 StatefulMemcpy(&st, &image->header_version, FIELD_LEN(header_version));
82 StatefulMemcpy(&st, &image->header_len, FIELD_LEN(header_len));
83 StatefulMemcpy(&st, &image->firmware_sign_algorithm,
84 FIELD_LEN(firmware_sign_algorithm));
85 StatefulMemcpy(&st, &image->kernel_sign_algorithm,
86 FIELD_LEN(kernel_sign_algorithm));
87
88 /* Valid Kernel Key signing algorithm. */
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]89 if (image->firmware_sign_algorithm >= kNumAlgorithms) {
90 Free(kernel_buf);
91 return NULL;
92 }
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]93
94 /* Valid Kernel Signing Algorithm? */
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]95 if (image->kernel_sign_algorithm >= kNumAlgorithms) {
96 Free(kernel_buf);
97 return NULL;
98 }
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]99
100 /* Compute size of pre-processed RSA public keys and signatures. */
101 firmware_sign_key_len = RSAProcessedKeySize(image->firmware_sign_algorithm);
Gaurav Shahcae5fa62010-02-28 20:02:29 -0800[diff] [blame]102 kernel_key_signature_len = siglen_map[image->firmware_sign_algorithm];
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]103 kernel_sign_key_len = RSAProcessedKeySize(image->kernel_sign_algorithm);
Gaurav Shahcae5fa62010-02-28 20:02:29 -0800[diff] [blame]104 kernel_signature_len = siglen_map[image->kernel_sign_algorithm];
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]105
106 /* Check whether key header length is correct. */
Gaurav Shah528a2c12010-03-18 13:10:10 -0700[diff] [blame]107 header_len = GetKernelHeaderLen(image);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]108 if (header_len != image->header_len) {
Gaurav Shahed9c96a2010-03-30 18:56:07 -0700[diff] [blame]109 debug("Header length mismatch. Got: %d, Expected: %d\n",
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]110 image->header_len, header_len);
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]111 Free(kernel_buf);
112 return NULL;
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]113 }
114
115 /* Read pre-processed public half of the kernel signing key. */
116 StatefulMemcpy(&st, &image->kernel_key_version,
117 FIELD_LEN(kernel_key_version));
118 image->kernel_sign_key = (uint8_t*) Malloc(kernel_sign_key_len);
119 StatefulMemcpy(&st, image->kernel_sign_key, kernel_sign_key_len);
120 StatefulMemcpy(&st, image->header_checksum, FIELD_LEN(header_checksum));
121
Gaurav Shah528a2c12010-03-18 13:10:10 -0700[diff] [blame]122 /* Check whether the header checksum matches. */
123 CalculateKernelHeaderChecksum(image, header_checksum);
124 if (SafeMemcmp(header_checksum, image->header_checksum,
125 FIELD_LEN(header_checksum))) {
Gaurav Shahed9c96a2010-03-30 18:56:07 -0700[diff] [blame]126 debug("Invalid kernel header checksum!\n");
Gaurav Shah528a2c12010-03-18 13:10:10 -0700[diff] [blame]127 Free(kernel_buf);
128 return NULL;
129 }
130
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]131 /* Read key signature. */
Gaurav Shah80d129b2010-03-03 17:58:43 -0800[diff] [blame]132 image->kernel_key_signature = (uint8_t*) Malloc(kernel_key_signature_len);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]133 StatefulMemcpy(&st, image->kernel_key_signature,
Gaurav Shah80d129b2010-03-03 17:58:43 -0800[diff] [blame]134 kernel_key_signature_len);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]135
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]136 /* Read the kernel preamble. */
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]137 StatefulMemcpy(&st, &image->kernel_version, FIELD_LEN(kernel_version));
Gaurav Shahbd52fc72010-04-29 15:30:25 -0700[diff] [blame]138 StatefulMemcpy(&st, &image->kernel_len, FIELD_LEN(kernel_len));
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]139 StatefulMemcpy(&st, &image->bootloader_offset, FIELD_LEN(bootloader_offset));
140 StatefulMemcpy(&st, &image->bootloader_size, FIELD_LEN(bootloader_size));
141 StatefulMemcpy(&st, &image->padded_header_size,
142 FIELD_LEN(padded_header_size));
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]143
Gaurav Shahbd52fc72010-04-29 15:30:25 -0700[diff] [blame]144 /* Read config and kernel signatures. */
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]145 image->preamble_signature = (uint8_t*) Malloc(kernel_signature_len);
146 StatefulMemcpy(&st, image->preamble_signature, kernel_signature_len);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]147 image->kernel_signature = (uint8_t*) Malloc(kernel_signature_len);
148 StatefulMemcpy(&st, image->kernel_signature, kernel_signature_len);
149
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]150 /* Read kernel image data. */
Gaurav Shahbd52fc72010-04-29 15:30:25 -0700[diff] [blame]151 image->kernel_data = (uint8_t*) Malloc(image->kernel_len);
152 StatefulMemcpy(&st, image->kernel_data, image->kernel_len);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]153
Gaurav Shahe450be42010-03-29 21:27:08 -0700[diff] [blame]154 if(st.overrun || st.remaining_len != 0) { /* Overrun or underrun. */
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]155 Free(kernel_buf);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]156 return NULL;
157 }
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]158 Free(kernel_buf);
159 return image;
160}
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]161
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]162int GetKernelHeaderLen(const KernelImage* image) {
163 return (FIELD_LEN(header_version) + FIELD_LEN(header_len) +
164 FIELD_LEN(firmware_sign_algorithm) +
165 FIELD_LEN(kernel_sign_algorithm) + FIELD_LEN(kernel_key_version) +
166 RSAProcessedKeySize(image->kernel_sign_algorithm) +
167 FIELD_LEN(header_checksum));
168}
169
Gaurav Shah528a2c12010-03-18 13:10:10 -0700[diff] [blame]170void CalculateKernelHeaderChecksum(const KernelImage* image,
171 uint8_t* header_checksum) {
172 uint8_t* checksum;
173 DigestContext ctx;
174 DigestInit(&ctx, SHA512_DIGEST_ALGORITHM);
175 DigestUpdate(&ctx, (uint8_t*) &image->header_version,
176 sizeof(image->header_version));
177 DigestUpdate(&ctx, (uint8_t*) &image->header_len,
178 sizeof(image->header_len));
179 DigestUpdate(&ctx, (uint8_t*) &image->firmware_sign_algorithm,
180 sizeof(image->firmware_sign_algorithm));
181 DigestUpdate(&ctx, (uint8_t*) &image->kernel_sign_algorithm,
182 sizeof(image->kernel_sign_algorithm));
183 DigestUpdate(&ctx, (uint8_t*) &image->kernel_key_version,
184 sizeof(image->kernel_key_version));
185 DigestUpdate(&ctx, image->kernel_sign_key,
186 RSAProcessedKeySize(image->kernel_sign_algorithm));
187 checksum = DigestFinal(&ctx);
188 Memcpy(header_checksum, checksum, FIELD_LEN(header_checksum));
189 Free(checksum);
190 return;
191}
192
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]193uint8_t* GetKernelHeaderBlob(const KernelImage* image) {
194 uint8_t* header_blob = NULL;
195 MemcpyState st;
196
197 header_blob = (uint8_t*) Malloc(GetKernelHeaderLen(image));
198 st.remaining_len = GetKernelHeaderLen(image);
199 st.remaining_buf = header_blob;
Gaurav Shahe450be42010-03-29 21:27:08 -0700[diff] [blame]200 st.overrun = 0;
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]201
202 StatefulMemcpy_r(&st, &image->header_version, FIELD_LEN(header_version));
203 StatefulMemcpy_r(&st, &image->header_len, FIELD_LEN(header_len));
204 StatefulMemcpy_r(&st, &image->firmware_sign_algorithm,
205 FIELD_LEN(firmware_sign_algorithm));
206 StatefulMemcpy_r(&st, &image->kernel_sign_algorithm,
207 FIELD_LEN(kernel_sign_algorithm));
208 StatefulMemcpy_r(&st, &image->kernel_key_version,
209 FIELD_LEN(kernel_key_version));
210 StatefulMemcpy_r(&st, image->kernel_sign_key,
211 RSAProcessedKeySize(image->kernel_sign_algorithm));
212 StatefulMemcpy_r(&st, &image->header_checksum, FIELD_LEN(header_checksum));
213
Gaurav Shahe450be42010-03-29 21:27:08 -0700[diff] [blame]214 if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]215 Free(header_blob);
216 return NULL;
217 }
218 return header_blob;
219}
220
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]221uint8_t* GetKernelPreambleBlob(const KernelImage* image) {
222 uint8_t* preamble_blob = NULL;
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]223 MemcpyState st;
224
Gaurav Shahbcd8f4a2010-05-26 13:19:00 -0700[diff] [blame^]225 preamble_blob = (uint8_t*) Malloc(
226 GetKernelPreambleLen(image->kernel_sign_algorithm));
227 st.remaining_len = GetKernelPreambleLen(image->kernel_sign_algorithm);
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]228 st.remaining_buf = preamble_blob;
Gaurav Shahe450be42010-03-29 21:27:08 -0700[diff] [blame]229 st.overrun = 0;
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]230
231 StatefulMemcpy_r(&st, &image->kernel_version, FIELD_LEN(kernel_version));
Gaurav Shahbd52fc72010-04-29 15:30:25 -0700[diff] [blame]232 StatefulMemcpy_r(&st, &image->kernel_len, FIELD_LEN(kernel_len));
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]233 StatefulMemcpy_r(&st, &image->bootloader_offset, FIELD_LEN(bootloader_offset));
234 StatefulMemcpy_r(&st, &image->bootloader_size, FIELD_LEN(bootloader_size));
235 StatefulMemcpy_r(&st, &image->padded_header_size,
236 FIELD_LEN(padded_header_size));
Gaurav Shahbcd8f4a2010-05-26 13:19:00 -0700[diff] [blame^]237 StatefulMemcpy_r(&st, image->kernel_signature,
238 siglen_map[image->kernel_sign_algorithm]);
Gaurav Shahbd52fc72010-04-29 15:30:25 -0700[diff] [blame]239
Gaurav Shahe450be42010-03-29 21:27:08 -0700[diff] [blame]240 if (st.overrun || st.remaining_len != 0) { /* Overrun or Underrun. */
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]241 Free(preamble_blob);
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]242 return NULL;
243 }
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]244 return preamble_blob;
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]245}
246
Gaurav Shah13937112010-03-22 17:59:09 -0700[diff] [blame]247uint8_t* GetKernelBlob(const KernelImage* image, uint64_t* blob_len) {
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]248 int kernel_key_signature_len;
249 int kernel_signature_len;
250 uint8_t* kernel_blob = NULL;
251 uint8_t* header_blob = NULL;
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]252 MemcpyState st;
253
254 if (!image)
255 return NULL;
Gaurav Shahcae5fa62010-02-28 20:02:29 -0800[diff] [blame]256 kernel_key_signature_len = siglen_map[image->firmware_sign_algorithm];
257 kernel_signature_len = siglen_map[image->kernel_sign_algorithm];
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]258 *blob_len = (FIELD_LEN(magic) +
259 GetKernelHeaderLen(image) +
260 kernel_key_signature_len +
Gaurav Shahbcd8f4a2010-05-26 13:19:00 -0700[diff] [blame^]261 GetKernelPreambleLen(image->kernel_sign_algorithm) +
262 kernel_signature_len +
Gaurav Shahbd52fc72010-04-29 15:30:25 -0700[diff] [blame]263 image->kernel_len);
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]264 kernel_blob = (uint8_t*) Malloc(*blob_len);
265 st.remaining_len = *blob_len;
266 st.remaining_buf = kernel_blob;
Gaurav Shahe450be42010-03-29 21:27:08 -0700[diff] [blame]267 st.overrun = 0;
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]268
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]269 header_blob = GetKernelHeaderBlob(image);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]270
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]271 StatefulMemcpy_r(&st, image->magic, FIELD_LEN(magic));
272 StatefulMemcpy_r(&st, header_blob, GetKernelHeaderLen(image));
273 StatefulMemcpy_r(&st, image->kernel_key_signature, kernel_key_signature_len);
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]274 /* Copy over kernel preamble blob (including signatures.) */
Gaurav Shahbd52fc72010-04-29 15:30:25 -0700[diff] [blame]275 StatefulMemcpy_r(&st, &image->kernel_version, FIELD_LEN(kernel_version));
276 StatefulMemcpy_r(&st, &image->kernel_len, FIELD_LEN(kernel_len));
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]277 StatefulMemcpy_r(&st, &image->bootloader_offset,
278 FIELD_LEN(bootloader_offset));
279 StatefulMemcpy_r(&st, &image->bootloader_size, FIELD_LEN(bootloader_size));
280 StatefulMemcpy_r(&st, &image->padded_header_size,
281 FIELD_LEN(padded_header_size));
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]282 StatefulMemcpy_r(&st, image->kernel_signature, kernel_signature_len);
Gaurav Shahbcd8f4a2010-05-26 13:19:00 -0700[diff] [blame^]283 StatefulMemcpy_r(&st, image->preamble_signature, kernel_signature_len);
Gaurav Shahbd52fc72010-04-29 15:30:25 -0700[diff] [blame]284 StatefulMemcpy_r(&st, image->kernel_data, image->kernel_len);
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]285
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]286 Free(header_blob);
287
Gaurav Shahe450be42010-03-29 21:27:08 -0700[diff] [blame]288 if (st.overrun || st.remaining_len != 0) { /* Underrun or Overrun. */
Gaurav Shahbcd8f4a2010-05-26 13:19:00 -0700[diff] [blame^]289 debug("GetKernelBlob() failed.\n");
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]290 Free(kernel_blob);
291 return NULL;
292 }
293 return kernel_blob;
294}
295
296int WriteKernelImage(const char* input_file,
Gaurav Shah2480a182010-04-26 11:41:53 -0700[diff] [blame]297 const KernelImage* image,
298 int is_only_vblock) {
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]299 int fd;
Gaurav Shah2480a182010-04-26 11:41:53 -0700[diff] [blame]300 int success = 1;
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]301 uint8_t* kernel_blob;
Gaurav Shah13937112010-03-22 17:59:09 -0700[diff] [blame]302 uint64_t blob_len;
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]303
304 if (!image)
305 return 0;
306 if (-1 == (fd = creat(input_file, S_IRWXU))) {
Gaurav Shahed9c96a2010-03-30 18:56:07 -0700[diff] [blame]307 debug("Couldn't open file for writing kernel image: %s\n",
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]308 input_file);
309 return 0;
310 }
311 kernel_blob = GetKernelBlob(image, &blob_len);
312 if (!kernel_blob) {
Gaurav Shahed9c96a2010-03-30 18:56:07 -0700[diff] [blame]313 debug("Couldn't create kernel blob from KernelImage.\n");
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]314 return 0;
315 }
Gaurav Shah2480a182010-04-26 11:41:53 -0700[diff] [blame]316 if (!is_only_vblock) {
317 if (blob_len != write(fd, kernel_blob, blob_len)) {
318 debug("Couldn't write Kernel Image to file: %s\n",
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]319 input_file);
Gaurav Shah2480a182010-04-26 11:41:53 -0700[diff] [blame]320 success = 0;
321 }
322 } else {
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]323 /* Exclude kernel_data. */
324 int vblock_len = blob_len - (image->kernel_len);
Gaurav Shah2480a182010-04-26 11:41:53 -0700[diff] [blame]325 if (vblock_len != write(fd, kernel_blob, vblock_len)) {
326 debug("Couldn't write Kernel Image Verification block to file: %s\n",
327 input_file);
328 success = 0;
329 }
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]330 }
331 Free(kernel_blob);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]332 close(fd);
Gaurav Shah2480a182010-04-26 11:41:53 -0700[diff] [blame]333 return success;
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]334}
335
336void PrintKernelImage(const KernelImage* image) {
337 if (!image)
338 return;
339
340 /* Print header. */
Gaurav Shah528a2c12010-03-18 13:10:10 -0700[diff] [blame]341 printf("Header Version = %d\n"
342 "Header Length = %d\n"
343 "Kernel Key Signature Algorithm = %s\n"
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]344 "Kernel Signature Algorithm = %s\n"
345 "Kernel Key Version = %d\n\n",
Gaurav Shah528a2c12010-03-18 13:10:10 -0700[diff] [blame]346 image->header_version,
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]347 image->header_len,
Gaurav Shah528a2c12010-03-18 13:10:10 -0700[diff] [blame]348 algo_strings[image->firmware_sign_algorithm],
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]349 algo_strings[image->kernel_sign_algorithm],
350 image->kernel_key_version);
351 /* TODO(gauravsh): Output hash and key signature here? */
352 /* Print preamble. */
353 printf("Kernel Version = %d\n"
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]354 "kernel Length = %" PRId64 "\n"
355 "Bootloader Offset = %" PRId64 "\n"
356 "Bootloader Size = %" PRId64 "\n"
357 "Padded Header Size = %" PRId64 "\n",
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]358 image->kernel_version,
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]359 image->kernel_len,
360 image->bootloader_offset,
361 image->bootloader_size,
362 image->padded_header_size);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]363 /* TODO(gauravsh): Output kernel signature here? */
364}
365
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]366
367int VerifyKernelImage(const RSAPublicKey* firmware_key,
368 const KernelImage* image,
369 const int dev_mode) {
Gaurav Shah259de402010-03-12 17:42:03 -0800[diff] [blame]370 RSAPublicKey* kernel_sign_key = NULL;
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]371 uint8_t* header_digest = NULL;
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]372 uint8_t* preamble_digest = NULL;
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]373 uint8_t* kernel_digest = NULL;
374 int kernel_sign_key_size;
375 int kernel_signature_size;
376 int error_code = 0;
377 DigestContext ctx;
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]378 if (!image)
379 return VERIFY_KERNEL_INVALID_IMAGE;
380
381 /* Verify kernel key signature on the key header if we
382 * are not in dev mode.
383 *
384 * TODO(gauravsh): Add additional sanity checks here for:
385 * 1) verifying the header length is correct.
386 * 2) header_checksum is correct.
387 */
388
389 if (image->firmware_sign_algorithm >= kNumAlgorithms)
390 return VERIFY_KERNEL_INVALID_ALGORITHM;
391 if (image->kernel_sign_algorithm >= kNumAlgorithms)
392 return VERIFY_KERNEL_INVALID_ALGORITHM;
393
394 if (!dev_mode) {
395 DigestInit(&ctx, image->firmware_sign_algorithm);
396 DigestUpdate(&ctx, (uint8_t*) &image->header_version,
397 FIELD_LEN(header_version));
398 DigestUpdate(&ctx, (uint8_t*) &image->header_len,
399 FIELD_LEN(header_len));
400 DigestUpdate(&ctx, (uint8_t*) &image->firmware_sign_algorithm,
401 FIELD_LEN(firmware_sign_algorithm));
402 DigestUpdate(&ctx, (uint8_t*) &image->kernel_sign_algorithm,
403 FIELD_LEN(kernel_sign_algorithm));
404 DigestUpdate(&ctx, (uint8_t*) &image->kernel_key_version,
405 FIELD_LEN(kernel_key_version));
406 DigestUpdate(&ctx, image->kernel_sign_key,
407 RSAProcessedKeySize(image->kernel_sign_algorithm));
408 DigestUpdate(&ctx, image->header_checksum,
409 FIELD_LEN(header_checksum));
410 header_digest = DigestFinal(&ctx);
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]411 if (!RSAVerify(firmware_key, image->kernel_key_signature,
Gaurav Shahcae5fa62010-02-28 20:02:29 -0800[diff] [blame]412 siglen_map[image->firmware_sign_algorithm],
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]413 image->firmware_sign_algorithm,
414 header_digest)) {
Gaurav Shahed9c96a2010-03-30 18:56:07 -0700[diff] [blame]415 debug("VerifyKernelImage(): Key signature check failed.\n");
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]416 error_code = VERIFY_KERNEL_KEY_SIGNATURE_FAILED;
417 goto verify_failure;
418 }
419 }
420
421 /* Get kernel signing key to verify the rest of the kernel. */
422 kernel_sign_key_size = RSAProcessedKeySize(image->kernel_sign_algorithm);
423 kernel_sign_key = RSAPublicKeyFromBuf(image->kernel_sign_key,
424 kernel_sign_key_size);
Gaurav Shahcae5fa62010-02-28 20:02:29 -0800[diff] [blame]425 kernel_signature_size = siglen_map[image->kernel_sign_algorithm];
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]426
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]427 /* Verify kernel preamble signature. */
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]428 DigestInit(&ctx, image->kernel_sign_algorithm);
429 DigestUpdate(&ctx, (uint8_t*) &image->kernel_version,
430 FIELD_LEN(kernel_version));
Gaurav Shahbd52fc72010-04-29 15:30:25 -0700[diff] [blame]431 DigestUpdate(&ctx, (uint8_t*) &image->kernel_len,
432 FIELD_LEN(kernel_len));
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]433 DigestUpdate(&ctx, (uint8_t*) &image->bootloader_offset,
434 FIELD_LEN(bootloader_offset));
435 DigestUpdate(&ctx, (uint8_t*) &image->bootloader_size,
436 FIELD_LEN(bootloader_size));
437 DigestUpdate(&ctx, (uint8_t*) &image->padded_header_size,
438 FIELD_LEN(padded_header_size));
Gaurav Shahbcd8f4a2010-05-26 13:19:00 -0700[diff] [blame^]439 DigestUpdate(&ctx, (uint8_t*) image->kernel_signature,
440 kernel_signature_size);
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]441 preamble_digest = DigestFinal(&ctx);
442 if (!RSAVerify(kernel_sign_key, image->preamble_signature,
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]443 kernel_signature_size, image->kernel_sign_algorithm,
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]444 preamble_digest)) {
445 error_code = VERIFY_KERNEL_PREAMBLE_SIGNATURE_FAILED;
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]446 goto verify_failure;
447 }
448
Gaurav Shah463be3f2010-03-29 16:13:45 -0700[diff] [blame]449 /* Verify kernel signature - kernel signature is computed on the contents
Gaurav Shahbcd8f4a2010-05-26 13:19:00 -0700[diff] [blame^]450 * of kernel_data.
451 * Association between the kernel_data and preamble is maintained by making
452 * the kernel signature a part of the preamble and verifying it as part
453 * of preamble signature checking. */
454
455 kernel_digest = DigestBuf(image->kernel_data,
456 image->kernel_len,
457 image->kernel_sign_algorithm);
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]458 if (!RSAVerify(kernel_sign_key, image->kernel_signature,
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]459 kernel_signature_size, image->kernel_sign_algorithm,
460 kernel_digest)) {
461 error_code = VERIFY_KERNEL_SIGNATURE_FAILED;
462 goto verify_failure;
463 }
464
465verify_failure:
Gaurav Shah259de402010-03-12 17:42:03 -0800[diff] [blame]466 RSAPublicKeyFree(kernel_sign_key);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]467 Free(kernel_digest);
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]468 Free(preamble_digest);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]469 Free(header_digest);
470 return error_code;
471}
472
473const char* VerifyKernelErrorString(int error) {
474 return kVerifyKernelErrors[error];
475}
476
477int AddKernelKeySignature(KernelImage* image, const char* firmware_key_file) {
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]478 uint8_t* header_blob = NULL;
Gaurav Shah259de402010-03-12 17:42:03 -0800[diff] [blame]479 uint8_t* signature = NULL;
Gaurav Shahcae5fa62010-02-28 20:02:29 -0800[diff] [blame]480 int signature_len = siglen_map[image->firmware_sign_algorithm];
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]481 if (!image || !firmware_key_file)
482 return 0;
483 header_blob = GetKernelHeaderBlob(image);
484 if (!header_blob)
485 return 0;
486 if (!(signature = SignatureBuf(header_blob,
487 GetKernelHeaderLen(image),
488 firmware_key_file,
489 image->firmware_sign_algorithm))) {
490 Free(header_blob);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]491 return 0;
492 }
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]493 image->kernel_key_signature = Malloc(signature_len);
494 Memcpy(image->kernel_key_signature, signature, signature_len);
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]495 Free(signature);
496 Free(header_blob);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]497 return 1;
498}
499
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]500int AddKernelSignature(KernelImage* image,
501 const char* kernel_signing_key_file) {
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]502 uint8_t* preamble_blob = NULL;
503 uint8_t* preamble_signature = NULL;
Gaurav Shah259de402010-03-12 17:42:03 -0800[diff] [blame]504 uint8_t* kernel_signature = NULL;
Gaurav Shah463be3f2010-03-29 16:13:45 -0700[diff] [blame]505 uint8_t* kernel_buf;
Gaurav Shahbcd8f4a2010-05-26 13:19:00 -0700[diff] [blame^]506 int algorithm = image->kernel_sign_algorithm;
507 int signature_len = siglen_map[algorithm];
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]508
Gaurav Shahbcd8f4a2010-05-26 13:19:00 -0700[diff] [blame^]509 /* Kernel signature must be calculated first as its used for computing the
510 * preamble signature. */
511 kernel_buf = (uint8_t*) Malloc(image->kernel_len);
512 Memcpy(kernel_buf, image->kernel_data, image->kernel_len);
Gaurav Shah463be3f2010-03-29 16:13:45 -0700[diff] [blame]513 if (!(kernel_signature = SignatureBuf(kernel_buf,
Gaurav Shahbd52fc72010-04-29 15:30:25 -0700[diff] [blame]514 image->kernel_len,
Gaurav Shahf5564fa2010-03-02 15:40:01 -0800[diff] [blame]515 kernel_signing_key_file,
Gaurav Shahbcd8f4a2010-05-26 13:19:00 -0700[diff] [blame^]516 algorithm))) {
Gaurav Shahbf7615b2010-05-26 10:26:00 -0700[diff] [blame]517 Free(preamble_blob);
Gaurav Shah463be3f2010-03-29 16:13:45 -0700[diff] [blame]518 Free(kernel_buf);
Gaurav Shahed9c96a2010-03-30 18:56:07 -0700[diff] [blame]519 debug("Could not compute signature on the kernel.\n");
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]520 return 0;
521 }
522 image->kernel_signature = (uint8_t*) Malloc(signature_len);
523 Memcpy(image->kernel_signature, kernel_signature, signature_len);
Gaurav Shahbcd8f4a2010-05-26 13:19:00 -0700[diff] [blame^]524
525
526 preamble_blob = GetKernelPreambleBlob(image);
527 if (!(preamble_signature = SignatureBuf(preamble_blob,
528 GetKernelPreambleLen(algorithm),
529 kernel_signing_key_file,
530 algorithm))) {
531 debug("Could not compute signature on the kernel preamble.\n");
532 Free(preamble_blob);
533 return 0;
534 }
535 image->preamble_signature = (uint8_t*) Malloc(signature_len);
536 Memcpy(image->preamble_signature, preamble_signature, signature_len);
537
538 Free(preamble_signature);
539 Free(preamble_blob);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]540 Free(kernel_signature);
Gaurav Shah463be3f2010-03-29 16:13:45 -0700[diff] [blame]541 Free(kernel_buf);
Gaurav Shahf67bcaa2010-02-28 19:18:24 -0800[diff] [blame]542 return 1;
543}
Gaurav Shaha82bf262010-03-26 10:38:08 -0700[diff] [blame]544
Gaurav Shaha82bf262010-03-26 10:38:08 -0700[diff] [blame]545void PrintKernelEntry(kernel_entry* entry) {
Gaurav Shahed9c96a2010-03-30 18:56:07 -0700[diff] [blame]546 debug("Boot Priority = %d\n", entry->boot_priority);
547 debug("Boot Tries Remaining = %d\n", entry->boot_tries_remaining);
548 debug("Boot Success Flag = %d\n", entry->boot_success_flag);
Gaurav Shaha82bf262010-03-26 10:38:08 -0700[diff] [blame]549}