Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / lk / a956e2671d75b7073ea53ddf75444b6f27786663 / . / platform / msm_shared / boot_verifier.c
blob: 4a219f1254cbf766b7a69d5427b2b5a6773a2b78 [file] [log] [blame]
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]1/*
Monika Singh51876762019-05-22 18:47:22 +0530[diff] [blame]2 * Copyright (c) 2014-2016, 2019 The Linux Foundation. All rights reserved.
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]3 *
4 * Redistribution and use in source and binary forms, with or without
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]5 * modification, are permitted provided that the following conditions are
6 * met:
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]9 * * Redistributions in binary form must reproduce the above
10 * copyright notice, this list of conditions and the following
11 * disclaimer in the documentation and/or other materials provided
12 * with the distribution.
13 * * Neither the name of The Linux Foundation nor the names of its
14 * contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16
17 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
24 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
25 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
26 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
27 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]28 */
29
30#include <stdlib.h>
Channagoud Kadabi1420b002015-01-13 14:48:12 -0800[diff] [blame]31#include <stdint.h>
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]32#include <crypto_hash.h>
33#include <boot_verifier.h>
34#include <image_verify.h>
35#include <mmc.h>
36#include <oem_keystore.h>
Monika Singha956e262019-05-24 16:13:49 +0530[diff] [blame^]37#include <avb/OEMPublicKey.h>
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]38#include <openssl/asn1t.h>
39#include <openssl/x509.h>
40#include <partition_parser.h>
41#include <rsa.h>
42#include <string.h>
Channagoud Kadabi1420b002015-01-13 14:48:12 -0800[diff] [blame]43#include <openssl/err.h>
Unnati Gandhi8a7cdfe2015-05-11 13:04:20 +0530[diff] [blame]44#include <platform.h>
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]45#include <qseecom_lk_api.h>
46#include <secapp_loader.h>
47#include <target.h>
Channagoud Kadabi86b0c112016-03-16 19:23:16 -0700[diff] [blame]48#include "bootimg.h"
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]49
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]50#define ASN1_ENCODED_SHA256_SIZE 0x33
51#define ASN1_ENCODED_SHA256_OFFSET 0x13
Channagoud Kadabibf6ce7d2015-09-17 13:25:35 -0700[diff] [blame]52#define ASN1_SIGNATURE_BUFFER_SZ mmc_page_size()
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]53
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]54static KEYSTORE *oem_keystore;
55static KEYSTORE *user_keystore;
56static uint32_t dev_boot_state = RED;
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]57char KEYSTORE_PTN_NAME[] = "keystore";
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]58RSA *rsa_from_cert = NULL;
lijuangf214e222015-07-16 20:06:22 +0800[diff] [blame]59unsigned char fp[EVP_MAX_MD_SIZE];
60uint32_t fp_size;
Channagoud Kadabi86b0c112016-03-16 19:23:16 -0700[diff] [blame]61#if OSVERSION_IN_BOOTIMAGE
62km_boot_state_t boot_state_info;
63#endif
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]64
65ASN1_SEQUENCE(AUTH_ATTR) ={
66 ASN1_SIMPLE(AUTH_ATTR, target, ASN1_PRINTABLESTRING),
67 ASN1_SIMPLE(AUTH_ATTR, len, ASN1_INTEGER)
68} ASN1_SEQUENCE_END(AUTH_ATTR)
69IMPLEMENT_ASN1_FUNCTIONS(AUTH_ATTR)
70
71 ASN1_SEQUENCE(VERIFIED_BOOT_SIG) = {
72 ASN1_SIMPLE(VERIFIED_BOOT_SIG, version, ASN1_INTEGER),
Unnati Gandhi93334992015-02-25 19:38:38 +0530[diff] [blame]73 ASN1_SIMPLE(VERIFIED_BOOT_SIG, certificate, X509),
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]74 ASN1_SIMPLE(VERIFIED_BOOT_SIG, algor, X509_ALGOR),
75 ASN1_SIMPLE(VERIFIED_BOOT_SIG, auth_attr, AUTH_ATTR),
76 ASN1_SIMPLE(VERIFIED_BOOT_SIG, sig, ASN1_OCTET_STRING)
77 } ASN1_SEQUENCE_END(VERIFIED_BOOT_SIG)
78IMPLEMENT_ASN1_FUNCTIONS(VERIFIED_BOOT_SIG)
79
80 ASN1_SEQUENCE(KEY) = {
81 ASN1_SIMPLE(KEY, algorithm_id, X509_ALGOR),
82 ASN1_SIMPLE(KEY, key_material, RSAPublicKey)
83 }ASN1_SEQUENCE_END(KEY)
84IMPLEMENT_ASN1_FUNCTIONS(KEY);
85
86ASN1_SEQUENCE(KEYBAG) = {
87 ASN1_SIMPLE(KEYBAG, mykey, KEY)
88}ASN1_SEQUENCE_END(KEYBAG)
89IMPLEMENT_ASN1_FUNCTIONS(KEYBAG)
90
91 ASN1_SEQUENCE(KEYSTORE_INNER) = {
92 ASN1_SIMPLE(KEYSTORE_INNER, version, ASN1_INTEGER),
93 ASN1_SIMPLE(KEYSTORE_INNER, mykeybag, KEYBAG)
94 } ASN1_SEQUENCE_END(KEYSTORE_INNER)
95IMPLEMENT_ASN1_FUNCTIONS(KEYSTORE_INNER)
96
97 ASN1_SEQUENCE(KEYSTORE) = {
98 ASN1_SIMPLE(KEYSTORE, version, ASN1_INTEGER),
99 ASN1_SIMPLE(KEYSTORE, mykeybag, KEYBAG),
100 ASN1_SIMPLE(KEYSTORE, sig, VERIFIED_BOOT_SIG)
101 } ASN1_SEQUENCE_END(KEYSTORE)
102IMPLEMENT_ASN1_FUNCTIONS(KEYSTORE)
103
P.V. Phani Kumarbbe8c8e2016-03-09 19:43:24 +0530[diff] [blame]104uint32_t read_der_message_length(unsigned char* input, unsigned sz)
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]105{
106 uint32_t len = 0;
Gaurav Nebhwanic7313cc2015-12-15 22:25:04 +0530[diff] [blame]107 uint32_t pos = 0;
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]108 uint8_t len_bytes = 1;
109
110 /* Check if input starts with Sequence id (0X30) */
Gaurav Nebhwanic7313cc2015-12-15 22:25:04 +0530[diff] [blame]111 if(sz < 3 || input[pos] != 0x30)
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]112 return len;
113 pos++;
114
115 /* A length of 0xAABBCCDD in DER encoded messages would be sequence of
116 following octets 0xAA, 0xBB, 0XCC, 0XDD.
117
118 To read length - read each octet and shift left by 1 octect before
119 reading next octet.
120 */
121 /* check if short or long length form */
122 if(input[pos] & 0x80)
123 {
124 len_bytes = (input[pos] & ~(0x80));
125 pos++;
126 }
Channagoud Kadabibf6ce7d2015-09-17 13:25:35 -0700[diff] [blame]127
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]128 while(len_bytes)
129 {
Channagoud Kadabibf6ce7d2015-09-17 13:25:35 -0700[diff] [blame]130 /* Shift len by 1 octet, make sure to check unsigned int overflow */
131 if (len <= (UINT_MAX >> 8))
132 len <<= 8;
133 else
134 {
135 dprintf(CRITICAL, "Error: Length exceeding max size of uintmax\n");
136 return 0;
137 }
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]138
139 /* Read next octet */
Gaurav Nebhwanic7313cc2015-12-15 22:25:04 +0530[diff] [blame]140 if (pos < (uint32_t) ASN1_SIGNATURE_BUFFER_SZ && pos < sz)
Channagoud Kadabibf6ce7d2015-09-17 13:25:35 -0700[diff] [blame]141 len = len | input[pos];
142 else
143 {
144 dprintf(CRITICAL, "Error: Pos index exceeding the input buffer size\n");
145 return 0;
146 }
147
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]148 pos++; len_bytes--;
149 }
150
151 /* Add number of octets representing sequence id and length */
Channagoud Kadabibf6ce7d2015-09-17 13:25:35 -0700[diff] [blame]152 if ((UINT_MAX - pos) > len)
153 len += pos;
154 else
155 {
156 dprintf(CRITICAL, "Error: Len overflows UINT_MAX value\n");
157 return 0;
158 }
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]159
160 return len;
161}
162
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]163static int add_attribute_to_img(unsigned char *ptr, AUTH_ATTR *input)
164{
165 return i2d_AUTH_ATTR(input, &ptr);
166}
167
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]168bool boot_verify_compare_sha256(unsigned char *image_ptr,
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]169 unsigned int image_size, unsigned char *signature_ptr, RSA *rsa)
170{
171 int ret = -1;
172 bool auth = false;
173 unsigned char *plain_text = NULL;
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]174
175 /* The magic numbers here are drawn from the PKCS#1 standard and are the ASN.1
176 *encoding of the SHA256 object identifier that is required for a PKCS#1
177 * signature.*/
178 uint8_t digest[ASN1_ENCODED_SHA256_SIZE] = {0x30, 0x31, 0x30, 0x0d, 0x06,
179 0x09, 0x60, 0x86, 0x48, 0x01,
180 0x65, 0x03, 0x04, 0x02, 0x01,
181 0x05, 0x00, 0x04, 0x20};
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]182
183 plain_text = (unsigned char *)calloc(sizeof(char), SIGNATURE_SIZE);
184 if (plain_text == NULL) {
185 dprintf(CRITICAL, "boot_verifier: Calloc failed during verification\n");
186 goto cleanup;
187 }
188
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]189 /* Calculate SHA256 of image and place it into the ASN.1 structure*/
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]190 image_find_digest(image_ptr, image_size, CRYPTO_AUTH_ALG_SHA256,
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]191 digest + ASN1_ENCODED_SHA256_OFFSET);
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]192
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]193 /* Find digest from the image. This performs the PKCS#1 padding checks up to
194 * but not including the ASN.1 OID and hash function check. The return value
195 * is not positive for a failure or the length of the part after the padding */
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]196 ret = image_decrypt_signature_rsa(signature_ptr, plain_text, rsa);
197
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]198 /* Make sure the length returned from rsa decrypt is same as x509 signature format
199 * otherwise the signature is invalid and we fail
200 */
201 if (ret != ASN1_ENCODED_SHA256_SIZE)
202 {
203 dprintf(CRITICAL, "boot_verifier: Signature decrypt failed! Signature invalid = %d\n",
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]204 ret);
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]205 goto cleanup;
206 }
207 /* So plain_text contains the ASN.1 encoded hash from the signature and
208 * digest contains the value that this should be for the image that we're
209 * verifying, so compare them.*/
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]210
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]211 ret = memcmp(plain_text, digest, ASN1_ENCODED_SHA256_SIZE);
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]212 if(ret == 0)
213 {
214 auth = true;
Sridhar Parasuramb27e47c2015-05-27 14:33:54 -0700[diff] [blame]215#ifdef TZ_SAVE_KERNEL_HASH
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]216 save_kernel_hash((unsigned char *) digest + ASN1_ENCODED_SHA256_OFFSET, CRYPTO_AUTH_ALG_SHA256);
Sridhar Parasuramb27e47c2015-05-27 14:33:54 -0700[diff] [blame]217#endif
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]218 }
219
220cleanup:
221 if (plain_text != NULL)
222 free(plain_text);
223 EVP_cleanup();
224 CRYPTO_cleanup_all_ex_data();
225 ERR_remove_thread_state(NULL);
226 return auth;
227
228}
229
230static bool verify_image_with_sig(unsigned char* img_addr, uint32_t img_size,
231 char *pname, VERIFIED_BOOT_SIG *sig, KEYSTORE *ks)
232{
233 bool ret = false;
234 uint32_t len;
235 int shift_bytes;
236 RSA *rsa = NULL;
237 bool keystore_verification = false;
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]238 EVP_PKEY* key = NULL;
vijay kumar9fe95642015-12-14 14:14:20 +0530[diff] [blame]239 int attr = 0;
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]240
241 if(!strcmp(pname, "keystore"))
242 keystore_verification = true;
243
244 /* Verify target name */
245 if(strncmp((char*)(sig->auth_attr->target->data), pname,
246 sig->auth_attr->target->length) ||
Channagoud Kadabi1420b002015-01-13 14:48:12 -0800[diff] [blame]247 (strlen(pname) != (unsigned long) sig->auth_attr->target->length))
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]248 {
249 dprintf(CRITICAL,
250 "boot_verifier: verification failure due to target name mismatch\n");
251 goto verify_image_with_sig_error;
252 }
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]253 /* Read image size from signature */
254 /* A len = 0xAABBCC (represented by 3 octets) would be stored in
255 len->data as 0X00CCBBAA and len->length as 3(octets).
256
257 To read len we need to left shift data to number of missing octets and
258 then change it to host long
259 */
260 len = *((uint32_t*)sig->auth_attr->len->data);
261 shift_bytes = sizeof(uint32_t) - sig->auth_attr->len->length;
262 if(shift_bytes > 0) {
263 len = len << (shift_bytes*8);
264 }
265 len = ntohl(len);
266
267 /* Verify image size*/
268 if(len != img_size)
269 {
270 dprintf(CRITICAL,
271 "boot_verifier: image length is different. (%d vs %d)\n",
272 len, img_size);
273 goto verify_image_with_sig_error;
274 }
275
276 /* append attribute to image */
277 if(!keystore_verification)
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]278 {
279 // verifying a non keystore partition
vijay kumar9fe95642015-12-14 14:14:20 +0530[diff] [blame]280 attr = add_attribute_to_img((unsigned char*)(img_addr + img_size),
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]281 sig->auth_attr);
vijay kumar9fe95642015-12-14 14:14:20 +0530[diff] [blame]282 if (img_size > (UINT_MAX - attr))
283 {
284 dprintf(CRITICAL,"Interger overflow detected\n");
285 ASSERT(0);
286 }
287 else img_size += attr;
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]288 }
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]289
290 /* compare SHA256SUM of image with value in signature */
291 if(ks != NULL)
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]292 {
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]293 // use rsa from keystore
294 rsa = ks->mykeybag->mykey->key_material;
295 }
296 else
297 {
298 dprintf(CRITICAL, "%s:%d: Keystore is null\n", __func__, __LINE__);
299 ASSERT(0);
300 }
301
302 // verify boot.img with rsa from oem keystore
303 if((ret = boot_verify_compare_sha256(img_addr, img_size,
304 (unsigned char*)sig->sig->data, rsa)))
305
306 {
307 dprintf(SPEW, "Verified boot.img with oem keystore\n");
308 boot_verify_send_event(BOOTIMG_KEYSTORE_VERIFICATION_PASS);
309 goto verify_image_with_sig_done;
310 }
311 else
312 {
313 dprintf(INFO, "Verification with oem keystore failed. Use embedded certificate for verification\n");
314 // get the public key from certificate in boot.img
315 if ((key = X509_get_pubkey(sig->certificate)))
316 {
317 // convert to rsa key format
318 dprintf(INFO, "RSA KEY found from the embedded certificate\n");
319 rsa = EVP_PKEY_get1_RSA(key);
320 rsa_from_cert = rsa;
321 }
322 else
323 {
324 dprintf(CRITICAL, "Unable to extract public key from certificate\n");
325 ASSERT(0);
326 }
327 }
328
329 // verify boot.img with rsa from embedded certificate
330 if ((ret = boot_verify_compare_sha256(img_addr, img_size,
331 (unsigned char*)sig->sig->data, rsa)))
332 {
333 dprintf(SPEW, "Verified boot.img with embedded certificate in boot image\n");
334 boot_verify_send_event(BOOTIMG_EMBEDDED_CERT_VERIFICATION_PASS);
335 goto verify_image_with_sig_done;
336 }
337 else
338 {
339 dprintf(INFO, "verified for red state\n");
340 boot_verify_send_event(BOOTIMG_VERIFICATION_FAIL);
341 goto verify_image_with_sig_done;
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]342 }
343
344verify_image_with_sig_error:
Kishor PK5dac4312016-12-02 17:02:47 +0530[diff] [blame]345 boot_verify_send_event(BOOTIMG_VERIFICATION_FAIL);
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]346verify_image_with_sig_done:
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]347 return ret;
348}
349
350static int encode_inner_keystore(unsigned char *ptr, KEYSTORE *ks)
351{
352 int ret = 0;
353 KEYSTORE_INNER *ks_inner = KEYSTORE_INNER_new();
354 if (ks_inner == NULL)
355 return ret;
356 ASN1_INTEGER *tmp_version = ks_inner->version;
357 KEYBAG *tmp_mykeybag = ks_inner->mykeybag;
358
359 ks_inner->version = ks->version;
360 ks_inner->mykeybag = ks->mykeybag;
361 ret = i2d_KEYSTORE_INNER(ks_inner, &ptr);
362
363 ks_inner->version = tmp_version;
364 ks_inner->mykeybag = tmp_mykeybag;
365
366 if(ks_inner != NULL)
367 KEYSTORE_INNER_free(ks_inner);
368 return ret;
369}
370
371static bool verify_keystore(unsigned char * ks_addr, KEYSTORE *ks)
372{
373 bool ret = false;
374 unsigned char * ptr = ks_addr;
375 uint32_t inner_len = encode_inner_keystore(ptr, ks);
376 ret = verify_image_with_sig(ks_addr, inner_len, "keystore", ks->sig,
377 oem_keystore);
378 return ret;
379}
380
381static void read_oem_keystore()
382{
Shashank Mittale6797222014-09-19 18:58:43 -0700[diff] [blame]383 KEYSTORE *ks = NULL;
Channagoud Kadabibf6ce7d2015-09-17 13:25:35 -0700[diff] [blame]384 uint32_t len = sizeof(OEM_KEYSTORE);
Channagoud Kadabi1420b002015-01-13 14:48:12 -0800[diff] [blame]385 const unsigned char *input = OEM_KEYSTORE;
Shashank Mittale6797222014-09-19 18:58:43 -0700[diff] [blame]386
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]387 if(oem_keystore != NULL)
388 return;
389
Channagoud Kadabi1420b002015-01-13 14:48:12 -0800[diff] [blame]390 ks = d2i_KEYSTORE(NULL, (const unsigned char **) &input, len);
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]391 if(ks != NULL)
392 {
393 oem_keystore = ks;
394 user_keystore = ks;
395 }
396}
397
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]398uint32_t boot_verify_keystore_init()
399{
400 /* Read OEM Keystore */
401 read_oem_keystore();
402
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]403 return dev_boot_state;
404}
405
Channagoud Kadabi86b0c112016-03-16 19:23:16 -0700[diff] [blame]406#if OSVERSION_IN_BOOTIMAGE
407static void boot_verify_send_boot_state(km_boot_state_t *boot_state)
408{
409 km_get_version_req_t version_req;
410 km_get_version_rsp_t version_rsp;
411 int ret;
412 int app_handle = get_secapp_handle();
413 km_set_boot_state_req_t *bs_req = NULL;
414 km_set_boot_state_rsp_t boot_state_rsp;
415 uint8_t *boot_state_ptr;
416
417 version_req.cmd_id = KEYMASTER_GET_VERSION;
418 ret = qseecom_send_command(app_handle, (void*) &version_req, sizeof(version_req), (void*) &version_rsp, sizeof(version_rsp));
419 if (ret < 0 || version_rsp.status < 0)
420 {
421 dprintf(CRITICAL, "QSEEcom command for getting keymaster version returned error: %d\n", version_rsp.status);
422 ASSERT(0);
423 }
424
Mohamed Sunfeer9da93e52018-09-06 15:56:41 +0530[diff] [blame]425 if (version_rsp.major_version >= 0x2)
Channagoud Kadabi86b0c112016-03-16 19:23:16 -0700[diff] [blame]426 {
427 bs_req = malloc(sizeof(km_set_boot_state_req_t) + sizeof(km_boot_state_t));
428 ASSERT(bs_req);
429
430 boot_state_ptr = (uint8_t *) bs_req + sizeof(km_set_boot_state_req_t);
431 /* copy the boot state data */
432 memscpy(boot_state_ptr, sizeof(km_boot_state_t), &boot_state_info, sizeof(boot_state_info));
433
434 bs_req->cmd_id = KEYMASTER_SET_BOOT_STATE;
435 bs_req->version = 0x0;
436 bs_req->boot_state_offset = sizeof(km_set_boot_state_req_t);
437 bs_req->boot_state_size = sizeof(km_boot_state_t);
438
439 ret = qseecom_send_command(app_handle, (void *)bs_req, sizeof(*bs_req) + sizeof(km_boot_state_t), (void *) &boot_state_rsp, sizeof(boot_state_rsp));
440 if (ret < 0 || boot_state_rsp.status < 0)
441 {
442 dprintf(CRITICAL, "QSEEcom command for Sending boot state returned error: %d\n", boot_state_rsp.status);
443 free(bs_req);
444 ASSERT(0);
445 }
446 }
447
448 if (bs_req)
449 free(bs_req);
450}
451#endif
452
Monika Singha956e262019-05-24 16:13:49 +0530[diff] [blame^]453#if VERIFIED_BOOT_2
454bool send_rot_command(uint32_t is_unlocked)
455{
456 int ret = 0;
457 unsigned char *input = (unsigned char *)OEMPublicKey;
458 unsigned int key_len = sizeof(OEMPublicKey);
459 unsigned char *keystatebuf = NULL;
460 unsigned char digest[SHA256_SIZE] = {0}, final_digest[SHA256_SIZE] = {0};
461 uint32_t auth_algo = CRYPTO_AUTH_ALG_SHA256;
462 uint32_t boot_device_state = boot_verify_get_state();
463 int app_handle = 0;
464 km_set_rot_req_t *read_req = NULL;
465 km_set_rot_rsp_t read_rsp;
466 app_handle = get_secapp_handle();
467 uint32_t version = 0;
468 void *cpy_ptr;
469
470 if( input == NULL || UINT_MAX - 1 < key_len )
471 {
472 dprintf(CRITICAL, "Failed to read ROT key\n");
473 ASSERT(0);
474 }
475 switch (boot_device_state)
476 {
477 case GREEN:
478 case YELLOW:
479 if(!( keystatebuf = malloc( key_len + 1)))
480 {
481 dprintf(CRITICAL, "Failed to allocate memory for ROT digest\n");
482 ASSERT(0);
483 }
484 memscpy(keystatebuf , key_len + 1, input, key_len);
485 hash_find((unsigned char *)keystatebuf, key_len , (unsigned char *) digest, auth_algo);
486 keystatebuf[key_len] = (unsigned char )is_unlocked;
487 hash_find((unsigned char *)keystatebuf, key_len + 1, (unsigned char *) final_digest, auth_algo);
488 break;
489 case ORANGE:
490 // Unlocked device and no verification done.
491 // Send the hash of boot device state
492 input = NULL;
493 hash_find((unsigned char *) &is_unlocked, sizeof(unsigned char), (unsigned char *)&final_digest, auth_algo);
494 break;
495 case RED:
496 default:
497 dprintf(CRITICAL, "Invalid state to boot!\n");
498 }
499 dprintf(SPEW, "Digest: ");
500 for(uint8_t i = 0; i < SHA256_SIZE; i++)
501 dprintf(SPEW, "0x%x ", final_digest[i]);
502 dprintf(SPEW, "\n");
503
504 if(!(read_req = malloc(sizeof(km_set_rot_req_t) + sizeof(final_digest))))
505 {
506 dprintf(CRITICAL, "Failed to allocate memory for ROT structure\n");
507 ASSERT(0);
508 }
509
510 cpy_ptr = (uint8_t *) read_req + sizeof(km_set_rot_req_t);
511 read_req->cmd_id = KEYMASTER_SET_ROT;
512 read_req->rot_ofset = (uint32_t) sizeof(km_set_rot_req_t);
513 read_req->rot_size = sizeof(final_digest);
514 memscpy(cpy_ptr, sizeof(final_digest), (void *) &final_digest, sizeof(final_digest));
515 dprintf(SPEW, "Sending Root of Trust to trustzone: start\n");
516
517 ret = qseecom_send_command(app_handle, (void*) read_req, sizeof(km_set_rot_req_t) + sizeof(final_digest), (void*) &read_rsp, sizeof(read_rsp));
518 if (ret < 0 || read_rsp.status < 0)
519 {
520 dprintf(CRITICAL, "QSEEcom command for Sending Root of Trust returned error: %d\n", read_rsp.status);
521 free(read_req);
522 return false;
523 }
524
525#if OSVERSION_IN_BOOTIMAGE
526 boot_state_info.is_unlocked = is_unlocked;
527 boot_state_info.color = boot_verify_get_state();
528 memscpy(boot_state_info.public_key, sizeof(boot_state_info.public_key), digest, SHA256_SIZE);
529 boot_verify_send_boot_state(&boot_state_info);
530#endif
531 if ( is_secure_boot_enable()
532 && (dev_boot_state != GREEN))
533 {
534 version = qseecom_get_version();
535 if(allow_set_fuse(version)) {
536 ret = set_tamper_fuse_cmd(HLOS_IMG_TAMPER_FUSE);
537 if (ret) {
538 ret = false;
539 goto err;
540 }
541 ret = set_tamper_fuse_cmd(HLOS_TAMPER_NOTIFY_FUSE);
542 if (ret) {
543 dprintf(CRITICAL, "send_rot_command: set_tamper_fuse_cmd (TZ_HLOS_TAMPER_NOTIFY_FUSE) fails!\n");
544 ret = false;
545 goto err;
546 }
547 } else {
548 dprintf(CRITICAL, "send_rot_command: TZ didn't support this feature! Version: major = %d, minor = %d, patch = %d\n", (version >> 22) & 0x3FF, (version >> 12) & 0x3FF, version & 0x3FF);
549 goto err;
550 }
551 }
552 dprintf(CRITICAL, "Sending Root of Trust to trustzone: end\n");
553 ret = true;
554err:
555 if(keystatebuf)
556 free(keystatebuf);
557 free(read_req);
558 return ret;
559}
560#else
Sridhar Parasuram96300dc2015-06-11 10:37:11 -0700[diff] [blame]561bool send_rot_command(uint32_t is_unlocked)
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]562{
563 int ret = 0;
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]564 unsigned char *input = NULL;
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]565 char *rot_input = NULL;
Sridhar Parasuram96300dc2015-06-11 10:37:11 -0700[diff] [blame]566 unsigned int digest[9] = {0}, final_digest[8] = {0};
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]567 uint32_t auth_algo = CRYPTO_AUTH_ALG_SHA256;
568 uint32_t boot_device_state = boot_verify_get_state();
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]569 int app_handle = 0;
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]570 uint32_t len_oem_rsa = 0, len_from_cert = 0;
Monika Singh5a2f7de2018-03-16 16:57:44 +0530[diff] [blame]571 km_set_rot_req_t *read_req = NULL;
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]572 km_set_rot_rsp_t read_rsp;
573 app_handle = get_secapp_handle();
Monika Singh98257462018-06-06 11:28:49 +0530[diff] [blame]574 uint32_t version = 0;
575
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]576 int n = 0, e = 0;
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]577 switch (boot_device_state)
578 {
579 case GREEN:
580 // Locked device and boot.img verified against OEM keystore.
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]581 // Send hash of key from OEM KEYSTORE + Boot device state
582 n = BN_num_bytes(oem_keystore->mykeybag->mykey->key_material->n);
583 e = BN_num_bytes(oem_keystore->mykeybag->mykey->key_material->e);
vijay kumara89b9252015-12-10 16:10:03 +0530[diff] [blame]584 /*this assumes a valid acceptable range for RSA, including 4096 bits of modulo n. */
585 if (n<0 || n>1024)
586 {
587 dprintf(CRITICAL, "Invalid n value from key_material\n");
588 ASSERT(0);
589 }
590 /* e can assumes 3,5,17,257,65537 as valid values, which should be 1 byte long only, we accept 2 bytes or 16 bits long */
591 if( e < 0 || e >16)
592 {
593 dprintf(CRITICAL, "Invalid e value from key_material\n");
594 ASSERT(0);
595 }
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]596 len_oem_rsa = n + e;
597 if(!(input = malloc(len_oem_rsa)))
598 {
599 dprintf(CRITICAL, "Failed to allocate memory for ROT structure\n");
600 ASSERT(0);
601 }
602 BN_bn2bin(oem_keystore->mykeybag->mykey->key_material->n, input);
603 BN_bn2bin(oem_keystore->mykeybag->mykey->key_material->e, input+n);
604 hash_find((unsigned char *)input, len_oem_rsa, (unsigned char *) &digest, auth_algo);
Sridhar Parasuram96300dc2015-06-11 10:37:11 -0700[diff] [blame]605 digest[8] = is_unlocked;
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]606 break;
607 case YELLOW:
608 case RED:
609 // Locked device and boot.img passed (yellow) or failed (red) verification with the certificate embedded to the boot.img.
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]610 if (!rsa_from_cert)
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]611 {
612 dprintf(CRITICAL, "RSA is null from the embedded certificate\n");
613 ASSERT(0);
614 }
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]615 // Send hash of key from certificate in boot image + boot device state
616 n = BN_num_bytes(rsa_from_cert->n);
617 e = BN_num_bytes(rsa_from_cert->e);
vijay kumara89b9252015-12-10 16:10:03 +0530[diff] [blame]618 /*this assumes a valid acceptable range for RSA, including 4096 bits of modulo n. */
619 if (n<0 || n>1024)
620 {
621 dprintf(CRITICAL, "Invalid n value from rsa_from_cert\n");
622 ASSERT(0);
623 }
624 /* e can assumes 3,5,17,257,65537 as valid values, which should be 1 byte long only, we accept 2 bytes or 16 bits long */
625 if( e < 0 || e >16)
626 {
627 dprintf(CRITICAL, "Invalid e value from rsa_from_cert\n");
628 ASSERT(0);
629 }
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]630 len_from_cert = n + e;
631 if(!(input = malloc(len_from_cert)))
632 {
633 dprintf(CRITICAL, "Failed to allocate memory for ROT structure\n");
634 ASSERT(0);
635 }
636 BN_bn2bin(rsa_from_cert->n, input);
637 BN_bn2bin(rsa_from_cert->e, input+n);
638 hash_find((unsigned char *)input, len_from_cert, (unsigned char *) &digest, auth_algo);
Sridhar Parasuram96300dc2015-06-11 10:37:11 -0700[diff] [blame]639 digest[8] = is_unlocked;
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]640 break;
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]641 case ORANGE:
642 // Unlocked device and no verification done.
643 // Send the hash of boot device state
644 input = NULL;
Sridhar Parasuram96300dc2015-06-11 10:37:11 -0700[diff] [blame]645 digest[0] = is_unlocked;
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]646 break;
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]647 }
648
Sridhar Parasuram96300dc2015-06-11 10:37:11 -0700[diff] [blame]649 hash_find((unsigned char *) digest, sizeof(digest), (unsigned char *)&final_digest, auth_algo);
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]650 dprintf(SPEW, "Digest: ");
651 for(uint8_t i = 0; i < 8; i++)
652 dprintf(SPEW, "0x%x ", final_digest[i]);
653 dprintf(SPEW, "\n");
Sridhar Parasuram96300dc2015-06-11 10:37:11 -0700[diff] [blame]654 if(!(read_req = malloc(sizeof(km_set_rot_req_t) + sizeof(final_digest))))
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]655 {
656 dprintf(CRITICAL, "Failed to allocate memory for ROT structure\n");
657 ASSERT(0);
658 }
659
660 void *cpy_ptr = (uint8_t *) read_req + sizeof(km_set_rot_req_t);
661 // set ROT stucture
662 read_req->cmd_id = KEYMASTER_SET_ROT;
663 read_req->rot_ofset = (uint32_t) sizeof(km_set_rot_req_t);
Sridhar Parasuram96300dc2015-06-11 10:37:11 -0700[diff] [blame]664 read_req->rot_size = sizeof(final_digest);
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]665 // copy the digest
Sridhar Parasuram96300dc2015-06-11 10:37:11 -0700[diff] [blame]666 memcpy(cpy_ptr, (void *) &final_digest, sizeof(final_digest));
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]667 dprintf(SPEW, "Sending Root of Trust to trustzone: start\n");
668
Sridhar Parasuram96300dc2015-06-11 10:37:11 -0700[diff] [blame]669 ret = qseecom_send_command(app_handle, (void*) read_req, sizeof(km_set_rot_req_t) + sizeof(final_digest), (void*) &read_rsp, sizeof(read_rsp));
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]670 if (ret < 0 || read_rsp.status < 0)
671 {
672 dprintf(CRITICAL, "QSEEcom command for Sending Root of Trust returned error: %d\n", read_rsp.status);
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]673 if(input)
674 free(input);
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]675 free(read_req);
676 free(rot_input);
677 return false;
678 }
Channagoud Kadabi86b0c112016-03-16 19:23:16 -0700[diff] [blame]679
680#if OSVERSION_IN_BOOTIMAGE
681 boot_state_info.is_unlocked = is_unlocked;
682 boot_state_info.color = boot_verify_get_state();
683 memscpy(boot_state_info.public_key, sizeof(boot_state_info.public_key), digest, 32);
684 boot_verify_send_boot_state(&boot_state_info);
685#endif
Monika Singh98257462018-06-06 11:28:49 +0530[diff] [blame]686 if ( is_secure_boot_enable()
687 && (dev_boot_state != GREEN))
688 {
689 version = qseecom_get_version();
690 if(allow_set_fuse(version)) {
691 ret = set_tamper_fuse_cmd(HLOS_IMG_TAMPER_FUSE);
692 if (ret) {
693 ret = false;
694 goto err;
695 }
696 ret = set_tamper_fuse_cmd(HLOS_TAMPER_NOTIFY_FUSE);
697 if (ret) {
Monika Singh475a3952018-06-27 14:29:43 +0530[diff] [blame]698 dprintf(CRITICAL, "send_rot_command: set_tamper_fuse_cmd (TZ_HLOS_TAMPER_NOTIFY_FUSE) fails!\n");
Monika Singh98257462018-06-06 11:28:49 +0530[diff] [blame]699 ret = false;
700 goto err;
701 }
702 } else {
Monika Singh475a3952018-06-27 14:29:43 +0530[diff] [blame]703 dprintf(CRITICAL, "send_rot_command: TZ didn't support this feature! Version: major = %d, minor = %d, patch = %d\n", (version >> 22) & 0x3FF, (version >> 12) & 0x3FF, version & 0x3FF);
Monika Singh98257462018-06-06 11:28:49 +0530[diff] [blame]704 ret = false;
705 goto err;
706 }
707 }
708 dprintf(CRITICAL, "Sending Root of Trust to trustzone: end\n");
709 ret = true;
710err:
Sridhar Parasuram24fb3952015-08-26 20:25:59 -0700[diff] [blame]711 if(input)
712 free(input);
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]713 free(read_req);
714 free(rot_input);
Monika Singh98257462018-06-06 11:28:49 +0530[diff] [blame]715 return ret;
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]716}
Monika Singha956e262019-05-24 16:13:49 +0530[diff] [blame^]717#endif
Sridhar Parasuram00bfedb2015-05-26 14:21:27 -0700[diff] [blame]718
lijuangf214e222015-07-16 20:06:22 +0800[diff] [blame]719unsigned char* get_boot_fingerprint(unsigned int* buf_size)
720{
721 *buf_size = fp_size;
722
723 return fp;
724}
725
Monika Singh5a2f7de2018-03-16 16:57:44 +0530[diff] [blame]726bool boot_verify_image(unsigned char* img_addr, uint32_t img_size, char *pname,
727 uint32_t *bootstate)
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]728{
729 bool ret = false;
lijuangf214e222015-07-16 20:06:22 +0800[diff] [blame]730 X509 *cert = NULL;
731 const EVP_MD *fp_type = NULL;
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]732 VERIFIED_BOOT_SIG *sig = NULL;
733 unsigned char* sig_addr = (unsigned char*)(img_addr + img_size);
Channagoud Kadabibf6ce7d2015-09-17 13:25:35 -0700[diff] [blame]734 uint32_t sig_len = 0;
735 unsigned char *signature = NULL;
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]736
737 if(dev_boot_state == ORANGE)
738 {
739 dprintf(INFO, "boot_verifier: Device is in ORANGE boot state.\n");
740 dprintf(INFO, "boot_verifier: Skipping boot verification.\n");
741 return false;
742 }
743
Channagoud Kadabibf6ce7d2015-09-17 13:25:35 -0700[diff] [blame]744 signature = malloc(ASN1_SIGNATURE_BUFFER_SZ);
745 ASSERT(signature);
746
747 /* Copy the signature from scratch memory to buffer */
748 memcpy(signature, sig_addr, ASN1_SIGNATURE_BUFFER_SZ);
Gaurav Nebhwanic7313cc2015-12-15 22:25:04 +0530[diff] [blame]749 sig_len = read_der_message_length(signature, ASN1_SIGNATURE_BUFFER_SZ);
Channagoud Kadabibf6ce7d2015-09-17 13:25:35 -0700[diff] [blame]750
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]751 if(!sig_len)
752 {
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]753 dprintf(CRITICAL, "boot_verifier: Error while reading signature length.\n");
Sridhar Parasuramf391ec92015-08-27 14:01:42 -0700[diff] [blame]754 ASSERT(0);
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]755 }
756
Channagoud Kadabibf6ce7d2015-09-17 13:25:35 -0700[diff] [blame]757 if (sig_len > ASN1_SIGNATURE_BUFFER_SZ)
758 {
759 dprintf(CRITICAL, "boot_verifier: Signature length exceeds size signature buffer\n");
760 goto verify_image_error;
761 }
762
Channagoud Kadabicda7e9b2015-09-17 13:25:35 -0700[diff] [blame]763 if (sig_len > ASN1_SIGNATURE_BUFFER_SZ)
764 {
765 dprintf(CRITICAL, "boot_verifier: Signature length exceeds size signature buffer\n");
766 goto verify_image_error;
767 }
768
Channagoud Kadabi1420b002015-01-13 14:48:12 -0800[diff] [blame]769 if((sig = d2i_VERIFIED_BOOT_SIG(NULL, (const unsigned char **) &sig_addr, sig_len)) == NULL)
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]770 {
771 dprintf(CRITICAL,
772 "boot_verifier: verification failure due to target name mismatch\n");
Sridhar Parasuramf391ec92015-08-27 14:01:42 -0700[diff] [blame]773 ASSERT(0);
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]774 }
775
lijuangf214e222015-07-16 20:06:22 +0800[diff] [blame]776 cert = sig->certificate;
777 fp_type = EVP_sha1();
778 if(!X509_digest(cert, fp_type, (unsigned char *)fp, &fp_size)) {
779 dprintf(INFO,"Fail to create certificate fingerprint.\n");
780 }
781
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]782 ret = verify_image_with_sig(img_addr, img_size, pname, sig, user_keystore);
783
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]784 if(sig != NULL)
785 VERIFIED_BOOT_SIG_free(sig);
Monika Singh0f7bfc82018-04-16 23:14:29 +0530[diff] [blame]786
Monika Singh5a2f7de2018-03-16 16:57:44 +0530[diff] [blame]787 if(bootstate == NULL)
788 goto verify_image_error;
Monika Singh0f7bfc82018-04-16 23:14:29 +0530[diff] [blame]789 *bootstate = dev_boot_state;
Monika Singh5a2f7de2018-03-16 16:57:44 +0530[diff] [blame]790
Channagoud Kadabibf6ce7d2015-09-17 13:25:35 -0700[diff] [blame]791verify_image_error:
792 free(signature);
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]793 return ret;
794}
795
796void boot_verify_send_event(uint32_t event)
797{
798 switch(event)
799 {
800 case BOOT_INIT:
801 dev_boot_state = GREEN;
802 break;
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]803 case BOOTIMG_KEYSTORE_VERIFICATION_PASS:
804 dev_boot_state = GREEN;
805 break;
806 case BOOTIMG_EMBEDDED_CERT_VERIFICATION_PASS:
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]807 if(dev_boot_state == GREEN)
808 dev_boot_state = YELLOW;
809 break;
Sridhar Parasuram8b792422015-07-05 11:38:13 -0700[diff] [blame]810 case BOOTIMG_VERIFICATION_FAIL:
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]811 if(dev_boot_state == GREEN || dev_boot_state == YELLOW)
812 dev_boot_state = RED;
813 break;
814 case DEV_UNLOCK:
815 dev_boot_state = ORANGE;
816 break;
817 case USER_DENIES:
818 if(dev_boot_state == YELLOW || dev_boot_state == ORANGE)
819 dev_boot_state = RED;
820 break;
821 }
822}
823
824uint32_t boot_verify_get_state()
825{
826 return dev_boot_state;
827}
828
829void boot_verify_print_state()
830{
831 switch(dev_boot_state)
832 {
833 case GREEN:
834 dprintf(INFO, "boot_verifier: Device is in GREEN boot state.\n");
835 break;
836 case ORANGE:
837 dprintf(INFO, "boot_verifier: Device is in ORANGE boot state.\n");
838 break;
839 case YELLOW:
840 dprintf(INFO, "boot_verifier: Device is in YELLOW boot state.\n");
841 break;
842 case RED:
Unnati Gandhi8a7cdfe2015-05-11 13:04:20 +0530[diff] [blame]843 display_fbcon_message("Security Error: This phone has been flashed with unauthorized software & is locked. Call your mobile operator for additional support.Please note that repair/return for this issue may have additional cost.\n");
844
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]845 dprintf(INFO, "boot_verifier: Device is in RED boot state.\n");
846 break;
847 }
848}
849
Gaurav Nebhwanic7313cc2015-12-15 22:25:04 +0530[diff] [blame]850bool boot_verify_validate_keystore(unsigned char * user_addr, unsigned sz)
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]851{
852 bool ret = false;
853 unsigned char *input = user_addr;
Shashank Mittale6797222014-09-19 18:58:43 -0700[diff] [blame]854 KEYSTORE *ks = NULL;
Gaurav Nebhwanic7313cc2015-12-15 22:25:04 +0530[diff] [blame]855 uint32_t len = read_der_message_length(input, sz);
mohamed sunfeer4fc5b962017-08-23 00:29:45 +0530[diff] [blame]856 if((!len) || (sz < len))
Shashank Mittale6797222014-09-19 18:58:43 -0700[diff] [blame]857 {
858 dprintf(CRITICAL, "boot_verifier: keystore length is invalid.\n");
859 return ret;
860 }
861
Channagoud Kadabi1420b002015-01-13 14:48:12 -0800[diff] [blame]862 ks = d2i_KEYSTORE(NULL, (const unsigned char **)&input, len);
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]863 if(ks != NULL)
864 {
865 ret = true;
866 }
867 return ret;
868}
869
Channagoud Kadabi1420b002015-01-13 14:48:12 -0800[diff] [blame]870static bool check_list(const char **list, const char* entry)
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]871{
Shashank Mittal64d04852014-08-28 15:02:46 -0700[diff] [blame]872 if(list == NULL || entry == NULL)
873 return false;
874
875 while(*list != NULL)
876 {
877 if(!strcmp(entry, *list))
878 return true;
879
880 list++;
881 }
882
883 return false;
884}
885
Channagoud Kadabi583ea4c2015-09-08 14:55:09 -0700[diff] [blame]886KEYSTORE *boot_gerity_get_oem_keystore()
887{
888 read_oem_keystore();
889 return oem_keystore;
890}
Brahmaji K708fc502017-08-07 21:08:04 +0530[diff] [blame]891
Monika Singh51876762019-05-22 18:47:22 +0530[diff] [blame]892void set_os_version_with_date(unsigned char* img_addr, uint32_t system_security_level)
893{
894 boot_img_hdr *img_hdr = NULL;
895 bool supported;
896 int ret = get_date_support (&supported);
897
898 /* Extract the os version and patch level */
899 if (img_addr) {
900 img_hdr = (boot_img_hdr *)img_addr;
901 boot_state_info.system_version = (img_hdr->os_version & 0xFFFFF800) >> 11;
902 if(!ret && supported && system_security_level)
903 boot_state_info.system_security_level = system_security_level;
904 else
905 boot_state_info.system_security_level = (img_hdr->os_version & 0x7FF);
906 } else {
907 dprintf(CRITICAL, "Image address should not be NULL\n");
908 }
909}
910
Brahmaji K708fc502017-08-07 21:08:04 +0530[diff] [blame]911#if OSVERSION_IN_BOOTIMAGE
912void set_os_version(unsigned char* img_addr)
913{
Mayank Grover3dcc95b2018-09-04 20:31:38 +0530[diff] [blame]914 boot_img_hdr *img_hdr = NULL;
Brahmaji K708fc502017-08-07 21:08:04 +0530[diff] [blame]915
916 /* Extract the os version and patch level */
917 if (img_addr) {
Mayank Grover3dcc95b2018-09-04 20:31:38 +0530[diff] [blame]918 img_hdr = (boot_img_hdr *)img_addr;
Brahmaji K708fc502017-08-07 21:08:04 +0530[diff] [blame]919 boot_state_info.system_version = (img_hdr->os_version & 0xFFFFF800) >> 11;
920 boot_state_info.system_security_level = (img_hdr->os_version & 0x7FF);
921 } else {
922 dprintf(CRITICAL, "Image address should not be NULL\n");
923 }
924}
925#else
926void set_os_version(unsigned char* img_addr)
927{
928 return;
929}
930#endif
Monika Singh0b15c022019-04-10 15:24:20 +0530[diff] [blame]931
932int set_verified_boot_hash (const char *vbh, size_t vbh_size)
933{
934 int ret = 0;
935 km_set_vbh_req_t vbh_req = {0};
936 km_set_vbh_rsp_t vbh_rsp = {0};
937 int app_handle = get_secapp_handle();
938
939 if (!vbh || vbh_size != sizeof (vbh_req.vbh)) {
940 dprintf(CRITICAL, "Vbh input params invalid\n");
941 ASSERT(0);
942 }
943 vbh_req.cmd_id = KEYMASTER_SET_VBH;
944 memscpy (vbh_req.vbh, sizeof(vbh_req.vbh), vbh, vbh_size);
945 ret = qseecom_send_command (app_handle, (void *)&vbh_req, sizeof (vbh_req), (void *)&vbh_rsp, sizeof (vbh_rsp));
946
947 if (ret != 0 || vbh_rsp.status != 0) {
948 dprintf(CRITICAL, "QSEEcom command for setting vbh returned error: %d\n",vbh_rsp.status);
949 if (ret == 0 && vbh_rsp.status == KM_ERROR_INVALID_TAG) {
950 dprintf(INFO, "VBH not supported in keymaster, continue boot\n");
951 return ret;
952 }
953 ASSERT(0);
954 }
955 return ret;
956}
Monika Singh51876762019-05-22 18:47:22 +0530[diff] [blame]957
958int get_date_support (bool *supported)
959{
960 int status = 0;
961 km_get_date_support_req date_support_req = {0};
962 km_get_date_support_rsp date_support_rsp = {0};
963 int app_handle = get_secapp_handle();
964
965 date_support_req.cmd_id = KEYMASTER_GET_DATE_SUPPORT;
966 status = qseecom_send_command (app_handle, (void *)&date_support_req, sizeof (date_support_req), (void *)&date_support_rsp, sizeof (date_support_rsp));
967 if (status != 0 || date_support_rsp.status != 0 ) {
968 dprintf(CRITICAL, "QSEEcom command to get date support returned error, status: %d\n",date_support_rsp.status);
969
970 if (status == 0 && date_support_rsp.status == KM_ERROR_INVALID_TAG) {
971 dprintf(INFO, "Date in patch level NOT supported in keymaster\n");
972 }
973 *supported = false;
974 return status;
975 }
976
977 *supported = true;
978 return status;
979}