Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / vboot_reference / 6f7f5df816a8790d2464ee5bee3d46e30611da4c
commit6f7f5df816a8790d2464ee5bee3d46e30611da4c[log] [tgz]
authorRandall Spangler <rspangler@chromium.org>Fri Oct 31 11:47:52 2014 -0700
committerchrome-internal-fetch <chrome-internal-fetch@google.com>Sat Nov 01 01:27:55 2014 +0000
tree8f09a4e8b7f9f332c1d3eb7ae43d51ae48c06c1c
parentcc7cddb39c118780439f86613924257d56476078 [diff]
vboot2: un-nest data structures

Originally, we designed the vboot data structures so that some of them
had sub-structures.  Then the variable-length data for each of the
structures was at the end.  So:

    struct vb2_keyblock {
      struct vb2_packed_key
      struct vb2_signature
    }
    // Followed by variable-length data for keyblock
    // Followed by variable-length data for packed key
    // Followed by variable-length data for signature

This had the weird side effect that the header and data for the
sub-structs were not contiguous.  That wasn't too bad before, but it
gets more complicated with the new data structures.  Each structure
now can also have a description.  And keyblocks can have a list of
signatures.

Structures also couldn't really know their own size, since a
sub-struct might have a 20-byte header, but then 2K of other data in
between that and the data for the sub-struct itself.

So, un-nest all the data structures.  That is, the keyblock now
contains the offset of the signature struct, rather than the signature
struct itself.  And then all the variable-length data for each struct
immediately follows the struct itself.  So:

    struct vb2_keyblock2 {
      // Offset of packed key
      // Offset of first signature
    }
    // Followed by variable-length data for keyblock
    struct vb2_packed_key
    // Followed by variable-length data for packed key
    struct vb2_signature2
    // Followed by variable-length data for signature (desc, sig data)

Verifying and traversing these objects is much more straightforward.
And each struct can now know its own size.

This first change rearranges the structures.  Descriptions now
immediately follow the fixed size structure headers.

The next change adds better verification of the structures, using the
fixed_size and total_size fields in the common header.

BUG=chromium:423882
BRANCH=none
TEST=VBOOT2=1 make runtests

Change-Id: Ieb9148d6f26c3e59ea542f3a95e59d8019ccee21
Reviewed-on: https://chromium-review.googlesource.com/226824
Tested-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Commit-Queue: Randall Spangler <rspangler@chromium.org>
7 files changed
tree: 8f09a4e8b7f9f332c1d3eb7ae43d51ae48c06c1c
  1. cgpt/
  2. firmware/
  3. futility/
  4. host/
  5. msc/
  6. scripts/
  7. tests/
  8. utility/
  9. .gitignore
  10. emerge_test.sh
  11. inherit-review-settings-ok
  12. LICENSE
  13. Makefile
  14. PRESUBMIT.cfg
  15. README
  16. WATCHLISTS