Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 1 | /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 2 | * Use of this source code is governed by a BSD-style license that can be |
| 3 | * found in the LICENSE file. |
| 4 | * |
| 5 | * Verified boot firmware utility |
| 6 | */ |
| 7 | |
| 8 | #include <getopt.h> |
| 9 | #include <inttypes.h> /* For PRIu64 */ |
| 10 | #include <stddef.h> |
| 11 | #include <stdio.h> |
| 12 | #include <stdlib.h> |
| 13 | #include <unistd.h> |
| 14 | |
| 15 | #include "cryptolib.h" |
| 16 | #include "host_common.h" |
| 17 | #include "kernel_blob.h" |
| 18 | #include "vboot_common.h" |
| 19 | |
| 20 | |
| 21 | /* Command line options */ |
| 22 | enum { |
| 23 | OPT_MODE_VBLOCK = 1000, |
| 24 | OPT_MODE_VERIFY, |
| 25 | OPT_KEYBLOCK, |
| 26 | OPT_SIGNPUBKEY, |
| 27 | OPT_SIGNPRIVATE, |
| 28 | OPT_VERSION, |
| 29 | OPT_FV, |
| 30 | OPT_KERNELKEY, |
Randall Spangler | a712e01 | 2011-07-13 09:48:41 -0700 | [diff] [blame] | 31 | OPT_FLAGS, |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 32 | }; |
| 33 | |
| 34 | static struct option long_opts[] = { |
| 35 | {"vblock", 1, 0, OPT_MODE_VBLOCK }, |
| 36 | {"verify", 1, 0, OPT_MODE_VERIFY }, |
| 37 | {"keyblock", 1, 0, OPT_KEYBLOCK }, |
| 38 | {"signpubkey", 1, 0, OPT_SIGNPUBKEY }, |
| 39 | {"signprivate", 1, 0, OPT_SIGNPRIVATE }, |
| 40 | {"version", 1, 0, OPT_VERSION }, |
| 41 | {"fv", 1, 0, OPT_FV }, |
| 42 | {"kernelkey", 1, 0, OPT_KERNELKEY }, |
Randall Spangler | a712e01 | 2011-07-13 09:48:41 -0700 | [diff] [blame] | 43 | {"flags", 1, 0, OPT_FLAGS }, |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 44 | {NULL, 0, 0, 0} |
| 45 | }; |
| 46 | |
| 47 | |
| 48 | /* Print help and return error */ |
| 49 | static int PrintHelp(void) { |
| 50 | |
| 51 | puts("vbutil_firmware - Verified boot key block utility\n" |
| 52 | "\n" |
| 53 | "Usage: vbutil_firmware <--vblock|--verify> <file> [OPTIONS]\n" |
| 54 | "\n" |
| 55 | "For '--vblock <file>', required OPTIONS are:\n" |
| 56 | " --keyblock <file> Key block in .keyblock format\n" |
Randall Spangler | ceef83f | 2010-07-02 13:14:42 -0700 | [diff] [blame] | 57 | " --signprivate <file> Signing private key in .vbprivk format\n" |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 58 | " --version <number> Firmware version\n" |
| 59 | " --fv <file> Firmware volume to sign\n" |
| 60 | " --kernelkey <file> Kernel subkey in .vbpubk format\n" |
Randall Spangler | a712e01 | 2011-07-13 09:48:41 -0700 | [diff] [blame] | 61 | "optional OPTIONS are:\n" |
| 62 | " --flags <number> Preamble flags (defaults to 0)\n" |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 63 | "\n" |
| 64 | "For '--verify <file>', required OPTIONS are:\n" |
| 65 | " --signpubkey <file> Signing public key in .vbpubk format\n" |
| 66 | " --fv <file> Firmware volume to verify\n" |
Bill Richardson | 60bcbe3 | 2010-09-09 14:53:56 -0700 | [diff] [blame] | 67 | "\n" |
| 68 | "For '--verify <file>', optional OPTIONS are:\n" |
| 69 | " --kernelkey <file> Write the kernel subkey to this file\n" |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 70 | ""); |
| 71 | return 1; |
| 72 | } |
| 73 | |
| 74 | |
| 75 | /* Create a firmware .vblock */ |
| 76 | static int Vblock(const char* outfile, const char* keyblock_file, |
| 77 | const char* signprivate, uint64_t version, |
Randall Spangler | a712e01 | 2011-07-13 09:48:41 -0700 | [diff] [blame] | 78 | const char* fv_file, const char* kernelkey_file, |
| 79 | uint32_t preamble_flags) { |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 80 | |
| 81 | VbPrivateKey* signing_key; |
| 82 | VbPublicKey* kernel_subkey; |
| 83 | VbSignature* body_sig; |
| 84 | VbFirmwarePreambleHeader* preamble; |
| 85 | VbKeyBlockHeader* key_block; |
| 86 | uint64_t key_block_size; |
| 87 | uint8_t* fv_data; |
| 88 | uint64_t fv_size; |
| 89 | FILE* f; |
| 90 | uint64_t i; |
| 91 | |
| 92 | if (!outfile) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 93 | VbExError("Must specify output filename\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 94 | return 1; |
| 95 | } |
| 96 | if (!keyblock_file || !signprivate || !kernelkey_file) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 97 | VbExError("Must specify all keys\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 98 | return 1; |
| 99 | } |
| 100 | if (!fv_file) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 101 | VbExError("Must specify firmware volume\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 102 | return 1; |
| 103 | } |
| 104 | |
| 105 | /* Read the key block and keys */ |
| 106 | key_block = (VbKeyBlockHeader*)ReadFile(keyblock_file, &key_block_size); |
| 107 | if (!key_block) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 108 | VbExError("Error reading key block.\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 109 | return 1; |
| 110 | } |
| 111 | |
Randall Spangler | ceef83f | 2010-07-02 13:14:42 -0700 | [diff] [blame] | 112 | signing_key = PrivateKeyRead(signprivate); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 113 | if (!signing_key) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 114 | VbExError("Error reading signing key.\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 115 | return 1; |
| 116 | } |
| 117 | |
| 118 | kernel_subkey = PublicKeyRead(kernelkey_file); |
| 119 | if (!kernel_subkey) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 120 | VbExError("Error reading kernel subkey.\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 121 | return 1; |
| 122 | } |
| 123 | |
| 124 | /* Read and sign the firmware volume */ |
| 125 | fv_data = ReadFile(fv_file, &fv_size); |
| 126 | if (!fv_data) |
| 127 | return 1; |
| 128 | if (!fv_size) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 129 | VbExError("Empty firmware volume file\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 130 | return 1; |
| 131 | } |
| 132 | body_sig = CalculateSignature(fv_data, fv_size, signing_key); |
| 133 | if (!body_sig) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 134 | VbExError("Error calculating body signature\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 135 | return 1; |
| 136 | } |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 137 | free(fv_data); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 138 | |
| 139 | /* Create preamble */ |
| 140 | preamble = CreateFirmwarePreamble(version, |
| 141 | kernel_subkey, |
| 142 | body_sig, |
Randall Spangler | a712e01 | 2011-07-13 09:48:41 -0700 | [diff] [blame] | 143 | signing_key, |
| 144 | preamble_flags); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 145 | if (!preamble) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 146 | VbExError("Error creating preamble.\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 147 | return 1; |
| 148 | } |
| 149 | |
| 150 | /* Write the output file */ |
| 151 | f = fopen(outfile, "wb"); |
| 152 | if (!f) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 153 | VbExError("Can't open output file %s\n", outfile); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 154 | return 1; |
| 155 | } |
| 156 | i = ((1 != fwrite(key_block, key_block_size, 1, f)) || |
| 157 | (1 != fwrite(preamble, preamble->preamble_size, 1, f))); |
| 158 | fclose(f); |
| 159 | if (i) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 160 | VbExError("Can't write output file %s\n", outfile); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 161 | unlink(outfile); |
| 162 | return 1; |
| 163 | } |
| 164 | |
| 165 | /* Success */ |
| 166 | return 0; |
| 167 | } |
| 168 | |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 169 | static int Verify(const char* infile, const char* signpubkey, |
Bill Richardson | 60bcbe3 | 2010-09-09 14:53:56 -0700 | [diff] [blame] | 170 | const char* fv_file, const char* kernelkey_file) { |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 171 | |
| 172 | VbKeyBlockHeader* key_block; |
| 173 | VbFirmwarePreambleHeader* preamble; |
| 174 | VbPublicKey* data_key; |
| 175 | VbPublicKey* sign_key; |
Bill Richardson | 60bcbe3 | 2010-09-09 14:53:56 -0700 | [diff] [blame] | 176 | VbPublicKey* kernel_subkey; |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 177 | RSAPublicKey* rsa; |
| 178 | uint8_t* blob; |
| 179 | uint64_t blob_size; |
| 180 | uint8_t* fv_data; |
| 181 | uint64_t fv_size; |
| 182 | uint64_t now = 0; |
Tom Wai-Hong Tam | efea801 | 2011-08-22 18:45:31 +0800 | [diff] [blame] | 183 | uint32_t flags; |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 184 | |
| 185 | if (!infile || !signpubkey || !fv_file) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 186 | VbExError("Must specify filename, signpubkey, and fv\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 187 | return 1; |
| 188 | } |
| 189 | |
| 190 | /* Read public signing key */ |
| 191 | sign_key = PublicKeyRead(signpubkey); |
| 192 | if (!sign_key) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 193 | VbExError("Error reading signpubkey.\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 194 | return 1; |
| 195 | } |
| 196 | |
| 197 | /* Read blob */ |
| 198 | blob = ReadFile(infile, &blob_size); |
| 199 | if (!blob) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 200 | VbExError("Error reading input file\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 201 | return 1; |
| 202 | } |
| 203 | |
| 204 | /* Read firmware volume */ |
| 205 | fv_data = ReadFile(fv_file, &fv_size); |
| 206 | if (!fv_data) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 207 | VbExError("Error reading firmware volume\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 208 | return 1; |
| 209 | } |
| 210 | |
| 211 | /* Verify key block */ |
| 212 | key_block = (VbKeyBlockHeader*)blob; |
Randall Spangler | 138acfe | 2010-08-17 15:45:21 -0700 | [diff] [blame] | 213 | if (0 != KeyBlockVerify(key_block, blob_size, sign_key, 0)) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 214 | VbExError("Error verifying key block.\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 215 | return 1; |
| 216 | } |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 217 | free(sign_key); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 218 | now += key_block->key_block_size; |
| 219 | |
| 220 | printf("Key block:\n"); |
| 221 | data_key = &key_block->data_key; |
| 222 | printf(" Size: %" PRIu64 "\n", key_block->key_block_size); |
Bill Richardson | 60bcbe3 | 2010-09-09 14:53:56 -0700 | [diff] [blame] | 223 | printf(" Flags: %" PRIu64 " (ignored)\n", |
| 224 | key_block->key_block_flags); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 225 | printf(" Data key algorithm: %" PRIu64 " %s\n", data_key->algorithm, |
| 226 | (data_key->algorithm < kNumAlgorithms ? |
| 227 | algo_strings[data_key->algorithm] : "(invalid)")); |
| 228 | printf(" Data key version: %" PRIu64 "\n", data_key->key_version); |
Bill Richardson | 60bcbe3 | 2010-09-09 14:53:56 -0700 | [diff] [blame] | 229 | printf(" Data key sha1sum: "); |
| 230 | PrintPubKeySha1Sum(data_key); |
| 231 | printf("\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 232 | |
| 233 | rsa = PublicKeyToRSA(&key_block->data_key); |
| 234 | if (!rsa) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 235 | VbExError("Error parsing data key.\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 236 | return 1; |
| 237 | } |
| 238 | |
| 239 | /* Verify preamble */ |
| 240 | preamble = (VbFirmwarePreambleHeader*)(blob + now); |
Randall Spangler | 87c13d8 | 2010-07-19 10:35:40 -0700 | [diff] [blame] | 241 | if (0 != VerifyFirmwarePreamble(preamble, blob_size - now, rsa)) { |
Randall Spangler | 32a6526 | 2011-06-27 10:49:11 -0700 | [diff] [blame] | 242 | VbExError("Error verifying preamble.\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 243 | return 1; |
| 244 | } |
| 245 | now += preamble->preamble_size; |
| 246 | |
Tom Wai-Hong Tam | efea801 | 2011-08-22 18:45:31 +0800 | [diff] [blame] | 247 | flags = VbGetFirmwarePreambleFlags(preamble); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 248 | printf("Preamble:\n"); |
| 249 | printf(" Size: %" PRIu64 "\n", preamble->preamble_size); |
| 250 | printf(" Header version: %" PRIu32 ".%" PRIu32"\n", |
| 251 | preamble->header_version_major, preamble->header_version_minor); |
| 252 | printf(" Firmware version: %" PRIu64 "\n", preamble->firmware_version); |
Bill Richardson | 60bcbe3 | 2010-09-09 14:53:56 -0700 | [diff] [blame] | 253 | kernel_subkey = &preamble->kernel_subkey; |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 254 | printf(" Kernel key algorithm: %" PRIu64 " %s\n", |
Bill Richardson | 60bcbe3 | 2010-09-09 14:53:56 -0700 | [diff] [blame] | 255 | kernel_subkey->algorithm, |
| 256 | (kernel_subkey->algorithm < kNumAlgorithms ? |
| 257 | algo_strings[kernel_subkey->algorithm] : "(invalid)")); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 258 | printf(" Kernel key version: %" PRIu64 "\n", |
Bill Richardson | 60bcbe3 | 2010-09-09 14:53:56 -0700 | [diff] [blame] | 259 | kernel_subkey->key_version); |
| 260 | printf(" Kernel key sha1sum: "); |
| 261 | PrintPubKeySha1Sum(kernel_subkey); |
| 262 | printf("\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 263 | printf(" Firmware body size: %" PRIu64 "\n", |
| 264 | preamble->body_signature.data_size); |
Tom Wai-Hong Tam | efea801 | 2011-08-22 18:45:31 +0800 | [diff] [blame] | 265 | printf(" Preamble flags: %" PRIu32 "\n", flags); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 266 | |
| 267 | /* TODO: verify body size same as signature size */ |
| 268 | |
| 269 | /* Verify body */ |
Tom Wai-Hong Tam | efea801 | 2011-08-22 18:45:31 +0800 | [diff] [blame] | 270 | if (flags & VB_FIRMWARE_PREAMBLE_USE_RO_NORMAL) { |
| 271 | printf("Preamble requests USE_RO_NORMAL; skipping body verification.\n"); |
| 272 | } else { |
| 273 | if (0 != VerifyData(fv_data, fv_size, &preamble->body_signature, rsa)) { |
| 274 | VbExError("Error verifying firmware body.\n"); |
| 275 | return 1; |
| 276 | } |
| 277 | printf("Body verification succeeded.\n"); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 278 | } |
Bill Richardson | 60bcbe3 | 2010-09-09 14:53:56 -0700 | [diff] [blame] | 279 | |
| 280 | if (kernelkey_file) { |
| 281 | if (0 != PublicKeyWrite(kernelkey_file, kernel_subkey)) { |
| 282 | fprintf(stderr, |
| 283 | "vbutil_firmware: unable to write kernel subkey\n"); |
| 284 | return 1; |
| 285 | } |
| 286 | } |
| 287 | |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 288 | return 0; |
| 289 | } |
| 290 | |
| 291 | |
| 292 | int main(int argc, char* argv[]) { |
| 293 | |
| 294 | char* filename = NULL; |
| 295 | char* key_block_file = NULL; |
| 296 | char* signpubkey = NULL; |
| 297 | char* signprivate = NULL; |
| 298 | uint64_t version = 0; |
| 299 | char* fv_file = NULL; |
| 300 | char* kernelkey_file = NULL; |
Randall Spangler | a712e01 | 2011-07-13 09:48:41 -0700 | [diff] [blame] | 301 | uint32_t preamble_flags = 0; |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 302 | int mode = 0; |
| 303 | int parse_error = 0; |
| 304 | char* e; |
| 305 | int i; |
| 306 | |
| 307 | while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) { |
| 308 | switch (i) { |
| 309 | case '?': |
| 310 | /* Unhandled option */ |
| 311 | printf("Unknown option\n"); |
| 312 | parse_error = 1; |
| 313 | break; |
| 314 | |
| 315 | case OPT_MODE_VBLOCK: |
| 316 | case OPT_MODE_VERIFY: |
| 317 | mode = i; |
| 318 | filename = optarg; |
| 319 | break; |
| 320 | |
| 321 | case OPT_KEYBLOCK: |
| 322 | key_block_file = optarg; |
| 323 | break; |
| 324 | |
| 325 | case OPT_SIGNPUBKEY: |
| 326 | signpubkey = optarg; |
| 327 | break; |
| 328 | |
| 329 | case OPT_SIGNPRIVATE: |
| 330 | signprivate = optarg; |
| 331 | break; |
| 332 | |
| 333 | case OPT_FV: |
| 334 | fv_file = optarg; |
| 335 | break; |
| 336 | |
| 337 | case OPT_KERNELKEY: |
| 338 | kernelkey_file = optarg; |
| 339 | break; |
| 340 | |
| 341 | case OPT_VERSION: |
| 342 | version = strtoul(optarg, &e, 0); |
| 343 | if (!*optarg || (e && *e)) { |
| 344 | printf("Invalid --version\n"); |
| 345 | parse_error = 1; |
| 346 | } |
| 347 | break; |
Randall Spangler | a712e01 | 2011-07-13 09:48:41 -0700 | [diff] [blame] | 348 | |
| 349 | case OPT_FLAGS: |
| 350 | preamble_flags = strtoul(optarg, &e, 0); |
| 351 | if (!*optarg || (e && *e)) { |
| 352 | printf("Invalid --flags\n"); |
| 353 | parse_error = 1; |
| 354 | } |
| 355 | break; |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 356 | } |
| 357 | } |
| 358 | |
| 359 | if (parse_error) |
| 360 | return PrintHelp(); |
| 361 | |
| 362 | switch(mode) { |
| 363 | case OPT_MODE_VBLOCK: |
| 364 | return Vblock(filename, key_block_file, signprivate, version, fv_file, |
Randall Spangler | a712e01 | 2011-07-13 09:48:41 -0700 | [diff] [blame] | 365 | kernelkey_file, preamble_flags); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 366 | case OPT_MODE_VERIFY: |
Bill Richardson | 60bcbe3 | 2010-09-09 14:53:56 -0700 | [diff] [blame] | 367 | return Verify(filename, signpubkey, fv_file, kernelkey_file); |
Randall Spangler | dcab8fa | 2010-06-15 14:50:51 -0700 | [diff] [blame] | 368 | default: |
| 369 | printf("Must specify a mode.\n"); |
| 370 | return PrintHelp(); |
| 371 | } |
| 372 | } |