diff options
| author | Tom Hughes <tomhughes@chromium.org> | 2020-01-02 10:39:52 -0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-02-06 18:12:29 +0000 |
| commit | 5a98268b9634e4996e4a69f624c09d896645a4a2 (patch) | |
| tree | a6605863ca4982f50d1b9fde0d8bfb9797cabb4d /common/vboot | |
| parent | 127975b6c3efe77b6e92af6b153504c2607d5a07 (diff) | |
| download | chrome-ec-5a98268b9634e4996e4a69f624c09d896645a4a2.tar.gz | |
common/vboot: Add rwsig info command
The rwsig info command provides additional details on the verified boot
key used to sign the RW firmware. The information about the key can be
used by factory tests to validate that the factory is flashing firmware
that is signed by the expected key.
In addition, we refactor the "rwsig"-related commands into a generic
"rwsig" command that takes additional subcommands. This allows adding an
"rwsig dump" command that allows displaying individual fields, which is
useful in scripts and tests.
"rwsigstatus" becomes "rwsig status"
"rwsigaction" becomes "rwsig action"
The old commands are preserved for backward compatibility.
BRANCH=none
BUG=b:144958737
TEST=(kohaku) $ ectool --name=cros_fp rwsig info
TEST=(kohaku) $ ectool --name=cros_fp rwsig dump key_id
TEST=(kohaku) $ ectool --name=cros_fp reboot_ec; sleep 0.5;
ectool --name=cros_fp rwsig action abort; sleep 2;
ectool --name=cros_fp version | grep "Firmware copy"
=> Firmware copy: RO
TEST=On dragonclaw v0.2 console: rwsiginfo
Change-Id: Ib0ee4be33e6636ff702eeaef941cc3abed0594cb
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1999607
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Denis Brockus <dbrockus@chromium.org>
Diffstat (limited to 'common/vboot')
| -rw-r--r-- | common/vboot/vb21_lib.c | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/common/vboot/vb21_lib.c b/common/vboot/vb21_lib.c index c85ecbbd75..a2b6993c13 100644 --- a/common/vboot/vb21_lib.c +++ b/common/vboot/vb21_lib.c @@ -8,8 +8,10 @@ */ #include "common.h" +#include "host_command.h" #include "rsa.h" #include "rwsig.h" +#include "system.h" #include "vb21_struct.h" #include "vboot.h" @@ -42,3 +44,65 @@ int vb21_is_signature_valid(const struct vb21_signature *sig, return EC_ERROR_VBOOT_DATA_SIZE; return EC_SUCCESS; } + +const struct vb21_packed_key *vb21_get_packed_key(void) +{ + return (const struct vb21_packed_key *)(CONFIG_RO_PUBKEY_ADDR); +} + +static void read_rwsig_info(struct ec_response_rwsig_info *r) +{ + + const struct vb21_packed_key *vb21_key; + int rv; + + vb21_key = vb21_get_packed_key(); + + r->sig_alg = vb21_key->sig_alg; + r->hash_alg = vb21_key->hash_alg; + r->key_version = vb21_key->key_version; + { BUILD_ASSERT(sizeof(r->key_id) == sizeof(vb21_key->id), + "key ID sizes must match"); } + { BUILD_ASSERT(sizeof(vb21_key->id) == sizeof(vb21_key->id.raw), + "key ID sizes must match"); } + memcpy(r->key_id, vb21_key->id.raw, sizeof(r->key_id)); + + rv = vb21_is_packed_key_valid(vb21_key); + r->key_is_valid = (rv == EC_SUCCESS); +} + +static int command_rwsig_info(int argc, char **argv) +{ + int i; + struct ec_response_rwsig_info r; + + read_rwsig_info(&r); + + ccprintf("sig_alg: %d\n", r.sig_alg); + ccprintf("key_version: %d\n", r.key_version); + ccprintf("hash_alg: %d\n", r.hash_alg); + ccprintf("key_is_valid: %d\n", r.key_is_valid); + + ccprintf("key_id: "); + for (i = 0; i < sizeof(r.key_id); i++) + ccprintf("%x", r.key_id[i]); + ccprintf("\n"); + + return EC_SUCCESS; +} +DECLARE_CONSOLE_COMMAND(rwsiginfo, command_rwsig_info, NULL, + "Display rwsig info on console."); + +static enum ec_status +host_command_rwsig_info(struct host_cmd_handler_args *args) +{ + struct ec_response_rwsig_info *r = args->response; + + read_rwsig_info(r); + args->response_size = sizeof(*r); + + return EC_RES_SUCCESS; +} + +DECLARE_HOST_COMMAND(EC_CMD_RWSIG_INFO, host_command_rwsig_info, + EC_VER_MASK(EC_VER_RWSIG_INFO)); |