diff options
Diffstat (limited to 'common/vboot_sig.c')
-rw-r--r-- | common/vboot_sig.c | 163 |
1 files changed, 0 insertions, 163 deletions
diff --git a/common/vboot_sig.c b/common/vboot_sig.c deleted file mode 100644 index ae2ddb199e..0000000000 --- a/common/vboot_sig.c +++ /dev/null @@ -1,163 +0,0 @@ -/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -/* Verified boot module for Chrome EC */ - -#include "board.h" -#include "config.h" -#include "console.h" -#include "cryptolib.h" -#include "gpio.h" -#include "system.h" -#include "timer.h" -#include "util.h" -#include "vboot.h" -#include "vboot_api.h" -#include "vboot_common.h" -#include "vboot_struct.h" -#include "watchdog.h" - -/* Console output macros */ -#define CPUTS(outstr) cputs(CC_VBOOT, outstr) -#define CPRINTF(format, args...) cprintf(CC_VBOOT, format, ## args) - -enum howgood { - IMAGE_IS_BAD, - IMAGE_IS_GOOD, - IMAGE_IS_GOOD_BUT_USE_RO_ANYWAY, -}; - -static enum howgood good_image(uint8_t *key_data, - uint8_t *vblock_data, uint32_t vblock_size, - uint8_t *fv_data, uint32_t fv_size) { - VbPublicKey *sign_key; - VbKeyBlockHeader *key_block; - VbECPreambleHeader *preamble; - uint32_t now = 0; - RSAPublicKey *rsa; - - key_block = (VbKeyBlockHeader *)vblock_data; - sign_key = (VbPublicKey *)key_data; - - watchdog_reload(); - if (0 != KeyBlockVerify(key_block, vblock_size, sign_key, 0)) { - CPRINTF("[Error verifying key block]\n"); - return IMAGE_IS_BAD; - } - - now += key_block->key_block_size; - rsa = PublicKeyToRSA(&key_block->data_key); - if (!rsa) { - CPRINTF("[Error parsing data key]\n"); - return IMAGE_IS_BAD; - } - - watchdog_reload(); - preamble = (VbECPreambleHeader *)(vblock_data + now); - if (0 != VerifyECPreamble(preamble, vblock_size - now, rsa)) { - CPRINTF("[Error verifying preamble]\n"); - RSAPublicKeyFree(rsa); - return IMAGE_IS_BAD; - } - - if (preamble->flags & VB_FIRMWARE_PREAMBLE_USE_RO_NORMAL) { - CPRINTF("[Flags says USE_RO_NORMAL]\n"); - RSAPublicKeyFree(rsa); - return IMAGE_IS_GOOD_BUT_USE_RO_ANYWAY; - } - - watchdog_reload(); - if (0 != EqualData(fv_data, fv_size, &preamble->body_digest, rsa)) { - CPRINTF("Error verifying firmware body]\n"); - RSAPublicKeyFree(rsa); - return IMAGE_IS_BAD; - } - - RSAPublicKeyFree(rsa); - - watchdog_reload(); - CPRINTF("[Verified!]\n"); - return IMAGE_IS_GOOD; -} - -/* Might I want to jump to one of the RW images? */ -static int maybe_jump_to_other_image(void) -{ - /* We'll only jump to another image if we're currently in RO */ - if (system_get_image_copy() != SYSTEM_IMAGE_RO) - return 0; - -#ifdef CONFIG_TASK_KEYSCAN - /* Don't jump if recovery requested */ - if (keyboard_scan_recovery_pressed()) { - CPUTS("[Vboot staying in RO because recovery key pressed]\n"); - return 0; - } -#endif - - /* - * Don't jump if we're in RO becuase we jumped there (this keeps us - * from jumping to RO only to jump right back). - */ - if (system_jumped_to_this_image()) - return 0; - -#if !defined(CHIP_stm32) - /* - * TODO: (crosbug.com/p/8572) Daisy and Snow don't define a GPIO for - * the recovery signal from servo, so we can't check it. BDS uses the - * DOWN button. - */ - if (gpio_get_level(GPIO_RECOVERYn) == 0) { - CPUTS("[Vboot staying in RO due to recovery signal]\n"); - return 0; - } -#endif - - /* Okay, we might want to jump to a RW image. */ - return 1; -} - -int vboot_check_signature(void) -{ - enum howgood r; - timestamp_t ts1, ts2; - - CPRINTF("[%T Vboot init]\n"); - - if (!maybe_jump_to_other_image()) - return EC_SUCCESS; - - CPRINTF("[%T Vboot check RW image...]\n"); - - ts1 = get_time(); - r = good_image((uint8_t *)CONFIG_VBOOT_ROOTKEY_OFF, - (uint8_t *)CONFIG_VBLOCK_RW_OFF, CONFIG_VBLOCK_SIZE, - (uint8_t *)CONFIG_FW_RW_OFF, CONFIG_FW_RW_SIZE); - ts2 = get_time(); - - CPRINTF("[%T Vboot result=%d, elapsed time=%ld us]\n", - r, ts2.val - ts1.val); - - switch (r) { - case IMAGE_IS_GOOD: - CPRINTF("[RW image verified]\n"); - system_run_image_copy(SYSTEM_IMAGE_RW); - CPRINTF("[ERROR: Unable to jump to RW image]\n"); - goto bad; - case IMAGE_IS_GOOD_BUT_USE_RO_ANYWAY: - CPRINTF("[RW image verified]\n"); - CPRINTF("[Staying in RO mode]\n"); - return EC_SUCCESS; - default: - CPRINTF("[RW image is invalid]\n"); - } - -bad: - CPRINTF("[Staying in RO mode]\n"); - CPRINTF("[FIXME: How to trigger recovery mode?]\n"); - return EC_ERROR_UNKNOWN; -} - |