blob: cbe894c9c9c1bc9eb5a55b4c46091bcc2a939e96 [file] [log] [blame]
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Misc functions which need access to vb2_context but are not public APIs
*/
#include "2sysincludes.h"
#include "2api.h"
#include "2misc.h"
#include "2nvstorage.h"
#include "2secdata.h"
#include "2sha.h"
#include "2rsa.h"
#include "vb2_common.h"
/*
* The blob below is the sha1 digest calculated over the packed developer
* root public key structure.
*/
static const uint8_t dev_key_digest[] = {
0xb1, 0x1d, 0x74, 0xed, 0xd2, 0x86, 0xc1, 0x44,
0xe1, 0x13, 0x5b, 0x49, 0xe7, 0xf0, 0xbc, 0x20,
0xcf, 0x04, 0x1f, 0x10,
};
/**
* Determine if the root key is the developer key checked into the
* vboot_reference repository. Has no effect on boot; just logs this to the
* debug console.
*
* @param root Root key
*/
static void vb2_report_dev_firmware(struct vb2_public_key *root)
{
struct vb2_digest_context dc;
uint8_t digest[sizeof(dev_key_digest)];
int size = root->arrsize * 4;
if (!root->arrsize)
return; /* Must be a test run. */
if (vb2_digest_init(&dc, VB2_HASH_SHA1) != VB2_SUCCESS)
return;
if (vb2_digest_extend(&dc, (uint8_t *)&root->arrsize,
sizeof(root->arrsize)) != VB2_SUCCESS)
return;
if (vb2_digest_extend(&dc, (uint8_t *)&root->n0inv,
sizeof(root->n0inv)) != VB2_SUCCESS)
return;
if (vb2_digest_extend(&dc, (uint8_t *)root->n, size) != VB2_SUCCESS)
return;
if (vb2_digest_extend(&dc, (uint8_t *)root->rr, size) != VB2_SUCCESS)
return;
if (vb2_digest_finalize(&dc, digest, sizeof(digest)) != VB2_SUCCESS)
return;
if (!memcmp(digest, dev_key_digest, sizeof(dev_key_digest)))
VB2_DEBUG("This is developer signed firmware\n");
}
int vb2_load_fw_keyblock(struct vb2_context *ctx)
{
struct vb2_shared_data *sd = vb2_get_sd(ctx);
struct vb2_workbuf wb;
uint8_t *key_data;
uint32_t key_size;
struct vb2_packed_key *packed_key;
struct vb2_public_key root_key;
struct vb2_keyblock *kb;
uint32_t block_size;
int rv;
vb2_workbuf_from_ctx(ctx, &wb);
/* Read the root key */
key_size = sd->gbb_rootkey_size;
key_data = vb2_workbuf_alloc(&wb, key_size);
if (!key_data)
return VB2_ERROR_FW_KEYBLOCK_WORKBUF_ROOT_KEY;
rv = vb2ex_read_resource(ctx, VB2_RES_GBB, sd->gbb_rootkey_offset,
key_data, key_size);
if (rv)
return rv;
/* Unpack the root key */
rv = vb2_unpack_key_buffer(&root_key, key_data, key_size);
if (rv)
return rv;
/* If that's the checked-in root key, this is dev-signed firmware */
vb2_report_dev_firmware(&root_key);
/* Load the firmware keyblock header after the root key */
kb = vb2_workbuf_alloc(&wb, sizeof(*kb));
if (!kb)
return VB2_ERROR_FW_KEYBLOCK_WORKBUF_HEADER;
rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0, kb, sizeof(*kb));
if (rv)
return rv;
block_size = kb->keyblock_size;
/*
* Load the entire keyblock, now that we know how big it is. Note that
* we're loading the entire keyblock instead of just the piece after
* the header. That means we re-read the header. But that's a tiny
* amount of data, and it makes the code much more straightforward.
*/
kb = vb2_workbuf_realloc(&wb, sizeof(*kb), block_size);
if (!kb)
return VB2_ERROR_FW_KEYBLOCK_WORKBUF;
rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK, 0, kb, block_size);
if (rv)
return rv;
/* Verify the keyblock */
rv = vb2_verify_keyblock(kb, block_size, &root_key, &wb);
if (rv) {
vb2_fail(ctx, VB2_RECOVERY_FW_KEYBLOCK, rv);
return rv;
}
/* Key version is the upper 16 bits of the composite firmware version */
if (kb->data_key.key_version > VB2_MAX_KEY_VERSION)
rv = VB2_ERROR_FW_KEYBLOCK_VERSION_RANGE;
if (!rv && kb->data_key.key_version < (sd->fw_version_secdata >> 16)) {
if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK)
VB2_DEBUG("Ignoring FW key rollback due to GBB flag\n");
else
rv = VB2_ERROR_FW_KEYBLOCK_VERSION_ROLLBACK;
}
if (rv) {
vb2_fail(ctx, VB2_RECOVERY_FW_KEY_ROLLBACK, rv);
return rv;
}
sd->fw_version = kb->data_key.key_version << 16;
/*
* Save the data key in the work buffer. This overwrites the root key
* we read above. That's ok, because now that we have the data key we
* no longer need the root key.
*/
packed_key = (struct vb2_packed_key *)key_data;
packed_key->algorithm = kb->data_key.algorithm;
packed_key->key_version = kb->data_key.key_version;
packed_key->key_size = kb->data_key.key_size;
/*
* Use memmove() instead of memcpy(). In theory, the destination will
* never overlap because with the source because the root key is likely
* to be at least as large as the data key, but there's no harm here in
* being paranoid.
*/
memmove(key_data + packed_key->key_offset,
(uint8_t*)&kb->data_key + kb->data_key.key_offset,
packed_key->key_size);
/* Save the packed key offset and size */
sd->workbuf_data_key_offset = vb2_offset_of(ctx->workbuf, key_data);
sd->workbuf_data_key_size =
packed_key->key_offset + packed_key->key_size;
/* Preamble follows the keyblock in the vblock */
sd->vblock_preamble_offset = kb->keyblock_size;
/*
* Data key will persist in the workbuf after we return.
*
* Work buffer now contains:
* - vb2_shared_data
* - packed firmware data key
*/
ctx->workbuf_used = sd->workbuf_data_key_offset +
sd->workbuf_data_key_size;
return VB2_SUCCESS;
}
int vb2_load_fw_preamble(struct vb2_context *ctx)
{
struct vb2_shared_data *sd = vb2_get_sd(ctx);
struct vb2_workbuf wb;
uint8_t *key_data = ctx->workbuf + sd->workbuf_data_key_offset;
uint32_t key_size = sd->workbuf_data_key_size;
struct vb2_public_key data_key;
/* Preamble goes in the next unused chunk of work buffer */
struct vb2_fw_preamble *pre;
uint32_t pre_size;
int rv;
vb2_workbuf_from_ctx(ctx, &wb);
/* Unpack the firmware data key */
if (!sd->workbuf_data_key_size)
return VB2_ERROR_FW_PREAMBLE2_DATA_KEY;
rv = vb2_unpack_key_buffer(&data_key, key_data, key_size);
if (rv)
return rv;
/* Load the firmware preamble header */
pre = vb2_workbuf_alloc(&wb, sizeof(*pre));
if (!pre)
return VB2_ERROR_FW_PREAMBLE2_WORKBUF_HEADER;
rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK,
sd->vblock_preamble_offset,
pre, sizeof(*pre));
if (rv)
return rv;
pre_size = pre->preamble_size;
/* Load the entire firmware preamble, now that we know how big it is */
pre = vb2_workbuf_realloc(&wb, sizeof(*pre), pre_size);
if (!pre)
return VB2_ERROR_FW_PREAMBLE2_WORKBUF;
rv = vb2ex_read_resource(ctx, VB2_RES_FW_VBLOCK,
sd->vblock_preamble_offset,
pre, pre_size);
if (rv)
return rv;
/* Work buffer now contains the data subkey data and the preamble */
/* Verify the preamble */
rv = vb2_verify_fw_preamble(pre, pre_size, &data_key, &wb);
if (rv) {
vb2_fail(ctx, VB2_RECOVERY_FW_PREAMBLE, rv);
return rv;
}
/*
* Firmware version is the lower 16 bits of the composite firmware
* version.
*/
if (pre->firmware_version > VB2_MAX_PREAMBLE_VERSION)
rv = VB2_ERROR_FW_PREAMBLE_VERSION_RANGE;
/* Combine with the key version from vb2_load_fw_keyblock() */
sd->fw_version |= pre->firmware_version;
if (!rv && sd->fw_version < sd->fw_version_secdata) {
if (sd->gbb_flags & VB2_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK)
VB2_DEBUG("Ignoring FW rollback due to GBB flag\n");
else
rv = VB2_ERROR_FW_PREAMBLE_VERSION_ROLLBACK;
}
if (rv) {
vb2_fail(ctx, VB2_RECOVERY_FW_ROLLBACK, rv);
return rv;
}
/*
* If this is a newer version than in secure storage, and we
* successfully booted the same slot last boot, roll forward the
* version in secure storage.
*
* Note that this happens before we've verified the firmware data this
* boot; we're relying on the indicator that the last boot was
* successful. That's ok, because even if the firmware data has a
* valid hash, the only way we can know if it's functional is to trust
* the status from the last boot.
*/
if (sd->fw_version > sd->fw_version_secdata &&
sd->last_fw_slot == sd->fw_slot &&
sd->last_fw_result == VB2_FW_RESULT_SUCCESS) {
sd->fw_version_secdata = sd->fw_version;
rv = vb2_secdata_set(ctx, VB2_SECDATA_VERSIONS, sd->fw_version);
if (rv)
return rv;
}
/* Keep track of where we put the preamble */
sd->workbuf_preamble_offset = vb2_offset_of(ctx->workbuf, pre);
sd->workbuf_preamble_size = pre_size;
/*
* Preamble will persist in work buffer after we return.
*
* Work buffer now contains:
* - vb2_shared_data
* - packed firmware data key
* - firmware preamble
*
* TODO: we could move the preamble down over the firmware data key
* since we don't need it anymore.
*/
ctx->workbuf_used = sd->workbuf_preamble_offset + pre_size;
return VB2_SUCCESS;
}