Gitiles
Code Review Sign In
review.coreboot.org / vboot / 559a110f33b7ebe8d950f1c2de6b3b89791f862b / . / futility / cmd_vbutil_firmware.c
blob: 3bf3492b081649c6e1f7c0c82b284016da5c396d [file] [log] [blame]
Bill Richardson6f396152014-07-15 12:52:19 -0700[diff] [blame]1/* Copyright 2011 The Chromium OS Authors. All rights reserved.
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Verified boot firmware utility
6 */
7
8#include <getopt.h>
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]9#include <inttypes.h> /* For PRIu64 */
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]10#include <stddef.h>
11#include <stdio.h>
12#include <stdlib.h>
13#include <unistd.h>
14
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]15#include "2sysincludes.h"
16#include "2api.h"
17#include "2common.h"
18#include "2rsa.h"
Bill Richardson6f396152014-07-15 12:52:19 -0700[diff] [blame]19#include "futility.h"
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]20#include "host_common.h"
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]21#include "host_key2.h"
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]22#include "kernel_blob.h"
Bill Richardson78299022014-06-20 14:33:00 -0700[diff] [blame]23#include "util_misc.h"
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]24#include "vboot_common.h"
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]25#include "vb1_helper.h"
26#include "vb2_common.h"
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]27
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]28/* Command line options */
29enum {
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]30 OPT_MODE_VBLOCK = 1000,
31 OPT_MODE_VERIFY,
32 OPT_KEYBLOCK,
33 OPT_SIGNPUBKEY,
34 OPT_SIGNPRIVATE,
35 OPT_VERSION,
36 OPT_FV,
37 OPT_KERNELKEY,
38 OPT_FLAGS,
Bill Richardson01466d32015-03-11 11:21:47 -0700[diff] [blame]39 OPT_HELP,
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]40};
41
Mike Frysinger7351ed72014-08-18 10:47:42 -0400[diff] [blame]42static const struct option long_opts[] = {
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]43 {"vblock", 1, 0, OPT_MODE_VBLOCK},
44 {"verify", 1, 0, OPT_MODE_VERIFY},
45 {"keyblock", 1, 0, OPT_KEYBLOCK},
46 {"signpubkey", 1, 0, OPT_SIGNPUBKEY},
47 {"signprivate", 1, 0, OPT_SIGNPRIVATE},
48 {"version", 1, 0, OPT_VERSION},
49 {"fv", 1, 0, OPT_FV},
50 {"kernelkey", 1, 0, OPT_KERNELKEY},
51 {"flags", 1, 0, OPT_FLAGS},
Bill Richardson01466d32015-03-11 11:21:47 -0700[diff] [blame]52 {"help", 0, 0, OPT_HELP},
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]53 {NULL, 0, 0, 0}
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]54};
55
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]56/* Print help and return error */
Bill Richardson49a422f2015-03-05 13:49:36 -0800[diff] [blame]57static void print_help(int argc, char *argv[])
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]58{
Bill Richardson779796f2014-09-23 11:47:40 -0700[diff] [blame]59 printf("\nUsage: " MYNAME " %s <--vblock|--verify> <file> [OPTIONS]\n"
60 "\n"
61 "For '--vblock <file>', required OPTIONS are:\n"
62 "\n"
63 " --keyblock <file> Key block in .keyblock format\n"
64 " --signprivate <file>"
65 " Signing private key in .vbprivk format\n"
66 " --version <number> Firmware version\n"
67 " --fv <file> Firmware volume to sign\n"
68 " --kernelkey <file> Kernel subkey in .vbpubk format\n"
69 "\n"
70 "optional OPTIONS are:\n"
71 " --flags <number> Preamble flags (defaults to 0)\n"
72 "\n"
73 "For '--verify <file>', required OPTIONS are:\n"
74 "\n"
75 " --signpubkey <file>"
76 " Signing public key in .vbpubk format\n"
77 " --fv <file> Firmware volume to verify\n"
78 "\n"
79 "For '--verify <file>', optional OPTIONS are:\n"
80 " --kernelkey <file>"
81 " Write the kernel subkey to this file\n\n",
Bill Richardson49a422f2015-03-05 13:49:36 -0800[diff] [blame]82 argv[0]);
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]83}
84
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]85/* Create a firmware .vblock */
Randall Spanglerd46461c2016-06-22 16:46:23 -0700[diff] [blame]86static int do_vblock(const char *outfile, const char *keyblock_file,
87 const char *signprivate, uint32_t version,
88 const char *fv_file, const char *kernelkey_file,
89 uint32_t preamble_flags)
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]90{
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]91 struct vb2_keyblock *keyblock = NULL;
92 struct vb2_private_key *signing_key = NULL;
93 struct vb2_packed_key *kernel_subkey = NULL;
94 struct vb2_signature *body_sig = NULL;
95 struct vb2_fw_preamble *preamble = NULL;
96 uint8_t *fv_data = NULL;
97 int retval = 1;
98
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]99 if (!outfile) {
100 VbExError("Must specify output filename\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]101 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]102 }
103 if (!keyblock_file || !signprivate || !kernelkey_file) {
104 VbExError("Must specify all keys\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]105 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]106 }
107 if (!fv_file) {
108 VbExError("Must specify firmware volume\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]109 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]110 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]111
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]112 /* Read the key block and keys */
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]113 keyblock = vb2_read_keyblock(keyblock_file);
Randall Spangler939cc3a2016-06-21 15:23:32 -0700[diff] [blame]114 if (!keyblock) {
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]115 VbExError("Error reading key block.\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]116 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]117 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]118
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]119 signing_key = vb2_read_private_key(signprivate);
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]120 if (!signing_key) {
121 VbExError("Error reading signing key.\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]122 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]123 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]124
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]125 kernel_subkey = vb2_read_packed_key(kernelkey_file);
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]126 if (!kernel_subkey) {
127 VbExError("Error reading kernel subkey.\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]128 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]129 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]130
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]131 /* Read and sign the firmware volume */
Randall Spanglerd46461c2016-06-22 16:46:23 -0700[diff] [blame]132 uint32_t fv_size;
133 if (VB2_SUCCESS != vb2_read_file(fv_file, &fv_data, &fv_size))
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]134 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]135 if (!fv_size) {
136 VbExError("Empty firmware volume file\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]137 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]138 }
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]139 body_sig = vb2_calculate_signature(fv_data, fv_size, signing_key);
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]140 if (!body_sig) {
141 VbExError("Error calculating body signature\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]142 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]143 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]144
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]145 /* Create preamble */
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]146 preamble = vb2_create_fw_preamble(version, kernel_subkey, body_sig,
147 signing_key, preamble_flags);
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]148 if (!preamble) {
149 VbExError("Error creating preamble.\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]150 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]151 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]152
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]153 /* Write the output file */
Randall Spanglerd46461c2016-06-22 16:46:23 -0700[diff] [blame]154 FILE *f = fopen(outfile, "wb");
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]155 if (!f) {
156 VbExError("Can't open output file %s\n", outfile);
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]157 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]158 }
Randall Spanglerd46461c2016-06-22 16:46:23 -0700[diff] [blame]159 int i = ((1 != fwrite(keyblock, keyblock->keyblock_size, 1, f)) ||
160 (1 != fwrite(preamble, preamble->preamble_size, 1, f)));
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]161 fclose(f);
162 if (i) {
163 VbExError("Can't write output file %s\n", outfile);
164 unlink(outfile);
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]165 goto vblock_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]166 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]167
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]168 /* Success */
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]169 retval = 0;
170
171vblock_cleanup:
172 if (keyblock)
173 free(keyblock);
174 if (signing_key)
175 free(signing_key);
176 if (kernel_subkey)
177 free(kernel_subkey);
178 if (fv_data)
179 free(fv_data);
180 if (body_sig)
181 free(body_sig);
182 if (preamble)
183 free(preamble);
184
185 return retval;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]186}
187
Randall Spanglerd46461c2016-06-22 16:46:23 -0700[diff] [blame]188static int do_verify(const char *infile, const char *signpubkey,
189 const char *fv_file, const char *kernelkey_file)
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]190{
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]191 uint8_t workbuf[VB2_WORKBUF_RECOMMENDED_SIZE];
192 struct vb2_workbuf wb;
193 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]194
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]195 uint32_t now = 0;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]196
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]197 uint8_t *pubkbuf = NULL;
198 uint8_t *blob = NULL;
199 uint8_t *fv_data = NULL;
200 int retval = 1;
201
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]202 if (!infile || !signpubkey || !fv_file) {
203 VbExError("Must specify filename, signpubkey, and fv\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]204 goto verify_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]205 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]206
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]207 /* Read public signing key */
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]208 uint32_t pubklen;
209 struct vb2_public_key sign_key;
210 if (VB2_SUCCESS != vb2_read_file(signpubkey, &pubkbuf, &pubklen)) {
211 fprintf(stderr, "Error reading signpubkey.\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]212 goto verify_cleanup;
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]213 }
214 if (VB2_SUCCESS != vb2_unpack_key(&sign_key, pubkbuf, pubklen)) {
215 fprintf(stderr, "Error unpacking signpubkey.\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]216 goto verify_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]217 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]218
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]219 /* Read blob */
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]220 uint32_t blob_size;
221 if (VB2_SUCCESS != vb2_read_file(infile, &blob, &blob_size)) {
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]222 VbExError("Error reading input file\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]223 goto verify_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]224 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]225
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]226 /* Read firmware volume */
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]227 uint32_t fv_size;
228 if (VB2_SUCCESS != vb2_read_file(fv_file, &fv_data, &fv_size)) {
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]229 VbExError("Error reading firmware volume\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]230 goto verify_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]231 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]232
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]233 /* Verify key block */
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]234 struct vb2_keyblock *keyblock = (struct vb2_keyblock *)blob;
235 if (VB2_SUCCESS !=
236 vb2_verify_keyblock(keyblock, blob_size, &sign_key, &wb)) {
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]237 VbExError("Error verifying key block.\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]238 goto verify_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]239 }
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]240
241 now += keyblock->keyblock_size;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]242
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]243 printf("Key block:\n");
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]244 printf(" Size: %d\n", keyblock->keyblock_size);
245 printf(" Flags: %d (ignored)\n",
246 keyblock->keyblock_flags);
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]247
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]248 struct vb2_packed_key *packed_key = &keyblock->data_key;
249 printf(" Data key algorithm: %d %s\n", packed_key->algorithm,
Randall Spangler46a382d2016-10-18 12:00:07 -0700[diff] [blame]250 vb2_get_crypto_algorithm_name(packed_key->algorithm));
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]251 printf(" Data key version: %d\n", packed_key->key_version);
252 printf(" Data key sha1sum: %s\n",
253 packed_key_sha1_string(packed_key));
254
255 struct vb2_public_key data_key;
256 if (VB2_SUCCESS !=
257 vb2_unpack_key(&data_key, (const uint8_t *)&keyblock->data_key,
258 keyblock->data_key.key_offset +
259 keyblock->data_key.key_size)) {
260 fprintf(stderr, "Error parsing data key.\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]261 goto verify_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]262 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]263
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]264 /* Verify preamble */
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]265 struct vb2_fw_preamble *pre2 = (struct vb2_fw_preamble *)(blob + now);
266 if (VB2_SUCCESS !=
267 vb2_verify_fw_preamble(pre2, blob_size - now, &data_key, &wb)) {
268 VbExError("Error2 verifying preamble.\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]269 goto verify_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]270 }
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]271 now += pre2->preamble_size;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]272
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]273 uint32_t flags = pre2->flags;
274 if (pre2->header_version_minor < 1)
275 flags = 0; /* Old 2.0 structure didn't have flags */
276
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]277 printf("Preamble:\n");
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]278 printf(" Size: %d\n", pre2->preamble_size);
279 printf(" Header version: %d.%d\n",
280 pre2->header_version_major, pre2->header_version_minor);
281 printf(" Firmware version: %d\n", pre2->firmware_version);
282
283 struct vb2_packed_key *kernel_subkey = &pre2->kernel_subkey;
284 printf(" Kernel key algorithm: %d %s\n", kernel_subkey->algorithm,
Randall Spangler46a382d2016-10-18 12:00:07 -0700[diff] [blame]285 vb2_get_crypto_algorithm_name(kernel_subkey->algorithm));
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]286 printf(" Kernel key version: %d\n", kernel_subkey->key_version);
287 printf(" Kernel key sha1sum: %s\n",
288 packed_key_sha1_string(kernel_subkey));
289 printf(" Firmware body size: %d\n", pre2->body_signature.data_size);
290 printf(" Preamble flags: %d\n", flags);
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]291
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]292 /* TODO: verify body size same as signature size */
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]293
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]294 /* Verify body */
Randall Spangler814aaf02016-06-17 10:48:16 -0700[diff] [blame]295 if (flags & VB2_FIRMWARE_PREAMBLE_USE_RO_NORMAL) {
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]296 printf("Preamble requests USE_RO_NORMAL;"
297 " skipping body verification.\n");
298 } else if (VB2_SUCCESS ==
299 vb2_verify_data(fv_data, fv_size, &pre2->body_signature,
300 &data_key, &wb)) {
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]301 printf("Body verification succeeded.\n");
Randall Spangler98263a12016-06-02 16:05:49 -0700[diff] [blame]302 } else {
303 VbExError("Error verifying firmware body.\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]304 goto verify_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]305 }
Bill Richardson60bcbe32010-09-09 14:53:56 -0700[diff] [blame]306
Randall Spanglerf7559e42016-06-23 13:45:59 -0700[diff] [blame]307 if (kernelkey_file &&
308 VB2_SUCCESS != vb2_write_packed_key(kernelkey_file,
309 kernel_subkey)) {
310 VbExError("Unable to write kernel subkey\n");
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]311 goto verify_cleanup;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]312 }
Bill Richardson60bcbe32010-09-09 14:53:56 -0700[diff] [blame]313
Randall Spanglerd8a9ede2016-09-02 12:25:27 -0700[diff] [blame]314 /* Success */
315 retval = 0;
316
317verify_cleanup:
318 if (pubkbuf)
319 free(pubkbuf);
320 if (blob)
321 free(blob);
322 if (fv_data)
323 free(fv_data);
324
325 return retval;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]326}
327
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]328static int do_vbutil_firmware(int argc, char *argv[])
329{
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]330
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]331 char *filename = NULL;
332 char *key_block_file = NULL;
333 char *signpubkey = NULL;
334 char *signprivate = NULL;
Randall Spanglerd46461c2016-06-22 16:46:23 -0700[diff] [blame]335 uint32_t version = 0;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]336 char *fv_file = NULL;
337 char *kernelkey_file = NULL;
338 uint32_t preamble_flags = 0;
339 int mode = 0;
340 int parse_error = 0;
341 char *e;
342 int i;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]343
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]344 while ((i = getopt_long(argc, argv, "", long_opts, NULL)) != -1) {
345 switch (i) {
346 case '?':
347 /* Unhandled option */
348 printf("Unknown option\n");
349 parse_error = 1;
350 break;
Bill Richardson01466d32015-03-11 11:21:47 -0700[diff] [blame]351 case OPT_HELP:
352 print_help(argc, argv);
353 return !!parse_error;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]354
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]355 case OPT_MODE_VBLOCK:
356 case OPT_MODE_VERIFY:
357 mode = i;
358 filename = optarg;
359 break;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]360
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]361 case OPT_KEYBLOCK:
362 key_block_file = optarg;
363 break;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]364
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]365 case OPT_SIGNPUBKEY:
366 signpubkey = optarg;
367 break;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]368
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]369 case OPT_SIGNPRIVATE:
370 signprivate = optarg;
371 break;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]372
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]373 case OPT_FV:
374 fv_file = optarg;
375 break;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]376
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]377 case OPT_KERNELKEY:
378 kernelkey_file = optarg;
379 break;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]380
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]381 case OPT_VERSION:
382 version = strtoul(optarg, &e, 0);
383 if (!*optarg || (e && *e)) {
384 printf("Invalid --version\n");
385 parse_error = 1;
386 }
387 break;
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]388
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]389 case OPT_FLAGS:
390 preamble_flags = strtoul(optarg, &e, 0);
391 if (!*optarg || (e && *e)) {
392 printf("Invalid --flags\n");
393 parse_error = 1;
394 }
395 break;
396 }
397 }
Randall Spanglera712e012011-07-13 09:48:41 -0700[diff] [blame]398
Bill Richardson779796f2014-09-23 11:47:40 -0700[diff] [blame]399 if (parse_error) {
Bill Richardson49a422f2015-03-05 13:49:36 -0800[diff] [blame]400 print_help(argc, argv);
Bill Richardson779796f2014-09-23 11:47:40 -0700[diff] [blame]401 return 1;
402 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]403
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]404 switch (mode) {
405 case OPT_MODE_VBLOCK:
Randall Spanglerd46461c2016-06-22 16:46:23 -0700[diff] [blame]406 return do_vblock(filename, key_block_file, signprivate, version,
407 fv_file, kernelkey_file, preamble_flags);
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]408 case OPT_MODE_VERIFY:
Randall Spanglerd46461c2016-06-22 16:46:23 -0700[diff] [blame]409 return do_verify(filename, signpubkey, fv_file, kernelkey_file);
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]410 default:
Bill Richardson779796f2014-09-23 11:47:40 -0700[diff] [blame]411 fprintf(stderr, "Must specify a mode.\n");
Bill Richardson49a422f2015-03-05 13:49:36 -0800[diff] [blame]412 print_help(argc, argv);
Bill Richardson779796f2014-09-23 11:47:40 -0700[diff] [blame]413 return 1;
Bill Richardson31d95c22014-08-24 22:07:17 -0700[diff] [blame]414 }
Randall Spanglerdcab8fa2010-06-15 14:50:51 -0700[diff] [blame]415}
Bill Richardson6f396152014-07-15 12:52:19 -0700[diff] [blame]416
Bill Richardson01466d32015-03-11 11:21:47 -0700[diff] [blame]417DECLARE_FUTIL_COMMAND(vbutil_firmware, do_vbutil_firmware, VBOOT_VERSION_1_0,
418 "Verified boot firmware utility");