62d482ecddf5735076a085859cf40fcfa24671ee |
|
29-Jan-2015 |
Daisuke Nojiri <dnojiri@chromium.org> |
add vb2api_get_pcr_digest this api allows firmware to get the digest indicating boot mode status. BUG=chromium:451609 TEST=VBOOT2=1 make run2tests BRANCH=tot Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Change-Id: Idca7bc5f6aed947689ad7cf219805aad35047c7d Reviewed-on: https://chromium-review.googlesource.com/244542
/external/vboot_reference/firmware/2lib/2api.c
|
f10e9099286202f83ce4c1dc5ef1e85fcb5ccde7 |
|
17-Dec-2014 |
Julius Werner <jwerner@chromium.org> |
vboot2: Introduce vb2ex_hwcrypto API This patch extends the vboot2 API by three callback functions that the platform firmware may implement to offer hardware crypto engine support. For now we only support this for hash algorithms, and we will only allow it for firmware body hashes (not the keyblock or preamble which are too small to matter execution-time-wise anyway). The API is similar to the vb2api_*_hash() functions used to start body hashing in the first place, but we still take this round trip through vboot to allow it to do key/signature management and retain full control of the verification process. We also add a new preamble flag to explicitly disable this feature, so that we can later return to a solely software-based verification path through a firmware update in case a hardware crypto engine turns out to be insecure. CQ-DEPEND=CL:236435 BRANCH=None BUG=chrome-os-partner:32987 TEST='make runtests VBOOT2=1'. Manually booted on Pinky with and without HW crypto support and with the preamble flag set to confirm expected behavior. lib21/ parts untested except for compiling and new unit tests. Change-Id: I17c7d02f392089875a5942a5aafcf6a657354863 Signed-off-by: Julius Werner <jwerner@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/236453 Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/2lib/2api.c
|
6f1b82ac14f341d9733d6e95d518b3ee352002ef |
|
03-Dec-2014 |
Randall Spangler <rspangler@chromium.org> |
vboot2: Move old struct handling to lib20/ This is part 4 of a series of changes to rearrange the vboot2 library so that it's possible to start using the new-style data structs. This change moves knowledge of the old vboot1 data structs into lib20; 2lib now contains only code which is common to both vboot2.x libraries (that is, code which is data structure version agnostic). No functional changes; just rearranging code and tests. BUG=chromium:423882 BRANCH=none TEST=make runtests && VBOOT2=1 make runtests (works with/withoug VBOOT2 flag) And compile firmware for veyron_pinky CQ-DEPEND=CL:233051 Change-Id: I8f9e67157575e5be14952ef4809c3dfafd92596d Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/233021 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/2lib/2api.c
|
941e25fa59816cf6ae32a585b013f671eccbd813 |
|
29-Oct-2014 |
Aaron Durbin <adurbin@chromium.org> |
vb2: parse dev mode in phase1 The rest of the system software expects dev mode to be orthogonal to recovery mode. However, vb2_fw_phase1() was only checking recovery mode. The caller would then not call vb2_fw_phase2() which checked the developer mode settings. Fix this by doing the necessary steps in vb2_fw_phase1(). BUG=chrome-os-partner:33264 BRANCH=None TEST=None yet. Change-Id: I06da388c3ca33754ddb5937a2877fbc287946490 Signed-off-by: Aaron Durbin <adurbin@chromium.org> Signed-off-by: Furquan Shaikh <furquan@google.com> Reviewed-on: https://chromium-review.googlesource.com/225906 Tested-by: Furquan Shaikh <furquan@chromium.org> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Benson Leung <bleung@chromium.org> Tested-by: Benson Leung <bleung@chromium.org>
/external/vboot_reference/firmware/2lib/2api.c
|
f18038b750c43c2185e64db38d0d244c6810083b |
|
24-Oct-2014 |
Randall Spangler <rspangler@chromium.org> |
vboot2: Move and rename functions Move packed key functions to their own file, in preparation for introducing support for vb2_packed_key2. Rename the awfully-named vb2_verify_fw_preamble2() function to vb2_load_fw_premable(), since the new structs actually have a vb2_fw_preamble2 struct and that would be very confusing. Rename vb2_verify_fw_keyblock() to vb2_load_fw_keyblock(), so it matches. No functional changes, just renaming. BUG=chromium:423882 BRANCH=none TEST=VBOOT2=1 make runtests Change-Id: Ia914e48e6c5814ab3205b999ceda1aa2452206ff Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/225458 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/2lib/2api.c
|
4eef812d68f64cc501d795131d95f8a2f27223b1 |
|
23-Oct-2014 |
Randall Spangler <rspangler@chromium.org> |
vboot2: use enum hash algorithm This changes the internals of vboot2 to use the enumerated type for hash algorithm. The conversion from crypto algorithm is done only when unpacking the key (and ok, in checking the rsa padding, but that goes away in the next change). This is preparation for the vboot2 data types, which separate signature and hash algorithms into their own fields. There is no external change in the calling API to vboot, and no change to the external data structures. BUG=chromium:423882 BRANCH=none TEST=VBOOT2=1 make runtests Change-Id: I9c6de08d742dab941beb806fbd2bfc1e11c01e2c Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/225208 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/2lib/2api.c
|
9504754fee346569b4cdcaae9f54fa65cf3005d9 |
|
18-Oct-2014 |
Randall Spangler <rspangler@chromium.org> |
vboot2: move verify digest to 2common This removes code duplicated between 2common.c and 2rsa.c. This is in preparation for adding new unsigned hash algorithms. BUG=chromium:423882 BRANCH=none TEST=VBOOT2=1 make -j runtests Change-Id: Ic9c542ae14d3b7f786129c1d52f8963847a94fb8 Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/224780 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/2lib/2api.c
|
5b63803f6cfd55edb8cafa598aed9b9ec9d5211c |
|
22-Jun-2014 |
Daisuke Nojiri <dnojiri@chromium.org> |
vboot2: Check necessity of recovery when firmware body hash fails to match TEST=Booted Nyan Blaze and verified recovery is requested. BUG=None BRANCH=none Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Change-Id: I076e9714de4b853973cadad9a02a35d28431790c Reviewed-on: https://chromium-review.googlesource.com/205156 Commit-Queue: Daisuke Nojiri <dnojiri@chromium.org> Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
/external/vboot_reference/firmware/2lib/2api.c
|
a7ab8b50b8923afcfd7a9e6181892c4c8a2de250 |
|
11-Jun-2014 |
Randall Spangler <rspangler@chromium.org> |
vboot2: api-level routines I'm breaking the last chunk of vboot2 into smaller pieces as I add tests. This has the api-level routines actually called by depthcharge. BUG=chromium:370082 BRANCH=none TEST=make clean && VBOOT2=1 COV=1 make Change-Id: Ic7c082fc5faa0b874b2fa5a15ebda7135dcafe0b Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/200151 Reviewed-by: Bill Richardson <wfrichar@chromium.org>
/external/vboot_reference/firmware/2lib/2api.c
|