2a75a61e2aeb241b6bd75e4d3c648f98cfc4d3be |
|
19-Oct-2016 |
Tao Bao <tbao@google.com> |
Support verifying the boot signature against the given pubkey. verify_boot_signature currently verifies the signature in the boot image (against the certificate embedded in the image). This CL supports additionally verifying the signature against the given OEM pubkey (a fixed, tamper-protected key available to the bootloader). Usage: verify_boot_signature <path-to-boot-image> verify_boot_signature <path-to-boot-image> <pubkey> - Locally built boot image is signed with the default key. $ openssl x509 -pubkey -noout -in build/target/product/security/verity.x509.pem > pubkey.pem $ verify_boot_signature $OUT/boot.img pubkey.pem; echo $? Signature is VALID 0 - Signed boot image should be verified with the OEM pubkey. $ verify_boot_signature boot.img bullhead_pub.pem; echo $? Signature is VALID 0 - Locally built boot image can be verified with its embedded certificate but not with the OEM pubkey. This will lead to the YELLOW boot state. $ verify_boot_signature $OUT/boot.img; echo $? Signature is VALID 0 $ verify_boot_signature $OUT/boot.img bullhead_pub.pem; echo $? <...> 1 Bug: 32173582 Test: See above. Change-Id: I11043eb796ccd128885e7412e65981cbd0183fb2
/system/extras/verity/verify_boot_signature.c
|
532f28f1bae5cbdbbd28148c8c1d33ed6a996b39 |
|
01-Oct-2015 |
Adam Langley <agl@google.com> |
system/extras: remove BORINGSSL_201509 support. The BORINGSSL_201509 define was used to make updating BoringSSL in external/boringssl less painful. It allowed code to compile with either the old BoringSSL (which didn't define BORINGSSL_201509) or with the new (which does). Now that the new version has landed, this change removes that support. Change-Id: I19e661419f830459d015bf14e7905af2ec41b735
/system/extras/verity/verify_boot_signature.c
|
7a688f6e8774920cb8cfc52bf2e3c16976e8ff23 |
|
03-Sep-2015 |
Adam Langley <agl@google.com> |
Prepare for BoringSSL update. This change tweaks things as needed so that the code will compile against both the BoringSSL that's currently in Android and a version from upstream. The BORINGSSL_201509 define is temporary to allow the switch to happen without breaking the build and a followup change will remove it. In this case, we backed off on removing |ERR_print_errors|, despite it being a wart in the layering of the code. Change-Id: I2f2f567cfc37fe2d5a69742302c5a92d289b814f
/system/extras/verity/verify_boot_signature.c
|
fa5185ea275da334fccafafb5ce21dedfc02e9a2 |
|
11-Aug-2015 |
Elliott Hughes <enh@google.com> |
Add <endian.h> back and stop building one tool for the Mac. We can't stop building all this stuff until we clean up the build system to not require the OTA tools on Mac OS. This code does actually use htobe64 and so should have included <endian.h>, so put that back. Change-Id: I2807b4f237d3e26d470652f373f2de85864691c4
/system/extras/verity/verify_boot_signature.c
|
3adbe0f59610db9d870c62f85119182fa1d662f6 |
|
10-Aug-2015 |
Elliott Hughes <enh@google.com> |
Another go at fixing the Mac build. I don't want to have to work out how to disable building OTAs on Macs -- though we should -- but it actually looks like this file didn't need the problematic header file anyway. Change-Id: I9d7eff8e72192958b3e880ae48fef194820ce148
/system/extras/verity/verify_boot_signature.c
|
a83adf6354f3073a1938ffcd6cadd5c357856de5 |
|
11-May-2015 |
Adam Langley <agl@google.com> |
system/extra: include more of what you use. This is a reland of aa24bc89b78a5981df7618bdef78b7b49ffad14d which was reverted in 291e20dab39783c7074191ff2d2de9b86465c10f because it broke the git_master-gpl builder. This version of the change uses crypto.h as a proxy for mem.h because it'll work in both BoringSSL and OpenSSL. Change-Id: I9e4c9e4d459c2e31f74180b3a3b2ab139ab76e80
/system/extras/verity/verify_boot_signature.c
|
291e20dab39783c7074191ff2d2de9b86465c10f |
|
10-May-2015 |
Kenny Root <kroot@google.com> |
Revert "system/extra: include more of what you use." This reverts commit aa24bc89b78a5981df7618bdef78b7b49ffad14d. Change-Id: If55eb0effc582f1cfa329bab8d7504ad4964f67e
/system/extras/verity/verify_boot_signature.c
|
aa24bc89b78a5981df7618bdef78b7b49ffad14d |
|
28-Apr-2015 |
Adam Langley <agl@google.com> |
system/extra: include more of what you use. Historically, the OpenSSL/BoringSSL headers have been quite sloppy: including many system headers. Over time, code has grown to depend on this. BoringSSL has cleaned things up a bit, but that requires code like this to include what it uses. Change-Id: Id456a598151d4c58a73cf05cef46f3db296e1f39
/system/extras/verity/verify_boot_signature.c
|
e3ec11c2d95cc03be01426d13ea87fc8edb3daad |
|
17-Mar-2015 |
Adam Langley <agl@google.com> |
system/extras/verity: BoringSSL fix. In BoringSSL, the functions that references BIOs have been moved out of ERR in order to have some reasonable layering of the code. A recent addition here referenced ERR_print_errors, which is now BIO_print_errors in BoringSSL for that reason. Additionally, the BoringSSL headers don't #include so many standard headers for you so an explicit #include of errno.h is needed here. Change-Id: Iebcc353b1354bd85d432deebeb7873aae46b0d2a
/system/extras/verity/verify_boot_signature.c
|
ac342b944b6bcb4b936e6cbcd9fb8be3e5262cd0 |
|
20-Nov-2014 |
Sami Tolvanen <samitolvanen@google.com> |
Add a reference C implementation for verifying signatures Due to OEM requests, add a reference implementation for boot/recovery image signature verification in C. The tool uses OpenSSL for ASN.1 and crypto routines. Bug: 18120110 Change-Id: I9f6c59e0b338b68f35ac1c2c4d83c10d31d70cd9
/system/extras/verity/verify_boot_signature.c
|