Commit c19d8b2b authored by Sophie Brun's avatar Sophie Brun

Imported Upstream version 0~R52-8350.B

parent b55c538f
# Copyright 2015 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Minimal makefile capable of compiling futility to sign images
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE := libvboot_util-host
ifeq ($(HOST_OS),darwin)
LOCAL_CFLAGS += -DHAVE_MACOS
endif
# These are required to access large disks and files on 32-bit systems.
LOCAL_CFLAGS += -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
LOCAL_C_INCLUDES += \
$(LOCAL_PATH)/firmware/include \
$(LOCAL_PATH)/firmware/lib/include \
$(LOCAL_PATH)/firmware/lib/cgptlib/include \
$(LOCAL_PATH)/firmware/lib/cryptolib/include \
$(LOCAL_PATH)/firmware/lib/tpm_lite/include \
$(LOCAL_PATH)/firmware/2lib/include \
$(LOCAL_PATH)/host/include \
$(LOCAL_PATH)/host/lib/include
# Firmware library sources needed by VbInit() call
VBINIT_SRCS = \
firmware/lib/crc8.c \
firmware/lib/utility.c \
firmware/lib/vboot_api_init.c \
firmware/lib/vboot_common_init.c \
firmware/lib/vboot_nvstorage.c \
firmware/lib/vboot_nvstorage_rollback.c \
firmware/lib/region-init.c \
# Additional firmware library sources needed by VbSelectFirmware() call
VBSF_SRCS = \
firmware/lib/cryptolib/padding.c \
firmware/lib/cryptolib/rsa.c \
firmware/lib/cryptolib/rsa_utility.c \
firmware/lib/cryptolib/sha1.c \
firmware/lib/cryptolib/sha256.c \
firmware/lib/cryptolib/sha512.c \
firmware/lib/cryptolib/sha_utility.c \
firmware/lib/stateful_util.c \
firmware/lib/vboot_api_firmware.c \
firmware/lib/vboot_common.c \
firmware/lib/vboot_firmware.c \
firmware/lib/region-fw.c \
# Additional firmware library sources needed by VbSelectAndLoadKernel() call
VBSLK_SRCS = \
firmware/lib/cgptlib/cgptlib.c \
firmware/lib/cgptlib/cgptlib_internal.c \
firmware/lib/cgptlib/crc32.c \
firmware/lib/gpt_misc.c \
firmware/lib/utility_string.c \
firmware/lib/vboot_api_kernel.c \
firmware/lib/vboot_audio.c \
firmware/lib/vboot_display.c \
firmware/lib/vboot_kernel.c \
firmware/lib/region-kernel.c \
VBINIT_SRCS += \
firmware/stub/tpm_lite_stub.c \
firmware/stub/utility_stub.c \
firmware/stub/vboot_api_stub_init.c \
firmware/stub/vboot_api_stub_region.c
VBSF_SRCS += \
firmware/stub/vboot_api_stub_sf.c
VBSLK_SRCS += \
firmware/stub/vboot_api_stub.c \
firmware/stub/vboot_api_stub_disk.c \
firmware/stub/vboot_api_stub_stream.c
UTILLIB_SRCS = \
cgpt/cgpt_create.c \
cgpt/cgpt_add.c \
cgpt/cgpt_boot.c \
cgpt/cgpt_show.c \
cgpt/cgpt_repair.c \
cgpt/cgpt_prioritize.c \
cgpt/cgpt_common.c \
futility/dump_kernel_config_lib.c \
host/lib/crossystem.c \
host/lib/file_keys.c \
host/lib/fmap.c \
host/lib/host_common.c \
host/lib/host_key.c \
host/lib/host_keyblock.c \
host/lib/host_misc.c \
host/lib/util_misc.c \
host/lib/host_signature.c \
host/lib/signature_digest.c
# host/arch/${HOST_ARCH}/lib/crossystem_arch.c \
LOCAL_SRC_FILES := \
$(VBINIT_SRCS) \
$(VBSF_SRCS) \
$(VBSLK_SRCS) \
$(UTILLIB_SRCS)
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_C_INCLUDES)
LOCAL_STATIC_LIBRARIES := libcrypto_static
include $(BUILD_HOST_STATIC_LIBRARY)
include $(CLEAR_VARS)
LOCAL_MODULE := futility-host
LOCAL_IS_HOST_MODULE := true
LOCAL_MODULE_CLASS := EXECUTABLES
generated_sources := $(call local-generated-sources-dir)
ifeq ($(HOST_OS),darwin)
LOCAL_CFLAGS += -DHAVE_MACOS
endif
# These are required to access large disks and files on 32-bit systems.
LOCAL_CFLAGS += -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
FUTIL_STATIC_SRCS = \
futility/futility.c \
futility/cmd_dump_fmap.c \
futility/cmd_gbb_utility.c \
futility/misc.c
FUTIL_SRCS = \
${FUTIL_STATIC_SRCS} \
futility/cmd_dump_kernel_config.c \
futility/cmd_load_fmap.c \
futility/cmd_pcr.c \
futility/cmd_show.c \
futility/cmd_sign.c \
futility/cmd_vbutil_firmware.c \
futility/cmd_vbutil_kernel.c \
futility/cmd_vbutil_key.c \
futility/cmd_vbutil_keyblock.c \
futility/file_type.c \
futility/traversal.c \
futility/vb1_helper.c
# ${FUTIL_STATIC_WORKAROUND_SRCS:%.c=${BUILD}/%.o} \
LOCAL_SRC_FILES := \
$(FUTIL_SRCS) \
$(generated_sources)/futility_cmds.c: ${FUTIL_SRCS:%=${LOCAL_PATH}/%}
@echo making $< from ${FUTIL_SRCS}
@rm -f $@ $@_t $@_commands
@mkdir -p $(dir $@)
@grep -hoRE '^DECLARE_FUTIL_COMMAND\([^,]+' $^ \
| sed 's/DECLARE_FUTIL_COMMAND(\(.*\)/_CMD(\1)/' \
| sort >>$@_commands
@external/vboot_reference/scripts/getversion.sh >> $@_t
@echo '#define _CMD(NAME) extern const struct' \
'futil_cmd_t __cmd_##NAME;' >> $@_t
@cat $@_commands >> $@_t
@echo '#undef _CMD' >> $@_t
@echo '#define _CMD(NAME) &__cmd_##NAME,' >> $@_t
@echo 'const struct futil_cmd_t *const futil_cmds[] = {' >> $@_t
@cat $@_commands >> $@_t
@echo '0}; /* null-terminated */' >> $@_t
@echo '#undef _CMD' >> $@_t
@mv $@_t $@
@rm -f $@_commands
LOCAL_GENERATED_SOURCES := $(generated_sources)/futility_cmds.c
LOCAL_STATIC_LIBRARIES := libvboot_util-host
LOCAL_SHARED_LIBRARIES := libcrypto-host
include $(BUILD_HOST_EXECUTABLE)
This diff is collapsed.
[Hook Overrides]
branch_check: true
# We are using Linux style indentation with tabs
# The indentation is checked by checkpatch not the python script
tab_check: false
This directory contains a reference implementation for Chrome OS
verified boot in firmware.
----------
Directory Structure
----------
Directory Structure
----------
The source is organized into distinct modules -
firmware/ - Contains ONLY the code required by the BIOS to validate
the secure boot components. There shouldn't be any code in here that
signs or generates images. BIOS should require ONLY this directory to
implement secure boot. Refer to firmware/README for futher details.
firmware/
Contains ONLY the code required by the BIOS to validate the secure boot
components. There shouldn't be any code in here that signs or generates
images. BIOS should require ONLY this directory to implement secure boot.
Refer to firmware/README for futher details.
cgpt/
Utility to read/write/modify GPT partitions. Similar to GNU parted or any
other GPT tool, but this has support for Chrome OS extensions.
host/
Miscellaneous functions needed by userland utilities.
futility/
The "firmware utility" tool, used to create, sign, and validate Chrome OS
images.
utility/
Random other utilities, not necesssarily related to verified boot as such.
tests/
cgpt/ - Utility to read/write/modify GPT partitions. Much like the
gpt tool, but with support for Chrome OS extensiosn.
User-land tests and benchmarks that test the reference implementation.
Please have a look at these if you'd like to understand how to use the
reference implementation.
host/ - Miscellaneous functions used by userland utilities.
build/
utility/ - Utilities for generating and verifying signed
firmware and kernel images, as well as arbitrary blobs.
The output directory where the generated files will be placed, and where
tests are run.
tests/ - User-land tests and benchmarks that test the reference
implementation. Please have a look at these if you'd like to
understand how to use the reference implementation.
scripts/
Tools and scripts used to generate and use new signing keypairs. These are
typically used only on a secure machine.
build/ - a directory where the generated files go to.
--------------------
Building and testing
......@@ -37,67 +60,63 @@ there are host environment build problems due to missing .h files, try
researching what packages the files belong to and install the missing packages
before reporting a problem.
To build the software run
make
in the top level directory. The build output is placed in the ./build
directory.
The commands are the more-or-less expected ones:
To run the tests either invoke
make
make runtests
make install [ DESTDIR=/usr/local ]
RUNTESTS=1 make
in the top level directory or
cd tests
BUILD=../build make runtests
----------
Some useful utilities:
----------
futility vbutil_key Convert a public key into .vbpubk format
futility vbutil_keyblock Wrap a public key inside a signature and checksum
futility vbutil_firmware Create a .vblock with signature info for a
firmware image
futility vbutil_kernel Pack a kernel image, bootloader, and config into
a signed binary
----------
Some useful utilities:
----------
dumpRSAPublicKey Dump RSA Public key (from a DER-encoded X509
certificate) in a format suitable for use by
RSAVerify* functions in crypto/.
vbutil_key Convert a public key into .vbpubk format
vbutil_keyblock Wrap a public key inside a signature and checksum
vbutil_firmware Create a .vblock with signature info for a
firmware image
vbutil_kernel Pack a kernel image, bootloader, and config into
a signed binary
verify_data.c Verify a given signature on a given file.
dumpRSAPublicKey Dump RSA Public key (from a DER-encoded X509
certificate) in a format suitable for
use by RSAVerify* functions in
crypto/.
verify_data.c Verify a given signature on a given file.
----------
Generating a signed firmware image:
----------
Generating a signed firmware image:
----------
* Step 0: Build the tools, install them somewhere.
* Step 1: Generate RSA root and signing keys.
# Root key is always 8192 bits.
$ openssl genrsa -F4 -out root_key.pem 8192
The root key is always 8192 bits.
$ openssl genrsa -F4 -out root_key.pem 8192
# Signing key can be between 1024-8192 bits.
$ openssl genrsa -F4 -out signing_key.pem <1024|2048|4096|8192>
The signing key can be between 1024-8192 bits.
Note: The -F4 option must be specified to generate RSA keys with
a public exponent of 65535. RSA keys with 3 as a public
exponent (the default) won't work.
$ openssl genrsa -F4 -out signing_key.pem <1024|2048|4096|8192>
Note: The -F4 option must be specified to generate RSA keys with a public
exponent of 65535. RSA keys with 3 as a public exponent (the default)
won't work.
* Step 2: Generate pre-processed public versions of the above keys using
utility/dumpRSAPublicKey
dumpRSAPublicKey. This utility expects an x509 certificate as
input, and emits an intermediate representation for further
processing.
# dumpRSAPublicKey expects an x509 certificate as input.
$ openssl req -batch -new -x509 -key root_key.pem -out root_key.crt
$ openssl req -batch -new -x509 -key signing_key.pem -out signing_key.crt
$ utility/dumpRSAPublicKey root_key.crt > root_key.keyb
$ utility/dumpRSAPublicKey signing_key.crt > signing_key.keyb
$ openssl req -batch -new -x509 -key root_key.pem -out root_key.crt
$ openssl req -batch -new -x509 -key signing_key.pem -out signing_key.crt
$ dumpRSAPublicKey root_key.crt > root_key.keyb
$ dumpRSAPublicKey signing_key.crt > signing_key.keyb
************** TODO: STUFF PAST HERE IS OUT OF DATE ***************
......@@ -121,13 +140,13 @@ $ utility/firmware_utility --generate \
--in <firmware blob file> \
--out <output file>
Where <algoid> is based on the signature algorithm to use for firmware
Where <algoid> is based on the signature algorithm to use for firmware
signining. The list of <algoid> specifications can be output by running
'utility/firmware_utility' without any arguments.
Note: --firmware_key_version and --firmware_version are part of a signed
Note: --firmware_key_version and --firmware_version are part of a signed
image and are used to prevent rollbacks to older version. For testing,
they can just be set valid values.
they can just be set to valid values.
* Step 4: Verify that this image verifies.
......@@ -144,8 +163,8 @@ Note: The verification functions expects a pointer to the
final firmware, this will be a fixed public key which cannot be
changed and must be stored in RO firmware.
----------
Generating a signed kernel image:
----------
Generating a signed kernel image:
----------
The steps for generating a signed kernel image are similar to that of
......
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
AUTHOR = "ChromeOS Team"
NAME = "firmware_VbootCrypto"
PURPOSE = """
Verifies Firmware Verified Boot Reference Implementation, its components, and
crypto performance.
"""
CRITERIA = """
This test is a benchmark.
Errors in any of the following tests will cause a failure:
- _sha_test()
- _rsa_test()
- _image_verification_test()
- _rollback_tests()
- _splicing_tests()
"""
TIME = "LONG"
TEST_CATEGORY = "Functional"
TEST_CLASS = "firmware"
TEST_TYPE = "client"
DOC = """
This test implements various RSA and SHA by creating and verifying various
keys and hashes. It will generate public key signatures using sha1, sha256,
and sha512 algorithms with key lengths of 1024, 2048, 4096, and 8192. RSA
padding tests will then be run to verify them. Tests are also run to verify
the correctness of firmware and kernel image verification.
"""
test_suites = [
'crypto', # RSA Signature Verification and SHA* Correctness.
'verification', # Firmware and Kernel Image Verification.
'benchmarks', # Crypto and Image Verification benchmarks.
'rollback', # Firmware/Kernel Rollback Prevention.
'splicing', # Image Splicing Attack.
]
for suite in test_suites:
job.run_test('firmware_VbootCrypto', suite=suite, tag=suite)
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import os
from autotest_lib.client.bin import test, utils
from autotest_lib.client.common_lib import error
class firmware_VbootCrypto(test.test):
"""
Tests for correctness of verified boot reference crypto implementation.
"""
version = 1
preserve_srcdir = True
# TODO(gauravsh): Disable this autotest until we have a way
# of running these in a 64-bit environment (since for x86, this
# code is run in 64-bit mode.
#
# This issue is tracked as Issue 3792 on the Chromium OS Bug Tracker.
# http://code.google.com/p/chromium-os/issues/detail?id=3792
def setup_Disabled(self):
os.chdir(self.srcdir)
utils.make('clean all')
# Parses the [result] and output the key-value pairs.
def __output_result_keyvals(self, results):
for keyval in results.splitlines():
if keyval.strip().startswith('#'):
continue
key, val = keyval.split(':')
self.keyvals[key.strip()] = float(val)
def __generate_test_cases(self):
gen_test_case_cmd = os.path.join(self.srcdir, "tests",
"gen_test_cases.sh")
return_code = utils.system(gen_test_case_cmd, ignore_status = True)
if return_code == 255:
return False
if return_code == 1:
raise error.TestError("Couldn't generate test cases")
return True
def __sha_test(self):
sha_test_cmd = os.path.join(self.srcdir, "tests", "sha_tests")
return_code = utils.system(sha_test_cmd, ignore_status=True)
if return_code == 255:
return False
if return_code == 1:
raise error.TestError("SHA Test Error")
return True
def __rsa_test(self):
os.chdir(self.srcdir)
rsa_test_cmd = os.path.join(self.srcdir, "tests",
"run_rsa_tests.sh")
return_code = utils.system(rsa_test_cmd, ignore_status=True)